[sudo-announce] sudo 1.8.12 released
Todd C. Miller
Todd.Miller at courtesan.com
Tue Feb 10 09:28:10 MST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sudo version 1.8.12 is now available. In addition to bug fixes,
sudo 1.8.12 features an updated debug framework where debugging for
the plugins is now configured separately from the sudo front-end.
Multiple debug files are supported per program. There is also new
support for directly querying an LDAP server for a user's netgroups.
Sudo 1.8.12 also includes a security fix that affects how the TZ
environment variable is handled. For more information, please see
http://www.sudo.ws/alerts/tz.html
Source:
http://www.sudo.ws/dist/sudo-1.8.12.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.12.tar.gz
SHA256 checksum:
163b51841de8ad19276581a6782d61f5948f1f72a0a843371a1c167d3dc4f3b0
MD5 checksum:
87558f3a55c62bc9244b19594f103ffa
Binary packages:
http://www.sudo.ws/download.html#binary
For a list of download mirror sites, see:
http://www.sudo.ws/download_mirrors.html
Sudo web site:
http://www.sudo.ws/
Sudo web site mirrors:
http://www.sudo.ws/mirrors.html
Major changes between sudo 1.8.12 and 1.8.11p2:
* The embedded copy of zlib has been upgraded to version 1.2.8 and
is now installed as a shared library where supported.
* Debug settings for the sudo front end and sudoers plugin are now
configured separately.
* Multiple sudo.conf Debug entries may now be specified per program
(or plugin).
* The plugin API has been extended such that the path to the plugin
that was loaded is now included in the settings array. This
path can be used to register with the debugging subsystem. The
debug_flags setting is now prefixed with a file name and may be
specified multiple times if there is more than one matching Debug
setting in sudo.conf.
* The sudoers regression tests now run with the locale set to C
since some of the tests compare output that includes locale-specific
messages. Bug #672
* Fixed a bug where sudo would not run commands on Linux when
compiled with audit support if audit is disabled. Bug #671
* Added __BASH_FUNC<* to the environment blacklist to match
Apple's syntax for newer-style bash functions.
* The default password prompt now includes a trailing space after
"Password:" for consistency with su(1) on most systems.
Bug #663
* Fixed a problem on DragonFly BSD where SIGCHLD could be ignored,
preventing sudo from exiting. Bug #676
* Visudo will now use the optional sudoers_file, sudoers_mode,
sudoers_uid and sudoers_gid arguments if specified on the
sudoers.so Plugin line in the sudo.conf file.
* Fixed a problem introduced in sudo 1.8.8 that prevented the full
host name from being used when the "fqdn" sudoers option is used.
Bug #678
* French and Russian translations for sudoers from translationproject.org.
* Sudo now installs a handler for SIGCHLD signal handler immediately
before stating the process that will execute the command (or
start the monitor). The handler used to be installed earlier
but this causes problems with poorly behaved PAM modules that
install their own SIGCHLD signal handler and neglect to restore
sudo's original handler. Bug #657
* Removed a limit on the length of command line arguments expanded
by a wild card using sudo's version of the fnmatch() function.
This limit was introduced when sudo's version of fnmatch()
was replaced in sudo 1.8.4.
* LDAP-based sudoers can now query an LDAP server for a user's
netgroups directly. This is often much faster than fetching
every sudoRole object containing a sudoUser that begins with a
`+' prefix and checking whether the user is a member of any of
the returned netgroups.
* The mail_always sudoers option no longer sends mail for "sudo -l"
or "sudo -v" unless the user is unable to authenticate themselves.
* Fixed a crash when sudo is run with an empty argument vector.
* Fixed two potential crashes when sudo is run with very low
resource limits.
* The TZ environment variable is now checked for safety instead
of simply being copied to the environment of the command.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTaMZAACgkQWonfon7kcMSACwCcDa3ppAZlmuzp/szbZ5LwIzx6
c9QAn13IZksFMC/zxnvWBeIgLYsZmqX5
=TLiK
-----END PGP SIGNATURE-----
More information about the sudo-announce
mailing list