SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sudo-1.6.8p12-1rh73.i386.rpm :
Sat Nov 12 01:00:00 2005 Ryan Weaver
[sudo-1.6.8p12-1]
- Added PERLLIB, PERL5LIB and PERL5OPT to the list of variables to remove from the environment.

[sudo-1.6.8p11-1]
- Added JAVA_TOOL_OPTIONS to the list of variables to remove from the environment.

[sudo-1.6.8p10-1]
- Added PS4 and SHELLOPTS to the list of variables to remove from the environment.

Tue Jun 21 02:00:00 2005 Ryan Weaver
[sudo-1.6.8p9-1]
- Updated config.guess and config.sub entries for OpenBSD.
- A sudoers entry with sudo ALL no longer overwrites the value of safe_cmnd.

Sat Apr 2 02:00:00 2005 Ryan Weaver
[sudo-1.6.8p8-1]
- Fixed noexec functionality on Linux.
- Fixed minor format string mismatches in some error cases.
- Fixed a bug that prevented Heimdal authentication from working.

Wed Feb 9 01:00:00 2005 Ryan Weaver
[sudo-1.6.8p7-1]
- Warn if the user tries to use the -u option when not running a command.
- Better PAM error handling and messages.
- Fixed setting of $USER when env_reset is enabled.

Wed Jan 5 01:00:00 2005 Ryan Weaver
[sudo-1.6.8p6-1]
- Added a set of missing braces needed for MacOS X / Darwin.
- Define LDAP_OPT_SUCCESS for those without it.

Tue Nov 30 01:00:00 2004 Ryan Weaver
[sudo-1.6.8p5-1]
- Added a configure check for systems with a 2-argument version of timespecsub
(like BSD/OS).
- Added stub struct defintions to sudo.h to quiet compiler warnings on some
systems.
- In sudoers Defaults lines, tuples like \"lecture\" may now be used without a
value, restoring their old boolean-like nature.
- Invalid values for a tuple are now handled correctly.

Sat Nov 20 01:00:00 2004 Ryan Weaver
[sudo-1.6.8p4-1]
- The KRB5CCNAME environment variable is preserved during sudo execution for
password lookups that use GSSAPI.

[sudo-1.6.8p3-1]
- The CDPATH variable is now stripped from the environment passed to the
program to be executed.
- Fix temp file generation on systems where the _PATH_VARTMP macro lacks a
trailing slash.

Sat Nov 13 01:00:00 2004 Ryan Weaver
[sudo-1.6.8p2-1]
- Bash exported functions and the CDPATH variable are now
stripped from the environment passed to the program to be executed.

Fri Sep 17 02:00:00 2004 Ryan Weaver
- Reworked specfile to use rpm macros for directories.
[sudo-1.6.8p1-1]
- Now find the command base and fill in struct stat earlier.
- sudoedit now re-opens the temp file as the invoking user.
- struct timespec is used throughout the code base.
- Added --with-ldap-conf-file option to override /etc/ldap.conf
- Added SSL tls_
* certificate checking options when using LDAP.
- Sudoedit will now only attempt to edit regular files or links.
- Sudo now uses futime() or futimes() where possible.
- Updated sample.pam to a current version.
- Better detection of unchanged files in sudoedit.

