SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sudo-1.8.16-1.301.i586.rpm :

* Thu May 15 2014 vcizekAATTsuse.com- update to 1.8.10p3
* Fixed expansion of the %p escape in the prompt for \"sudo -l\" when rootpw, runaspw or targetpw is set. Bug #639.
* Fixed matching of uids and gids which was broken in version 1.8.9
* PAM credential initialization has been re-enabled. It was unintentionally disabled by default in version 1.8.8. The way credentials are initialized has also been fixed. Bug #642.
* Fixed a descriptor leak on Linux when determing boot time. Sudo normally closes extra descriptors before running a command so the impact is limited. Bug #645.
* Fixed flushing of the last buffer of data when I/O logging is enabled. This bug, introduced in version 1.8.9, could cause incomplete command output on some systems. Bug #646.
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout is set to zero. Bug #638.
* It is now possible to disable network interface probing in sudo.conf
* When listing a user\'s privileges (sudo -l), the sudoers plugin will now prompt for the user\'s password even if the targetpw, rootpw or runaspw options are set.
* The sudoers plugin uses a new format for its time stamp files.
* sudo\'s -K option will now remove all of the user\'s time stamps, not just the time stamp for the current terminal.
* LDAP-based sudoers now uses a default search filter of (objectClass=sudoRole) for more efficient queries.
* The new use_netgroups sudoers option can be used to explicitly enable or disable netgroups support.
* Sudo is once again able to open the sudoers file when the group on sudoers doesn\'t match the expected value
* The JSON format used by visudo -x now properly supports the negation operator.
* Fixed a compilation error on AIX when LDAP support is enabled.
* Fixed parsing of the \"umask\" defaults setting in sudoers.
* Fixed a failed assertion when the \"closefrom_override\" defaults setting is enabled in sudoers and sudo\'s -C flag is used.- option --with-timedir was renamed to --with-rundir- don\'t install test LICENSE with executable perms
* Wed Jan 29 2014 vcizekAATTsuse.com- update to 1.8.9p4
* Fixed a bug where sudo could consume large amounts of CPU while the command was running when I/O logging is not enabled. Bug #631 (bnc#861153)
* Fixed a bug where sudo would exit with an error when the debug level is set to utilAATTdebug or allAATTdebug and I/O logging is not enabled. The command would continue runnning after sudo exited.
* Wed Jan 22 2014 vcizekAATTsuse.com- added subpackage with a test for fate#313276
* Tue Jan 14 2014 vcizekAATTsuse.com- update to 1.8.9p3- set secure_path to /usr/sbin:/usr/bin:/sbin:/bin- changes since 1.8.8:
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name from being resolved properly on Linux systems. Bug #630.
* Updated config.guess, config.sub and libtool to support the ppc64le architecture (IBM PowerPC Little Endian).
* Fixed a problem with gcc 4.8\'s handling of bit fields that could lead to the noexec flag being enabled even when it was not explicitly set.
* Reworked sudo\'s main event loop to use a simple event subsystem using poll(2) or select(2) as the back end.
* It is now possible to statically compile the sudoers plugin into the sudo binary without disabling shared library support. The sudo.conf file may still be used to configure other plugins.
* Sudo can now be compiled again with a C preprocessor that does not support variadic macros.
* Visudo can now export a sudoers file in JSON format using the new -x flag.
* The locale is now set correctly again for visudo and sudoreplay.
* The plugin API has been extended to allow the plugin to exclude specific file descriptors from the \"closefrom\" range.
* There is now a workaround for a Solaris-specific problem where NOEXEC was overriding traditional root DAC behavior.
* Add user netgroup filtering for SSSD. Previously, rules for a netgroup were applied to all even when they did not belong to the specified netgroup.
* On systems with BSD login classes, if the user specified a group (not a user) to run the command as, it was possible to specify a different login class even when the command was not run as the super user.
