SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sudo-1.8.15-3.336.x86_64.rpm :

* Fri Nov 06 2015 kstreitovaAATTsuse.com- update to 1.8.15:
* Fixed a bug that prevented sudo from building outside the source tree on some platforms. Bug #708.
* Fixed the location of the sssd library in the RHEL/Centos packages. Bug #710.
* Fixed a build problem on systems that don\'t implicitly include sys/types.h from other header files. Bug #711.
* Fixed a problem on Linux using containers where sudo would ignore signals sent by a process in a different container.
* Sudo now refuses to run a command if the PAM session module returns an error.
* When editing files with sudoedit, symbolic links will no longer be followed by default. The old behavior can be restored by enabling the sudoedit_follow option in sudoers or on a per-command basis with the FOLLOW and NOFOLLOW tags. Bug #707.
* Fixed a bug introduced in version 1.8.14 that caused the last valid editor in the sudoers \"editor\" list to be used by visudo and sudoedit instead of the first. Bug #714.
* Fixed a bug in visudo that prevented the addition of a final newline to edited files without one.
* Fixed a bug decoding certain base64 digests in sudoers when the intermediate format included a \'=\' character.
* Individual records are now locked in the time stamp file instead of the entire file. This allows sudo to avoid prompting for a password multiple times on the same terminal when used in a pipeline. In other words, sudo cat foo | sudo grep bar now only prompts for the password once. Previously, both sudo processes would prompt for a password, often making it impossible to enter. Bug #705.
* Fixed a bug where sudo would fail to run commands as a non-root user on systems that lack both setresuid() and setreuid(). Bug #713.
* Fixed a bug introduced in sudo 1.8.14 that prevented visudo from re-editing the correct file when a syntax error was detected.
* Fixed a bug where sudo would not relay a SIGHUP signal to the command when the terminal is closed and the command is not run in its own pseudo-tty. Bug #719.
* If some, but not all, of the LOGNAME, USER or USERNAME environment variables have been preserved from the invoking user\'s environment, sudo will now use the preserved value to set the remaining variables instead of using the runas user. This ensures that if, for example, only LOGNAME is present in the env_keep list, that sudo will not set USER and USERNAME to the runas user.
* When the command sudo is running dies due to a signal, sudo will now send itself that same signal with the default signal handler installed instead of exiting. The bash shell appears to ignore some signals, e.g. SIGINT, unless the command being run is killed by that signal. This makes the behavior of commands run under sudo the same as without sudo when bash is the shell. Bug #722.
* Slovak translation for sudo from translationproject.org.
* Hungarian and Slovak translations for sudoers from translationproject.org.
* Previously, when env_reset was enabled (the default) and the - s option was not used, the SHELL environment variable was set to the shell of the invoking user. Now, when env_reset is enabled and the - s option is not used, SHELL is set based on the target user.
* Fixed challenge/response style BSD authentication.
* Added the sudoedit_checkdir Defaults option to prevent sudoedit from editing files located in a directory that is writable by the invoking user.
* Added the always_query_group_plugin Defaults option to control whether groups not found in the system group database are passed to the group plugin. Previously, unknown system groups were always passed to the group plugin.
* When creating a new file, sudoedit will now check that the file\'s parent directory exists before running the editor.
* Fixed the compiler stack protector test in configure for compilers that support -fstack-protector but don\'t actually have the ssp library available.- use spec-cleaner
* Wed Aug 12 2015 jengelhAATTinai.de- No need to buildrequire an sssd plugin (libsss_sudo)
* Wed Aug 12 2015 dimstarAATTopensuse.org- Pass --enable-tmpfiles.d=%{_tmpfilesdir} to configure: let\'s be specific about this feature, and not randomly rely on the presence/absence of /usr/lib/tmpfiles.d/systemd.conf.- Add systemd-rpm-macros BuildRequires to ensure %_tmpfilesdir is defined.- Add relevant %tmpfiles_create call to post scriptlet.
* Thu Jul 23 2015 kstreitovaAATTsuse.com- update to 1.8.14p3:
* changes in 1.8.14p3
* Fixed a bug introduced in sudo 1.8.14p2 that prevented sudo from working when no tty was present. Bug #706.
* Fixed tty detection on newer AIX systems where dev_t is 64-bit.
* changes in 1.8.14p2
* Fixed a bug introduced in sudo 1.8.14 that prevented the lecture file from being created. Bug #704.
* changes in 1.8.14p1
* Fixed a bug introduced in sudo 1.8.14 that prevented the sssd backend from working. Bug #703.
* changes in 1.8.14
* Log messages on Mac OS X now respect sudoers_locale when sudo is build with NLS support.
* The sudo manual pages now pass mandoc -Tlint with no warnings.
* Fixed a compilation problem on systems with the sig2str() function that do not define SIG2STR_MAX in signal.h.
* Worked around a compiler bug that resulted in unexpected behavior when returning an int from a function declared to return bool without an explicit cast.