Thu Aug 19 02:00:00 2004 Ryan Weaver
[sudo-1.6.8-1]
- Fixed a problem on FreeBSD when the user is only listed in NIS (not
master.passwd) and netgroups are used in the master.passwd file.
- BSD-style warn/err functions are now used throughout.
- Fixed the --with-stow configure option
- Added a \"sudo_lecture\" option that points to a file containing a custom
lecture.
- The username in a log entry is no longer truncated at 8 characters.
- A new tag, NOEXEC, will prevent a dynamically-linked program being run by
sudo from executing another program (think shell escapes) Because this uses
LD_PRELOAD it has no effect on static binaries Idea from Reznic Valery.
- TIS fwtk authentication now supports fwtk 2.0 and higher.
- Sudo will now try to stat the command to be run as the user specified by the
-u flag if the stat fails as root Fixes an NFS issue.
- Added Stan Lee / Uncle Ben quote to the lecture (from RedHat).
- Added a -i option to simulate an initial login similar to \"su -\" Originally
based on a patch from David J. MacKenzie.
- Added a -e option to edit files the with uid of the invoking user This
prevents the user from editing other files or running commands as the target
user If sudo is run as \"sudoedit\" the -e flag is implied.
- If sudo is used to run as root shell, further sudo commands will be logged as
run by the user specified by the SUDO_USER environment variable In -e mode
(sudoedit), SUDO_USER is used to determine what user to run the editor when
the real uid is 0.
- Merged in LDAP support from Aaron Spangler.
- Added the --with-pc-insults configure to replace politically incorrect
insults with other ones.
- Added start_tls support from Gudleik Rasch .
- A uid specified in sudoers now matches the user specified by the -u flag even
if the -u flag specified a name, not a uid.
- /tmp/.odus is no longer used for timestamps by default One of
/var/run/sudo, /var/adm/sudo or /usr/adm/sudo is used depending on what
directories exist.
- Quoting globbing characters with a backslash now works as documented.
- A negated user/uid in a runas list was not treated the same as a negated
command (it did not override a previously allowed entry) Now it does.
- Added support for Tandem NSK and other systems w/o seteuid().
- The timeout on password reading is now done via alarm(), not select().
- Fixed several issues when closing all open descriptors Sudo now uses
closefrom() if it exists, using /proc/$$/fd if possible.
- Use PATH_MAX, not MAXPATHLEN since the former is standardized.
- Added a check in visudo for runas_default being used before it was set.
- If the target user == invoking user a password is no longer required.
- PAM support now uses Use pam_acct_mgmt() to check for disabled accounts (from
Brian Farrell).
- The sudoers file is now parsed as the runas user in all cases instead of
root This fixes some issues with running NFS-mounted commands.
- Sudo now produces a sensible error message when the targetpw Defaults option
is set and a non-existent uid is specified via -u.

Sat May 10 02:00:00 2003 Ryan Weaver
[sudo-1.6.7p5-1]
- Fixed a problem with large numbers of environment variables.
- Darwin (MacOS X) doesn\'t have a real setreuid() system call.
- Fixed a typo that caused a compilation error on Heimdal.

Fri Apr 18 02:00:00 2003 Ryan Weaver
[sudo-1.6.7p4-1]
- Fixed remaining Kerberos V issues with MIT Kerberos V and old Heimdal.

Tue Apr 8 02:00:00 2003 Ryan Weaver
[sudo-1.6.7p3-1]
- Kerberos V support should work on latest MIT Kerberos V and Heimdal.

Fri Apr 4 02:00:00 2003 Ryan Weaver
[sudo-1.6.7p2-1]
- Backed out changes to mkinstalldirs from autoconf 2.57 that caused problems
on Tru64 Unix.
- The krb5-config script is used to determine Kerberos V CPPFLAGS and
LDFLAGS/LIBS if it exists.
- An unterminated comment broke Kerberos V authentication.

Wed Apr 2 02:00:00 2003 Ryan Weaver
[sudo-1.6.7p1-1]
- Fixed false positives in the overflow detection of expand_prompt().

[sudo-1.6.7-1]
- Wildcards now work correctly in the env_keep Defaults directive.
- Added support for non-root timestamp dirs. This allows the timestamp
dir to be shared via NFS (though this is not recommended).
- Removed double printing of bad environment variable table in -V mode.
- configure script has been regenerated with autoconf 2.5.7.
This required some changes to configure.in.
- Fixed a compilation problem on SunOS; thanks to Alek O. Komarnitsky.
- SecurID 5.0 API support from Michael Stroucken.
- Restore state of signal handlers to what we had upon startup.
Fixes a problem when using sudo with nohup; thanks to Paul Markham.
- Revamp set_perms() to use setresuid() or setreuid() when available
in preference to POSIX stuff since they allow us to properly
implement \"stay_setuid\" whereas POSIX does not really.
- In strict mode sudo did not throw an error for undefined User_Aliases.
- Fixed a Makefile bug on IRIX.
- Write the prompt
*after
* turning off echo to avoid some password
characters being echoed on heavily-loaded machines with fast typists.
- Added %U and %H escapes in the prompt and fixed treatment of %.
- Visudo will now add a final newline to sudoers if the user\'s editor
not add one before EOF.
- The lexer state is now reset to its initial value on EOF.
Previously, the state was not reset between parser invocations
which could cause problems for visudo in rare cases.
- Added support for Defaults that apply based on the RunasUser.
- Sudo now includes copies of strlc{at,py} and uses them throughout.
- Sudo is now careful to avoid interger overflow when allocating
memory. This is one of those \"should not happen\" situations.
- Added a configure option (--with-stow) to make sudo compatible
with GNU stow.
- auth/kerb5.c now compiles under Heimdal.
- The volatile prefix is used in the hopes of preventing compilers
from optimizing away memory zeroing. Unfortunately, this results
in some warnings from gcc.
- Better Kerberos IV/V support in the configure script.
- Fixed a logic thinko in the SIGCHLD handler that caused problems
with rlogin on HP-UX.
- configure now adds -R to LDFLAGS when it adds -L for Solaris and
SVR4. There is a configure option, --with-rpath, to control this.
- On AIX, configure will pass extra directory paths to the linker
via the -blibpath ld option. This is only active when additional
library paths are used. It may be disabled via the
--without-blibpath configure option.
- The --with-skey and --with-opie configure options now take
an optional directory argument that should have an include and
lib dir for the skey/opie include file and library respectively.

