[sudo-workers] sudo 1.8.10rc3 released

Todd C. Miller Todd.Miller at courtesan.com
Fri Mar 7 09:24:54 MST 2014

The third release candidate for sudo 1.8.10 is now available.  Unless
a show stopper is found, sudo 1.8.10 will be released on Monday
March 10th.  The biggest change in sudo 1.8.10 is a new time stamp
file format that uses the monotonic clock where available.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.10rc3 and 1.8.10rc2:

 * Catalan translation for sudo and Czech translation for sudoers
   from translationproject.org.

 * The JSON format used by "visudo -x" now properly supports the
   negation operator.  In addition, the Options object is now the
   same for both Defaults and Cmnd_Specs.

Major changes between sudo 1.8.10rc2 and 1.8.10rc1:

 * Serbian translation for sudoers from translationproject.org.

 * When exporting sudoers in JSON format, visudo now uses the same
   type of Options object for both Defaults and Cmnd_Specs.

 * Fixed the conversion of the timestamp_timeout from double to
   struct timespec when it contains fractional seconds.

Major changes between sudo 1.8.10rc1 and 1.8.10b4:

 * Updated translations from translationproject.org.

 * Sudo is once again able to open the sudoers file when the group
   on sudoers doesn't match the expected value, so long as the file
   is not group writable.

 * Sudo now installs an init.d script to clear the time stamp
   directory at boot time on AIX and HP-UX systems.  These systems
   either lack /var/run or do not clear it on boot.

Major changes between sudo 1.8.10b4 and 1.8.10b3:

 * Updated translations from translationproject.org.

 * Fixed a hang (infinite stack recursion) in the getenv() hook on
   HP-UX when sudo was built with gcc and linked with the LDAP

Major changes between sudo 1.8.10b3 and 1.8.10b2:

 * LDAP-based sudoers now uses a default search filter of
   (objectClass=sudoRole) for more efficient queries.  The netgroup
   query has been modified to avoid falling below the minimum length
   for OpenLDAP substring indices.

 * The new "use_netgroups" sudoers option can be used to explicitly
   enable or disable netgroups support.  For LDAP-based sudoers,
   netgroup support requires an expensive substring match on the
   server.  If netgroups are not needed, this option can be disabled
   to reduce the load on the LDAP server.

Major changes between sudo 1.8.10b2 and 1.8.10b1:

 * Sudo now uses inet_pton() for decoding IPv4 addresses.  A
   version is included for systems without it.

 * If sudo was started in the background and needed to prompt for
   a password, it was not possible to suspend it at the password
   prompt.  This now works properly.

Major changes between sudo 1.8.10b1 and 1.8.9:

 * It is now possible to disable network interface probing in
   sudo.conf by changing the value of the probe_interfaces

 * When listing a user's privileges (sudo -l), the sudoers plugin
   will now prompt for the user's password even if the targetpw,
   rootpw or runaspw options are set.

 * The sudoers plugin uses a new format for its time stamp files.
   Each user now has a single file which may contain multiple records
   when per-tty time stamps are in use (the default).  The time
   stamps use a monotonic timer where available and are once again
   located in a directory under /var/run.  The lecture status is
   now stored separately from the time stamps in a different directory.

 * sudo's -K option will now remove all of the user's time stamps,
   not just the time stamp for the current terminal.  The -k option
   can be used to only disable time stamps for the current terminal.

More information about the sudo-workers mailing list