Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9232 closed enhancement (fixed)

sudo-1.8.20

Reported by: bdubbs@… Owned by: bdubbs@…
Priority: normal Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (5)

comment:1 by bdubbs@…, 5 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:2 by bdubbs@…, 5 years ago

What's new in Sudo 1.8.20

  • Added support for SASL_MECH in ldap.conf. Bug #764
  • Added support for digest matching when the command is a glob-style pattern or a directory. Previously, only explicit path matches supported digest checks.
  • New "fdexec" Defaults option to control whether a command is executed by path or by open file descriptor.
  • The embedded copy of zlib has been upgraded to version 1.2.11.
  • Fixed a bug that prevented sudoers include files with a relative path starting with the letter 'i' from being opened. Bug #776.
  • Added support for command timeouts in sudoers. The command will be terminated if the timeout expires.
  • The SELinux role and type are now displayed in the "sudo -l" output for the LDAP and SSSD backends, just as they are in the sudoers backend.
  • A new command line option, -T, can be used to specify a command timeout as long as the user-specified timeout is not longer than the timeout specified in sudoers. This option may only be used when the "user_command_timeouts" flag is enabled in sudoers.
  • Added NOTBEFORE and NOTAFTER command options to the sudoers backend similar to what is already available in the LDAP backend.
  • Sudo can now optionally use the SHA2 functions in OpenSSL or GNU crypt instead of the SHA2 implementation bundled with sudo.
  • Fixed a compilation error on systems without the stdbool.h header file. Bug #778.
  • Fixed a compilation error in the standalone Kerberos V authentication module. Bug #777.
  • Added the iolog_flush flag to sudoers which causes I/O log data to be written immediately to disk instead of being buffered.
  • I/O log files are now created with group ID 0 by default unless the "iolog_user" or "iolog_group" options are set in sudoers.
  • It is now possible to store I/O log files on an NFS-mounted file system where uid 0 is remapped to an unprivileged user. The "iolog_user" option must be set to a non-root user and the top-level I/O log directory must exist and be owned by that user.
  • Added the restricted_env_file setting to sudoers which is similar to env_file but its contents are subject to the same restrictions as variables in the invoking user's environment.
  • Fixed a use after free bug in the SSSD backend when the fqdn sudoOption is enabled and no hostname value is present in /etc/sssd/sssd.conf.
  • Fixed a typo that resulted in a compilation error on systems where the killpg() function is not found by configure.
  • Fixed a compilation error with the included version of zlib when sudo was built outside the source tree.
  • Fixed the exit value of sudo when the command is terminated by a signal other than SIGINT. This was broken in sudo 1.8.15 by the fix for Bug #722. Bug #784.
  • Fixed a regression introduced in sudo 1.8.18 where the "lecture" option could not be used in a positive boolean context, only a negative one.
  • Fixed an issue where sudo would consume stdin if it was not connected to a tty even if log_input is not enabled in sudoers. Bug #786.
  • Clarify in the sudoers manual that the #includedir directive diverts control to the files in the specified directory and, when parsing of those files is complete, returns control to the original file. Bug #775.

comment:3 by bdubbs@…, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 18723.

comment:4 by bdubbs@…, 5 years ago

Milestone: 8.1m8.1

Milestone renamed

comment:5 by bdubbs@…, 5 years ago

Milestone: m8.18.1

Milestone renamed

Note: See TracTickets for help on using tickets.