Sat Apr 27 02:00:00 2002 Ryan Weaver
[sudo-1.6.6-1]
- Fixed compilation problem on HP-UX 9.x.
- Moved call to endpwent() and added a call to endgrent().
- Fixed a warning conflicting declaration of VOID with AFS.
- Fixed a security hole in prompt rewriting found by Global InterSec.

Fri Jan 25 01:00:00 2002 Ryan Weaver
[sudo-1.6.5p2-1]
- Older versions of BSDi have getifaddrs() but no freeifaddrs().
- BSDi has a fake setreuid() as do certain versions of FreeBSD and NetBSD.
- Ignore the return value of pam_setcred(). In Linux-PAM 0.75,
pam_setcred() will return PAM_PERM_DENIED even if the setcred function
of the module succeeds when pam_authenticate() has not been called.
- Avoid giving PAM a NULL password response, use the empty string instead.
This avoids a log warning when the user hits ^C at the password prompt
when Linux-PAM is in use. This also prevents older versions of
Linux-PAM from dereferencing the NULL pointer.
- The user\'s password was not zeroed after use when AIX authentication,
BSD authentication, FWTK or PAM was in use.

Sat Jan 19 01:00:00 2002 Ryan Weaver
[sudo-1.6.5p1-1]
- Visudo could access memory that was already freed.
- If the skey.access file denied use of plaintext passwords sudo
would exit instead of allowing the user to enter an S/Key.

Fri Jan 18 01:00:00 2002 Ryan Weaver
[sudo-1.6.5-1]
- Added a configure option to cause mail sent by sudo to be run as
the invoking user instead of root. Some people consider this to
be safer.
- If the mailer is being run as root, use a hard-coded environment
that is not influenced in any way by the invoking user\'s environment.
- Fixed the call to skeyaccess(). Patch from Phillip E. Lobbes.

Thu Jan 17 01:00:00 2002 Ryan Weaver
[sudo-1.6.4p2-1]
- Some special characters were not being escaped properly (e..g \'\\,\')
in command line arguments and would cause a syntax error instead.
- \"sudo -l\" would not work if the always_set_home option was set.
- Added a configure option to disable use of POSIX saved IDs for
operating systems where these are broken.
- The SHELL environment variable was preserved from the user\'s environment
instead of being reset based on the passwd database even when the
\"env_reset\" option was set.

Wed Jan 16 01:00:00 2002 Ryan Weaver
[sudo-1.6.4p1-1]
- Move the call to rebuild_env() until after MODE_RESET_HOME is set.
Otherwise, the set_home option has no effect.
- Fix use of freed memory when the \"fqdn\" flag is set. This was
introduced by the fix for the \"segv when gethostbynam() fails\" bug.
- Add \'continue\' statements to optimize the switch statement. From Solar.

