[sudo-workers] sudo 1.8.18rc4 released
Todd C. Miller
Todd.Miller at courtesan.com
Thu Sep 15 15:45:11 MDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The fourth and hopefully final release candidate of sudo 1.8.18 is
now available. This is primarily a bug fix release. Unless a
show-stopper is found, sudo 1.8.18 will be released on Monday
September 19th.
Source:
https://www.sudo.ws/sudo/dist/beta/sudo-1.8.18rc4.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.18rc4.tar.gz
SHA256 checksum:
c0c0f3015dc3aafe758eabda9977d6fc1762ada5e0efdb25a5be75d92d27c773
MD5 checksum:
85190c2f382444e1a1032d5fea5bc161
Binary packages:
https://www.sudo.ws/sudo/dist/beta/packages/index.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/sudo/download_mirrors.html
Sudo web site:
https://www.sudo.ws/sudo/
Sudo web site mirrors:
https://www.sudo.ws/sudo/mirrors.html
Major changes between sudo 1.8.18rc4 and 1.8.18rc3:
* Fixed an underflow introduced in 1.8.17 when trimming trailing
whitespace from the ipa hostname in the SSSD backend.
* Fixed matching entries in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
* Fixed "sudo -l" output in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
Major changes between sudo 1.8.18rc3 and 1.8.18rc2:
* Fixed a memory leak when the getdomainname(2) function fails.
* Negated sudoHost attributes are now supported by the LDAP and
SSSD backends.
Major changes between sudo 1.8.18rc2 and 1.8.18rc1:
* Fixed a typo that broke short host name matching when the fqdn
flag is enabled in sudoers. Bug #757
* Fixed a bug introduced in 1.8.18 that caused a hang when
running a command in a pty when a stop signal was not always
passed to the parent.
Major changes between sudo 1.8.18rc1 and 1.8.18b4:
* Fixed a potential crash when auditing is enabled and the audit
function fails with an error. Bug #756
* Norwegian Nynorsk translation for sudo from translationproject.org.
Major changes between sudo 1.8.18b4 and 1.8.18b3:
* Fixed a bug on Linux where a 32-bit sudo binary could fail with
an "unable to allocate memory" error when run on a 64-bit system.
Bug #755
* When parsing ldap.conf, sudo will now only treat a '#' character
as the start of a comment when it is at the beginning of the
line.
* Fixed sudo's exit value when execution of the command fails.
Major changes between sudo 1.8.18b3 and 1.8.18b2:
* Fixed a bug where "sudo -l command" would indicate that a command
was runnable even when denied by sudoers when using the LDAP or
SSSD backends.
* The match_group_by_gid Defaults option has been added to allow
sites where group name resolution is slow and where sudoers only
contains a small number of groups to match groups by group ID
instead of by group name.
Major changes between sudo 1.8.18b2 and 1.8.18b1:
* Fixed a use-after-free bug in visudo introduced in sudo 1.8.18b1.
* Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
was not being restored when sudo directly executes the command.
Major changes between sudo 1.8.18b1 and 1.8.17p1:
* The sudoers locale is now set before parsing the sudoers file.
If sudoers_locale is set in sudoers, it is applied before
evaluating other Defaults entries. Previously, sudoers_locale
was used when evaluating sudoers but not during the inital parse.
Bug #748.
* A missing or otherwise invalid #includedir is now ignored instead
of causing a parse error.
* During "make install", backup files are only used on HP-UX where
it is not possible to unlink a shared object that is in use.
This works around a bug in ldconfig on Linux which could create
links to the backup shared library file instead of the current
one.
* Fixed a bug introduced in 1.8.17 where sudoers entries with long
commands lines could be truncated, preventing a match. Bug #752.
* The fqdn, runas_default and sudoers_locale Defaults settings are
now applied before any other Defaults settings since they can
change how other Defaults settings are parsed.
* On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
flag is set, sudoedit now checks whether the file is a symbolic link
before opening it as well as after the open. Bug #753.
* Sudo will now only resolve a user's group IDs to group names
when sudoers includes group-based permissions. Group lookups
can be expensive on some systems where the group database is
not local.
* If the file system holding the sudo log file is full, allow
the command to run unless the new ignore_logfile_errors Defaults
option is disabled. Bug #751.
* The ignore_audit_errors and ignore_iolog_errors Defaults options
have been added to control sudo's behavior when it is unable to
write to the audit and I/O logs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlfbFmMACgkQWonfon7kcMQxegCgl+/f1iQBLPZ5gvDrHp1vFhp2
hhAAniAPw2P0+z6Djji2UnCV7JDteqVm
=ZJ9z
-----END PGP SIGNATURE-----
More information about the sudo-workers
mailing list