| Summary: | sudo-1.8.1p2 is available | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Upstream Release Monitoring <upstream-release-monitoring> |
| Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dkopecek, kzak |
| Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-12 11:54:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Upstream Release Monitoring
2011-01-25 20:02:57 UTC
Latest upstream release: 1.8.0 Current version in Fedora Rawhide: 1.7.4p5 URL: http://www.sudo.ws/sudo/dist/ Please consult the package update guidelines before you issue an update to a stable branch: https://fedoraproject.org/wiki/Package_update_guidelines More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring
Major changes between version 1.8.0 and 1.7.5:
* Sudo has been refactored to use a modular framework that can support third-party policy and I/O logging plugins. The default plugin is "sudoers" which provides the traditional sudo functionality. See the sudo_plugin manual for details on the plugin API and the sample in the plugins directory for a simple example.
=============================================================================
Major changes between version 1.7.5 and 1.7.4p6:
* When using visudo in check mode, a file named "-" may be used to check sudoers data on the standard input.
* Sudo now only fetches shadow password entries when using the password database directly for authentication.
* Password and group entries are now cached using the same key that was used to look them up. This fixes a problem when looking up entries by name if the name in the retrieved entry does not match the name used to look it up. This may happen on some systems that do case insensitive lookups or that truncate long names.
* GCC will no longer display warnings on glibc systems that use the warn_unused_result attribute for write(2) and other system calls.
* If a PAM account management module denies access, sudo now prints a more useful error message and stops trying to validate the user.
* Fixed a potential hang on idle systems when the sudo-run process exits immediately.
* Sudo now includes a copy of zlib that will be used on systems that do not have zlib installed.
* The --with-umask-override configure flag has been added to enable the "umask_override" sudoers Defaults option at build time.
* Sudo now unblocks all signals on startup to avoid problems caused by the parent process changing the default signal mask.
* LDAP Sudoers entries may now specify a time period for which the entry is valid. This requires an updated sudoers schema that includes the sudoNotBefore and sudoNotAfter attributes. Support for timed entries must be explicitly enabled in the ldap.conf file. Based on changes from Andreas Mueller.
* LDAP Sudoers entries may now specify a sudoOrder attribute that determines the order in which matching entries are applied. The last matching entry is used, just like file-based sudoers. This requires an updated sudoers schema that includes the sudOrder attribute. Based on changes from Andreas Mueller.
* When run as sudoedit, or when given the -e flag, sudo now treats command line arguments as pathnames. This means that slashes in the sudoers file entry must explicitly match slashes in the command line arguments. As a result, and entry such as: user ALL = sudoedit /etc/* will allow editing of /etc/motd but not /etc/security/default.
* NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for compatibility with OpenLDAP configuration files.
* The LDAP API TIMEOUT parameter is now honored in ldap.conf.
* The I/O log directory may now be specified in the sudoers file.
* Sudo will no longer refuse to run if the sudoers file is writable by root.
* Sudo now performs command line escaping for "sudo -s" and "sudo -i" after validating the command so the sudoers entries do not need to include the backslashes.
* Logging and email sending are now done in the locale specified by the "sudoers_locale" setting ("C" by default). Email send by sudo now includes MIME headers when "sudoers_locale" is not "C".
* The configure script has a new option, --disable-env-reset, to allow one to change the default for the sudoers Default setting "env_reset" at compile time.
* When logging "sudo -l command", sudo will now prepend "list " to the command in the log line to distinguish between an actual command invocation in the logs.
* Double-quoted group and user names may now include escaped double quotes as part of the name. Previously this was a parse error.
* Sudo once again restores the state of the signal handlers it modifies before executing the command. This allows sudo to be used with the nohup command.
* Resuming a suspended shell now works properly when I/O logging is not enabled (the I/O logging case was already correct).
=============================================================================
Major changes between version 1.7.4p5 and 1.7.4p6:
* A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors,.
Latest upstream release: 1.8.1 Current version in Fedora Rawhide: 1.7.4p5 URL: http://www.sudo.ws/sudo/dist/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Latest upstream release: 1.8.1p1 Current version in Fedora Rawhide: 1.7.4p5 URL: http://www.sudo.ws/sudo/dist/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring
please, update at least to the current maintainance version
(1.7.6p1, released on April 15, 2011):
Major changes between version 1.7.6p1 and 1.7.6:
* A non-existent includedir is now treated the same as an
empty directory and not reported as an error.
* Removed extraneous parens in LDAP filter when
sudoers_search_filter is enabled that can cause an LDAP
search error.
