[sudo-workers] sudo 1.8.6b3 available
Todd C. Miller
Todd.Miller at courtesan.com
Fri Jul 20 13:20:36 EDT 2012
The third beta version of sudo 1.8.6 is now available.
Major changes between sudo 1.8.6b3 and 1.8.6b2:
* If a user fails to authenticate and the command would be rejected
by sudoers, it is now logged with "command not allowed" instead
of "N incorrect password attempts". Likewise, the "mail_no_perms"
sudoers option now takes precedence over "mail_badpass".
* The sudo manuals are now formatted in mdoc. Versions using the
legacy man macros are provided for systems that lack mdoc.
Major changes between sudo 1.8.6b2 and 1.8.6b1:
* Worked around an issue with libtool removing the -fstack-protector
flag when linking.
* Sudo is now built as a position independent executable (PIE) if
there is compiler and linker support for it. This may be disabled
using the --disable-pie configure option.
Major changes between sudo 1.8.6b1 and 1.8.5p2:
* Sudo is now built with the -fstack-protector flag if the the
compiler supports it. Also, the -zrelro linker flag is used if
supported. The --disable-hardening configure option can be used
to build sudo without stack smashing support.
* If the user is a member of the "exempt" group in sudoers, they
will no longer be prompted for a password even if the -k flag
is specified with the command. This makes "sudo -k command"
consistent with the behavior one would get if the user ran "sudo
-k" immediately before running the command.
* The sudoers file may now be a symbolic link. Previously, sudo
would refuse to read sudoers unless it was a regular file.
* The sudoreplay command can now properly replay sessions where
no tty was present.
* The sudoers plugin now takes advantage of symbol visibility
controls when supported by the compiler or linker. As a result,
only a small number of symbols are exported which significantly
reduces the chances of a conflict with other shared objects.
* Improved support for the Tivoli Directory Server LDAP client
libraries. This includes support for using LDAP over SSL (ldaps)
as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
ldap.conf options. A new ldap.conf option, TLS_KEYPW can be
used to specify a password to decrypt the key database.
More information about the sudo-workers