[sudo-announce] sudo 1.8.11p2 released
Todd C. Miller
Todd.Miller at courtesan.com
Thu Oct 30 10:11:36 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Sudo version 1.8.11p2 is now available. This is a bug fix release.
See below for a list of changes and bugs closed.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.11p2 and 1.8.11p1:
* Fixed a bug where dynamic shared objects loaded from a plugin
could use the hooked version of getenv() but not the hooked
versions of putenv(), setenv() or unsetenv(). This can cause
problems for PAM modules that use those functions.
Major changes between sudo 1.8.11p1 and 1.8.11:
* Fixed a compilation problem on some systems when the
--disable-shared-libutil configure option was specified.
* The user can no longer interrupt the sleep after an incorrect
password on PAM systems using pam_unix.
* Fixed a compilation problem on Linux systems that do not use PAM.
* "make install" will now work with the stock GNU autotools
install-sh script. Bug #669
* Fixed a crash with "sudo -i" when the current working directory
does not exist. Bug #670
* Fixed a potential crash in the debug subsystem when logging a message
larger that 1024 bytes.
* Fixed a "make check" failure for ttyname when stdin is closed and
stdout and stderr are redirected to a different tty. Bug #643
* Added BASH_FUNC_* to environment blacklist to match newer-style
Major changes between sudo 1.8.11 and 1.8.10p3:
* The sudoers plugin no longer uses setjmp/longjmp to recover
from fatal errors. All errors are now propagated to the caller
via return codes.
* When running a command in the background, sudo will now forward
SIGINFO to the command (if supported).
* Sudo will now use the system versions of the sha2 functions from
libc or libmd if available.
* Visudo now works correctly on GNU Hurd. Bug #647
* Fixed suspend and resume of curses programs on some system when
the command is not being run in a pseudo-terminal. Bug #649
* Fixed a crash with LDAP-based sudoers on some systems when
Kerberos was enabled.
* Sudo now includes optional Solaris audit support.
* Catalan translation for sudoers from translationproject.org.
* Norwegian Bokmaal translation for sudo from translationproject.org.
* Greek translation for sudoers from translationproject.org
* The sudo source tree has been reorganized to more closely resemble
that of other gettext-enabled packages.
* Sudo and its associated programs now link against a shared version
of libsudo_util. The --disable-shared-libutil configure option
may be used to force static linking if the --enable-static-sudoers
option is also specified.
* The passwords in ldap.conf and ldap.secret may now be encoded
* Audit updates. SELinux role changes are now audited. For
sudoedit, we now audit the actual editor being run, instead of
just the sudoedit command.
* Fixed bugs in the man page post-processing that could cause
portions of the manuals to be removed.
* Fixed a crash in the system_group plugin. Bug #653.
* Fixed sudoedit on platforms without a native version of the
getprogname() function. Bug #654.
* Fixed compilation problems with some pre-C99 compilers.
* Fixed sudo's -C option which was broken in version 1.8.9.
* It is now possible to match an environment variable's value as
well as its name using env_keep and env_check. This can be used
to preserve bash functions which would otherwise be removed from
* New files created via sudoedit as a non-root user now have the
proper group id. Bug #656
* Sudoedit now works correctly in conjunction with sudo's SELinux
RBAC support. Temporary files are now created with the proper
* The sudo I/O logging plugin API has been updated. If a logging
function returns an error, the command will be terminated and
all of the plugin's logging functions will be disabled. If a
logging function rejects the command's output it will no longer
be displayed to the user's terminal.
* Fixed a compilation error on systems that lack openpty(), _getpty()
and grantpt(). Bug #660
* Fixed a hang when a sudoers source is listed more than once in
a single sudoers nsswitch.conf entry.
* On AIX, shell scripts without a #! magic number are now passed to
/usr/bin/sh, not /usr/bin/bsh. This is consistent with what the
execvp() function on AIX does and matches historic sudo behavior.
* Fixed a cross-compilation problem building mksiglist and mksigname.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the sudo-announce