Sudo 1.8.29

• The cvtsudoers command will now reject non-LDIF input when converting from LDIF format to sudoers or JSON formats.

• The new log_allowed and log_denied sudoers settings make it possible to disable logging and auditing of allowed and/or denied commands.

• The umask is now handled differently on systems with PAM or login.conf. If the umask is explicitly set in sudoers, that value is used regardless of what PAM or login.conf may specify. However, if the umask is not explicitly set in sudoers, PAM or login.conf may now override the default sudoers umask. Bug #900.

• For make install, the sudoers file is no longer checked for syntax errors when DESTDIR is set. The default sudoers file includes the contents of /etc/sudoers.d which may not be readable as non-root. Bug #902.

• Sudo now sets most resource limits to their maximum value to avoid problems caused by insufficient resources, such as an inability to allocate memory or open files and pipes.

• Fixed a regression introduced in sudo 1.8.28 where sudo would refuse to run if the parent process was not associated with a session . This was due to sudo passing a session ID of -1 to the plugin.

Sudo 1.8.28p1

• The fix for Bug #869 caused sudo -v to prompt for a password when verifypw is set to all (the default) and all of the user's sudoers entries are marked with NOPASSWD. Bug #901.

Sudo 1.8.28

• Sudo will now only set PAM_TTY to the empty string when no terminal is present on Solaris and Linux. This workaround is only needed on those systems which may have PAM modules that misbehave when PAM_TTY is not set.

• The mailerflags sudoers option now has a default value even if sendmail support was disabled at configure time. Fixes a crash when the mailerpath sudoers option is set but mailerflags is not. Bug #878.

• Sudo will now filter out last login messages on HP-UX unless it a shell is being run via sudo -s or sudo -i. Otherwise, when trusted mode is enabled, these messages will be displayed for each command.

• On AIX, when the user's password has expired and PAM is not in use, sudo will now allow the user to change their password. Bug #883.

• Sudo has a new -B command line option that will ring the terminal bell when prompting for a password.

• Sudo no longer refuses to prompt for a password when it cannot determine the user's terminal as long as it can open /dev/tty. This allows sudo to function on systems where /proc is unavailable, such as when running in a chroot environment.

• The env_editor sudoers flag is now on by default. This makes source builds more consistent with the packages generated by sudo's mkpkg script.

• Sudo no longer ships with pre-formatted copies of the manual pages. These were included for systems like IRIX that don't ship with an nroff utility. There are now multiple Open Source nroff replacements so this should no longer be an issue.

• Fixed a bad interaction with configure's --prefix and --disable-shared options. Bug #886.

• More verbose error message when a password is required and no terminal is present. Bug #828.

• Command tags, such as NOPASSWD, are honored when a user tries to run a command that is allowed by sudoers but which does not actually exist on the file system. Bug #888.

• Asturian translation for sudoers from translationproject.org.

• I/O log timing files now store signal suspend and resume information in the form of a signal name instead of a number.

• Fixed a bug introduced in 1.8.24 that prevented sudo from honoring the value of ipa_hostname from sssd.conf, if specified, when matching the host name.

• Fixed a bug introduced in 1.8.21 that prevented the core dump resource limit set in the pam_limits module from taking effect. Bug #894.

• Fixed parsing of double-quoted Defaults group and netgroup bindings.

• The user ID is now used when matching sudoUser attributes in LDAP. Previously, the user name, group name and group IDs were used when matching but not the user ID.

• Sudo now writes PAM messages to the user's terminal, if available, instead of the standard output or standard error. This prevents PAM output from being intermixed with that of the command when output is sent to a file or pipe. Bug #895.

• Sudoedit now honors the umask and umask_override settings in sudoers. Previously, the user's umask was used as-is.

• Fixed a bug where the terminal's file context was not restored when using SELinux RBAC. Bug #898.

• Fixed CVE-2019-14287, a bug where a sudo user may be able to run a command as root when the Runas specification explicitly disallows root access as long as the ALL keyword is listed first.

Sudo 1.8.27

• On HP-UX, sudo will now update the utmps file when running a command
  in a pseudo-tty. Previously, only the utmp and utmpx files were
  updated.

• Nanosecond precision file time stamps are now supported in HP-UX.

• Fixes and clarifications to the sudo plugin documentation.

• The sudo manuals no longer require extensive post-processing to
  hide system-specific features. Conditionals in the roff source
  are now used instead. This fixes corruption of the sudo manual
  on systems without BSD login classes. Bug #861.

• If an I/O logging plugin is configured but the plugin does not
  actually log any I/O, sudo will no longer force the command to
  be run in a pseudo-tty.

