[sudo-announce] sudo 1.8.8 released
Todd C. Miller
Todd.Miller at courtesan.com
Mon Sep 30 20:21:21 MDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Sudo version 1.8.8 is now available. This is primarily a bug fix
release. See the list of major changes below for details.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.8 and 1.8.7:
* Removed a warning on PAM systems with stacked auth modules
where the first module on the stack does not succeed.
* Sudo, sudoreplay and visudo now support GNU-style long options.
* The -h (--host) option may now be used to specify a host name.
This is currently only used by the sudoers plugin in conjunction
with the -l (--list) option.
* Program usage messages and manual SYNOPSIS sections have been
* Sudo's LDAP SASL support now works properly with Kerberos.
Previously, the SASL library was unable to locate the user's
* It is now possible to set the nproc resource limit to unlimited
via pam_limits on Linux (bug #565).
* New "pam_service" and "pam_login_service" sudoers options
that can be used to specify the PAM service name to use.
* New "pam_session" and "pam_setcred" sudoers options that
can be used to disable PAM session and credential support.
* The sudoers plugin now properly supports UIDs and GIDs
that are larger than 0x7fffffff on 32-bit platforms.
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group
Defaults entries would cause an internal error.
* If the "tty_tickets" sudoers option is enabled (the default),
but there is no tty present, sudo will now use a ticket file
based on the parent process ID. This makes it possible to support
the normal timeout behavior for the session.
* Fixed a problem running commands that change their process
group and then attempt to change the terminal settings when not
running the command in a pseudo-terminal. Previously, the process
would receive SIGTTOU since it was effectively a background
process. Sudo will now grant the child the controlling tty and
continue it when this happens.
* The "closefrom_override" sudoers option may now be used in
a command-specified Defaults entry (bug #610).
* Sudo's BSM audit support now works on Solaris 11.
* Brazilian Portuguese translation for sudo and sudoers from
* Czech translation for sudo from translationproject.org.
* French translation for sudo from translationproject.org.
* Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
which causes issues with some programs.
* Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
* Root may no longer change its SELinux role without entering
* Fixed a bug introduced in Sudo 1.8.7 where the indexes written
to the I/O log timing file are two greater than they should be.
Sudoreplay now contains a work-around to parse those files.
* In sudoreplay's list mode, the "this" qualifier in "fromdate"
or "todate" expressions now behaves more sensibly. Previously,
it would often match a date that was "one more" than expected.
For example, "this week" now matches the current week instead
of the following week.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the sudo-announce