[arch-dev-public] [signoff] sudo-1.7.4.p5-1
Allan McRae
allan at archlinux.org
Thu Jan 13 00:20:43 EST 2011
Upstream bug fix/security release.
Signoff both,
Allan
Major changes between sudo 1.7.4p4 and 1.7.4p5:
* A bug has been fixed that would allow a command to be run without the
user entering a password when sudo's -g flag is used without the -u
flag.
* If user has no supplementary groups, sudo will now fall back on checking
the group file explicitly, which restores historic sudo behavior.
* A crash has been fixed when sudo's -g flag is used without the -u flag
and the sudoers file contains an entry with no runas user or group
listed.
* A bug has been fixed in the I/O logging support that could cause
visual artifacts in full-screen programs such as text editors,.
* A crash has been fixed when the Solaris project support is enabled
and sudo's -g flag is used without the -u flag.
* Sudo no longer exits with an error when support for auditing is
compiled in but auditing is not enabled.
* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
being honored when the "targetpw" sudoers Defaults option was enabled.
* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
* A crash has been fixed in "sudo -l" when sudo is built with auditing
support and the user is not allowed to run any commands on the host.
More information about the arch-dev-public
mailing list