[sudo-announce] sudo 1.8.13 released

Todd C. Miller Todd.Miller at courtesan.com
Sat Mar 21 16:45:58 MDT 2015

Hash: SHA1

Sudo version 1.8.13 is now available.  In addition to bug fixes,
sudo 1.8.13 add support for fine-grained control over whether mail
will be sent when a user runs a specific command.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.13 and 1.8.12:

 * The examples directory is now a subdirectory of the doc dir to
   conform to Debian guidelines.  Bug #682.

 * Fixed a compilation error for siglist.c and signame.c on some
   systems.  Bug #686

 * Weak symbols are now used for sudo_warn_gettext() and
   sudo_warn_strerror() in libsudo_util to avoid link errors when
   -Wl,--no-undefined is used in LDFLAGS.  The --disable-weak-symbols
   configure option can be used to disable the user of weak symbols.

 * Fixed a bug in sudo's mkstemps() replacement function that
   prevented the file extension from being preserved in sudoedit.

 * A new mail_all_cmnds sudoers flag will send mail when a user runs
   a command (or tries to). The behavior of the mail_always flag has
   been restored to always send mail when sudo is run.

 * New "MAIL" and "NOMAIL" command tags have been added to toggle
   mail sending behavior on a per-command (or Cmnd_Alias) basis.

 * Fixed matching of empty passwords when sudo is configured to
   use passwd (or shadow) file authentication on systems where the
   crypt() function returns NULL for invalid salts.

 * On AIX, sudo now uses the value of the auth_type setting in
   /etc/security/login.cfg to determine whether to use LAM or PAM
   for user authentication.

 * The "all" setting for listpw and verifypw now works correctly
   with LDAP and sssd sudoers.

 * The sudo timestamp directory is now created at boot time on
   platforms that use systemd.

 * Sudo will now restore the value of the SIGPIPE handler before
   executing the command.

 * Sudo now uses "struct timespec" instead of "struct timeval" for
   time keeping when possible.  If supported, sudoedit and visudo
   now use nanosecond granularity time stamps.

 * Fixed a symbol name collision with systems that have their own
   SHA2 implementation.  This fixes a problem where PAM could use
   the wrong SHA2 implementation on Solaris 10 systems configured
   to use SHA512 for passwords.

 * The editor invoked by sudoedit once again uses an unmodified
   copy of the user's environment as per the documentation.  This
   was inadvertantly changed in sudo 1.8.0.  Bug #688.
Version: GnuPG v1


More information about the sudo-announce mailing list