[sudo-announce] sudo 1.8.31p2 released

Todd C. Miller Todd.Miller at sudo.ws
Thu Jun 18 19:28:29 MDT 2020 

Sudo 1.8.31p2 is now available.  This version contains bug fixes
backported from the sudo 1.9 branch.

Source:
    https://www.sudo.ws/dist/sudo-1.8.31p2.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.31p2.tar.gz

SHA256 checksum:
    2a5d04b1b6db6a1926bc8d7082ed5f54aa9a330496589473a234844dcf2c2094
MD5 checksum:
    0aad925e7fe400b8fccfaaadc3901e5d

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.8.31p2 and 1.8.31p1

 * Sudo command line options that take a value may only be specified
   once.  This is to help guard against problems caused by poorly
   written scripts that invoke sudo with user-controlled input.
   Bug #924.

 * When running a command in a pty, sudo will no longer try to
   suspend itself if the user's tty has been revoked (for instance
   when the parent ssh daemon is killed).  This fixes a bug where
   sudo would continuously suspend the command (which would succeed),
   then suspend itself (which would fail due to the missing tty)
   and then resume the command.

 * If sudo's event loop fails due to the tty being revoked, remove
   the user's tty events and restart the event loop (once).  This
   fixes a problem when running "sudo reboot" in a pty on some
   systems.  When the event loop exited unexpectedly, sudo would
   kill the command running in the pty, which in the case of "reboot",
   could lead to the system being in a half-rebooted state.

 * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
   SSSD back-ends where a missing sudoHost attribute was treated
   as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
   is now ignored as it was prior to version 1.8.23.

Major changes between sudo 1.8.31p1 and 1.8.31

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.

Major changes between sudo 1.8.31 and 1.8.30

 * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
   sudoers option is enabled on systems with uni-directional pipes.

 * The "sudoedit_checkdir" option now treats a user-owned directory
   as writable, even if it does not have the write bit set at the
   time of check.  Symbolic links will no longer be followed by
   sudoedit in any user-owned directory.  Bug #912

 * Fixed sudoedit on macOS 10.15 and above where the root file system
   is mounted read-only.  Bug #913.

 * Fixed a crash introduced in sudo 1.8.30 when suspending sudo
   at the password prompt.  Bug #914.

 * Fixed compilation on systems where the mmap MAP_ANON flag
   is not available.  Bug #915.

--34571_Sat_Mar_14_16_33_08_MDT_2020
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJebVukAAoJEKn0wCHOpHD7nl8P+wdN2ngbzEEWxJ/C7/bWA4eH
qTYMhKZ8+QSYRdk7Ab/6kzzgXE+UZ/mFMhcPRSXznuMlKxzTSgJvMaL0ObSiqAP1
HpoATzrG98vktscdS5BJlBpR77VEGHHOGknlBUewi6tWWE+OiXtuRjhxVxnHdK8K
kO6LVcYiNo4OWkMnGOa8yuO+CqTmdQu7BHV5KilFkSO8R2+IYFfGWcK6BhhclU7w
YO9eOQDcJ7wBZIDNN2XDTrIGLcgJmPsIdv0pEIHwXHuwp2K58qbPUto7fFCQcRRl
R6eqbAH0CcLpvp26eWtfv9H7VCjuwWYvV9yptZuhitlUbAa+swZtqTQFMGALLJyx
pRtq/4j4y9HZuTlXjclm9krTWSKEHqVTyjjmDSd5CkdTbbqsPpEUkYmTbQaOv367
G5lgIkWrRw4UNqdhspjtNumwovR4ltqyOZR9dQG3eNSRbDUX78c7NlRGXCfanms3
XWLwhATru4sXnFtsOO7IB9dbnQlKrJLooT9nWFjtHbX4Jf6MhFhVG0ulpDGJOGkQ
PIY8nf1aL58klpj/RZ8r2jsXewmmF8PS1a8t8H9Ime2v1JFblMUuaSVjShSOEOK7
woT5yEEp4pTYylYAmzBiLeOO1NF2leoCOrxkOd06oYyXzPZ9TNsQ90rFax5jF4L9
ngL6KAxz9Tzqay5P12lW
=yjPZ
-----END PGP SIGNATURE-----

--34571_Sat_Mar_14_16_33_08_MDT_2020--


--===============7060803316585711493==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

____________________________________________________________
sudo-announce mailing list <sudo-announce at sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-announce

--===============7060803316585711493==--

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-announce/attachments/20200618/ed6b8f19/attachment.bin>

More information about the sudo-announce mailing list