[sudo-workers] sudo 1.8.16rc1 released
Todd C. Miller
Todd.Miller at courtesan.com
Thu Mar 10 09:26:57 MST 2016
The first release candidate of sudo 1.8.16 is now available. This is
primarily a bug fix release.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.16rc1 and 1.8.16b2:
* Updated translations from translationproject.org.
* The PAM conversation function now works around an ambiguity in the
PAM spec with respect to multiple messages. Bug #726.
Major changes between sudo 1.8.16b2 and 1.8.16b1:
* Fixed a compilation error on systems that have the posix_spawn()
and posix_spawnp() functions but an unusable spawn.h header.
* Fixed support for negating character classes in sudo's version
of the fnmatch() function.
* Fixed a bug in the LDAP and SSSD backends that could allow an
unauthorized user to list another user's privileges. Bug #738.
Major changes between sudo 1.8.16b1 and 1.8.15:
* Fixed a compilation error on Solaris 10 with Stun Studio 12.
* When preserving variables from the invoking user's environment, if
there are duplicates sudo now only keeps the first instance.
* Fixed a bug that could cause warning mail to be sent in list
mode (sudo -l) for users without sudo privileges when the
LDAP and sssd backends are used.
* Fixed a bug that prevented the "mail_no_user" option from working
properly with the LDAP backend.
* In the LDAP and sssd backends, white space is now ignored between
an operator (!, +, +=, -=) when parsing a sudoOption.
* It is now possible to disable Path settings in sudo.conf
by omitting the path name.
* The sudoedit_checkdir Defaults option is now enabled by default
and has been extended. When editing files with sudoedit, each
directory in the path to be edited is now checked. If a directory
is writable by the invoking user, symbolic links will not be
followed. If the parent directory of the file to be edited is
writable, sudoedit will refuse to edit it.
* The netgroup_tuple Defaults option has been added to enable matching
of the entire netgroup tuple, not just the host or user portion.
* When matching commands based on the SHA2 digest, sudo will now
use fexecve(2) to execute the command if it is available. This
fixes a time of check versus time of use race condition when the
directory holding the command is writable by the invoking user.
* On AIX systems, sudo now caches the auth registry string along
with password and group information. This fixes a potential
problem when a user or group of the same name exists in multiple
auth registries. For example, local and LDAP.
* Fixed a crash in the SSSD backend when the invoking user is not
found. Bug #732.
* Added the --enable-asan configure flag to enable address sanitizer
support. A few minor memory leaks have been plugged to quiet
the ASAN leak detector.
* The value of _PATH_SUDO_CONF may once again be overridden via
the Makefile. Bug #735.
* The sudoers2ldif script now handles multiple roles with same name.
More information about the sudo-workers