mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
Sudo 1.9.9
This commit is contained in:
Todd C. Miller
parent
409410b029
commit
ce9c6d17c5
83
NEWS
83
NEWS
@ -1,3 +1,86 @@
|
||||
What's new in Sudo 1.9.9
|
||||
|
||||
* Sudo can now be built with OpenSSL 3.0 without generating warnings
|
||||
about deprecated OpenSSL APIs.
|
||||
|
||||
* A digest can now be specified along with the "ALL" command in
|
||||
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
|
||||
this in the sudoers file but did not include corresponding changes
|
||||
for the other back-ends.
|
||||
|
||||
* visudo now only warns about an undefined alias or a cycle in an
|
||||
alias once for each alias.
|
||||
|
||||
* The sudoRole cn was truncated by a single character in warning messages.
|
||||
GitHub issue #115.
|
||||
|
||||
* The cvtsudoers utility has new --group-file and --passwd-file options
|
||||
to use a custom passwd or group file when the --match-local option is
|
||||
also used.
|
||||
|
||||
* The cvtsudoers utility can now filter or match based on a command.
|
||||
|
||||
* The cvtsudoers utility can now produce output in csv (comma-separated
|
||||
value) format. This can be used to help generate entitlement reports.
|
||||
|
||||
* Fixed a bug in sudo_logsrvd that could result in the connection being
|
||||
dropped for very long command lines.
|
||||
|
||||
* Fixed a bug where sudo_logsrvd would not accept a restore point
|
||||
of zero.
|
||||
|
||||
* Fixed a bug in visudo where the value of the "editor" setting was not
|
||||
used if it did not match the user's EDITOR environment variable.
|
||||
This was only a problem if the "env_editor" setting was not enabled.
|
||||
Bug #1000.
|
||||
|
||||
* Sudo now builds with the -fcf-protection compiler option and the
|
||||
"-z now" linker option if supported.
|
||||
|
||||
* The output of "sudoreplay -l" now more closely matches the
|
||||
traditional sudo log format.
|
||||
|
||||
* The sudo_sendlog utility will now use the full contents of the log.json
|
||||
file, if present. This makes it possible to send sudo-format I/O logs
|
||||
that use the newer log.json format to sudo_logsrvd without losing any
|
||||
information.
|
||||
|
||||
* Fixed compilation of the arc4random_buf() replacement on systems with
|
||||
arc4random() but no arc4random_buf(). Bug #1008.
|
||||
|
||||
* Sudo now uses its own getentropy() by default on Linux. The GNU libc
|
||||
version of getentropy() will fail on older kernels that don't support
|
||||
the getrandom() system call.
|
||||
|
||||
* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
|
||||
layer by using the --enable-wolfssl configure option.
|
||||
|
||||
* Fixed a bug related to Daylight Saving Time when parsing timestamps
|
||||
in Generalized Time format. This affected the NOTBEFORE and
|
||||
NOTAFTER options in sudoers. Bug #1006
|
||||
|
||||
* On systems where SELinux is enabled and sudo is built with SELinux
|
||||
support, if the user's role is not "unconfined_r" sudo will always
|
||||
execute commands via the "sesh" helper program. Previously, commands
|
||||
were only executed via "sesh" if a role was specified in the sudoers
|
||||
file rule or by the user on the command line.
|
||||
|
||||
* Added the -O and -P options to visudo, which can be used to check
|
||||
or set the owner and permissions. This can be used in conjunction
|
||||
with the -c option to check that the sudoers file ownership and
|
||||
permissions are correct. Bug #1007.
|
||||
|
||||
* It is now possible to set resource limits in the sudoers file itself.
|
||||
The special values "default" and "user" refer to the default system
|
||||
limit and invoking user limit respectively. The core dump size limit
|
||||
is now set to 0 by default unless overridden by the sudoers file.
|
||||
|
||||
* The cvtsudoers utility can now merge multiple sudoers sources into
|
||||
a single, combined sudoers file. If there are conflicting entries,
|
||||
cvtsudoers will attempt to resolve them but manual intervention
|
||||
may be required. The merging of sudoers rules is currently fairly
|
||||
simplistic but will be improved in a future release.
|
||||
|
||||
What's new in Sudo 1.9.8p2
|
||||
|
||||
* Fixed a potential out-of-bounds read with "sudo -i" when the
|
||||
|
||||
18
configure
vendored
18
configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.71 for sudo 1.9.8p2.
|
||||
# Generated by GNU Autoconf 2.71 for sudo 1.9.9.
|
||||
#
|
||||
# Report bugs to <https://bugzilla.sudo.ws/>.
|
||||
#
|
||||
@ -621,8 +621,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='sudo'
|
||||
PACKAGE_TARNAME='sudo'
|
||||
PACKAGE_VERSION='1.9.8p2'
|
||||
PACKAGE_STRING='sudo 1.9.8p2'
|
||||
PACKAGE_VERSION='1.9.9'
|
||||
PACKAGE_STRING='sudo 1.9.9'
|
||||
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
|
||||
PACKAGE_URL=''
|
||||
|
||||
@ -1635,7 +1635,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures sudo 1.9.8p2 to adapt to many kinds of systems.
|
||||
\`configure' configures sudo 1.9.9 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1701,7 +1701,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of sudo 1.9.8p2:";;
|
||||
short | recursive ) echo "Configuration of sudo 1.9.9:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1990,7 +1990,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
sudo configure 1.9.8p2
|
||||
sudo configure 1.9.9
|
||||
generated by GNU Autoconf 2.71
|
||||
|
||||
Copyright (C) 2021 Free Software Foundation, Inc.
|
||||
@ -2647,7 +2647,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by sudo $as_me 1.9.8p2, which was
|
||||
It was created by sudo $as_me 1.9.9, which was
|
||||
generated by GNU Autoconf 2.71. Invocation command line was
|
||||
|
||||
$ $0$ac_configure_args_raw
|
||||
@ -32715,7 +32715,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by sudo $as_me 1.9.8p2, which was
|
||||
This file was extended by sudo $as_me 1.9.9, which was
|
||||
generated by GNU Autoconf 2.71. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -32783,7 +32783,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config='$ac_cs_config_escaped'
|
||||
ac_cs_version="\\
|
||||
sudo config.status 1.9.8p2
|
||||
sudo config.status 1.9.9
|
||||
configured by $0, generated by GNU Autoconf 2.71,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
dnl
|
||||
AC_PREREQ([2.70])
|
||||
AC_INIT([sudo], [1.9.8p2], [https://bugzilla.sudo.ws/], [sudo])
|
||||
AC_INIT([sudo], [1.9.9], [https://bugzilla.sudo.ws/], [sudo])
|
||||
AC_CONFIG_HEADERS([config.h pathnames.h])
|
||||
AC_CONFIG_SRCDIR([src/sudo.c])
|
||||
AC_CONFIG_AUX_DIR([scripts])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user