http://www.sudo.ws/sudo/dist/sudo-1.8.7.tar.gz The current stable release is sudo 1.8.7, released on June 6, 2013. Reproducible: Always What's new in Sudo 1.8.7? * The non-Unix group plugin is now supported when sudoers data is stored in LDAP. * Sudo now uses a workaround for a locale bug on Solaris 11.0 that prevents setuid programs like sudo from fully using locales. * User messages are now always displayed in the user's locale, even when the same message is being logged or mailed in a different locale. * Log files created by sudo now explicitly have the group set to group ID 0 rather than relying on BSD group semantics (which may not be the default). * A new "exec_background" sudoers option can be used to initially run the command without read access to the terminal when running a command in a pseudo-tty. If the command tries to read from the terminal it will be stopped by the kernel (via SIGTTIN or SIGTTOU) and sudo will immediately restart it as the forground process (if possible). This allows sudo to only pass terminal input to the program if the program actually is expecting it. Unfortunately, a few poorly-behaved programs (like "su" on most Linux systems) do not handle SIGTTIN and SIGTTOU properly. * Sudo now uses an efficient group query to get all the groups for a user instead of iterating over every record in the group database on HP-UX and Solaris. * Sudo now produces better error messages when there is an error in the sudo.conf file. * Two new settings have been added to sudo.conf to give the admin better control of how group database queries are performed. The "group_source" specifies how the group list for a user will be determined. Legal values are "static" (use the kernel groups list), "dynamic" (perform a group database query) and "adaptive" (only perform a group database query if the kernel list is full). The "max_groups" specifies the maximum number of groups a user may belong to when performing a group database query. * The sudo.conf file now supports line continuation by using a backslash as the last character on the line. * There is now a standalone sudo.conf manual page. * Sudo now stores its libexec files in a "sudo" subdirectory instead of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory if the default directory ends in "/sudo". * The sudoers I/O logging plugin now logs the terminal size. * A new sudoers option "maxseq" can be used to limit the number of I/O log entries that are stored. * The "system_group" and "group_file" sudoers group provider plugins are now installed by default. * The list output (sudo -l) output from the sudoers plugin is now less ambiguous when an entry includes different runas users. The long list output (sudo -ll) for file-based sudoers is now more consistent with the format of LDAP-based sudoers. * A uid may now be used in the sudoRunAsUser attributes for LDAP sudoers. * Minor plugin API change: the close and version functions are now optional. If the policy plugin does not provide a close function and the command is not being run in a new pseudo-tty, sudo may now execute the command directly instead of in a child process. * A new sudoers option "pam_session" can be used to disable sudo's PAM session support. * On HP-UX systems, sudo will now use the pstat() function to determine the tty instead of ttyname(). * Turkish translation for sudo and sudoers from translationproject.org. * Dutch translation for sudo and sudoers from translationproject.org. * Tivoli Directory Server client libraries may now be used with HP-UX where libibmldap has a hidden dependency on libCsup. * The sudoers plugin will now ignore invalid domain names when checking netgroup membership. Most Linux systems use the string "(none)" for the NIS-style domain name instead of an empty string. * New support for specifying a SHA-2 digest along with the command in sudoers. Supported hash types are sha224, sha256, sha384 and sha512. See the description of Digest_Spec in the sudoers manual or the description of sudoCommand in the sudoers.ldap manual for details. * The paths to ldap.conf and ldap.secret may now be specified as arguments to the sudoers plugin in the sudo.conf file. * Fixed potential false positives in visudo's alias cycle detection. * Fixed a problem where the time stamp file was being treated as out of date on Linux systems where the change time on the pseudo-tty device node can change after it is allocated. * Sudo now only builds Position Independent Executables (PIE) by default on Linux systems and verifies that a trivial test program builds and runs. * On Solaris 11.1 and higher, sudo binaries will now have the ASLR tag enabled if supported by the linker.
*** Bug 485586 has been marked as a duplicate of this bug. ***
app-admin/sudo-1.8.8 please! * New pam_service and pam_login_service sudoers options that can be used to specify the PAM service name to use. ... * Root may no longer change its SELinux role without entering a password.
+*sudo-1.8.8 (10 Oct 2013) + + 10 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +sudo-1.8.8.ebuild: + Version bump, as requested by "teidakankan" & "Ulenrich" in bug #481392. Now + produces useful error messages if there is an error in the configuration + file. Line continuation with backslashes is now supported. Improved HP-UX & + Solaris support. No longer assumes BSD group semantics.