Tue Jan 15 01:00:00 2002 Ryan Weaver
[sudo-1.6.4-1]
- Visudo now checks for the existence of an editor and gives a sensible
error if it does not exist.
- The path to the editor for visudo is now a colon-separated list of
allowable editors. If the user has $EDITOR set and it matches
one of the allowed editors that editor will be used. If not,
the first editor that actually exists is used.
- Visudo now does its own fork/exec instead of calling system(3).
- Allow special characters (including \'#\') to be embedded in pathnames
if quoted by a \'\\\\\'. The quoted chars will be dealt with by fnmatch().
Unfortunately, \'sudo -l\' still prints the \'\\\\\'.
- Added the always_set_home option.
- Strip NLSPATH and PATH_LOCALE out from the environment to prevent
reading of protected files by a less privileged user.
- Added support for BSD authentication and associated -a flag.
- Added check for _innetgr(3) since NCR systems have this instead
of innetgr(3).
- Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs.
- Environment munging is now done by hand. The environment is zeroed
upon sudo startup and a new environment is built before the command
is executed. This means we don\'t rely on getenv(3), putenv(3),
or setenv(3).
- Added a class of environment variables that are only cleared if they
contain \'/\' or \'%\' characters.
- Use stashed user_gid when checking against exempt gid since sudo
sets its gid to SUDOERS_GID, making getgid() return that, not the
real gid. Fixes problem with setting exempt group == SUDOERS_GID.
Fix from Paul Kranenburg.
- Fixed file locking in visudo on NeXT which has a broken lockf().
Patch from twetzelAATTgwdg.de.
- Regenerated configure script with autoconf-2.52 (required some
tweaking of configure.in and friends).
- Added mail_badpass option to send mail when the user does not
authenticate successfully.
- Added env_reset Defaults option to reset the environment to
a clean slate. Also implemented env_keep Defaults option
to specify variables to be preserved when resetting the
environment.
- Added env_check and env_delete Defaults options to allow the admin
to modify the builtin list of environment variables to remove.
- If timestamp_timeout < 0 then the timestamp never expires. This
allows users to manage their own timestamps and create or delete
them via \'sudo -v\' and \'sudo -k\' respectively.
- Authentication routines that use sudo\'s tgetpass() now accept
^C or ^Z at the password prompt and sudo will act appropriately.
- Added a check-only mode to visudo to check an existing sudoers
file for sanity.
- Visudo can now edit an alternate sudoers file.
- If sudo is configured with S/Key support and the system has
skeyaccess(3) use that to determine whether or not to allow
a normal Unix password or just S/Key.
- Fixed CIDR handling in sudoers.
- Fixed a segv if the local hostname is not resolvable and
the \'fqdn\' option is set.
- \"listpw=never\" was not having an effect for users who did not
appear in sudoers--now it does.
- The --without-sendmail option now works on systems with
a /usr/include/paths.h file that defines _PATH_SENDMAIL.
- Removed the \"secure_path\" Defaults option as it does not work and
cannot work until the parser is overhauled.
- Added new -P flag and \"preserve_groups\" sudoers option to cause
sudo to preserve the group vector instead of setting it to that
of the target user. Previously, if the target user was root
the group vector was not changed. Now it is always changed unless
the -P flag or \"preserve_groups\" option was given.
- If find_path() fails as root, try again as the invoking user (useful
for NFS). Idea from Chip Capelik.
- Use setpwent()/endpwent() and its shadow equivalents to be sure
the passwd/shadow file gets closed.
- Use getifaddrs(3) to get the list of network interfaces if it is
available.
- Dump list of local IP addresses and environment variables to clear
when \'sudo -V\' is run as root.
- Reorganized the lexer a bit and added more states. Sudo now does a
better job of parsing command arguments in the sudoers file.
- Wrap each call to syslog() with openlog()/closelog() since some
things (such as PAM) may call closelog(3) behind sudo\'s back.
- The LOGNAME and USER environment variables are now set if the user
specified a target uid and that uid exists in the password database.
- configure will no longer add the -g flag to CFLAGS by default.
- Now call pam_setcreds() to setup creds for the target user when
PAM is in use. On Linux this often sets resource limits.
- If \"make install\" is run by non-root and the destination dir
is writable, install things normally but don\'t set owner and mode.
- The Makefile now supports installing in a shadow hierarchy
specified via the DESTDIR variable.
- config.h.in is now generated by autoheader.

Thu Mar 8 01:00:00 2001 Ryan Weaver
[sudo-1.6.3p7-1]
- Fix negation of path-type Defaults entries in a boolean context.

Fri Feb 23 01:00:00 2001 Ryan Weaver
[sudo-1.6.3p6-1]
- Fix word splitting bug that caused a segv for very long command line args.

Tue Aug 15 02:00:00 2000 Ryan Weaver
[sudo-1.6.3p5-1]
- Fixed listpw and verifypw sudoers options.
- Do not write NUL when writing passwd prompt; hagAATTlinnaean.org.

