[sudo-announce] sudo 1.8.31p1 released

Sat Mar 14 16:33:19 MDT 2020

Sudo 1.8.31p1 is now available.  This version fixes a warning when
sudo is run from with a Linux container, such as with docker.

Source:
    https://www.sudo.ws/dist/sudo-1.8.31p1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.31p1.tar.gz

SHA256 checksum:
    c73cfdfbc1c5cc259fcc3a355e1bacfed99c5580daeadec9704a24cd5e6d15d8
MD5 checksum:
    ffb34c62c511fd3f9862d7f48eb8d655

Binary packages:
    https://www.sudo.ws/download.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/

Sudo web site mirrors:
    https://www.sudo.ws/mirrors.html

Major changes between sudo 1.8.31p1 and 1.8.31

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.

Major changes between sudo 1.8.31 and 1.8.30

 * Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
   sudoers option is enabled on systems with uni-directional pipes.

 * The "sudoedit_checkdir" option now treats a user-owned directory
   as writable, even if it does not have the write bit set at the
   time of check.  Symbolic links will no longer be followed by
   sudoedit in any user-owned directory.  Bug #912

 * Fixed sudoedit on macOS 10.15 and above where the root file system
   is mounted read-only.  Bug #913.

 * Fixed a crash introduced in sudo 1.8.30 when suspending sudo
   at the password prompt.  Bug #914.

 * Fixed compilation on systems where the mmap MAP_ANON flag
   is not available.  Bug #915.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-announce/attachments/20200314/0dc7ae4b/attachment.bin>