1+ What's new in Sudo 1.9.4
2+
3+ * The sudoers parser will now detect when an upper-case reserved
4+ word is used when declaring an alias. Now instead of "syntax
5+ error, unexpected CHROOT, expecting ALIAS" the message will be
6+ "syntax error, reserved word CHROOT used as an alias name".
7+ Bug #941.
8+
9+ * Better handling of sudoers files without a final newline.
10+ The parser now adds a newline at end-of-file automatically which
11+ removes the need for special cases in the parser.
12+
13+ * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
14+ where an uninitialized pointer could be freed on an error path.
15+ GitHub issue #67.
16+
17+ * The core logging code is now shared between sudo_logsrvd and
18+ the sudoers plugin.
19+
20+ * JSON log entries sent to syslog now use "minimal" JSON which
21+ skips all non-essention whitespace.
22+
23+ * The sudoers plugin can now produce JSON-formatted logs. The
24+ "log_format" sudoers option can be used to select sudo or json
25+ format logs. The default is sudo format logs.
26+
27+ * The sudoers plugin and visudo now display the column number in
28+ syntax error messages in addition to the line number. Bug #841.
29+
30+ * If I/O logging is not enabled but "log_servers" is set, the
31+ sudoers plugin will now log accept events to sudo_logsrvd.
32+ Previously, the accept event was only sent when I/O logging was
33+ enabled. The sudoers plugin now sends reject and alert events too.
34+
35+ * The sudo logsrv protocol has been extended to allow an AlertMessage
36+ to contain an optional array of InfoMessage, as AcceptMessage
37+ and RejectMessage already do.
38+
39+ * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
40+ in duplicate entries in the debug log when debugging was enabled.
41+
42+ * The visudo utility now supports EDITOR environment variables
43+ that use single or double quotes in the command arguments.
44+ Bug #942.
45+
46+ * The PAM session modules now run when sudo is set-user-ID root,
47+ which allows a module to determine the original user-ID.
48+ Bug #944.
49+
50+ * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
51+ where sudoNotBefore and sudoNotAfter were applied even when the
52+ SUDOERS_TIMED setting was not present in ldap.conf. Bug #945.
53+
54+ * Sudo packages for macOS 11 now contain universal binaries that
55+ support both Intel and Apple Silicon CPUs.
56+
57+ * For sudo_logsrvd, an empty value for the "pid_file" setting in
58+ sudo_logsrvd.conf will now disable the process ID file.
59+
160What's new in Sudo 1.9.3p1
261
362 * Fixed a regression introduced in sudo 1.9.3 where the configure
@@ -23,9 +82,9 @@ What's new in Sudo 1.9.3
2382 doesn't support symbol hiding.
2483
2584 * Sudo now uses a linker script to hide symbols even when the
26- compiler has native symbol hiding support . This should make it
27- easier to detect omissions in the symbol exports file, regardless
28- of the platform.
85+ compiler supports symbol hiding. This should make it easier to
86+ detect omissions in the symbol exports file, regardless of the
87+ platform.
2988
3089 * Fixed the libssl dependency in Debian packages for older releases
3190 that use libssl1.0.0.
@@ -67,15 +126,20 @@ What's new in Sudo 1.9.3
67126
68127 * It is now possible to set the working directory or change the
69128 root directory on a per-command basis using the CWD and CHROOT
70- options. There are also new Defaults settings, runchroot and
71- runcwd, that can be used to set the working directory or root
72- directory on a more global basis.
129+ options. CWD and CHROOT are now reserved words in sudoers--they
130+ can no longer be used as alias names. There are also new Defaults
131+ settings, runchroot and runcwd, that can be used to set the
132+ working directory or root directory on a more global basis.
73133
74134 * New -D (--chdir) and -R (--chroot) command line options can be
75135 used to set the working directory or root directory if the sudoers
76136 file allows it. This functionality is not enabled by default
77137 and must be explicitly enabled in the sudoers file.
78138
139+ * Fixed a regression introduced in sudo 1.9.1 where the sudoers_audit
140+ symbol could not be resolved when sudo is configured with the
141+ --enable-static-sudoers option. Bug #936 and GitHub issue #61.
142+
79143What's new in Sudo 1.9.2
80144
81145 * Fixed package builds on RedHat Enterprise Linux 8.
@@ -1694,7 +1758,7 @@ What's new in Sudo 1.8.11
16941758
16951759 * Fixed a crash in the system_group plugin. Bug #653.
16961760
1697- * Fixed sudoedit on platforms without a native version of the
1761+ * Fixed sudoedit on platforms without a system version of the
16981762 getprogname() function. Bug #654.
16991763
17001764 * Fixed compilation problems with some pre-C99 compilers.
@@ -2020,7 +2084,7 @@ What's new in Sudo 1.8.7?
20202084 * There is now a standalone sudo.conf manual page.
20212085
20222086 * Sudo now stores its libexec files in a "sudo" sub-directory instead
2023- of in libexec itself. For backwards compatibility, if the plugin
2087+ of in libexec itself. For backward compatibility, if the plugin
20242088 is not found in the default plugin directory, sudo will check
20252089 the parent directory if the default directory ends in "/sudo".
20262090
@@ -2483,7 +2547,7 @@ What's new in Sudo 1.8.3?
24832547 * Added --enable-werror configure option for gcc's -Werror flag.
24842548
24852549 * Visudo no longer assumes all editors support the +linenumber
2486- command line argument. It now uses a whitelist of editors known
2550+ command line argument. It now uses a allowlist of editors known
24872551 to support the option.
24882552
24892553 * Fixed matching of network addresses when a netmask is specified
0 commit comments