[arch-dev-public] [signoff] sudo-1.7.4.p5-1
Upstream bug fix/security release. Signoff both, Allan Major changes between sudo 1.7.4p4 and 1.7.4p5: * A bug has been fixed that would allow a command to be run without the user entering a password when sudo's -g flag is used without the -u flag. * If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior. * A crash has been fixed when sudo's -g flag is used without the -u flag and the sudoers file contains an entry with no runas user or group listed. * A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors,. * A crash has been fixed when the Solaris project support is enabled and sudo's -g flag is used without the -u flag. * Sudo no longer exits with an error when support for auditing is compiled in but auditing is not enabled. * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not being honored when the "targetpw" sudoers Defaults option was enabled. * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly. * A crash has been fixed in "sudo -l" when sudo is built with auditing support and the user is not allowed to run any commands on the host.
On Thursday 13 January 2011 15:20:43 Allan McRae wrote:
Upstream bug fix/security release.
Signoff both, Allan I'm still able to use sudo here. Signoff x86_64
-- Andrea
Le 13 janvier 2011 00:20:43, Allan McRae a écrit :
Upstream bug fix/security release.
Signoff both, Allan
Major changes between sudo 1.7.4p4 and 1.7.4p5:
* A bug has been fixed that would allow a command to be run without the user entering a password when sudo's -g flag is used without the -u flag.
* If user has no supplementary groups, sudo will now fall back on checking the group file explicitly, which restores historic sudo behavior.
* A crash has been fixed when sudo's -g flag is used without the -u flag and the sudoers file contains an entry with no runas user or group listed.
* A bug has been fixed in the I/O logging support that could cause visual artifacts in full-screen programs such as text editors,.
* A crash has been fixed when the Solaris project support is enabled and sudo's -g flag is used without the -u flag.
* Sudo no longer exits with an error when support for auditing is compiled in but auditing is not enabled.
* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not being honored when the "targetpw" sudoers Defaults option was enabled.
* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
* A crash has been fixed in "sudo -l" when sudo is built with auditing support and the user is not allowed to run any commands on the host.
Signoff i686 (in a vm) Stéphane
On Thu, Jan 13, 2011 at 6:20 AM, Allan McRae <allan@archlinux.org> wrote:
Upstream bug fix/security release.
Signoff both, Allan
Signoff both.
participants (4)
-
Allan McRae
-
Andrea Scarpino
-
Jan Steffens
-
Stéphane Gaudreault