Tue Jun 6 02:00:00 2000 Ryan Weaver
[sudo-1.6.3p4-1]
- Fixed a case where a string was used after it has been freed.

Tue May 16 02:00:00 2000 Ryan Weaver
[sudo-1.6.3p3-1]
- Fixed a bug that prevented the -H option from being useful.
- When the targetpw flag is set, use the target username as part
of the timestamp path.
- Fixed targetpw, rootpw, and runaspw options when used with non-passwd
authentication (pam, etc).

Mon Apr 3 02:00:00 2000 Ryan Weaver
[sudo-1.6.3-2]
- Added check for /bin/vi in spec and use that editor for visudo if found.
- Added --with-env-editor to allow visudo to use $EDITOR env variable.

Tue Mar 28 02:00:00 2000 Ryan Weaver
[sudo-1.6.3-1]
- It is now possible to set the path to the editor for visudo as well
as the flag that determines whether or not visudo will look at
$EDITOR in the sudoers file.
- configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc
as the documentation says it ought to.
- Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
and target user\'s passwords respectively (instead of the invoking user\'s
password).
- Added -S flag to force password read from stdin.
- Restore coredumpsize resource limit before exec\'ing the child
process (sudo sets it to 0 internally).
- Truncate unencrypted password to 8 chars if encrypted password is exactly
13 characters (indicateing standard a DES password). Many versions
of crypt() do this for you, but not all (like HP-UX\'s).
- Fixed a typo/thinko that broke secureware support for long passwords.
- Added a new command line switch \'-c\' to support BSD login classes.
The \'-c\' option can be used to sudo a command with specific resource
limits in the login.conf database. This feature is optionally enabled
via the --with-logincap configure switch. Based on a patch from
Michael D. Marchionna.
- Fixed a bug where sudo would hang around and consume CPU if we spawn
a long-running process.
- Deal with HP-UX password aging info tacked on to the end of the
encrypted password.
- Added set_logname run-time option. When unset, sudo will not set
the USER and LOGNAME environment variables.
- Wildcards are now allowed in the hostnames specified in sudoers.
The \'fqdn\' option is often required for this to be useful.
- Fixed a bug where host and user qualifiers in a Defaults entry were
not being used correctly and the entry was being applied globally.

Sat Mar 11 01:00:00 2000 Ryan Weaver
[sudo-1.6.2p3-1]
- Fixed a typo/think that broke secureware support for long passwords.

Tue Feb 29 01:00:00 2000 Ryan Weaver
[sudo-1.6.2p2-1]
- Fixed a bug that caused an infinite loop when the password
timeout was disabled.

Sat Jan 29 01:00:00 2000 Ryan Weaver
[sudo-1.6.2p1-1]
- Users in the \'exempt\' group shouldn\'t get their $PATH overridden
by \'secure-path\'. Patch from jmknobleAATTpobox.com.
- Pam now works on HP-UX 11.0, thanks to Jeff A. Earickson.

Tue Jan 25 01:00:00 2000 Ryan Weaver
[sudo-1.6.2-1]
- Better behavior for -l and -v flags in conjunction with NOPASSWD and
added \"verifypw\" and \"listpw\" options.
- For HP-UX with cc, add the -Aa flag along with -D_HPUX_SOURCE.
- Fix compilation with K&R compilers.
- For netgroup host matching, match against the short version of the
hostname as well as the long one if they are different.
- Terminate passwd reading on \'\\r\' in addition to \'\
\'
- Visudo used to loop endlessly if a user entered ^D at the whatnow
prompt. EOF is now treaded as \'x\' (exit w/o saving changes).
- The \'shell_noargs\' runtime option is back based on a patch from
bguilloryAATTemail.com.
- Systems that return RLIM_INFINITY for RLIMIT_NOFILE (like AIX)
would loop for a very loing time during sudo startup. A value of
RLIM_INFINITY is now ignored (getdtablesize/sysconf is used instead).
- Locking in visudo was broken. We now lock the sudoers file, not the
sudoers temp file, which should be safe.
- PAM fixups: custom prompts now work correctly and errors are
dealt with more sanely. Patches from Cloyce D. Spradling.

