---
- branch: MAIN
  date: Tue Mar 22 14:52:09 UTC 2011
  files:
  - new: '1.129'
    old: '1.128'
    path: pkgsrc/security/sudo/Makefile
    pathrev: pkgsrc/security/sudo/Makefile@1.129
    type: modified
  - new: '1.69'
    old: '1.68'
    path: pkgsrc/security/sudo/distinfo
    pathrev: pkgsrc/security/sudo/distinfo@1.69
    type: modified
  - new: '1.26'
    old: '1.25'
    path: pkgsrc/security/sudo/patches/patch-aa
    pathrev: pkgsrc/security/sudo/patches/patch-aa@1.26
    type: modified
  id: 20110322T145209Z.d9ffae95e29d0bd0b56a703ff6d4c312251832a0
  log: "Update sudo pacakge to 1.7.5.\n\n* pkgsrc change: trying to use user-destdir.\n\nWhat's
    new in Sudo 1.7.5?\n\n * When using visudo in check mode, a file named \"-\" may
    be used to\n   check sudoers data on the standard input.\n\n * Sudo now only fetches
    shadow password entries when using the\n   password database directly for authentication.\n\n
    * Password and group entries are now cached using the same key\n   that was used
    to look them up.  This fixes a problem when looking\n   up entries by name if
    the name in the retrieved entry does not\n   match the name used to look it up.
    \ This may happen on some systems\n   that do case insensitive lookups or that
    truncate long names.\n\n * GCC will no longer display warnings on glibc systems
    that use\n   the warn_unused_result attribute for write(2) and other system calls.\n\n
    * If a PAM account management module denies access, sudo now prints\n   a more
    useful error message and stops trying to validate the user.\n\n * Fixed a potential
    hang on idle systems when the sudo-run process\n   exits immediately.\n\n * Sudo
    now includes a copy of zlib that will be used on systems\n   that do not have
    zlib installed.\n\n * The --with-umask-override configure flag has been added
    to enable\n   the \"umask_override\" sudoers Defaults option at build time.\n\n
    * Sudo now unblocks all signals on startup to avoid problems caused\n   by the
    parent process changing the default signal mask.\n\n * LDAP Sudoers entries may
    now specify a time period for which\n   the entry is valid.  This requires an
    updated sudoers schema\n   that includes the sudoNotBefore and sudoNotAfter attributes.\n
    \  Support for timed entries must be explicitly enabled in the\n   ldap.conf file.
    \ Based on changes from Andreas Mueller.\n\n * LDAP Sudoers entries may now specify
    a sudoOrder attribute that\n   determines the order in which matching entries
    are applied.  The\n   last matching entry is used, just like file-based sudoers.
    \ This\n   requires an updated sudoers schema that includes the sudOrder\n   attribute.
    \ Based on changes from Andreas Mueller.\n\n * When run as sudoedit, or when given
    the -e flag, sudo now treats\n   command line arguments as pathnames.  This means
    that slashes\n   in the sudoers file entry must explicitly match slashes in\n
    \  the command line arguments.  As a result, and entry such as:\n\tuser ALL =
    sudoedit /etc/*\n   will allow editing of /etc/motd but not /etc/security/default.\n\n
    * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for\n   compatibility
    with OpenLDAP configuration files.\n\n * The LDAP API TIMEOUT parameter is now
    honored in ldap.conf.\n\n * The I/O log directory may now be specified in the
    sudoers file.\n\n * Sudo will no longer refuse to run if the sudoers file is writable\n
    \  by root.\n\n * Sudo now performs command line escaping for \"sudo -s\" and
    \"sudo -i\"\n   after validating the command so the sudoers entries do not need\n
    \  to include the backslashes.\n\n * Logging and email sending are now done in
    the locale specified\n   by the \"sudoers_locale\" setting (\"C\" by default).
    \ Email send by\n   sudo now includes MIME headers when \"sudoers_locale\" is
    not \"C\".\n\n * The configure script has a new option, --disable-env-reset, to\n
    \  allow one to change the default for the sudoers Default setting\n   \"env_reset\"
    at compile time.\n\n * When logging \"sudo -l command\", sudo will now prepend
    \"list \"\n   to the command in the log line to distinguish between an\n   actual
    command invocation in the logs.\n\n * Double-quoted group and user names may now
    include escaped double\n   quotes as part of the name.  Previously this was a
    parse error.\n\n * Sudo once again restores the state of the signal handlers it\n
    \  modifies before executing the command.  This allows sudo to be\n   used with
    the nohup command.\n\n * Resuming a suspended shell now works properly when I/O
    logging\n   is not enabled (the I/O logging case was already correct).\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/sudo'
  unixtime: '1300805529'
  user: taca