[sudo-workers] sudo 1.8.24b4 released
Todd C. Miller
Todd.Miller at sudo.ws
Mon Aug 6 18:19:27 MDT 2018
The fourth beta version of sudo 1.8.24 is now available. I expect
to have a release candidate early next week.
Sudo 1.8.24 builds on the changes in 1.8.23 to merge the LDAP/SSSD
and file-based lookup code. This has allowed the removal almost
1,500 lines of code from the LDAP and SSSD backends.
If you rely on the LDAP or SSSD backends, please do give the 1.8.24
beta a try if you are able to.
Source:
https://www.sudo.ws/dist/beta/sudo-1.8.24b4.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.24b4.tar.gz
SHA256 checksum:
bfbdcf08ee3f335fc84fbcdd92aba8523f37cc90d407df24c895314582832ed0
MD5 checksum:
7910081826281419be8f771a2fdc9816
Binary packages:
https://www.sudo.ws/dist/beta/packages/index.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.8.24b4 and 1.8.24b3:
* Fixed a compilation warning on FreeBSD.
* Refactored the code that converts a Defaults list to command
tags. The LDAP and SSSD backends now always store sudoOptions
in a per-privilege Defaults list which are converted to tags
for "sudo -l" at output time.
* Updated translations from translationproject.org.
Major changes between sudo 1.8.24b3 and 1.8.24b2:
* Fixed a regression that prevented sudoOption attributes
in a sudoRole with a sudoCommand from taking effect.
* Updated translations from translationproject.org.
Major changes between sudo 1.8.24b2 and 1.8.24b1:
* Fixed a race condition when building with parallel make.
Bug #842
* Fixed a duplicate free when netgroup_base in ldap.conf is set
to an invalid value.
* Fixed a group lookup bug on Linux introduced in sudo 1.8.24b1.
* Fixed a bug introduced in sudo 1.8.23 on AIX that could prevent
local users and groups from being resolved properly on systems
that have users stored in NIS, LDAP or AD.
* Added a workaround for an AIX bug exposed by a change in sudo
1.8.23 that prevents the terminal mode from being restored when
I/O logging is enabled.
* On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD
and PAM_AUTHTOK_EXPIRED errors from PAM account management if
authentication is disabled for the user. This fixes a regression
introduced in sudo 1.8.23. Bug #843
Major changes between sudo 1.8.24b1 and 1.8.23:
* The LDAP and SSS back-ends now use the same rule evaluation code
as the sudoers file backend. This builds on the work in sudo
1.8.23 where the formatting functions for "sudo -l" output were
shared. The handling of negated commands in SSS and LDAP is
unchanged.
* Fixed a regression introduced in 1.8.23 where "sudo -i" could
not be used in conjunction with --preserve-env=VARIABLE. Bug #835
* cvtsudoers can now parse base64-encoded attributes in LDIF files.
* Random insults are now more random.
* Fixed the noexec wordexp(3) test on FreeBSD.
* Added SUDO_CONV_PREFER_TTY flag for conversation function to
tell sudo to try writing to /dev/tty first. Can be used in
conjunction with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
* Sudo now supports an arbitrary number of groups per user on
Solaris. Previously, only the first 64 groups were found.
This should remove the need to set "max_groups" in sudo.conf.
* Fixed typos in the OpenLDAP sudo schema. Bugs #839 and #840.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20180806/c365eea4/attachment.bin>
More information about the sudo-workers
mailing list