[sudo-announce] sudo 1.9.6p1 released
Todd C. Miller
Todd.Miller at sudo.ws
Mon Mar 15 13:05:00 MDT 2021
Sudo version 1.9.6p1 is now available. This is primarily a bug fix
release that contains fixes to minor issues found while fuzzing the
sudo code base.
Source:
https://www.sudo.ws/dist/sudo-1.9.6p1.tar.gz
ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.6p1.tar.gz
SHA256 checksum:
a9e9cdc058fafeb9cd3ebfb864c81755e524d98aa022152763f25bce8ca3ca90
MD5 checksum:
334f8337d497f2f5df2db72448bd259d
Binary packages:
https://www.sudo.ws/download.html#binary
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_6p1
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.9.6p1 and 1.9.6
* Fixed a regression introduced in sudo 1.9.6 that resulted in an
error message instead of a usage message when sudo is run with
no arguments.
Major changes between sudo 1.9.6 and 1.9.5p2
* Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
* Fixed a regression introduced in sudo 1.9.4 where the
--disable-root-mailer configure option had no effect.
* Added a --disable-leaks configure option that avoids some
memory leaks on exit that would otherwise occur. This is intended
to be used with development tools that measure memory leaks. It
is not safe to use in production at this time.
* Plugged some memory leaks identified by oss-fuzz and ASAN.
* Fixed the handling of sudoOptions for an LDAP sudoRole that
contains multiple sudoCommands. Previously, some of the options
would only be applied to the first sudoCommand.
* Fixed a potential out of bounds read in the parsing of NOTBEFORE
and NOTAFTER sudoers command options (and their LDAP equivalents).
* The parser used for reading I/O log JSON files is now more
resilient when processing invalid JSON.
* Fixed typos that prevented "make uninstall" from working.
GitHub issue #87.
* Fixed a regression introduced in sudo 1.9.4 where the last line
in a sudoers file might not have a terminating NUL character
added if no newline was present.
* Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new
--enable-fuzzer configure option can be combined with the
--enable-sanitizer option to build sudo with fuzzing support.
Multiple fuzz targets are available for fuzzing different parts
of sudo. Fuzzers are built and tested via "make fuzz" or as part
of "make check" (even when sudo is not built with fuzzing support).
Fuzzing support currently requires the LLVM clang compiler (not gcc).
* Fixed the --enable-static-sudoers configure option.
GitHub issue #92.
* Fixed a potential out of bounds read sudo when is run by a user
with more groups than the value of "max_groups" in sudo.conf.
* Added an "admin_flag" sudoers option to make the use of the
~/.sudo_as_admin_successful file configurable on systems where
sudo is build with the --enable-admin-flag configure option.
This mostly affects Ubuntu and its derivatives. GitHub issue #56.
* The "max_groups" setting in sudo.conf is now limited to 1024.
This setting is obsolete and should no longer be needed.
* Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir"
sudoers command options. A path "~/foo" was expanded to
"/home/userfoo" instead of "/home/user/foo". This also affects
the runchroot and runcwd Defaults settings.
* Fixed a bug on systems without a native getdelim(3) function
where very long lines could cause parsing of the sudoers file
to end prematurely. Bug #960.
* Fixed a potential integer overflow when converting the
timestamp_timeout and passwd_timeout sudoers settings to a
timespec struct.
* The default for the "group_source" setting in sudo.conf is now
"dynamic" on macOS. Recent versions of macOS do not reliably
return all of a user's non-local groups via getgroups(2), even
when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug #946.
* Fixed a potential use-after-free in the PAM conversation function.
Bug #967.
* Fixed potential redefinition of sys/stat.h macros in sudo_compat.h.
Bug #968.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-announce/attachments/20210315/76bf9e34/attachment.bin>
More information about the sudo-announce
mailing list