- Update to 1.9.15p2:
* Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
GitHub issue #326.
- Update to 1.9.15p1:
* Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
GitHub issue #325.
- Update to 1.9.15:
* Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
GitHub issue #276.
* Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
* Fixed the warning message for "sudo -l command" when the command
is not permitted. There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
* Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal. Bug #1056.
* The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes. GitHub issue #294.
* The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries. Previously, they only worked when running binaries
with the same word size as the sudo binary. GitHub issue #289.
* The sudoers source is now logged in the JSON event log. This
makes it possible to tell which rule resulted in a match.
* Running "sudo -ll command" now produces verbose output that
OBS-URL: https://build.opensuse.org/request/show/1128140
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=247
- Update to 1.9.14p3:
* Fixed a crash with Python 3.12 when the sudo Python python is unloaded.
This only affects make check for the Python plugin.
* Adapted the sudo Python plugin test output to match Python 3.12.
- Update to 1.9.14p2:
* Fixed a crash on Linux systems introduced in version 1.9.14 when running a
command with a NULL argv[0] if log_subcmds or intercept is enabled in
sudoers.
* Fixed a problem with "stair-stepped" output when piping or redirecting the
output of a sudo command that takes user input when running a command in
a pseudo-terminal.
* Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules
containing a Runas_Spec with an empty Runas user. These rules should only
match when sudo’s -g option is used but were matching even without the -g
option. #290.
OBS-URL: https://build.opensuse.org/request/show/1110618
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=243
- Update to 1.9.14p1:
* Fixed an invalid free bug in sudo_logsrvd that was introduced
in version 1.9.14 which could cause sudo_logsrvd to crash.
* The sudoers plugin no longer tries to send the terminal name
to the log server when no terminal is present. This bug was
introduced in version 1.9.14.
* Fixed a bug where if the "intercept" or "log_subcmds" sudoers
option was enabled and a sub-command was run where the first
entry of the argument vector didn't match the command being run.
This resulted in commands like "sudo su -" being killed due to
the mismatch. Bug #1050.
* The sudoers plugin now canonicalizes command path names before
matching (where possible). This fixes a bug where sudo could
execute the wrong path if there are multiple symbolic links with
the same target and the same base name in sudoers that a user is
allowed to run. GitHub issue #228.
* Improved command matching when a chroot is specified in sudoers.
The sudoers plugin will now change the root directory id needed
before performing command matching. Previously, the root directory
was simply prepended to the path that was being processed.
* When NETGROUP_BASE is set in the ldap.conf file, sudo will now
perform its own netgroup lookups of the host name instead of
using the system innetgr(3) function. This guarantees that user
and host netgroup lookups are performed using the same LDAP
server (or servers).
* Fixed a bug introduced in sudo 1.9.13 that resulted in a missing
" ; " separator between environment variables and the command
in log entries.
* The visudo utility now displays a warning when it ignores a file
in an include dir such as /etc/sudoers.d.
OBS-URL: https://build.opensuse.org/request/show/1098344
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=241
- update to 1.9.10:
* Added new log_passwords and passprompt_regex sudoers options. If
log_passwords is disabled, sudo will attempt to prevent passwords from being
logged. If sudo detects any of the regular expressions in the passprompt_regex
list in the terminal output, sudo will log ‘*’ characters instead of the
terminal input until a newline or carriage return is found in the input or an
output character is received.
* Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
operate like the sudoers options when logging terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers
sources.
* Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the
retry_interval in the [relay] section was not being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication when sudo’s -n
option is specified. A new noninteractive_auth sudoers option has been added to
enable PAM authentication in non-interactive mode. GitHub issue #131.
* On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo
(other systems) file is missing or invalid, sudo will now check file
descriptors 0-2 to determine the user’s terminal. Bug #1020.
* Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
* Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is
received.
* Fixed an issue that resulting in “problem with defaults entries” email to be
sent if a user ran sudo when the sudoers entry in the nsswitch.conf file
includes “sss” but no sudo provider is configured in /etc/sssd/sssd.conf.
* Updated the warning displayed when the invoking user is not allowed to run
sudo. If sudo has been configured to send mail on failed attempts (see the
mail_* flags in sudoers), it will now print “This incident has been reported to
the administrator.” If the mailto or mailerpath sudoers settings are disabled,
the message will not be printed and no mail will be sent.
