* Use DEINSTALL/INSTALL scripts to handle config files.
* Install the UPGRADE file and add a MESSAGE file to refer to it, instead
of spewing a big file every time sudo is installed.
393) Users in the 'exempt' group shouldn't get their $PATH overridden
by 'secure-path'. Patch from jmknoble@pobox.com.
395) Fixed a bug that caused an infinite loop when the password
timeout was disabled.
396) It is now possible to set the path to the editor for visudo as well
as the flag that determines whether or not visudo will look at
$EDITOR in the sudoers file.
398) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
and target user's passwords respectively (instead of the invoking user's
password).
399) Added -S flag to force password read from stdin.
400) Restore coredumpsize resource limit before exec'ing the child
process (sudo sets it to 0 internally).
404) Fixed a bug where sudo would hang around and consume CPU if we spawn
a long-running process.
406) Added set_logname run-time option. When unset, sudo will not set
the USER and LOGNAME environment variables.
407) Wildcards are now allowed in the hostnames specified in sudoers.
The 'fqdn' option is often required for this to be useful.
408) Fixed a bug where host and user qualifiers in a Defaults entry were
not being used correctly and the entry was being applied globally.
409) Fixed targetpw, rootpw, and runaspw options when used with non-passwd
authentication (pam, etc).
410) When the targetpw flag is set, use the target username as part
of the timestamp path.
411) Fixed a bug that prevented the -H option from being useful.
412) Fixed a case where a string was used after it has been freed.
393) Users in the 'exempt' group shouldn't get their $PATH overridden
by 'secure-path'. Patch from jmknoble@pobox.com.
394) Pam now works on HP-UX 11.0, thanks to Jeff A. Earickson.
Changes from Sudo 1.6.1:
383) Better behavior for -l and -v flags in conjunction with NOPASSWD and
added "verifypw" and "listpw" options.
384) For HP-UX with cc, add the -Aa flag along with -D_HPUX_SOURCE.
385) Fix compilation with K&R compilers.
386) For netgroup host matching, match against the short version of the
hostname as well as the long one if they are different.
387) Terminate passwd reading on '\r' in addition to '\n'
388) Visudo used to loop endlessly if a user entered ^D at the whatnow
prompt. EOF is now treaded as 'x' (exit w/o saving changes).
389) The 'shell_noargs' runtime option is back based on a patch from
bguillory@email.com.
390) Systems that return RLIM_INFINITY for RLIMIT_NOFILE (like AIX)
would loop for a very loing time during sudo startup. A value of
RLIM_INFINITY is now ignored (getdtablesize/sysconf is used instead).
391) Locking in visudo was broken. We now lock the sudoers file, not the
sudoers temp file, which should be safe.
392) PAM fixups: custom prompts now work correctly and errors are
dealt with more sanely. Patches from Cloyce D. Spradling.
Quick guide for compiling packages:
- set KERBEROS=4 or KERBEROS=5 in /etc/mk.conf
Quick guide for configuring Kerberos support in a package Makefile:
- test for KERBEROS value and enable the appropriate version with
CONFIGURE_ARGS or other means and set USE_KERBEROS=yes
- make sure to disable Kerberos support otherwise (especially if
using configure, which might automatically detect it)
- BUILD_DEFS and RESTRICTED are set automatically in bsd.pkg.mk
when USE_KERBEROS=yes is set
Changes since 1.5.6:
- Various bug fixes (not security related).
- All compile-time options are now set via options to the configure script.
- visudo is now installed in /usr/local/sbin where it belongs.
[of course this is ${PREFIX}/sbin in our package for a long time - TF]
- two problems with tgetpass() have been fixed. In one case the user was
not always given a chance to enter a password. In the other a newline
was not always printed after the password was entered on Linux.
- Added support for Digital UNIX SIA (Security Integration Architecture).
- %groups now work as RunAs specifiers like the man page says.
- Sudo now sets the USER environment variable to the target user
(root unless -u is specified).
- Sudo will print "command not found" unless configure was run with
--disable-path-info. Also, tell user when we ignore '.' in their path and
it would have been used but for --with-ignore-dot. This means that sudo can
be used to gather information about the existence of executable in
directories not accessible by a normal user. If this bothers you, run
configure with --disable-path-info.
[in our package --disable-path-info is default - TF]
- A longstanding bug wrt "sudo -l" has been fixed that could cause "sudo -l"
to complain about non-existent syntax errors.
- When configured with --with-tty-tickets the filename is now "user:tty"
(was "user.tty") since a username could have a '.' in it.
