mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Sudo 1.9.17

Browse Source
This commit is contained in:
Todd C. Miller 2025-06-08 16:29:52 -06:00
parent 60fff3a3da
commit cb3355e9d4
3 changed files with 77 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
NEWS
View File

@ -1,3 +1,69 @@
What's new in Sudo 1.9.17
* Sudo now uses the NODEV macro consistently. Bug #1074.
* Fixed a bug where the "ALL" command in a sudoers rule would
override a previous NOSETENV tag. Command tags are inherited
from previous Cmnds in a Cmnd_Spec_List. There is a special
case for the SETENV tag with the "ALL" command, where SETENV is
implied if no explicit SETENV or NOSETENV tag is specified. This
special case did not take into account that a NOSETENV tag that
was inherited should override this behavior.
* If sudo is run via ssh without a terminal and a password is
required, it now suggest using ssh's "-t" option.
* Fixed the display of timeout values in the "sudo -V" output
on systems without a C99-compliant snprintf() function.
* Quieted a number of Coverity minor warnings.
* Fixed a problem running sudo from a serial console on Linux when
the command is run in a pseudo-terminal (the default).
* Fixed a crash in sudo which could occur if there was a fatal
error after the user was validated but before the command was
actually run.
* Fixed a number of man page style warnings. The "lint" make target
in the docs directory will now run groff with warnings enabled
if it is available. Bug #1075.
* The "ignore_dot" sudoers setting is now on by default. There
is now a "--disable-ignore-dot" configure option to disable it.
The "--with-ignore-dot" configure option has been deprecated.
* Fixed a problem with the "pwfeedback" option where an initial
backspace would reduce the maximum length allowed for the password.
GitHub issue #439.
* Fixed minor grammar and spelling problems in the man pages.
* Fixed a bug where a user could avoid entering a password for
"sudo -l command" if they specified their own user or group name
via the "-u" or "-g" options.
* Avoid potential password guessing based on timing attacks on
the strcmp() function on systems without PAM or a crypt() function
where plaintext passwords are stored in the shadow password file.
* Fixed a potential information leak where "sudo -l command" could
be used to determine whether an executable exists in a directory
that they do not have search access to.
* Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once
again. A long time ago sudo changed from using TCSAFLUSH to
TCSADRAIN due to some systems having bugs related to TCSAFLUSH.
That should no longer be a concern. Using TCSAFLUSH ensures
that password input that has been received by the kernel, but
not yet read by sudo, will be discarded and not echoed.
* Added the SUDO_TTY environment variable if the user has a terminal.
This can be used to find the user's original tty device when sudo
runs the command in its own pseudo-terminal. GitHub issue #447.
* New Cantonese translation for sudo.
What's new in Sudo 1.9.16p2 What's new in Sudo 1.9.16p2
* Sudo now passes the terminal device number to the policy plugin * Sudo now passes the terminal device number to the policy plugin
@ -2285,7 +2351,7 @@ What's new in Sudo 1.8.22
of the session leader. When the "timestamp_type" option is set of the session leader. When the "timestamp_type" option is set
to "ppid" or when no terminal is available, the start time of to "ppid" or when no terminal is available, the start time of
the parent process is used instead. This significantly reduces the parent process is used instead. This significantly reduces
the likelihood of a time stamp record being re-used when a user the likelihood of a time stamp record being reused when a user
logs out and back in again. Bug #818. logs out and back in again. Bug #818.
* The sudoers time stamp file format is now documented in the new * The sudoers time stamp file format is now documented in the new

18
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.72 for sudo 1.9.16p2. # Generated by GNU Autoconf 2.72 for sudo 1.9.17.
# #
# Report bugs to <https://bugzilla.sudo.ws/>. # Report bugs to <https://bugzilla.sudo.ws/>.
# #
@ -614,8 +614,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='sudo' PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo' PACKAGE_TARNAME='sudo'
PACKAGE_VERSION='1.9.16p2' PACKAGE_VERSION='1.9.17'
PACKAGE_STRING='sudo 1.9.16p2' PACKAGE_STRING='sudo 1.9.17'
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
PACKAGE_URL='' PACKAGE_URL=''
@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
'configure' configures sudo 1.9.16p2 to adapt to many kinds of systems. 'configure' configures sudo 1.9.17 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1717,7 +1717,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of sudo 1.9.16p2:";; short | recursive ) echo "Configuration of sudo 1.9.17:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
@ -2013,7 +2013,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
sudo configure 1.9.16p2 sudo configure 1.9.17
generated by GNU Autoconf 2.72 generated by GNU Autoconf 2.72
Copyright (C) 2023 Free Software Foundation, Inc. Copyright (C) 2023 Free Software Foundation, Inc.
@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by sudo $as_me 1.9.16p2, which was It was created by sudo $as_me 1.9.17, which was
generated by GNU Autoconf 2.72. Invocation command line was generated by GNU Autoconf 2.72. Invocation command line was
$ $0$ac_configure_args_raw $ $0$ac_configure_args_raw
@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by sudo $as_me 1.9.16p2, which was This file was extended by sudo $as_me 1.9.17, which was
generated by GNU Autoconf 2.72. Invocation command line was generated by GNU Autoconf 2.72. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped' ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\ ac_cs_version="\\
sudo config.status 1.9.16p2 sudo config.status 1.9.17
configured by $0, generated by GNU Autoconf 2.72, configured by $0, generated by GNU Autoconf 2.72,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"

2
configure.ac
View File

@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
dnl dnl
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_INIT([sudo], [1.9.16p2], [https://bugzilla.sudo.ws/], [sudo]) AC_INIT([sudo], [1.9.17], [https://bugzilla.sudo.ws/], [sudo])
AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_HEADERS([config.h pathnames.h])
AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_SRCDIR([src/sudo.c])
AC_CONFIG_AUX_DIR([scripts]) AC_CONFIG_AUX_DIR([scripts])