Release Notes: A new time stamp file format that uses the monotonic clock where available was introduced. This prevents clock changes from affecting how the time stamp file is interpreted.
Release Notes: This release fixes a crash in the monitor process on Solaris when NOPASSWD was specified or when authentication was disabled. It also fixes matching of a Runas_Alias in the group section of a Runas_Spec.
Release Notes: This release adds Esperanto, Italian, and Japanese translations and fixes for the following bugs: time escapes in "log_dir" were broken; IP address/netmask matching only worked for the first address in a net block; NOPASSWD was ignored for denied commands; the DEREF setting in ldap.conf was ignored; a crash in the utmp code; PAM session open/close was done as different users; SSL/TLS LDAP did not work on Debian; and the LOGNAME, USER, and USERNAME environment variables were not preserved in sudoedit mode. visudo no longer assumes all editors support the +linenumber command line argument.
Release Notes: A bug where sudo could spin in a busy loop waiting for the child process was fixed. A bug introduced in sudo 1.7.3 that prevented the -k and -K options from functioning when the tty_tickets sudoers option is enabled was fixed. Sudo no longer prints a warning when the -k or -K options are specified and the ticket file does not exist.
Release Notes: Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled. The tty_tickets option is now on by default. If PAM is in use, sudo will wait until the process has finished before closing the PAM session. "sudo -i -u user" has been fixed in cases where user has no shell listed in the password database.
Release Notes: Printing of entries with multiple host entries on a single line was fixed. A use after free when sending error messages via email was fixed. setrlimit64() is now used, if available, when setting AIX resource limits. The size arg when realloc()ing include stack was fixed. A duplicate fclose() of the sudoers file was fixed.
Release Notes: This version fixes a a bug where the negation operator in a Cmnd_List was not being honored. In addition, sudo no longer produces a parse error when #includedir references a directory that contains no valid filenames. The sudo.man.pl and sudoers.man.pl files are now included in the distribution for people who wish to regenerate the man pages. The emulation of krb5_get_init_creds_opt_alloc() for MIT kerberos has been fixed. When authenticating via AM, PAM_RUSER and PAM_RHOST are set early so they can be used during authentication.
Release Notes: This release introduces a new #includedir directive to sudoers, which can be used to implement an /etc/sudo.d directory. User and group names in sudoers may now be enclosed in double quotes to avoid having to escape special characters. Bugfixes include a fix for the -g option when only setting the group, a hang in visudo checking aliases, support for shell-style /etc/environment files on Linux, BSM audit fixes when changing to a non-root UID, setenv() compatibility fixes for Linux systems, and a work-around for certificate and key file problems on Netscape-derived LDAP SDKs.
Release Notes: A bug in the glob() bundles with sudo has been fixed. Two NULL pointer dereference bugs have been fixed. An LDAP compatibility problem with AIX has been fixed. Two new default options, "pwfeedback" and "fast_glob", have been added. BSM audit support has been added for FreeBSD and Mac OS X. #include directives may now include a "%h" escape, for the hostname. The -k flag may now be used with a command to ignore the timestamp. Sudo now supports LDAP START_TLS and /etc/netsvc.conf on AIX. The unused alias checks in visudo now handle the case of an alias referring to another alias.
Release Notes: This release includes a rewritten parser that eliminates ordering issues that affected previous versions. The new parser also supports an #include facility. A new flag, -g, allows the user to specify a group/gid to run the command as, and the -l (list) option can now be used by root to list other users' permissions. This release also adds support for /etc/nsswitch.conf, which allows vendors to ship an LDAP-enabled sudo without having LDAP on by default.