"Fossies" - the Fresh Open Source Software Archive

Member "sudo-1.9.11p3/NEWS" (20 Jun 2022, 162838 Bytes) of package /linux/misc/sudo-1.9.11p3.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "NEWS": 1.9.11p2_vs_1.9.11p3.

    1 What's new in Sudo 1.9.11p3
    2 
    3  * Fixed "connection reset" errors on AIX when running shell scripts
    4    with the "intercept" or "log_subcmds" sudoers options enabled.
    5    Bug #1034.
    6 
    7  * Fixed very slow execution of shell scripts when the "intercept"
    8    or "log_subcmds" sudoers options are set on systems that enable
    9    Nagle's algorithm on the loopback device, such as AIX.
   10    Bug #1034.
   11 
   12 What's new in Sudo 1.9.11p2
   13 
   14  * Fixed a compilation error on Linux/x86_64 with the x32 ABI.
   15 
   16  * Fixed a regression introduced in 1.9.11p1 that caused a warning
   17    when logging to sudo_logsrvd if the command returned no output.
   18 
   19 What's new in Sudo 1.9.11p1
   20 
   21  * Correctly handle EAGAIN in the I/O read/right events.  This fixes
   22    a hang seen on some systems when piping a large amount of data
   23    through sudo, such as via rsync.  Bug #963.
   24 
   25  * Changes to avoid implementation or unspecified behavior when
   26    bit shifting signed values in the protobuf library.
   27 
   28  * Fixed a compilation error on Linux/aarch64.
   29 
   30  * Fixed the configure check for seccomp(2) support on Linux.
   31 
   32  * Corrected the EBNF specification for tags in the sudoers manual
   33    page.  GitHub issue #153.
   34 
   35 What's new in Sudo 1.9.11
   36 
   37  * Fixed a crash in the Python module with Python 3.9.10 on some
   38    systems.  Additionally, "make check" now passes for Python 3.9.10.
   39 
   40  * Error messages sent via email now include more details, including
   41    the file name and the line number and column of the error.
   42    Multiple errors are sent in a single message.  Previously, only
   43    the first error was included.
   44 
   45  * Fixed logging of parse errors in JSON format.  Previously,
   46    the JSON logger would not write entries unless the command and
   47    runuser were set.  These may not be known at the time a parse
   48    error is encountered.
   49 
   50  * Fixed a potential crash parsing sudoers lines larger than twice
   51    the value of LINE_MAX on systems that lack the getdelim() function.
   52 
   53  * The tests run by "make check" now unset the LANGUAGE environment
   54    variable.  Otherwise, localization strings will not match if
   55    LANGUAGE is set to a non-English locale.  Bug #1025.
   56 
   57  * The "starttime" test now passed when run under Debian faketime.
   58    Bug #1026.
   59 
   60  * The Kerberos authentication module now honors the custom password
   61    prompt if one has been specified.
   62 
   63  * The embedded copy of zlib has been updated to version 1.2.12.
   64 
   65  * Updated the version of libtool used by sudo to version 2.4.7.
   66 
   67  * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
   68    in the header files (currently only GNU libc).  This is required
   69    to allow the use of 64-bit time values on some 32-bit systems.
   70 
   71  * Sudo's "intercept" and "log_subcmds" options no longer force the
   72    command to run in its own pseudo-terminal.  It is now also
   73    possible to intercept the system(3) function.
   74 
   75  * Fixed a bug in sudo_logsrvd when run in store-first relay mode
   76    where the commit point messages sent by the server were incorrect
   77    if the command was suspended or received a window size change
   78    event.
   79 
   80  * Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
   81    configuration setting was used.
   82 
   83  * The "intercept" and "log_subcmds" functionality can now use
   84    ptrace(2) on Linux systems that support seccomp(2) filtering.
   85    This has the advantage of working for both static and dynamic
   86    binaries and can work with sudo's SELinux RBAC mode.  The following
   87    architectures are currently supported: i386, x86_64, aarch64,
   88    arm, mips (log_subcmds only), powerpc, riscv, and s390x.  The
   89    default is to use ptrace(2) where possible; the new "intercept_type"
   90    sudoers setting can be used to explicitly set the type.
   91 
   92  * New Georgian translation from translationproject.org.
   93 
   94  * Fixed creating packages on CentOS Stream.
   95 
   96  * Fixed a bug in the intercept and log_subcmds support where
   97    the execve(2) wrapper was using the current environment instead
   98    of the passed environment pointer.  Bug #1030.
   99 
  100  * Added AppArmor integration for Linux.  A sudoers rule can now
  101    specify an APPARMOR_PROFILE option to run a command confined by
  102    the named AppArmor profile.
  103 
  104  * Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
  105    Non-paths were being treated as paths and an actual path was
  106    treated as an error.
  107 
  108 What's new in Sudo 1.9.10
  109 
  110  * Added new "log_passwords" and "passprompt_regex" sudoers options.
  111    If "log_passwords" is disabled, sudo will attempt to prevent passwords
  112    from being logged.  If sudo detects any of the regular expressions in
  113    the "passprompt_regex" list in the terminal output, sudo will log '*'
  114    characters instead of the terminal input until a newline or carriage
  115    return is found in the input or an output character is received.
  116 
  117  * Added new "log_passwords" and "passprompt_regex" settings to
  118    sudo_logsrvd that operate like the sudoers options when logging
  119    terminal input.
  120 
  121  * Fixed several few bugs in the cvtsudoers utility when merging
  122    multiple sudoers sources.
  123 
  124  * Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
  125    file, where the "retry_interval" in the [relay] section was not
  126    being recognized.
  127 
  128  * Restored the pre-1.9.9 behavior of not performing authentication
  129    when sudo's -n option is specified.  A new "noninteractive_auth"
  130    sudoers option has been added to enable PAM authentication in
  131    non-interactive mode.  GitHub issue #131.
  132 
  133  * On systems with /proc, if the /proc/self/stat (Linux) or
  134    /proc/pid/psinfo (other systems) file is missing or invalid,
  135    sudo will now check file descriptors 0-2 to determine the user's
  136    terminal.  Bug #1020.
  137 
  138  * Fixed a compilation problem on Debian kFreeBSD.  Bug #1021.
  139 
  140  * Fixed a crash in sudo_logsrvd when running in relay mode if
  141    an alert message is received.
  142 
  143  * Fixed an issue that resulting in "problem with defaults entries"
  144    email to be sent if a user ran sudo when the sudoers entry in
  145    the nsswitch.conf file includes "sss" but no sudo provider is
  146    configured in /etc/sssd/sssd.conf.  Bug #1022.
  147 
  148  * Updated the warning displayed when the invoking user is not
  149    allowed to run sudo.  If sudo has been configured to send mail
  150    on failed attempts (see the mail_* flags in sudoers), it will
  151    now print "This incident has been reported to the administrator."
  152    If the "mailto" or "mailerpath" sudoers settings are disabled,
  153    the message will not be printed and no mail will be sent.
  154    GitHub issue #48.
  155 
  156  * Fixed a bug where the user-specified command timeout was not
  157    being honored if the sudoers rule did not also specify a timeout.
  158 
  159  * Added support for using POSIX extended regular expressions in
  160    sudoers rules.  A command and/or arguments in sudoers are treated
  161    as a regular expression if they start with a '^' character and
  162    end with a '$'.  The command and arguments are matched separately,
  163    either one (or both) may be a regular expression.
  164    Bug #578, GitHub issue #15.
  165 
  166  * A user may now only run "sudo -U otheruser -l" if they have a
  167    "sudo ALL" privilege where the RunAs user contains either "root"
  168    or "otheruser".  Previously, having "sudo ALL" was sufficient,
  169    regardless of the RunAs user.  GitHub issue #134.
  170 
  171  * The sudo lecture is now displayed immediately before the password
  172    prompt.  As a result, sudo will no longer display the lecture
  173    unless the user needs to enter a password.  Authentication methods
  174    that don't interact with the user via a terminal do not trigger
  175    the lecture.
  176 
  177  * Sudo now uses its own closefrom() emulation on Linux systems.
  178    The glibc version may not work in a chroot jail where /proc is
  179    not available.  If close_range(2) is present, it will be used
  180    in preference to /proc/self/fd.
  181 
  182 What's new in Sudo 1.9.9
  183 
  184  * Sudo can now be built with OpenSSL 3.0 without generating warnings
  185    about deprecated OpenSSL APIs.
  186 
  187  * A digest can now be specified along with the "ALL" command in
  188    the LDAP and SSSD back-ends.  Sudo 1.9.0 introduced support for
  189    this in the sudoers file but did not include corresponding changes
  190    for the other back-ends.
  191 
  192  * visudo now only warns about an undefined alias or a cycle in an
  193    alias once for each alias.
  194  
  195  * The sudoRole cn was truncated by a single character in warning messages.
  196    GitHub issue #115.
  197 
  198  * The cvtsudoers utility has new --group-file and --passwd-file options
  199    to use a custom passwd or group file when the --match-local option is
  200    also used.
  201 
  202  * The cvtsudoers utility can now filter or match based on a command.
  203 
  204  * The cvtsudoers utility can now produce output in csv (comma-separated
  205    value) format.  This can be used to help generate entitlement reports.
  206 
  207  * Fixed a bug in sudo_logsrvd that could result in the connection being
  208    dropped for very long command lines.
  209 
  210  * Fixed a bug where sudo_logsrvd would not accept a restore point
  211    of zero.
  212 
  213  * Fixed a bug in visudo where the value of the "editor" setting was not
  214    used if it did not match the user's EDITOR environment variable.
  215    This was only a problem if the "env_editor" setting was not enabled.
  216    Bug #1000.
  217 
  218  * Sudo now builds with the -fcf-protection compiler option and the
  219    "-z now" linker option if supported.
  220 
  221  * The output of "sudoreplay -l" now more closely matches the
  222    traditional sudo log format.
  223 
  224  * The sudo_sendlog utility will now use the full contents of the log.json
  225    file, if present.  This makes it possible to send sudo-format I/O logs
  226    that use the newer log.json format to sudo_logsrvd without losing any
  227    information.
  228 
  229  * Fixed compilation of the arc4random_buf() replacement on systems with
  230    arc4random() but no arc4random_buf().  Bug #1008.
  231 
  232  * Sudo now uses its own getentropy() by default on Linux.  The GNU libc
  233    version of getentropy() will fail on older kernels that don't support
  234    the getrandom() system call.
  235 
  236  * It is now possible to build sudo with WolfSSL's OpenSSL compatibility
  237    layer by using the --enable-wolfssl configure option.
  238 
  239  * Fixed a bug related to Daylight Saving Time when parsing timestamps
  240    in Generalized Time format.  This affected the NOTBEFORE and
  241    NOTAFTER options in sudoers.  Bug #1006
  242 
  243  * Added the -O and -P options to visudo, which can be used to check
  244    or set the owner and permissions.  This can be used in conjunction
  245    with the -c option to check that the sudoers file ownership and
  246    permissions are correct.  Bug #1007.
  247 
  248  * It is now possible to set resource limits in the sudoers file itself.
  249    The special values "default" and "user" refer to the default system
  250    limit and invoking user limit respectively.  The core dump size limit
  251    is now set to 0 by default unless overridden by the sudoers file.
  252 
  253  * The cvtsudoers utility can now merge multiple sudoers sources into
  254    a single, combined sudoers file.  If there are conflicting entries,
  255    cvtsudoers will attempt to resolve them but manual intervention
  256    may be required.  The merging of sudoers rules is currently fairly
  257    simplistic but will be improved in a future release.
  258 
  259  * Sudo was parsing but not applying the "deref" and "tls_reqcert"
  260    ldap.conf settings.  This meant the options were effectively
  261    ignored which broke dereferencing of aliases in LDAP.  Bug #1013.
  262 
  263  * Clarified in the sudo man page that the security policy may
  264    override the user's PATH environment variable.  Bug #1014.
  265 
  266  * When sudo is run in non-interactive mode (with the -n option), it
  267    will now attempt PAM authentication and only exit with an error
  268    if user interaction is required.  This allows PAM modules that
  269    don't interact with the user to succeed.  Previously, sudo
  270    would not attempt authentication if the -n option was specified.
  271    Bug #956 and GitHub issue #83.
  272 
  273  * Fixed a regression introduced in version 1.9.1 when sudo is
  274    built with the --with-fqdn configure option.  The local host
  275    name was being resolved before the sudoers file was processed,
  276    making it impossible to disable DNS lookups by negating the
  277    "fqdn" sudoers option.  Bug #1016.
  278 
  279  * Added support for negated sudoUser attributes in the LDAP and
  280    SSSD sudoers back ends.  A matching sudoUser that is negated
  281    will cause the sudoRole containing it to be ignored.
  282 
  283  * Fixed a bug where the stack resource limit could be set to a
  284    value smaller than that of the invoking user and not be reset
  285    before the command was run.  Bug #1017.
  286 
  287 What's new in Sudo 1.9.8p2
  288 
  289  * Fixed a potential out-of-bounds read with "sudo -i" when the
  290    target user's shell is bash.  This is a regression introduced
  291    in sudo 1.9.8.  Bug #998.
  292 
  293  * sudo_logsrvd now only sends a log ID for first command of a session.
  294    There is no need to send the log ID for each sub-command.
  295 
  296  * Fixed a few minor memory leaks in intercept mode.
  297 
  298  * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
  299    was enabled when handling sub-commands.  A new zero-length journal
  300    file was created for each sub-command instead of simply using
  301    the existing journal file.
  302 
  303  * Fixed a bug where sudoedit would fail if one of the directories
  304    in the path to be edited had the immutable flag set (BSD, Linux
  305    or macOS).  GitHub issue #122.
  306 
  307 What's new in Sudo 1.9.8p1
  308 
  309  * Fixed support for passing a prompt (sudo -p) or a login class
  310    (sudo -c) on the command line.  This is a regression introduced
  311    in sudo 1.9.8.  Bug #993.
  312 
  313  * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
  314    This is a regression introduced in sudo 1.9.8.  Bug #994.
  315 
  316  * Fixed a compilation error when the --enable-static-sudoers configure
  317    option was specified.  This is a regression introduced in sudo
  318    1.9.8 caused by a symbol clash with the intercept and log server
  319    protobuf functions.
  320 
  321 What's new in Sudo 1.9.8
  322 
  323  * It is now possible to transparently intercepting sub-commands
  324    executed by the original command run via sudo.  Intercept support
  325    is implemented using LD_PRELOAD (or the equivalent supported by
  326    the system) and so has some limitations.  The two main limitations
  327    are that only dynamic executables are supported and only the
  328    execl, execle, execlp, execv, execve, execvp, and execvpe library
  329    functions are currently intercepted. Its main use case is to
  330    support restricting privileged shells run via sudo.
  331 
  332    To support this, there is a new "intercept" Defaults setting and
  333    an INTERCEPT command tag that can be used in sudoers.  For example:
  334 
  335     Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
  336     Defaults!SHELLS intercept
  337 
  338    would cause sudo to run the listed shells in intercept mode.
  339    This can also be set on a per-rule basis.  For example:
  340 
  341     Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
  342     chuck ALL = INTERCEPT: SHELLS
  343 
  344    would only apply intercept mode to user "chuck" when running one
  345    of the listed shells.
  346 
  347    In intercept mode, sudo will not prompt for a password before
  348    running a sub-command and will not allow a set-user-ID or
  349    set-group-ID program to be run by default.  The new
  350    intercept_authenticate and intercept_allow_setid sudoers settings
  351    can be used to change this behavior.
  352 
  353  * The new "log_subcmds" sudoers setting can be used to log additional
  354    commands run in a privileged shell.  It uses the same mechanism as
  355    the intercept support described above and has the same limitations.
  356 
  357  * The new "log_exit_status" sudoers setting can be used to log
  358    the exit status commands run via sudo.  This is also a corresponding
  359    "log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
  360  
  361  * Support for logging sudo_logsrvd errors via syslog or to a file.
  362    Previously, most sudo_logsrvd errors were only visible in the
  363    debug log.
  364 
  365  * Better diagnostics when there is a TLS certificate validation error.
  366 
  367  * Using the "+=" or "-=" operators in a Defaults setting that takes
  368    a string, not a list, now produces a warning from sudo and a
  369    syntax error from inside visudo.
  370 
  371  * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
  372    had no effect when creating I/O log parent directories if the I/O log
  373    file name ended with the string "XXXXXX".
  374 
  375  * Fixed a bug in the sudoers custom prompt code where the size
  376    parameter that was passed to the strlcpy() function was incorrect.
  377    No overflow was possible since the correct amount of memory was
  378    already pre-allocated.
  379 
  380  * The mksigname and mksiglist helper programs are now built with
  381    the host compiler, not the target compiler, when cross-compiling.
  382    Bug #989.
  383 
  384  * Fixed compilation error when the --enable-static-sudoers configure
  385    option was specified.  This was due to a typo introduced in sudo
  386    1.9.7.  GitHub PR #113.
  387 
  388 What's new in Sudo 1.9.7p2
  389 
  390  * When formatting JSON output, octal numbers are now stored as
  391    strings, not numbers.  The JSON spec does not actually support
  392    octal numbers with a '0' prefix.
  393 
  394  * Fixed a compilation issue on Solaris 9.
  395 
  396  * Sudo now can handle the getgroups() function returning a different
  397    number of groups for subsequent invocations.  GitHub PR #106.
  398 
  399  * When loading a Python plugin, python_plugin.so now verifies
  400    that the module loaded matches the one we tried to load.  This
  401    allows sudo to display a more useful error message when trying
  402    to load a plugin with a name that conflicts with a Python module
  403    installed in the system location.
  404 
  405  * Sudo no longer sets the the open files resource limit to "unlimited"
  406    while it runs.  This avoids a problem where sudo's closefrom()
  407    emulation would need to close a very large number of descriptors
  408    on systems without a way to determine which ones are actually open.
  409 
  410  * Sudo now includes a configure check for va_copy or __va_copy and
  411    only defines its own version if the configure test fails.
  412 
  413  * Fixed a bug in sudo's utmp file handling which prevented old
  414    entries from being reused.  As a result, the utmp (or utmpx)
  415    file was appended to unnecessarily.  GitHub PR #108.
  416 
  417  * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd
  418    from accepting TLS connections when OpenSSL is used.  Bug #988.
  419 
  420 What's new in Sudo 1.9.7p1
  421 
  422  * Fixed an SELinux sudoedit bug when the edited temporary file
  423    could not be opened.  The sesh helper would still be run even
  424    when there are no temporary files available to install.
  425 
  426  * Fixed a compilation problem on FreeBSD.
  427 
  428  * The sudo_noexec.so file is now built as a module on all systems
  429    other than macOS.  This makes it possible to use other libtool
  430    implementations such as slibtool.  On macOS shared libraries and
  431    modules are not interchangeable and the version of libtool shipped
  432    with sudo must be used.
  433 
  434  * Fixed a few bugs in the getgrouplist() emulation on Solaris when
  435    reading from the local group file.
  436 
  437  * Fixed a bug in sudo_logsrvd that prevented periodic relay server
  438    connection retries from occurring in "store_first" mode.
  439 
  440  * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
  441    due to a crash when the group source is set to "compat" in
  442    /etc/nsswitch.conf.  This is probably due to a mismatch between
  443    include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
  444    HP-UX we now just cycle through groups the slow way using
  445    getgrent().  Bug #978.
  446 
  447 What's new in Sudo 1.9.7
  448 
  449  * The "fuzz" Makefile target now runs all the fuzzers for 8192
  450    passes (can be overridden via the FUZZ_RUNS variable).  This makes
  451    it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
  452    set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
  453 
  454  * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
  455    error by default when a symbol is multiply-defined.
  456 
  457  * Added support for determining local IPv6 addresses on systems
  458    that lack the getifaddrs() function.  This now works on AIX,
  459    HP-UX and Solaris (at least).  Bug #969.
  460 
  461  * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
  462    report a usage error.  Also, when invoked as sudoedit, sudo now
  463    allows a more restricted set of options that matches the usage
  464    statement and documentation.  GitHub issue #95.
  465 
  466  * Fixed a crash in sudo_sendlog when the specified certificate
  467    or key does not exist or is invalid.  Bug #970
  468 
  469  * Fixed a compilation error when sudo is configured with the
  470    --disable-log-client option.
  471 
  472  * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
  473    is now documented.  Bug #971.
  474 
  475  * Sudo now requires autoconf 2.70 or higher to regenerate the
  476    configure script.  Bug #972.
  477 
  478  * sudo_logsrvd now has a relay mode which can be used to create
  479    a hierarchy of log servers.  By default, when a relay server is
  480    defined, messages from the client are forwarded immediately to
  481    the relay.  However, if the "store_first" setting is enabled,
  482    the log will be stored locally until the command completes and
  483    then relayed.  Bug #965.
  484 
  485  * Sudo now links with OpenSSL by default if it is available unless
  486    the --disable-openssl configure option is used or both the
  487    --disable-log-client and --disable-log-server configure options
  488    are specified.
  489 
  490  * Fixed configure's Python version detection when the version minor
  491    number is more than a single digit, for example Python 3.10.
  492 
  493  * The sudo Python module tests now pass for Python 3.10.
  494 
  495  * Sudo will now avoid changing the datasize resource limit
  496    as long as the existing value is at least 1GB.  This works around
  497    a problem on 64-bit HP-UX where it is not possible to exactly
  498    restore the original datasize limit.  Bug #973.
