Release 0.2.11 (#1398)

squell · web-flow · commit 796262194aa8 · 2025-12-16T16:27:44.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,33 @@
 # Changelog
 
+## [0.2.11] - 2025-12-16
+
+### Added
+- Support for `-A / --askpass` to enable using an external askpass program
+  under control of the `SUDO_ASKPASS` environment variable.
+- Functional support for localisation. This can be enabled by building sudo-rs
+  with the `gettext` feature and installing a `sudo-rs.mo` in the correct
+  LC_MESSAGES folder. Since we have no translations yet this is off by default.
+
+### Changed
+- sudo is always built with sudoedit functionality
+- sudo no longer sets the archaic `MAIL` environment variable
+- timestamps format has been changed to always check for session pid (#1132).
+  As a consequence, timestamps created by earlier versions of sudo-rs are
+  invalidated after upgrading to this version.
+- The folder containing zoneinfo is detected at runtime; `build.rs` was removed
+- The default value of `Defaults editor` has been changed on Linux to remove the
+  dependence on Debian-specific `/usr/bin/editor`.
+
+### Fixed
+- `sudo -i` made `root` as owner of the pty instead of the login user (#1333)
+- visudo usability improvements (#1388, #1394)
+- Mistakes in the man pages (#1338, #1362, #1387)
+- Better error message when /etc/sudoers contains regular expressions (#1352)
+- Better error message when /etc/sudoers is missing (#1368)
+- Redirecting input/output to another TTY was not recognised as redirection;
+  this fix originated from Todd Miller's sudo (#1380)
+
 ## [0.2.10] - 2025-11-10
 
 ### Changed
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "sudo-rs"
 description = "A memory safe implementation of sudo and su."
-version = "0.2.10"
+version = "0.2.11"
 license = "Apache-2.0 OR MIT"
 edition = "2021"
 repository = "https://github.com/trifectatechfoundation/sudo-rs"
diff --git a/README.md b/README.md
@@ -99,11 +99,11 @@ We currently only offer these for x86-64 Linux systems.
 We recommend installing sudo-rs and su-rs in your `/usr/local` hierarchy so it does not affect the integrity of the package
 manager of your Linux distribution. You can achieve this using the commands:
 ```sh
-sudo tar -C /usr/local -xvf sudo-0.2.10.tar.gz
+sudo tar -C /usr/local -xvf sudo-0.2.11.tar.gz
 ```
 and for su-rs:
 ```sh
-sudo tar -C /usr/local -xvf su-0.2.10.tar.gz
+sudo tar -C /usr/local -xvf su-0.2.11.tar.gz
 ```
 This will install sudo-rs and su-rs in `/usr/local/bin` using the usual commands `sudo`, `visudo`, `sudoedit` and `su`. Please double check
 that in your default `PATH`, the folders `/usr/local/bin` and `/usr/local/sbin` have priority over `/usr/bin` and `/usr/sbin`.
diff --git a/docs/man/su.1.man b/docs/man/su.1.man
@@ -1,6 +1,6 @@
 .\" Automatically generated by Pandoc 3.6.3
 .\"
-.TH "SU" "1" "" "sudo\-rs 0.2.10" "sudo\-rs"
+.TH "SU" "1" "" "sudo\-rs 0.2.11" "sudo\-rs"
 .SH NAME
 \f[CR]su\f[R] \- run a shell or command as another user
 .SH SYNOPSIS
diff --git a/docs/man/su.1.md b/docs/man/su.1.md
@@ -1,5 +1,5 @@
 ---
-title: SU(1) sudo-rs 0.2.10 | sudo-rs
+title: SU(1) sudo-rs 0.2.11 | sudo-rs
 ---
 
 # NAME
diff --git a/docs/man/sudo.8.man b/docs/man/sudo.8.man
@@ -1,6 +1,6 @@
 .\" Automatically generated by Pandoc 3.6.3
 .\"
-.TH "SUDO" "8" "" "sudo\-rs 0.2.10" "sudo\-rs"
+.TH "SUDO" "8" "" "sudo\-rs 0.2.11" "sudo\-rs"
 .SH NAME
 \f[CR]sudo\f[R], \f[CR]sudoedit\f[R] \- execute a command as another
 user
diff --git a/docs/man/sudo.8.md b/docs/man/sudo.8.md
@@ -1,5 +1,5 @@
 ---
-title: SUDO(8) sudo-rs 0.2.10 | sudo-rs
+title: SUDO(8) sudo-rs 0.2.11 | sudo-rs
 ---
 