Major changes between version 1.7.6 and 1.7.5:
* A new LDAP setting, sudoers_search_filter, has been added to
ldap.conf. This setting can be used to restrict the set of
records returned by the LDAP query. Based on changes from
Matthew Thomas.
* White space is now permitted within a User_List when used in
conjunction with a per-user Defaults definition.
* A group ID (%#gid) may now be specified in a User_List or
Runas_List. Likewise, for non-Unix groups the syntax is
%:#gid.
* Support for double-quoted words in the sudoers file has been
fixed. The change in 1.7.5 for escaping the double quote
character caused the double quoting to only be available at
the beginning of an entry.
* The fix for resuming a suspended shell in 1.7.5 caused
problems with resuming non-shells on Linux. Sudo will now
save the process group ID of the program it is running on
suspend and restore it when resuming, which fixes both
problems.
* A bug that could result in corrupted output in "sudo -l" has
been fixed.
Major changes between version 1.7.5 and 1.7.4p6:
* When using visudo in check mode, a file named "-" may be
used to check sudoers data on the standard input.
* Sudo now only fetches shadow password entries when using the
password database directly for authentication.
* Password and group entries are now cached using the same key
that was used to look them up. This fixes a problem when
looking up entries by name if the name in the retrieved
entry does not match the name used to look it up. This may
happen on some systems that do case insensitive lookups or
that truncate long names.
* GCC will no longer display warnings on glibc systems that
use the warn_unused_result attribute for write(2) and other
system calls.
* If a PAM account management module denies access, sudo now
prints a more useful error message and stops trying to
validate the user.
* Fixed a potential hang on idle systems when the sudo-run
process exits immediately.
* Sudo now includes a copy of zlib that will be used on
systems that do not have zlib installed.
* The --with-umask-override configure flag has been added to
enable the "umask_override" sudoers Defaults option at build
time.
* Sudo now unblocks all signals on startup to avoid problems
caused by the parent process changing the default signal
mask.
* LDAP Sudoers entries may now specify a time period for which
the entry is valid. This requires an updated sudoers schema
that includes the sudoNotBefore and sudoNotAfter attributes.
Support for timed entries must be explicitly enabled in the
ldap.conf file. Based on changes from Andreas Mueller.
* LDAP Sudoers entries may now specify a sudoOrder attribute
that determines the order in which matching entries are
applied. The last matching entry is used, just like
file-based sudoers. This requires an updated sudoers schema
that includes the sudoOrder attribute. Based on changes from
Andreas Mueller.
* When run as sudoedit, or when given the -e flag, sudo now
treats command line arguments as pathnames. This means that
slashes in the sudoers file entry must explicitly match
slashes in the command line arguments. As a result, and
entry such as: user ALL = sudoedit /etc/* will allow editing
of /etc/motd but not /etc/security/default.
* NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in
ldap.conf for compatibility with OpenLDAP configuration
files.
* The LDAP API TIMEOUT parameter is now honored in ldap.conf.
* The I/O log directory may now be specified in the sudoers
file.
* Sudo will no longer refuse to run if the sudoers file is
writable by root.
* Sudo now performs command line escaping for "sudo -s" and
"sudo -i" after validating the command so the sudoers
entries do not need to include the backslashes.
* Logging and email sending are now done in the locale
specified by the "sudoers_locale" setting ("C" by default).
Email send by sudo now includes MIME headers when
"sudoers_locale" is not "C".
* The configure script has a new option, --disable-env-reset,
to allow one to change the default for the sudoers Default
setting "env_reset" at compile time.
* When logging "sudo -l command", sudo will now prepend "list
" to the command in the log line to distinguish between an
actual command invocation in the logs.
* Double-quoted group and user names may now include escaped
double quotes as part of the name. Previously this was a
parse error.
* Sudo once again restores the state of the signal handlers it
modifies before executing the command. This allows sudo to
be used with the nohup command.
* Resuming a suspended shell now works properly when I/O
logging is not enabled (the I/O logging case was already
correct).
Major changes between version 1.7.4p5 and 1.7.4p6:
* A bug has been fixed in the I/O logging support that could
cause visual artifacts in full-screen programs such as text
editors,.
Latest upstream release: 1.8.1p2 Current version in Fedora Rawhide: 1.7.4p5 URL: http://www.sudo.ws/sudo/dist/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring rebased to 1.8.1p2 in rawhide http://koji.fedoraproject.org/koji/taskinfo?taskID=3193361 |