[arch-dev-public] [signoff] sudo 1.6.9p16-1

Eric Belanger belanger at ASTRO.UMontreal.CA
Tue Jun 24 23:00:36 EDT 2008


In testing for both arches. Please signoff.

-Upstream update (ChangeLog below)
-Uses the environnment editor for visudo.

BTW, sudo is orphaned. Paul: did you intentionally orphaned it or was it 
orphaned when the website was updated?

Major changes from version 1.6.9p15 to 1.6.9p16:

     * There was missing whitespace before the ldap libraries in the 
Makefile for some configurations.

     * LDAPS_PORT may not be defined on older Solaris LDAP SDKs.

     * If the LDAP server could not be contacted and the user was not 
present in sudoers, a syntax error in sudoers was incorrectly reported.

Major changes from version 1.6.9p14 to 1.6.9p15:

     * Fixed the installation of sudo_noexec.so on AIX.

     * Updated libtool to version 1.5.26.

     * Fixed printing of the default SELinux role and type in -V mode.

     * The HOME environment variable is once again preserved by default, as 
per the documentation.

Major changes from version 1.6.9p13 to 1.6.9p14:

     * Fixed an invalid assumption in the PAM conversation function 
introduced in version 1.6.9p9. The conversation function may be called for 
non-password reading purposes as well.

     * Fixed freeing an uninitialized pointer in -l mode, introduced in 
version 1.6.9p13.

     * Sudo will now check /etc/sudoers after LDAP even if the user was 
found in LDAP. This allows Defaults options in /etc/sudoers to take 

     * Added a missing check for enforcing mode in the SELinux RBAC 

Major changes from version 1.6.9p12 to 1.6.9p13:

     * Sudo will now set the nproc resource limit to unlimited on Linux 
systems to work around Linux's setuid() resource limit semantics. On PAM 
systems the resource limits will be reset by pam_limits.so before the 
command is executed.

     * SELinux support that can be used to implement role based access 
control (RBAC). A role and (optional) type may be specified in sudoers or 
on the command line. These are then used in the security context that the 
command is run as.

     * Fixed a Kerberos 5 compilation problem with MIT Kerberos.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the arch-dev-public mailing list