[sudo-workers] sudo 1.8.12rc1 released
Todd C. Miller
Todd.Miller at courtesan.com
Tue Feb 3 13:00:37 MST 2015
-----BEGIN PGP SIGNED MESSAGE-----
The first release candidate of sudo 1.8.12 is now available.
In addition to bug fixes, sudo 1.8.12 features an updated debug
framework where debugging for the plugins is now configured separately
from the sudo front-end. Multiple debug files are supported per
program. There is also new support for directly querying an LDAP
server for a user's netgroups.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.12rc1 and 1.8.12b3:
* Removed a limit on the length of command line arguments expanded
by a wild card using sudo's version of the fnmatch() function.
This limit was introduced when sudo's version of fnmatch() was
replaced in sudo 1.8.4.
* LDAP-based sudoers can now query an LDAP server for a user's
netgroups directly. This is often much faster than fetching
every sudoRole object containing a sudoUser that begins with a
`+' prefix and checking whether the user is a member of any of
the returned netgroups.
* The mail_always sudoers option no longer sends mail for "sudo -l"
or "sudo -v" unless the user is unable to authenticate themselves.
* The NIS domain name is now retrieved correctly on Solaris when
netgroups are in use.
Major changes between sudo 1.8.12b3 and 1.8.12b2:
* French translation for sudoers from translationproject.org.
* Sudo now installs a handler for SIGCHLD signal handler immediately
before stating the process that will execute the command (or
start the monitor). The handler used to be installed earlier
but this causes problems with poorly behaved PAM modules that
install their own SIGCHLD signal handler and neglect to restore
sudo's original handler. Bug #657
* The sudoers parser now enforces the restriction that command
digests may only be specified for an actual path name. This
avoid a potential crash in the parser.
Major changes between sudo 1.8.12b2 and 1.8.12b1:
* Updated translations from translationproject.org.
* Visudo will now use the optional sudoers_file, sudoers_mode,
sudoers_uid and sudoers_gid arguments if specified on the
sudoers.so Plugin line in the sudo.conf file.
* Fixed a problem introduced in sudo 1.8.8 that prevented the full
host name from being used when the "fqdn" sudoers option is used.
Major changes between sudo 1.8.12b1 and 1.8.11p2:
* The embedded copy of zlib has been upgraded to version 1.2.8 and
is now installed as a shared library where supported.
* Debug settings for the sudo front end and sudoers plugin are now
* Multiple sudo.conf Debug entries may now be specified per program
* The plugin API has been extended such that the path to the plugin
that was loaded is now included in the settings array. This
path can be used to register with the debugging subsystem. The
debug_flags setting is now prefixed with a file name and may be
specified multiple times if there is more than one matching Debug
setting in sudo.conf.
* The sudoers regression tests now run with the locale set to C
since some of the tests compare output that includes locale-specific
messages. Bug #672
* Fixed a bug where sudo would not run commands on Linux when
compiled with audit support if audit is disabled. Bug #671
* Added __BASH_FUNC<* to the environment blacklist to match
Apple's syntax for newer-style bash functions.
* The default password prompt now includes a trailing space after
"Password:" for consistency with su(1) on most systems.
* Fixed a problem on DragonFly BSD where SIGCHLD could be ignored,
preventing sudo from exiting. Bug #676
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the sudo-workers