Opened 6 weeks ago

Closed 6 weeks ago

#15029 closed enhancement (fixed)

sudo-1.9.7

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 10.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Bruce Dubbs, 6 weeks ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 6 weeks ago

What's new in Sudo 1.9.7

  • The "fuzz" Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
  • Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined.
  • Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least).
  • Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation.
  • Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid.
  • Fixed a compilation error when sudo is configured with the --disable-log-client option.
  • Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented.
  • Sudo now requires autoconf 2.70 or higher to regenerate the configure script.
  • sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the "store_first" setting is enabled, the log will be stored locally until the command completes and then relayed.
  • Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the --disable-log-client and --disable-log-server configure options are specified.
  • Fixed configure's Python version detection when the version minor number is more than a single digit, for example Python 3.10.
  • The sudo Python module tests now pass for Python 3.10.
  • Sudo will now avoid changing the datasize resource limit as long as the existing value is at least 1GB. This works around a problem on 64-bit HP-UX where it is not possible to exactly restore the original datasize limit.
  • Fixed a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN.
  • Fixed an out-of-bounds read in sudoedit and visudo when the EDITOR, VISUAL or SUDO_EDITOR environment variables end in an unescaped backslash. Also fixed the handling of quote characters that are escaped by a backslash.
  • Fixed a bug that prevented the "log_server_verify" sudoers option from taking effect.
  • The sudo_sendlog utility has a new -s option to cause it to stop sending I/O records after a user-specified elapsed time. This can be used to test the I/O log restart functionality of sudo_logsrvd.
  • Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when attempting to restart an interrupted I/O log transfer.
  • The TLS connection timeout in the sudoers log client was previously hard-coded to 10 seconds. It now uses the value of log_server_timeout.
  • The configure script now outputs a summary of the user-configurable options at the end, separate from output of configure script tests.

  • Corrected the description of which groups may be specified via the -g option in the Runas_Spec section.

comment:3 by Bruce Dubbs, 6 weeks ago

Resolution: fixed
Status: assignedclosed
327a2630f9 Update to sudo-1.9.7 and libXfixes-6.0.0 (Xorg Library)
6d2b973748 Update to Jinja2-3.0.0 and MarkupSafe-2.0.0 (Python modules)
Note: See TracTickets for help on using tickets.