OBS-URL: https://build.opensuse.org/request/show/964503
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=211
- Update to 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating
warnings about deprecated OpenSSL APIs.
* A digest can now be specified along with the ALL command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding
changes for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in
an alias once for each alias.
* The sudoRole cn was truncated by a single character in warning
messages. GitHub issue #115.
* The cvtsudoers utility has new --group-file and --passwd-file
options to use a custom passwd or group file when the
--match-local option is also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv
(comma-separated value) format. This can be used to help generate
entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection
being dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the editor setting was
not used if it did not match the user’s EDITOR environment
variable. This was only a problem if the env_editor setting was
not enabled. Bug #1000.
* Sudo now builds with the -fcf-protection compiler option and the
-z now linker option if supported.
* The output of sudoreplay -l now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the
log.json file, if present. This makes it possible to send
sudo-format I/O logs that use the newer log.json format to
sudo_logsrvd without losing any information.
* Fixed compilation of the arc4random_buf() replacement on systems
with arc4random() but no arc4random_buf(). Bug #1008.
* Sudo now uses its own getentropy() by default on Linux. The GNU
libc version of getentropy() will fail on older kernels that
don’t support the getrandom() system call.
* It is now possible to build sudo with WolfSSL’s OpenSSL
compatibility layer by using the --enable-wolfssl configure
option.
* Fixed a bug related to Daylight Saving Time when parsing
timestamps in Generalized Time format. This affected the NOTBEFORE
and NOTAFTER options in sudoers. Bug #1006.
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct. Bug #1007.
* It is now possible to set resource limits in the sudoers file
itself. The special values default and “user” refer to the
default system limit and invoking user limit respectively. The
core dump size limit is now set to 0 by default unless overridden
by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the “deref” and “tls_reqcert”
ldap.conf settings. This meant the options were effectively ignored
which broke dereferencing of aliases in LDAP. Bug #1013.
* Clarified in the sudo man page that the security policy may
override the user’s PATH environment variable. Bug #1014.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error if
user interaction is required. This allows PAM modules that don’t
interact with the user to succeed. Previously, sudo would not
attempt authentication if the -n option was specified. Bug #956
and GitHub issue #83.
* Fixed a regression introduced in version 1.9.1 when sudo is built
with the --with-fqdn configure option. The local host name was
being resolved before the sudoers file was processed, making it
impossible to disable DNS lookups by negating the fqdn sudoers
option. Bug #1016.
* Added support for negated sudoUser attributes in the LDAP and SSSD
sudoers back ends. A matching sudoUser that is negated will cause
the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a value
smaller than that of the invoking user and not be reset before the
command was run. Bug #1016.
- sudo no longer ships schema for LDAP.
- sudo-feature-negated-LDAP-users.patch dropped, included upstream
- refreshed sudo-sudoers.patch
OBS-URL: https://build.opensuse.org/request/show/950728
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=207
- update to 1.9.8p2
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8. Bug #998.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
- update to 1.9.8p1
* Fixed support for passing a prompt (sudo -p) or a login class
(sudo -l) on the command line. This is a regression introduced
in sudo 1.9.8. Bug #993.
* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
This is a regression introduced in sudo 1.9.8. Bug #994.
* Fixed a compilation error when the --enable-static-sudoers configure
option was specified. This is a regression introduced in sudo
1.9.8 caused by a symbol clash with the intercept and log server
protobuf functions.
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
OBS-URL: https://build.opensuse.org/request/show/920883
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=204
- update to 1.9.7p2:
* When formatting JSON output, octal numbers are now stored as strings, not
numbers. The JSON spec does not actually support octal numbers with a 0
prefix.
* Sudo now can handle the getgroups() function returning a different number
of groups for subsequent invocations. GitHub PR #106.
* When loading a Python plugin, python_plugin.so now verifies that the module
loaded matches the one we tried to load. This allows sudo to display a more
useful error message when trying to load a plugin with a name that conflicts
with a Python module installed in the system location.
* Sudo no longer sets the the open files resource limit to unlimited while it
runs. This avoids a problem where sudo's closefrom() emulation would need to
close a very large number of descriptors on systems without a way to determine
which ones are actually open.
