[sudo-workers] sudo 1.8.24rc1 released

Todd C. Miller Todd.Miller at sudo.ws
Mon Aug 13 09:13:31 MDT 2018

The first release candidate for sudo 1.8.24 is now available.  I
expect 1.8.24 final to be released at the end of the week.

Sudo 1.8.24 builds on the changes in 1.8.23 to merge the LDAP/SSSD
and file-based lookup code.  This has allowed the removal almost
1,500 lines of code from the LDAP and SSSD backends.

If you rely on the LDAP or SSSD backends, please do give the 1.8.24
beta a try if you are able to.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.24rc1 and 1.8.24b4:

 * Fixed an ambiguity in the sudoers manual in the description and
   definition of User, Runas, Host, and Cmnd Aliases.  Bug #834

 * Fixed a bug that resulted in only the first window size change
   event being logged.

Major changes between sudo 1.8.24b4 and 1.8.24b3:

 * Fixed a compilation warning on FreeBSD.

 * Refactored the code that converts a Defaults list to command
   tags.  The LDAP and SSSD backends now always store sudoOptions
   in a per-privilege Defaults list which are converted to tags
   for "sudo -l" at output time.

 * Updated translations from translationproject.org.

Major changes between sudo 1.8.24b3 and 1.8.24b2:

 * Fixed a regression that prevented sudoOption attributes
   in a sudoRole with a sudoCommand from taking effect.

 * Updated translations from translationproject.org.

Major changes between sudo 1.8.24b2 and 1.8.24b1:

 * Fixed a race condition when building with parallel make.
   Bug #842

 * Fixed a duplicate free when netgroup_base in ldap.conf is set
   to an invalid value.

 * Fixed a group lookup bug on Linux introduced in sudo 1.8.24b1.

 * Fixed a bug introduced in sudo 1.8.23 on AIX that could prevent
   local users and groups from being resolved properly on systems
   that have users stored in NIS, LDAP or AD.

 * Added a workaround for an AIX bug exposed by a change in sudo
   1.8.23 that prevents the terminal mode from being restored when
   I/O logging is enabled.

 * On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD
   and PAM_AUTHTOK_EXPIRED errors from PAM account management if
   authentication is disabled for the user.  This fixes a regression
   introduced in sudo 1.8.23.  Bug #843

Major changes between sudo 1.8.24b1 and 1.8.23:

 * The LDAP and SSS back-ends now use the same rule evaluation code
   as the sudoers file backend.  This builds on the work in sudo
   1.8.23 where the formatting functions for "sudo -l" output were
   shared.  The handling of negated commands in SSS and LDAP is

 * Fixed a regression introduced in 1.8.23 where "sudo -i" could
   not be used in conjunction with --preserve-env=VARIABLE.  Bug #835

 * cvtsudoers can now parse base64-encoded attributes in LDIF files.

 * Random insults are now more random.

 * Fixed the noexec wordexp(3) test on FreeBSD.

 * Added SUDO_CONV_PREFER_TTY flag for conversation function to
   tell sudo to try writing to /dev/tty first. Can be used in
   conjunction with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.

 * Sudo now supports an arbitrary number of groups per user on
   Solaris.  Previously, only the first 64 groups were found.
   This should remove the need to set "max_groups" in sudo.conf.

 * Fixed typos in the OpenLDAP sudo schema.  Bugs #839 and #840.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20180813/fa196fda/attachment.bin>

More information about the sudo-workers mailing list