 # NAME
diff --git a/docs/man/sudoers.5.man b/docs/man/sudoers.5.man
@@ -1,6 +1,6 @@
 .\" Automatically generated by Pandoc 3.6.3
 .\"
-.TH "SUDOERS" "5" "" "sudo\-rs 0.2.10" "sudo\-rs"
+.TH "SUDOERS" "5" "" "sudo\-rs 0.2.11" "sudo\-rs"
 .SH NAME
 \f[CR]sudoers\f[R] \- sudo\-compatible security configuration
 .SH DESCRIPTION
@@ -30,11 +30,8 @@ start time of the session leader (or parent process) and a timestamp
 (using a monotonic clock if one is available).
 The user may then use sudo without a password for a short period of time
 (15 minutes unless overridden by the timestamp_timeout option).
-By default, \f[CR]sudo\-rs\f[R] uses a separate record for each
-terminal, which means that a user\[cq]s login sessions are authenticated
-separately.
-The timestamp_type option can be used to select the type of timestamp
-record sudoers will use.
+\f[CR]sudo\-rs\f[R] uses a separate record for each terminal, which
+means that a user\[cq]s login sessions are authenticated separately.
 .SS Logging
 By default, \f[CR]sudo\-rs\f[R] logs both successful and unsuccessful
 attempts (as well as errors).
@@ -46,10 +43,10 @@ environment are inherited by the command to be run.
 .PP
 In \f[CR]sudo\-rs\f[R], the \f[I]env_reset\f[R] flag cannot be disabled.
 This causes commands to be executed with a new, minimal environment.
-The \f[CR]HOME\f[R], \f[CR]MAIL\f[R], \f[CR]SHELL\f[R],
-\f[CR]LOGNAME\f[R] and \f[CR]USER\f[R] environment variables are
-initialized based on the target user and the \f[CR]SUDO_*\f[R] variables
-are set based on the invoking user.
+The \f[CR]HOME\f[R], \f[CR]SHELL\f[R], \f[CR]LOGNAME\f[R] and
+\f[CR]USER\f[R] environment variables are initialized based on the
+target user and the \f[CR]SUDO_*\f[R] variables are set based on the
+invoking user.
 Additional variables, such as \f[CR]DISPLAY\f[R], \f[CR]PATH\f[R] and
 \f[CR]TERM\f[R], are preserved from the invoking user\[cq]s environment
 if permitted by the \f[I]env_check\f[R] or \f[I]env_keep\f[R] options.
@@ -539,9 +536,6 @@ entry would be:
    queen     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
 .EE
 .PP
-Note, however, that the PASSWD tag has no effect on users who are in the
-group specified by the exempt_group setting.
-.PP
 By default, if the NOPASSWD tag is applied to any of a user\[cq]s
 entries for the current host, the user will be able to run \[lq]sudo
 \-l\[rq] without a password.
@@ -885,8 +879,9 @@ first editor in the list that exists and is executable if not.
 Unless invoked as \f[B]sudoedit\f[R], sudo does not preserve the
 SUDO_EDITOR, VISUAL or EDITOR environment variables unless they are
 present in the \f[B]env_keep\f[R] list.
-The default on Linux is \f[I]/usr/bin/editor\f[R], on FreeBSD
-\f[I]/usr/vim/vi\f[R].
+The default on Linux is
+\f[I]/usr/bin/editor:/usr/bin/nano:/usr/bin/vi\f[R].
+On FreeBSD the default is \f[I]/usr/bin/vi\f[R].
 .RE
 .SS Strings that can be used in a boolean context:
 .IP \[bu] 2
diff --git a/docs/man/sudoers.5.md b/docs/man/sudoers.5.md
@@ -1,5 +1,5 @@
 ---
-title: SUDOERS(5) sudo-rs 0.2.10 | sudo-rs
+title: SUDOERS(5) sudo-rs 0.2.11 | sudo-rs
 ---
 
 # NAME
diff --git a/docs/man/visudo.8.man b/docs/man/visudo.8.man
@@ -1,6 +1,6 @@
 .\" Automatically generated by Pandoc 3.6.3
 .\"
-.TH "VISUDO" "8" "" "sudo\-rs 0.2.10" "sudo\-rs"
+.TH "VISUDO" "8" "" "sudo\-rs 0.2.11" "sudo\-rs"
 .SH NAME
 \f[CR]visudo\f[R] \- safely edit the sudoers file
 .SH SYNOPSIS
diff --git a/docs/man/visudo.8.md b/docs/man/visudo.8.md
@@ -1,5 +1,5 @@
 ---
-title: VISUDO(8) sudo-rs 0.2.10 | sudo-rs
+title: VISUDO(8) sudo-rs 0.2.11 | sudo-rs
 ---
 
 # NAME

-Original file line number
+Diff line change
@@ @@ -1,5 +1,5 @@ @@
 ---
 -title: SU(1) sudo-rs 0.2.10 | sudo-rs
 +title: SU(1) sudo-rs 0.2.11 | sudo-rs
 ---
 # NAME