Current Development Release
The current development release of sudo is
1.9.4rc2.
Binary packages
are also available for the development releases.
For full details see the ChangeLog
file or view the commit history in
mercurial.
If you plan to use a development release of sudo, please subscribe
to the sudo-workers mailing list so
that you will receive updates on bug fixes and related announcements.
You may also be interested in the
sudo-commits mailing list which
receives a message for each commit to the sudo source tree.
Major changes between version 1.9.4rc1 and 1.9.4b2:
- For sudo_logsrvd, an empty value for the pid_file setting in
sudo_logsrvd.con will now disable the process ID file.
Major changes between version 1.9.4rc1 and 1.9.4b2:
- The fix for sudo_logsrvd debug handling on SIGHUP
caused problems for sudo, which initializes the debug
framework more than once but with different flags.
- Updated translations from
translationproject.org.
Major changes between version 1.9.4b2 and 1.9.4b1:
- The sudoers plugin now defaults to sudo-format logs by default,
as per the documentation (and historical behavior).
- Fixed a crash in the sudoers plugin when an I/O plugin
logging function returned an error.
Major changes between version 1.9.4b1 and 1.9.3p1:
- The sudoers parser will now detect when an upper-case reserved
word is used when declaring an alias. Now instead of syntax
error, unexpected CHROOT, expecting ALIAS the message will be
syntax error, reserved word CHROOT used as an alias name.
Bug #941.
- Better handling of sudoers files without a final newline.
The parser now adds a newline at end-of-file automatically which
removes the need for special cases in the parser.
- Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
where an uninitialized pointer could be freed on an error path.
GitHub Issue #67.
- The core logging code is now shared between sudo_logsrvd and
the sudoers plugin.
- JSON log entries sent to syslog now use minimal JSON which
skips all non-essention whitespace.
- The sudoers plugin can now produce JSON-formatted logs. The
log_format sudoers option can be used to select sudo or json
format logs. The default is sudo format logs.
- The sudoers plugin and visudo now display the column number in
syntax error messages in addition to the line number.
Bug #841.
- If I/O logging is not enabled but log_servers is set, the
sudoers plugin will now log accept events to sudo_logsrvd.
Previously, the accept event was only sent when I/O logging was
enabled. The sudoers plugin now sends reject and alert events too.
- The sudo logsrv protocol has been extended to allow an
AlertMessage to contain an optional array of
InfoMessage, as AcceptMessage and
RejectMessage already do.
- Fixed a bug in sudo_logsrvd where receipt of SIGHUP would
result in duplicate entries in the debug log when debugging was enabled.
- The visudo utility now supports EDITOR environment variables
that use single or double quotes in the command arguments.
Bug #942.
- The PAM session modules now run when sudo is set-user-ID root,
which allows a module to determine the original user-ID.
Bug #944.
- Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
where sudoNotBefore and sudoNotAfter were applied even when the
SUDOERS_TIMED setting was not present in ldap.conf.
Bug #945.
- Sudo packages for macOS 11 now contain universal binaries that
support both Intel and Apple Silicon CPUs.