[sudo-announce] sudo 1.8.11 released

Todd C. Miller Todd.Miller at courtesan.com
Wed Sep 24 08:40:34 MDT 2014

Hash: SHA1

Sudo version 1.8.11 is now available.  In addition to bug fixes,
sudo 1.8.11 installs a shared library, libsudo_util, that is used
by the sudo front end, the sudo plugins and associated programs
(visudo, sudoreplay).


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.11 and 1.8.10p3:

 * The sudoers plugin no longer uses setjmp/longjmp to recover
   from fatal errors.  All errors are now propagated to the caller
   via return codes.

 * When running a command in the background, sudo will now forward
   SIGINFO to the command (if supported).

 * Sudo will now use the system versions of the sha2 functions from
   libc or libmd if available.

 * Visudo now works correctly on GNU Hurd.  Bug #647

 * Fixed suspend and resume of curses programs on some system when
   the command is not being run in a pseudo-terminal.  Bug #649

 * Fixed a crash with LDAP-based sudoers on some systems when
   Kerberos was enabled.

 * Sudo now includes optional Solaris audit support.

 * Catalan translation for sudoers from translationproject.org.

 * Norwegian Bokmaal translation for sudo from translationproject.org.

 * Greek translation for sudoers from translationproject.org

 * The sudo source tree has been reorganized to more closely resemble
   that of other gettext-enabled packages.

 * Sudo and its associated programs now link against a shared version
   of libsudo_util.  The --disable-shared-libutil configure option
   may be used to force static linking if the --enable-static-sudoers
   option is also specified.

 * The passwords in ldap.conf and ldap.secret may now be encoded
   in base64.

 * Audit updates.  SELinux role changes are now audited.  For
   sudoedit, we now audit the actual editor being run, instead of
   just the sudoedit command.

 * Fixed bugs in the man page post-processing that could cause
   portions of the manuals to be removed.

 * Fixed a crash in the system_group plugin.  Bug #653.

 * Fixed sudoedit on platforms without a native version of the
   getprogname() function.  Bug #654.

 * Fixed compilation problems with some pre-C99 compilers.

 * Fixed sudo's -C option which was broken in version 1.8.9.

 * It is now possible to match an environment variable's value as
   well as its name using env_keep and env_check.  This can be used
   to preserve bash functions which would otherwise be removed from
   the environment.

 * New files created via sudoedit as a non-root user now have the
   proper group id.  Bug #656

 * Sudoedit now works correctly in conjunction with sudo's SELinux
   RBAC support.  Temporary files are now created with the proper
   security context.

 * The sudo I/O logging plugin API has been updated.  If a logging
   function returns an error, the command will be terminated and
   all of the plugin's logging functions will be disabled.  If a
   logging function rejects the command's output it will no longer
   be displayed to the user's terminal.

 * Fixed a compilation error on systems that lack openpty(), _getpty()
   and grantpt(). Bug #660

 * Fixed a hang when a sudoers source is listed more than once in
   a single sudoers nsswitch.conf entry.

 * On AIX, shell scripts without a #! magic number are now passed to
   /usr/bin/sh, not /usr/bin/bsh.  This is consistent with what the
   execvp() function on AIX does and matches historic sudo behavior.
   Bug #661

 * Fixed a cross-compilation problem building mksiglist and mksigname.
   Bug #662
Version: GnuPG v1.4.13 (OpenBSD)


More information about the sudo-announce mailing list