[sudo-announce] sudo 1.8.21p2 released

Thu Sep 7 08:21:00 MDT 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sudo version 1.8.21p2 is now available.  This is a bug fix release.
See below for a list of major changes.

Source:
    https://www.sudo.ws/dist/sudo-1.8.21p2.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.21p2.tar.gz

SHA256 checksum:
    74c5746cd33a814e2431c39faf0d76f7f8a697379bd073862e3b156cf0d76368
MD5 checksum:
    cd3993d910c713ae72e94beebd230b22

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.8.21p2 and 1.8.21p1:

 * Fixed a bug introduced in version 1.8.21 which prevented sudo
   from using the PAM-supplied prompt.  Bug #799

 * Fixed a bug introduced in version 1.8.21 which could result in
   sudo hanging when running commands that exit quickly.  Bug #800

 * Fixed a bug introduced in version 1.8.21 which prevented the
   command from being run when the password was read via an external
   program using the askpass interface.  Bug #801

Major changes between sudo 1.8.21p1 and 1.8.21:

 * On systems that support both PAM and SIGINFO, the main sudo
   process will no longer forward SIGINFO to the command if the
   signal was generated from the keyboard.  The command will have
   already received SIGINFO since it is part of the same process
   group so there's no need for sudo to forward it.  This is
   consistent with the handling of SIGINT, SIGQUIT and SIGTSTP.
   Bug #796

 * If SUDOERS_SEARCH_FILTER in ldap.conf does not specify a value,
   the LDAP search expression used when looking up netgroups and
   non-Unix groups had a syntax error if a group plugin was not
   specified.

 * "sudo -U otheruser -l" will now have an exit value of 0 even
   if "otheruser" has no sudo privileges.  The exit value when a
   user attempts to lists their own privileges or when a command
   is specified is unchanged.

 * Fixed a regression introduced in sudo 1.8.21 where sudoreplay
   playback would hang for I/O logs that contain terminal input.

 * Sudo 1.8.18 contained an incomplete fix for the matching of
   entries in the LDAP and SSSD backends when a sudoRunAsGroup is
   specified but no sudoRunAsUser is present in the sudoRole.

Major changes between sudo 1.8.21 and 1.8.20p2:

 * The path that sudo uses to search for terminal devices can now
   be configured via the new "devsearch" Path setting in sudo.conf.

 * It is now possible to preserve bash shell functions in the
   environment when the "env_reset" sudoers setting is disabled by
   removing the "*=()*" pattern from the env_delete list.

 * A change made in sudo 1.8.15 inadvertantly caused sudoedit to
   send itself SIGHUP instead of exiting when the editor returns
   an error or the file was not modified.

 * Sudoedit now uses an exit code of zero if the file was not
   actually modified.  Previously, sudoedit treated a lack of
   modifications as an error.

 * When running a command in a pseudo-tty (pty), sudo now copies a
   subset of the terminal flags to the new pty.  Previously, all
   flags were copied, even those not appropriate for a pty.

 * Fixed a problem with debug logging in the sudoers I/O logging
   plugin.

 * Window size change events are now logged to the policy plugin.
   On xterm and compatible terminals, sudoreplay is now capable of
   resizing the terminal to match the size of the terminal the
   command was run on.  The new -R option can be used to disable
   terminal resizing.

 * Fixed a bug in visudo where a newly added file was not checked
   for syntax errors.  Bug #791.

 * Fixed a bug in visudo where if a syntax error in an include
   directory (like /etc/sudoers.d) was detected, the edited version
   was left as a temporary file instead of being installed.

 * On PAM systems, sudo will now treat "username's Password:" as
   a standard password prompt.  As a result, the SUDO_PROMPT
   environment variable will now override "username's Password:"
   as well as the more common "Password:".  Previously, the
   "passprompt_override" Defaults setting would need to be set for
   SUDO_PROMPT to override a prompt of "username's Password:".

 * A new "syslog_pid" sudoers setting has been added to include
   sudo's process ID along with the process name when logging via
   syslog.  Bug #792.

 * Fixed a bug introduced in sudo 1.8.18 where a command would
   not be terminated when the I/O logging plugin returned an error
   to the sudo front-end.

 * A new "timestamp_type" sudoers setting has been added that replaces
   the "tty_tickets" option.  In addition to tty and global time stamp
   records, it is now possible to use the parent process ID to restrict
   the time stamp to commands run by the same process, usually the shell.
   Bug #793.

 * The --preserve-env command line option has been extended to accept
   a comma-separated list of environment variables to preserve.
   Bug #279.

 * Friulian translation for sudo from translationproject.org.
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlmxVcQACgkQWonfon7kcMQdqwCePxCvyEwROkd2A7WznPPnB22j
tbcAnj4RYp/VYJNryxuHpCQWQyPXYK8A
=BSFY
-----END PGP SIGNATURE-----