[sudo-announce] sudo 1.8.24 released

Todd C. Miller Todd.Miller at sudo.ws
Sat Aug 18 12:59:18 MDT 2018 

In addition to bug fixes, sudo 1.8.24 builds on the changes in
1.8.23 to merge the LDAP/SSSD and file-based lookup code.  This has
allowed the removal almost 1,500 lines of code from the LDAP and
SSSD backends.

Source:
    https://www.sudo.ws/dist/sudo-1.8.24.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.24.tar.gz

SHA256 checksum:
    b488557a198ecef30b7ad4011b59a66232dec2364ad956e11d8e17906c225be8
MD5 checksum:
    ddba16ba9f34cd7d66ea5719bb1a428e

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.8.24 and 1.8.23

 * The LDAP and SSS back-ends now use the same rule evaluation code
   as the sudoers file backend.  This builds on the work in sudo
   1.8.23 where the formatting functions for "sudo -l" output were
   shared.  The handling of negated commands in SSS and LDAP is
   unchanged.

 * Fixed a regression introduced in 1.8.23 where "sudo -i" could
   not be used in conjunction with --preserve-env=VARIABLE.  Bug #835.

 * cvtsudoers can now parse base64-encoded attributes in LDIF files.

 * Random insults are now more random.

 * Fixed the noexec wordexp(3) test on FreeBSD.

 * Added SUDO_CONV_PREFER_TTY flag for conversation function to
   tell sudo to try writing to /dev/tty first. Can be used in
   conjunction with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.

 * Sudo now supports an arbitrary number of groups per user on
   Solaris.  Previously, only the first 64 groups were found.
   This should remove the need to set "max_groups" in sudo.conf.

 * Fixed typos in the OpenLDAP sudo schema.  Bugs #839 and #840.

 * Fixed a race condition when building with parallel make.
   Bug #842.

 * Fixed a duplicate free when netgroup_base in ldap.conf is set
   to an invalid value.

 * Fixed a bug introduced in sudo 1.8.23 on AIX that could prevent
   local users and groups from being resolved properly on systems
   that have users stored in NIS, LDAP or AD.

 * Added a workaround for an AIX bug exposed by a change in sudo
   1.8.23 that prevents the terminal mode from being restored when
   I/O logging is enabled.

 * On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD
   and PAM_AUTHTOK_EXPIRED errors from PAM account management if
   authentication is disabled for the user.  This fixes a regression
   introduced in sudo 1.8.23.  Bug #843.

 * Fixed an ambiguity in the sudoers manual in the description and
   definition of User, Runas, Host, and Cmnd Aliases.  Bug #834.

 * Fixed a bug that resulted in only the first window size change
   event being logged.

 * Fixed a bug on HP-UX systems introduced in sudo 1.8.22 that
   caused sudo to prompt for a password every time when tty-based
   time stamp files were in use.

 * Fixed a compilation problem on systems that define O_PATH or
   O_SEARCH in fnctl.h but do not define O_DIRECTORY.  Bug #844.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-announce/attachments/20180818/a251db73/attachment.bin>

More information about the sudo-announce mailing list