[sudo-users] Call for testing: sudo 1.8.24
Todd C. Miller
Todd.Miller at sudo.ws
Tue Aug 14 06:12:26 MDT 2018
A release candidate for sudo 1.8.24 is now available. I expect
1.8.24 final to be released at the end of the week.
Sudo 1.8.24 builds on the changes in 1.8.23 to merge the LDAP/SSSD
and file-based lookup code. This has allowed the removal almost
1,500 lines of code from the LDAP and SSSD backends.
If you rely on the LDAP or SSSD backends, please do give the 1.8.24
beta a try if you are able to.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.24rc1 and 1.8.23:
* The LDAP and SSS back-ends now use the same rule evaluation code
as the sudoers file backend. This builds on the work in sudo
1.8.23 where the formatting functions for "sudo -l" output were
shared. The handling of negated commands in SSS and LDAP is
* Fixed a regression introduced in 1.8.23 where "sudo -i" could
not be used in conjunction with --preserve-env=VARIABLE. Bug #835
* cvtsudoers can now parse base64-encoded attributes in LDIF files.
* Random insults are now more random.
* Fixed the noexec wordexp(3) test on FreeBSD.
* Added SUDO_CONV_PREFER_TTY flag for conversation function to
tell sudo to try writing to /dev/tty first. Can be used in
conjunction with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
* Sudo now supports an arbitrary number of groups per user on
Solaris. Previously, only the first 64 groups were found.
This should remove the need to set "max_groups" in sudo.conf.
* Fixed typos in the OpenLDAP sudo schema. Bugs #839 and #840.
* Fixed a race condition when building with parallel make.
* Fixed a duplicate free when netgroup_base in ldap.conf is set
to an invalid value.
* Fixed a bug introduced in sudo 1.8.23 on AIX that could prevent
local users and groups from being resolved properly on systems
that have users stored in NIS, LDAP or AD.
* Added a workaround for an AIX bug exposed by a change in sudo
1.8.23 that prevents the terminal mode from being restored when
I/O logging is enabled.
* On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD
and PAM_AUTHTOK_EXPIRED errors from PAM account management if
authentication is disabled for the user. This fixes a regression
introduced in sudo 1.8.23. Bug #843
* Fixed an ambiguity in the sudoers manual in the description and
definition of User, Runas, Host, and Cmnd Aliases. Bug #834
* Fixed a bug that resulted in only the first window size change
event being logged.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 801 bytes
Desc: not available
More information about the sudo-users