  499 
  500  * Fixed a race condition that could result in a hang when sudo is
  501    executed by a process where the SIGCHLD handler is set to SIG_IGN.
  502    This fixes the bug described by GitHub PR #98.
  503 
  504  * Fixed an out-of-bounds read in sudoedit and visudo when the
  505    EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
  506    unescaped backslash.  Also fixed the handling of quote characters
  507    that are escaped by a backslash.  GitHub issue #99.
  508 
  509  * Fixed a bug that prevented the "log_server_verify" sudoers option
  510    from taking effect.
  511 
  512  * The sudo_sendlog utility has a new -s option to cause it to stop
  513    sending I/O records after a user-specified elapsed time.  This
  514    can be used to test the I/O log restart functionality of sudo_logsrvd.
  515 
  516  * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
  517    attempting to restart an interrupted I/O log transfer.
  518 
  519  * The TLS connection timeout in the sudoers log client was previously
  520    hard-coded to 10 seconds.  It now uses the value of log_server_timeout.
  521 
  522  * The configure script now outputs a summary of the user-configurable
  523    options at the end, separate from output of configure script tests.
  524    Bug #820.
  525 
  526  * Corrected the description of which groups may be specified via the
  527    -g option in the Runas_Spec section.  Bug #975.
  528 
  529 What's new in Sudo 1.9.6p1
  530 
  531  * Fixed a regression introduced in sudo 1.9.6 that resulted in an
  532    error message instead of a usage message when sudo is run with
  533    no arguments.
  534 
  535 What's new in Sudo 1.9.6
  536 
  537  * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
  538 
  539  * Fixed a regression introduced in sudo 1.9.4 where the
  540    --disable-root-mailer configure option had no effect.
  541 
  542  * Added a --disable-leaks configure option that avoids some
  543    memory leaks on exit that would otherwise occur.  This is intended
  544    to be used with development tools that measure memory leaks.  It
  545    is not safe to use in production at this time.
  546 
  547  * Plugged some memory leaks identified by oss-fuzz and ASAN.
  548 
  549  * Fixed the handling of sudoOptions for an LDAP sudoRole that
  550    contains multiple sudoCommands.  Previously, some of the options
  551    would only be applied to the first sudoCommand.
  552 
  553  * Fixed a potential out of bounds read in the parsing of NOTBEFORE
  554    and NOTAFTER sudoers command options (and their LDAP equivalents).
  555 
  556  * The parser used for reading I/O log JSON files is now more
  557    resilient when processing invalid JSON.
  558 
  559  * Fixed typos that prevented "make uninstall" from working.
  560    GitHub issue #87.
  561 
  562  * Fixed a regression introduced in sudo 1.9.4 where the last line
  563    in a sudoers file might not have a terminating NUL character
  564    added if no newline was present.
  565 
  566  * Integrated oss-fuzz and LLVM's libFuzzer with sudo.  The new
  567    --enable-fuzzer configure option can be combined with the
  568    --enable-sanitizer option to build sudo with fuzzing support.
  569    Multiple fuzz targets are available for fuzzing different parts
  570    of sudo.  Fuzzers are built and tested via "make fuzz" or as part
  571    of "make check" (even when sudo is not built with fuzzing support).
  572    Fuzzing support currently requires the LLVM clang compiler (not gcc).
  573 
  574  * Fixed the --enable-static-sudoers configure option.
  575    GitHub issue #92.
  576 
  577  * Fixed a potential out of bounds read sudo when is run by a user
  578    with more groups than the value of "max_groups" in sudo.conf.
  579 
  580  * Added an "admin_flag" sudoers option to make the use of the
  581    ~/.sudo_as_admin_successful file configurable on systems where
  582    sudo is build with the --enable-admin-flag configure option.
  583    This mostly affects Ubuntu and its derivatives.  GitHub issue #56.
  584 
  585  * The "max_groups" setting in sudo.conf is now limited to 1024.
  586    This setting is obsolete and should no longer be needed.
  587 
  588  * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir"
  589    sudoers command options.  A path "~/foo" was expanded to
  590    "/home/userfoo" instead of "/home/user/foo".  This also affects
  591    the runchroot and runcwd Defaults settings.
  592 
  593  * Fixed a bug on systems without a native getdelim(3) function
  594    where very long lines could cause parsing of the sudoers file
  595    to end prematurely.  Bug #960.
  596 
  597  * Fixed a potential integer overflow when converting the
  598    timestamp_timeout and passwd_timeout sudoers settings to a
  599    timespec struct.
  600 
  601  * The default for the "group_source" setting in sudo.conf is now
  602    "dynamic" on macOS.  Recent versions of macOS do not reliably
  603    return all of a user's non-local groups via getgroups(2), even
  604    when _DARWIN_UNLIMITED_GETGROUPS is defined.  Bug #946.
  605 
  606  * Fixed a potential use-after-free in the PAM conversation function.
  607    Bug #967.
  608 
  609  * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h.
  610    Bug #968.
  611 
  612 What's new in Sudo 1.9.5p2
  613 
  614  * Fixed sudo's setprogname(3) emulation on systems that don't
  615    provide it.
  616 
  617  * Fixed a problem with the sudoers log server client where a partial
  618    write to the server could result the sudo process consuming large
  619    amounts of CPU time due to a cycle in the buffer queue. Bug #954.
  620 
  621  * Added a missing dependency on libsudo_util in libsudo_eventlog.
  622    Fixes a link error when building sudo statically.
  623 
  624  * The user's KRB5CCNAME environment variable is now preserved when
  625    performing PAM authentication.  This fixes GSSAPI authentication
  626    when the user has a non-default ccache.
  627 
  628  * When invoked as sudoedit, the same set of command line options
  629    are now accepted as for "sudo -e".  The -H and -P options are
  630    now rejected for sudoedit and "sudo -e" which matches the sudo
  631    1.7 behavior.  This is part of the fix for CVE-2021-3156.
  632 
  633  * Fixed a potential buffer overflow when unescaping backslashes
  634    in the command's arguments.  Normally, sudo escapes special
  635    characters when running a command via a shell (sudo -s or sudo
  636    -i).  However, it was also possible to run sudoedit with the -s
  637    or -i flags in which case no escaping had actually been done,
  638    making a buffer overflow possible.  This fixes CVE-2021-3156.
  639 
  640 What's new in Sudo 1.9.5p1
  641 
  642  * Fixed a regression introduced in sudo 1.9.5 where the editor run
  643    by sudoedit was set-user-ID root unless SELinux RBAC was in use.
  644    The editor is now run with the user's real and effective user-IDs.
  645 
  646 What's new in Sudo 1.9.5
  647 
  648  * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
  649    unknown user.  This is related to but distinct from Bug #948.
  650 
  651  * If the "lecture_file" setting is enabled in sudoers, it must now
  652    refer to a regular file or a symbolic link to a regular file.
  653 
  654  * Fixed a potential use-after-free bug in sudo_logsrvd when the
  655    server shuts down if there are existing connections from clients
  656    that are only logging events and not session I/O data.
  657 
  658  * Fixed a buffer size mismatch when serializing the list of IP
  659    addresses for configured network interfaces.  This bug is not
  660    actually exploitable since the allocated buffer is large enough
  661    to hold the list of addresses.
  662 
  663  * If sudo is executed with a name other than "sudo" or "sudoedit",
  664    it will now fall back to "sudo" as the program name.  This affects
  665    warning, help and usage messages as well as the matching of Debug
  666    lines in the /etc/sudo.conf file.  Previously, it was possible
  667    for the invoking user to manipulate the program name by setting
  668    argv[0] to an arbitrary value when executing sudo.
  669 
  670  * Sudo now checks for failure when setting the close-on-exec flag
  671    on open file descriptors.  This should never fail but, if it
  672    were to, there is the possibility of a file descriptor leak to
  673    a child process (such as the command sudo runs).
  674 
  675  * Fixed CVE-2021-23239, a potential information leak in sudoedit
  676    that could be used to test for the existence of directories not
  677    normally accessible to the user in certain circumstances.  When
  678    creating a new file, sudoedit checks to make sure the parent
  679    directory of the new file exists before running the editor.
  680    However, a race condition exists if the invoking user can replace
  681    (or create) the parent directory.  If a symbolic link is created
  682    in place of the parent directory, sudoedit will run the editor
  683    as long as the target of the link exists.  If the target of the
  684    link does not exist, an error message will be displayed.  The
  685    race condition can be used to test for the existence of an
  686    arbitrary directory.  However, it _cannot_ be used to write to
  687    an arbitrary location.
  688 
  689  * Fixed CVE-2021-23240, a flaw in the temporary file handling of
  690    sudoedit's SELinux RBAC support.  On systems where SELinux is
  691    enabled, a user with sudoedit permissions may be able to set the
  692    owner of an arbitrary file to the user-ID of the target user.
  693    On Linux kernels that support "protected symlinks", setting
  694    /proc/sys/fs/protected_symlinks to 1 will prevent the bug from
  695    being exploited.  For more information see
  696    https://www.sudo.ws/alerts/sudoedit_selinux.html.
  697 
  698  * Added writability checks for sudoedit when SELinux RBAC is in use.
  699    This makes sudoedit behavior consistent regardless of whether
  700    or not SELinux RBAC is in use.  Previously, the "sudoedit_checkdir"
  701    setting had no effect for RBAC entries.
  702 
  703  * A new sudoers option "selinux" can be used to disable sudo's
  704    SELinux RBAC support.
  705 
  706  * Quieted warnings from PVS Studio, clang analyzer, and cppcheck.
  707    Added suppression annotations for PVS Studio false positives.
  708 
  709 What's new in Sudo 1.9.4p2
  710 
  711  * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
  712    if the sudoers file contains a runas user-specific Defaults entry.
  713    Bug #951.
  714 
  715 What's new in Sudo 1.9.4p1
  716 
  717  * Sudo on macOS now supports users with more than 16 groups without
  718    needing to set "group_source" to "dynamic" in /etc/sudo.conf.
  719    Previously, only the first 15 were used when matching group-based
  720    rules in sudoers.  Bug #946.
  721 
  722  * Fixed a regression introduced in version 1.9.4 where sudo would
  723    not build when configured using the --without-sendmail option.
  724    Bug #947.
  725 
  726  * Fixed a problem where if I/O logging was disabled and sudo was
  727    unable to connect to sudo_logsrvd, the command would still be
  728    allowed to run even when the "ignore_logfile_errors" sudoers
  729    option was enabled.
  730 
  731  * Fixed a crash introduced in version 1.9.4 when attempting to run
  732    a command as a non-existent user.  Bug #948.
  733 
  734  * The installed sudo.conf file now has the default sudoers Plugin
  735    lines commented out.  This fixes a potential conflict when there
  736    is both a system-installed version of sudo and a user-installed
  737    version.  GitHub issue #75.
  738 
  739  * Fixed a regression introduced in sudo 1.9.4 where sudo would run
  740    the command as a child process even when a pseudo-terminal was
  741    not in use and the "pam_session" and "pam_setcred" options were
  742    disabled.  GitHub issue #76.
  743 
  744  * Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
  745    sudoers option could not be set to a value of 3.  Bug #950.
  746 
  747 What's new in Sudo 1.9.4
  748 
  749  * The sudoers parser will now detect when an upper-case reserved
  750    word is used when declaring an alias.  Now instead of "syntax
  751    error, unexpected CHROOT, expecting ALIAS" the message will be
  752    "syntax error, reserved word CHROOT used as an alias name".
  753    Bug #941.
  754 
  755  * Better handling of sudoers files without a final newline.
  756    The parser now adds a newline at end-of-file automatically which
  757    removes the need for special cases in the parser.
  758 
  759  * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
  760    where an uninitialized pointer could be freed on an error path.
  761    GitHub issue #67.
  762 
  763  * The core logging code is now shared between sudo_logsrvd and
  764    the sudoers plugin.
  765 
  766  * JSON log entries sent to syslog now use "minimal" JSON which
  767    skips all non-essential white space.
  768 
  769  * The sudoers plugin can now produce JSON-formatted logs.  The
  770    "log_format" sudoers option can be used to select sudo or json
  771    format logs.  The default is sudo format logs.
  772 
  773  * The sudoers plugin and visudo now display the column number in
  774    syntax error messages in addition to the line number.  Bug #841.
  775 
  776  * If I/O logging is not enabled but "log_servers" is set, the
  777    sudoers plugin will now log accept events to sudo_logsrvd.
  778    Previously, the accept event was only sent when I/O logging was
  779    enabled.  The sudoers plugin now sends reject and alert events too.
  780 
  781  * The sudo logsrv protocol has been extended to allow an AlertMessage
  782    to contain an optional array of InfoMessage, as AcceptMessage
  783    and RejectMessage already do.
  784 
  785  * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
  786    in duplicate entries in the debug log when debugging was enabled.
  787 
  788  * The visudo utility now supports EDITOR environment variables
  789    that use single or double quotes in the command arguments.
  790    Bug #942.
  791 
  792  * The PAM session modules now run when sudo is set-user-ID root,
  793    which allows a module to determine the original user-ID.
  794    Bug #944.
  795 
  796  * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
  797    where sudoNotBefore and sudoNotAfter were applied even when the
  798    SUDOERS_TIMED setting was not present in ldap.conf.  Bug #945.
  799 
  800  * Sudo packages for macOS 11 now contain universal binaries that
  801    support both Intel and Apple Silicon CPUs.
  802 
  803  * For sudo_logsrvd, an empty value for the "pid_file" setting in
  804    sudo_logsrvd.conf will now disable the process ID file.
  805 
  806 What's new in Sudo 1.9.3p1
  807 
  808  * Fixed a regression introduced in sudo 1.9.3 where the configure
  809    script would not detect the crypt(3) function if it was present
  810    in the C library, not an additional library.
  811 
  812  * Fixed a regression introduced in sudo 1.8.23 with shadow passwd
  813    file authentication on OpenBSD.  BSD authentication was not
  814    affected.
  815 
  816  * Sudo now logs when a user-specified command-line option is
  817    rejected by a sudoers rule.  Previously, these conditions were
  818    written to the audit log, but the default sudo log file.  Affected
  819    command line arguments include -C (--close-from), -D (--chdir),
  820    -R (--chroot), -g (--group) and -u (--user).
  821 
  822 What's new in Sudo 1.9.3
  823 
  824  * sudoedit will now prompt the user before overwriting an existing
  825    file with one that is zero-length after editing.  Bug #922.
  826 
  827  * Fixed building the Python plugin on systems with a compiler that
  828    doesn't support symbol hiding.
  829 
  830  * Sudo now uses a linker script to hide symbols even when the
  831    compiler supports symbol hiding.  This should make it easier to
  832    detect omissions in the symbol exports file, regardless of the
  833    platform.
  834 
  835  * Fixed the libssl dependency in Debian packages for older releases
  836    that use libssl1.0.0.
  837 
  838  * Sudo and visudo now provide more detailed messages when a syntax
  839    error is detected in sudoers.  The offending line and token are
  840    now displayed.  If the parser was generated by GNU bison,
  841    additional information about what token was expected is also
  842    displayed.  Bug #841.
  843 
  844  * Sudoers rules must now end in either a newline or the end-of-file.
  845    Previously, it was possible to have multiple rules on a single
  846    line, separated by white space.  The use of an end-of-line
  847    terminator makes it possible to display accurate error messages.
  848 
  849  * Sudo no longer refuses to run if a syntax error in the sudoers
  850    file is encountered.  The entry with the syntax error will be
  851    discarded and sudo will continue to parse the file.  This makes
  852    recovery from a syntax error less painful on systems where sudo
  853    is the primary method of superuser access.  The historic behavior
  854    can be restored by add "error_recovery=false" to the sudoers
  855    plugin's optional arguments in sudo.conf.  Bug #618.
  856 
  857  * Fixed the sample_approval plugin's symbol exports file for systems
  858    where the compiler doesn't support symbol hiding.
  859 
  860  * Fixed a regression introduced in sudo 1.9.1 where arguments to
  861    the "sudoers_policy" plugin in sudo.conf were not being applied.
  862    The sudoers file is now parsed by the "sudoers_audit" plugin,
  863    which is loaded implicitly when "sudoers_policy" is listed in
  864    sudo.conf.  Starting with sudo 1.9.3, if there are plugin arguments
  865    for "sudoers_policy" but "sudoers_audit" is not listed, those
  866    arguments will be applied to "sudoers_audit" instead.
  867 
  868  * The user's resource limits are now passed to sudo plugins in
  869    the user_info[] list.  A plugin cannot determine the limits
  870    itself because sudo changes the limits while it runs to prevent
  871    resource starvation.
  872 
  873  * It is now possible to set the working directory or change the
  874    root directory on a per-command basis using the CWD and CHROOT
  875    options.  CWD and CHROOT are now reserved words in sudoers--they
  876    can no longer be used as alias names.  There are also new Defaults
  877    settings, runchroot and runcwd, that can be used to set the
  878    working directory or root directory on a more global basis.
  879 
  880  * New -D (--chdir) and -R (--chroot) command line options can be
  881    used to set the working directory or root directory if the sudoers
  882    file allows it.  This functionality is not enabled by default
  883    and must be explicitly enabled in the sudoers file.
  884 
  885  * Fixed a regression introduced in sudo 1.9.1 where the sudoers_audit
  886    symbol could not be resolved when sudo is configured with the
  887    --enable-static-sudoers option.  Bug #936 and GitHub issue #61.
  888 
  889 What's new in Sudo 1.9.2
  890 
  891  * Fixed package builds on RedHat Enterprise Linux 8.
  892 
  893  * The configure script now uses pkg-config to find the openssl
  894    cflags and libs where possible.
  895 
  896  * The contents of the log.json I/O log file is now documented in
  897    the sudoers manual.
  898 
  899  * The sudoers plugin now properly exports the sudoers_audit symbol
  900    on systems where the compiler lacks symbol visibility controls.
  901    This caused a regression in 1.9.1 where a successful sudo command
  902    was not logged due to the missing audit plugin.  Bug #931.
  903 
  904  * Fixed a regression introduced in 1.9.1 that can result in crash
  905    when there is a syntax error in the sudoers file.  Bug #934.
  906 
  907 What's new in Sudo 1.9.1
  908 
  909  * Fixed an AIX-specific problem when I/O logging was enabled.
  910    The terminal device was not being properly set to raw mode.
  911    Bug #927.
  912 
  913  * Corrected handling of sudo_logsrvd connections without associated
  914    I/O log data.  This fixes support for RejectMessage as well as
  915    AcceptMessage when the expect_iobufs flag is not set.
  916 
  917  * Added an "iolog_path" entry to the JSON-format event log produced
  918    by sudo_logsrvd.  Previously, it was only possible to determine
  919    the I/O log file an event belonged to using sudo-format logs.
  920 
  921  * Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.
  922 
  923  * I/O log files produced by the sudoers plugin now clear the write
  924    bits on the I/O log timing file when the log is complete.  This
  925    is consistent with how sudo_logsrvd indicates that a log is
  926    complete.
  927 
  928  * The sudoreplay utility has a new "-F" (follow) command line
  929    option to allow replaying a session that is still in progress,
  930    similar to "tail -f".
  931 
  932  * The @include and @includedir directives can be used in sudoers
  933    instead of #include and #includedir.  In addition, include paths
  934    may now have embedded white space by either using a double-quoted
  935    string or escaping the space characters with a backslash.
  936 
  937  * Fixed some Solaris 11.4 compilation errors.
  938 
  939  * When running a command in a pty, sudo will no longer try to
  940    suspend itself if the user's tty has been revoked (for instance
  941    when the parent ssh daemon is killed).  This fixes a bug where
  942    sudo would continuously suspend the command (which would succeed),
  943    then suspend itself (which would fail due to the missing tty)
  944    and then resume the command.
  945 
  946  * If sudo's event loop fails due to the tty being revoked, remove
  947    the user's tty events and restart the event loop (once).  This
  948    fixes a problem when running "sudo reboot" in a pty on some
  949    systems.  When the event loop exited unexpectedly, sudo would
  950    kill the command running in the pty, which in the case of "reboot",
  951    could lead to the system being in a half-rebooted state.
  952 
  953  * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
  954    SSSD back-ends where a missing sudoHost attribute was treated
  955    as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
  956    is now ignored as it was prior to version 1.8.23.
  957 
  958  * The audit plugin API has been changed slightly.  The sudo front-end
  959    now audits an accept event itself after all approval plugins are
  960    run and the I/O logging plugins (if any) are opened.  This makes
  961    it possible for an audit plugin to only log a single overall
  962    accept event if desired.
  963 
  964  * The sudoers plugin can now be loaded as an audit plugin.  Logging
  965    of successful commands is now performed in the audit plugin's
  966    accept function.  As a result, commands are now only logged if
  967    allowed by sudoers and all approval plugins.  Commands rejected
  968    by an approval plugin are now also logged by the sudoers plugin.
  969 
  970  * Romanian translation for sudo and sudoers from translationproject.org.
  971 
  972  * Fixed a regression introduced in sudo 1.9.0 where sudoedit did
  973    not remove its temporary files after installing them.  Bug #929.
  974 
  975  * Fixed a regression introduced in sudo 1.9.0 where the iolog_file
  976    setting in sudoers and sudo_logsrvd.conf caused an error if the
  977    file name ended in six or more X's.
  978 
  979 What's new in Sudo 1.9.0
  980 
  981  * Fixed a test failure in the strsig_test regress test on FreeBSD.
