[sudo-announce] sudo 1.8.11p2 released

Todd C. Miller Todd.Miller at courtesan.com
Thu Oct 30 10:11:36 MDT 2014

Hash: SHA1

Sudo version 1.8.11p2 is now available.  This is a bug fix release.
See below for a list of changes and bugs closed.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.11p2 and 1.8.11p1:

 * Fixed a bug where dynamic shared objects loaded from a plugin
   could use the hooked version of getenv() but not the hooked
   versions of putenv(), setenv() or unsetenv().  This can cause
   problems for PAM modules that use those functions.

Major changes between sudo 1.8.11p1 and 1.8.11:

 * Fixed a compilation problem on some systems when the
   --disable-shared-libutil configure option was specified.

 * The user can no longer interrupt the sleep after an incorrect
   password on PAM systems using pam_unix.
   Bug #666

 * Fixed a compilation problem on Linux systems that do not use PAM.
   Bug #667

 * "make install" will now work with the stock GNU autotools
   install-sh script.  Bug #669

 * Fixed a crash with "sudo -i" when the current working directory
   does not exist.  Bug #670

 * Fixed a potential crash in the debug subsystem when logging a message
   larger that 1024 bytes.

 * Fixed a "make check" failure for ttyname when stdin is closed and
   stdout and stderr are redirected to a different tty.  Bug #643

 * Added BASH_FUNC_* to environment blacklist to match newer-style
   bash functions.

Major changes between sudo 1.8.11 and 1.8.10p3:

 * The sudoers plugin no longer uses setjmp/longjmp to recover
   from fatal errors.  All errors are now propagated to the caller
   via return codes.

 * When running a command in the background, sudo will now forward
   SIGINFO to the command (if supported).

 * Sudo will now use the system versions of the sha2 functions from
   libc or libmd if available.

 * Visudo now works correctly on GNU Hurd.  Bug #647

 * Fixed suspend and resume of curses programs on some system when
   the command is not being run in a pseudo-terminal.  Bug #649

 * Fixed a crash with LDAP-based sudoers on some systems when
   Kerberos was enabled.

 * Sudo now includes optional Solaris audit support.

 * Catalan translation for sudoers from translationproject.org.

 * Norwegian Bokmaal translation for sudo from translationproject.org.

 * Greek translation for sudoers from translationproject.org

 * The sudo source tree has been reorganized to more closely resemble
   that of other gettext-enabled packages.

 * Sudo and its associated programs now link against a shared version
   of libsudo_util.  The --disable-shared-libutil configure option
   may be used to force static linking if the --enable-static-sudoers
   option is also specified.

 * The passwords in ldap.conf and ldap.secret may now be encoded
   in base64.

 * Audit updates.  SELinux role changes are now audited.  For
   sudoedit, we now audit the actual editor being run, instead of
   just the sudoedit command.

 * Fixed bugs in the man page post-processing that could cause
   portions of the manuals to be removed.

 * Fixed a crash in the system_group plugin.  Bug #653.

 * Fixed sudoedit on platforms without a native version of the
   getprogname() function.  Bug #654.

 * Fixed compilation problems with some pre-C99 compilers.

 * Fixed sudo's -C option which was broken in version 1.8.9.

 * It is now possible to match an environment variable's value as
   well as its name using env_keep and env_check.  This can be used
   to preserve bash functions which would otherwise be removed from
   the environment.

 * New files created via sudoedit as a non-root user now have the
   proper group id.  Bug #656

 * Sudoedit now works correctly in conjunction with sudo's SELinux
   RBAC support.  Temporary files are now created with the proper
   security context.

 * The sudo I/O logging plugin API has been updated.  If a logging
   function returns an error, the command will be terminated and
   all of the plugin's logging functions will be disabled.  If a
   logging function rejects the command's output it will no longer
   be displayed to the user's terminal.

 * Fixed a compilation error on systems that lack openpty(), _getpty()
   and grantpt(). Bug #660

 * Fixed a hang when a sudoers source is listed more than once in
   a single sudoers nsswitch.conf entry.

 * On AIX, shell scripts without a #! magic number are now passed to
   /usr/bin/sh, not /usr/bin/bsh.  This is consistent with what the
   execvp() function on AIX does and matches historic sudo behavior.
   Bug #661

 * Fixed a cross-compilation problem building mksiglist and mksigname.
   Bug #662
Version: GnuPG v1.4.13 (OpenBSD)


More information about the sudo-announce mailing list