------------------------------------------------------------------- Wed Oct 10 11:45:19 CEST 2007 - prusnak@suse.cz - update to 1.6.9p6 * worked around bugs in the session support of some PAM implementations * the full tty path is now passed to PAM as well * sudo now only prints the password prompt if the process is in the foreground * inttypes.h is now included when appropriate if it is present * simplified alias allocation in the parser ------------------------------------------------------------------- Tue Sep 25 12:07:05 CEST 2007 - prusnak@suse.cz - update to 1.6.9p5 * fixed a bug related to supplemental group matching * added IPv6 support from YOSHIFUJI Hideaki * fixed the sudo_noexec installation path * fixed a compilation error on old K&R-style compilers * fixed a bug in the IP address matching introduced by the IPV6 merge * for "visudo -f file" we now use the permissions of the original file and not the hard-coded sudoers owner/group/mode (this makes it possible to use visudo with a revision control system) * fixed sudoedit when used on a non-existent file * regenerated configure using autoconf 2.6.1 and libtool 1.5.24 * groups and netgroups are now valid in an LDAP sudoRunas statement - dropped obsolete patches: * groupmatch.patch (included in update) ------------------------------------------------------------------- Tue Aug 28 11:41:51 CEST 2007 - prusnak@suse.cz - build --without-secure-path - hardcoded secure path changed to /usr/sbin:/bin:/usr/bin:/sbin (secure_path.diff) - user can now add PATH variable to env_keep in /etc/sudoers ------------------------------------------------------------------- Tue Aug 14 11:02:58 CEST 2007 - prusnak@suse.cz - added XDG_SESSION_COOKIE to env_keep variables [#298943] - fixed supplemental group matching (groupmatch.patch) ------------------------------------------------------------------- Sat Aug 11 13:06:53 CEST 2007 - schwab@suse.de - Avoid command line parsing bug in autoconf < 2.59c. ------------------------------------------------------------------- Tue Jul 31 10:18:36 CEST 2007 - prusnak@suse.cz - updated to 1.6.9p2 * fixed a crash in the error logging function * worked around a crash when no tty was present in some PAM implementations * fixed updating of the saved environment when the environ pointer gets changed out from underneath us ------------------------------------------------------------------- Tue Jul 24 15:49:47 CEST 2007 - prusnak@suse.cz - updated to 1.6.9 * added to the list of variables to remove from the environment * fixed a Kerberos V security issue that could allow a user to authenticate using a fake KDC * PAM is now the default on systems where it is supported * removed POSIX saved uid use; the stay_setuid option now requires the setreuid() or setresuid() functions to work * fixed fd leak when lecture file option is enabled * PAM fixes * security fix for Kerberos5 * fixed securid5 authentication * added fcntl F_CLOSEM support to closefrom() * sudo now uses the supplemental group vector for matching * added more environment variables to remove by default * mail from sudo now includes an Auto-Submitted: auto-generated header * reworked the environment handling code * remove the --with-execv option, it was not useful * use TCSADRAIN instead of TCSAFLUSH in tgetpass() since some OSes have issues with TCSAFLUSH * use glob(3) instead of fnmatch(3) for matching pathnames * reworked the syslog long line splitting code based on changes from Eygene Ryabinkin * visudo will now honor command line arguments in the EDITOR or VISUAL environment variables if env_editor is enabled * LDAP now honors rootbinddn, timelimit and bind_timelimit in /etc/ldap.conf * For LDAP, do a sub tree search instead of a base search (one level in the tree only) for sudo right objects * env_reset option is now enabled by default * moved LDAP schema data into separate files * sudo no longer assumes that gr_mem in struct group is non-NULL * added support for setting environment variables on the command line if the command has the SETENV attribute set in sudoers * added a -E flag to preserve the environment if the SETENV attribute has been set * sudoers2ldif script now parses Runas users * -- flag now behaves as documented * sudo -k/-K no longer cares if the timestamp is in the future * when searching for the command, sudo now uses the effective gid of the runas user * sudo no longer updates the timestamp if not validated