[sudo-announce] sudo 1.8.9p4 released
Todd C. Miller
Todd.Miller at courtesan.com
Wed Jan 15 13:54:21 MST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Sudo version 1.8.9p4 is now available. This version fixes a bug
where sudo could consume large amounts of CPU on some platforms.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.9p4 and 1.8.9p3:
* Fixed a bug where sudo could consume large amounts of CPU while
the command was running when I/O logging is not enabled. Bug #631
* Fixed a bug where sudo would exit with an error when the debug
level is set to util at debug or all at debug and I/O logging is not
enabled. The command would continue runnning after sudo exited.
Major changes between sudo 1.8.9p3 and 1.8.9p2:
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
from being resolved properly on Linux systems. Bug #630.
Major changes between sudo 1.8.9p2 and 1.8.9p1:
* Updated config.guess, config.sub and libtool to support the ppc64le
architecture (IBM PowerPC Little Endian).
Major changes between sudo 1.8.9p1 and 1.8.9:
* Fixed a problem with gcc 4.8's handling of bit fields that could
lead to the noexec flag being enabled even when it was not
Major changes between sudo 1.8.9 and 1.8.8:
* Reworked sudo's main event loop to use a simple event subsystem
using poll(2) or select(2) as the back end.
* It is now possible to statically compile the sudoers plugin into
the sudo binary without disabling shared library support. The
sudo.conf file may still be used to configure other plugins.
* Sudo can now be compiled again with a C preprocessor that does
not support variadic macros.
* Visudo can now export a sudoers file in JSON format using the
new -x flag.
* The locale is now set correctly again for visudo and sudoreplay.
* The plugin API has been extended to allow the plugin to exclude
specific file descriptors from the "closefrom" range.
* There is now a workaround for a Solaris-specific problem where
NOEXEC was overriding traditional root DAC behavior.
* Add user netgroup filtering for SSSD. Previously, rules for
a netgroup were applied to all even when they did not belong
to the specified netgroup.
* On systems with BSD login classes, if the user specified a group
(not a user) to run the command as, it was possible to specify
a different login class even when the command was not run as the
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
* Fixed a bug where sudoedit would not update the original file
from the temporary when PAM or I/O logging is not enabled.
* When recycling I/O logs, the log files are now truncated properly.
* Fixes bugs #621, #622, #623, #624, #625, #626
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the sudo-announce