[sudo-workers] sudo 1.8.20rc1 released

Thu Apr 27 13:39:40 MDT 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The first release candidate for sudo 1.8.20 is now available.

Source:
    https://www.sudo.ws/sudo/dist/beta/sudo-1.8.20rc1.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.20rc1.tar.gz

SHA256 checksum:
    94e1aba09955f386ecc900263870aa06725b64e36af27acfa695ea70fdb1a5b2
MD5 checksum:
    db09a5583d5873bdecb8f5af4ba70cb1

Binary packages:
    https://www.sudo.ws/sudo/dist/beta/packages/index.html#binary

For a list of download mirror sites, see:
    https://www.sudo.ws/sudo/download_mirrors.html

Sudo web site:
    https://www.sudo.ws/sudo/

Sudo web site mirrors:
    https://www.sudo.ws/sudo/mirrors.html

Major changes between sudo 1.8.20b2 and 1.8.20rc1:

 * Fixed a typo that resulted in a compilation error on systems
   where the killpg() function is not found by configure.

 * Fixed a compilation error with the included version of zlib
   when sudo was built outside the source tree.

 * Fixed the exit value of sudo when the command is terminated by
   a signal other than SIGINT.  This was broken in sudo 1.8.15 by
   the fix for Bug #722.  Bug #784.

Major changes between sudo 1.8.20b1 and 1.8.20b2:

 * Updated translations from translationproject.org.

 * Fixed a use after free bug in the SSSD backend when the fqdn
   sudoOption is set and no hostname value is present in sssd.conf.

Major changes between sudo 1.8.19p2 and 1.8.20b1:

 * Added support for SASL_MECH in ldap.conf. Bug #764

 * Added support for digest matching when the command is a glob-style
   pattern or a directory. Previously, only explicit path matches
   supported digest checks.

 * New "fdexec" Defaults option to control whether a command
   is executed by path or by open file descriptor.

 * The embedded copy of zlib has been upgraded to version 1.2.11.

 * Fixed a bug that prevented sudoers include files with a relative
   path starting with the letter 'i' from being opened.  Bug #776.

 * Added support for command timeouts in sudoers.  The command will
   be terminated if the timeout expires.

 * The SELinux role and type are now displayed in the "sudo -l"
   output for the LDAP and SSSD backends, just as they are in the
   sudoers backend.

 * A new command line option, -T, can be used to specify a command
   timeout as long as the user-specified timeout is not longer than
   the timeout specified in sudoers.  This option may only be
   used when the "user_command_timeouts" flag is enabled in sudoers.

 * Added NOTBEFORE and NOTAFTER command options to the sudoers
   backend similar to what is already available in the LDAP backend.

 * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
   crypt instead of the SHA2 implementation bundled with sudo.

 * Fixed a compilation error on systems without the stdbool.h header
   file.  Bug #778.

 * Fixed a compilation error in the standalone Kerberos V authentication
   module.  Bug #777.

 * Added the iolog_flush flag to sudoers which causes I/O log data
   to be written immediately to disk instead of being buffered.

 * I/O log files are now created with group ID 0 by default unless
   the "iolog_user" or "iolog_group" options are set in sudoers.

 * It is now possible to store I/O log files on an NFS-mounted
   file system where uid 0 is remapped to an unprivileged user.
   The "iolog_user" option must be set to a non-root user and the
   top-level I/O log directory must exist and be owned by that user.

 * Added the restricted_env_file setting to sudoers which is similar
   to env_file but its contents are subject to the same restrictions
   as variables in the invoking user's environment.
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAlkCR+4ACgkQWonfon7kcMQI9QCgzdyOuPX+ImYEZCQDpu/P1tti
WmcAniXTOwtV3BQaTf165389P2PVYTo5
=1L+l
-----END PGP SIGNATURE-----