mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
Sudo 1.9.17
This commit is contained in:
Todd C. Miller
parent
60fff3a3da
commit
cb3355e9d4
68
NEWS
68
NEWS
@ -1,3 +1,69 @@
|
||||
What's new in Sudo 1.9.17
|
||||
|
||||
* Sudo now uses the NODEV macro consistently. Bug #1074.
|
||||
|
||||
* Fixed a bug where the "ALL" command in a sudoers rule would
|
||||
override a previous NOSETENV tag. Command tags are inherited
|
||||
from previous Cmnds in a Cmnd_Spec_List. There is a special
|
||||
case for the SETENV tag with the "ALL" command, where SETENV is
|
||||
implied if no explicit SETENV or NOSETENV tag is specified. This
|
||||
special case did not take into account that a NOSETENV tag that
|
||||
was inherited should override this behavior.
|
||||
|
||||
* If sudo is run via ssh without a terminal and a password is
|
||||
required, it now suggest using ssh's "-t" option.
|
||||
|
||||
* Fixed the display of timeout values in the "sudo -V" output
|
||||
on systems without a C99-compliant snprintf() function.
|
||||
|
||||
* Quieted a number of Coverity minor warnings.
|
||||
|
||||
* Fixed a problem running sudo from a serial console on Linux when
|
||||
the command is run in a pseudo-terminal (the default).
|
||||
|
||||
* Fixed a crash in sudo which could occur if there was a fatal
|
||||
error after the user was validated but before the command was
|
||||
actually run.
|
||||
|
||||
* Fixed a number of man page style warnings. The "lint" make target
|
||||
in the docs directory will now run groff with warnings enabled
|
||||
if it is available. Bug #1075.
|
||||
|
||||
* The "ignore_dot" sudoers setting is now on by default. There
|
||||
is now a "--disable-ignore-dot" configure option to disable it.
|
||||
The "--with-ignore-dot" configure option has been deprecated.
|
||||
|
||||
* Fixed a problem with the "pwfeedback" option where an initial
|
||||
backspace would reduce the maximum length allowed for the password.
|
||||
GitHub issue #439.
|
||||
|
||||
* Fixed minor grammar and spelling problems in the man pages.
|
||||
|
||||
* Fixed a bug where a user could avoid entering a password for
|
||||
"sudo -l command" if they specified their own user or group name
|
||||
via the "-u" or "-g" options.
|
||||
|
||||
* Avoid potential password guessing based on timing attacks on
|
||||
the strcmp() function on systems without PAM or a crypt() function
|
||||
where plaintext passwords are stored in the shadow password file.
|
||||
|
||||
* Fixed a potential information leak where "sudo -l command" could
|
||||
be used to determine whether an executable exists in a directory
|
||||
that they do not have search access to.
|
||||
|
||||
* Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once
|
||||
again. A long time ago sudo changed from using TCSAFLUSH to
|
||||
TCSADRAIN due to some systems having bugs related to TCSAFLUSH.
|
||||
That should no longer be a concern. Using TCSAFLUSH ensures
|
||||
that password input that has been received by the kernel, but
|
||||
not yet read by sudo, will be discarded and not echoed.
|
||||
|
||||
* Added the SUDO_TTY environment variable if the user has a terminal.
|
||||
This can be used to find the user's original tty device when sudo
|
||||
runs the command in its own pseudo-terminal. GitHub issue #447.
|
||||
|
||||
* New Cantonese translation for sudo.
|
||||
|
||||
What's new in Sudo 1.9.16p2
|
||||
|
||||
* Sudo now passes the terminal device number to the policy plugin
|
||||
@ -2285,7 +2351,7 @@ What's new in Sudo 1.8.22
|
||||
of the session leader. When the "timestamp_type" option is set
|
||||
to "ppid" or when no terminal is available, the start time of
|
||||
the parent process is used instead. This significantly reduces
|
||||
the likelihood of a time stamp record being re-used when a user
|
||||
the likelihood of a time stamp record being reused when a user
|
||||
logs out and back in again. Bug #818.
|
||||
|
||||
* The sudoers time stamp file format is now documented in the new
|
||||
|
||||
18
configure
vendored
18
configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.72 for sudo 1.9.16p2.
|
||||
# Generated by GNU Autoconf 2.72 for sudo 1.9.17.
|
||||
#
|
||||
# Report bugs to <https://bugzilla.sudo.ws/>.
|
||||
#
|
||||
@ -614,8 +614,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='sudo'
|
||||
PACKAGE_TARNAME='sudo'
|
||||
PACKAGE_VERSION='1.9.16p2'
|
||||
PACKAGE_STRING='sudo 1.9.16p2'
|
||||
PACKAGE_VERSION='1.9.17'
|
||||
PACKAGE_STRING='sudo 1.9.17'
|
||||
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
|
||||
PACKAGE_URL=''
|
||||
|
||||
@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
'configure' configures sudo 1.9.16p2 to adapt to many kinds of systems.
|
||||
'configure' configures sudo 1.9.17 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1717,7 +1717,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of sudo 1.9.16p2:";;
|
||||
short | recursive ) echo "Configuration of sudo 1.9.17:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -2013,7 +2013,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
sudo configure 1.9.16p2
|
||||
sudo configure 1.9.17
|
||||
generated by GNU Autoconf 2.72
|
||||
|
||||
Copyright (C) 2023 Free Software Foundation, Inc.
|
||||
@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by sudo $as_me 1.9.16p2, which was
|
||||
It was created by sudo $as_me 1.9.17, which was
|
||||
generated by GNU Autoconf 2.72. Invocation command line was
|
||||
|
||||
$ $0$ac_configure_args_raw
|
||||
@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by sudo $as_me 1.9.16p2, which was
|
||||
This file was extended by sudo $as_me 1.9.17, which was
|
||||
generated by GNU Autoconf 2.72. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config='$ac_cs_config_escaped'
|
||||
ac_cs_version="\\
|
||||
sudo config.status 1.9.16p2
|
||||
sudo config.status 1.9.17
|
||||
configured by $0, generated by GNU Autoconf 2.72,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
dnl
|
||||
AC_PREREQ([2.69])
|
||||
AC_INIT([sudo], [1.9.16p2], [https://bugzilla.sudo.ws/], [sudo])
|
||||
AC_INIT([sudo], [1.9.17], [https://bugzilla.sudo.ws/], [sudo])
|
||||
AC_CONFIG_HEADERS([config.h pathnames.h])
|
||||
AC_CONFIG_SRCDIR([src/sudo.c])
|
||||
AC_CONFIG_AUX_DIR([scripts])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user