- PAM account management modules are now run even when no password is required.
- For kernel-based time stamps, if no terminal is present, fall back to parent-pid style time stamps.
- The new cvtsudoers utility replaces both the "sudoers2ldif" script and the "visudo -x" functionality. It can read a file in either sudoers or LDIF format and produce JSON, LDIF or sudoers output. It is also possible to filter the generated output file by user, group or host name.
- The file, ldap and sss sudoers backends now share a common set of formatting functions for "sudo -l" output, which is also used by the cvtsudoers utility.
- The /run directory is now used in preference to /var/run if it exists.
- More accurate descriptions of the --with-rundir and --with-vardir configure options.
- The setpassent() and setgroupent() functions are now used on systems that support them to keep the passwd and group database open. Sudo performs a lot of passwd and group lookups so it can be beneficial to avoid opening and closing the files each time.
- The new case_insensitive_user and case_insensitive_group sudoers options can be used to control whether sudo does case-sensitive matching of users and groups in sudoers. Case insensitive matching is now the default.
- Fixed a bug on some systems where sudo could hang on command exit when I/O logging was enabled.
- Fixed the build-time process start time test on Linux when the test is run from within a container.
- When determining which temporary directory to use, sudoedit now checks the directory for writability before using it. Previously, sudoedit only performed an existence check.
- Sudo now includes an optional set of Monty Python-inspired insults.
- Chinese (Taiwan) translation for sudo from translationproject.org.
Signed-off-by: Pierre-Yves <pyu@riseup.net>