Rebased to 1.7.4p5. Notable major changes since 1.7.2p2:
- If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior.
- Suspending and resuming the bash shell when PAM is in use now works properly. The SIGCONT signal was not being propagated to the child process.
- Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist.
- Time stamp files have moved from /var/run/sudo to /var/db/sudo. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this.
- Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf.
- Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run).
- The tty_tickets option is now on by default.
- If PAM is in use, wait until the process has finished before closing the PAM session.
- Support for logging a command's input and output as well as the ability to replay sessions.
- When the tty_tickets sudoers option is enabled but there is no terminal device, sudo will no longer use or create a tty-based ticket file. Previously, sudo would use a tty name of "unknown". As a consequence, if a user has no terminal device, sudo will now always prompt for a password.
- Qualify the command even if it is in the current working directory, e.g. "./foo" instead of just returning "foo". This removes an ambiguity between real commands and possible pseudo-commands in command matching.
- Implemented /etc/sudoers.d directory