[sudo-announce] sudo 1.8.18 released
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 20 14:00:51 MDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sudo version 1.8.18 is now available. This is primarily a bug fix
release.
Source:
https://www.sudo.ws/dist/sudo-1.8.18.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.18.tar.gz
SHA256 checksum:
8519e99e97fa51ac50fca2030e76f9aa5195f543ae2d15107753f4e4c4e3be13
MD5 checksum:
c1201904fd9144ea5e7cd9496fcbbc64
Binary packages:
https://www.sudo.ws/download.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.8.18 and 1.8.17p1:
* The sudoers locale is now set before parsing the sudoers file.
If sudoers_locale is set in sudoers, it is applied before
evaluating other Defaults entries. Previously, sudoers_locale
was used when evaluating sudoers but not during the inital parse.
Bug #748.
* A missing or otherwise invalid #includedir is now ignored instead
of causing a parse error.
* During "make install", backup files are only used on HP-UX where
it is not possible to unlink a shared object that is in use.
This works around a bug in ldconfig on Linux which could create
links to the backup shared library file instead of the current
one.
* Fixed a bug introduced in 1.8.17 where sudoers entries with long
commands lines could be truncated, preventing a match. Bug #752.
* The fqdn, runas_default and sudoers_locale Defaults settings are
now applied before any other Defaults settings since they can
change how other Defaults settings are parsed.
* On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
flag is set, sudoedit now checks whether the file is a symbolic link
before opening it as well as after the open. Bug #753.
* Sudo will now only resolve a user's group IDs to group names
when sudoers includes group-based permissions. Group lookups
can be expensive on some systems where the group database is
not local.
* If the file system holding the sudo log file is full, allow
the command to run unless the new ignore_logfile_errors Defaults
option is disabled. Bug #751.
* The ignore_audit_errors and ignore_iolog_errors Defaults options
have been added to control sudo's behavior when it is unable to
write to the audit and I/O logs.
* Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
was not being restored when sudo directly executes the command.
* Fixed a bug where "sudo -l command" would indicate that a command
was runnable even when denied by sudoers when using the LDAP or
SSSD backends.
* The match_group_by_gid Defaults option has been added to allow
sites where group name resolution is slow and where sudoers only
contains a small number of groups to match groups by group ID
instead of by group name.
* Fixed a bug on Linux where a 32-bit sudo binary could fail with
an "unable to allocate memory" error when run on a 64-bit system.
Bug #755
* When parsing ldap.conf, sudo will now only treat a '#' character
as the start of a comment when it is at the beginning of the
line.
* Fixed a potential crash when auditing is enabled and the audit
function fails with an error. Bug #756
* Norwegian Nynorsk translation for sudo from translationproject.org.
* Fixed a typo that broke short host name matching when the fqdn
flag is enabled in sudoers. Bug #757
* Negated sudoHost attributes are now supported by the LDAP and
SSSD backends.
* Fixed matching entries in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
* Fixed "sudo -l" output in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlfhlWQACgkQWonfon7kcMTClgCgtP1owtCfWwBxSNgcnWpxfAVb
dL4AoLq+TOWK/EqufrbNy+NfVtGQwsdu
=7ZEV
-----END PGP SIGNATURE-----
More information about the sudo-announce
mailing list