diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a311cbb2..4fec5d9c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +## [0.2.7] - 2025-06-xx + +### Added +- Linux kernels older than 5.9 are now supported. +- Support for `Defaults noexec`/`NOEXEC:` on Linux systems based on seccomp + filtering to prevent shell escapes in wide range of cases. This should also + work on programs not written in C and statically linked executables. +- Support for `umask` and `umask_override` +- `--preserve_env=VAR` is now supported to preserve selected environment + variables in a more convenient way + +### Changed +- sudo-rs now uses CLOEXEC to close open file descriptors in the child process +- Relative paths like `./` in `secure_path`/`PATH` are now ignored. +- `apparmor.so` is dynamically loaded by sudo itself, as-needed + +### Fixed +- Usernames that start with `_` or have non-western characters were not supported + as a valid username in /etc/sudoers (#1149) +- Other usability improvements in /etc/sudoers (#1117, #1126, #1134, #1157) + ## [0.2.6] - 2025-05-06 ### Added diff --git a/Cargo.toml b/Cargo.toml index 1047a34e9..92a2d7f01 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "sudo-rs" description = "A memory safe implementation of sudo and su." -version = "0.2.6" +version = "0.2.7-dev" license = "Apache-2.0 OR MIT" edition = "2021" repository = "https://github.com/trifectatechfoundation/sudo-rs" diff --git a/util/build-release.sh b/util/build-release.sh index 1d2a43bb3..cf79c38d8 100755 --- a/util/build-release.sh +++ b/util/build-release.sh @@ -14,7 +14,7 @@ DATE=$(grep -m1 '^##' "$PROJECT_DIR"/CHANGELOG.md | grep -o '[0-9]\{4\}-[0-9]\{2 # Build binaries docker build --pull --tag "$BUILDER_IMAGE_TAG" --file "$SCRIPT_DIR/Dockerfile-release" "$SCRIPT_DIR" docker run --rm --user "$(id -u):$(id -g)" -v "$PROJECT_DIR:/build" -w "/build" "$BUILDER_IMAGE_TAG" cargo clean -docker run --rm --user "$(id -u):$(id -g)" -v "$PROJECT_DIR:/build" -w "/build" "$BUILDER_IMAGE_TAG" cargo build --release --features pam-login +docker run --rm --user "$(id -u):$(id -g)" -v "$PROJECT_DIR:/build" -w "/build" "$BUILDER_IMAGE_TAG" cargo build --release --features pam-login,apparmor # Generate man pages "$PROJECT_DIR/util/generate-docs.sh"