[sudo-announce] sudo 1.8.23 released

Todd C. Miller Todd.Miller at courtesan.com
Mon Apr 30 14:39:44 MDT 2018

Sudo 1.8.23 is primarily a bug fix release.  In addition to bug
fixes, sudo 1.8.23 introduces the cvtsudoers utility which can
convert between sudoers formats and perform some basic filtering.

The sudo distribution files are now signed with a new pgp key.
The PGPKEYS file has been updated accordingly.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.23 and 1.8.22

 * PAM account management modules and BSD auth approval modules are
   now run even when no password is required.

 * For kernel-based time stamps, if no terminal is present, fall
   back to parent-pid style time stamps.

 * The new cvtsudoers utility replaces both the "sudoers2ldif" script
   and the "visudo -x" functionality.  It can read a file in either
   sudoers or LDIF format and produce JSON, LDIF or sudoers output.
   It is also possible to filter the generated output file by user,
   group or host name.

 * The file, ldap and sss sudoers backends now share a common set
   of formatting functions for "sudo -l" output, which is also used
   by the cvtsudoers utility.

 * The /run directory is now used in preference to /var/run if it
   exists. Bug #822.

 * More accurate descriptions of the --with-rundir and --with-vardir
   configure options.  Bug #823.

 * The setpassent() and setgroupent() functions are now used on systems
   that support them to keep the passwd and group database open.
   Sudo performs a lot of passwd and group lookups so it can be
   beneficial to avoid opening and closing the files each time.

 * The new case_insensitive_user and case_insensitive_group sudoers
   options can be used to control whether sudo does case-sensitive
   matching of users and groups in sudoers.  Case insensitive
   matching is now the default.

 * Fixed a bug on some systems where sudo could hang on command
   exit when I/O logging was enabled.  Bug #826.

 * Fixed the build-time process start time test on Linux when the
   test is run from within a container.  Bug #829.

 * When determining which temporary directory to use, sudoedit now
   checks the directory for writability before using it.  Previously,
   sudoedit only performed an existence check.  Bug #827.

 * Sudo now includes an optional set of Monty Python-inspired insults.

 * Fixed the execution of scripts with an associated digest (checksum)
   in sudoers on FreeBSD systems.  FreeBSD does not have a proper
   /dev/fd directory mounted by default and its fexecve(2) is not
   fully POSIX compliant when executing scripts.  Bug #831.

 * Chinese (Taiwan) translation for sudo from translationproject.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://www.sudo.ws/pipermail/sudo-announce/attachments/20180430/be7627c7/attachment.bin>

More information about the sudo-announce mailing list