[sudo-announce] sudo 1.8.8 released
Todd C. Miller
Todd.Miller at courtesan.com
Mon Sep 30 20:21:21 MDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sudo version 1.8.8 is now available. This is primarily a bug fix
release. See the list of major changes below for details.
Source:
http://www.sudo.ws/sudo/dist/sudo-1.8.8.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.8.tar.gz
Binary packages:
http://www.sudo.ws/sudo/download.html#binary
For a list of download mirror sites, see:
http://www.sudo.ws/sudo/download_mirrors.html
Sudo web site:
http://www.sudo.ws/sudo/
Sudo web site mirrors:
http://www.sudo.ws/sudo/mirrors.html
Major changes between sudo 1.8.8 and 1.8.7:
* Removed a warning on PAM systems with stacked auth modules
where the first module on the stack does not succeed.
* Sudo, sudoreplay and visudo now support GNU-style long options.
* The -h (--host) option may now be used to specify a host name.
This is currently only used by the sudoers plugin in conjunction
with the -l (--list) option.
* Program usage messages and manual SYNOPSIS sections have been
simplified.
* Sudo's LDAP SASL support now works properly with Kerberos.
Previously, the SASL library was unable to locate the user's
credential cache.
* It is now possible to set the nproc resource limit to unlimited
via pam_limits on Linux (bug #565).
* New "pam_service" and "pam_login_service" sudoers options
that can be used to specify the PAM service name to use.
* New "pam_session" and "pam_setcred" sudoers options that
can be used to disable PAM session and credential support.
* The sudoers plugin now properly supports UIDs and GIDs
that are larger than 0x7fffffff on 32-bit platforms.
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group
Defaults entries would cause an internal error.
* If the "tty_tickets" sudoers option is enabled (the default),
but there is no tty present, sudo will now use a ticket file
based on the parent process ID. This makes it possible to support
the normal timeout behavior for the session.
* Fixed a problem running commands that change their process
group and then attempt to change the terminal settings when not
running the command in a pseudo-terminal. Previously, the process
would receive SIGTTOU since it was effectively a background
process. Sudo will now grant the child the controlling tty and
continue it when this happens.
* The "closefrom_override" sudoers option may now be used in
a command-specified Defaults entry (bug #610).
* Sudo's BSM audit support now works on Solaris 11.
* Brazilian Portuguese translation for sudo and sudoers from
translationproject.org.
* Czech translation for sudo from translationproject.org.
* French translation for sudo from translationproject.org.
* Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
which causes issues with some programs.
* Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
* Root may no longer change its SELinux role without entering
a password.
* Fixed a bug introduced in Sudo 1.8.7 where the indexes written
to the I/O log timing file are two greater than they should be.
Sudoreplay now contains a work-around to parse those files.
* In sudoreplay's list mode, the "this" qualifier in "fromdate"
or "todate" expressions now behaves more sensibly. Previously,
it would often match a date that was "one more" than expected.
For example, "this week" now matches the current week instead
of the following week.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
iEYEARECAAYFAlJKMZUACgkQWonfon7kcMT2GwCgxsuuxXO8ndR4Li0lolbFPa66
vOsAnjFVdVuyftbeTysBsmKjI1Ajz1l+
=S7SK
-----END PGP SIGNATURE-----
More information about the sudo-announce
mailing list