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
* Fixed a bug where sudoedit would not update the original file from the temporary when PAM or I/O logging is not enabled.
* When recycling I/O logs, the log files are now truncated properly.
* Fixes bugs #617, #621, #622, #623, #624, #625, #626
* Tue Oct 08 2013 vcizekAATTsuse.com- update to 1.8.8- drop sudo-plugins-sudoers-sssd.patch (upstream)
* Removed a warning on PAM systems with stacked auth modules where the first module on the stack does not succeed.
* Sudo, sudoreplay and visudo now support GNU-style long options.
* The -h (--host) option may now be used to specify a host name. This is currently only used by the sudoers plugin in conjunction with the -l (--list) option.
* Sudo\'s LDAP SASL support now works properly with Kerberos. Previously, the SASL library was unable to locate the user\'s credential cache.
* It is now possible to set the nproc resource limit to unlimited via pam_limits on Linux (bug #565).
* New \"pam_service\" and \"pam_login_service\" sudoers options that can be used to specify the PAM service name to use.
* New \"pam_session\" and \"pam_setcred\" sudoers options that can be used to disable PAM session and credential support.
* The sudoers plugin now properly supports UIDs and GIDs that are larger than 0x7fffffff on 32-bit platforms.
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group Defaults entries would cause an internal error.
* If the \"tty_tickets\" sudoers option is enabled (the default), but there is no tty present, sudo will now use a ticket file based on the parent process ID. This makes it possible to support the normal timeout behavior for the session.
* Fixed a problem running commands that change their process group and then attempt to change the terminal settings when not running the command in a pseudo-terminal. Previously, the process would receive SIGTTOU since it was effectively a background process. Sudo will now grant the child the controlling tty and continue it when this happens.
* The \"closefrom_override\" sudoers option may now be used in a command-specified Defaults entry (bug #610).
* Fixed visudo\'s -q (--quiet) flag, broken in sudo 1.8.6.
* Root may no longer change its SELinux role without entering a password.
* Fixed a bug introduced in Sudo 1.8.7 where the indexes written to the I/O log timing file are two greater than they should be. Sudoreplay now contains a work-around to parse those files.
* Fri Jul 12 2013 vcizekAATTsuse.com- fix the default flag settings in manual to reflect changes caused by sudo-sudoers.patch (bnc#823292)
* Tue Jul 09 2013 darinAATTdarins.net- Added patch to resolve packaging error. Patch has been sent upstream.
* E: sudo 64bit-portability-issue ./sssd.c:829
* Tue Jul 09 2013 darinAATTdarins.net- Enable SSSD as a sudoers data source
* Tue Jul 02 2013 dmuellerAATTsuse.com- restore accidentally dropped suse-specific patches
* Thu Jun 27 2013 michaelAATTstroeder.com- Update to upstream release 1.8.7
* remove CVE-2013-1775
* remove CVE-2013-1776
* The non-Unix group plugin is now supported when sudoers data is stored in LDAP.
* User messages are now always displayed in the user\'s locale, even when the same message is being logged or mailed in a different locale.
* Log files created by sudo now explicitly have the group set to group ID 0 rather than relying on BSD group semantics (which may not be the default).
* A new exec_background sudoers option can be used to initially run the command without read access to the terminal when running a command in a pseudo-tty.
* Sudo now produces better error messages when there is an error in the sudo.conf file.
* Two new settings have been added to sudo.conf to give the admin better control of how group database queries are performed.
* There is now a standalone sudo.conf manual page.
* New support for specifying a SHA-2 digest along with the command in sudoers. Supported hash types are sha224, sha256, sha384 and sha512. See the description of Digest_Spec in the sudoers manual or the description of sudoCommand in the sudoers.ldap manual for details.
* Fixed potential false positives in visudo\'s alias cycle detection.
* Sudo now only builds Position Independent Executables (PIE) by default on Linux systems and verifies that a trivial test program builds and runs.
  
ICM