* Sudo now includes a configure check for va_copy or __va_copy and only defines
its own version if the configure test fails.
* Fixed a bug in sudo's utmp file handling which prevented old entries from being
reused. As a result, the utmp (or utmpx) file was appended to unnecessarily.
* ixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd from
accepting TLS connections when OpenSSL is used. Bug #988.
* Fixed an SELinux sudoedit bug when the edited temporary file could not be
opened. The sesh helper would still be run even when there are no temporary
files available to install.
* The sudo_noexec.so file is now built as a module on all systems other than
macOS. This makes it possible to use other libtool implementations such as
slibtool. On macOS shared libraries and modules are not interchangeable and
the version of libtool shipped with sudo must be used.
OBS-URL: https://build.opensuse.org/request/show/909589
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=202
- update to 1.9.7p2
- enabled openssl support for secure central session
recording collection (without it's clear text)
- fixed SLES12 build
* When formatting JSON output, octal numbers are now stored as
strings, not numbers. The JSON spec does not actually support
octal numbers with a '0' prefix.
* Fixed a compilation issue on Solaris 9.
* Sudo now can handle the getgroups() function returning a different
number of groups for subsequent invocations. GitHub PR #106.
* When loading a Python plugin, python_plugin.so now verifies
that the module loaded matches the one we tried to load. This
allows sudo to display a more useful error message when trying
to load a plugin with a name that conflicts with a Python module
installed in the system location.
* Sudo no longer sets the the open files resource limit to "unlimited"
while it runs. This avoids a problem where sudo's closefrom()
emulation would need to close a very large number of descriptors
on systems without a way to determine which ones are actually open.
* Sudo now includes a configure check for va_copy or __va_copy and
only defines its own version if the configure test fails.
* Fixed a bug in sudo's utmp file handling which prevented old
entries from being reused. As a result, the utmp (or utmpx)
file was appended to unnecessarily. GitHub PR #108.
* Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd
from accepting TLS connections when OpenSSL is used. Bug #988.
* Fixed an SELinux sudoedit bug when the edited temporary file
could not be opened. The sesh helper would still be run even
when there are no temporary files available to install.
* Fixed a compilation problem on FreeBSD.
* The sudo_noexec.so file is now built as a module on all systems
other than macOS. This makes it possible to use other libtool
implementations such as slibtool. On macOS shared libraries and
modules are not interchangeable and the version of libtool shipped
with sudo must be used.
* Fixed a few bugs in the getgrouplist() emulation on Solaris when
reading from the local group file.
* Fixed a bug in sudo_logsrvd that prevented periodic relay server
connection retries from occurring in "store_first" mode.
* Disabled the nss_search()-based getgrouplist() emulation on HP-UX
due to a crash when the group source is set to "compat" in
/etc/nsswitch.conf. This is probably due to a mismatch between
include/compat/nss_dbdefs.h and what HP-UX uses internally. On
HP-UX we now just cycle through groups the slow way using
getgrent(). Bug #978.
OBS-URL: https://build.opensuse.org/request/show/909383
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=201
- update to 1.9.7
* The "fuzz" Makefile target now runs all the fuzzers for 8192
passes (can be overridden via the FUZZ_RUNS variable). This makes
it easier to run the fuzzers in-tree. To run a fuzzer indefinitely,
set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
* Fixed fuzzing on FreeBSD where the ld.lld linker returns an
error by default when a symbol is multiply-defined.
* Added support for determining local IPv6 addresses on systems
that lack the getifaddrs() function. This now works on AIX,
HP-UX and Solaris (at least). Bug #969.
* Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
report a usage error. Also, when invoked as sudoedit, sudo now
allows a more restricted set of options that matches the usage
statement and documentation. GitHub issue #95.
* Fixed a crash in sudo_sendlog when the specified certificate
or key does not exist or is invalid. Bug #970
* Fixed a compilation error when sudo is configured with the
--disable-log-client option.
* Sudo's limited support for SUCCESS=return entries in nsswitch.conf
is now documented. Bug #971.
* Sudo now requires autoconf 2.70 or higher to regenerate the
configure script. Bug #972.
