[sudo-announce] sudo 1.8.8 released

Todd C. Miller Todd.Miller at courtesan.com
Mon Sep 30 20:21:21 MDT 2013

Hash: SHA1

Sudo version 1.8.8 is now available.  This is primarily a bug fix
release.  See the list of major changes below for details.


Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.8 and 1.8.7:

 * Removed a warning on PAM systems with stacked auth modules
   where the first module on the stack does not succeed.

 * Sudo, sudoreplay and visudo now support GNU-style long options.

 * The -h (--host) option may now be used to specify a host name.
   This is currently only used by the sudoers plugin in conjunction
   with the -l (--list) option.

 * Program usage messages and manual SYNOPSIS sections have been

 * Sudo's LDAP SASL support now works properly with Kerberos.
   Previously, the SASL library was unable to locate the user's
   credential cache.

 * It is now possible to set the nproc resource limit to unlimited
   via pam_limits on Linux (bug #565).

 * New "pam_service" and "pam_login_service" sudoers options
   that can be used to specify the PAM service name to use.

 * New "pam_session" and "pam_setcred" sudoers options that
   can be used to disable PAM session and credential support.

 * The sudoers plugin now properly supports UIDs and GIDs
   that are larger than 0x7fffffff on 32-bit platforms.

 * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
   Defaults entries would cause an internal error.

 * If the "tty_tickets" sudoers option is enabled (the default),
   but there is no tty present, sudo will now use a ticket file
   based on the parent process ID.  This makes it possible to support
   the normal timeout behavior for the session.

 * Fixed a problem running commands that change their process
   group and then attempt to change the terminal settings when not
   running the command in a pseudo-terminal.  Previously, the process
   would receive SIGTTOU since it was effectively a background
   process.  Sudo will now grant the child the controlling tty and
   continue it when this happens.

 * The "closefrom_override" sudoers option may now be used in
   a command-specified Defaults entry (bug #610).

 * Sudo's BSM audit support now works on Solaris 11.

 * Brazilian Portuguese translation for sudo and sudoers from

 * Czech translation for sudo from translationproject.org.

 * French translation for sudo from translationproject.org.

 * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
   symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
   which causes issues with some programs.

 * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.

 * Root may no longer change its SELinux role without entering
   a password.

 * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
   to the I/O log timing file are two greater than they should be.
   Sudoreplay now contains a work-around to parse those files.

 * In sudoreplay's list mode, the "this" qualifier in "fromdate"
   or "todate" expressions now behaves more sensibly.  Previously,
   it would often match a date that was "one more" than expected.
   For example, "this week" now matches the current week instead
   of the following week.
Version: GnuPG v1.4.13 (OpenBSD)


More information about the sudo-announce mailing list