[sudo-announce] sudo 1.8.10p3 released
Todd C. Miller
Todd.Miller at courtesan.com
Wed May 7 14:36:19 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Sudo version 1.8.10p3 is now available. This is a bugfix release.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.10p3 and 1.8.10p2:
* Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
runaspw or targetpw is set. Bug #639
* Fixed matching of uids and gids which was broken in version 1.8.9.
* PAM credential initialization has been re-enabled. It was
unintentionally disabled by default in version 1.8.8. The way
credentials are initialized has also been fixed. Bug #642.
* Fixed a descriptor leak on Linux when determing boot time. Sudo
normally closes extra descriptors before running a command so
the impact is limited. Bug #645
* Fixed flushing of the last buffer of data when I/O logging is
enabled. This bug, introduced in version 1.8.9, could cause
incomplete command output on some systems. Bug #646
Major changes between sudo 1.8.10p2 and 1.8.10p1:
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
is set to zero. Bug #638
Major changes between sudo 1.8.10p1 and 1.8.10:
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
of tty-based tickets.
* Fixed a bug with netgated commands in "sudo -l command" that
could cause the command to be listed even when it was explicitly
denied. This only affected list mode when a command was specified.
Major changes between sudo 1.8.10 and 1.8.9p5:
* It is now possible to disable network interface probing in
sudo.conf by changing the value of the probe_interfaces
* When listing a user's privileges (sudo -l), the sudoers plugin
will now prompt for the user's password even if the targetpw,
rootpw or runaspw options are set.
* The sudoers plugin uses a new format for its time stamp files.
Each user now has a single file which may contain multiple records
when per-tty time stamps are in use (the default). The time
stamps use a monotonic timer where available and are once again
located in a directory under /var/run. The lecture status is
now stored separately from the time stamps in a different directory.
* sudo's -K option will now remove all of the user's time stamps,
not just the time stamp for the current terminal. The -k option
can be used to only disable time stamps for the current terminal.
* If sudo was started in the background and needed to prompt for
a password, it was not possible to suspend it at the password
prompt. This now works properly.
* LDAP-based sudoers now uses a default search filter of
(objectClass=sudoRole) for more efficient queries. The netgroup
query has been modified to avoid falling below the minimum length
for OpenLDAP substring indices.
* The new "use_netgroups" sudoers option can be used to explicitly
enable or disable netgroups support. For LDAP-based sudoers,
netgroup support requires an expensive substring match on the
server. If netgroups are not needed, this option can be disabled
to reduce the load on the LDAP server.
* Sudo is once again able to open the sudoers file when the group
on sudoers doesn't match the expected value, so long as the file
is not group writable.
* Sudo now installs an init.d script to clear the time stamp
directory at boot time on AIX and HP-UX systems. These systems
either lack /var/run or do not clear it on boot.
* The JSON format used by "visudo -x" now properly supports the
negation operator. In addition, the Options object is now the
same for both Defaults and Cmnd_Specs.
* Czech and Serbian translations for sudoers from translationproject.org.
* Catalan translation for sudo from translationproject.org.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the sudo-announce