  982 
  983  * The maximum length of a conversation reply has been increased
  984    from 255 to 1023 characters.  This allows for longer user passwords.
  985    Bug #860.
  986 
  987  * Sudo now includes a logging daemon, sudo_logsrvd, which can be
  988    used to implement centralized logging of I/O logs.  TLS connections
  989    are supported when sudo is configured with the --enable-openssl
  990    option.  For more information, see the sudo_logsrvd, logsrvd.conf
  991    and sudo_logsrv.proto manuals as well as the log_servers setting
  992    in the sudoers manual.
  993 
  994    The --disable-log-server and --disable-log-client configure
  995    options can be used to disable building the I/O log server and/or
  996    remote I/O log support in the sudoers plugin.
  997 
  998  * The new sudo_sendlog utility can be used to test sudo_logsrvd
  999    or send existing sudo I/O logs to a centralized server.
 1000 
 1001  * It is now possible to write sudo plugins in Python 3 when sudo
 1002    is configured with the --enable-python option.  See the
 1003    sudo_plugin_python manual for details.
 1004 
 1005    Sudo 1.9.0 comes with several Python example plugins that get
 1006    installed sudo's examples directory.
 1007 
 1008    The sudo blog article "What's new in sudo 1.9: Python"
 1009    (https://blog.sudo.ws/posts/2020/01/whats-new-in-sudo-1.9-python/)
 1010    includes a simple tutorial on writing python plugins.
 1011 
 1012  * Sudo now supports an "audit" plugin type.  An audit plugin
 1013    receives accept, reject, exit and error messages and can be used
 1014    to implement custom logging that is independent of the underlying
 1015    security policy.   Multiple audit plugins may be specified in
 1016    the sudo.conf file.  A sample audit plugin is included that
 1017    writes logs in JSON format.
 1018 
 1019  * Sudo now supports an "approval" plugin type.  An approval plugin
 1020    is run only after the main security policy (such as sudoers) accepts
 1021    a command to be run.  The approval policy may perform additional
 1022    checks, potentially interacting with the user.  Multiple approval
 1023    plugins may be specified in the sudo.conf file.  Only if all
 1024    approval plugins succeed will the command be allowed.
 1025 
 1026  * Sudo's -S command line option now causes the sudo conversation
 1027    function to write to the standard output or standard error instead
 1028    of the terminal device.
 1029 
 1030  * Fixed a bug where if a #include or #includedir directive was the
 1031    last line in sudoers and there was no final newline character, it
 1032    was silently ignored.  Bug #917.
 1033 
 1034  * It is now possible to use "Cmd_Alias" instead of "Cmnd_Alias" for
 1035    people who find the former more natural.
 1036 
 1037  * The new "pam_ruser" and "pam_rhost" sudoers settings can be used
 1038    to enable or disable setting the PAM remote user and/or host
 1039    values during PAM session setup.
 1040 
 1041  * More than one SHA-2 digest may now be specified for a single
 1042    command.  Multiple digests must be separated by a comma.
 1043 
 1044  * It is now possible to specify a SHA-2 digest in conjunction with
 1045    the "ALL" reserved word in a command specification.  This allows
 1046    one to give permission to run any command that matches the
 1047    specified digest, regardless of its path.
 1048 
 1049  * Sudo and sudo_logsrvd now create an extended I/O log info file
 1050    in JSON format that contains additional information about the
 1051    command that was run, such as the host name.  The sudoreplay
 1052    utility uses this file in preference to the legacy log file.
 1053 
 1054  * The sudoreplay utility can now match on a host name in list mode.
 1055    The list output also now includes the host name if one is present
 1056    in the log file.
 1057 
 1058  * For "sudo -i", if the target user's home directory does not
 1059    exist, sudo will now warn about the problem but run the command
 1060    in the current working directory.  Previously, this was a fatal
 1061    error.  Debian bug #598519.
 1062 
 1063  * The command line arguments in the SUDO_COMMAND environment
 1064    variable are now truncated at 4096 characters.  This avoids an
 1065    "Argument list too long" error when executing a command with a
 1066    large number of arguments.  Bug #923 (Debian bug #596631).
 1067 
 1068  * Sudo now properly ends the PAM transaction when the user
 1069    authenticates successfully but sudoers denies the command.
 1070    Debian bug #669687.
 1071 
 1072  * The sudoers grammar in the manual now indicates that "sudoedit"
 1073    requires one or more arguments.  Debian bug #571621.
 1074 
 1075  * When copying the edited files to the original path, sudoedit now
 1076    allocates any additional space needed before writing.  Previously,
 1077    it could truncate the destination file if the file system was
 1078    full.  Bug #922.
 1079 
 1080  * Fixed an issue where PAM session modules could be called with
 1081    the wrong user name when multiple users in the passwd database
 1082    share the the same user-ID.  Debian bug #734752.
 1083 
 1084  * Sudo command line options that take a value may only be specified
 1085    once.  This is to help guard against problems caused by poorly
 1086    written scripts that invoke sudo with user-controlled input.
 1087    Bug #924.
 1088 
 1089 What's new in Sudo 1.8.31p1
 1090 
 1091  * Sudo once again ignores a failure to restore the RLIMIT_CORE
 1092    resource limit, as it did prior to version 1.8.29.  Linux
 1093    containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
 1094    if we set the limit to zero, even for root, which resulted in a
 1095    warning from sudo.
 1096 
 1097 What's new in Sudo 1.8.31
 1098 
 1099  * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
 1100    sudoers option is enabled on systems with uni-directional pipes.
 1101 
 1102  * The "sudoedit_checkdir" option now treats a user-owned directory
 1103    as writable, even if it does not have the write bit set at the
 1104    time of check.  Symbolic links will no longer be followed by
 1105    sudoedit in any user-owned directory.  Bug #912
 1106 
 1107  * Fixed sudoedit on macOS 10.15 and above where the root file system
 1108    is mounted read-only.  Bug #913.
 1109 
 1110  * Fixed a crash introduced in sudo 1.8.30 when suspending sudo
 1111    at the password prompt.  Bug #914.
 1112 
 1113  * Fixed compilation on systems where the mmap MAP_ANON flag
 1114    is not available.  Bug #915.
 1115 
 1116 What's new in Sudo 1.8.30
 1117 
 1118  * Fixed a warning on macOS introduced in sudo 1.8.29 when sudo
 1119    attempts to set the open file limit to unlimited.  Bug #904.
 1120 
 1121  * Sudo now closes file descriptors before changing uids.  This
 1122    prevents a non-root process from interfering with sudo's ability
 1123    to close file descriptors on systems that support the prlimit(2)
 1124    system call.
 1125 
 1126  * Sudo now treats an attempt to run "sudo sudoedit" as simply
 1127    "sudoedit".  If the sudoers file contains a fully-qualified path
 1128    to sudoedit, sudo will now treat it simply as "sudoedit" (with
 1129    no path).  Visudo will will now treat a fully-qualified path
 1130    to sudoedit as an error.  Bug #871.
 1131 
 1132  * Fixed a bug introduced in sudo 1.8.28 where sudo would warn about
 1133    a missing /etc/environment file on AIX and Linux when PAM is not
 1134    enabled.  Bug #907
 1135 
 1136  * Fixed a bug on Linux introduced in sudo 1.8.29 that prevented
 1137    the askpass program from running due to an unlimited stack size
 1138    resource limit.  Bug #908.
 1139 
 1140  * If a group provider plugin has optional arguments, the argument list
 1141    passed to the plugin is now NULL terminated as per the documentation.
 1142 
 1143  * The user's time stamp file is now only updated if both authentication
 1144    and approval phases succeed.  This is consistent with the behavior
 1145    of sudo prior to version 1.8.23.  Bug #910
 1146 
 1147  * The new allow_unknown_runas_id sudoers setting can be used to
 1148    enable or disable the use of unknown user or group IDs.  Previously,
 1149    sudo would always allow unknown user or group IDs if the sudoers
 1150    entry permitted it, including via the "ALL" alias.  As of sudo
 1151    1.8.30, the admin must explicitly enable support for unknown IDs.
 1152 
 1153  * The new runas_check_shell sudoers setting can be used to require
 1154    that the runas user have a shell listed in the /etc/shells file.
 1155    On many systems, users such as "bin", do not have a valid shell
 1156    and this flag can be used to prevent commands from being run as
 1157    those users.
 1158 
 1159  * Fixed a problem restoring the SELinux tty context during reboot
 1160    if mctransd is killed before sudo finishes.  GitHub issue #17.
 1161 
 1162  * Fixed an intermittent warning on NetBSD when sudo restores the
 1163    initial stack size limit.
 1164 
 1165 What's new in Sudo 1.8.29
 1166 
 1167  * The cvtsudoers command will now reject non-LDIF input when converting
 1168    from LDIF format to sudoers or JSON formats.
 1169 
 1170  * The new log_allowed and log_denied sudoers settings make it possible
 1171    to disable logging and auditing of allowed and/or denied commands.
 1172 
 1173  * The umask is now handled differently on systems with PAM or login.conf.
 1174    If the umask is explicitly set in sudoers, that value is used regardless
 1175    of what PAM or login.conf may specify.  However, if the umask is not
 1176    explicitly set in sudoers, PAM or login.conf may now override the default
 1177    sudoers umask.  Bug #900.
 1178 
 1179  * For "make install", the sudoers file is no longer checked for syntax
 1180    errors when DESTDIR is set.  The default sudoers file includes the
 1181    contents of /etc/sudoers.d which may not be readable as non-root.
 1182    Bug #902.
 1183 
 1184  * Sudo now sets most resource limits to their maximum value to avoid
 1185    problems caused by insufficient resources, such as an inability to
 1186    allocate memory or open files and pipes.
 1187 
 1188  * Fixed a regression introduced in sudo 1.8.28 where sudo would refuse
 1189    to run if the parent process was not associated with a session.
 1190    This was due to sudo passing a session ID of -1 to the plugin.
 1191 
 1192 What's new in Sudo 1.8.28p1
 1193 
 1194  * The fix for Bug #869 caused "sudo -v" to prompt for a password
 1195    when "verifypw" is set to "all" (the default) and all of the
 1196    user's sudoers entries are marked with NOPASSWD.  Bug #901.
 1197 
 1198 What's new in Sudo 1.8.28
 1199 
 1200  * Sudo will now only set PAM_TTY to the empty string when no
 1201    terminal is present on Solaris and Linux.  This workaround is
 1202    only needed on those systems which may have PAM modules that
 1203    misbehave when PAM_TTY is not set.
 1204 
 1205  * The mailerflags sudoers option now has a default value even if
 1206    sendmail support was disabled at configure time.  Fixes a crash
 1207    when the mailerpath sudoers option is set but mailerflags is not.
 1208    Bug #878.
 1209 
 1210  * Sudo will now filter out last login messages on HP-UX unless it
 1211    a shell is being run via "sudo -s" or "sudo -i".  Otherwise,
 1212    when trusted mode is enabled, these messages will be displayed
 1213    for each command.
 1214 
 1215  * On AIX, when the user's password has expired and PAM is not in use,
 1216    sudo will now allow the user to change their password.
 1217    Bug #883.
 1218 
 1219  * Sudo has a new -B command line option that will ring the terminal
 1220    bell when prompting for a password.
 1221 
 1222  * Sudo no longer refuses to prompt for a password when it cannot
 1223    determine the user's terminal as long as it can open /dev/tty.
 1224    This allows sudo to function on systems where /proc is unavailable,
 1225    such as when running in a chroot environment.
 1226 
 1227  * The "env_editor" sudoers flag is now on by default.  This makes
 1228    source builds more consistent with the packages generated by
 1229    sudo's mkpkg script.
 1230 
 1231  * Sudo no longer ships with pre-formatted copies of the manual pages.
 1232    These were included for systems like IRIX that don't ship with an
 1233    nroff utility.  There are now multiple Open Source nroff replacements
 1234    so this should no longer be an issue.
 1235 
 1236  * Fixed a bad interaction with configure's --prefix and
 1237    --disable-shared options.  Bug #886.
 1238 
 1239  * More verbose error message when a password is required and no terminal
 1240    is present.  Bug #828.
 1241 
 1242  * Command tags, such as NOPASSWD, are honored when a user tries to run a
 1243    command that is allowed by sudoers but which does not actually
 1244    exist on the file system.  Bug #888.
 1245 
 1246  * Asturian translation for sudoers from translationproject.org.
 1247 
 1248  * I/O log timing files now store signal suspend and resume information
 1249    in the form of a signal name instead of a number.
 1250 
 1251  * Fixed a bug introduced in 1.8.24 that prevented sudo from honoring
 1252    the value of "ipa_hostname" from sssd.conf, if specified, when
 1253    matching the host name.
 1254 
 1255  * Fixed a bug introduced in 1.8.21 that prevented the core dump
 1256    resource limit set in the pam_limits module from taking effect.
 1257    Bug #894.
 1258 
 1259  * Fixed parsing of double-quoted Defaults group and netgroup bindings.
 1260 
 1261  * The user ID is now used when matching sudoUser attributes in LDAP.
 1262    Previously, the user name, group name and group IDs were used
 1263    when matching but not the user ID.
 1264 
 1265  * Sudo now writes PAM messages to the user's terminal, if available,
 1266    instead of the standard output or standard error.  This prevents
 1267    PAM output from being intermixed with that of the command when
 1268    output is sent to a file or pipe.  Bug #895.
 1269 
 1270  * Sudoedit now honors the umask and umask_override settings in sudoers.
 1271    Previously, the user's umask was used as-is.
 1272 
 1273  * Fixed a bug where the terminal's file context was not restored
 1274    when using SELinux RBAC.  Bug #898.
 1275 
 1276  * Fixed CVE-2019-14287, a bug where a sudo user may be able to
 1277    run a command as root when the Runas specification explicitly
 1278    disallows root access as long as the ALL keyword is listed first.
 1279 
 1280 What's new in Sudo 1.8.27
 1281 
 1282  * On HP-UX, sudo will now update the utmps file when running a command
 1283    in a pseudo-tty.  Previously, only the utmp and utmpx files were
 1284    updated.
 1285 
 1286  * Nanosecond precision file time stamps are now supported in HP-UX.
 1287 
 1288  * Fixes and clarifications to the sudo plugin documentation.
 1289 
 1290  * The sudo manuals no longer require extensive post-processing to
 1291    hide system-specific features.  Conditionals in the roff source
 1292    are now used instead.  This fixes corruption of the sudo manual
 1293    on systems without BSD login classes.  Bug #861.
 1294 
 1295  * If an I/O logging plugin is configured but the plugin does not
 1296    actually log any I/O, sudo will no longer force the command to
 1297    be run in a pseudo-tty.
 1298 
 1299  * The fix for bug #843 in sudo 1.8.24 was incomplete.  If the
 1300    user's password was expired or needed to be updated, but no sudo
 1301    password was required, the PAM handle was freed too early,
 1302    resulting in a failure when processing PAM session modules.
 1303 
 1304  * In visudo, it is now possible to specify the path to sudoers
 1305    without using the -f option.  Bug #864.
 1306 
 1307  * Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx)
 1308    file would not be updated when a command was run in a pseudo-tty.
 1309    Bug #865.
 1310 
 1311  * Sudo now sets the silent flag when opening the PAM session except
 1312    when running a shell via "sudo -s" or "sudo -i".  This prevents
 1313    the pam_lastlog module from printing the last login information
 1314    for each sudo command.  Bug #867.
 1315 
 1316  * Fixed the default AIX hard resource limit for the maximum number
 1317    of files a user may have open.  If no hard limit for "nofiles"
 1318    is explicitly set in /etc/security/limits, the default should
 1319    be "unlimited".  Previously, the default hard limit was 8196.
 1320 
 1321 What's new in Sudo 1.8.26
 1322 
 1323  * Fixed a bug in cvtsudoers when converting to JSON format when
 1324    alias expansion is enabled. Bug #853.
 1325 
 1326  * Sudo no long sets the USERNAME environment variable when running
 1327    commands. This is a non-standard environment variable that was
 1328    set on some older Linux systems.
 1329 
 1330  * Sudo now treats the LOGNAME and USER environment variables (as
 1331    well as the LOGIN variable on AIX) as a single unit.  If one is
 1332    preserved or removed from the environment using env_keep, env_check
 1333    or env_delete, so is the other.
 1334 
 1335  * Added support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
 1336 
 1337  * Sudo now logs when the command was suspended and resumed in the
 1338    I/O logs.  This information is used by sudoreplay to skip the
 1339    time suspended when replaying the session unless the new -S flag
 1340    is used.
 1341 
 1342  * Fixed documentation problems found by the igor utility.  Bug #854.
 1343 
 1344  * Sudo now prints a warning message when there is an error or end
 1345    of file while reading the password instead of exiting silently.
 1346 
 1347  * Fixed a bug in the sudoers LDAP back-end parsing the command_timeout,
 1348    role, type, privs and limitprivs sudoOptions.  This also affected
 1349    cvtsudoers conversion from LDIF to sudoers or JSON.
 1350 
 1351  * Fixed a bug that prevented timeout settings in sudoers from
 1352    functioning unless a timeout was also specified on the command
 1353    line.
 1354 
 1355  * Asturian translation for sudo from translationproject.org.
 1356 
 1357  * When generating LDIF output, cvtsudoers can now be configured
 1358    to pad the sudoOrder increment such that the start order is used
 1359    as a prefix.  Bug #856.
 1360 
 1361  * Fixed a bug introduced in sudo 1.8.25 that prevented sudo from
 1362    properly setting the user's groups on AIX.  Bug #857.
 1363 
 1364  * If the user specifies a group via sudo's -g option that matches
 1365    any of the target user's groups, it is now allowed even if no
 1366    groups are present in the Runas_Spec.  Previously, it was only
 1367    allowed if it matched the target user's primary group.
 1368 
 1369  * The sudoers LDAP back-end now supports negated sudoRunAsUser and
 1370    sudoRunAsGroup entries.
 1371 
 1372  * Sudo now provides a proper error message when the "fqdn" sudoers
 1373    option is set and it is unable to resolve the local host name.
 1374    Bug #859.
 1375 
 1376  * Portuguese translation for sudo and sudoers from translationproject.org.
 1377 
 1378  * Sudo now includes sudoers LDAP schema for the on-line configuration
 1379    supported by OpenLDAP.
 1380 
 1381 What's new in Sudo 1.8.25p1
 1382 
 1383  * Fixed a bug introduced in sudo 1.8.25 that caused a crash on
 1384    systems that have the poll() function but not the ppoll() function.
 1385    Bug #851.
 1386 
 1387 What's new in Sudo 1.8.25
 1388 
 1389  * Fixed a bug introduced in sudo 1.8.20 that broke formatting of
 1390    I/O log timing file entries on systems without a C99-compatible
 1391    snprintf() function.  Our replacement snprintf() doesn't support
 1392    floating point so we can't use the "%f" format directive.
 1393 
 1394  * I/O log timing file entries now use a monotonic timer and include
 1395    nanosecond precision.  A monotonic timer that does not increment
 1396    while the system is sleeping is used where available.
 1397 
 1398  * Fixed a bug introduced in sudo 1.8.24 where sudoNotAfter in the LDAP
 1399    back-end was not being properly parsed.  Bug #845.
 1400 
 1401  * When sudo runs a command in a pseudo-terminal, the follower
 1402    device is now closed in the main process immediately after
 1403    starting the monitor process.  This removes the need for an
 1404    AIX-specific workaround that was added in sudo 1.8.24.
 1405 
 1406  * Added support for monotonic timers on HP-UX.
 1407 
 1408  * Fixed a bug displaying timeout values the "sudo -V" output.
 1409    The value displayed was 3600 times the actual value.  Bug #846.
 1410 
 1411  * Fixed a build issue on AIX 7.1 BOS levels that include memset_s()
 1412    and define rsize_t in string.h.  Bug #847.
 1413 
 1414  * The testsudoers utility now supports querying an LDIF-format
 1415    policy.
 1416 
 1417  * Sudo now sets the LOGIN environment variable to the same value as
 1418    LOGNAME on AIX systems.  Bug #848.
 1419 
 1420  * Fixed a regression introduced in sudo 1.8.24 where the LDAP and
 1421    SSSD back-ends evaluated the rules in reverse sudoOrder.  Bug #849.
 1422 
 1423 What's new in Sudo 1.8.24
 1424 
 1425  * The LDAP and SSS back-ends now use the same rule evaluation code
 1426    as the sudoers file back-end.  This builds on the work in sudo
 1427    1.8.23 where the formatting functions for "sudo -l" output were
 1428    shared.  The handling of negated commands in SSS and LDAP is
 1429    unchanged.
 1430 
 1431  * Fixed a regression introduced in 1.8.23 where "sudo -i" could
 1432    not be used in conjunction with --preserve-env=VARIABLE.  Bug #835.
 1433 
 1434  * cvtsudoers can now parse base64-encoded attributes in LDIF files.
 1435 
 1436  * Random insults are now more random.
 1437 
 1438  * Fixed the noexec wordexp(3) test on FreeBSD.
 1439 
 1440  * Added SUDO_CONV_PREFER_TTY flag for conversation function to
 1441    tell sudo to try writing to /dev/tty first. Can be used in
 1442    conjunction with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
 1443 
 1444  * Sudo now supports an arbitrary number of groups per user on
 1445    Solaris.  Previously, only the first 64 groups were found.
 1446    This should remove the need to set "max_groups" in sudo.conf.
 1447 
 1448  * Fixed typos in the OpenLDAP sudo schema.  Bugs #839 and #840.
