[sudo-workers] sudo 1.8.5rc2 available

Todd C. Miller Todd.Miller at courtesan.com
Mon Apr 16 14:58:42 EDT 2012

The second release candidate for sudo 1.8.5 is now available.


Binary packages:

Major changes between sudo 1.8.5rc2 and 1.8.5rc1:

 * On Solaris, and possibly other SV4-derived systems, sudo now
   uses the minor() function prototyped in mkdev.h instead of the
   obsolete macro present in sysmacros.h.

Major changes between sudo 1.8.5rc1 and 1.8.5b8:

 * The Linux tty lookup code now uses the /proc/pid/stat file when

 * New Croatian and Galician translations from translationproject.org

 * The process id, parent process id, process group id, session id and
   terminal process group id are now passed in to the plugin.

Major changes between sudo 1.8.5b8 and 1.8.5b7:

 * Check for SVR4-style struct psinfo.pr_ttydev and use that to
   determine the tty if stdin/stdout/stderr are not ttys.

Major changes between sudo 1.8.5b7 and 1.8.5b6:

 * Sudo now behaves better when select() fails due to the pty being
   revoked.  An error of EIO (seen on older versions of Solaris)
   from select() is now treated the same as EBADF.

 * Sudo now opens devices in non-blocking mode when trying to
   determine the user's terminal.

 * Fixed the AIX-specific permission setting code.

 * The -k option may now be specified along with the -i or -s

 * Don't do tilde or brace expansion when glob() is in use.  This
   matches the historic behavior when fnmatch() was used.

 * Fixed printing of the TSID field in sudoreplay -l output.

 * The process ID is now included in the debug file output.

Major changes between sudo 1.8.5b6 and 1.8.5b5:

 * Sudo now behaves properly on systems that send SIGTSTP before
   SIGHUP when the user's pty is revoked.  This can happen when the
   window the session is running in is killed.

Major changes between sudo 1.8.5b5 and 1.8.5b4:

 * Sudo can now detect when a user has logged out and back in
   again on Solaris 11 when tty-based time stamps are in use.

 * When debugging is enabled, calls to warning() or error() will
   now log the error string to the debug file.  The function, file
   and line number are also logger for warning(), warningx(), error()
   and errorx().

 * Fixed a bug where sudo would exit before calling the plugin
   close function when select() returns an error due to the
   terminal device being invalidated when the session is closed.
   This can happen when the window the session is running in is

Major changes between sudo 1.8.5b4 and 1.8.5b3:

 * Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers
   to sudo_noexec.c.

 * Fix compat setutxent and endutxent macros for systems with
   setutent() but not setutxent().

Major changes between sudo 1.8.5b3 and 1.8.5b2:

 * Updated the bundled zlib to version 1.2.6.

 * If the "timestampowner" user cannot be resolved, use ROOT_UID
   instead of exiting with a fatal error.

 * Fixed compiler warnings on some platforms.

 * Fix parsing of Path askpass and Path noexec in sudo.conf.

 * The cancel button on an askpass GUI program now exits the password
   prompt loop on PAM systems.

 * When initializing the environment for env_reset, start out with
   the contents of /etc/environment on AIX and login.conf on BSD.

 * Swedish sudo and sudoers translations from translationproject.org.

Major changes between sudo 1.8.5b2 and 1.8.5b1:

 * Fixed a potential double free exposed by changes in 1.8.5b1.

Major changes between sudo 1.8.5b1 and 1.8.4p4:

 * When "noexec" is enabled, sudo_noexec.so will now be prepended
   to any existing LD_PRELOAD variable instead of replacing it.

 * The user/group/mode checks on sudoers files have been relaxed.
   As long as the file is owned by the sudoers uid, not world-writable
   and not writable by a group other than the sudoers gid, the file
   is considered OK.  Note that visudo will still set the mode to
   the value specified at configure time.

 * It is now possible to specify the sudoers path, uid, gid and
   file mode as options to the plugin in the sudo.conf file.

 * Lithuanian and Vietnamese translations from translationproject.org.

 * /etc/environment is no longer read directly on Linux systems
   when PAM is used.  Sudo now merges the PAM environment into the
   user's environment which is typically set by the pam_env module.

 * The plugin API has been extended in three ways.  First, options
   specified in sudo.conf after the plugin pathname are passed to
   the plugin's open function.  Second, sudo has limited support
   for hooks that can be used by plugins.  Currently, the hooks are
   limited to environment handling functions.  Third, the init_session
   policy plugin function is passed a pointer to the user environment
   which can be updated during session setup.  The plugin API version
   has been incremented to version 1.2.  See the sudo_plugin manual
   for more information.

More information about the sudo-workers mailing list