by sudoers * now rebuild environment regardless of how sudo was invoked * more accurate usage() when called as sudoedit * command line environment variables are now treated like normal environment variables unless the SETENV tag is set * better explanation of environment handling in the sudo man page - changed '/usr/bin/env perl' to '/usr/bin/env' in sudoers2ldif script (env.diff) - dropped obsoleted patches: * sudo-1.6.8p12-conf.diff * sudo-1.6.8p12-configure.diff ------------------------------------------------------------------- Tue Jul 17 10:57:40 CEST 2007 - prusnak@suse.cz - added note about special input method variables into /etc/sudoers (sudoers.diff) [#222728] ------------------------------------------------------------------- Fri Jan 26 13:16:15 CET 2007 - prusnak@suse.cz - packaged script sudoers2ldif * can be used for importing /etc/sudoers to LDAP * more info at http://www.sudo.ws/sudo/readme_ldap.html ------------------------------------------------------------------- Wed Jan 24 10:36:48 CET 2007 - prusnak@suse.cz - added sudoers permission change to %post section of spec file ------------------------------------------------------------------- Thu Nov 30 14:12:34 CET 2006 - prusnak@suse.cz - package /etc/sudoers as 0440 [Fate#300934] ------------------------------------------------------------------- Wed Nov 29 18:29:23 CET 2006 - prusnak@suse.cz - protect locale-related environment variables from resetting (sudoers.diff) [#222728] ------------------------------------------------------------------- Wed Oct 4 19:35:18 CEST 2006 - mjancar@suse.cz - enable LDAP support (#159774) ------------------------------------------------------------------- Wed Jun 14 16:55:52 CEST 2006 - schwab@suse.de - Fix quoting in configure script. ------------------------------------------------------------------- Wed Mar 8 15:22:15 CET 2006 - mjancar@suse.cz - don't limit access to local group users (#151938) ------------------------------------------------------------------- Fri Jan 27 09:23:26 CET 2006 - mjancar@suse.cz - set environment and sudo search PATH to SECURE_PATH only when env_reset (#145687) ------------------------------------------------------------------- Thu Jan 26 13:28:28 CET 2006 - schwab@suse.de - Fix syntax error in /etc/sudoers. ------------------------------------------------------------------- Thu Jan 26 12:03:48 CET 2006 - mjancar@suse.cz - fix PATH always reset (#145687) ------------------------------------------------------------------- Wed Jan 25 21:41:52 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Sun Jan 15 20:40:26 CET 2006 - schwab@suse.de - Don't strip binaries. ------------------------------------------------------------------- Tue Jan 10 16:31:46 CET 2006 - mjancar@suse.cz - fix CVE-2005-4158 (#140300) * compile with --with-secure-path * use always_set_home and env_reset by default - document purpose of the default asking for root password ------------------------------------------------------------------- Wed Dec 21 19:55:27 CET 2005 - mjancar@suse.cz - update to 1.6.8p12 ------------------------------------------------------------------- Fri Dec 9 10:01:27 CET 2005 - ro@suse.de - disabled selinux ------------------------------------------------------------------- Tue Aug 2 20:42:18 CEST 2005 - mjancar@suse.cz - update to 1.6.8p9 ------------------------------------------------------------------- Mon Jun 20 11:50:45 CEST 2005 - anicka@suse.cz - build position independent binaries ------------------------------------------------------------------- Mon Feb 28 15:30:42 CET 2005 - ro@suse.de - update to 1.6.8p7 ------------------------------------------------------------------- Mon Nov 15 14:58:45 CET 2004 - kukuk@suse.de - Use common PAM config files ------------------------------------------------------------------- Mon Sep 13 16:00:56 CEST 2004 - ro@suse.de - undef __P first ------------------------------------------------------------------- Tue Apr 6 07:12:34 CEST 2004 - kukuk@suse.de - fix default permissions of sudo ------------------------------------------------------------------- Fri Mar 26 01:18:52 CET 2004 - ro@suse.de - added postfix to neededforbuild ------------------------------------------------------------------- Wed Feb 25 13:02:03 CET 2004 - lnussel@suse.de - Add comment and warning for 'Defaults targetpw' to config file ------------------------------------------------------------------- Thu Jan 29 15:57:53 