[sudo-workers] sudo 1.8.16rc1 released

Todd C. Miller Todd.Miller at courtesan.com
Thu Mar 10 09:26:57 MST 2016


The first release candidate of sudo 1.8.16 is now available.  This is
primarily a bug fix release.

Source:
    https://www.sudo.ws/sudo/dist/beta/sudo-1.8.16rc1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.16rc1.tar.gz

SHA256 checksum:
    d6ae0b90c80b6c9dfc7a89ad4d5ffabc85c1ee818104b058d0bbd8e70a68ec27
MD5 checksum:
    a564a8cdd02e322f4138500a0c2ffa42

Binary packages:
    https://www.sudo.ws/sudo/dist/beta/packages/index.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/sudo/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/sudo/

Sudo web site mirrors:
    https://www.sudo.ws/sudo/mirrors.html

Major changes between sudo 1.8.16rc1 and 1.8.16b2:

 * Updated translations from translationproject.org.

 * The PAM conversation function now works around an ambiguity in the
   PAM spec with respect to multiple messages.  Bug #726.

Major changes between sudo 1.8.16b2 and 1.8.16b1:

 * Fixed a compilation error on systems that have the posix_spawn()
   and posix_spawnp() functions but an unusable spawn.h header.
   Bug #730.

 * Fixed support for negating character classes in sudo's version
   of the fnmatch() function.

 * Fixed a bug in the LDAP and SSSD backends that could allow an
   unauthorized user to list another user's privileges.  Bug #738.

Major changes between sudo 1.8.16b1 and 1.8.15:

 * Fixed a compilation error on Solaris 10 with Stun Studio 12.
   Bug #727.

 * When preserving variables from the invoking user's environment, if
   there are duplicates sudo now only keeps the first instance.

 * Fixed a bug that could cause warning mail to be sent in list
   mode (sudo -l) for users without sudo privileges when the
   LDAP and sssd backends are used.

 * Fixed a bug that prevented the "mail_no_user" option from working
   properly with the LDAP backend.

 * In the LDAP and sssd backends, white space is now ignored between
   an operator (!, +, +=, -=) when parsing a sudoOption.

 * It is now possible to disable Path settings in sudo.conf
   by omitting the path name.

 * The sudoedit_checkdir Defaults option is now enabled by default
   and has been extended.  When editing files with sudoedit, each
   directory in the path to be edited is now checked.  If a directory
   is writable by the invoking user, symbolic links will not be
   followed.  If the parent directory of the file to be edited is
   writable, sudoedit will refuse to edit it.
   Bug #707.

 * The netgroup_tuple Defaults option has been added to enable matching
   of the entire netgroup tuple, not just the host or user portion.
   Bug #717.

 * When matching commands based on the SHA2 digest, sudo will now
   use fexecve(2) to execute the command if it is available.  This
   fixes a time of check versus time of use race condition when the
   directory holding the command is writable by the invoking user.

 * On AIX systems, sudo now caches the auth registry string along
   with password and group information.  This fixes a potential
   problem when a user or group of the same name exists in multiple
   auth registries.  For example, local and LDAP.

 * Fixed a crash in the SSSD backend when the invoking user is not
   found.  Bug #732.

 * Added the --enable-asan configure flag to enable address sanitizer
   support.  A few minor memory leaks have been plugged to quiet
   the ASAN leak detector.

 * The value of _PATH_SUDO_CONF may once again be overridden via
   the Makefile.  Bug #735.

 * The sudoers2ldif script now handles multiple roles with same name.


More information about the sudo-workers mailing list