glibc: Update version from 2.25 to 2.27 #502
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NEWS for version 2.26 ===================== Major new features: * A per-thread cache has been added to malloc. Access to the cache requires no locks and therefore significantly accelerates the fast path to allocate and free small amounts of memory. Refilling an empty cache requires locking the underlying arena. Performance measurements show significant gains in a wide variety of user workloads. Workloads were captured using a special instrumented malloc and analyzed with a malloc simulator. Contributed by DJ Delorie with the help of Florian Weimer, and Carlos O'Donell. * Unicode 10.0.0 Support: Character encoding, character type info, and transliteration tables are all updated to Unicode 10.0.0, using generator scripts contributed by Mike FABIAN (Red Hat). These updates cause user visible changes, especially the changes in wcwidth for many emoji characters cause problems when emoji sequences are rendered with pango, see for example: https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5 * Collation of Hungarian has been overhauled and is now consistent with "The Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by Egmont Koblinger. * Improvements to the DNS stub resolver, contributed by Florian Weimer: - The GNU C Library will now detect when /etc/resolv.conf has been modified and reload the changed configuration. The new resolver option “no-reload” (RES_NORELOAD) disables this behavior. - The GNU C Library now supports an arbitrary number of search domains (configured using the “search” directive in /etc/resolv.conf); previously, there was a hard limit of six domains. For backward compatibility, applications that directly modify the ‘_res’ global object are still limited to six search domains. - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C Library will now randomly pick a name server from the configuration as a starting point. (Previously, the second name server was always used.) * The tunables feature is now enabled by default. This allows users to tweak behavior of the GNU C Library using the GLIBC_TUNABLES environment variable. * New function reallocarray, which resizes an allocated block (like realloc) to the product of two sizes, with a guaranteed clean failure upon integer overflow in the multiplication. Originally from OpenBSD, contributed by Dennis Wölfing and Rüdiger Sonderfeld. * New wrappers for the Linux-specific system calls preadv2 and pwritev2. These are extended versions of preadv and pwritev, respectively, taking an additional flags argument. The set of supported flags depends on the running kernel; full support currently requires kernel 4.7 or later. * posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to create a new session ID for the spawned process. This feature is scheduled to be added to the next major revision of POSIX; for the time being, it is available under _GNU_SOURCE. * errno.h is now safe to use from C-preprocessed assembly language on all supported operating systems. In this context, it will only define the Exxxx constants, as preprocessor macros expanding to integer literals. * On ia64, powerpc64le, x86-32, and x86-64, the math library now implements 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy, Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers. To compile programs that use this feature, the compiler must support 128-bit floating point with the type name _Float128 (as defined by TS 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__ must be defined to make the new interfaces visible. The new functions and macros correspond to those present for other floating-point types (except for a few obsolescent interfaces not supported for the new type), with F128 or f128 suffixes; for example, strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no printf or scanf formats for the new type; the strfromf128 and strtof128 interfaces should be used instead. Deprecated and removed features, and other changes affecting compatibility: * The synchronization that pthread_spin_unlock performs has been changed to now be equivalent to a C11 atomic store with release memory order to the spin lock's memory location. Previously, several (but not all) architectures used stronger synchronization (e.g., containing what is often called a full barrier). This change can improve performance, but may affect odd fringe uses of spin locks that depend on the previous behavior (e.g., using spin locks as atomic variables to try to implement Dekker's mutual exclusion algorithm). * The port to Native Client running on ARMv7-A (--host=arm-nacl) has been removed. * Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers will only be built and installed when the GNU C Library is configured with --enable-obsolete-rpc. This allows alternative RPC implementations, such as TIRPC or rpcsvc-proto, to be used. * The NIS(+) name service modules, libnss_nis, libnss_nisplus, and libnss_compat, are deprecated, and will not be built or installed by default. The NIS(+) support library, libnsl, is also deprecated. By default, a compatibility shared library will be built and installed, but not headers or development libraries. Only a few NIS-related programs require this library. (In particular, the GNU C Library has never required programs that use 'gethostbyname' to be linked with libnsl.) Replacement implementations based on TIRPC, which additionally support IPv6, are available from <https://github.com/thkukuk/>. The configure option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+) name service modules, to be built and installed. * The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC support is enabled, the configured recursive resolver must support EDNS. (Responding to EDNS-enabled queries with responses which are not EDNS-enabled is fine, but FORMERR responses are not.) * res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS servers have not supported this opcode for a long time. * The _res_opcodes variable has been removed from libresolv. It had been exported by accident. * <string.h> no longer includes inline versions of any string functions, as this kind of optimization is better done by the compiler. The macros __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect. * The nonstandard header <xlocale.h> has been removed. Most programs should use <locale.h> instead. If you have a specific need for the definition of locale_t with no other declarations, please contact libc-alpha@sourceware.org and explain. * The obsolete header <sys/ultrasound.h> has been removed. * The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>. * The obsolete function cfree has been removed. Applications should use free instead. * The stack_t type no longer has the name struct sigaltstack. This changes the C++ name mangling for interfaces involving this type. * The ucontext_t type no longer has the name struct ucontext. This changes the C++ name mangling for interfaces involving this type. * On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no longer has the name struct mcontext. On SPARC GNU/Linux, the struct mc_fq, struct rwindow, struct fpq and struct fq types are no longer defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct mc_fpu, the gwindows_t type no longer has the name struct gwindows and the fpregset_t type no longer has the name struct fpu. This changes the C++ name mangling for interfaces involving those types. * On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been synced with the kernel: - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS are not supported on this architecture and have been removed. - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA, PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE, PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added. Programs that assume the GET/SETREGS ptrace requests are universally available will now fail to build, instead of malfunctioning at runtime. Changes to build and runtime requirements: * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel. (This is a change from version 2.25 only for x86-32 and x86-64.) * GNU Binutils 2.25 or later is now required to build the GNU C Library. * On most architectures, GCC 4.9 or later is required to build the GNU C Library. On powerpc64le, GCC 6.2 or later is required. Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. (We do not know exactly how old, and some GNU extensions to C may be _de facto_ required. If you are interested in helping us make this statement less vague, please contact libc-alpha@sourceware.org.) Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, to avoid fragmentation-based spoofing attacks (CVE-2017-12132). * LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE mode to guard against local privilege escalation attacks (CVE-2017-1000366). * Avoid printing a backtrace from the __stack_chk_fail function since it is called on a corrupt stack and a backtrace is unreliable on a corrupt stack (CVE-2010-3192). * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been fixed (CVE-2017-12133).
/lib64/ld-linux-x86-64.so.2 is the intepreter for dynamic executables. Our /lib64 is a symlink to /lib. Create the link /lib/ld-linux-x86-64.so.2 -> /lib/ld-X.XX.so
pmenzel
reviewed
Oct 5, 2017
scripts/update-glibc-to-2.26.sh
Outdated
|
|
||
| # Script to update glibc-2.25-1 to glibc-2.26-0 | ||
| # | ||
| # 2.25 ld-linux-x86-64.so.2 does not work with 2.26 libc.so.6 and visa versa |
There was a problem hiding this comment.
Misspelling of vice versa. [1]
scripts/update-glibc-to-2.26.sh
Outdated
| # Script to update glibc-2.25-1 to glibc-2.26-0 | ||
| # | ||
| # 2.25 ld-linux-x86-64.so.2 does not work with 2.26 libc.so.6 and visa versa | ||
| # plus there are a lot of other incompatibilities beween libraries provided |
There was a problem hiding this comment.
One space before provided.
|
Tested on keineahnung with |
|
Don't worry, the script and its commit is gone :-) |
|
Unable to compile gcc 5.4 with glibc 2.26 installed: |
|
This has been fixed in the gcc 5 branch but not in the latest 5.4 release (5.4.0) : I've put the patch for gcc into |
|
Next stop at Which is more or less the same. I'll fix that too (in gcc) |
|
But these are not GLIBC 2.26 issues, right? It also happens with the currently installed GLIBC 2.25, doesn’t it? |
|
Well, its a change in the GLIBC provided include files. I don't know, whether these structure tags should have been regarded internal or not and whether its was legit to use these names in the first place. Guess, that was undefined. Anyway, the users (gcc compiler, linux kernel) had to adapt. Here is the glibc commit:
|
|
Next stop (its getting worse) Because So this is a bug of the sanitizers ( copy-and-pasted into gcc), and looking at https://github.com/google/sanitizers/issues/822 it looks like there is more to come. Btw: The sanitizers are not functional in our environment. There are already problems with glibc 2.25 and if this is fixed, some other problems appear. |
donald
added a commit
that referenced
this pull request
Oct 6, 2017
List of problems fixed in this release: <https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=5.4> We had some problems compiling the 5.4.0 release [1] with glibc 2.23, so use latest revision on the 5.4 branch, where all these problemes were already fixed. [1] #502
|
For yet unknown reason, |
|
The reason that "bee update glibc" won't remove glibc-2.25 is the bad installation of glibc-2.25-1 . which was done by the instructions in #415 : The problem is, that bee maintains an inventory cache in /var/cache/bee/bee-cache/INVENTORY and that the entries for the glibc-2.25-0 packages weren't removed. So Same mistake for the mariux64-* packages (#98) where I just removed the files from /usr/share/bee. For unknown reason, linux-4.4.70-156 appears twice in the cache Anyway, |
|
Replace 2.25 with 2.26 is destructive: |
With glibc 2.26, the name service modules, libnss_nis, libnss_nisplus,
and libnss_compat, are deprecated, and will not be built or installed by
default.
We still require libnss_nis.so, because we use nis for
passwd and shadow in /etc/nsswitch.conf-
Add
--enable-obsolete-nsl
to build and install the obsolete libnsl library and
depending NSS modules.
|
https://www.gnu.org/software/libc/ Lets wait a bit. |
NEWS for version 2.27 ===================== Major new features: * The GNU C Library can now be compiled with support for building static PIE executables (See --enable-static-pie in INSTALL). These static PIE executables are like static executables but can be loaded at any address and provide additional security hardening benefits at the cost of some memory and performance. When the library is built with --enable-static-pie the resulting libc.a is usable with GCC 8 and above to create static PIE executables using the GCC option '-static-pie'. This feature is currently supported on i386, x86_64 and x32 with binutils 2.29 or later, and on aarch64 with binutils 2.30 or later. * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf, sinf, sincosf and tan with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel. * Optimized x86-64 trunc and truncf for processors with SSE4.1. * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and sincosf. * In order to support faster and safer process termination the malloc API family of functions will no longer print a failure address and stack backtrace after detecting heap corruption. The goal is to minimize the amount of work done after corruption is detected and to avoid potential security issues in continued process execution. Reducing shutdown time leads to lower overall process restart latency, so there is benefit both from a security and performance perspective. * The abort function terminates the process immediately, without flushing stdio streams. Previous glibc versions used to flush streams, resulting in deadlocks and further data corruption. This change also affects process aborts as the result of assertion failures. * On platforms where long double has the IEEE binary128 format (aarch64, alpha, mips64, riscv, s390 and sparc), the math library now implements _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These are the same interfaces added in version 2.26 for some platforms where this format is supported but is not the format of long double. * On platforms with support for _Float64x (aarch64, alpha, i386, ia64, mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now implements interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These are corresponding interfaces to those supported for _Float128. * The math library now implements interfaces for the _Float32, _Float64 and _Float32x types, as defined by ISO/IEC TS 18661-3:2015. These are corresponding interfaces to those supported for _Float128. * glibc now implements the memfd_create and mlock2 functions on Linux. * Support for memory protection keys was added. The <sys/mman.h> header now declares the functions pkey_alloc, pkey_free, pkey_mprotect, pkey_set, pkey_get. * The copy_file_range function was added. * Optimized memcpy, mempcpy, memmove, and memset for sparc M7. * The ldconfig utility now processes `include' directives using the C/POSIX collation ordering. Previous glibc versions used locale-specific ordering, the change might break systems that relied on that. * Support for two grammatical forms of month names has been added. In a call to strftime, the "%B" and "%b" format specifiers will now produce the grammatical form required when the month is used as part of a complete date. New "%OB" and "%Ob" specifiers produce the form required when the month is named by itself. For instance, in Greek and in many Slavic and Baltic languages, "%B" will produce the month in genitive case, and "%OB" will produce the month in nominative case. In a call to strptime, "%B", "%b", "%h", "%OB", "%Ob", and "%Oh" are all valid and will all accept any known form of month name---standalone or complete, abbreviated or full. In a call to nl_langinfo, the query constants MON_1..12 and ABMON_1..12 return the strings used by "%B" and "%b", respectively. New query constants ALTMON_1..12 and _NL_ABALTMON_1..12 return the strings used by "%OB" and "%Ob", respectively. In a locale definition file, use "alt_mon" and "ab_alt_mon" to define the strings for %OB and %Ob, respectively; these have the same syntax as "mon" and "abmon". These arrays are optional; if they are not provided then they have the same content as "mon" and "abmon", respectively. These features are provided for locales which define "alt_mon" and/or "ab_alt_mon" in their locale source data. This release includes such alternative month name data for the following languages: Belarusian, Croatian, Greek, Lithuanian, Polish, Russian, and Ukrainian. This feature is currently a GNU extension, but it is expected to be added to the next revision of POSIX, and it is also already available on some BSD-derived operating systems. This feature will cause existing statically compiled applications to fail to load locales and fall back to the builtin C/POSIX locales. See notes below for other changes affecting compatibility. * Support for the RISC-V ISA running on Linux has been added. This port requires at least binutils-2.30, gcc-7.3.0, and linux-4.15; and is supported for the following ISA and ABI pairs: - rv64imac lp64 - rv64imafdc lp64 - rv64imafdc lp64d Deprecated and removed features, and other changes affecting compatibility: * Statically compiled applications attempting to load locales compiled for the GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX locale. The reason for this is that the addition of the new "%OB" and "%Ob", support for two grammatical forms of the month names, also extends the locale data binary format. Static applications needing locale support must be recompiled to match the runtime and data they are deployed with. In some distributions there is an upgrade window where dynamically linked applications may use a new library but the old locale data and also fall back to the builtin C/POSIX locales; restarting the application process is sufficient to fix this. * Support for statically linked applications which call dlopen is deprecated and will be removed in a future version of glibc. Applications which call dlopen need to be linked dynamically instead. * Support for old programs which use internal stdio data structures and functions is deprecated. This includes programs which use the C++ streams provided by libstdc++ in GCC 2.95. Programs which use the internal symbols _IO_adjust_wcolumn, _IO_default_doallocate, _IO_default_finish, _IO_default_pbackfail, _IO_default_uflow, _IO_default_xsgetn, _IO_default_xsputn, _IO_doallocbuf, _IO_do_write, _IO_file_attach, _IO_file_close, _IO_file_close_it, _IO_file_doallocate, _IO_file_fopen, _IO_file_init, _IO_file_jumps, _IO_fileno, _IO_file_open, _IO_file_overflow, _IO_file_read, _IO_file_seek, _IO_file_seekoff, _IO_file_setbuf, _IO_file_stat, _IO_file_sync, _IO_file_underflow, _IO_file_write, _IO_file_xsputn, _IO_flockfile, _IO_flush_all, _IO_flush_all_linebuffered, _IO_free_backup_area, _IO_free_wbackup_area, _IO_init, _IO_init_marker, _IO_init_wmarker, _IO_iter_begin, _IO_iter_end, _IO_iter_file, _IO_iter_next, _IO_least_wmarker, _IO_link_in, _IO_list_all, _IO_list_lock, _IO_list_resetlock, _IO_list_unlock, _IO_marker_delta, _IO_marker_difference, _IO_remove_marker, _IO_seekmark, _IO_seekwmark, _IO_str_init_readonly, _IO_str_init_static, _IO_str_overflow, _IO_str_pbackfail, _IO_str_seekoff, _IO_str_underflow, _IO_switch_to_main_wget_area, _IO_switch_to_wget_mode, _IO_unsave_wmarkers, _IO_wdefault_doallocate, _IO_wdefault_finish, _IO_wdefault_pbackfail, _IO_wdefault_setbuf, _IO_wdefault_uflow, _IO_wdefault_xsgetn, _IO_wdefault_xsputn, _IO_wdoallocbuf, _IO_wdo_write, _IO_wfile_jumps, _IO_wfile_overflow, _IO_wfile_sync, _IO_wfile_underflow, _IO_wfile_xsputn, _IO_wmarker_delta, or _IO_wsetb may stop working with a future version of glibc. Unlike other symbol removals, these old applications will not be supported using compatibility symbols. * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer defined by <sys/ptrace.h>. * libm no longer supports SVID error handling (calling a user-provided matherr function on error) or the _LIB_VERSION variable to control error handling. (SVID error handling and the _LIB_VERSION variable still work for binaries linked against older versions of the GNU C Library.) The libieee.a library is no longer provided. math.h no longer defines struct exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW, TLOSS, PLOSS and HUGE. * The libm functions pow10, pow10f and pow10l are no longer supported for new programs. Programs should use the standard names exp10, exp10f and exp10l for these functions instead. * The mcontext_t type is no longer the same as struct sigcontext. On platforms where it was previously the same, this changes the C++ name mangling for interfaces involving this type. * The add-ons mechanism for building additional packages at the same time as glibc has been removed. The --enable-add-ons configure option is now ignored. * The --without-fp configure option is now ignored. Whether hardware floating-point instructions are used is now configured based on whether the compiler used at configure time (without any options implied by a --with-cpu= configure option) uses such instructions. * The res_hnok, res_dnok, res_mailok and res_ownok functions now check that the specified string can be parsed as a domain name. * In the malloc_info output, the <heap> element may contain another <aspace> element, "subheaps", which contains the number of sub-heaps. * The libresolv function p_secstodate is no longer supported for new programs. * The tilepro-*-linux-gnu configuration is no longer supported. * The nonstandard header files <libio.h> and <_G_config.h> are deprecated and will be removed in a future release. Software that is still using either header should be updated to use standard <stdio.h> interfaces instead. libio.h was originally the header for a set of supported GNU extensions, but they have not been maintained as such in many years, they are now standing in the way of improvements to stdio, and we don't think there are any remaining external users. _G_config.h was never intended for public use, but predates the bits convention. Changes to build and runtime requirements: * bison version 2.7 or later is required to generate code in the 'intl' subdirectory. Security related changes: CVE-2009-5064: The ldd script would sometimes run the program under examination directly, without preventing code execution through the dynamic linker. (The glibc project disputes that this is a security vulnerability; only trusted binaries must be examined using the ldd script.) CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered from a one-byte overflow during ~ operator processing (either on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, would sometimes fail to free memory allocated during ~ operator processing, leading to a memory leak and, potentially, to a denial of service. CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. CVE-2017-17426: The malloc function, when called with an object size near the value SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. This was a regression introduced with the new malloc thread cache in glibc 2.26. Reported by Iain Buclaw. CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads to the allocation of too much memory. (This is not a security bug per se, it is mentioned here only because of the CVE assignment.) Reported by Qualys. CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation of the number of search path components. (This is not a security vulnerability per se because no trust boundary is crossed if the fix for CVE-2017-1000366 has been applied, but it is mentioned here only because of the CVE assignment.) Reported by Qualys. CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN for AT_SECURE or SUID binaries could be used to load libraries from the current directory. CVE-2018-1000001: Buffer underflow in realpath function when getcwd function succeeds without returning an absolute path due to unexpected behaviour of the Linux kernel getcwd syscall. Reported by halfdog. CVE-2018-6485: The posix_memalign and memalign functions, when called with an object size near the value of SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. Reported by Jakub Wilk.
