update changelog and bump version numbers

squell · squell · commit 17ead4e377b0 · 2025-05-06T18:57:42.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,26 @@
 # Changelog
 
+## [0.2.6] - 2025-05-06
+
+### Added
+- Support for `Defaults setenv`
+- Support for the `list` pseudocommand to control `sudo -U`
+- Support for switching AppArmor profiles though `Defaults apparmor_profile` and
+  the `APPARMOR_PROFILE` command modifier. To enable this, build sudo-rs with
+  the apparmor feature enabled.
+
+### Changed
+- Added a check against PAM modules changing the user during authentication (#1062)
+- `list` pseudocommand now controls whether a password is required for `sudo -l -U`
+
+### Fixed
+- Usernames commonly used by Active Directory were not parsed correctly (#1064)
+- Test compilation was broken on 32-bit systems (#1074)
+- `pwfeedback` was ignored for `sudo --list` and `sudo --validate`  (#1092)
+-  Compilation with musl instead of glibc on Linux was not possible (#1084)
+- `sudo --list` now does more checking before reporting errors or listing the
+  rights of a user, fixing two security bugs (CVE-2025-46717 and CVE-2025-46718)
+
 ## [0.2.5] - 2025-04-01
 
 ### Added
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "sudo-rs"
 description = "A memory safe implementation of sudo and su."
-version = "0.2.5"
+version = "0.2.6"
 license = "Apache-2.0 OR MIT"
 edition = "2021"
 repository = "https://github.com/trifectatechfoundation/sudo-rs"
diff --git a/README.md b/README.md
@@ -114,6 +114,8 @@ Sudo-rs then also needs the configuration files; please follow the installation
 suggestions in the previous section.
 
 ### Feature flags
+
+#### --features pam-login
 By default, sudo-rs will use the PAM service name `sudo`. On Debian and Fedora
 systems, it is customary that the name `sudo-i` is used when the `-i / --login`
 command line option is used. To get this behaviour, enable the `pam-login`
@@ -123,6 +125,16 @@ cargo build --release --features pam-login
 ```
 This feature is enabled on our pre-supplied binaries.
 
+#### --features apparmor
+sudo-rs has support for selecting AppArmor profile on Linux distributions that
+support AppArmor such as Debian and Ubuntu. To enable this feature, build sudo-rs
+with apparmor support enabled:
+```
+cargo build --release --features apparmor
+```
+
+This feature is disabled on our pre-supplied binaries.
+
 [rustup]: https://rustup.rs/
 
 ## Differences from original sudo
@@ -141,6 +153,8 @@ Exceptions to the above, with respect to your `/etc/sudoers` configuration:
 * `mail_badpass`, `always_set_home`, `always_query_group_plugin` and
   `match_group_by_gid` are not applicable to our implementation, but ignored for
   compatibility reasons.
+* the (NO)PASSWD tag on the "list" pseudocommand will determine whether a password
+  is required for the `sudo -U --list` command, instead of `listpw`.
 
 Some other notable restrictions to be aware of:
 
@@ -189,12 +203,14 @@ sudo, our work may evolve beyond that target. We are also looking into
 alternative ways to configure sudo without the sudoers config file syntax and to
 extract parts of our work in usable crates for other people.
 
-## Sponsors
-
-The initial development of sudo-rs was started and funded by the [Internet Security Research Group](https://www.abetterinternet.org/) as part of the [Prossimo project](https://www.memorysafety.org/).
+## History
 
-An independent security audit of sudo-rs was made possible by the [NLNet Foundation](https://nlnet.nl/), who also [sponsored](https://nlnet.nl/project/sudo-rs/) several feature additions and the FreeBSD porting effort.
+The initial development of sudo-rs was started and funded by the [Internet Security Research Group](https://www.abetterinternet.org/) as part of the [Prossimo project](https://www.memorysafety.org/)
 
-## Acknowledgement
+## Acknowledgements
 
 Sudo-rs is an independent implementation, but it incorporates documentation and Rust translations of code from [sudo](https://www.sudo.ws/), maintained by Todd C. Miller. We thank Todd and the other sudo contributors for their work.
+
+An independent security audit of sudo-rs was made possible by the [NLNet Foundation](https://nlnet.nl/), who also [sponsored](https://nlnet.nl/project/sudo-rs/) work on increased compatibility with the original sudo and the FreeBSD port.
+
+The sudo-rs project would not have existed without the support of its sponsors, a full overview is maintained at https://trifectatech.org/initiatives/privilege-boundary/
diff --git a/docs/man/su.1.md b/docs/man/su.1.md
@@ -1,5 +1,5 @@
 ---
-title: SU(1) sudo-rs 0.2.5 | sudo-rs
+title: SU(1) sudo-rs 0.2.6 | sudo-rs
 ---
 
 # NAME
diff --git a/docs/man/sudo.8.md b/docs/man/sudo.8.md
@@ -1,5 +1,5 @@
 ---
-title: SUDO(8) sudo-rs 0.2.5 | sudo-rs
+title: SUDO(8) sudo-rs 0.2.6 | sudo-rs
 ---
 
 # NAME
diff --git a/docs/man/visudo.8.md b/docs/man/visudo.8.md
@@ -1,5 +1,5 @@
 ---
-title: VISUDO(8) sudo-rs 0.2.5 | sudo-rs
+title: VISUDO(8) sudo-rs 0.2.6 | sudo-rs
 ---
 
 # NAME

-Original file line number
+Diff line change
@@ @@ -1,5 +1,5 @@ @@
 ---
 -title: SU(1) sudo-rs 0.2.5 | sudo-rs
 +title: SU(1) sudo-rs 0.2.6 | sudo-rs
 ---
 # NAME