[sudo-workers] sudo 1.8.18rc4 released

Todd C. Miller Todd.Miller at courtesan.com
Thu Sep 15 15:45:11 MDT 2016

Hash: SHA1

The fourth and hopefully final release candidate of sudo 1.8.18 is
now available.  This is primarily a bug fix release.  Unless a
show-stopper is found, sudo 1.8.18 will be released on Monday
September 19th.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.18rc4 and 1.8.18rc3:

 * Fixed an underflow introduced in 1.8.17 when trimming trailing
   whitespace from the ipa hostname in the SSSD backend.

 * Fixed matching entries in the LDAP and SSSD backends when a
   RunAsGroup is specified but no RunAsUser is present.

 * Fixed "sudo -l" output in the LDAP and SSSD backends when a
   RunAsGroup is specified but no RunAsUser is present.

Major changes between sudo 1.8.18rc3 and 1.8.18rc2:

 * Fixed a memory leak when the getdomainname(2) function fails.

 * Negated sudoHost attributes are now supported by the LDAP and
   SSSD backends.

Major changes between sudo 1.8.18rc2 and 1.8.18rc1:

 * Fixed a typo that broke short host name matching when the fqdn
   flag is enabled in sudoers.  Bug #757

 * Fixed a bug introduced in 1.8.18 that caused a hang when
   running a command in a pty when a stop signal was not always
   passed to the parent.

Major changes between sudo 1.8.18rc1 and 1.8.18b4:

 * Fixed a potential crash when auditing is enabled and the audit
   function fails with an error.  Bug #756

 * Norwegian Nynorsk translation for sudo from translationproject.org.

Major changes between sudo 1.8.18b4 and 1.8.18b3:

 * Fixed a bug on Linux where a 32-bit sudo binary could fail with
   an "unable to allocate memory" error when run on a 64-bit system.
   Bug #755

 * When parsing ldap.conf, sudo will now only treat a '#' character
   as the start of a comment when it is at the beginning of the

 * Fixed sudo's exit value when execution of the command fails.

Major changes between sudo 1.8.18b3 and 1.8.18b2:

 * Fixed a bug where "sudo -l command" would indicate that a command
   was runnable even when denied by sudoers when using the LDAP or
   SSSD backends.

 * The match_group_by_gid Defaults option has been added to allow
   sites where group name resolution is slow and where sudoers only
   contains a small number of groups to match groups by group ID
   instead of by group name.

Major changes between sudo 1.8.18b2 and 1.8.18b1:

 * Fixed a use-after-free bug in visudo introduced in sudo 1.8.18b1.

 * Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
   was not being restored when sudo directly executes the command.

Major changes between sudo 1.8.18b1 and 1.8.17p1:

 * The sudoers locale is now set before parsing the sudoers file.
   If sudoers_locale is set in sudoers, it is applied before
   evaluating other Defaults entries.  Previously, sudoers_locale
   was used when evaluating sudoers but not during the inital parse.
   Bug #748.

 * A missing or otherwise invalid #includedir is now ignored instead
   of causing a parse error.

 * During "make install", backup files are only used on HP-UX where
   it is not possible to unlink a shared object that is in use.
   This works around a bug in ldconfig on Linux which could create
   links to the backup shared library file instead of the current

 * Fixed a bug introduced in 1.8.17 where sudoers entries with long
   commands lines could be truncated, preventing a match.  Bug #752.

 * The fqdn, runas_default and sudoers_locale Defaults settings are
   now applied before any other Defaults settings since they can
   change how other Defaults settings are parsed.

 * On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
   flag is set, sudoedit now checks whether the file is a symbolic link
   before opening it as well as after the open.  Bug #753.

 * Sudo will now only resolve a user's group IDs to group names
   when sudoers includes group-based permissions.  Group lookups
   can be expensive on some systems where the group database is
   not local.

 * If the file system holding the sudo log file is full, allow
   the command to run unless the new ignore_logfile_errors Defaults
   option is disabled.  Bug #751.

 * The ignore_audit_errors and ignore_iolog_errors Defaults options
   have been added to control sudo's behavior when it is unable to
   write to the audit and I/O logs.
Version: GnuPG v1


More information about the sudo-workers mailing list