[sudo-workers] sudo 1.8.5rc4 available
Todd C. Miller
Todd.Miller at courtesan.com
Wed May 9 11:40:08 EDT 2012
The fourth and hopefully final release candidate for sudo 1.8.5 is
now available. If no major problems are reported this will be
released as sudo 1.8.5 final on May 14th.
Source:
http://www.sudo.ws/sudo/dist/beta/sudo-1.8.5rc4.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.5rc4.tar.gz
Binary packages:
http://www.sudo.ws/sudo/dist/beta/packages/index.html
Major changes between sudo 1.8.5rc4 and 1.8.5rc3:
* Updated translations from translationproject.org
* Implemented RTLD_DEFAULT, and RTLD_SELF and RTLD_NEXT emulation
for HP-UX.
* Added the "system_group" group provider plugin for people who
need to look up groups by name rather than by group ID.
Major changes between sudo 1.8.5rc3 and 1.8.5rc2:
* The policy plugin's init_session function is now called by the
parent sudo process, not the child process that executes the
command. This allows the PAM session to be open and closed in
the same process, which some PAM modules require.
* The PAM credentials set during PAM session setup are now deleted
when the PAM session is closed.
* Setting the SSL parameter to start_tls in ldap.conf now works
properly when using Mozilla-based SDKs that support the
ldap_start_tls_s() function.
* The TLS_CHECKPEER parameter in ldap.conf now works when the
Mozilla NSS crypto backend is used with OpenLDAP.
Major changes between sudo 1.8.5rc2 and 1.8.5rc1:
* On Solaris, and possibly other SV4-derived systems, sudo now
uses the minor() function prototyped in mkdev.h instead of the
obsolete macro present in sysmacros.h.
Major changes between sudo 1.8.5rc1 and 1.8.5b8:
* The Linux tty lookup code now uses the /proc/pid/stat file when
possible.
* New Croatian and Galician translations from translationproject.org
* The process id, parent process id, process group id, session id and
terminal process group id are now passed in to the plugin.
Major changes between sudo 1.8.5b8 and 1.8.5b7:
* Check for SVR4-style struct psinfo.pr_ttydev and use that to
determine the tty if stdin/stdout/stderr are not ttys.
Major changes between sudo 1.8.5b7 and 1.8.5b6:
* Sudo now behaves better when select() fails due to the pty being
revoked. An error of EIO (seen on older versions of Solaris)
from select() is now treated the same as EBADF.
* Sudo now opens devices in non-blocking mode when trying to
determine the user's terminal.
* Fixed the AIX-specific permission setting code.
* The -k option may now be specified along with the -i or -s
options.
* Don't do tilde or brace expansion when glob() is in use. This
matches the historic behavior when fnmatch() was used.
* Fixed printing of the TSID field in sudoreplay -l output.
* The process ID is now included in the debug file output.
Major changes between sudo 1.8.5b6 and 1.8.5b5:
* Sudo now behaves properly on systems that send SIGTSTP before
SIGHUP when the user's pty is revoked. This can happen when the
window the session is running in is killed.
Major changes between sudo 1.8.5b5 and 1.8.5b4:
* Sudo can now detect when a user has logged out and back in
again on Solaris 11 when tty-based time stamps are in use.
* When debugging is enabled, calls to warning() or error() will
now log the error string to the debug file. The function, file
and line number are also logger for warning(), warningx(), error()
and errorx().
* Fixed a bug where sudo would exit before calling the plugin
close function when select() returns an error due to the
terminal device being invalidated when the session is closed.
This can happen when the window the session is running in is
killed.
Major changes between sudo 1.8.5b4 and 1.8.5b3:
* Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers
to sudo_noexec.c.
* Fix compat setutxent and endutxent macros for systems with
setutent() but not setutxent().
Major changes between sudo 1.8.5b3 and 1.8.5b2:
* Updated the bundled zlib to version 1.2.6.
* If the "timestampowner" user cannot be resolved, use ROOT_UID
instead of exiting with a fatal error.
* Fixed compiler warnings on some platforms.
* Fix parsing of Path askpass and Path noexec in sudo.conf.
* The cancel button on an askpass GUI program now exits the password
prompt loop on PAM systems.
* When initializing the environment for env_reset, start out with
the contents of /etc/environment on AIX and login.conf on BSD.
* Swedish sudo and sudoers translations from translationproject.org.
Major changes between sudo 1.8.5b2 and 1.8.5b1:
* Fixed a potential double free exposed by changes in 1.8.5b1.
Major changes between sudo 1.8.5b1 and 1.8.4p4:
* When "noexec" is enabled, sudo_noexec.so will now be prepended
to any existing LD_PRELOAD variable instead of replacing it.
* The user/group/mode checks on sudoers files have been relaxed.
As long as the file is owned by the sudoers uid, not world-writable
and not writable by a group other than the sudoers gid, the file
is considered OK. Note that visudo will still set the mode to
the value specified at configure time.
* It is now possible to specify the sudoers path, uid, gid and
file mode as options to the plugin in the sudo.conf file.
* Lithuanian and Vietnamese translations from translationproject.org.
* /etc/environment is no longer read directly on Linux systems
when PAM is used. Sudo now merges the PAM environment into the
user's environment which is typically set by the pam_env module.
* The plugin API has been extended in three ways. First, options
specified in sudo.conf after the plugin pathname are passed to
the plugin's open function. Second, sudo has limited support
for hooks that can be used by plugins. Currently, the hooks are
limited to environment handling functions. Third, the init_session
policy plugin function is passed a pointer to the user environment
which can be updated during session setup. The plugin API version
has been incremented to version 1.2. See the sudo_plugin manual
for more information.
More information about the sudo-workers
mailing list