[sudo-announce] sudo 1.8.10p3 released

Todd C. Miller Todd.Miller at courtesan.com
Wed May 7 14:36:19 MDT 2014

Hash: SHA1

Sudo version 1.8.10p3 is now available.  This is a bugfix release.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.10p3 and 1.8.10p2:

 * Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
   runaspw or targetpw is set.  Bug #639

 * Fixed matching of uids and gids which was broken in version 1.8.9.
   Bug #640

 * PAM credential initialization has been re-enabled.  It was
   unintentionally disabled by default in version 1.8.8.  The way
   credentials are initialized has also been fixed.  Bug #642.

 * Fixed a descriptor leak on Linux when determing boot time.  Sudo
   normally closes extra descriptors before running a command so
   the impact is limited.  Bug #645

 * Fixed flushing of the last buffer of data when I/O logging is
   enabled.  This bug, introduced in version 1.8.9, could cause
   incomplete command output on some systems.  Bug #646

Major changes between sudo 1.8.10p2 and 1.8.10p1:

 * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
   is set to zero.  Bug #638

Major changes between sudo 1.8.10p1 and 1.8.10:

 * Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
   of tty-based tickets.

 * Fixed a bug with netgated commands in "sudo -l command" that
   could cause the command to be listed even when it was explicitly
   denied.  This only affected list mode when a command was specified.
   Bug #636

Major changes between sudo 1.8.10 and 1.8.9p5:

 * It is now possible to disable network interface probing in
   sudo.conf by changing the value of the probe_interfaces

 * When listing a user's privileges (sudo -l), the sudoers plugin
   will now prompt for the user's password even if the targetpw,
   rootpw or runaspw options are set.

 * The sudoers plugin uses a new format for its time stamp files.
   Each user now has a single file which may contain multiple records
   when per-tty time stamps are in use (the default).  The time
   stamps use a monotonic timer where available and are once again
   located in a directory under /var/run.  The lecture status is
   now stored separately from the time stamps in a different directory.
   Bug #616

 * sudo's -K option will now remove all of the user's time stamps,
   not just the time stamp for the current terminal.  The -k option
   can be used to only disable time stamps for the current terminal.

 * If sudo was started in the background and needed to prompt for
   a password, it was not possible to suspend it at the password
   prompt.  This now works properly.

 * LDAP-based sudoers now uses a default search filter of
   (objectClass=sudoRole) for more efficient queries.  The netgroup
   query has been modified to avoid falling below the minimum length
   for OpenLDAP substring indices.

 * The new "use_netgroups" sudoers option can be used to explicitly
   enable or disable netgroups support.  For LDAP-based sudoers,
   netgroup support requires an expensive substring match on the
   server.  If netgroups are not needed, this option can be disabled
   to reduce the load on the LDAP server.

 * Sudo is once again able to open the sudoers file when the group
   on sudoers doesn't match the expected value, so long as the file
   is not group writable.

 * Sudo now installs an init.d script to clear the time stamp
   directory at boot time on AIX and HP-UX systems.  These systems
   either lack /var/run or do not clear it on boot.

 * The JSON format used by "visudo -x" now properly supports the
   negation operator.  In addition, the Options object is now the
   same for both Defaults and Cmnd_Specs.

 * Czech and Serbian translations for sudoers from translationproject.org.

 * Catalan translation for sudo from translationproject.org.
Version: GnuPG v1.4.13 (OpenBSD)


More information about the sudo-announce mailing list