[sudo-workers] sudo 1.8.24rc1 released

Michael Felt michael at felt.demon.nl
Wed Aug 15 01:46:38 MDT 2018


** --without-ldap - but looking good!


        ./configure\
                --prefix=/opt \
                --sysconfdir=/var/sudo/etc\
                --sharedstatedir=/var/sudo/com\
                --localstatedir=/var/sudo\
                --mandir=/usr/share/man\
                --infodir=/opt/share/info/sudo --with-man\
                --disable-rpath --with-pam-login --disable-root-mailer\
                --disable-shadow --enable-log-host --disable-noargs-shell\
                --enable-shell-sets-home --disable-path-info
--enable-env-reset\
                --disable-nls --with-aixauth --with-pam --with-logging=both\
                --with-logpath=/var/sudo/log --with-ignore-dot
--with-mail-if-no-host\
                --with-mail-if-noperms --with-rundir=/var/sudo/run\
                --with-vardir=/var/sudo/var --with-umask=027
--with-editor=/usr/bin/vi\
                --with-env-editor --without-ldap

/usr/bin/make > .buildaix/make.out
ld: 0711-415 WARNING: Symbol sudo_arc4random_uniform is already exported.

NOT NEW: make check does not run on NFS project directory:
libtool: link: xlc_r -o .libs/vsyslog_test .libs/vsyslog_test.o
.libs/vsyslog.o -Wl,-brtl  -L./.libs -lsudo_util -lpthread
-Wl,-blibpath:/opt/libexec/sudo:/usr/vac/lib:/usr/lib:/lib
parse_gids_test: 6 tests run, 0 errors, 100% success rate
strsplit_test: 29 tests run, 0 errors, 100% success rate
fnmatch: 6 tests run, 0 errors, 100% success rate
exec(): 0509-036 Cannot load program
/data/prj/aixtools/sudo/sudo-1.8.24rc1/lib/.nfs285D/.libs/lt-atofoo_test
because of the following errors:
        0509-150   Dependent module libsudo_util.so could not be loaded.
        0509-022 Cannot load module libsudo_util.so.
        0509-026 System error: A file or directory in the path name does
not exist.
exec(): 0509-036 Cannot load program
/data/prj/aixtools/sudo/sudo-1.8.24rc1/lib/.nfs285D/.libs/lt-hltq_test
because of the following errors:
        0509-150   Dependent module libsudo_util.so could not be loaded.
        0509-022 Cannot load module libsudo_util.so.
        0509-026 System error: A file or directory in the path name does
not exist.
exec(): 0509-036 Cannot load program
/data/prj/aixtools/sudo/sudo-1.8.24rc1/lib/.nfs285D/.libs/lt-vsyslog_test
because of the following errors:
        0509-150   Dependent module libsudo_util.so could not be loaded.
        0509-022 Cannot load module libsudo_util.so.
        0509-026 System error: A file or directory in the path name does
not exist.
/bin/sh: .:  not found.

After move to local directory, fyi: project is "broken", lib/* is not
what it was:
root at x065:[/home/prj/sudo/sudo-1.8.24rc1]ls lib
.nfs285D  zlib

Repeat above from "local" directory, make check (summary):
root at x065:[/home/prj/sudo/sudo-1.8.24rc1]make check | grep failed
sudo_conf: 9/9 tests passed; 0/9 tests failed
sudo_parseln: 6/6 tests passed; 0/6 tests failed
sudoers: 122/122 tests passed; 0/122 tests failed
testsudoers: 7/7 tests passed; 0/7 tests failed
visudo: 13/13 tests passed; 0/13 tests failed
cvtsudoers: 27/27 tests passed; 0/27 tests failed