* sudo_logsrvd now has a relay mode which can be used to create
a hierarchy of log servers. By default, when a relay server is
defined, messages from the client are forwarded immediately to
the relay. However, if the "store_first" setting is enabled,
the log will be stored locally until the command completes and
then relayed. Bug #965.
* Sudo now links with OpenSSL by default if it is available unless
the --disable-openssl configure option is used or both the
OBS-URL: https://build.opensuse.org/request/show/892541
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=198
- update to 1.9.6p1
* Fixed a regression introduced in sudo 1.9.6 that resulted in an
error message instead of a usage message when sudo is run with
no arguments.
* Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
* Fixed a regression introduced in sudo 1.9.4 where the
--disable-root-mailer configure option had no effect.
* Added a --disable-leaks configure option that avoids some
memory leaks on exit that would otherwise occur. This is intended
to be used with development tools that measure memory leaks. It
is not safe to use in production at this time.
* Plugged some memory leaks identified by oss-fuzz and ASAN.
* Fixed the handling of sudoOptions for an LDAP sudoRole that
contains multiple sudoCommands. Previously, some of the options
would only be applied to the first sudoCommand.
* Fixed a potential out of bounds read in the parsing of NOTBEFORE
and NOTAFTER sudoers command options (and their LDAP equivalents).
* The parser used for reading I/O log JSON files is now more
resilient when processing invalid JSON.
* Fixed typos that prevented "make uninstall" from working.
* Fixed a regression introduced in sudo 1.9.4 where the last line
in a sudoers file might not have a terminating NUL character
added if no newline was present.
* Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new
--enable-fuzzer configure option can be combined with the
--enable-sanitizer option to build sudo with fuzzing support.
Multiple fuzz targets are available for fuzzing different parts
of sudo. Fuzzers are built and tested via "make fuzz" or as part
of "make check" (even when sudo is not built with fuzzing support).
Fuzzing support currently requires the LLVM clang compiler (not gcc).
OBS-URL: https://build.opensuse.org/request/show/886334
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=196
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
OBS-URL: https://build.opensuse.org/request/show/867021
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=193
- Update to 1.9.5.p1
* Fixed a regression introduced in sudo 1.9.5 where the editor run
by sudoedit was set-user-ID root unless SELinux RBAC was in use.
The editor is now run with the user's real and effective user-IDs.
- News in 1.9.5
* Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
unknown user. This is related to but distinct from Bug #948.
* If the "lecture_file" setting is enabled in sudoers, it must now
refer to a regular file or a symbolic link to a regular file.
* Fixed a potential use-after-free bug in sudo_logsrvd when the
server shuts down if there are existing connections from clients
that are only logging events and not session I/O data.
* Fixed a buffer size mismatch when serializing the list of IP
addresses for configured network interfaces. This bug is not
actually exploitable since the allocated buffer is large enough
to hold the list of addresses.
* If sudo is executed with a name other than "sudo" or "sudoedit",
it will now fall back to "sudo" as the program name. This affects
warning, help and usage messages as well as the matching of Debug
lines in the /etc/sudo.conf file. Previously, it was possible
for the invoking user to manipulate the program name by setting
argv[0] to an arbitrary value when executing sudo.
* Sudo now checks for failure when setting the close-on-exec flag
on open file descriptors. This should never fail but, if it
were to, there is the possibility of a file descriptor leak to
a child process (such as the command sudo runs).
* Fixed CVE-2021-23239, a potential information leak in sudoedit
that could be used to test for the existence of directories not
normally accessible to the user in certain circumstances. When
creating a new file, sudoedit checks to make sure the parent
OBS-URL: https://build.opensuse.org/request/show/863080
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=191
- Update to 1.9.4p2
* Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
if the sudoers file contains a runas user-specific Defaults entry.
Bug #951.
- News in 1.9.4p1
* Fixed a regression introduced in version 1.9.4 where sudo would
not build when configured using the --without-sendmail option.
Bug #947.
* Fixed a problem where if I/O logging was disabled and sudo was
unable to connect to sudo_logsrvd, the command would still be
allowed to run even when the "ignore_logfile_errors" sudoers
option was enabled.
* Fixed a crash introduced in version 1.9.4 when attempting to run
a command as a non-existent user. Bug #948.