 1449 
 1450  * Fixed a race condition when building with parallel make.
 1451    Bug #842.
 1452 
 1453  * Fixed a duplicate free when netgroup_base in ldap.conf is set
 1454    to an invalid value.
 1455 
 1456  * Fixed a bug introduced in sudo 1.8.23 on AIX that could prevent
 1457    local users and groups from being resolved properly on systems
 1458    that have users stored in NIS, LDAP or AD.
 1459 
 1460  * Added a workaround for an AIX bug exposed by a change in sudo
 1461    1.8.23 that prevents the terminal mode from being restored when
 1462    I/O logging is enabled.
 1463 
 1464  * On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD
 1465    and PAM_AUTHTOK_EXPIRED errors from PAM account management if
 1466    authentication is disabled for the user.  This fixes a regression
 1467    introduced in sudo 1.8.23.  Bug #843.
 1468 
 1469  * Fixed an ambiguity in the sudoers manual in the description and
 1470    definition of User, Runas, Host, and Cmnd Aliases.  Bug #834.
 1471 
 1472  * Fixed a bug that resulted in only the first window size change
 1473    event being logged.
 1474 
 1475  * Fixed a bug on HP-UX systems introduced in sudo 1.8.22 that
 1476    caused sudo to prompt for a password every time when tty-based
 1477    time stamp files were in use.
 1478 
 1479  * Fixed a compilation problem on systems that define O_PATH or
 1480    O_SEARCH in fnctl.h but do not define O_DIRECTORY.  Bug #844.
 1481 
 1482 What's new in Sudo 1.8.23
 1483 
 1484  * PAM account management modules and BSD auth approval modules are
 1485    now run even when no password is required.
 1486 
 1487  * For kernel-based time stamps, if no terminal is present, fall
 1488    back to parent-pid style time stamps.
 1489 
 1490  * The new cvtsudoers utility replaces both the "sudoers2ldif" script
 1491    and the "visudo -x" functionality.  It can read a file in either
 1492    sudoers or LDIF format and produce JSON, LDIF or sudoers output.
 1493    It is also possible to filter the generated output file by user,
 1494    group or host name.
 1495 
 1496  * The file, ldap and sss sudoers back-ends now share a common set
 1497    of formatting functions for "sudo -l" output, which is also used
 1498    by the cvtsudoers utility.
 1499 
 1500  * The /run directory is now used in preference to /var/run if it
 1501    exists. Bug #822.
 1502 
 1503  * More accurate descriptions of the --with-rundir and --with-vardir
 1504    configure options.  Bug #823.
 1505 
 1506  * The setpassent() and setgroupent() functions are now used on systems
 1507    that support them to keep the passwd and group database open.
 1508    Sudo performs a lot of passwd and group lookups so it can be
 1509    beneficial to avoid opening and closing the files each time.
 1510 
 1511  * The new case_insensitive_user and case_insensitive_group sudoers
 1512    options can be used to control whether sudo does case-sensitive
 1513    matching of users and groups in sudoers.  Case insensitive
 1514    matching is now the default.
 1515 
 1516  * Fixed a bug on some systems where sudo could hang on command
 1517    exit when I/O logging was enabled.  Bug #826.
 1518 
 1519  * Fixed the build-time process start time test on Linux when the
 1520    test is run from within a container.  Bug #829.
 1521 
 1522  * When determining which temporary directory to use, sudoedit now
 1523    checks the directory for writability before using it.  Previously,
 1524    sudoedit only performed an existence check.  Bug #827.
 1525 
 1526  * Sudo now includes an optional set of Monty Python-inspired insults.
 1527 
 1528  * Fixed the execution of scripts with an associated digest (checksum)
 1529    in sudoers on FreeBSD systems.  FreeBSD does not have a proper
 1530    /dev/fd directory mounted by default and its fexecve(2) is not
 1531    fully POSIX compliant when executing scripts.  Bug #831.
 1532 
 1533  * Chinese (Taiwan) translation for sudo from translationproject.org.
 1534 
 1535 What's new in Sudo 1.8.22
 1536 
 1537  * Commands run in the background from a script run via sudo will
 1538    no longer receive SIGHUP when the parent exits and I/O logging
 1539    is enabled.  Bug #502
 1540 
 1541  * A particularly offensive insult is now disabled by default.
 1542    Bug #804
 1543 
 1544  * The description of "sudo -i" now correctly documents that
 1545    the "env_keep" and "env_check" sudoers options are applied to
 1546    the environment.  Bug #806
 1547 
 1548  * Fixed a crash when the system's host name is not set.
 1549    Bug #807
 1550 
 1551  * The sudoers2ldif script now handles #include and #includedir
 1552    directives.
 1553 
 1554  * Fixed a bug where sudo would silently exit when the command was
 1555    not allowed by sudoers and the "passwd_tries" sudoers option
 1556    was set to a value less than one.
 1557 
 1558  * Fixed a bug with the "listpw" and "verifypw" sudoers options and
 1559    multiple sudoers sources.  If the option is set to "all", a
 1560    password should be required unless none of a user's sudoers
 1561    entries from any source require authentication.
 1562 
 1563  * Fixed a bug with the "listpw" and "verifypw" sudoers options in
 1564    the LDAP and SSSD back-ends.  If the option is set to "any", and
 1565    the entry contained multiple rules, only the first matching rule
 1566    was checked.  If an entry contained more than one matching rule
 1567    and the first rule required authentication but a subsequent rule
 1568    did not, sudo would prompt for a password when it should not have.
 1569 
 1570  * When running a command as the invoking user (not root), sudo
 1571    would execute the command with the same group vector it was
 1572    started with.  Sudo now executes the command with a new group
 1573    vector based on the group database which is consistent with
 1574    how su(1) operates.
 1575 
 1576  * Fixed a double free in the SSSD back-end that could occur when
 1577    ipa_hostname is present in sssd.conf and is set to an unqualified
 1578    host name.
 1579 
 1580  * When I/O logging is enabled, sudo will now write to the terminal
 1581    even when it is a background process.  Previously, sudo would
 1582    only write to the tty when it was the foreground process when
 1583    I/O logging was enabled.  If the TOSTOP terminal flag is set,
 1584    sudo will suspend the command (and then itself) with the SIGTTOU
 1585    signal.
 1586 
 1587  * A new "authfail_message" sudoers option that overrides the
 1588    default "N incorrect password attempt(s)".
 1589 
 1590  * An empty sudoRunAsUser attribute in the LDAP and SSSD back-ends
 1591    will now match the invoking user.  This is more consistent with
 1592    how an empty runas user in the sudoers file is treated.
 1593 
 1594  * Documented that in check mode, visudo does not check the owner/mode
 1595    on files specified with the -f flag.  Bug #809.
 1596 
 1597  * It is now an error to specify the runas user as an empty string
 1598    on the command line.  Previously, an empty runas user was treated
 1599    the same as an unspecified runas user.  Bug #817.
 1600 
 1601  * When "timestamp_type" option is set to "tty" and a terminal is
 1602    present, the time stamp record will now include the start time
 1603    of the session leader.  When the "timestamp_type" option is set
 1604    to "ppid" or when no terminal is available, the start time of
 1605    the parent process is used instead.  This significantly reduces
 1606    the likelihood of a time stamp record being re-used when a user
 1607    logs out and back in again.  Bug #818.
 1608 
 1609  * The sudoers time stamp file format is now documented in the new
 1610    sudoers_timestamp manual.
 1611 
 1612  * The "timestamp_type" option now takes a "kernel" value on OpenBSD
 1613    systems.  This causes the tty-based time stamp to be stored in
 1614    the kernel instead of on the file system.  If no tty is present,
 1615    the time stamp is considered to be invalid.
 1616 
 1617  * Visudo will now use the SUDO_EDITOR environment variable (if
 1618    present) in addition to VISUAL and EDITOR.
 1619 
 1620 What's new in Sudo 1.8.21p2
 1621 
 1622  * Fixed a bug introduced in version 1.8.21 which prevented sudo
 1623    from using the PAM-supplied prompt.  Bug #799
 1624 
 1625  * Fixed a bug introduced in version 1.8.21 which could result in
 1626    sudo hanging when running commands that exit quickly.  Bug #800
 1627 
 1628  * Fixed a bug introduced in version 1.8.21 which prevented the
 1629    command from being run when the password was read via an external
 1630    program using the askpass interface.  Bug #801
 1631 
 1632 What's new in Sudo 1.8.21p1
 1633 
 1634  * On systems that support both PAM and SIGINFO, the main sudo
 1635    process will no longer forward SIGINFO to the command if the
 1636    signal was generated from the keyboard.  The command will have
 1637    already received SIGINFO since it is part of the same process
 1638    group so there's no need for sudo to forward it.  This is
 1639    consistent with the handling of SIGINT, SIGQUIT and SIGTSTP.
 1640    Bug #796
 1641 
 1642  * If SUDOERS_SEARCH_FILTER in ldap.conf does not specify a value,
 1643    the LDAP search expression used when looking up netgroups and
 1644    non-Unix groups had a syntax error if a group plugin was not
 1645    specified.
 1646 
 1647  * "sudo -U otheruser -l" will now have an exit value of 0 even
 1648    if "otheruser" has no sudo privileges.  The exit value when a
 1649    user attempts to lists their own privileges or when a command
 1650    is specified is unchanged.
 1651 
 1652  * Fixed a regression introduced in sudo 1.8.21 where sudoreplay
 1653    playback would hang for I/O logs that contain terminal input.
 1654 
 1655  * Sudo 1.8.18 contained an incomplete fix for the matching of
 1656    entries in the LDAP and SSSD back-ends when a sudoRunAsGroup is
 1657    specified but no sudoRunAsUser is present in the sudoRole.
 1658 
 1659 What's new in Sudo 1.8.21
 1660 
 1661  * The path that sudo uses to search for terminal devices can now
 1662    be configured via the new "devsearch" Path setting in sudo.conf.
 1663 
 1664  * It is now possible to preserve bash shell functions in the
 1665    environment when the "env_reset" sudoers setting is disabled by
 1666    removing the "*=()*" pattern from the env_delete list.
 1667 
 1668  * A change made in sudo 1.8.15 inadvertently caused sudoedit to
 1669    send itself SIGHUP instead of exiting when the editor returns
 1670    an error or the file was not modified.
 1671 
 1672  * Sudoedit now uses an exit code of zero if the file was not
 1673    actually modified.  Previously, sudoedit treated a lack of
 1674    modifications as an error.
 1675 
 1676  * When running a command in a pseudo-tty (pty), sudo now copies a
 1677    subset of the terminal flags to the new pty.  Previously, all
 1678    flags were copied, even those not appropriate for a pty.
 1679 
 1680  * Fixed a problem with debug logging in the sudoers I/O logging
 1681    plugin.
 1682 
 1683  * Window size change events are now logged to the policy plugin.
 1684    On xterm and compatible terminals, sudoreplay is now capable of
 1685    resizing the terminal to match the size of the terminal the
 1686    command was run on.  The new -R option can be used to disable
 1687    terminal resizing.
 1688 
 1689  * Fixed a bug in visudo where a newly added file was not checked
 1690    for syntax errors.  Bug #791.
 1691 
 1692  * Fixed a bug in visudo where if a syntax error in an include
 1693    directory (like /etc/sudoers.d) was detected, the edited version
 1694    was left as a temporary file instead of being installed.
 1695 
 1696  * On PAM systems, sudo will now treat "username's Password:" as
 1697    a standard password prompt.  As a result, the SUDO_PROMPT
 1698    environment variable will now override "username's Password:"
 1699    as well as the more common "Password:".  Previously, the
 1700    "passprompt_override" Defaults setting would need to be set for
 1701    SUDO_PROMPT to override a prompt of "username's Password:".
 1702 
 1703  * A new "syslog_pid" sudoers setting has been added to include
 1704    sudo's process ID along with the process name when logging via
 1705    syslog.  Bug #792.
 1706 
 1707  * Fixed a bug introduced in sudo 1.8.18 where a command would
 1708    not be terminated when the I/O logging plugin returned an error
 1709    to the sudo front-end.
 1710 
 1711  * A new "timestamp_type" sudoers setting has been added that replaces
 1712    the "tty_tickets" option.  In addition to tty and global time stamp
 1713    records, it is now possible to use the parent process ID to restrict
 1714    the time stamp to commands run by the same process, usually the shell.
 1715    Bug #793.
 1716 
 1717  * The --preserve-env command line option has been extended to accept
 1718    a comma-separated list of environment variables to preserve.
 1719    Bug #279.
 1720 
 1721  * Friulian translation for sudo from translationproject.org.
 1722 
 1723 What's new in Sudo 1.8.20p2
 1724 
 1725  * Fixed a bug parsing /proc/pid/stat on Linux when the process
 1726    name contains newlines.  This is not exploitable due to the /dev
 1727    traversal changes in sudo 1.8.20p1.
 1728 
 1729 What's new in Sudo 1.8.20p1
 1730 
 1731  * Fixed "make check" when using OpenSSL or GNU crypt.
 1732    Bug #787.
 1733 
 1734  * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
 1735    when the process name contains spaces.  Since the user has control
 1736    over the command name, this could potentially be used by a user
 1737    with sudo access to overwrite an arbitrary file on systems with
 1738    SELinux enabled.  Also stop performing a breadth-first traversal
 1739    of /dev when looking for the device; only a hard-coded list of
 1740    directories are checked,
 1741 
 1742 What's new in Sudo 1.8.20
 1743 
 1744  * Added support for SASL_MECH in ldap.conf. Bug #764
 1745 
 1746  * Added support for digest matching when the command is a glob-style
 1747    pattern or a directory. Previously, only explicit path matches
 1748    supported digest checks.
 1749 
 1750  * New "fdexec" Defaults option to control whether a command
 1751    is executed by path or by open file descriptor.
 1752 
 1753  * The embedded copy of zlib has been upgraded to version 1.2.11.
 1754 
 1755  * Fixed a bug that prevented sudoers include files with a relative
 1756    path starting with the letter 'i' from being opened.  Bug #776.
 1757 
 1758  * Added support for command timeouts in sudoers.  The command will
 1759    be terminated if the timeout expires.
 1760 
 1761  * The SELinux role and type are now displayed in the "sudo -l"
 1762    output for the LDAP and SSSD back-ends, just as they are in the
 1763    sudoers back-end.
 1764 
 1765  * A new command line option, -T, can be used to specify a command
 1766    timeout as long as the user-specified timeout is not longer than
 1767    the timeout specified in sudoers.  This option may only be
 1768    used when the "user_command_timeouts" flag is enabled in sudoers.
 1769 
 1770  * Added NOTBEFORE and NOTAFTER command options to the sudoers
 1771    back-end similar to what is already available in the LDAP back-end.
 1772 
 1773  * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
 1774    crypt instead of the SHA2 implementation bundled with sudo.
 1775 
 1776  * Fixed a compilation error on systems without the stdbool.h header
 1777    file.  Bug #778.
 1778 
 1779  * Fixed a compilation error in the standalone Kerberos V authentication
 1780    module.  Bug #777.
 1781 
 1782  * Added the iolog_flush flag to sudoers which causes I/O log data
 1783    to be written immediately to disk instead of being buffered.
 1784 
 1785  * I/O log files are now created with group ID 0 by default unless
 1786    the "iolog_user" or "iolog_group" options are set in sudoers.
 1787 
 1788  * It is now possible to store I/O log files on an NFS-mounted
 1789    file system where uid 0 is remapped to an unprivileged user.
 1790    The "iolog_user" option must be set to a non-root user and the
 1791    top-level I/O log directory must exist and be owned by that user.
 1792 
 1793  * Added the restricted_env_file setting to sudoers which is similar
 1794    to env_file but its contents are subject to the same restrictions
 1795    as variables in the invoking user's environment.
 1796 
 1797  * Fixed a use after free bug in the SSSD back-end when the fqdn
 1798    sudoOption is enabled and no hostname value is present in
 1799    /etc/sssd/sssd.conf.
 1800 
 1801  * Fixed a typo that resulted in a compilation error on systems
 1802    where the killpg() function is not found by configure.
 1803 
 1804  * Fixed a compilation error with the included version of zlib
 1805    when sudo was built outside the source tree.
 1806 
 1807  * Fixed the exit value of sudo when the command is terminated by
 1808    a signal other than SIGINT.  This was broken in sudo 1.8.15 by
 1809    the fix for Bug #722.  Bug #784.
 1810 
 1811  * Fixed a regression introduced in sudo 1.8.18 where the "lecture"
 1812    option could not be used in a positive boolean context, only
 1813    a negative one.
 1814 
 1815  * Fixed an issue where sudo would consume stdin if it was not
 1816    connected to a tty even if log_input is not enabled in sudoers.
 1817    Bug #786.
 1818 
 1819  * Clarify in the sudoers manual that the #includedir directive
 1820    diverts control to the files in the specified directory and,
 1821    when parsing of those files is complete, returns control to the
 1822    original file.  Bug #775.
 1823 
 1824 What's new in Sudo 1.8.19p2
 1825 
 1826  * Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
 1827    or network is used in a host-based Defaults entry.  Bug #766
 1828 
 1829  * Added a missing check for the ignore_iolog_errors flag when
 1830    the sudoers plugin generates the I/O log file path name.
 1831 
 1832  * Fixed a typo in sudo's vsyslog() replacement that resulted in
 1833    garbage being logged to syslog.
 1834 
 1835 What's new in Sudo 1.8.19p1
 1836 
 1837  * Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
 1838    syslog priority and facility being used.
 1839 
 1840 What's new in Sudo 1.8.19
 1841 
 1842  * New "syslog_maxlen" Defaults option to control the maximum size of
 1843    syslog messages generated by sudo.
 1844 
 1845  * Sudo has been run against PVS-Studio and any issues that were
 1846    not false positives have been addressed.
 1847 
 1848  * I/O log files are now created with the same group ID as the
 1849    parent directory and not the invoking user's group ID.
 1850 
 1851  * I/O log permissions and ownership are now configurable via the
 1852    "iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults
 1853    variables.
 1854 
 1855  * Fixed configuration of the sudoers I/O log plugin debug subsystem.
 1856    Previously, I/O log information was not being written to the
 1857    sudoers debug log.
 1858 
 1859  * Fixed a bug in visudo that broke editing of files in an include
 1860    dir that have a syntax error.  Normally, visudo does not edit
 1861    those files, but if a syntax error is detected in one, the user
 1862    should get a chance to fix it.
 1863 
 1864  * Warnings about unknown or unparsable sudoers Defaults entries now
 1865    include the file and line number of the problem.
 1866 
 1867  * Visudo will now use the file and line number information about an
 1868    unknown or unparsable Defaults entry to go directly to the file
 1869    with the problem.
 1870 
 1871  * Fixed a bug in the sudoers LDAP back-end where a negated sudoHost
 1872    entry would prevent other sudoHost entries following it from matching.
 1873 
 1874  * Warnings from visudo about a cycle in an Alias entry now include the
 1875    file and line number of the problem.
 1876 
 1877  * In strict mode, visudo will now use the file and line number
 1878    information about a cycle in an Alias entry to go directly to the
 1879    file with the problem.
 1880 
 1881  * The sudo_noexec.so file is now linked with -ldl on systems that
 1882    require it for the wordexp() wrapper.
 1883 
 1884  * Fixed linking of sudo_noexec.so on macOS systems where it must be
 1885    a dynamic library and not a module.
 1886 
 1887  * Sudo's "make check" now includes a test for sudo_noexec.so
 1888    working.
 1889 
 1890  * The sudo front-end now passes the user's umask to the plugin.
 1891    Previously the plugin had to determine this itself.
 1892 
 1893  * Sudoreplay can now display the stdin and ttyin streams when they
 1894    are explicitly added to the filter list.
 1895 
 1896  * Fixed a bug introduced in sudo 1.8.17 where the "all" setting
 1897    for verifypw and listpw was not being honored.  Bug #762.
 1898 
 1899  * The syslog priority (syslog_goodpri and syslog_badpri) can now
 1900    be negated or set to "none" to disable logging of successful or
 1901    unsuccessful sudo attempts via syslog.
 1902 
 1903 What's new in Sudo 1.8.18p1
 1904 
 1905  * When sudo_noexec.so is used, the WRDE_NOCMD flag is now added
 1906    if the wordexp() function is called.  This prevents commands
 1907    from being run via wordexp() without disabling it entirely.
 1908 
 1909  * On Linux systems, sudo_noexec.so now uses a seccomp filter to
 1910    disable execute access if the kernel supports seccomp.  This is
 1911    more robust than the traditional method of using stub functions
 1912    that return an error.
 1913 
 1914 What's new in Sudo 1.8.18
 1915 
 1916  * The sudoers locale is now set before parsing the sudoers file.
 1917    If sudoers_locale is set in sudoers, it is applied before
 1918    evaluating other Defaults entries.  Previously, sudoers_locale
 1919    was used when evaluating sudoers but not during the initial parse.
 1920    Bug #748.
 1921 
 1922  * A missing or otherwise invalid #includedir is now ignored instead
 1923    of causing a parse error.
 1924 
 1925  * During "make install", backup files are only used on HP-UX where
 1926    it is not possible to unlink a shared object that is in use.
 1927    This works around a bug in ldconfig on Linux which could create
 1928    links to the backup shared library file instead of the current
 1929    one.
