[sudo-workers] sudo 1.8.17rc2 released
Todd C. Miller
Todd.Miller at courtesan.com
Mon Jun 13 08:35:59 MDT 2016
The second release candidate for sudo 1.8.17 is now available. This
is primarily a bug fix release. Unless a major issue is found,
sudo 1.8.17 will be relased next week.
Source:
https://www.sudo.ws/sudo/dist/beta/sudo-1.8.17rc2.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.17rc2.tar.gz
SHA256 checksum:
08cd7294bc6ccc5ba41cae5c1ed6c9c8f8cae9d978cccac2ddba8f9f0981fe9d
MD5 checksum:
88e5d2ac0aac940fef3917b2ab41ff75
Binary packages:
https://www.sudo.ws/sudo/dist/beta/packages/index.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/sudo/download_mirrors.html
Sudo web site:
https://www.sudo.ws/sudo/
Sudo web site mirrors:
https://www.sudo.ws/sudo/mirrors.html
Major changes between sudo 1.8.17rc2 and 1.8.17rc1:
* LDAP sudoers doesn't support negated users, groups or netgroups
don't try to support them in the sssd backend.
Major changes between sudo 1.8.17rc1 and 1.8.17b4:
* Fixed a hang on some systems when the command is being run in
a pty and it failed to execute.
* When performing a wildcard match in sudoers, check for an exact
string match if the user command was fully-qualified (or resolved
via the PATH). This fixes an issue executing scripts on Linux
when there are multiple wildcard matches with the same base name.
Bug #746.
Major changes between sudo 1.8.17b4 and 1.8.17b3:
* Documentation fixes.
* The sssd backend now properly handles "sudo -U otheruser -l"
* The sssd backend now uses the value of "ipa_hostname" from
sssd.conf, if specified.
Major changes between sudo 1.8.17b3 and 1.8.17b2:
* Fixed a crash on glibc systems when printing an error message.
Major changes between sudo 1.8.17b2 and 1.8.17b1:
* Forward slashes are no longer escaped in the JSON output of
"visudo -x". This was never required by the standard and not
escaping them improves readability of the output.
* Sudo no longer treats PAM_SESSION_ERR as a fatal error when
opening the PAM session. Other errors from pam_open_session()
are still treated as fatal. This avoids the "policy plugin
failed session initialization" error message seen on some systems.
* Korean translation for sudo and sudoers from translationproject.org.
Major changes between sudo 1.8.17b1 and 1.8.16:
* On AIX, if /etc/security/login.cfg has auth_type set to PAM_AUTH
but pam_start(3) fails, fall back to AIX authentication.
Bug #740.
* Sudo now takes all sudoers sources into account when determining
whether or not "sudo -l" or "sudo -b" should prompt for a password.
In other words, if both file and ldap sudoers sources are in
specified in /etc/nsswitch.conf, "sudo -v" will now require that
all entries in both sources be have NOPASSWD (file) or !authenticate
(ldap) in the entries.
* Sudo now ignores SIGPIPE until the command is executed. Previously,
SIGPIPE was only ignored in a few select places. Bug #739.
* Fixed a bug introduced in sudo 1.8.14 where (non-syslog) log
file entries were missing the newline when loglinelen is set to
a non-positive number. Bug #742.
* Unix groups are now set before the plugin session intialization
code is run. This makes it possible to use dynamic groups with
the Linux-PAM pam_group module.
* Fixed a bug where a debugging statement could dereference a NULL
pointer when looking up a group that doesn't exist. Bug #743.
* Sudo has been run through the Coverity code scanner. A number of
minor bugs have been fixed as a result. None were security issues.
* SELinux support, which was broken in 1.8.16, has been repaired.
* Fixed a bug when logging I/O where all output buffers might not
get flushed at exit.
More information about the sudo-workers
mailing list