[sudo-workers] Sudo 1.7.5b1 available
Todd C. Miller
Todd.Miller at courtesan.com
Wed Nov 3 14:56:55 EDT 2010
The first beta release of Sudo version 1.7.5 is now available.
Major changes between sudo 1.7.4 and 1.7.5b1:
* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
* When using visudo in check mode, a file named "-" may be used to
check sudoers data on the standard input.
* Sudo now only fetches shadow password entries when using the
password database directly for authentication.
* Password and group entries are now cached using the same key
that was used to look them up. This fixes a problem when looking
up entries by name if the name in the retrieved entry does not
match the name used to look it up. This may happen on some systems
that do case insensitive lookups or that truncate long names.
* GCC will no longer display warnings on glibc systems that use
the warn_unused_result attribute for write(2) and other system calls.
* If a PAM account management module denies access, sudo now prints
a more useful error message and stops trying to validate the user.
* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
being honored when the "targetpw" sudoers Defaults option was enabled.
* Fixed a potential hang on idle systems when the sudo-run process
* Fixed a crash when Solaris project support was enabled and the
-g flag was used.
* Sudo no longer exits with an error when support for
auditing is compiled in but auditing is not enabled.
* Fixed a crash with "sudo -l" when auditing is enabled and the
user is not allowed to run any commands on the host.
* Sudo will now examine all matching LDAP entries when doing a
lookup, even if there has already been a positive match. This
catches negative matches that may exist in other entries and
more closely match the sudoers file behavior.
* Sudo now includes a copy of zlib that will be used on systems
that do not have zlib installed.
* The --with-umask-override configure flag has been added to enable
the "umask_override" sudoers Defaults option at build time.
* Sudo now unblocks all signals on startup to avoid problems caused
by the parent process changing the default signal mask.
More information about the sudo-workers