[sudo-announce] sudo 1.8.23 released
Todd C. Miller
Todd.Miller at courtesan.com
Mon Apr 30 14:39:44 MDT 2018
Sudo 1.8.23 is primarily a bug fix release. In addition to bug
fixes, sudo 1.8.23 introduces the cvtsudoers utility which can
convert between sudoers formats and perform some basic filtering.
The sudo distribution files are now signed with a new pgp key.
The PGPKEYS file has been updated accordingly.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.23 and 1.8.22
* PAM account management modules and BSD auth approval modules are
now run even when no password is required.
* For kernel-based time stamps, if no terminal is present, fall
back to parent-pid style time stamps.
* The new cvtsudoers utility replaces both the "sudoers2ldif" script
and the "visudo -x" functionality. It can read a file in either
sudoers or LDIF format and produce JSON, LDIF or sudoers output.
It is also possible to filter the generated output file by user,
group or host name.
* The file, ldap and sss sudoers backends now share a common set
of formatting functions for "sudo -l" output, which is also used
by the cvtsudoers utility.
* The /run directory is now used in preference to /var/run if it
exists. Bug #822.
* More accurate descriptions of the --with-rundir and --with-vardir
configure options. Bug #823.
* The setpassent() and setgroupent() functions are now used on systems
that support them to keep the passwd and group database open.
Sudo performs a lot of passwd and group lookups so it can be
beneficial to avoid opening and closing the files each time.
* The new case_insensitive_user and case_insensitive_group sudoers
options can be used to control whether sudo does case-sensitive
matching of users and groups in sudoers. Case insensitive
matching is now the default.
* Fixed a bug on some systems where sudo could hang on command
exit when I/O logging was enabled. Bug #826.
* Fixed the build-time process start time test on Linux when the
test is run from within a container. Bug #829.
* When determining which temporary directory to use, sudoedit now
checks the directory for writability before using it. Previously,
sudoedit only performed an existence check. Bug #827.
* Sudo now includes an optional set of Monty Python-inspired insults.
* Fixed the execution of scripts with an associated digest (checksum)
in sudoers on FreeBSD systems. FreeBSD does not have a proper
/dev/fd directory mounted by default and its fexecve(2) is not
fully POSIX compliant when executing scripts. Bug #831.
* Chinese (Taiwan) translation for sudo from translationproject.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 801 bytes
Desc: not available
More information about the sudo-announce