Sat Dec 11 01:00:00 1999 Ryan Weaver
[sudo-1.6.1-1]
- Better diagnostics on PAM failure.
- The --enable-noargs-shell configure option works again. The
noargs-shell run-time option has been removed since it cannot
work due to the way the sudoers file is parsed.
- The following run-time options were not honored in all cases:
set_home, fqdn, syslog, tty_tickets, ticket_dir, insults.
- Fixed a bug parsing runas modifiers. If a user spec contained
multiple runas specs, the latter ones may not be applied.
- #uid now works in a RunasAlias line.
- Don\'t ask the user for a password if the user is not allowed to run
the command and the authenticate flag (in sudoers) is false.
- SecurID support now compiles and works.

Thu Nov 18 01:00:00 1999 Ryan Weaver
[sudo-1.6-1]
- Updated to version 1.6 Full Release.

Sat Nov 13 01:00:00 1999 Ryan Weaver
[sudo-1.6rc1-1]
- Updated to version 1.6 rc 1.
- sudo now turns off core dumps via setrlimit (probably paranoia).

Wed Nov 3 01:00:00 1999 Ryan Weaver
[sudo-1.6beta11-1]
- Updated to version 1.6 beta 11.
- Fixed the root_sudo option. Sudo was always complaining that root
was not allowed to run sudo if the root_sudo flag was turned off.

- tgetpass() now uses a function to read up until the end of line.
Fixes problems in a pipeline when a program sets the tty mode
to be character at a time.

Tue Nov 2 01:00:00 1999 Ryan Weaver
[sudo-1.6beta10-1]
- Updated to version 1.6 beta 10. See CHANGELOG for details.
- Added -D_GNU_SOURCE to CFLAGS. Some machines need this to compile.

Tue Oct 19 02:00:00 1999 Ryan Weaver
[sudo-1.6beta9-1]
- Updated to version 1.6 beta 9. See CHANGELOG for details.

Thu Oct 14 02:00:00 1999 Ryan Weaver
[sudo-1.6beta8-2]
- Changed Copyright rpm header info.. BSD now.
- Updated to version 1.6 beta 8. See CHANGELOG for details.

Sat Jul 10 02:00:00 1999 Ryan Weaver
[cu-sudo-1.6beta6-1]
- New PAM code again, this time it should be correct. If your PAM
actually honors appdata_ptr (Solaris does not) sudo will retain
its \'quit if you hit return at the password prompt\' behavior.
- tgetpass() now has a flag to specify whether or not to turn
off echo while reading the password. Used by the new PAM code.

Wed Jun 23 02:00:00 1999 Ryan Weaver
[cu-sudo-1.6beta5-1]
- The password authentication code has moved from check.c to auth.c.
- Kerberos V < 1.1 should work again (using the Kerberos IV code).

Sat Jun 5 02:00:00 1999 Ryan Weaver
[cu-sudo-1.6beta4-2]
- Added dir /var/run/sudo to file list.
- Added --enable-log-host --disable-log-wrap to configure.
- Added --with-logging=file to configure.
- Added logrotate.d file to rotate /var/log/sudo.log monthly.

Sat Jun 5 02:00:00 1999 Ryan Weaver
[cu-sudo-1.6beta4-1]
- Upgraded to 1.6beta4
- The runas user and NOPASSWD tags are now persistent across entries
in a command list (ie: cmnd1,cmnd2,cmnd3). A PASSWD tag has been
added to reverse NOPASSWD. The runas user and
*PASSWD tags can be
overridden on a per-command basis at which point they become the
new default for the rest of the list.
- It is now possible to use the \'!\' operator in a runas list as
well as in a Cmnd_Alias, Host_Alias and User_Alias.
- In estrdup(), do the malloc ourselves so we don\'t need to rely on the
system strdup(3) which may or may not exist. There is now no need to
provide strdup() for those w/o it.
- You can now specifiy a host list instead of just a host or alias
in a privilege list. Ie: user=host1,host2,ALIAS,!host3 /bin/ls
- Stash the \"safe\" path to the command instead of stashing the struct
stat. Should be safer.
- Now set $LOGNAME in addition to $USER.
- No longer use stdio in tgetpass()
- Don\'t use _PASSWD_LEN or PASS_MAX as we can\'t rely on them corresponding
to anything real. Instead, we just use a max password size of 256
everywhere.

Sat Jun 5 02:00:00 1999 Ryan Weaver
[cu-sudo-1.5.9p2-1]
- Initial RPM build.
- Installing sample pam file.


  
ICM