• The fix for bug #843 in sudo 1.8.24 was incomplete. If the
  user's password was expired or needed to be updated, but no sudo
  password was required, the PAM handle was freed too early,
  resulting in a failure when processing PAM session modules.

• In visudo, it is now possible to specify the path to sudoers
  without using the -f option. Bug #864.

• Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx)
  file would not be updated when a command was run in a pseudo-tty.
  Bug #865.

• Sudo now sets the silent flag when opening the PAM session except
  when running a shell via "sudo -s" or "sudo -i". This prevents
  the pam_lastlog module from printing the last login information
  for each sudo command. Bug #867.

• Fixed the default AIX hard resource limit for the maximum number
  of files a user may have open. If no hard limit for "nofiles"
  is explicitly set in /etc/security/limits, the default should
  be "unlimited". Previously, the default hard limit was 8196.

Sudo 1.8.26

• Fixed a bug in cvtsudoers when converting to JSON format when
  alias expansion is enabled. Bug #853.

• Sudo no long sets the USERNAME environment variable when running
  commands. This is a non-standard environment variable that was
  set on some older Linux systems.

• Sudo now treats the LOGNAME and USER environment variables (as
  well as the LOGIN variable on AIX) as a single unit. If one is
  preserved or removed from the environment using env_keep, env_check
  or env_delete, so is the other.

• Added support for OpenLDAP's TLS_REQCERT setting in ldap.conf.

• Sudo now logs when the command was suspended and resumed in the
  I/O logs. This information is used by sudoreplay to skip the
  time suspended when replaying the session unless the new -S flag
  is used.

• Fixed documentation problems found by the igor utility. Bug #854.

• Sudo now prints a warning message when there is an error or end
  of file while reading the password instead of exiting silently.

• Fixed a bug in the sudoers LDAP back-end parsing the command_timeout,
  role, type, privs and limitprivs sudoOptions. This also affected
  cvtsudoers conversion from LDIF to sudoers or JSON.

• Fixed a bug that prevented timeout settings in sudoers from
  functioning unless a timeout was also specified on the command
  line.

• Asturian translation for sudo from translationproject.org.

• When generating LDIF output, cvtsudoers can now be configured
  to pad the sudoOrder increment such that the start order is used
  as a prefix. Bug #856.

• Fixed a bug introduced in sudo 1.8.25 that prevented sudo from
  properly setting the user's groups on AIX. Bug #857.

• If the user specifies a group via sudo's -g option that matches
  any of the target user's groups, it is now allowed even if no
  groups are present in the Runas_Spec. Previously, it was only
  allowed if it matched the target user's primary group.

• The sudoers LDAP back-end now supports negated sudoRunAsUser and
  sudoRunAsGroup entries.

• Sudo now provides a proper error message when the "fqdn" sudoers
  option is set and it is unable to resolve the local host name.
  Bug #859.

• Portuguese translation for sudo and sudoers from translationproject.org.

• Sudo now includes sudoers LDAP schema for the on-line configuration
  supported by OpenLDAP.

Sudo 1.8.25p1

• Fixed a bug introduced in sudo 1.8.25 that caused a crash on
  systems that have the poll() function but not the ppoll() function.
  Bug #851.

Sudo 1.8.25

• Fixed a bug introduced in sudo 1.8.20 that broke formatting of
  I/O log timing file entries on systems without a C99-compatible
  snprintf() function. Our replacement snprintf() doesn't support
  floating point so we can't use the "%f" format directive.

• I/O log timing file entries now use a monotonic timer and include
  nanosecond precision. A monotonic timer that does not increment
  while the system is sleeping is used where available.

• Fixed a bug introduced in sudo 1.8.24 where sudoNotAfter in the LDAP
  backend was not being properly parsed. Bug #845.

• When sudo runs a command in a pseudo-tty, the slave device is
  now closed in the main process immediately after starting the
  monitor process. This removes the need for an AIX-specific
  workaround that was added in sudo 1.8.24.

• Added support for monotonic timers on HP-UX.

• Fixed a bug displaying timeout values the "sudo -V" output.
  The value displayed was 3600 times the actual value. Bug #846.

• Fixed a build issue on AIX 7.1 BOS levels that include memset_s()
  and define rsize_t in string.h. Bug #847.

• The testsudoers utility now supports querying an LDIF-format
  policy.

• Sudo now sets the LOGIN environment variable to the same value as
  LOGNAME on AIX systems. Bug #848.

• Fixed a regression introduced in sudo 1.8.24 where the LDAP and
  SSSD backends evaluated the rules in reverse sudoOrder. Bug #849.