This is on AIX 5.3 TL7, xlc 11.1.0.20



On 8/13/2018 5:13 PM, Todd C. Miller wrote:
> The first release candidate for sudo 1.8.24 is now available.  I
> expect 1.8.24 final to be released at the end of the week.
>
> Sudo 1.8.24 builds on the changes in 1.8.23 to merge the LDAP/SSSD
> and file-based lookup code.  This has allowed the removal almost
> 1,500 lines of code from the LDAP and SSSD backends.
>
> If you rely on the LDAP or SSSD backends, please do give the 1.8.24
> beta a try if you are able to.
>
> Source:
>     https://www.sudo.ws/dist/beta/sudo-1.8.24rc1.tar.gz
>     ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.24rc1.tar.gz
>
> SHA256 checksum:
>     c3a767fbef13f3c83bf62ffb1708ddc8c61020b973d3625e80b61ea12db18666
> MD5 checksum:
>     25515345fb1841383fd1150c866a72a1
>
> Binary packages:
>     https://www.sudo.ws/dist/beta/packages/index.html#binary
>
> For a list of download mirror sites, see:
>     https://www.sudo.ws/download_mirrors.html
>
> Sudo web site:
>     https://www.sudo.ws/
>
> Sudo web site mirrors:
>     https://www.sudo.ws/mirrors.html
>
> Major changes between sudo 1.8.24rc1 and 1.8.24b4:
>
>  * Fixed an ambiguity in the sudoers manual in the description and
>    definition of User, Runas, Host, and Cmnd Aliases.  Bug #834
>
>  * Fixed a bug that resulted in only the first window size change
>    event being logged.
>
> Major changes between sudo 1.8.24b4 and 1.8.24b3:
>
>  * Fixed a compilation warning on FreeBSD.
>
>  * Refactored the code that converts a Defaults list to command
>    tags.  The LDAP and SSSD backends now always store sudoOptions
>    in a per-privilege Defaults list which are converted to tags
>    for "sudo -l" at output time.
>
>  * Updated translations from translationproject.org.
>
> Major changes between sudo 1.8.24b3 and 1.8.24b2:
>
>  * Fixed a regression that prevented sudoOption attributes
>    in a sudoRole with a sudoCommand from taking effect.
>
>  * Updated translations from translationproject.org.
>
> Major changes between sudo 1.8.24b2 and 1.8.24b1:
>
>  * Fixed a race condition when building with parallel make.
>    Bug #842
>
>  * Fixed a duplicate free when netgroup_base in ldap.conf is set
>    to an invalid value.
>
>  * Fixed a group lookup bug on Linux introduced in sudo 1.8.24b1.
>
>  * Fixed a bug introduced in sudo 1.8.23 on AIX that could prevent
>    local users and groups from being resolved properly on systems
>    that have users stored in NIS, LDAP or AD.
>
>  * Added a workaround for an AIX bug exposed by a change in sudo
>    1.8.23 that prevents the terminal mode from being restored when
>    I/O logging is enabled.
>
>  * On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD
>    and PAM_AUTHTOK_EXPIRED errors from PAM account management if
>    authentication is disabled for the user.  This fixes a regression
>    introduced in sudo 1.8.23.  Bug #843
>
> Major changes between sudo 1.8.24b1 and 1.8.23:
>
>  * The LDAP and SSS back-ends now use the same rule evaluation code
>    as the sudoers file backend.  This builds on the work in sudo
>    1.8.23 where the formatting functions for "sudo -l" output were
>    shared.  The handling of negated commands in SSS and LDAP is
>    unchanged.
>
>  * Fixed a regression introduced in 1.8.23 where "sudo -i" could
>    not be used in conjunction with --preserve-env=VARIABLE.  Bug #835
>
>  * cvtsudoers can now parse base64-encoded attributes in LDIF files.
>
>  * Random insults are now more random.
>
>  * Fixed the noexec wordexp(3) test on FreeBSD.
>
>  * Added SUDO_CONV_PREFER_TTY flag for conversation function to
>    tell sudo to try writing to /dev/tty first. Can be used in
>    conjunction with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
>
>  * Sudo now supports an arbitrary number of groups per user on
>    Solaris.  Previously, only the first 64 groups were found.
>    This should remove the need to set "max_groups" in sudo.conf.
>
>  * Fixed typos in the OpenLDAP sudo schema.  Bugs #839 and #840.
>
>
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> https://www.sudo.ws/mailman/listinfo/sudo-workers



More information about the sudo-workers mailing list