 1930 
 1931  * Fixed a bug introduced in 1.8.17 where sudoers entries with long
 1932    commands lines could be truncated, preventing a match.  Bug #752.
 1933 
 1934  * The fqdn, runas_default and sudoers_locale Defaults settings are
 1935    now applied before any other Defaults settings since they can
 1936    change how other Defaults settings are parsed.
 1937 
 1938  * On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
 1939    flag is set, sudoedit now checks whether the file is a symbolic link
 1940    before opening it as well as after the open.  Bug #753.
 1941 
 1942  * Sudo will now only resolve a user's group IDs to group names
 1943    when sudoers includes group-based permissions.  Group lookups
 1944    can be expensive on some systems where the group database is
 1945    not local.
 1946 
 1947  * If the file system holding the sudo log file is full, allow
 1948    the command to run unless the new ignore_logfile_errors Defaults
 1949    option is disabled.  Bug #751.
 1950 
 1951  * The ignore_audit_errors and ignore_iolog_errors Defaults options
 1952    have been added to control sudo's behavior when it is unable to
 1953    write to the audit and I/O logs.
 1954 
 1955  * Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
 1956    was not being restored when sudo directly executes the command.
 1957 
 1958  * Fixed a bug where "sudo -l command" would indicate that a command
 1959    was runnable even when denied by sudoers when using the LDAP or
 1960    SSSD back-ends.
 1961 
 1962  * The match_group_by_gid Defaults option has been added to allow
 1963    sites where group name resolution is slow and where sudoers only
 1964    contains a small number of groups to match groups by group ID
 1965    instead of by group name.
 1966 
 1967  * Fixed a bug on Linux where a 32-bit sudo binary could fail with
 1968    an "unable to allocate memory" error when run on a 64-bit system.
 1969    Bug #755
 1970 
 1971  * When parsing ldap.conf, sudo will now only treat a '#' character
 1972    as the start of a comment when it is at the beginning of the
 1973    line.
 1974 
 1975  * Fixed a potential crash when auditing is enabled and the audit
 1976    function fails with an error.  Bug #756
 1977 
 1978  * Norwegian Nynorsk translation for sudo from translationproject.org.
 1979 
 1980  * Fixed a typo that broke short host name matching when the fqdn
 1981    flag is enabled in sudoers.  Bug #757
 1982 
 1983  * Negated sudoHost attributes are now supported by the LDAP and
 1984    SSSD back-ends.
 1985 
 1986  * Fixed matching entries in the LDAP and SSSD back-ends when a
 1987    RunAsGroup is specified but no RunAsUser is present.
 1988 
 1989  * Fixed "sudo -l" output in the LDAP and SSSD back-ends when a
 1990    RunAsGroup is specified but no RunAsUser is present.
 1991 
 1992 What's new in Sudo 1.8.17p1
 1993 
 1994  * Fixed a bug introduced in 1.8.17 where the user's groups were
 1995    not set on systems that don't use PAM.  Bug #749.
 1996 
 1997 What's new in Sudo 1.8.17
 1998 
 1999  * On AIX, if /etc/security/login.cfg has auth_type set to PAM_AUTH
 2000    but pam_start(3) fails, fall back to AIX authentication.
 2001    Bug #740.
 2002 
 2003  * Sudo now takes all sudoers sources into account when determining
 2004    whether or not "sudo -l" or "sudo -v" should prompt for a password.
 2005    In other words, if both file and ldap sudoers sources are in
 2006    specified in /etc/nsswitch.conf, "sudo -v" will now require that
 2007    all entries in both sources be have NOPASSWD (file) or !authenticate
 2008    (ldap) in the entries.
 2009 
 2010  * Sudo now ignores SIGPIPE until the command is executed.  Previously,
 2011    SIGPIPE was only ignored in a few select places.  Bug #739.
 2012 
 2013  * Fixed a bug introduced in sudo 1.8.14 where (non-syslog) log
 2014    file entries were missing the newline when loglinelen is set to
 2015    a non-positive number.  Bug #742.
 2016 
 2017  * Unix groups are now set before the plugin session initialization
 2018    code is run.  This makes it possible to use dynamic groups with
 2019    the Linux-PAM pam_group module.
 2020 
 2021  * Fixed a bug where a debugging statement could dereference a NULL
 2022    pointer when looking up a group that doesn't exist.  Bug #743.
 2023 
 2024  * Sudo has been run through the Coverity code scanner.  A number of
 2025    minor bugs have been fixed as a result.  None were security issues.
 2026 
 2027  * SELinux support, which was broken in 1.8.16, has been repaired.
 2028 
 2029  * Fixed a bug when logging I/O where all output buffers might not
 2030    get flushed at exit.
 2031 
 2032  * Forward slashes are no longer escaped in the JSON output of
 2033    "visudo -x".  This was never required by the standard and not
 2034    escaping them improves readability of the output.
 2035 
 2036  * Sudo no longer treats PAM_SESSION_ERR as a fatal error when
 2037    opening the PAM session.  Other errors from pam_open_session()
 2038    are still treated as fatal.  This avoids the "policy plugin
 2039    failed session initialization" error message seen on some systems.
 2040 
 2041  * Korean translation for sudo and sudoers from translationproject.org.
 2042 
 2043  * Fixed a bug on AIX where the stack size hard resource limit was
 2044    being set to 2GB instead of 4GB on 64-bit systems.
 2045 
 2046  * The SSSD back-end now properly supports "sudo -U otheruser -l".
 2047 
 2048  * The SSSD back-end now uses the value of "ipa_hostname"
 2049    from sssd.conf, if specified, when matching the host name.
 2050 
 2051  * Fixed a hang on some systems when the command is being run in
 2052    a pty and it failed to execute.
 2053 
 2054  * When performing a wildcard match in sudoers, check for an exact
 2055    string match if the user command was fully-qualified (or resolved
 2056    via the PATH).  This fixes an issue executing scripts on Linux
 2057    when there are multiple wildcard matches with the same base name.
 2058    Bug #746.
 2059 
 2060 What's new in Sudo 1.8.16
 2061 
 2062  * Fixed a compilation error on Solaris 10 with Stun Studio 12.
 2063    Bug #727.
 2064 
 2065  * When preserving variables from the invoking user's environment, if
 2066    there are duplicates sudo now only keeps the first instance.
 2067 
 2068  * Fixed a bug that could cause warning mail to be sent in list
 2069    mode (sudo -l) for users without sudo privileges when the
 2070    LDAP and sssd back-ends are used.
 2071 
 2072  * Fixed a bug that prevented the "mail_no_user" option from working
 2073    properly with the LDAP back-end.
 2074 
 2075  * In the LDAP and sssd back-ends, white space is now ignored between
 2076    an operator (!, +, +=, -=) when parsing a sudoOption.
 2077 
 2078  * It is now possible to disable Path settings in sudo.conf
 2079    by omitting the path name.
 2080 
 2081  * The sudoedit_checkdir Defaults option is now enabled by default
 2082    and has been extended.  When editing files with sudoedit, each
 2083    directory in the path to be edited is now checked.  If a directory
 2084    is writable by the invoking user, symbolic links will not be
 2085    followed.  If the parent directory of the file to be edited is
 2086    writable, sudoedit will refuse to edit it.
 2087    Bug #707.
 2088 
 2089  * The netgroup_tuple Defaults option has been added to enable matching
 2090    of the entire netgroup tuple, not just the host or user portion.
 2091    Bug #717.
 2092 
 2093  * When matching commands based on the SHA2 digest, sudo will now
 2094    use fexecve(2) to execute the command if it is available.  This
 2095    fixes a time of check versus time of use race condition when the
 2096    directory holding the command is writable by the invoking user.
 2097 
 2098  * On AIX systems, sudo now caches the auth registry string along
 2099    with password and group information.  This fixes a potential
 2100    problem when a user or group of the same name exists in multiple
 2101    auth registries.  For example, local and LDAP.
 2102 
 2103  * Fixed a crash in the SSSD back-end when the invoking user is not
 2104    found.  Bug #732.
 2105 
 2106  * Added the --enable-asan configure flag to enable address sanitizer
 2107    support.  A few minor memory leaks have been plugged to quiet
 2108    the ASAN leak detector.
 2109 
 2110  * The value of _PATH_SUDO_CONF may once again be overridden via
 2111    the Makefile.  Bug #735.
 2112 
 2113  * The sudoers2ldif script now handles multiple roles with same name.
 2114 
 2115  * Fixed a compilation error on systems that have the posix_spawn()
 2116    and posix_spawnp() functions but an unusable spawn.h header.
 2117    Bug #730.
 2118 
 2119  * Fixed support for negating character classes in sudo's version
 2120    of the fnmatch() function.
 2121 
 2122  * Fixed a bug in the LDAP and SSSD back-ends that could allow an
 2123    unauthorized user to list another user's privileges.  Bug #738.
 2124 
 2125  * The PAM conversation function now works around an ambiguity in the
 2126    PAM spec with respect to multiple messages.  Bug #726.
 2127 
 2128 What's new in Sudo 1.8.15
 2129 
 2130  * Fixed a bug that prevented sudo from building outside the source tree
 2131    on some platforms.  Bug #708.
 2132 
 2133  * Fixed the location of the sssd library in the RHEL/Centos packages.
 2134    Bug #710.
 2135 
 2136  * Fixed a build problem on systems that don't implicitly include
 2137    sys/types.h from other header files.  Bug #711.
 2138 
 2139  * Fixed a problem on Linux using containers where sudo would ignore
 2140    signals sent by a process in a different container.
 2141 
 2142  * Sudo now refuses to run a command if the PAM session module
 2143    returns an error.
 2144 
 2145  * When editing files with sudoedit, symbolic links will no longer
 2146    be followed by default.  The old behavior can be restored by
 2147    enabling the sudoedit_follow option in sudoers or on a per-command
 2148    basis with the FOLLOW and NOFOLLOW tags.  Bug #707.
 2149 
 2150  * Fixed a bug introduced in version 1.8.14 that caused the last
 2151    valid editor in the sudoers "editor" list to be used by visudo
 2152    and sudoedit instead of the first.  Bug #714.
 2153 
 2154  * Fixed a bug in visudo that prevented the addition of a final
 2155    newline to edited files without one.
 2156 
 2157  * Fixed a bug decoding certain base64 digests in sudoers when the
 2158    intermediate format included a '=' character.
 2159 
 2160  * Individual records are now locked in the time stamp file instead
 2161    of the entire file.  This allows sudo to avoid prompting for a
 2162    password multiple times on the same terminal when used in a
 2163    pipeline.  In other words, "sudo cat foo | sudo grep bar" now
 2164    only prompts for the password once.  Previously, both sudo
 2165    processes would prompt for a password, often making it impossible
 2166    to enter.
 2167 
 2168  * Fixed a bug where sudo would fail to run commands as a non-root
 2169    user on systems that lack both setresuid() and setreuid().
 2170    Bug #713.
 2171 
 2172  * Fixed a bug introduced in sudo 1.8.14 that prevented visudo from
 2173    re-editing the correct file when a syntax error was detected.
 2174 
 2175  * Fixed a bug where sudo would not relay a SIGHUP signal to the
 2176    command when the terminal is closed and the command is not run
 2177    in its own pseudo-tty.  Bug #719
 2178 
 2179  * If some, but not all, of the LOGNAME, USER or USERNAME environment
 2180    variables have been preserved from the invoking user's environment,
 2181    sudo will now use the preserved value to set the remaining variables
 2182    instead of using the runas user.  This ensures that if, for example,
 2183    only LOGNAME is present in the env_keep list, that sudo will not
 2184    set USER and USERNAME to the runas user.
 2185 
 2186 *  When the command sudo is running dies due to a signal, sudo will
 2187    now send itself that same signal with the default signal handler
 2188    installed instead of exiting.  The bash shell appears to ignore
 2189    some signals, e.g. SIGINT, unless the command being run is killed
 2190    by that signal.  This makes the behavior of commands run under
 2191    sudo the same as without sudo when bash is the shell.  Bug #722
 2192 
 2193  * Slovak translation for sudo from translationproject.org.
 2194 
 2195  * Hungarian and Slovak translations for sudoers from translationproject.org.
 2196 
 2197  * Previously, when env_reset was enabled (the default) and the -s
 2198    option was not used, the SHELL environment variable was set to the
 2199    shell of the invoking user.  Now, when env_reset is enabled and
 2200    the -s option is not used, SHELL is set based on the target user.
 2201 
 2202  * Fixed challenge/response style BSD authentication.
 2203 
 2204  * Added the sudoedit_checkdir Defaults option to prevent sudoedit
 2205    from editing files located in a directory that is writable by
 2206    the invoking user.
 2207 
 2208  * Added the always_query_group_plugin Defaults option to control
 2209    whether groups not found in the system group database are passed
 2210    to the group plugin.  Previously, unknown system groups were
 2211    always passed to the group plugin.
 2212 
 2213  * When creating a new file, sudoedit will now check that the file's
 2214    parent directory exists before running the editor.
 2215 
 2216  * Fixed the compiler stack protector test in configure for compilers
 2217    that support -fstack-protector but don't actually have the ssp
 2218    library available.
 2219 
 2220 What's new in Sudo 1.8.14p3
 2221 
 2222  * Fixed a bug introduced in sudo 1.8.14p2 that prevented sudo
 2223    from working when no tty was present.
 2224 
 2225  * Fixed tty detection on newer AIX systems where dev_t is 64-bit.
 2226 
 2227 What's new in Sudo 1.8.14p2
 2228 
 2229  * Fixed a bug introduced in sudo 1.8.14 that prevented the lecture
 2230    file from being created.  Bug #704.
 2231 
 2232 What's new in Sudo 1.8.14p1
 2233 
 2234  * Fixed a bug introduced in sudo 1.8.14 that prevented the sssd
 2235    back-end from working.  Bug #703.
 2236 
 2237 What's new in Sudo 1.8.14
 2238 
 2239  * Log messages on Mac OS X now respect sudoers_locale when sudo
 2240    is build with NLS support.
 2241 
 2242  * The sudo manual pages now pass "mandoc -Tlint" with no warnings.
 2243 
 2244  * Fixed a compilation problem on systems with the sig2str() function
 2245    that do not define SIG2STR_MAX in signal.h.
 2246 
 2247  * Worked around a compiler bug that resulted in unexpected behavior
 2248    when returning an int from a function declared to return bool
 2249    without an explicit cast.
 2250 
 2251  * Worked around a bug in Mac OS X 10.10 BSD auditing where the
 2252    au_preselect() fails for AUE_sudo events but succeeds for
 2253    AUE_DARWIN_sudo.
 2254 
 2255  * Fixed a hang on Linux systems with glibc when sudo is linked with
 2256    jemalloc.
 2257 
 2258  * When the user runs a command as a user ID that is not present in
 2259    the password database via the -u flag, the command is now run
 2260    with the group ID of the invoking user instead of group ID 0.
 2261 
 2262  * Fixed a compilation problem on systems that don't pull in
 2263    definitions of uid_t and gid_t without sys/types.h or unistd.h.
 2264 
 2265  * Fixed a compilation problem on newer AIX systems which use a
 2266    struct st_timespec for time stamps in struct stat that differs
 2267    from struct timespec.  Bug #702.
 2268 
 2269  * The example directory is now configurable via --with-exampledir
 2270    and defaults to DATAROOTDIR/examples/sudo on BSD systems.
 2271 
 2272  * The /usr/lib/tmpfiles.d/sudo.conf file is now installed as part
 2273    of "make install" when systemd is in use.
 2274 
 2275  * Fixed a linker problem on some systems with libintl.  Bug #690.
 2276 
 2277  * Fixed compilation with compilers that don't support __func__
 2278    or __FUNCTION__.
 2279 
 2280  * Sudo no longer needs to uses weak symbols to support localization
 2281    in the warning functions.  A registration function is used instead.
 2282 
 2283  * Fixed a setresuid() failure in sudoers on Linux kernels where
 2284    uid changes take the nproc resource limit into account.
 2285 
 2286  * Fixed LDAP netgroup queries on AIX.
 2287 
 2288  * Sudo will now display the custom prompt on Linux systems with PAM
 2289    even if the "Password: " prompt is not localized by the PAM module.
 2290    Bug #701.
 2291 
 2292  * Double-quoted values in an LDAP sudoOption are now supported
 2293    for consistency with file-based sudoers.
 2294 
 2295  * Fixed a bug that prevented the btime entry in /proc/stat from
 2296    being parsed on Linux.
 2297 
 2298 What's new in Sudo 1.8.13
 2299 
 2300  * The examples directory is now a subdirectory of the doc dir to
 2301    conform to Debian guidelines.  Bug #682.
 2302 
 2303  * Fixed a compilation error for siglist.c and signame.c on some
 2304    systems.  Bug #686
 2305 
 2306  * Weak symbols are now used for sudo_warn_gettext() and
 2307    sudo_warn_strerror() in libsudo_util to avoid link errors when
 2308    -Wl,--no-undefined is used in LDFLAGS.  The --disable-weak-symbols
 2309    configure option can be used to disable the user of weak symbols.
 2310 
 2311  * Fixed a bug in sudo's mkstemps() replacement function that
 2312    prevented the file extension from being preserved in sudoedit.
 2313 
 2314  * A new mail_all_cmnds sudoers flag will send mail when a user runs
 2315    a command (or tries to). The behavior of the mail_always flag has
 2316    been restored to always send mail when sudo is run.
 2317 
 2318  * New "MAIL" and "NOMAIL" command tags have been added to toggle
 2319    mail sending behavior on a per-command (or Cmnd_Alias) basis.
 2320 
 2321  * Fixed matching of empty passwords when sudo is configured to
 2322    use passwd (or shadow) file authentication on systems where the
 2323    crypt() function returns NULL for invalid salts.
 2324 
 2325  * On AIX, sudo now uses the value of the auth_type setting in
 2326    /etc/security/login.cfg to determine whether to use LAM or PAM
 2327    for user authentication.
 2328 
 2329  * The "all" setting for listpw and verifypw now works correctly
 2330    with LDAP and sssd sudoers.
 2331 
 2332  * The sudo timestamp directory is now created at boot time on
 2333    platforms that use systemd.
 2334 
 2335  * Sudo will now restore the value of the SIGPIPE handler before
 2336    executing the command.
 2337 
 2338  * Sudo now uses "struct timespec" instead of "struct timeval" for
 2339    time keeping when possible.  If supported, sudoedit and visudo
 2340    now use nanosecond granularity time stamps.
 2341 
 2342  * Fixed a symbol name collision with systems that have their own
 2343    SHA2 implementation.  This fixes a problem where PAM could use
 2344    the wrong SHA2 implementation on Solaris 10 systems configured
 2345    to use SHA512 for passwords.
 2346 
 2347  * The editor invoked by sudoedit once again uses an unmodified
 2348    copy of the user's environment as per the documentation.  This
 2349    was inadvertently changed in sudo 1.8.0.  Bug #688.
 2350 
 2351 What's new in Sudo 1.8.12
 2352 
 2353  * The embedded copy of zlib has been upgraded to version 1.2.8 and
 2354    is now installed as a shared library where supported.
 2355 
 2356  * Debug settings for the sudo front end and sudoers plugin are now
 2357    configured separately.
 2358 
 2359  * Multiple sudo.conf Debug entries may now be specified per program
 2360    (or plugin).
 2361 
 2362  * The plugin API has been extended such that the path to the plugin
 2363    that was loaded is now included in the settings array.  This
 2364    path can be used to register with the debugging subsystem.  The
 2365    debug_flags setting is now prefixed with a file name and may be
 2366    specified multiple times if there is more than one matching Debug
 2367    setting in sudo.conf.
 2368 
 2369  * The sudoers regression tests now run with the locale set to C
 2370    since some of the tests compare output that includes locale-specific
 2371    messages.  Bug #672
 2372 
 2373  * Fixed a bug where sudo would not run commands on Linux when
 2374    compiled with audit support if audit is disabled.  Bug #671
 2375 
 2376  * Added __BASH_FUNC<* to the environment blacklist to match
 2377    Apple's syntax for newer-style bash functions.
 2378 
 2379  * The default password prompt now includes a trailing space after
 2380    "Password:" for consistency with su(1) on most systems.
 2381    Bug #663
 2382 
 2383  * Fixed a problem on DragonFly BSD where SIGCHLD could be ignored,
 2384    preventing sudo from exiting.  Bug #676
 2385 
 2386  * Visudo will now use the optional sudoers_file, sudoers_mode,
 2387    sudoers_uid and sudoers_gid arguments if specified on the
 2388    sudoers.so Plugin line in the sudo.conf file.
 2389 
 2390  * Fixed a problem introduced in sudo 1.8.8 that prevented the full
 2391    host name from being used when the "fqdn" sudoers option is used.
 2392    Bug #678
 2393 
 2394  * French and Russian translations for sudoers from translationproject.org.
 2395 
 2396  * Sudo now installs a handler for SIGCHLD signal handler immediately
 2397    before stating the process that will execute the command (or
 2398    start the monitor).  The handler used to be installed earlier
 2399    but this causes problems with poorly behaved PAM modules that
 2400    install their own SIGCHLD signal handler and neglect to restore
 2401    sudo's original handler.  Bug #657
 2402 
 2403  * Removed a limit on the length of command line arguments expanded
 2404    by a wild card using sudo's version of the fnmatch() function.
 2405    This limit was introduced when sudo's version of fnmatch()
 2406    was replaced in sudo 1.8.4.
