[sudo-workers] sudo 1.8.22b1 released
michael at felt.demon.nl
Sat Dec 9 01:21:13 MST 2017
On 03/12/2017 16:56, Todd C. Miller wrote:
> The first beta version of sudo 1.8.22 is now available. Sudo 1.8.22
> is a bug fix release. It fixes some long-standing issues with job
> control when I/O logging is enabled.
Tiny thing (when cloned via git!) - no ChangeLog, make install fails with:
cp: cannot stat '../../src/sudo-rbac-1.8.22b1/ChangeLog': No such file
(This was meant to be first, but sending failed).
> SHA256 checksum:
> MD5 checksum:
> Binary packages:
> For a list of download mirror sites, see:
> Sudo web site:
> Sudo web site mirrors:
> Major changes between sudo 1.8.22b1 and 1.8.21p2:
> * Commands run in the background from a script run via sudo will
> no longer receive SIGHUP when the parent exits and I/O logging
> is enabled. Bug #502
> * A particularly offensive insult is now disabled by default.
> Bug #804
> * The description of "sudo -i" now correctly documents that
> the "env_keep" and "env_check" sudoers options are applied to
> the environment. Bug #806
> * Fixed a crash when the system's host name is not set.
> Bug #807
> * The sudoers2ldif script now handles #include and #includedir
> * Fixed a bug where sudo would silently exit when the command was
> not allowed by sudoers and the "passwd_tries" sudoers option
> was set to a value less than one.
> * Fixed a bug with the "listpw" and "verifypw" sudoers options and
> multiple sudoers sources. If the option is set to "all", a
> password should be required unless none of a user's sudoers
> entries from any source require authentication.
> * Fixed a bug with the "listpw" and "verifypw" sudoers options in
> the LDAP and SSSD back-ends. If the option is set to "any", and
> the entry contained multiple rules, only the first matching rule
> was checked. If an entry contained more than one matching rule
> and the first rule required authentication but a subsequent rule
> did not, sudo would prompt for a password when it should not have.
> * When running a command as the invoking user (not root), sudo
> would execute the command with the same group vector it was
> started with. Sudo now executes the command with a new group
> vector based on the group database which is consistent with
> how su(1) operates.
> * Fixed a double free in the SSSD back-end that could occur when
> ipa_hostname is present in sssd.conf and is set to an unqualified
> host name.
> * When I/O logging is enabled, sudo will now write to the terminal
> even when it is a background process. Previously, sudo would
> only write to the tty when it was the foreground process when
> I/O logging was enabled. If the TOSTOP terminal flag is set,
> sudo will suspend the command (and then itself) with the SIGTTOU
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-workers