- update to 1.8.15:
* Fixed a bug that prevented sudo from building outside the source
tree on some platforms. Bug #708.
* Fixed the location of the sssd library in the RHEL/Centos packages.
Bug #710.
* Fixed a build problem on systems that don't implicitly include
sys/types.h from other header files. Bug #711.
* Fixed a problem on Linux using containers where sudo would ignore
signals sent by a process in a different container.
* Sudo now refuses to run a command if the PAM session module returns
an error.
* When editing files with sudoedit, symbolic links will no longer be
followed by default. The old behavior can be restored by enabling
the sudoedit_follow option in sudoers or on a per-command basis with
the FOLLOW and NOFOLLOW tags. Bug #707.
* Fixed a bug introduced in version 1.8.14 that caused the last valid
editor in the sudoers "editor" list to be used by visudo and sudoedit
instead of the first. Bug #714.
* Fixed a bug in visudo that prevented the addition of a final newline
to edited files without one.
* Fixed a bug decoding certain base64 digests in sudoers when the
intermediate format included a '=' character.
* Individual records are now locked in the time stamp file instead of
the entire file. This allows sudo to avoid prompting for a password
multiple times on the same terminal when used in a pipeline.
In other words, sudo cat foo | sudo grep bar now only prompts for
the password once. Previously, both sudo processes would prompt for
a password, often making it impossible to enter. Bug #705.
* Fixed a bug where sudo would fail to run commands as a non-root user
on systems that lack both setresuid() and setreuid(). Bug #713.
OBS-URL: https://build.opensuse.org/request/show/342689
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=92
- update to 1.8.14p3:
* changes in 1.8.14p3
* Fixed a bug introduced in sudo 1.8.14p2 that prevented sudo
from working when no tty was present. Bug #706.
* Fixed tty detection on newer AIX systems where dev_t is 64-bit.
* changes in 1.8.14p2
* Fixed a bug introduced in sudo 1.8.14 that prevented the
lecture file from being created. Bug #704.
* changes in 1.8.14p1
* Fixed a bug introduced in sudo 1.8.14 that prevented the sssd
backend from working. Bug #703.
* changes in 1.8.14
* Log messages on Mac OS X now respect sudoers_locale when sudo
is build with NLS support.
* The sudo manual pages now pass mandoc -Tlint with no warnings.
* Fixed a compilation problem on systems with the sig2str()
function that do not define SIG2STR_MAX in signal.h.
* Worked around a compiler bug that resulted in unexpected
behavior when returning an int from a function declared to
return bool without an explicit cast.
* Worked around a bug in Mac OS X 10.10 BSD auditing where the
au_preselect() fails for AUE_sudo events but succeeds for
AUE_DARWIN_sudo.
* Fixed a hang on Linux systems with glibc when sudo is linked
with jemalloc.
* When the user runs a command as a user ID that is not present
in the password database via the -u flag, the command is now
run with the group ID of the invoking user instead of group ID 0.
* Fixed a compilation problem on systems that don't pull in
definitions of uid_t and gid_t without sys/types.h or unistd.h.
OBS-URL: https://build.opensuse.org/request/show/318161
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=87
- update to 1.8.13
* The examples directory is now a subdirectory of the doc dir to
conform to Debian guidelines. Bug #682.
* Fixed a compilation error for siglist.c and signame.c on some
systems. Bug #686
* Weak symbols are now used for sudo_warn_gettext() and
sudo_warn_strerror() in libsudo_util to avoid link errors when
-Wl,--no-undefined is used in LDFLAGS. The --disable-weak-symbols
configure option can be used to disable the user of weak symbols.
* Fixed a bug in sudo's mkstemps() replacement function that
prevented the file extension from being preserved in sudoedit.
* A new mail_all_cmnds sudoers flag will send mail when a user runs
a command (or tries to). The behavior of the mail_always flag has
been restored to always send mail when sudo is run.
* New "MAIL" and "NOMAIL" command tags have been added to toggle
mail sending behavior on a per-command (or Cmnd_Alias) basis.
* Fixed matching of empty passwords when sudo is configured to
use passwd (or shadow) file authentication on systems where the
crypt() function returns NULL for invalid salts.
* The "all" setting for listpw and verifypw now works correctly
with LDAP and sssd sudoers.
* The sudo timestamp directory is now created at boot time on
platforms that use systemd.
* Sudo will now restore the value of the SIGPIPE handler before
executing the command.
* Sudo now uses "struct timespec" instead of "struct timeval" for
time keeping when possible. If supported, sudoedit and visudo
now use nanosecond granularity time stamps.
* Fixed a symbol name collision with systems that have their own
SHA2 implementation. This fixes a problem where PAM could use
OBS-URL: https://build.opensuse.org/request/show/307129
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=83
- update to 1.8.12 (fixes bnc#918953)
- changelog:
* The embedded copy of zlib has been upgraded to version 1.2.8 and
is now installed as a shared library where supported.
* Debug settings for the sudo front end and sudoers plugin are now configured separately.
* Multiple sudo.conf Debug entries may now be specified per program (or plugin).
* The plugin API has been extended such that the path to the plugin
that was loaded is now included in the settings array. This path
can be used to register with the debugging subsystem. The debug_flags
setting is now prefixed with a file name and may be specified multiple
times if there is more than one matching Debug setting in sudo.conf.
* The sudoers regression tests now run with the locale set to C since
some of the tests compare output that includes locale-specific messages. Bug #672.
* Fixed a bug where sudo would not run commands on Linux when compiled
with audit support if audit is disabled. Bug #671.
* The default password prompt now includes a trailing space after
"Password:" for consistency with su(1) on most systems. Bug #663.
* Visudo will now use the optional sudoers_file, sudoers_mode,
sudoers_uid and sudoers_gid arguments if specified on the sudoers.so Plugin line in the sudo.conf file.
* Fixed a problem introduced in sudo 1.8.8 that prevented the full
host name from being used when the fqdn sudoers option is used. Bug #678.
* Sudo now installs a handler for SIGCHLD signal handler immediately
before stating the process that will execute the command (or start the monitor).
* Removed a limit on the length of command line arguments expanded by
a wild card using sudo's version of the fnmatch() function.
This limit was introduced when sudo's version of fnmatch() was replaced in sudo 1.8.4.
* LDAP-based sudoers can now query an LDAP server for a user's netgroups
directly. This is often much faster than fetching every sudoRole object
containing a sudoUser that begins with a `+' prefix and checking
whether the user is a member of any of the returned netgroups.
OBS-URL: https://build.opensuse.org/request/show/287223
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=81
