From Todd.Miller at courtesan.com Mon Aug 2 14:19:02 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Mon, 02 Aug 2010 14:19:02 -0400 Subject: [sudo-announce] sudo 1.7.4 released Message-ID: <201008021819.o72IJ2dM015117@core.courtesan.com> Sudo version 1.7.4 is now available. This release of sudo is also available in binary package form for many common Unix/Linux variants. Source: http://www.sudo.ws/sudo/dist/sudo-1.7.4.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.4.tar.gz Binary packages: http://www.sudo.ws/sudo/download.html#binary For a list of download mirror sites, see: http://www.sudo.ws/sudo/download_mirrors.html Sudo web site: http://www.sudo.ws/sudo/ Sudo web site mirrors: http://www.sudo.ws/sudo/mirrors.html Major changes between sudo 1.7.3 and 1.7.4: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. * If PAM is in use, sudo will wait until the process has finished before closing the PAM session. * Fixed "sudo -i -u user" where user has no shell listed in the password database. * When logging I/O, sudo now handles pty read/write returning ENXIO, as seen on FreeBSD when the login session has been killed. * Sudo now performs I/O logging in the C locale. This avoids locale-related issues when parsing floating point numbers in the timing file. * Added support for Ubuntu-style admin flag dot files. From Todd.Miller at courtesan.com Mon Aug 9 08:57:34 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Mon, 09 Aug 2010 08:57:34 -0400 Subject: [sudo-announce] sudo 1.7.4p2 released Message-ID: <201008091257.o79CvY6p021888@core.courtesan.com> Sudo version 1.7.4p2 is now available. This is a bug fix release. Source: http://www.sudo.ws/sudo/dist/sudo-1.7.4p2.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.4p2.tar.gz Binary packages: http://www.sudo.ws/sudo/download.html#binary For a list of download mirror sites, see: http://www.sudo.ws/sudo/download_mirrors.html Sudo web site: http://www.sudo.ws/sudo/ Sudo web site mirrors: http://www.sudo.ws/sudo/mirrors.html Major changes between sudo 1.7.4p1 and 1.7.4p2: * Fixed a bug where sudo could spin in a busy loop waiting for the child process. * Packaging fixes for sudo.pp to better handle patchlevels. Major changes between sudo 1.7.4 and 1.7.4p1: * Fixed a bug introduced in sudo 1.7.3 that prevented the -k and -K options from functioning when the tty_tickets sudoers option is enabled. * Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist. * Changes to the configure script to enable cross-compilation of Sudo. Major changes between sudo 1.7.3 and 1.7.4: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. * If PAM is in use, sudo will wait until the process has finished before closing the PAM session. * Fixed "sudo -i -u user" where user has no shell listed in the password database. * When logging I/O, sudo now handles pty read/write returning ENXIO, as seen on FreeBSD when the login session has been killed. * Sudo now performs I/O logging in the C locale. This avoids locale-related issues when parsing floating point numbers in the timing file. * Added support for Ubuntu-style admin flag dot files. From Todd.Miller at courtesan.com Thu Aug 19 07:17:03 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Thu, 19 Aug 2010 07:17:03 -0400 Subject: [sudo-announce] sudo 1.7.4p3 released Message-ID: <201008191117.o7JBH3Re008353@core.courtesan.com> Sudo version 1.7.4p3 is now available. This is a bug fix release. Source: http://www.sudo.ws/sudo/dist/sudo-1.7.4p3.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.7.4p3.tar.gz Binary packages: http://www.sudo.ws/sudo/download.html#binary For a list of download mirror sites, see: http://www.sudo.ws/sudo/download_mirrors.html Sudo web site: http://www.sudo.ws/sudo/ Sudo web site mirrors: http://www.sudo.ws/sudo/mirrors.html Major changes between sudo 1.7.4p2 and 1.7.4p3: * A bug has been fixed where duplicate HOME environment variables could be set when the env_reset setting was disabled and the always_set_home setting was enabled in sudoers. * The value of sysconfdir is now substituted into the path to the sudoers.d directory in the installed sudoers file. * Fixed compilation problems on Irix and other platforms. * If multiple PAM "auth" actions are specified and the user enters ^C at the password prompt, sudo will now abort any subsequent "auth" actions. Previously it was necessary to enter ^C once for each "auth" action. Major changes between sudo 1.7.4p1 and 1.7.4p2: * Fixed a bug where sudo could spin in a busy loop waiting for the child process. * Packaging fixes for sudo.pp to better handle patchlevels. Major changes between sudo 1.7.4 and 1.7.4p1: * Fixed a bug introduced in sudo 1.7.3 that prevented the -k and -K options from functioning when the tty_tickets sudoers option is enabled. * Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist. * Changes to the configure script to enable cross-compilation of Sudo. Major changes between sudo 1.7.3 and 1.7.4: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. * If PAM is in use, sudo will wait until the process has finished before closing the PAM session. * Fixed "sudo -i -u user" where user has no shell listed in the password database. * When logging I/O, sudo now handles pty read/write returning ENXIO, as seen on FreeBSD when the login session has been killed. * Sudo now performs I/O logging in the C locale. This avoids locale-related issues when parsing floating point numbers in the timing file. * Added support for Ubuntu-style admin flag dot files.