Le 13 janvier 2011 00:20:43, Allan McRae a écrit :
Upstream bug fix/security release.
Signoff both, Allan
Major changes between sudo 1.7.4p4 and 1.7.4p5:
* A bug has been fixed that would allow a command to be run without the user entering a password when sudo's -g flag is used without the -u flag.
* If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior.
* A crash has been fixed when sudo's -g flag is used without the -u flag and the sudoers file contains an entry with no runas user or group listed.
* A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors,.
* A crash has been fixed when the Solaris project support is enabled and sudo's -g flag is used without the -u flag.
* Sudo no longer exits with an error when support for auditing is compiled in but auditing is not enabled.
* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not being honored when the "targetpw" sudoers Defaults option was enabled.
* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
* A crash has been fixed in "sudo -l" when sudo is built with auditing support and the user is not allowed to run any commands on the host.
Signoff i686 (in a vm) Stéphane