* Worked around a bug in Mac OS X 10.10 BSD auditing where the au_preselect() fails for AUE_sudo events but succeeds for AUE_DARWIN_sudo.
* Fixed a hang on Linux systems with glibc when sudo is linked with jemalloc.
* When the user runs a command as a user ID that is not present in the password database via the -u flag, the command is now run with the group ID of the invoking user instead of group ID 0.
* Fixed a compilation problem on systems that don\'t pull in definitions of uid_t and gid_t without sys/types.h or unistd.h.
* Fixed a compilation problem on newer AIX systems which use a struct st_timespec for time stamps in struct stat that differs from struct timespec. Bug #702.
* The example directory is now configurable via --with-exampledir and defaults to DATAROOTDIR/examples/sudo on BSD systems.
* The /usr/lib/tmpfiles.d/sudo.conf file is now installed as part of \"make install\" when systemd is in use.
* Fixed a linker problem on some systems with libintl. Bug #690.
* Fixed compilation with compilers that don\'t support __func__ or __FUNCTION__.
* Sudo no longer needs to uses weak symbols to support localization in the warning functions. A registration function is used instead.
* Fixed a setresuid() failure in sudoers on Linux kernels where uid changes take the nproc resource limit into account.
* Fixed LDAP netgroup queries on AIX.
* Sudo will now display the custom prompt on Linux systems with PAM even if the \"Password: \" prompt is not localized by the PAM module. Bug #701.
* Double-quoted values in an LDAP sudoOption are now supported for consistency with file-based sudoers.
* Fixed a bug that prevented the btime entry in /proc/stat from being parsed on Linux.
* update sudo-sudoers.patch
* remove sudo-parse_boottime_properly.patch (it\'s not longer needed)
* Wed Jul 22 2015 crrodriguezAATTopensuse.org- BuildRequires zlib-devel, support zlib compressed I/O logs.
* Thu May 14 2015 vcizekAATTsuse.com- update to 1.8.13
* The examples directory is now a subdirectory of the doc dir to conform to Debian guidelines. Bug #682.
* Fixed a compilation error for siglist.c and signame.c on some systems. Bug #686
* Weak symbols are now used for sudo_warn_gettext() and sudo_warn_strerror() in libsudo_util to avoid link errors when - Wl,--no-undefined is used in LDFLAGS. The --disable-weak-symbols configure option can be used to disable the user of weak symbols.
* Fixed a bug in sudo\'s mkstemps() replacement function that prevented the file extension from being preserved in sudoedit.
* A new mail_all_cmnds sudoers flag will send mail when a user runs a command (or tries to). The behavior of the mail_always flag has been restored to always send mail when sudo is run.
* New \"MAIL\" and \"NOMAIL\" command tags have been added to toggle mail sending behavior on a per-command (or Cmnd_Alias) basis.
* Fixed matching of empty passwords when sudo is configured to use passwd (or shadow) file authentication on systems where the crypt() function returns NULL for invalid salts.
* The \"all\" setting for listpw and verifypw now works correctly with LDAP and sssd sudoers.
* The sudo timestamp directory is now created at boot time on platforms that use systemd.
* Sudo will now restore the value of the SIGPIPE handler before executing the command.
* Sudo now uses \"struct timespec\" instead of \"struct timeval\" for time keeping when possible. If supported, sudoedit and visudo now use nanosecond granularity time stamps.
* Fixed a symbol name collision with systems that have their own SHA2 implementation. This fixes a problem where PAM could use the wrong SHA2 implementation on Solaris 10 systems configured to use SHA512 for passwords.
* The editor invoked by sudoedit once again uses an unmodified copy of the user\'s environment as per the documentation. This was inadvertantly changed in sudo 1.8.0. Bug #688.
* Sun Feb 22 2015 vcizekAATTsuse.com- update to 1.8.12 (fixes bnc#918953)- changelog:
* The embedded copy of zlib has been upgraded to version 1.2.8 and is now installed as a shared library where supported.
* Debug settings for the sudo front end and sudoers plugin are now configured separately.
* Multiple sudo.conf Debug entries may now be specified per program (or plugin).
* The plugin API has been extended such that the path to the plugin that was loaded is now included in the settings array. This path can be used to register with the debugging subsystem. The debug_flags setting is now prefixed with a file name and may be specified multiple times if there is more than one matching Debug setting in sudo.conf.
* The sudoers regression tests now run with the locale set to C since some of the tests compare output that includes locale-specific messages. Bug #672.
* Fixed a bug where sudo would not run commands on Linux when compiled with audit support if audit is disabled. Bug #671.
* The default password prompt now includes a trailing space after \"Password:\" for consistency with su(1) on most systems. Bug #663.
* Visudo will now use the optional sudoers_file, sudoers_mode, sudoers_uid and sudoers_gid arguments if specified on the sudoers.so Plugin line in the sudo.conf file.
* Fixed a problem introduced in sudo 1.8.8 that prevented the full host name from being used when the fqdn sudoers option is used. Bug #678.
