[sudo-workers] sudo 1.8.23b3 released
Todd C. Miller
Todd.Miller at sudo.ws
Wed Apr 11 09:09:46 MDT 2018
The third beta version of sudo 1.8.23 is now available. In addition
to bug fixes, sudo 1.8.23 introduces the cvtsudoers utility which
can convert between sudoers formats and perform some basic filtering.
For a list of download mirror sites, see:
Sudo web site:
Sudo web site mirrors:
Major changes between sudo 1.8.23b3 and 1.8.23b2:
* The cvtsudoers utility now supports setting defaults types and
the suppression list in its config file.
* The cvtsudoers utility has a new "-p" option to prune non-matching
entries from the output when the "-m" option is also used.
* Fixed a problem with the process start time test in "make check"
when run in a Linux container. The test now uses the "btime"
field in /proc/stat to get the system start time instead of using
/proc/uptime, which is the container uptime. Bug #829.
* Sudoedit now checks the writability of a temporary directory
before using it. For example, if /var/tmp is not writable but
/tmp is, then /tmp will be used.
* If the cvtsudoers utility is given the -d option, any aliases
used by Defaults entries that are not being converted are omitted
from the output if they are otherwise unused.
* Updated translations from translationproject.org.
Major changes between sudo 1.8.23b2 and 1.8.23b1:
* Fixed a bug on some systems where sudo could hang on command
exit when I/O logging was enabled. Bug #826.
* The cvtsudoers utility has gained an option to control what type
of Defaults entries are translated.
* The sudoers.ldap manual now has a section on converting from
file-based sudoers to LDAP-based.
Major changes between sudo 1.8.23b1 and 1.8.22:
* PAM account management modules and BSD auto approval modules are
now run even when no password is required.
* For kernel-based time stamps, if no terminal is present, fall
back to parent-pid style time stamps.
* The new cvtsudoers utility replaces both the "sudoers2ldif" script
and the "visudo -x" functionality. It can read a file in either
sudoers or LDIF format and produce JSON, LDIF or sudoers output.
It is also possible to filter the generated output file by user,
group or host name.
* The file, ldap and sss sudoers backends now share a common set
of formatting functions for "sudo -l" output, which is also used
by the cvtsudoers utility.
* The /run directory is now used in preference to /var/run if it
exists. Bug #822.
* More accurate descriptions of the --with-rundir and --with-vardir
configure options. Bug #823.
* The setpassent() and setgroupent() functions are now used on systems
that support them to keep the passwd and group database open.
Sudo performs a lot of passwd and group lookups so it can be
beneficial to avoid opening and closing the files each time.
* The new case_insensitive_user and case_insensitive_group sudoers
options can be used to control whether sudo does case-sensitive
matching of users and groups in sudoers. Case insensitive
matching is now the default.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 801 bytes
Desc: not available
More information about the sudo-workers