[sudo-workers] sudo 1.8.8b3 available
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 3 20:40:08 MDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
The third beta version of sudo 1.8.8 is now available.
Major changes between sudo 1.8.8b3 and 1.8.8b2:
* Fixed a bug introduced in sudo 1.8.7 where the indexes written
to the timing file were incorrect. Sudoreplay includes a work
around for replaying files written by sudo 1.8.7.
Major changes between sudo 1.8.8b2 and 1.8.8b1:
* French translation for sudo from translationproject.org.
* Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
which causes issues with some programs.
* Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
* Root may no longer change its SELinux role without entering a
Major changes between sudo 1.8.8b1 and 1.8.7:
* Removed a warning on PAM systems with stacked auth modules
where the first module on the stack does not succeed.
* Sudo, sudoreplay and visudo now support GNU-style long options.
* The -h (--host) option may now be used to specify a host name.
This is currently only used by the sudoers plugin in conjunction
with the -l (--list) option.
* Program usage messages and manual SYNOPSIS sections have been
* Sudo's LDAP SASL support now works properly with Kerberos.
Previously, the SASL library was unable to locate the user's
* It is now possible to set the nproc resource limit to unlimited
via pam_limits on Linux (bug #565).
* New "pam_service" and "pam_login_service" sudoers options
that can be used to specify the PAM service name to use.
* New "pam_session" and "pam_setcred" sudoers options that
can be used to disable PAM session and credential support.
* The sudoers plugin now properly supports UIDs and GIDs
that are larger than 0x7fffffff on 32-bit platforms.
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group
Defaults entries would cause an internal error.
* If the "tty_tickets" sudoers option is enabled (the default),
but there is no tty present, sudo will now use a ticket file
based on the parent process ID. This makes it possible to support
the normal timeout behavior for the session.
* Fixed a problem running commands that change their process
group and then attempt to change the terminal settings when not
running the command in a pseudo-terminal. Previously, the process
would receive SIGTTOU since it was effectively a background
process. Sudo will now grant the child the controlling tty and
continue it when this happens.
* The "closefrom_override" sudoers option may now be used in
a command-specified Defaults entry (bug #610).
* Sudo's BSM audit support now works on Solaris 11.
* Brazilian Portuguese translation for sudo and sudoers from
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the sudo-workers