 2407 
 2408  * LDAP-based sudoers can now query an LDAP server for a user's
 2409    netgroups directly.  This is often much faster than fetching
 2410    every sudoRole object containing a sudoUser that begins with a
 2411    `+' prefix and checking whether the user is a member of any of
 2412    the returned netgroups.
 2413 
 2414  * The mail_always sudoers option no longer sends mail for "sudo -l"
 2415    or "sudo -v" unless the user is unable to authenticate themselves.
 2416 
 2417  * Fixed a crash when sudo is run with an empty argument vector.
 2418 
 2419  * Fixed two potential crashes when sudo is run with very low
 2420    resource limits.
 2421 
 2422  * The TZ environment variable is now checked for safety instead
 2423    of simply being copied to the environment of the command.
 2424 
 2425 What's new in Sudo 1.8.11p2
 2426 
 2427  * Fixed a bug where dynamic shared objects loaded from a plugin
 2428    could use the hooked version of getenv() but not the hooked
 2429    versions of putenv(), setenv() or unsetenv().  This can cause
 2430    problems for PAM modules that use those functions.
 2431 
 2432 What's new in Sudo 1.8.11p1
 2433 
 2434  * Fixed a compilation problem on some systems when the
 2435    --disable-shared-libutil configure option was specified.
 2436 
 2437  * The user can no longer interrupt the sleep after an incorrect
 2438    password on PAM systems using pam_unix.
 2439    Bug #666
 2440 
 2441  * Fixed a compilation problem on Linux systems that do not use PAM.
 2442    Bug #667
 2443 
 2444  * "make install" will now work with the stock GNU autotools
 2445    install-sh script.  Bug #669
 2446 
 2447  * Fixed a crash with "sudo -i" when the current working directory
 2448    does not exist.  Bug #670
 2449 
 2450  * Fixed a potential crash in the debug subsystem when logging a message
 2451    larger that 1024 bytes.
 2452 
 2453  * Fixed a "make check" failure for ttyname when stdin is closed and
 2454    stdout and stderr are redirected to a different tty.  Bug #643
 2455 
 2456  * Added BASH_FUNC_* to the environment blacklist to match newer-style
 2457    bash functions.
 2458 
 2459 What's new in Sudo 1.8.11
 2460 
 2461  * The sudoers plugin no longer uses setjmp/longjmp to recover
 2462    from fatal errors.  All errors are now propagated to the caller
 2463    via return codes.
 2464 
 2465  * When running a command in the background, sudo will now forward
 2466    SIGINFO to the command (if supported).
 2467 
 2468  * Sudo will now use the system versions of the sha2 functions from
 2469    libc or libmd if available.
 2470 
 2471  * Visudo now works correctly on GNU Hurd.  Bug #647
 2472 
 2473  * Fixed suspend and resume of curses programs on some system when
 2474    the command is not being run in a pseudo-terminal.  Bug #649
 2475 
 2476  * Fixed a crash with LDAP-based sudoers on some systems when
 2477    Kerberos was enabled.
 2478 
 2479  * Sudo now includes optional Solaris audit support.
 2480 
 2481  * Catalan translation for sudoers from translationproject.org.
 2482 
 2483  * Norwegian Bokmaal translation for sudo from translationproject.org.
 2484 
 2485  * Greek translation for sudoers from translationproject.org
 2486 
 2487  * The sudo source tree has been reorganized to more closely resemble
 2488    that of other gettext-enabled packages.
 2489 
 2490  * Sudo and its associated programs now link against a shared version
 2491    of libsudo_util.  The --disable-shared-libutil configure option
 2492    may be used to force static linking if the --enable-static-sudoers
 2493    option is also specified.
 2494 
 2495  * The passwords in ldap.conf and ldap.secret may now be encoded
 2496    in base64.
 2497 
 2498  * Audit updates.  SELinux role changes are now audited.  For
 2499    sudoedit, we now audit the actual editor being run, instead of
 2500    just the sudoedit command.
 2501 
 2502  * Fixed bugs in the man page post-processing that could cause
 2503    portions of the manuals to be removed.
 2504 
 2505  * Fixed a crash in the system_group plugin.  Bug #653.
 2506 
 2507  * Fixed sudoedit on platforms without a system version of the
 2508    getprogname() function.  Bug #654.
 2509 
 2510  * Fixed compilation problems with some pre-C99 compilers.
 2511 
 2512  * Fixed sudo's -C option which was broken in version 1.8.9.
 2513 
 2514  * It is now possible to match an environment variable's value as
 2515    well as its name using env_keep and env_check.  This can be used
 2516    to preserve bash functions which would otherwise be removed from
 2517    the environment.
 2518 
 2519  * New files created via sudoedit as a non-root user now have the
 2520    proper group id.  Bug #656
 2521 
 2522  * Sudoedit now works correctly in conjunction with sudo's SELinux
 2523    RBAC support.  Temporary files are now created with the proper
 2524    security context.
 2525 
 2526  * The sudo I/O logging plugin API has been updated.  If a logging
 2527    function returns an error, the command will be terminated and
 2528    all of the plugin's logging functions will be disabled.  If a
 2529    logging function rejects the command's output it will no longer
 2530    be displayed to the user's terminal.
 2531 
 2532  * Fixed a compilation error on systems that lack openpty(), _getpty()
 2533    and grantpt(). Bug #660
 2534 
 2535  * Fixed a hang when a sudoers source is listed more than once in
 2536    a single sudoers nsswitch.conf entry.
 2537 
 2538  * On AIX, shell scripts without a #! magic number are now passed to
 2539    /usr/bin/sh, not /usr/bin/bsh.  This is consistent with what the
 2540    execvp() function on AIX does and matches historic sudo behavior.
 2541    Bug #661
 2542 
 2543  * Fixed a cross-compilation problem building mksiglist and mksigname.
 2544    Bug #662
 2545 
 2546 What's new in Sudo 1.8.10p3?
 2547 
 2548  * Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
 2549    runaspw or targetpw is set.  Bug #639
 2550 
 2551  * Fixed matching of UIDs and GIDs which was broken in version 1.8.9.
 2552    Bug #640
 2553 
 2554  * PAM credential initialization has been re-enabled.  It was
 2555    unintentionally disabled by default in version 1.8.8.  The way
 2556    credentials are initialized has also been fixed.  Bug #642.
 2557 
 2558  * Fixed a descriptor leak on Linux when determining boot time.  Sudo
 2559    normally closes extra descriptors before running a command so
 2560    the impact is limited.  Bug #645
 2561 
 2562  * Fixed flushing of the last buffer of data when I/O logging is
 2563    enabled.  This bug, introduced in version 1.8.9, could cause
 2564    incomplete command output on some systems.  Bug #646
 2565 
 2566 What's new in Sudo 1.8.10p2?
 2567 
 2568  * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
 2569    is set to zero.
 2570 
 2571 What's new in Sudo 1.8.10p1?
 2572 
 2573  * Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
 2574    of tty-based tickets.
 2575 
 2576  * Fixed a bug with negated commands in "sudo -l command" that
 2577    could cause the command to be listed even when it was explicitly
 2578    denied.  This only affected list mode when a command was specified.
 2579    Bug #636
 2580 
 2581 What's new in Sudo 1.8.10?
 2582 
 2583  * It is now possible to disable network interface probing in
 2584    sudo.conf by changing the value of the probe_interfaces
 2585    setting.
 2586 
 2587  * When listing a user's privileges (sudo -l), the sudoers plugin
 2588    will now prompt for the user's password even if the targetpw,
 2589    rootpw or runaspw options are set.
 2590 
 2591  * The sudoers plugin uses a new format for its time stamp files.
 2592    Each user now has a single file which may contain multiple records
 2593    when per-tty time stamps are in use (the default).  The time
 2594    stamps use a monotonic timer where available and are once again
 2595    located in a directory under /var/run.  The lecture status is
 2596    now stored separately from the time stamps in a different directory.
 2597    Bug #616
 2598 
 2599  * sudo's -K option will now remove all of the user's time stamps,
 2600    not just the time stamp for the current terminal.  The -k option
 2601    can be used to only disable time stamps for the current terminal.
 2602 
 2603  * If sudo was started in the background and needed to prompt for
 2604    a password, it was not possible to suspend it at the password
 2605    prompt.  This now works properly.
 2606 
 2607  * LDAP-based sudoers now uses a default search filter of
 2608    (objectClass=sudoRole) for more efficient queries.  The netgroup
 2609    query has been modified to avoid falling below the minimum length
 2610    for OpenLDAP substring indices.
 2611 
 2612  * The new "use_netgroups" sudoers option can be used to explicitly
 2613    enable or disable netgroups support.  For LDAP-based sudoers,
 2614    netgroup support requires an expensive substring match on the
 2615    server.  If netgroups are not needed, this option can be disabled
 2616    to reduce the load on the LDAP server.
 2617 
 2618  * Sudo is once again able to open the sudoers file when the group
 2619    on sudoers doesn't match the expected value, so long as the file
 2620    is not group writable.
 2621 
 2622  * Sudo now installs an init.d script to clear the time stamp
 2623    directory at boot time on AIX and HP-UX systems.  These systems
 2624    either lack /var/run or do not clear it on boot.
 2625 
 2626  * The JSON format used by "visudo -x" now properly supports the
 2627    negation operator.  In addition, the Options object is now the
 2628    same for both Defaults and Cmnd_Specs.
 2629 
 2630  * Czech and Serbian translations for sudoers from translationproject.org.
 2631 
 2632  * Catalan translation for sudo from translationproject.org.
 2633 
 2634 What's new in Sudo 1.8.9p5?
 2635 
 2636  * Fixed a compilation error on AIX when LDAP support is enabled.
 2637 
 2638  * Fixed parsing of the "umask" defaults setting in sudoers.  Bug #632.
 2639 
 2640  * Fixed a failed assertion when the "closefrom_override" defaults
 2641    setting is enabled in sudoers and sudo's -C flag is used.  Bug #633.
 2642 
 2643 What's new in Sudo 1.8.9p4?
 2644 
 2645  * Fixed a bug where sudo could consume large amounts of CPU while
 2646    the command was running when I/O logging is not enabled.  Bug #631
 2647 
 2648  * Fixed a bug where sudo would exit with an error when the debug
 2649    level is set to util@debug or all@debug and I/O logging is not
 2650    enabled.  The command would continue running after sudo exited.
 2651 
 2652 What's new in Sudo 1.8.9p3?
 2653 
 2654  * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
 2655    from being resolved properly on Linux systems.  Bug #630.
 2656 
 2657 What's new in Sudo 1.8.9p2?
 2658 
 2659  * Updated config.guess, config.sub and libtool to support the ppc64le
 2660    architecture (IBM PowerPC Little Endian).
 2661 
 2662 What's new in Sudo 1.8.9p1?
 2663 
 2664  * Fixed a problem with gcc 4.8's handling of bit fields that could
 2665    lead to the noexec flag being enabled even when it was not
 2666    explicitly set.
 2667 
 2668 What's new in Sudo 1.8.9?
 2669 
 2670  * Reworked sudo's main event loop to use a simple event subsystem
 2671    using poll(2) or select(2) as the back end.
 2672 
 2673  * It is now possible to statically compile the sudoers plugin into
 2674    the sudo binary without disabling shared library support.  The
 2675    sudo.conf file may still be used to configure other plugins.
 2676 
 2677  * Sudo can now be compiled again with a C preprocessor that does
 2678    not support variadic macros.
 2679 
 2680  * Visudo can now export a sudoers file in JSON format using the
 2681    new -x flag.
 2682 
 2683  * The locale is now set correctly again for visudo and sudoreplay.
 2684 
 2685  * The plugin API has been extended to allow the plugin to exclude
 2686    specific file descriptors from the "closefrom" range.
 2687 
 2688  * There is now a workaround for a Solaris-specific problem where
 2689    NOEXEC was overriding traditional root DAC behavior.
 2690 
 2691  * Add user netgroup filtering for SSSD. Previously, rules for
 2692    a netgroup were applied to all even when they did not belong
 2693    to the specified netgroup.
 2694 
 2695  * On systems with BSD login classes, if the user specified a group
 2696    (not a user) to run the command as, it was possible to specify
 2697    a different login class even when the command was not run as the
 2698    super user.
 2699 
 2700  * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
 2701 
 2702  * Fixed a bug where sudoedit would not update the original file
 2703    from the temporary when PAM or I/O logging is not enabled.
 2704 
 2705  * When recycling I/O logs, the log files are now truncated properly.
 2706 
 2707  * Fixes bugs #617, #621, #622, #623, #624, #625, #626
 2708 
 2709 What's new in Sudo 1.8.8?
 2710 
 2711  * Removed a warning on PAM systems with stacked auth modules
 2712    where the first module on the stack does not succeed.
 2713 
 2714  * Sudo, sudoreplay and visudo now support GNU-style long options.
 2715 
 2716  * The -h (--host) option may now be used to specify a host name.
 2717    This is currently only used by the sudoers plugin in conjunction
 2718    with the -l (--list) option.
 2719 
 2720  * Program usage messages and manual SYNOPSIS sections have been
 2721    simplified.
 2722 
 2723  * Sudo's LDAP SASL support now works properly with Kerberos.
 2724    Previously, the SASL library was unable to locate the user's
 2725    credential cache.
 2726 
 2727  * It is now possible to set the nproc resource limit to unlimited
 2728    via pam_limits on Linux (bug #565).
 2729 
 2730  * New "pam_service" and "pam_login_service" sudoers options
 2731    that can be used to specify the PAM service name to use.
 2732 
 2733  * New "pam_session" and "pam_setcred" sudoers options that
 2734    can be used to disable PAM session and credential support.
 2735 
 2736  * The sudoers plugin now properly supports UIDs and GIDs
 2737    that are larger than 0x7fffffff on 32-bit platforms.
 2738 
 2739  * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
 2740    Defaults entries would cause an internal error.
 2741 
 2742  * If the "tty_tickets" sudoers option is enabled (the default),
 2743    but there is no tty present, sudo will now use a ticket file
 2744    based on the parent process ID.  This makes it possible to support
 2745    the normal timeout behavior for the session.
 2746 
 2747  * Fixed a problem running commands that change their process
 2748    group and then attempt to change the terminal settings when not
 2749    running the command in a pseudo-terminal.  Previously, the process
 2750    would receive SIGTTOU since it was effectively a background
 2751    process.  Sudo will now grant the child the controlling tty and
 2752    continue it when this happens.
 2753 
 2754  * The "closefrom_override" sudoers option may now be used in
 2755    a command-specified Defaults entry (bug #610).
 2756 
 2757  * Sudo's BSM audit support now works on Solaris 11.
 2758 
 2759  * Brazilian Portuguese translation for sudo and sudoers from
 2760    translationproject.org.
 2761 
 2762  * Czech translation for sudo from translationproject.org.
 2763 
 2764  * French translation for sudo from translationproject.org.
 2765 
 2766  * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
 2767    symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
 2768    which causes issues with some programs.
 2769 
 2770  * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
 2771 
 2772  * Root may no longer change its SELinux role without entering
 2773    a password.
 2774 
 2775  * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
 2776    to the I/O log timing file are two greater than they should be.
 2777    Sudoreplay now contains a work-around to parse those files.
 2778 
 2779  * In sudoreplay's list mode, the "this" qualifier in "fromdate"
 2780    or "todate" expressions now behaves more sensibly.  Previously,
 2781    it would often match a date that was "one more" than expected.
 2782    For example, "this week" now matches the current week instead
 2783    of the following week.
 2784 
 2785 What's new in Sudo 1.8.7?
 2786 
 2787  * The non-Unix group plugin is now supported when sudoers data
 2788    is stored in LDAP.
 2789 
 2790  * Sudo now uses a workaround for a locale bug on Solaris 11.0
 2791    that prevents setuid programs like sudo from fully using locales.
 2792 
 2793  * User messages are now always displayed in the user's locale,
 2794    even when the same message is being logged or mailed in a
 2795    different locale.
 2796 
 2797  * Log files created by sudo now explicitly have the group set
 2798    to group ID 0 rather than relying on BSD group semantics (which
 2799    may not be the default).
 2800 
 2801  * A new "exec_background" sudoers option can be used to initially
 2802    run the command without read access to the terminal when running
 2803    a command in a pseudo-tty.  If the command tries to read from
 2804    the terminal it will be stopped by the kernel (via SIGTTIN or
 2805    SIGTTOU) and sudo will immediately restart it as the foreground
 2806    process (if possible).  This allows sudo to only pass terminal
 2807    input to the program if the program actually is expecting it.
 2808    Unfortunately, a few poorly-behaved programs (like "su" on most
 2809    Linux systems) do not handle SIGTTIN and SIGTTOU properly.
 2810 
 2811  * Sudo now uses an efficient group query to get all the groups
 2812    for a user instead of iterating over every record in the group
 2813    database on HP-UX and Solaris.
 2814 
 2815  * Sudo now produces better error messages when there is an error
 2816    in the sudo.conf file.
 2817 
 2818  * Two new settings have been added to sudo.conf to give the admin
 2819    better control of how group database queries are performed.  The
 2820    "group_source" specifies how the group list for a user will be
 2821    determined.  Legal values are "static" (use the kernel groups
 2822    list), "dynamic" (perform a group database query) and "adaptive"
 2823    (only perform a group database query if the kernel list is full).
 2824    The "max_groups" setting specifies the maximum number of groups
 2825    a user may belong to when performing a group database query.
 2826 
 2827  * The sudo.conf file now supports line continuation by using a
 2828    backslash as the last character on the line.
 2829 
 2830  * There is now a standalone sudo.conf manual page.
 2831 
 2832  * Sudo now stores its libexec files in a "sudo" sub-directory instead
 2833    of in libexec itself. For backward compatibility, if the plugin
 2834    is not found in the default plugin directory, sudo will check
 2835    the parent directory if the default directory ends in "/sudo".
 2836 
 2837  * The sudoers I/O logging plugin now logs the terminal size.
 2838 
 2839  * A new sudoers option "maxseq" can be used to limit the number of
 2840    I/O log entries that are stored.
 2841 
 2842  * The "system_group" and "group_file" sudoers group provider plugins
 2843    are now installed by default.
 2844 
 2845  * The list output (sudo -l) output from the sudoers plugin is now
 2846    less ambiguous when an entry includes different runas users.
 2847    The long list output (sudo -ll) for file-based sudoers is now
 2848    more consistent with the format of LDAP-based sudoers.
 2849 
 2850  * A UID may now be used in the sudoRunAsUser attributes for LDAP
 2851    sudoers.
 2852 
 2853  * Minor plugin API change: the close and version functions are now
 2854    optional.  If the policy plugin does not provide a close function
 2855    and the command is not being run in a new pseudo-tty, sudo may
 2856    now execute the command directly instead of in a child process.
 2857 
 2858  * A new sudoers option "pam_session" can be used to disable sudo's
 2859    PAM session support.
 2860 
 2861  * On HP-UX systems, sudo will now use the pstat() function to
 2862    determine the tty instead of ttyname().
 2863 
 2864  * Turkish translation for sudo and sudoers from translationproject.org.
 2865 
 2866  * Dutch translation for sudo and sudoers from translationproject.org.
 2867 
 2868  * Tivoli Directory Server client libraries may now be used with
 2869    HP-UX where libibmldap has a hidden dependency on libCsup.
 2870 
 2871  * The sudoers plugin will now ignore invalid domain names when
 2872    checking netgroup membership.  Most Linux systems use the string
 2873    "(none)" for the NIS-style domain name instead of an empty string.
 2874 
 2875  * New support for specifying a SHA-2 digest along with the command
 2876    in sudoers.  Supported hash types are sha224, sha256, sha384 and
 2877    sha512.  See the description of Digest_Spec in the sudoers manual
 2878    or the description of sudoCommand in the sudoers.ldap manual for
 2879    details.
 2880 
 2881  * The paths to ldap.conf and ldap.secret may now be specified as
 2882    arguments to the sudoers plugin in the sudo.conf file.
 2883 
 2884  * Fixed potential false positives in visudo's alias cycle detection.
 2885 
 2886  * Fixed a problem where the time stamp file was being treated
 2887    as out of date on Linux systems where the change time on the
 2888    pseudo-tty device node can change after it is allocated.
 2889 
 2890  * Sudo now only builds Position Independent Executables (PIE)
 2891    by default on Linux systems and verifies that a trivial test
 2892    program builds and runs.
 2893 
 2894  * On Solaris 11.1 and higher, sudo binaries will now have the
 2895    ASLR tag enabled if supported by the linker.
 2896 
 2897 What's new in Sudo 1.8.6p8?
 2898 
 2899  * Terminal detection now works properly on 64-bit AIX kernels.
 2900    This was broken by the removal of the ttyname() fallback in Sudo
 2901    1.8.6p6.  Sudo is now able to map an AIX 64-bit device number
 2902    to the corresponding device file in /dev.
 2903 
 2904  * Sudo now checks for crypt() returning NULL when performing
 2905    passwd-based authentication.
 2906 
 2907 What's new in Sudo 1.8.6p7?
 2908 
 2909  * A time stamp file with the date set to the epoch by "sudo -k"
 2910    is now completely ignored regardless of what the local clock is
 2911    set to.  Previously, if the local clock was set to a value between
 2912    the epoch and the time stamp timeout value, a time stamp reset
 2913    by "sudo -k" would be considered current.