|
tested on sigusr2 ( log in, start firefox, update, play games, log out, log in, firefox, , log out , reboot , log in, firefox .... ) |
donald
changed the title
|
Just for the records if anybody looks here the next time we do the glibc dance: Additional to the apache httpd daemons, we need to restart or cron daemons when glibc is uopdated. They fork and dlopen() PAM modules when starting a cron job. |
|
Plus the locales package ( glibc-locales.be0 ) should be rebuild. Next glibc updater: Please put these hints as comments into the glibc.be0 file. |
pmenzel
added a commit
that referenced
this pull request
Feb 19, 2018
The file [`NEWS`][1] contains the change-log. > What's new in Sudo 1.8.22 > > * Commands run in the background from a script run via sudo will > no longer receive SIGHUP when the parent exits and I/O logging > is enabled. Bug #502 > > * A particularly offensive insult is now disabled by default. > Bug #804 > > * The description of "sudo -i" now correctly documents that > the "env_keep" and "env_check" sudoers options are applied to > the environment. Bug #806 > > * Fixed a crash when the system's host name is not set. > Bug #807 > > * The sudoers2ldif script now handles #include and #includedir > directives. > > * Fixed a bug where sudo would silently exit when the command was > not allowed by sudoers and the "passwd_tries" sudoers option > was set to a value less than one. > > * Fixed a bug with the "listpw" and "verifypw" sudoers options and > multiple sudoers sources. If the option is set to "all", a > password should be required unless none of a user's sudoers > entries from any source require authentication. > > * Fixed a bug with the "listpw" and "verifypw" sudoers options in > the LDAP and SSSD back-ends. If the option is set to "any", and > the entry contained multiple rules, only the first matching rule > was checked. If an entry contained more than one matching rule > and the first rule required authentication but a subsequent rule > did not, sudo would prompt for a password when it should not have. > > * When running a command as the invoking user (not root), sudo > would execute the command with the same group vector it was > started with. Sudo now executes the command with a new group > vector based on the group database which is consistent with > how su(1) operates. > > * Fixed a double free in the SSSD back-end that could occur when > ipa_hostname is present in sssd.conf and is set to an unqualified > host name. > > * When I/O logging is enabled, sudo will now write to the terminal > even when it is a background process. Previously, sudo would > only write to the tty when it was the foreground process when > I/O logging was enabled. If the TOSTOP terminal flag is set, > sudo will suspend the command (and then itself) with the SIGTTOU > signal. > > * A new "authfail_message" sudoers option that overrides the > default "N incorrect password attempt(s)". > > * An empty sudoRunAsUser attribute in the LDAP and SSSD backends > will now match the invoking user. This is more consistent with > how an empty runas user in the sudoers file is treated. > > * Documented that in check mode, visudo does not check the owner/mode > on files specified with the -f flag. Bug #809. > > * It is now an error to specify the runas user as an empty string > on the command line. Previously, an empty runas user was treated > the same as an unspecified runas user. Bug #817. > > * When "timestamp_type" option is set to "tty" and a terminal is > present, the time stamp record will now include the start time > of the session leader. When the "timestamp_type" option is set > to "ppid" or when no terminal is available, the start time of > the parent process is used instead. This significantly reduces > the likelihood of a time stamp record being re-used when a user > logs out and back in again. Bug #818. > > * The sudoers time stamp file format is now documented in the new > sudoers_timestamp manual. > > * The "timestamp_type" option now takes a "kernel" value on OpenBSD > systems. This causes the tty-based time stamp to be stored in > the kernel instead of on the file system. If no tty is present, > the time stamp is considered to be invalid. > > * Visudo will now use the SUDO_EDITOR environment variable (if > present) in addition to VISUAL and EDITOR. > > What's new in Sudo 1.8.21p2 > > * Fixed a bug introduced in version 1.8.21 which prevented sudo > from using the PAM-supplied prompt. Bug #799 > > * Fixed a bug introduced in version 1.8.21 which could result in > sudo