[sudo-workers] sudo 1.8.12rc1 released

Todd C. Miller Todd.Miller at courtesan.com
Tue Feb 3 13:00:37 MST 2015

Hash: SHA1

The first release candidate of sudo 1.8.12 is now available.

In addition to bug fixes, sudo 1.8.12 features an updated debug
framework where debugging for the plugins is now configured separately
from the sudo front-end.  Multiple debug files are supported per
program.  There is also new support for directly querying an LDAP
server for a user's netgroups.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.12rc1 and 1.8.12b3:

 * Removed a limit on the length of command line arguments expanded
   by a wild card using sudo's version of the fnmatch() function.
   This limit was introduced when sudo's version of fnmatch() was
   replaced in sudo 1.8.4.

 * LDAP-based sudoers can now query an LDAP server for a user's
   netgroups directly.  This is often much faster than fetching
   every sudoRole object containing a sudoUser that begins with a
   `+' prefix and checking whether the user is a member of any of
   the returned netgroups.

 * The mail_always sudoers option no longer sends mail for "sudo -l"
   or "sudo -v" unless the user is unable to authenticate themselves.

 * The NIS domain name is now retrieved correctly on Solaris when
   netgroups are in use.

Major changes between sudo 1.8.12b3 and 1.8.12b2:

 * French translation for sudoers from translationproject.org.

 * Sudo now installs a handler for SIGCHLD signal handler immediately
   before stating the process that will execute the command (or
   start the monitor).  The handler used to be installed earlier
   but this causes problems with poorly behaved PAM modules that
   install their own SIGCHLD signal handler and neglect to restore
   sudo's original handler.  Bug #657

 * The sudoers parser now enforces the restriction that command
   digests may only be specified for an actual path name.  This
   avoid a potential crash in the parser.

Major changes between sudo 1.8.12b2 and 1.8.12b1:

 * Updated translations from translationproject.org.

 * Visudo will now use the optional sudoers_file, sudoers_mode,
   sudoers_uid and sudoers_gid arguments if specified on the
   sudoers.so Plugin line in the sudo.conf file.

 * Fixed a problem introduced in sudo 1.8.8 that prevented the full
   host name from being used when the "fqdn" sudoers option is used.
   Bug #678

Major changes between sudo 1.8.12b1 and 1.8.11p2:

 * The embedded copy of zlib has been upgraded to version 1.2.8 and
   is now installed as a shared library where supported.

 * Debug settings for the sudo front end and sudoers plugin are now
   configured separately.

 * Multiple sudo.conf Debug entries may now be specified per program
   (or plugin).

 * The plugin API has been extended such that the path to the plugin
   that was loaded is now included in the settings array.  This
   path can be used to register with the debugging subsystem.  The
   debug_flags setting is now prefixed with a file name and may be
   specified multiple times if there is more than one matching Debug
   setting in sudo.conf.

 * The sudoers regression tests now run with the locale set to C
   since some of the tests compare output that includes locale-specific
   messages.  Bug #672

 * Fixed a bug where sudo would not run commands on Linux when
   compiled with audit support if audit is disabled.  Bug #671

 * Added __BASH_FUNC<* to the environment blacklist to match
   Apple's syntax for newer-style bash functions.

 * The default password prompt now includes a trailing space after
   "Password:" for consistency with su(1) on most systems.
   Bug #663

 * Fixed a problem on DragonFly BSD where SIGCHLD could be ignored,
   preventing sudo from exiting.  Bug #676
Version: GnuPG v1


More information about the sudo-workers mailing list