 2914 
 2915  * The tty-specific time stamp file now includes the session ID
 2916    of the sudo process that created it.  If a process with the same
 2917    tty but a different session ID runs sudo, the user will now be
 2918    prompted for a password (assuming authentication is required for
 2919    the command).
 2920 
 2921 What's new in Sudo 1.8.6p6?
 2922 
 2923  * On systems where the controlling tty can be determined via /proc
 2924    or sysctl(), sudo will no longer fall back to using ttyname()
 2925    if the process has no controlling tty.  This prevents sudo from
 2926    using a non-controlling tty for logging and time stamp purposes.
 2927 
 2928 What's new in Sudo 1.8.6p5?
 2929 
 2930  * Fixed a potential crash in visudo's alias cycle detection.
 2931 
 2932  * Improved performance on Solaris when retrieving the group list
 2933    for the target user.  On systems with a large number of groups
 2934    where the group database is not local (NIS, LDAP, AD), fetching
 2935    the group list could take a minute or more.
 2936 
 2937 What's new in Sudo 1.8.6p4?
 2938 
 2939  * The -fstack-protector is now used when linking visudo, sudoreplay
 2940    and testsudoers.
 2941 
 2942  * Avoid building PIE binaries on FreeBSD/ia64 as they don't run
 2943    properly.
 2944 
 2945  * Fixed a crash in visudo strict mode when an unknown Defaults
 2946    setting is encountered.
 2947 
 2948  * Do not inform the user that the command was not permitted by the
 2949    policy if they do not successfully authenticate. This is a
 2950    regression introduced in sudo 1.8.6.
 2951 
 2952  * Allow sudo to be build with sss support without also including
 2953    ldap support.
 2954 
 2955  * Fixed running commands that need the terminal in the background
 2956    when I/O logging is enabled. E.g. "sudo vi &". When the command
 2957    is foregrounded, it will now resume properly.
 2958 
 2959 What's new in Sudo 1.8.6p3?
 2960 
 2961  * Fixed post-processing of the man pages on systems with legacy
 2962    versions of sed.
 2963 
 2964  * Fixed "sudoreplay -l" on Linux systems with file systems that
 2965    set DT_UNKNOWN in the d_type field of struct dirent.
 2966 
 2967 What's new in Sudo 1.8.6p2?
 2968 
 2969  * Fixed suspending a command after it has already been resumed
 2970    once when I/O logging (or use_pty) is not enabled.
 2971    This was a regression introduced in version 1.8.6.
 2972 
 2973 What's new in Sudo 1.8.6p1?
 2974 
 2975  * Fixed the setting of LOGNAME, USER and USERNAME variables in the
 2976    command's environment when env_reset is enabled (the default).
 2977    This was a regression introduced in version 1.8.6.
 2978 
 2979  * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
 2980 
 2981 What's new in Sudo 1.8.6?
 2982 
 2983  * Sudo is now built with the -fstack-protector flag if the the
 2984    compiler supports it.  Also, the -zrelro linker flag is used if
 2985    supported.  The --disable-hardening configure option can be used
 2986    to build sudo without stack smashing protection.
 2987 
 2988  * Sudo is now built as a Position Independent Executable (PIE)
 2989    if supported by the compiler and linker.
 2990 
 2991  * If the user is a member of the "exempt" group in sudoers, they
 2992    will no longer be prompted for a password even if the -k flag
 2993    is specified with the command.  This makes "sudo -k command"
 2994    consistent with the behavior one would get if the user ran "sudo
 2995    -k" immediately before running the command.
 2996 
 2997  * The sudoers file may now be a symbolic link.  Previously, sudo
 2998    would refuse to read sudoers unless it was a regular file.
 2999 
 3000  * The sudoreplay command can now properly replay sessions where
 3001    no tty was present.
 3002 
 3003  * The sudoers plugin now takes advantage of symbol visibility
 3004    controls when supported by the compiler or linker.  As a result,
 3005    only a small number of symbols are exported which significantly
 3006    reduces the chances of a conflict with other shared objects.
 3007 
 3008  * Improved support for the Tivoli Directory Server LDAP client
 3009    libraries.  This includes support for using LDAP over SSL (ldaps)
 3010    as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
 3011    ldap.conf options.  A new ldap.conf option, TLS_KEYPW can be
 3012    used to specify a password to decrypt the key database.
 3013 
 3014  * When constructing a time filter for use with LDAP sudoNotBefore
 3015    and sudoNotAfter attributes, the current time now includes tenths
 3016    of a second.  This fixes a problem with timed entries on Active
 3017    Directory.
 3018 
 3019  * If a user fails to authenticate and the command would be rejected
 3020    by sudoers, it is now logged with "command not allowed" instead
 3021    of "N incorrect password attempts".  Likewise, the "mail_no_perms"
 3022    sudoers option now takes precedence over "mail_badpass".
 3023 
 3024  * The sudo manuals are now formatted using the mdoc macros.  Versions
 3025    using the legacy man macros are provided for systems that lack mdoc.
 3026 
 3027  * New support for Solaris privilege sets.  This makes it possible
 3028    to specify fine-grained privileges in the sudoers file on Solaris
 3029    10 and above.  A Runas_Spec that contains no Runas_Lists can be
 3030    used to give a user the ability to run a command as themselves
 3031    but with an expanded privilege set.
 3032 
 3033  * Fixed a problem with the reboot and shutdown commands on some
 3034    systems (such as HP-UX and BSD).  On these systems, reboot sends
 3035    all processes (except itself) SIGTERM.  When sudo received
 3036    SIGTERM, it would relay it to the reboot process, thus killing
 3037    reboot before it had a chance to actually reboot the system.
 3038 
 3039  * Support for using the System Security Services Daemon (SSSD) as
 3040    a source of sudoers data.
 3041 
 3042  * Slovenian translation for sudo and sudoers from translationproject.org.
 3043 
 3044  * Visudo will now warn about unknown Defaults entries that are
 3045    per-host, per-user, per-runas or per-command.
 3046 
 3047  * Fixed a race condition that could cause sudo to receive SIGTTOU
 3048    (and stop) when resuming a shell that was run via sudo when I/O
 3049    logging (and use_pty) is not enabled.
 3050 
 3051  * Sending SIGTSTP directly to the sudo process will now suspend the
 3052    running command when I/O logging (and use_pty) is not enabled.
 3053 
 3054 What's new in Sudo 1.8.5p3?
 3055 
 3056  * Fixed the loading of I/O plugins that conform to a plugin API
 3057    version older than 1.2.
 3058 
 3059 What's new in Sudo 1.8.5p2?
 3060 
 3061  * Fixed use of the SUDO_ASKPASS environment variable which was
 3062    broken in Sudo 1.8.5.
 3063 
 3064  * Fixed a problem reading the sudoers file when the file mode is
 3065    more restrictive than the expected mode.  For example, when the
 3066    expected sudoers file mode is 0440 but the actual mode is 0400.
 3067 
 3068 What's new in Sudo 1.8.5p1?
 3069 
 3070  * Fixed a bug that prevented files in an include directory from
 3071    being evaluated.
 3072 
 3073 What's new in Sudo 1.8.5?
 3074 
 3075  * When "noexec" is enabled, sudo_noexec.so will now be prepended
 3076    to any existing LD_PRELOAD variable instead of replacing it.
 3077 
 3078  * The sudo_noexec.so shared library now wraps the execvpe(),
 3079    exect(), posix_spawn() and posix_spawnp() functions.
 3080 
 3081  * The user/group/mode checks on sudoers files have been relaxed.
 3082    As long as the file is owned by the sudoers UID, not world-writable
 3083    and not writable by a group other than the sudoers GID, the file
 3084    is considered OK.  Note that visudo will still set the mode to
 3085    the value specified at configure time.
 3086 
 3087  * It is now possible to specify the sudoers path, UID, GID and
 3088    file mode as options to the plugin in the sudo.conf file.
 3089 
 3090  * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
 3091    translations from translationproject.org.
 3092 
 3093  * /etc/environment is no longer read directly on Linux systems
 3094    when PAM is used.  Sudo now merges the PAM environment into the
 3095    user's environment which is typically set by the pam_env module.
 3096 
 3097  * The initial environment created when env_reset is in effect now
 3098    includes the contents of /etc/environment on AIX systems and the
 3099    "setenv" and "path" entries from /etc/login.conf on BSD systems.
 3100 
 3101  * The plugin API has been extended in three ways.  First, options
 3102    specified in sudo.conf after the plugin pathname are passed to
 3103    the plugin's open function.  Second, sudo has limited support
 3104    for hooks that can be used by plugins.  Currently, the hooks are
 3105    limited to environment handling functions.  Third, the init_session
 3106    policy plugin function is passed a pointer to the user environment
 3107    which can be updated during session setup.  The plugin API version
 3108    has been incremented to version 1.2.  See the sudo_plugin manual
 3109    for more information.
 3110 
 3111  * The policy plugin's init_session function is now called by the
 3112    parent sudo process, not the child process that executes the
 3113    command.  This allows the PAM session to be open and closed in
 3114    the same process, which some PAM modules require.
 3115 
 3116  * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
 3117    which was broken in version 1.8.4.
 3118 
 3119  * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
 3120    file is now uses to determine the controlling terminal, if possible.
 3121    This allows tty-based tickets to work properly even when, e.g.
 3122    standard input, output and error are redirected to /dev/null.
 3123 
 3124  * The output of "sudoreplay -l" is now sorted by file name (or
 3125    sequence number).  Previously, entries were displayed in the
 3126    order in which they were found on the file system.
 3127 
 3128  * Sudo now behaves properly when I/O logging is enabled and the
 3129    controlling terminal is revoked (e.g. the running sshd is killed).
 3130    Previously, sudo may have exited without calling the I/O plugin's
 3131    close function which can lead to an incomplete I/O log.
 3132 
 3133  * Sudo can now detect when a user has logged out and back in again
 3134    on Solaris 11, just like it can on Solaris 10.
 3135 
 3136  * The built-in zlib included with Sudo has been upgraded to version
 3137    1.2.6.
 3138 
 3139  * Setting the SSL parameter to start_tls in ldap.conf now works
 3140    properly when using Mozilla-based SDKs that support the
 3141    ldap_start_tls_s() function.
 3142 
 3143  * The TLS_CHECKPEER parameter in ldap.conf now works when the
 3144    Mozilla NSS crypto back-end is used with OpenLDAP.
 3145 
 3146  * A new group provider plugin, system_group, is included which
 3147    performs group look ups by name using the system groups database.
 3148    This can be used to restore the pre-1.7.3 sudo group lookup
 3149    behavior.
 3150 
 3151 What's new in Sudo 1.8.4p5?
 3152 
 3153  * Fixed a bug when matching against an IP address with an associated
 3154    netmask in the sudoers file.  In certain circumstances, this
 3155    could allow users to run commands on hosts they are not authorized
 3156    for.
 3157 
 3158 What's new in Sudo 1.8.4p4?
 3159 
 3160  * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
 3161    from working.
 3162 
 3163 What's new in Sudo 1.8.4p3?
 3164 
 3165  * Fixed a crash on FreeBSD when no tty is present.
 3166 
 3167  * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
 3168    specify environment variables to set on the command line without
 3169    having sudo "ALL" permissions or the "SETENV" tag.
 3170 
 3171  * When visudo is run with the -c (check) option, the sudoers
 3172    file(s) owner and mode are now also checked unless the -f option
 3173    was specified.
 3174 
 3175 What's new in Sudo 1.8.4p2?
 3176 
 3177  * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
 3178    was allocated for group IDs in the LDAP filter.
 3179 
 3180  * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
 3181    was "/sudo.conf" instead of "/etc/sudo.conf".
 3182 
 3183  * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
 3184    when I/O logging is enabled and input is from a pipe or file.
 3185 
 3186 What's new in Sudo 1.8.4p1?
 3187 
 3188  * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
 3189    deleting from the env_keep, env_check and env_delete lists in
 3190    sudoers on some platforms.
 3191 
 3192 What's new in Sudo 1.8.4?
 3193 
 3194  * The -D flag in sudo has been replaced with a more general debugging
 3195    framework that is configured in sudo.conf.
 3196 
 3197  * Fixed a false positive in visudo strict mode when aliases are
 3198    in use.
 3199 
 3200  * Fixed a crash with "sudo -i" when a runas group was specified
 3201    without a runas user.
 3202 
 3203  * The line on which a syntax error is reported in the sudoers file
 3204    is now more accurate.  Previously it was often off by a line.
 3205 
 3206  * Fixed a bug where stack garbage could be printed at the end of
 3207    the lecture when the "lecture_file" option was enabled.
 3208 
 3209  * "make install" now honors the LINGUAS environment variable.
 3210 
 3211  * The #include and #includedir directives in sudoers now support
 3212    relative paths.  If the path is not fully qualified it is expected
 3213    to be located in the same directory of the sudoers file that is
 3214    including it.
 3215 
 3216  * Serbian and Spanish translations for sudo from translationproject.org.
 3217 
 3218  * LDAP-based sudoers may now access by group ID in addition to
 3219    group name.
 3220 
 3221  * visudo will now fix the mode on the sudoers file even if no changes
 3222    are made unless the -f option is specified.
 3223 
 3224  * The "use_loginclass" sudoers option works properly again.
 3225 
 3226  * On systems that use login.conf, "sudo -i" now sets environment
 3227    variables based on login.conf.
 3228 
 3229  * For LDAP-based sudoers, values in the search expression are now
 3230    escaped as per RFC 4515.
 3231 
 3232  * The plugin close function is now properly called when a login
 3233    session is killed (as opposed to the actual command being killed).
 3234    This can happen when an ssh session is disconnected or the
 3235    terminal window is closed.
 3236 
 3237  * The deprecated "noexec_file" sudoers option is no longer supported.
 3238 
 3239  * Fixed a race condition when I/O logging is not enabled that could
 3240    result in tty-generated signals (e.g. control-C) being received
 3241    by the command twice.
 3242 
 3243  * If none of the standard input, output or error are connected to
 3244    a tty device, sudo will now check its parent's standard input,
 3245    output or error for the tty name on systems with /proc and BSD
 3246    systems that support the KERN_PROC_PID sysctl.  This allows
 3247    tty-based tickets to work properly even when, e.g. standard
 3248    input, output and error are redirected to /dev/null.
 3249 
 3250  * Added the --enable-kerb5-instance configure option to allow
 3251    people using Kerberos V authentication to specify a custom
 3252    instance so the principal name can be, e.g. "username/sudo"
 3253    similar to how ksu uses "username/root".
 3254 
 3255  * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
 3256    the results, which would be incorrectly be interpreted as if the
 3257    sudoers file had specified a directory.
 3258 
 3259  * "visudo -c" will now list any include files that were checked
 3260    in addition to the main sudoers file when everything parses OK.
 3261 
 3262  * Users that only have read-only access to the sudoers file may
 3263    now run "visudo -c".  Previously, write permissions were required
 3264    even though no writing is down in check-only mode.
 3265 
 3266  * It is now possible to prevent the disabling of core dumps from
 3267    within sudo itself by adding a line to the sudo.conf file like
 3268    "Set disable_coredump false".
 3269 
 3270 What's new in Sudo 1.8.3p2?
 3271 
 3272  * Fixed a format string vulnerability when the sudo binary (or a
 3273    symbolic link to the sudo binary) contains printf format escapes
 3274    and the -D (debugging) flag is used.
 3275 
 3276 What's new in Sudo 1.8.3p1?
 3277 
 3278  * Fixed a crash in the monitor process on Solaris when NOPASSWD
 3279    was specified or when authentication was disabled.
 3280 
 3281  * Fixed matching of a Runas_Alias in the group section of a
 3282    Runas_Spec.
 3283 
 3284 What's new in Sudo 1.8.3?
 3285 
 3286  * Fixed expansion of strftime() escape sequences in the "log_dir"
 3287    sudoers setting.
 3288 
 3289  * Esperanto, Italian and Japanese translations from translationproject.org.
 3290 
 3291  * Sudo will now use PAM by default on AIX 6 and higher.
 3292 
 3293  * Added --enable-werror configure option for gcc's -Werror flag.
 3294 
 3295  * Visudo no longer assumes all editors support the +linenumber
 3296    command line argument.  It now uses a allowlist of editors known
 3297    to support the option.
 3298 
 3299  * Fixed matching of network addresses when a netmask is specified
 3300    but the address is not the first one in the CIDR block.
 3301 
 3302  * The configure script now check whether or not errno.h declares
 3303    the errno variable.  Previously, sudo would always declare errno
 3304    itself for older systems that don't declare it in errno.h.
 3305 
 3306  * The NOPASSWD tag is now honored for denied commands too, which
 3307    matches historic sudo behavior (prior to sudo 1.7.0).
 3308 
 3309  * Sudo now honors the "DEREF" setting in ldap.conf which controls
 3310    how alias dereferencing is done during an LDAP search.
 3311 
 3312  * A symbol conflict with the pam_ssh_agent_auth PAM module that
 3313    would cause a crash been resolved.
 3314 
 3315  * The inability to load a group provider plugin is no longer
 3316    a fatal error.
 3317 
 3318  * A potential crash in the utmp handling code has been fixed.
 3319 
 3320  * Two PAM session issues have been resolved.  In previous versions
 3321    of sudo, the PAM session was opened as one user and closed as
 3322    another.  Additionally, if no authentication was performed, the
 3323    PAM session would never be closed.
 3324 
 3325  * Sudo will now work correctly with LDAP-based sudoers using TLS
 3326    or SSL on Debian systems.
 3327 
 3328  * The LOGNAME, USER and USERNAME environment variables are preserved
 3329    correctly again in sudoedit mode.
 3330 
 3331 What's new in Sudo 1.8.2?
 3332 
 3333  * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
 3334    language support (NLS). This can be disabled by passing configure
 3335    the --disable-nls option.  Sudo will use gettext(), if available,
 3336    to display translated messages.  All translations are coordinated
 3337    via The Translation Project, https://translationproject.org/.
 3338 
 3339  * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
 3340    RTLD_LOCAL.  This fixes missing symbol problems in PAM modules
 3341    on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
 3342 
 3343  * I/O logging is now supported for commands run in background mode
 3344    (using sudo's -b flag).
 3345 
 3346  * Group ownership of the sudoers file is now only enforced when
 3347    the file mode on sudoers allows group readability or writability.
 3348 
 3349  * Visudo now checks the contents of an alias and warns about cycles
 3350    when the alias is expanded.
 3351 
 3352  * If the user specifies a group via sudo's -g option that matches
 3353    the target user's group in the password database, it is now
 3354    allowed even if no groups are present in the Runas_Spec.
 3355 
 3356  * The sudo Makefiles now have more complete dependencies which are
 3357    automatically generated instead of being maintained manually.
 3358 
 3359  * The "use_pty" sudoers option is now correctly passed back to the
 3360    sudo front end.  This was missing in previous versions of sudo
 3361    1.8 which prevented "use_pty" from being honored.
 3362 
 3363  * "sudo -i command" now works correctly with the bash version
 3364    2.0 and higher.  Previously, the .bash_profile would not be
 3365    sourced prior to running the command unless bash was built with
 3366    NON_INTERACTIVE_LOGIN_SHELLS defined.
 3367 
 3368  * When matching groups in the sudoers file, sudo will now match
 3369    based on the name of the group instead of the group ID. This can
 3370    substantially reduce the number of group lookups for sudoers
 3371    files that contain a large number of groups.
 3372 
 3373  * Multi-factor authentication is now supported on AIX.
 3374 
 3375  * Added support for non-RFC 4517 compliant LDAP servers that require
 3376    that seconds be present in a timestamp, such as Tivoli Directory Server.
 3377 
 3378  * If the group vector is to be preserved, the PATH search for the
 3379    command is now done with the user's original group vector.
 3380 
 3381  * For LDAP-based sudoers, the "runas_default" sudoOption now works
 3382    properly in a sudoRole that contains a sudoCommand.
 3383 
 3384  * Spaces in command line arguments for "sudo -s" and "sudo -i" are
 3385    now escaped with a backslash when checking the security policy.
 3386 
 3387 What's new in Sudo 1.8.1p2?
 3388 
 3389  * Two-character CIDR-style IPv4 netmasks are now matched correctly
 3390    in the sudoers file.
 3391 
 3392  * A build error with MIT Kerberos V has been resolved.
 3393 
 3394  * A crash on HP-UX in the sudoers plugin when wildcards are
 3395    present in the sudoers file has been resolved.
 3396 
 3397  * Sudo now works correctly on Tru64 Unix again.
 3398 
 3399 What's new in Sudo 1.8.1p1?
 3400 
 3401  * Fixed a problem on AIX where sudo was unable to set the final
 3402    UID if the PAM module modified the effective UID.
 3403 
 3404  * A non-existent includedir is now treated the same as an empty
 3405    directory and not reported as an error.
 3406 
 3407  * Removed extraneous parens in LDAP filter when sudoers_search_filter
 3408    is enabled that can cause an LDAP search error.
 3409 
 3410  * Fixed a "make -j" problem for "make install".
 3411 
 3412 What's new in Sudo 1.8.1?
 3413 
 3414  * A new LDAP setting, sudoers_search_filter, has been added to
 3415    ldap.conf.  This setting can be used to restrict the set of
 3416    records returned by the LDAP query.  Based on changes from Matthew
 3417    Thomas.
 3418 
 3419  * White space is now permitted within a User_List when used in
 3420    conjunction with a per-user Defaults definition.
 3421 
 3422  * A group ID (%#GID) may now be specified in a User_List or Runas_List.
