Revisions of sudo
Stephan Kulow (coolo)
accepted
request 140161
from
Marcus Meissner (msmeissn)
(revision 51)
- sudo 1.8.6p3 * Support for using the System Security Services Daemon (SSSD) as a source of sudoers data * Fixed a race condition that could cause sudo to receive SIGTTOU (and stop) when resuming a shell that was run via sudo when I/O logging (and use_pty) is not enabled. * The sudoers plugin now takes advantage of symbol visibility controls when supported by the compiler or linker. * Sending SIGTSTP directly to the sudo process will now suspend the running command when I/O logging (and use_pty) is not enabled. (forwarded request 140141 from elvigia)
Stephan Kulow (coolo)
accepted
request 139473
from
Cristian Rodríguez (elvigia)
(revision 50)
- add explicit buildrequire on groff (forwarded request 139469 from coolo)
Stephan Kulow (coolo)
accepted
request 124895
from
Robert Milasan (rmilasan)
(revision 48)
Update to 1.8.5p2; we want this as it includes important fixes (forwarded request 124880 from vuntz)
Stephan Kulow (coolo)
accepted
request 121250
from
Marcus Meissner (msmeissn)
(revision 47)
- update to 1.8.5
Some of the changes:
* /etc/environment is no longer read directly on Linux systems when
PAM is used. Sudo now merges the PAM environment into the user's
environment which is typically set by the pam_env module.
* The plugin API has been extended
* The policy plugin's init_session function is now called by the
parent sudo process, not the child process that executes the command
This allows the PAM session to be open and closed in the same process,
which some PAM modules require.
* A new group provider plugin, system_group, is included
* Fixed a potential security issue in the matching of hosts against
an IPv4 network specified in sudoers.The flaw may allow a user who
is authorized to run commands on hosts belonging to one IPv4
network to run commands on a different host (CVE-2012-2337) (forwarded request 121223 from vitezslav_cizek)
Stephan Kulow (coolo)
accepted
request 108650
from
Vítězslav Čížek (vitezslav_cizek)
(revision 46)
- update to 1.8.4p2
Some of the changes:
* The -D flag in sudo has been replaced with a more general
debugging framework that is configured in sudo.conf.
* Fixed a crash with sudo -i when a runas group was specified
without a runas user.
* New Serbian and Spanish translations for sudo from translationproject.org.
LDAP-based sudoers may now access by group ID in addition to group name.
* visudo will now fix the mode on the sudoers file even if no
changes are made unless the -f option is specified.
* On systems that use login.conf, sudo -i now sets environment
variables based on login.conf
* values in the LDAP search expression are now escaped as per RFC 4515
* The deprecated "noexec_file" sudoers option is no longer supported.
* Fixed a race condition when I/O logging is not enabled that could
result in tty-generated signals (e.g. control-C) being received
by the command twice.
* visudo -c will now list any include files that were checked in
addition to the main sudoers file when everything parses OK.
* Users that only have read-only access to the sudoers file may
now run visudo -c. Previously, write permissions were required
even though no writing is down in check-only mode.
Stephan Kulow (coolo)
accepted
request 102196
from
Vítězslav Čížek (vitezslav_cizek)
(revision 45)
- update to 1.8.3p2
* Fixed a format string vulnerability when the sudo binary
(or a symbolic link to the sudo binary) contains printf
format escapes and the -D (debugging) flag is used.
Stephan Kulow (coolo)
accepted
request 101544
from
Cristian Rodríguez (elvigia)
(revision 44)
- honour global CFLAGS and LDFLAGS when compiling sesh, to avoid rpmlint error (bnc#743157) (forwarded request 101520 from vitezslav_cizek)
Stephan Kulow (coolo)
accepted
request 98380
from
Cristian Rodríguez (elvigia)
(revision 43)
Set timedir correctly (forwarded request 98341 from a_jaeger)
Stephan Kulow (coolo)
accepted
request 89911
from
Vítězslav Čížek (vitezslav_cizek)
(revision 41)
- update to sudo-1.8.3
- Fixed expansion of strftime() escape sequences
in the log_dir sudoers setting.
- Esperanto, Italian and Japanese
translations from translationproject.org.
- Added --enable-werror configure option for gcc's
-Werror flag. - Visudo no longer
assumes all editors support the +linenumber command line argument.
It now uses a whitelist of editors known to support the option.
- Fixed matching of network addresses when a netmask is specified but
the address is not the first one in the CIDR block.
- The configure script now check whether or not errno.h declares the
errno variable. Previously, sudo would always declare errno itself
for older systems that don't declare it in errno.h.
- The NOPASSWD tag is now honored for denied commands too,
which matches historic sudo behavior (prior to sudo 1.7.0).
- Sudo now honors the DEREF
setting in ldap.conf which controls how alias dereferencing is done
during an LDAP search.
- A symbol conflict with the
pam_ssh_agent_auth PAM module that would cause a crash been
resolved.
- The inability to load a group provider plugin is no
longer a fatal error.
- A potential crash in the utmp handling
code has been fixed.
- Two PAM session issues have been resolved.
In previous versions of sudo, the PAM session was opened as one
user and closed as another. Additionally, if no authentication was
performed, the PAM session would never be closed.
Adrian Schröter (adrianSuSE)
committed
(revision 40)
Lars Vogdt (lrupp)
accepted
request 87713
from
Vítězslav Čížek (vitezslav_cizek)
(revision 39)
- updated to sudo-1.8.2
* Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
language support (NLS). This can be disabled by passing configure
the --disable-nls option. Sudo will use gettext(), if available,
to display translated messages. All translations are coordinated
via The Translation Project, http://translationproject.org/.
* Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
RTLD_LOCAL. This fixes missing symbol problems in PAM modules
on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
* I/O logging is now supported for commands run in background mode
(using sudo's -b flag).
* Group ownership of the sudoers file is now only enforced when
the file mode on sudoers allows group readability or writability.
* Visudo now checks the contents of an alias and warns about cycles
when the alias is expanded.
* If the user specifes a group via sudo's -g option that matches
the target user's group in the password database, it is now
allowed even if no groups are present in the Runas_Spec.
* The sudo Makefiles now have more complete dependencies which are
automatically generated instead of being maintained manually.
* The "use_pty" sudoers option is now correctly passed back to the
sudo front end. This was missing in previous versions of sudo
1.8 which prevented "use_pty" from being honored.
* "sudo -i command" now works correctly with the bash version
2.0 and higher. Previously, the .bash_profile would not be
sourced prior to running the command unless bash was built with
NON_INTERACTIVE_LOGIN_SHELLS defined.
* When matching groups in the sudoers file, sudo will now match
based on the name of the group instead of the group ID. This can
substantially reduce the number of group lookups for sudoers
Sascha Peilicke (saschpe)
accepted
request 70788
from
Petr Uzel (puzel)
(revision 37)
update to 1.8.1p2
Sascha Peilicke (saschpe)
accepted
request 64995
from
Petr Uzel (puzel)
(revision 35)
Accepted submit request 64995 from user coolo
Ruediger Oertel (oertel)
accepted
request 59319
from
Petr Uzel (puzel)
(revision 32)
Accepted submit request 59319 from user puzel
Displaying revisions 101 - 120 of 151
