From Todd.Miller at courtesan.com Mon Apr 30 14:39:44 2018 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Mon, 30 Apr 2018 14:39:44 -0600 Subject: [sudo-announce] sudo 1.8.23 released Message-ID: Sudo 1.8.23 is primarily a bug fix release. In addition to bug fixes, sudo 1.8.23 introduces the cvtsudoers utility which can convert between sudoers formats and perform some basic filtering. The sudo distribution files are now signed with a new pgp key. The PGPKEYS file has been updated accordingly. Source: https://www.sudo.ws/dist/sudo-1.8.23.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.23.tar.gz SHA256 checksum: d863d29b6fc87bc784a3223350e2b28a2ff2c4738f0fb8f1c92bb38c3017e679 MD5 checksum: ea444d747feb1decfebdffd0b38b0739 Binary packages: https://www.sudo.ws/download.html#binary For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.8.23 and 1.8.22 * PAM account management modules and BSD auth approval modules are now run even when no password is required. * For kernel-based time stamps, if no terminal is present, fall back to parent-pid style time stamps. * The new cvtsudoers utility replaces both the "sudoers2ldif" script and the "visudo -x" functionality. It can read a file in either sudoers or LDIF format and produce JSON, LDIF or sudoers output. It is also possible to filter the generated output file by user, group or host name. * The file, ldap and sss sudoers backends now share a common set of formatting functions for "sudo -l" output, which is also used by the cvtsudoers utility. * The /run directory is now used in preference to /var/run if it exists. Bug #822. * More accurate descriptions of the --with-rundir and --with-vardir configure options. Bug #823. * The setpassent() and setgroupent() functions are now used on systems that support them to keep the passwd and group database open. Sudo performs a lot of passwd and group lookups so it can be beneficial to avoid opening and closing the files each time. * The new case_insensitive_user and case_insensitive_group sudoers options can be used to control whether sudo does case-sensitive matching of users and groups in sudoers. Case insensitive matching is now the default. * Fixed a bug on some systems where sudo could hang on command exit when I/O logging was enabled. Bug #826. * Fixed the build-time process start time test on Linux when the test is run from within a container. Bug #829. * When determining which temporary directory to use, sudoedit now checks the directory for writability before using it. Previously, sudoedit only performed an existence check. Bug #827. * Sudo now includes an optional set of Monty Python-inspired insults. * Fixed the execution of scripts with an associated digest (checksum) in sudoers on FreeBSD systems. FreeBSD does not have a proper /dev/fd directory mounted by default and its fexecve(2) is not fully POSIX compliant when executing scripts. Bug #831. * Chinese (Taiwan) translation for sudo from translationproject.org. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 801 bytes Desc: not available URL: