Revisions of sudo
Dominique Leuenberger (dimstar_suse)
accepted
request 998921
from
Jason Sikes (jsikes)
(revision 132)
Dominique Leuenberger (dimstar_suse)
accepted
request 998274
from
Jason Sikes (jsikes)
(revision 131)
Dominique Leuenberger (dimstar_suse)
accepted
request 964748
from
Jason Sikes (jsikes)
(revision 130)
Dominique Leuenberger (dimstar_suse)
accepted
request 959857
from
Dirk Mueller (dirkmueller)
(revision 129)
Dominique Leuenberger (dimstar_suse)
accepted
request 955511
from
Jason Sikes (jsikes)
(revision 128)
Dominique Leuenberger (dimstar_suse)
accepted
request 950730
from
Kristyna Streitova (kstreitova)
(revision 127)
Dominique Leuenberger (dimstar_suse)
accepted
request 935849
from
Dirk Mueller (dirkmueller)
(revision 126)
- update to 1.9.8p2 * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. - update to 1.9.8p1 * Fixed support for passing a prompt (sudo -p) or a login class (sudo -l) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions. * It is now possible to transparently intercepting sub-commands executed by the original command run via sudo. Intercept support is implemented using LD_PRELOAD (or the equivalent supported by the system) and so has some limitations. The two main limitations are that only dynamic executables are supported and only the execl, execle, execlp, execv, execve, execvp, and execvpe library functions are currently intercepted. Its main use case is to support restricting privileged shells run via sudo. To support this, there is a new "intercept" Defaults setting and
Dominique Leuenberger (dimstar_suse)
accepted
request 912793
from
Jason Sikes (jsikes)
(revision 125)
Dominique Leuenberger (dimstar_suse)
accepted
request 908922
from
Factory Maintainer (factory-maintainer)
(revision 124)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 892573
from
Kristyna Streitova (kstreitova)
(revision 123)
- update to 1.9.7 * The "fuzz" Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz". * Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined. * Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least). Bug #969. * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation. GitHub issue #95. * Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid. Bug #970 * Fixed a compilation error when sudo is configured with the --disable-log-client option. * Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented. Bug #971. * Sudo now requires autoconf 2.70 or higher to regenerate the configure script. Bug #972. * sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the "store_first" setting is enabled, the log will be stored locally until the command completes and then relayed. Bug #965. * Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the
Dominique Leuenberger (dimstar_suse)
accepted
request 886601
from
Kristyna Streitova (kstreitova)
(revision 122)
Dominique Leuenberger (dimstar_suse)
accepted
request 867171
from
Kristyna Streitova (kstreitova)
(revision 121)
Dominique Leuenberger (dimstar_suse)
accepted
request 863081
from
Kristyna Streitova (kstreitova)
(revision 120)
Dominique Leuenberger (dimstar_suse)
accepted
request 858237
from
Kristyna Streitova (kstreitova)
(revision 119)
Dominique Leuenberger (dimstar_suse)
accepted
request 853290
from
Marcus Meissner (msmeissn)
(revision 118)
Dominique Leuenberger (dimstar_suse)
accepted
request 850806
from
Kristyna Streitova (kstreitova)
(revision 117)
Dominique Leuenberger (dimstar_suse)
accepted
request 848942
from
Kristyna Streitova (kstreitova)
(revision 116)
Dominique Leuenberger (dimstar_suse)
accepted
request 833520
from
Kristyna Streitova (kstreitova)
(revision 115)
Dominique Leuenberger (dimstar_suse)
accepted
request 830736
from
Kristyna Streitova (kstreitova)
(revision 114)
Dominique Leuenberger (dimstar_suse)
accepted
request 822941
from
Kristyna Streitova (kstreitova)
(revision 113)
Displaying revisions 21 - 40 of 152