[sudo-announce] sudo 1.8.11p2 released
Todd C. Miller
Todd.Miller at courtesan.com
Thu Oct 30 10:11:36 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sudo version 1.8.11p2 is now available. This is a bug fix release.
See below for a list of changes and bugs closed.
Source:
http://www.sudo.ws/dist/sudo-1.8.11p2.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.11p2.tar.gz
SHA256 checksum:
8133849418fa18cf6b6bb6893d1855ff7afe21db8923234a00bf045c90fba1ad
MD5 checksum:
84012b4871b6c775c957cd310d5bad87
Binary packages:
http://www.sudo.ws/download.html#binary
For a list of download mirror sites, see:
http://www.sudo.ws/download_mirrors.html
Sudo web site:
http://www.sudo.ws/
Sudo web site mirrors:
http://www.sudo.ws/mirrors.html
Major changes between sudo 1.8.11p2 and 1.8.11p1:
* Fixed a bug where dynamic shared objects loaded from a plugin
could use the hooked version of getenv() but not the hooked
versions of putenv(), setenv() or unsetenv(). This can cause
problems for PAM modules that use those functions.
Major changes between sudo 1.8.11p1 and 1.8.11:
* Fixed a compilation problem on some systems when the
--disable-shared-libutil configure option was specified.
* The user can no longer interrupt the sleep after an incorrect
password on PAM systems using pam_unix.
Bug #666
* Fixed a compilation problem on Linux systems that do not use PAM.
Bug #667
* "make install" will now work with the stock GNU autotools
install-sh script. Bug #669
* Fixed a crash with "sudo -i" when the current working directory
does not exist. Bug #670
* Fixed a potential crash in the debug subsystem when logging a message
larger that 1024 bytes.
* Fixed a "make check" failure for ttyname when stdin is closed and
stdout and stderr are redirected to a different tty. Bug #643
* Added BASH_FUNC_* to environment blacklist to match newer-style
bash functions.
Major changes between sudo 1.8.11 and 1.8.10p3:
* The sudoers plugin no longer uses setjmp/longjmp to recover
from fatal errors. All errors are now propagated to the caller
via return codes.
* When running a command in the background, sudo will now forward
SIGINFO to the command (if supported).
* Sudo will now use the system versions of the sha2 functions from
libc or libmd if available.
* Visudo now works correctly on GNU Hurd. Bug #647
* Fixed suspend and resume of curses programs on some system when
the command is not being run in a pseudo-terminal. Bug #649
* Fixed a crash with LDAP-based sudoers on some systems when
Kerberos was enabled.
* Sudo now includes optional Solaris audit support.
* Catalan translation for sudoers from translationproject.org.
* Norwegian Bokmaal translation for sudo from translationproject.org.
* Greek translation for sudoers from translationproject.org
* The sudo source tree has been reorganized to more closely resemble
that of other gettext-enabled packages.
* Sudo and its associated programs now link against a shared version
of libsudo_util. The --disable-shared-libutil configure option
may be used to force static linking if the --enable-static-sudoers
option is also specified.
* The passwords in ldap.conf and ldap.secret may now be encoded
in base64.
* Audit updates. SELinux role changes are now audited. For
sudoedit, we now audit the actual editor being run, instead of
just the sudoedit command.
* Fixed bugs in the man page post-processing that could cause
portions of the manuals to be removed.
* Fixed a crash in the system_group plugin. Bug #653.
* Fixed sudoedit on platforms without a native version of the
getprogname() function. Bug #654.
* Fixed compilation problems with some pre-C99 compilers.
* Fixed sudo's -C option which was broken in version 1.8.9.
* It is now possible to match an environment variable's value as
well as its name using env_keep and env_check. This can be used
to preserve bash functions which would otherwise be removed from
the environment.
* New files created via sudoedit as a non-root user now have the
proper group id. Bug #656
* Sudoedit now works correctly in conjunction with sudo's SELinux
RBAC support. Temporary files are now created with the proper
security context.
* The sudo I/O logging plugin API has been updated. If a logging
function returns an error, the command will be terminated and
all of the plugin's logging functions will be disabled. If a
logging function rejects the command's output it will no longer
be displayed to the user's terminal.
* Fixed a compilation error on systems that lack openpty(), _getpty()
and grantpt(). Bug #660
* Fixed a hang when a sudoers source is listed more than once in
a single sudoers nsswitch.conf entry.
* On AIX, shell scripts without a #! magic number are now passed to
/usr/bin/sh, not /usr/bin/bsh. This is consistent with what the
execvp() function on AIX does and matches historic sudo behavior.
Bug #661
* Fixed a cross-compilation problem building mksiglist and mksigname.
Bug #662
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
iEYEARECAAYFAlRSYzAACgkQWonfon7kcMSveQCgtbCeQkXj96NnBz5sJTqogVqs
+gUAniABC7CcOz20zJl4imEfbpKT1Z6H
=sOyS
-----END PGP SIGNATURE-----
More information about the sudo-announce
mailing list