* The installed sudo.conf file now has the default sudoers Plugin
lines commented out. This fixes a potential conflict when there
is both a system-installed version of sudo and a user-installed
version. GitHub issue #75.
* Fixed a regression introduced in sudo 1.9.4 where sudo would run
the command as a child process even when a pseudo-terminal was
not in use and the "pam_session" and "pam_setcred" options were
disabled. GitHub issue #76.
* Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
sudoers option could not be set to a value of 3. Bug #950.
OBS-URL: https://build.opensuse.org/request/show/858236
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=189
- Update to 1.9.4
* The sudoers parser will now detect when an upper-case reserved
word is used when declaring an alias. Now instead of "syntax
error, unexpected CHROOT, expecting ALIAS" the message will be
"syntax error, reserved word CHROOT used as an alias name".
Bug #941.
* Better handling of sudoers files without a final newline.
The parser now adds a newline at end-of-file automatically which
removes the need for special cases in the parser.
* Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
where an uninitialized pointer could be freed on an error path.
GitHub issue #67.
* The core logging code is now shared between sudo_logsrvd and
the sudoers plugin.
* JSON log entries sent to syslog now use "minimal" JSON which
skips all non-essential whitespace.
* The sudoers plugin can now produce JSON-formatted logs. The
"log_format" sudoers option can be used to select sudo or json
format logs. The default is sudo format logs.
* The sudoers plugin and visudo now display the column number in
syntax error messages in addition to the line number. Bug #841.
* If I/O logging is not enabled but "log_servers" is set, the
sudoers plugin will now log accept events to sudo_logsrvd.
Previously, the accept event was only sent when I/O logging was
enabled. The sudoers plugin now sends reject and alert events too.
* The sudo logsrv protocol has been extended to allow an AlertMessage
to contain an optional array of InfoMessage, as AcceptMessage
and RejectMessage already do.
* Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
in duplicate entries in the debug log when debugging was enabled.
OBS-URL: https://build.opensuse.org/request/show/851947
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=187
- Update to 1.9.3p1
* Fixed a regression introduced in sudo 1.9.3 where the configure
script would not detect the crypt(3) function if it was present
in the C library, not an additional library.
* Fixed a regression introduced in sudo 1.8.23 with shadow passwd
file authentication on OpenBSD. BSD authentication was not
affected.
* Sudo now logs when a user-specified command-line option is
rejected by a sudoers rule. Previously, these conditions were
written to the audit log, but the default sudo log file. Affected
command line arguments include -C (--close-from), -D (--chdir),
-R (--chroot), -g (--group) and -u (--user).
- News in 1.9.3
* Fixed building the Python plugin on systems with a compiler that
doesn't support symbol hiding.
* Sudo now uses a linker script to hide symbols even when the
compiler has native symbol hiding support. This should make it
easier to detect omissions in the symbol exports file, regardless
of the platform.
* Fixed the libssl dependency in Debian packages for older releases
that use libssl1.0.0.
* Sudo and visudo now provide more detailed messages when a syntax
error is detected in sudoers. The offending line and token are
now displayed. If the parser was generated by GNU bison,
additional information about what token was expected is also
displayed. Bug #841.
* Sudoers rules must now end in either a newline or the end-of-file.
Previously, it was possible to have multiple rules on a single
line, separated by white space. The use of an end-of-line
terminator makes it possible to display accurate error messages.
OBS-URL: https://build.opensuse.org/request/show/848421
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=183
- Update to 1.9.2:
* The configure script now uses pkg-config to find the openssl cflags
and libs where possible.
* The contents of the log.json I/O log file is now documented in
the sudoers manual.
* The sudoers plugin now properly exports the sudoers_audit symbol
on systems where the compiler lacks symbol visibility controls.
This caused a regression in 1.9.1 where a successful sudo command
was not logged due to the missing audit plugin. Bug #931.
* Fixed a regression introduced in 1.9.1 that can result in crash
when there is a syntax error in the sudoers file. Bug #934.
- Rebase sudo-sudoers.patch
OBS-URL: https://build.opensuse.org/request/show/822654
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=177
- Update to 1.9.1
* Fixed an AIX-specific problem when I/O logging was enabled.
The terminal device was not being properly set to raw mode.
Bug #927.
