[sudo-workers] sudo 1.8.12rc1 released

Todd C. Miller Todd.Miller at courtesan.com
Tue Feb 3 13:00:37 MST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The first release candidate of sudo 1.8.12 is now available.

In addition to bug fixes, sudo 1.8.12 features an updated debug
framework where debugging for the plugins is now configured separately
from the sudo front-end.  Multiple debug files are supported per
program.  There is also new support for directly querying an LDAP
server for a user's netgroups.

Source:
    http://www.sudo.ws/sudo/dist/beta/sudo-1.8.12rc1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.12rc1.tar.gz

SHA256 checksum:
    56ffa65245ce3e7a7f8a359c888a5e38936aee08f59f36c3c86d3664de47568f
MD5 checksum:
    9989638e94592397606f247f8db05cdb

Binary packages:
    http://www.sudo.ws/sudo/dist/beta/packages/index.html#binary

For a list of download mirror sites, see:
    http://www.sudo.ws/sudo/download_mirrors.html

Sudo web site:
    http://www.sudo.ws/sudo/

Sudo web site mirrors:
    http://www.sudo.ws/sudo/mirrors.html

Major changes between sudo 1.8.12rc1 and 1.8.12b3:

 * Removed a limit on the length of command line arguments expanded
   by a wild card using sudo's version of the fnmatch() function.
   This limit was introduced when sudo's version of fnmatch() was
   replaced in sudo 1.8.4.

 * LDAP-based sudoers can now query an LDAP server for a user's
   netgroups directly.  This is often much faster than fetching
   every sudoRole object containing a sudoUser that begins with a
   `+' prefix and checking whether the user is a member of any of
   the returned netgroups.

 * The mail_always sudoers option no longer sends mail for "sudo -l"
   or "sudo -v" unless the user is unable to authenticate themselves.

 * The NIS domain name is now retrieved correctly on Solaris when
   netgroups are in use.

Major changes between sudo 1.8.12b3 and 1.8.12b2:

 * French translation for sudoers from translationproject.org.

 * Sudo now installs a handler for SIGCHLD signal handler immediately
   before stating the process that will execute the command (or
   start the monitor).  The handler used to be installed earlier
   but this causes problems with poorly behaved PAM modules that
   install their own SIGCHLD signal handler and neglect to restore
   sudo's original handler.  Bug #657

 * The sudoers parser now enforces the restriction that command
   digests may only be specified for an actual path name.  This
   avoid a potential crash in the parser.

Major changes between sudo 1.8.12b2 and 1.8.12b1:

 * Updated translations from translationproject.org.

 * Visudo will now use the optional sudoers_file, sudoers_mode,
   sudoers_uid and sudoers_gid arguments if specified on the
   sudoers.so Plugin line in the sudo.conf file.

 * Fixed a problem introduced in sudo 1.8.8 that prevented the full
   host name from being used when the "fqdn" sudoers option is used.
   Bug #678

Major changes between sudo 1.8.12b1 and 1.8.11p2:

 * The embedded copy of zlib has been upgraded to version 1.2.8 and
   is now installed as a shared library where supported.

 * Debug settings for the sudo front end and sudoers plugin are now
   configured separately.

 * Multiple sudo.conf Debug entries may now be specified per program
   (or plugin).

 * The plugin API has been extended such that the path to the plugin
   that was loaded is now included in the settings array.  This
   path can be used to register with the debugging subsystem.  The
   debug_flags setting is now prefixed with a file name and may be
   specified multiple times if there is more than one matching Debug
   setting in sudo.conf.

 * The sudoers regression tests now run with the locale set to C
   since some of the tests compare output that includes locale-specific
   messages.  Bug #672

 * Fixed a bug where sudo would not run commands on Linux when
   compiled with audit support if audit is disabled.  Bug #671

 * Added __BASH_FUNC<* to the environment blacklist to match
   Apple's syntax for newer-style bash functions.

 * The default password prompt now includes a trailing space after
   "Password:" for consistency with su(1) on most systems.
   Bug #663

 * Fixed a problem on DragonFly BSD where SIGCHLD could be ignored,
   preventing sudo from exiting.  Bug #676
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlTRKCMACgkQWonfon7kcMR5agCcCEfGPih7uaeyP0XMtgJ7af3X
NGUAoOYb50NKdHaPGgIO51/DWU8FBSi1
=mYkA
-----END PGP SIGNATURE-----


More information about the sudo-workers mailing list