 3423    Likewise, for non-Unix groups the syntax is %:#GID.
 3424 
 3425  * Support for double-quoted words in the sudoers file has been fixed.
 3426    The change in 1.7.5 for escaping the double quote character
 3427    caused the double quoting to only be available at the beginning
 3428    of an entry.
 3429 
 3430  * The fix for resuming a suspended shell in 1.7.5 caused problems
 3431    with resuming non-shells on Linux.  Sudo will now save the process
 3432    group ID of the program it is running on suspend and restore it
 3433    when resuming, which fixes both problems.
 3434 
 3435  * A bug that could result in corrupted output in "sudo -l" has been
 3436    fixed.
 3437 
 3438  * Sudo will now create an entry in the utmp (or utmpx) file when
 3439    allocating a pseudo-tty (e.g. when logging I/O).  The "set_utmp"
 3440    and "utmp_runas" sudoers file options can be used to control this.
 3441    Other policy plugins may use the "set_utmp" and "utmp_user"
 3442    entries in the command_info list.
 3443 
 3444  * The sudoers policy now stores the TSID field in the logs
 3445    even when the "iolog_file" sudoers option is defined to a value
 3446    other than %{sessid}.  Previously, the TSID field was only
 3447    included in the log file when the "iolog_file" option was set
 3448    to its default value.
 3449 
 3450  * The sudoreplay utility now supports arbitrary session IDs.
 3451    Previously, it would only work with the base-36 session IDs
 3452    that the sudoers plugin uses by default.
 3453 
 3454  * Sudo now passes "run_shell=true" to the policy plugin in the
 3455    settings list when sudo's -s command line option is specified.
 3456    The sudoers policy plugin uses this to implement the "set_home"
 3457    sudoers option which was missing from sudo 1.8.0.
 3458 
 3459  * The "noexec" functionality has been moved out of the sudoers
 3460    policy plugin and into the sudo front-end, which matches the
 3461    behavior documented in the plugin writer's guide.  As a result,
 3462    the path to the noexec file is now specified in the sudo.conf
 3463    file instead of the sudoers file.
 3464 
 3465  * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
 3466    implement the "noexec" feature.  Previously, this was implemented
 3467    via the LD_PRELOAD environment variable.
 3468 
 3469  * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
 3470    have been fixed in the sudoers policy plugin.
 3471 
 3472  * The sudoers policy plugin now passes the login class, if any,
 3473    back to the sudo front-end.
 3474 
 3475  * The sudoers policy plugin was not being linked with requisite
 3476    libraries in certain configurations.
 3477 
 3478  * Sudo now parses command line arguments before loading any plugins.
 3479    This allows "sudo -V" or "sudo -h" to work even if there is a problem
 3480    with sudo.conf
 3481 
 3482  * Plugins are now linked with the static version of libgcc to allow
 3483    the plugin to run on a system where no shared libgcc is installed,
 3484    or where it is installed in a different location.
 3485 
 3486 What's new in Sudo 1.8.0?
 3487 
 3488  * Sudo has been refactored to use a modular framework that can
 3489    support third-party policy and I/O logging plugins.  The default
 3490    plugin is "sudoers" which provides the traditional sudo functionality.
 3491    See the sudo_plugin manual for details on the plugin API and the
 3492    sample in the plugins directory for a simple example.
 3493 
 3494 What's new in Sudo 1.7.5?
 3495 
 3496  * When using visudo in check mode, a file named "-" may be used to
 3497    check sudoers data on the standard input.
 3498 
 3499  * Sudo now only fetches shadow password entries when using the
 3500    password database directly for authentication.
 3501 
 3502  * Password and group entries are now cached using the same key
 3503    that was used to look them up.  This fixes a problem when looking
 3504    up entries by name if the name in the retrieved entry does not
 3505    match the name used to look it up.  This may happen on some systems
 3506    that do case insensitive lookups or that truncate long names.
 3507 
 3508  * GCC will no longer display warnings on glibc systems that use
 3509    the warn_unused_result attribute for write(2) and other system calls.
 3510 
 3511  * If a PAM account management module denies access, sudo now prints
 3512    a more useful error message and stops trying to validate the user.
 3513 
 3514  * Fixed a potential hang on idle systems when the sudo-run process
 3515    exits immediately.
 3516 
 3517  * Sudo now includes a copy of zlib that will be used on systems
 3518    that do not have zlib installed.
 3519 
 3520  * The --with-umask-override configure flag has been added to enable
 3521    the "umask_override" sudoers Defaults option at build time.
 3522 
 3523  * Sudo now unblocks all signals on startup to avoid problems caused
 3524    by the parent process changing the default signal mask.
 3525 
 3526  * LDAP Sudoers entries may now specify a time period for which
 3527    the entry is valid.  This requires an updated sudoers schema
 3528    that includes the sudoNotBefore and sudoNotAfter attributes.
 3529    Support for timed entries must be explicitly enabled in the
 3530    ldap.conf file.  Based on changes from Andreas Mueller.
 3531 
 3532  * LDAP Sudoers entries may now specify a sudoOrder attribute that
 3533    determines the order in which matching entries are applied.  The
 3534    last matching entry is used, just like file-based sudoers.  This
 3535    requires an updated sudoers schema that includes the sudoOrder
 3536    attribute.  Based on changes from Andreas Mueller.
 3537 
 3538  * When run as sudoedit, or when given the -e flag, sudo now treats
 3539    command line arguments as pathnames.  This means that slashes
 3540    in the sudoers file entry must explicitly match slashes in
 3541    the command line arguments.  As a result, and entry such as:
 3542 	user ALL = sudoedit /etc/*
 3543    will allow editing of /etc/motd but not /etc/security/default.
 3544 
 3545  * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
 3546    compatibility with OpenLDAP configuration files.
 3547 
 3548  * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
 3549 
 3550  * The I/O log directory may now be specified in the sudoers file.
 3551 
 3552  * Sudo will no longer refuse to run if the sudoers file is writable
 3553    by root.
 3554 
 3555  * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
 3556    after validating the command so the sudoers entries do not need
 3557    to include the backslashes.
 3558 
 3559  * Logging and email sending are now done in the locale specified
 3560    by the "sudoers_locale" setting ("C" by default).  Email send by
 3561    sudo now includes MIME headers when "sudoers_locale" is not "C".
 3562 
 3563  * The configure script has a new option, --disable-env-reset, to
 3564    allow one to change the default for the sudoers Default setting
 3565    "env_reset" at compile time.
 3566 
 3567  * When logging "sudo -l command", sudo will now prepend "list "
 3568    to the command in the log line to distinguish between an
 3569    actual command invocation in the logs.
 3570 
 3571  * Double-quoted group and user names may now include escaped double
 3572    quotes as part of the name.  Previously this was a parse error.
 3573 
 3574  * Sudo once again restores the state of the signal handlers it
 3575    modifies before executing the command.  This allows sudo to be
 3576    used with the nohup command.
 3577 
 3578  * Resuming a suspended shell now works properly when I/O logging
 3579    is not enabled (the I/O logging case was already correct).
 3580 
 3581 What's new in Sudo 1.7.4p6?
 3582 
 3583  * A bug has been fixed in the I/O logging support that could cause
 3584    visual artifacts in full-screen programs such as text editors.
 3585 
 3586 What's new in Sudo 1.7.4p5?
 3587 
 3588  * A bug has been fixed that would allow a command to be run without the
 3589    user entering a password when sudo's -g flag is used without the -u flag.
 3590 
 3591  * If user has no supplementary groups, sudo will now fall back on checking
 3592    the group file explicitly, which restores historic sudo behavior.
 3593 
 3594  * A crash has been fixed when sudo's -g flag is used without the -u flag
 3595    and the sudoers file contains an entry with no runas user or group listed.
 3596 
 3597  * A crash has been fixed when the Solaris project support is enabled
 3598    and sudo's -g flag is used without the -u flag.
 3599 
 3600  * Sudo no longer exits with an error when support for auditing is
 3601    compiled in but auditing is not enabled.
 3602 
 3603  * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
 3604    being honored when the "targetpw" sudoers Defaults option was enabled.
 3605 
 3606  * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
 3607 
 3608  * A crash has been fixed in "sudo -l" when sudo is built with auditing
 3609    support and the user is not allowed to run any commands on the host.
 3610 
 3611 What's new in Sudo 1.7.4p4?
 3612 
 3613  * A potential security issue has been fixed with respect to the handling
 3614    of sudo's -g command line option when -u is also specified.  The flaw
 3615    may allow an attacker to run commands as a user that is not authorized
 3616    by the sudoers file.
 3617 
 3618  * A bug has been fixed where "sudo -l" output was incomplete if multiple
 3619    sudoers sources were defined in nsswitch.conf and there was an error
 3620    querying one of the sources.
 3621 
 3622  * The log_input, log_output, and use_pty sudoers options now work correctly
 3623    on AIX.  Previously, sudo would hang if they were enabled.
 3624 
 3625  * The "make install" target now works correctly when sudo is built in a
 3626    directory other than the source directory.
 3627 
 3628  * The "runas_default" sudoers setting now works properly in a per-command
 3629    Defaults line.
 3630 
 3631  * Suspending and resuming the bash shell when PAM is in use now works
 3632    correctly.  The SIGCONT signal was not propagated to the child process.
 3633 
 3634 What's new in Sudo 1.7.4p3?
 3635 
 3636  * A bug has been fixed where duplicate HOME environment variables could be
 3637    present when the env_reset setting was disabled and the always_set_home
 3638    setting was enabled in sudoers.
 3639 
 3640  * The value of sysconfdir is now substituted into the path to the sudoers.d
 3641    directory in the installed sudoers file.
 3642 
 3643  * Compilation problems on IRIX and other platforms have been fixed.
 3644 
 3645  * If multiple PAM "auth" actions are specified and the user enters ^C at
 3646    the password prompt, sudo will no longer prompt for a password for any
 3647    subsequent "auth" actions.  Previously it was necessary to enter ^C for
 3648    each "auth" action.
 3649 
 3650 What's new in Sudo 1.7.4p2?
 3651 
 3652  * A bug where sudo could spin in a busy loop waiting for the child process
 3653    has been fixed.
 3654 
 3655 What's new in Sudo 1.7.4p1?
 3656 
 3657  * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
 3658    functioning when the tty_tickets sudoers option is enabled has been fixed.
 3659 
 3660  * Sudo no longer prints a warning when the -k or -K options are specified
 3661    and the ticket file does not exist.
 3662 
 3663  * It is now easier to cross-compile sudo.
 3664 
 3665 What's new in Sudo 1.7.4?
 3666 
 3667  * Sudoedit will now preserve the file extension in the name of the
 3668    temporary file being edited.  The extension is used by some
 3669    editors (such as emacs) to choose the editing mode.
 3670 
 3671  * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
 3672    /var/lib/sudo or /var/adm/sudo.  The directories are checked for
 3673    existence in that order.  This prevents users from receiving the
 3674    sudo lecture every time the system reboots.  Time stamp files older
 3675    than the boot time are ignored on systems where it is possible to
 3676    determine this.
 3677 
 3678  * The tty_tickets sudoers option is now enabled by default.
 3679 
 3680  * Ancillary documentation (README files, LICENSE, etc) is now installed
 3681    in a sudo documentation directory.
 3682 
 3683  * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
 3684    in ldap.conf.
 3685 
 3686  * Defaults settings that are tied to a user, host or command may
 3687    now include the negation operator.  For example:
 3688 	Defaults:!millert lecture
 3689    will match any user but millert.
 3690 
 3691  * The default PATH environment variable, used when no PATH variable
 3692     exists, now includes /usr/sbin and /sbin.
 3693 
 3694  * Sudo now uses polypkg (https://github.com/OneIdentity/Polypkg)
 3695    for cross-platform packing.
 3696 
 3697  * On Linux, sudo will now restore the nproc resource limit before
 3698    executing a command, unless the limit appears to have been modified
 3699    by pam_limits.  This avoids a problem with bash scripts that open
 3700    more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
 3701    will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
 3702 
 3703  * The HOME and MAIL environment variables are now reset based on the
 3704    target user's password database entry when the env_reset sudoers option
 3705    is enabled (which is the case in the default configuration).  Users
 3706    wishing to preserve the original values should use a sudoers entry like:
 3707 	Defaults env_keep += HOME
 3708    to preserve the old value of HOME and
 3709 	Defaults env_keep += MAIL
 3710    to preserve the old value of MAIL.
 3711 
 3712  * Fixed a problem in the restoration of the AIX authdb registry setting.
 3713 
 3714  * Sudo will now fork(2) and wait until the command has completed before
 3715    calling pam_close_session().
 3716 
 3717  * The default syslog facility is now "authpriv" if the operating system
 3718    supports it, else "auth".
 3719 
 3720 What's new in Sudo 1.7.3?
 3721 
 3722  * Support for logging I/O for the command being run.
 3723    For more information, see the documentation for the "log_input"
 3724    and "log_output" Defaults options in the sudoers manual.  Also
 3725    see the sudoreplay manual for how to replay I/O log sessions.
 3726 
 3727  * The use_pty sudoers option can be used to force a command to be
 3728    run in a pseudo-pty, even when I/O logging is not enabled.
 3729 
 3730  * On some systems, sudo can now detect when a user has logged out
 3731    and back in again when tty-based time stamps are in use.  Supported
 3732    systems include Solaris systems with the devices file system,
 3733    Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
 3734    only).
 3735 
 3736  * On AIX systems, the registry setting in /etc/security/user is
 3737    now taken into account when looking up users and groups.  Sudo
 3738    now applies the correct the user and group ids when running a
 3739    command as a user whose account details come from a different
 3740    source (e.g. LDAP or DCE vs.  local files).
 3741 
 3742  * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
 3743    When multiple entries are listed, sudo will try each one in the
 3744    order in which they are specified.
 3745 
 3746  * Sudo's SELinux support should now function correctly when running
 3747    commands as a non-root user and when one of stdin, stdout or stderr
 3748    is not a terminal.
 3749 
 3750  * Sudo will now use the Linux audit system with configure with
 3751    the --with-linux-audit flag.
 3752 
 3753  * Sudo now uses mbr_check_membership() on systems that support it
 3754    to determine group membership.  Currently, only Darwin (Mac OS X)
 3755    supports this.
 3756 
 3757  * When the tty_tickets sudoers option is enabled but there is no
 3758    terminal device, sudo will no longer use or create a tty-based
 3759    ticket file.  Previously, sudo would use a tty name of "unknown".
 3760    As a consequence, if a user has no terminal device, sudo will
 3761    now always prompt for a password.
 3762 
 3763  * The passwd_timeout and timestamp_timeout options may now be
 3764    specified as floating point numbers for more granular timeout
 3765    values.
 3766 
 3767  * Negating the fqdn option in sudoers now works correctly when sudo
 3768    is configured with the --with-fqdn option.  In previous versions
 3769    of sudo the fqdn was set before sudoers was parsed.
 3770 
 3771 What's new in Sudo 1.7.2?
 3772 
 3773  * A new #includedir directive is available in sudoers.  This can be
 3774    used to implement an /etc/sudo.d directory.  Files in an includedir
 3775    are not edited by visudo unless they contain a syntax error.
 3776 
 3777  * The -g option did not work properly when only setting the group
 3778    (and not the user).  Also, in -l mode the wrong user was displayed
 3779    for sudoers entries where only the group was allowed to be set.
 3780 
 3781  * Fixed a problem with the alias checking in visudo which
 3782    could prevent visudo from exiting.
 3783 
 3784  * Sudo will now correctly parse the shell-style /etc/environment
 3785    file format used by pam_env on Linux.
 3786 
 3787  * When doing password and group database lookups, sudo will only
 3788    cache an entry by name or by id, depending on how the entry was
 3789    looked up.  Previously, sudo would cache by both name and id
 3790    from a single lookup, but this breaks sites that have multiple
 3791    password or group database names that map to the same UID or
 3792    GID.
 3793 
 3794  * User and group names in sudoers may now be enclosed in double
 3795    quotes to avoid having to escape special characters.
 3796 
 3797  * BSM audit fixes when changing to a non-root UID.
 3798 
 3799  * Experimental non-Unix group support.  Currently only works with
 3800    Quest Authorization Services and allows Active Directory groups
 3801    fixes for Minix-3.
 3802 
 3803  * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
 3804    paths may be specified as a directory or a file.  However, version
 3805    5.0 of the SDK only appears to support using a directory (despite
 3806    documentation to the contrary).  If SSL client initialization
 3807    fails and the certificate or key paths look like they could be
 3808    default file name, strip off the last path element and try again.
 3809 
 3810  * A setenv() compatibility fix for Linux systems, where a NULL
 3811    value is treated the same as an empty string and the variable
 3812    name is checked against the NULL pointer.
 3813 
 3814 What's new in Sudo 1.7.1?
 3815 
 3816  * A new Defaults option "pwfeedback" will cause sudo to provide visual
 3817    feedback when the user is entering a password.
 3818 
 3819  * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
 3820    function for file name globbing instead of glob().  When this option
 3821    is enabled, sudo will not check the file system when expanding wildcards.
 3822    This is faster but a side effect is that relative paths with wildcard
 3823    will no longer work.
 3824 
 3825  * New BSM audit support for systems that support it such as FreeBSD
 3826    and Mac OS X.
 3827 
 3828  * The file name specified with the #include directive may now include
 3829    a %h escape which is expanded to the short form of hostname.
 3830 
 3831  * The -k flag may now be specified along with a command, causing the
 3832    user's timestamp file to be ignored.
 3833 
 3834  * New support for Tivoli-based LDAP START_TLS, present in AIX.
 3835 
 3836  * New support for /etc/netsvc.conf on AIX.
 3837 
 3838  * The unused alias checks in visudo now handle the case of an alias
 3839    referring to another alias.
 3840 
 3841 What's new in Sudo 1.7.0?
 3842 
 3843  * Rewritten parser that converts sudoers into a set of data structures.
 3844    This eliminates a number of ordering issues and makes it possible to
 3845    apply sudoers Defaults entries before searching for the command.
 3846    It also adds support for per-command Defaults specifications.
 3847 
 3848  * Sudoers now supports a #include facility to allow the inclusion of other
 3849    sudoers-format files.
 3850 
 3851  * Sudo's -l (list) flag has been enhanced:
 3852     o applicable Defaults options are now listed
 3853     o a command argument can be specified for testing whether a user
 3854       may run a specific command.
 3855     o a new -U flag can be used in conjunction with "sudo -l" to allow
 3856       root (or a user with "sudo ALL") list another user's privileges.
 3857 
 3858  * A new -g flag has been added to allow the user to specify a
 3859    primary group to run the command as.  The sudoers syntax has been
 3860    extended to include a group section in the Runas specification.
 3861 
 3862  * A UID may now be used anywhere a username is valid.
 3863 
 3864  * The "secure_path" run-time Defaults option has been restored.
 3865 
 3866  * Password and group data is now cached for fast lookups.
 3867 
 3868  * The file descriptor at which sudo starts closing all open files is now
 3869    configurable via sudoers and, optionally, the command line.
 3870 
 3871  * Visudo will now warn about aliases that are defined but not used.
 3872 
 3873  * The -i and -s command line flags now take an optional command
 3874    to be run via the shell.  Previously, the argument was passed
 3875    to the shell as a script to run.
 3876 
 3877  * Improved LDAP support.  SASL authentication may now be used in
 3878    conjunction when connecting to an LDAP server.  The krb5_ccname
 3879    parameter in ldap.conf may be used to enable Kerberos.
 3880 
 3881  * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
 3882    to specify the sudoers order.  E.g.:
 3883 	sudoers: ldap files
 3884    to check LDAP, then /etc/sudoers.  The default is "files", even
 3885    when LDAP support is compiled in.  This differs from sudo 1.6
 3886    where LDAP was always consulted first.
 3887 
 3888  * Support for /etc/environment on AIX and Linux.  If sudo is run
 3889    with the -i flag, the contents of /etc/environment are used to
 3890    populate the new environment that is passed to the command being
 3891    run.
 3892 
 3893  * If no terminal is available or if the new -A flag is specified,
 3894    sudo will use a helper program to read the password if one is
 3895    configured.  Typically, this is a graphical password prompter
 3896    such as ssh-askpass.
 3897 
 3898  * A new Defaults option, "mailfrom" that sets the value of the
 3899    "From:" field in the warning/error mail.  If unspecified, the
 3900    login name of the invoking user is used.
 3901 
 3902  * A new Defaults option, "env_file" that refers to a file containing
 3903    environment variables to be set in the command being run.
 3904 
 3905  * A new flag, -n, may be used to indicate that sudo should not
 3906    prompt the user for a password and, instead, exit with an error
 3907    if authentication is required.
 3908 
 3909  * If sudo needs to prompt for a password and it is unable to disable
 3910    echo (and no askpass program is defined), it will refuse to run
 3911    unless the "visiblepw" Defaults option has been specified.
 3912 
 3913  * Prior to version 1.7.0, hitting enter/return at the Password: prompt
 3914    would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
 3915    an empty password.  To exit sudo, the user must press ^C or ^D
 3916    at the prompt.
 3917 
 3918  * visudo will now check the sudoers file owner and mode in -c (check)
 3919    mode when the -s (strict) flag is specified.
 3920 
 3921  * A new Defaults option "umask_override" will cause sudo to set the
 3922    umask specified in sudoers even if it is more permissive than the
 3923    invoking user's umask.