hanging when running commands that exit quickly. Bug #800 > > * Fixed a bug introduced in version 1.8.21 which prevented the > command from being run when the password was read via an external > program using the askpass interface. Bug #801 > > What's new in Sudo 1.8.21p1 > > * On systems that support both PAM and SIGINFO, the main sudo > process will no longer forward SIGINFO to the command if the > signal was generated from the keyboard. The command will have > already received SIGINFO since it is part of the same process > group so there's no need for sudo to forward it. This is > consistent with the handling of SIGINT, SIGQUIT and SIGTSTP. > Bug #796 > > * If SUDOERS_SEARCH_FILTER in ldap.conf does not specify a value, > the LDAP search expression used when looking up netgroups and > non-Unix groups had a syntax error if a group plugin was not > specified. > > * "sudo -U otheruser -l" will now have an exit value of 0 even > if "otheruser" has no sudo privileges. The exit value when a > user attempts to lists their own privileges or when a command > is specified is unchanged. > > * Fixed a regression introduced in sudo 1.8.21 where sudoreplay > playback would hang for I/O logs that contain terminal input. > > * Sudo 1.8.18 contained an incomplete fix for the matching of > entries in the LDAP and SSSD back-ends when a sudoRunAsGroup is > specified but no sudoRunAsUser is present in the sudoRole. > > What's new in Sudo 1.8.21 > > * The path that sudo uses to search for terminal devices can now > be configured via the new "devsearch" Path setting in sudo.conf. > > * It is now possible to preserve bash shell functions in the > environment when the "env_reset" sudoers setting is disabled by > removing the "*=()*" pattern from the env_delete list. > > * A change made in sudo 1.8.15 inadvertantly caused sudoedit to > send itself SIGHUP instead of exiting when the editor returns > an error or the file was not modified. > > * Sudoedit now uses an exit code of zero if the file was not > actually modified. Previously, sudoedit treated a lack of > modifications as an error. > > * When running a command in a pseudo-tty (pty), sudo now copies a > subset of the terminal flags to the new pty. Previously, all > flags were copied, even those not appropriate for a pty. > > * Fixed a problem with debug logging in the sudoers I/O logging > plugin. > > * Window size change events are now logged to the policy plugin. > On xterm and compatible terminals, sudoreplay is now capable of > resizing the terminal to match the size of the terminal the > command was run on. The new -R option can be used to disable > terminal resizing. > > * Fixed a bug in visudo where a newly added file was not checked > for syntax errors. Bug #791. > > * Fixed a bug in visudo where if a syntax error in an include > directory (like /etc/sudoers.d) was detected, the edited version > was left as a temporary file instead of being installed. > > * On PAM systems, sudo will now treat "username's Password:" as > a standard password prompt. As a result, the SUDO_PROMPT > environment variable will now override "username's Password:" > as well as the more common "Password:". Previously, the > "passprompt_override" Defaults setting would need to be set for > SUDO_PROMPT to override a prompt of "username's Password:". > > * A new "syslog_pid" sudoers setting has been added to include > sudo's process ID along with the process name when logging via > syslog. Bug #792. > > * Fixed a bug introduced in sudo 1.8.18 where a command would > not be terminated when the I/O logging plugin returned an error > to the sudo front-end. > > * A new "timestamp_type" sudoers setting has been added that replaces > the "tty_tickets" option. In addition to tty and global time stamp > records, it is now possible to use the parent process ID to restrict > the time stamp to commands run by the same process, usually the shell. > Bug #793. > > * The --preserve-env command line option has been extended to accept > a comma-separated list of environment variables to preserve. > Bug #279. > > * Friulian translation for sudo from translationproject.org. [1]: https://www.sudo.ws/repos/sudo/file/SUDO_1_8_22/NEWS
pmenzel
added a commit
that referenced
this pull request
Sep 12, 2019
Sign in
to join this conversation on GitHub.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Needs testing.
Processes created before the update (or processes forked from old processes which don't exec() a new image) might not be able to dlopen() something (apache httpd. What else?)