[sudo-announce] sudo 1.8.9p4 released

Todd C. Miller Todd.Miller at courtesan.com
Wed Jan 15 13:54:21 MST 2014

Hash: SHA1

Sudo version 1.8.9p4 is now available.  This version fixes a bug
where sudo could consume large amounts of CPU on some platforms.


SHA256 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.9p4 and 1.8.9p3:

 * Fixed a bug where sudo could consume large amounts of CPU while
   the command was running when I/O logging is not enabled.  Bug #631

 * Fixed a bug where sudo would exit with an error when the debug
   level is set to util at debug or all at debug and I/O logging is not
   enabled.  The command would continue runnning after sudo exited.

Major changes between sudo 1.8.9p3 and 1.8.9p2:

 * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
   from being resolved properly on Linux systems.  Bug #630.

Major changes between sudo 1.8.9p2 and 1.8.9p1:

 * Updated config.guess, config.sub and libtool to support the ppc64le
   architecture (IBM PowerPC Little Endian).

Major changes between sudo 1.8.9p1 and 1.8.9:

 * Fixed a problem with gcc 4.8's handling of bit fields that could
   lead to the noexec flag being enabled even when it was not
   explicitly set.

Major changes between sudo 1.8.9 and 1.8.8:

 * Reworked sudo's main event loop to use a simple event subsystem
   using poll(2) or select(2) as the back end.

 * It is now possible to statically compile the sudoers plugin into
   the sudo binary without disabling shared library support.  The
   sudo.conf file may still be used to configure other plugins.

 * Sudo can now be compiled again with a C preprocessor that does
   not support variadic macros.

 * Visudo can now export a sudoers file in JSON format using the
   new -x flag.

 * The locale is now set correctly again for visudo and sudoreplay.

 * The plugin API has been extended to allow the plugin to exclude
   specific file descriptors from the "closefrom" range.

 * There is now a workaround for a Solaris-specific problem where
   NOEXEC was overriding traditional root DAC behavior.

 * Add user netgroup filtering for SSSD. Previously, rules for
   a netgroup were applied to all even when they did not belong
   to the specified netgroup.

 * On systems with BSD login classes, if the user specified a group
   (not a user) to run the command as, it was possible to specify
   a different login class even when the command was not run as the
   super user.

 * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.

 * Fixed a bug where sudoedit would not update the original file
   from the temporary when PAM or I/O logging is not enabled.

 * When recycling I/O logs, the log files are now truncated properly.

 * Fixes bugs #621, #622, #623, #624, #625, #626
Version: GnuPG v1.4.13 (OpenBSD)


More information about the sudo-announce mailing list