From: Todd C. Miller Date: Tue, 19 Jan 2016 22:21:15 +0000 (-0700) Subject: Add 1.8.16 changes X-Git-Tag: SUDO_1_8_16^2~59 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=647bfa4a9d2aa12e5755e5443b5beb01317c3527;p=sudo Add 1.8.16 changes --- diff --git a/NEWS b/NEWS index 11ea7bb09..55a9879b7 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,41 @@ +What's new in Sudo 1.8.16 + + * Fixed a compilation error on Solaris 10 with Stun Studio 12. + Bug #727 + + * When preserving variables from the invoking user's environment, if + there are duplicates sudo now only keeps the first instance. + + * Fixed a bug that could cause warning mail to be sent in list + mode (sudo -l) for users without sudo privileges when the + LDAP and sssd backends are used. + + * Fixed a bug that prevented the "mail_no_user" option from working + properly with the LDAP backend. + + * In the LDAP and sssd backends, white space is now ignored between + an operator (!, +, +=, -=) when parsing a sudoOption. + + * It is now possible to disable Path settings in sudo.conf + by omitting the path name. + + * The sudoedit_checkdir Defaults option is now enabled by default + and has been extended. When editing files with sudoedit, each + directory in the path to be edited is now checked. If a directory + is writable by the invoking user, symbolic links will not be + followed. If the parent directory of the file to be edited is + writable, sudoedit will refuse to edit it. + Bug #707 + + * The netgroup_tuple Defaults option has been added to enable matching + of the entire netgroup tuple, not just the host or user portion. + Bug #717 + + * When matching commands based on the SHA2 digest, sudo will now + use fexecve(2) to execute the command if it is available. This + fixes a time of check versus time of use race condition when the + directory holding the command is writable by the invoking user. + What's new in Sudo 1.8.15 * Fixed a bug that prevented sudo from building outside the source tree diff --git a/doc/UPGRADE b/doc/UPGRADE index 133e70e50..d7060c489 100644 --- a/doc/UPGRADE +++ b/doc/UPGRADE @@ -3,12 +3,13 @@ Notes on upgrading from an older release o Upgrading from a version prior to 1.8.16: - The meaning of the sudoedit_checkdir sudoers option has changed - in 1.8.16. Previously, it would only check the parent directory - of the file to be edited. In 1.8.16 and higher all directories - in the path to be edited are checked and sudoedit will refuse - to follow a symbolic link in a directory that is writable by - the invoking user. + When editing files with sudoedit, files in a directory that is + writable by the invoking user may no longer be edited by default. + Also, sudoedit will refuse to follow a symbolic link in the + path to be edited if that directory containing the link is + writable by the user. This behavior can be disabled by negating + the sudoedit_checkdir sudoers option, which is now enabled by + default. o Upgrading from a version prior to 1.8.15: