[sudo-announce] sudo 1.8.11 released
Todd C. Miller
Todd.Miller at courtesan.com
Wed Sep 24 08:40:34 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Sudo version 1.8.11 is now available. In addition to bug fixes,
sudo 1.8.11 installs a shared library, libsudo_util, that is used
by the sudo front end, the sudo plugins and associated programs
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.11 and 1.8.10p3:
* The sudoers plugin no longer uses setjmp/longjmp to recover
from fatal errors. All errors are now propagated to the caller
via return codes.
* When running a command in the background, sudo will now forward
SIGINFO to the command (if supported).
* Sudo will now use the system versions of the sha2 functions from
libc or libmd if available.
* Visudo now works correctly on GNU Hurd. Bug #647
* Fixed suspend and resume of curses programs on some system when
the command is not being run in a pseudo-terminal. Bug #649
* Fixed a crash with LDAP-based sudoers on some systems when
Kerberos was enabled.
* Sudo now includes optional Solaris audit support.
* Catalan translation for sudoers from translationproject.org.
* Norwegian Bokmaal translation for sudo from translationproject.org.
* Greek translation for sudoers from translationproject.org
* The sudo source tree has been reorganized to more closely resemble
that of other gettext-enabled packages.
* Sudo and its associated programs now link against a shared version
of libsudo_util. The --disable-shared-libutil configure option
may be used to force static linking if the --enable-static-sudoers
option is also specified.
* The passwords in ldap.conf and ldap.secret may now be encoded
* Audit updates. SELinux role changes are now audited. For
sudoedit, we now audit the actual editor being run, instead of
just the sudoedit command.
* Fixed bugs in the man page post-processing that could cause
portions of the manuals to be removed.
* Fixed a crash in the system_group plugin. Bug #653.
* Fixed sudoedit on platforms without a native version of the
getprogname() function. Bug #654.
* Fixed compilation problems with some pre-C99 compilers.
* Fixed sudo's -C option which was broken in version 1.8.9.
* It is now possible to match an environment variable's value as
well as its name using env_keep and env_check. This can be used
to preserve bash functions which would otherwise be removed from
* New files created via sudoedit as a non-root user now have the
proper group id. Bug #656
* Sudoedit now works correctly in conjunction with sudo's SELinux
RBAC support. Temporary files are now created with the proper
* The sudo I/O logging plugin API has been updated. If a logging
function returns an error, the command will be terminated and
all of the plugin's logging functions will be disabled. If a
logging function rejects the command's output it will no longer
be displayed to the user's terminal.
* Fixed a compilation error on systems that lack openpty(), _getpty()
and grantpt(). Bug #660
* Fixed a hang when a sudoers source is listed more than once in
a single sudoers nsswitch.conf entry.
* On AIX, shell scripts without a #! magic number are now passed to
/usr/bin/sh, not /usr/bin/bsh. This is consistent with what the
execvp() function on AIX does and matches historic sudo behavior.
* Fixed a cross-compilation problem building mksiglist and mksigname.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the sudo-announce