[sudo-workers] sudo 1.8.22rc1 released
Todd C. Miller
Todd.Miller at sudo.ws
Fri Jan 12 12:50:45 MST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The first release candidate of sudo 1.8.22 is now available. Unless
a major bug is found, sudo 1.8.22 will be released early next week.
Sudo 1.8.22 is primarily a bug fix release. It fixes several
long-standing issues with job control when I/O logging is enabled
as well as fixing a potential time stamp file re-use problem.
The sudo distribution files are now signed with a new pgp key.
The PGPKEYS file has been updated accordingly.
Source:
https://www.sudo.ws/sudo/dist/beta/sudo-1.8.22rc1.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.22rc1.tar.gz
SHA256 checksum:
78b035d91bbb94c96afe8cc3f06e98b48cebc523a1d07e202707f770acfb4d8f
MD5 checksum:
19092750176973021e1dd2a6ffeacbaf
Binary packages:
https://www.sudo.ws/sudo/dist/beta/packages/index.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/sudo/download_mirrors.html
Sudo web site:
https://www.sudo.ws/sudo/
Sudo web site mirrors:
https://www.sudo.ws/sudo/mirrors.html
Major changes between sudo 1.8.22rc1 and 1.8.22b3:
* Updated translations from translationproject.org.
* Sudo now includes a utility to dump time stamp files.
It is not currently built by default.
Major changes between sudo 1.8.22b3 and 1.8.22b2:
* The sudoers time stamp file format is now documented in the new
sudoers_timestamp manual.
* The "timestamp_type" option now takes a "kernel" value on OpenBSD
systems. This causes the tty-based time stamp to be stored in
the kernel instead of on the file system. If no tty is present,
the time stamp is considered to be invalid.
* Visudo will now use the SUDO_EDITOR environment variable (if
present) in addition to VISUAL and EDITOR.
* Updated translations from translationproject.org.
Major changes between sudo 1.8.22b2 and 1.8.22b1:
* A new "authfail_message" sudoers option that overrides the
default "N incorrect password attempt(s)".
* An empty sudoRunAsUser attribute in the LDAP and SSSD backends
will now match the invoking user. This is more consistent with
how an empty runas user in the sudoers file is treated.
* Documented that in check mode, visudo does not check the owner/mode
on files specified with the -f flag. Bug #809.
* It is now an error to specify the runas user as an empty string
on the command line. Previously, an empty runas user was treated
the same as an unspecified runas user. Bug #817.
* When "timestamp_type" option is set to "tty" and a terminal is
present, the time stamp record will now include the start time
of the session leader. When the "timestamp_type" option is set
to "ppid" or when no terminal is available, the start time of
the parent process is used instead. This significantly reduces
the likelihood of a time stamp record being re-used when a user
logs out and back in again. Bug #818.
Major changes between sudo 1.8.22b1 and 1.8.21p2:
* Commands run in the background from a script run via sudo will
no longer receive SIGHUP when the parent exits and I/O logging
is enabled. Bug #502
* A particularly offensive insult is now disabled by default.
Bug #804
* The description of "sudo -i" now correctly documents that
the "env_keep" and "env_check" sudoers options are applied to
the environment. Bug #806
* Fixed a crash when the system's host name is not set.
Bug #807
* The sudoers2ldif script now handles #include and #includedir
directives.
* Fixed a bug where sudo would silently exit when the command was
not allowed by sudoers and the "passwd_tries" sudoers option
was set to a value less than one.
* Fixed a bug with the "listpw" and "verifypw" sudoers options and
multiple sudoers sources. If the option is set to "all", a
password should be required unless none of a user's sudoers
entries from any source require authentication.
* Fixed a bug with the "listpw" and "verifypw" sudoers options in
the LDAP and SSSD back-ends. If the option is set to "any", and
the entry contained multiple rules, only the first matching rule
was checked. If an entry contained more than one matching rule
and the first rule required authentication but a subsequent rule
did not, sudo would prompt for a password when it should not have.
* When running a command as the invoking user (not root), sudo
would execute the command with the same group vector it was
started with. Sudo now executes the command with a new group
vector based on the group database which is consistent with
how su(1) operates.
* Fixed a double free in the SSSD back-end that could occur when
ipa_hostname is present in sssd.conf and is set to an unqualified
host name.
* When I/O logging is enabled, sudo will now write to the terminal
even when it is a background process. Previously, sudo would
only write to the tty when it was the foreground process when
I/O logging was enabled. If the TOSTOP terminal flag is set,
sudo will suspend the command (and then itself) with the SIGTTOU
signal.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJaWRGHAAoJEKn0wCHOpHD7WecP/RxljhSZVjgufHoy6rIENIns
PyJ4/UU7fTa/bjDFn8bGX2cLBAfjpzKBVNCq6ASmlqubt0x2XjNHQMEh8XZsAXQE
vSV4UdUIYm3AeAF/n9DB/XjwbJr4UKxSHXXT21MD7M/lNv6RTdwZZ/daEJjfZFyL
E8Wyxhs0nHNvQF1GlxPF5SkJXfiyzYfKaZ88eYaPtxuBivKi3/NAV69ymTcAiBG7
xiIN0vhkQ6s+i66hbWUIDixGNgqMtWZLeNLDkSGXLErcBfaCCSumV7hsIjspR0gg
lQ7U1ApoKY6yPAoKwhTOwp+z91rhOwc+I0ZMecNsCLkXah2STHzC9DWUh+1Nrg0w
R86x4MJYlLw0xGFjfsMS2nWecGlCmJg7bjFn+Mdxjj0a2CKb9gMHAy4TasjH6T5p
+ipKeQhgoNMEu+I+xMQ3PyfM4n9C8m0hcZb8UB2MTlJ5X1uOQmxNofwH0j2Ww5Gc
XSiec4Y9PpGa/+v4wnYcPF/BIp5RVGp2sc9I1bHDrgzAiZyivumV2YGxqVvqBOBp
F+BzfaBys9jr9owC5InfjE3yOFWRKR3eXi1p26OcpbFVSADJY5hVcRglLLPRzmHu
8RRiB5rSV9Hy5OJemllooOLmjY3xVvGvayshRVWK+GenyHjmPKxqhWiGp5cuNE45
WQbXObdvF8TBt0iWHgqm
=146T
-----END PGP SIGNATURE-----
More information about the sudo-workers
mailing list