* Sudo now installs a handler for SIGCHLD signal handler immediately before stating the process that will execute the command (or start the monitor).
* Removed a limit on the length of command line arguments expanded by a wild card using sudo\'s version of the fnmatch() function. This limit was introduced when sudo\'s version of fnmatch() was replaced in sudo 1.8.4.
* LDAP-based sudoers can now query an LDAP server for a user\'s netgroups directly. This is often much faster than fetching every sudoRole object containing a sudoUser that begins with a `+\' prefix and checking whether the user is a member of any of the returned netgroups.
* The mail_always sudoers option no longer sends mail for sudo -l or sudo -v unless the user is unable to authenticate themselves.
* Fixed a crash when sudo is run with an empty argument vector.
* Fixed two potential crashes when sudo is run with very low resource limits.
* The TZ environment variable is now checked for safety instead of simply being copied to the environment of the command. This fixes a potential security issue.
* Wed Dec 17 2014 vcizekAATTsuse.com- correctly parse /proc/stat for boottime (bnc#899252)
* added sudo-parse_boottime_properly.patch from Debian
* Thu Nov 06 2014 fstrbaAATTsuse.com- update to 1.8.11p2
* Fixed a bug where dynamic shared objects loaded from a plugin could use the hooked version of getenv() but not the hooked versions of putenv(), setenv() or unsetenv(). This can cause problems for PAM modules that use those functions.
* Sat Oct 11 2014 tabrahamAATTsuse.com- refresh sudo-sudoers.patch- update to 1.8.11p1
* Fixed a compilation problem on some systems when the - -disable-shared-libutil configure option was specified.
* The user can no longer interrupt the sleep after an incorrect password on PAM systems using pam_unix. Bug #666.
* Fixed a compilation problem on Linux systems that do not use PAM. Bug #667.
* \"make install\" will now work with the stock GNU autotools install-sh script. Bug #669.
* Fixed a crash with \"sudo -i\" when the current working directory does not exist. Bug #670.
* Fixed a potential crash in the debug subsystem when logging a message larger that 1024 bytes.
* Fixed a \"make check\" failure for ttyname when stdin is closed and stdout and stderr are redirected to a different tty. Bug #643.
* Added BASH_FUNC_
* to environment blacklist to match newer-style bash functions.- changes from 1.8.11
* The sudoers plugin no longer uses setjmp/longjmp to recover from fatal errors. All errors are now propagated to the caller via return codes.
* When running a command in the background, sudo will now forward SIGINFO to the command (if supported).
* Sudo will now use the system versions of the sha2 functions from libc or libmd if available.
* Visudo now works correctly on GNU Hurd. Bug #647.
* Fixed suspend and resume of curses programs on some system when the command is not being run in a pseudo-terminal. Bug #649.
* Fixed a crash with LDAP-based sudoers on some systems when Kerberos was enabled.
* Sudo now includes optional Solaris audit support.
* Catalan translation for sudoers from translationproject.org.
* Norwegian Bokmaal translation for sudo from translationproject.org.
* Greek translation for sudoers from translationproject.org
* The sudo source tree has been reorganized to more closely resemble that of other gettext-enabled packages.
* Sudo and its associated programs now link against a shared version of libsudo_util. The --disable-shared-libutil configure option may be used to force static linking if the --enable-static-sudoers option is also specified.
* The passwords in ldap.conf and ldap.secret may now be encoded in base64.
* Audit updates. SELinux role changes are now audited. For sudoedit, we now audit the actual editor being run, instead of just the sudoedit command.
* Fixed bugs in the man page post-processing that could cause portions of the manuals to be removed.
* Fixed a crash in the system_group plugin. Bug #653.
* Fixed sudoedit on platforms without a native version of the getprogname() function. Bug #654.
* Fixed compilation problems with some pre-C99 compilers.
* Fixed sudo\'s -C option which was broken in version 1.8.9.
* It is now possible to match an environment variable\'s value as well as its name using env_keep and env_check. This can be used to preserve bash functions which would otherwise be removed from the environment.
* New files created via sudoedit as a non-root user now have the proper group id. Bug #656.
* Sudoedit now works correctly in conjunction with sudo\'s SELinux RBAC support. Temporary files are now created with the proper security context.
* The sudo I/O logging plugin API has been updated. If a logging function returns an error, the command will be terminated and all of the plugin\'s logging functions will be disabled. If a logging function rejects the command\'s output it will no longer be displayed to the user\'s terminal.
* Fixed a compilation error on systems that lack openpty(), _getpty() and grantpt(). Bug #660.
* Fixed a hang when a sudoers source is listed more than once in a single sudoers nsswitch.conf entry.
* On AIX, shell scripts without a #! magic number are now passed to /usr/bin/sh, not /usr/bin/bsh. This is consistent with what the execvp() function on AIX does and matches historic sudo behavior. Bug #661.
* Fixed a cross-compilation problem building mksiglist and mksigname. Bug #662.
  
ICM