[sudo-workers] sudo 1.8.10b4 released

Todd C. Miller Todd.Miller at courtesan.com
Tue Feb 11 16:48:19 MST 2014


The fourth beta version of sudo 1.8.10 is now available.  The biggest
change in 1.8.10 is a new time stamp file format that uses the
monotonic clock where available.

Source:
    http://www.sudo.ws/sudo/dist/beta/sudo-1.8.10b4.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.10b4.tar.gz

SHA256 checksum:
    0845683857a01a8a0d552312ebf92b937211c99c0a898ec62e3a20d3f49492bb
MD5 checksum:
    4614fa9d9ead19a0e01964a4a0cf5094

Binary packages:
    http://www.sudo.ws/sudo/dist/beta/packages/index.html#binary

For a list of download mirror sites, see:
    http://www.sudo.ws/sudo/download_mirrors.html

Sudo web site:
    http://www.sudo.ws/sudo/

Sudo web site mirrors:
    http://www.sudo.ws/sudo/mirrors.html

Major changes between sudo 1.8.10b4 and 1.8.10b3:

 * Updated translations from translationproject.org.

 * Fixed a hang (infinite stack recursion) in the getenv() hook on
   HP-UX when sudo was built with gcc and linked with the LDAP
   libraries.

Major changes between sudo 1.8.10b3 and 1.8.10b2:

 * LDAP-based sudoers now uses a default search filter of
   (objectClass=sudoRole) for more efficient queries.  The netgroup
   query has been modified to avoid falling below the minimum length
   for OpenLDAP substring indices.

 * The new "use_netgroups" sudoers option can be used to explicitly
   enable or disable netgroups support.  For LDAP-based sudoers,
   netgroup support requires an expensive substring match on the
   server.  If netgroups are not needed, this option can be disabled
   to reduce the load on the LDAP server.

Major changes between sudo 1.8.10b2 and 1.8.10b1:

 * Sudo now uses inet_pton() for decoding IPv4 addresses.  A
   version is included for systems without it.

 * If sudo was started in the background and needed to prompt for
   a password, it was not possible to suspend it at the password
   prompt.  This now works properly.

Major changes between sudo 1.8.10b1 and 1.8.9:

 * It is now possible to disable network interface probing in
   sudo.conf by changing the value of the probe_interfaces
   setting.

 * When listing a user's privileges (sudo -l), the sudoers plugin
   will now prompt for the user's password even if the targetpw,
   rootpw or runaspw options are set.

 * The sudoers plugin uses a new format for its time stamp files.
   Each user now has a single file which may contain multiple records
   when per-tty time stamps are in use (the default).  The time
   stamps use a monotonic timer where available and are once again
   located in a directory under /var/run.  The lecture status is
   now stored separately from the time stamps in a different directory.

 * sudo's -K option will now remove all of the user's time stamps,
   not just the time stamp for the current terminal.  The -k option
   can be used to only disable time stamps for the current terminal.


More information about the sudo-workers mailing list