[sudo-announce] sudo 1.8.13 released
Todd C. Miller
Todd.Miller at courtesan.com
Sat Mar 21 16:45:58 MDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Sudo version 1.8.13 is now available. In addition to bug fixes,
sudo 1.8.13 add support for fine-grained control over whether mail
will be sent when a user runs a specific command.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.13 and 1.8.12:
* The examples directory is now a subdirectory of the doc dir to
conform to Debian guidelines. Bug #682.
* Fixed a compilation error for siglist.c and signame.c on some
systems. Bug #686
* Weak symbols are now used for sudo_warn_gettext() and
sudo_warn_strerror() in libsudo_util to avoid link errors when
-Wl,--no-undefined is used in LDFLAGS. The --disable-weak-symbols
configure option can be used to disable the user of weak symbols.
* Fixed a bug in sudo's mkstemps() replacement function that
prevented the file extension from being preserved in sudoedit.
* A new mail_all_cmnds sudoers flag will send mail when a user runs
a command (or tries to). The behavior of the mail_always flag has
been restored to always send mail when sudo is run.
* New "MAIL" and "NOMAIL" command tags have been added to toggle
mail sending behavior on a per-command (or Cmnd_Alias) basis.
* Fixed matching of empty passwords when sudo is configured to
use passwd (or shadow) file authentication on systems where the
crypt() function returns NULL for invalid salts.
* On AIX, sudo now uses the value of the auth_type setting in
/etc/security/login.cfg to determine whether to use LAM or PAM
for user authentication.
* The "all" setting for listpw and verifypw now works correctly
with LDAP and sssd sudoers.
* The sudo timestamp directory is now created at boot time on
platforms that use systemd.
* Sudo will now restore the value of the SIGPIPE handler before
executing the command.
* Sudo now uses "struct timespec" instead of "struct timeval" for
time keeping when possible. If supported, sudoedit and visudo
now use nanosecond granularity time stamps.
* Fixed a symbol name collision with systems that have their own
SHA2 implementation. This fixes a problem where PAM could use
the wrong SHA2 implementation on Solaris 10 systems configured
to use SHA512 for passwords.
* The editor invoked by sudoedit once again uses an unmodified
copy of the user's environment as per the documentation. This
was inadvertantly changed in sudo 1.8.0. Bug #688.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the sudo-announce