CET 2004 - kukuk@suse.de - Fix sudo configuration broken by last patch ------------------------------------------------------------------- Wed Jan 28 10:55:29 CET 2004 - kukuk@suse.de - Add SELinux patch ------------------------------------------------------------------- Thu Jan 22 18:45:07 CET 2004 - ro@suse.de - package /etc/sudoers as 0640 ------------------------------------------------------------------- Fri Jan 16 13:26:31 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Sun Jan 11 09:29:32 CET 2004 - adrian@suse.de - build as user ------------------------------------------------------------------- Fri Nov 7 16:20:57 CET 2003 - schwab@suse.de - Fix quoting in configure script. ------------------------------------------------------------------- Wed Sep 10 11:06:04 CEST 2003 - mjancar@suse.cz - move the defaults to better place in /etc/sudoers (#30282) ------------------------------------------------------------------- Mon Aug 25 15:21:16 CEST 2003 - mjancar@suse.cz - update to 1.6.7p5 * Fixed a problem with large numbers of environment variables. - more useful defaults (#28056) ------------------------------------------------------------------- Wed May 14 10:44:53 CEST 2003 - mjancar@suse.cz - update to version 1.6.7p4 ------------------------------------------------------------------- Fri Feb 7 13:49:00 CET 2003 - kukuk@suse.de - Use pam_unix2.so instead of pam_unix.so ------------------------------------------------------------------- Wed Jun 5 15:18:21 CEST 2002 - pmladek@suse.cz - updated to version 1.6.6 - removed obsolete heap-overflow fix in prompt patch ------------------------------------------------------------------- Mon Apr 22 14:56:46 CEST 2002 - pmladek@suse.cz - fixed a heap-overflow (prompt patch) - fixed prompt behaviour, %% is always translated to % (prompt patch) ------------------------------------------------------------------- Tue Feb 12 12:23:08 CET 2002 - pmladek@suse.cz - insults are really off by default now [#13134] - sudo.pamd moved from patch to sources - used %defattr(-,root,root) ------------------------------------------------------------------- Thu Jan 24 10:17:00 CET 2002 - postadal@suse.cz - updated to version 1.6.5p2 ------------------------------------------------------------------- Thu Jan 17 18:47:02 CET 2002 - pmladek@suse.cz - updated to version 1.6.5p1 - removed obsolete security patch (to do not run mailer as root), sudo runs mailer again as root but with hard-coded environment ------------------------------------------------------------------- Wed Jan 2 12:36:17 CET 2002 - pmladek@suse.cz - aplied security patch from Sebastian Krahmer to do not run mailer as root - NOTIFY_BY_EMAIL enabled ------------------------------------------------------------------- Tue Oct 30 22:58:33 CET 2001 - bjacke@suse.de - make /etc/sudoers (noreplace) ------------------------------------------------------------------- Wed Aug 15 16:17:35 CEST 2001 - pmladek@suse.cz - updated to version 1.6.3p7 ------------------------------------------------------------------- Tue Aug 14 18:05:55 CEST 2001 - ro@suse.de - Don't use absolute paths to PAM modules in PAM config files ------------------------------------------------------------------- Tue Feb 27 11:17:10 CET 2001 - pblaha@suse.cz - update on 1.6.3p6 for fix potential security problems ------------------------------------------------------------------- Mon Jun 26 17:39:24 CEST 2000 - schwab@suse.de - Add %suse_update_config. ------------------------------------------------------------------- Thu May 4 15:57:08 CEST 2000 - smid@suse.cz - upgrade to 1.6.3 - buildroot added ------------------------------------------------------------------- Tue Apr 4 17:55:40 CEST 2000 - uli@suse.de - added "--with-env-editor" to configure call ------------------------------------------------------------------- Wed Mar 1 16:08:27 CET 2000 - schwab@suse.de - Specfile cleanup, remove Makefile.Linux - /usr/man -> /usr/share/man ------------------------------------------------------------------- Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. ------------------------------------------------------------------- Wed Jun 9 17:19:36 MEST 1999 - kukuk@suse.de - update to version 1.5.9p1 - enable PAM ---------------------------------------------------------------------------- Wed Nov 6 00:13:26 CET 1996 - florian@suse.de - update to version 1.5.2 - sudo has changed a lot, please check the sudo documentation