* Corrected handling of sudo_logsrvd connections without associated
I/O log data. This fixes support for RejectMessage as well as
AcceptMessage when the expect_iobufs flag is not set.
* Added an "iolog_path" entry to the JSON-format event log produced
by sudo_logsrvd. Previously, it was only possible to determine
the I/O log file an event belonged to using sudo-format logs.
* Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.
* I/O log files produced by the sudoers plugin now clear the write
bits on the I/O log timing file when the log is complete. This
is consistent with how sudo_logsrvd indicates that a log is
complete.
* The sudoreplay utility has a new "-F" (follow) command line
option to allow replaying a session that is still in progress,
similar to "tail -f".
* The @include and @includedir directives can be used in sudoers
instead of #include and #includedir. In addition, include paths
may now have embedded white space by either using a double-quoted
string or escaping the space characters with a backslash.
* When running a command in a pty, sudo will no longer try to
suspend itself if the user's tty has been revoked (for instance
when the parent ssh daemon is killed). This fixes a bug where
sudo would continuously suspend the command (which would succeed),
then suspend itself (which would fail due to the missing tty)
and then resume the command.
* If sudo's event loop fails due to the tty being revoked, remove
the user's tty events and restart the event loop (once). This
OBS-URL: https://build.opensuse.org/request/show/815881
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=173
- Update to 1.9.0rc4
* Various spelling fixes. Bug #925.
* The struct passwd passed to PAM session modules is now looked up
by user name, not user-ID, when possible. Fixes a problem with
the pam_limits module and configurations where multiple user names
share the same ID. Debian bug #734752.
* Sudo command line options that take a value may only be specified
once. This is to help guard against problems caused by poorly
written scripts that invoke sudo with user-controlled input. Bug #924.
- Update to 1.9.0rc3
* The sudo-logsrvd package now installs a systemd service on Linux
distros that use systemd.
* The I/O plugin is now closed before the policy plugin on command
exit.
* When copying the edited files to the original path, sudoedit now
allocates any additional space needed before writing. Previously,
it could truncate the destination file if the file system was
full. Bug #922.
* Fixed a compilation issue with Python 3.8.
* Changed how TLS connections are made to the log server. Instead
of using a starttls type approach where TLS and plaintext
connections share the same point we now use separate ports for
plaintext and TLS connections. A (tls) flag can be specified after
the host:port to indicate that the connection should be secured
with TLS. This avoids a potention man-in-the-middle attack that
could cause the connection to be forced into plaintext mode.
Unfortunately, this change breaks compatibility with the
previous release candidates.
OBS-URL: https://build.opensuse.org/request/show/801195
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=168
- Update to 1.9.0rc2
* Fixed a test failure in the strsig_test regress test on FreeBSD.
* Sudo now includes a logging daemon, sudo_logsrvd, which can be
used to implement centralized logging of I/O logs. TLS connections
are supported when sudo is configured with the --enable-openssl
option. For more information, see the sudo_logsrvd, logsrvd.conf
and sudo_logsrv.proto manuals as well as the log_servers setting
in the sudoers manual.
The --disable-log-server and --disable-log-client configure
options can be used to disable building the I/O log server and/or
remote I/O log support in the sudoers plugin.
* The new sudo_sendlog utility can be used to test sudo_logsrvd
or send existing sudo I/O logs to a centralized server.
* It is now possible to write sudo plugins in Python 3 when sudo
is configured with the --enable-python> option. See the
sudo_plugin_python.man.html manual for details.
Sudo 1.9.0 comes with several Python example plugins that get
installed sudo's examples directory.
The sudo blog article "What's new in sudo 1.9: Python"
(https://blog.sudo.ws/posts/2020/01/whats-new-in-sudo-1.9-python/)
includes a simple tutorial on writing python plugins.
* Sudo now supports an "audit" plugin type. An audit plugin
receives accept, reject, exit and error messages and can be used
to implement custom logging that is independent of the underlying
security policy. Multiple audit plugins may be specified in
the sudo.conf file. A sample audit plugin is included that
writes logs in JSON format.
* Sudo now supports an "approval" plugin type. An approval plugin
is run only after the main security policy (such as sudoers) accepts
a command to be run. The approval policy may perform additional
OBS-URL: https://build.opensuse.org/request/show/794915
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=164