[sudo-workers] sudo 1.9.1b1 released

Todd C. Miller Todd.Miller at sudo.ws
Sat Jun 6 13:50:18 MDT 2020

The first beta release of sudo 1.9.1 is now available.  Sudo 1.9.1
is primarily a bug fix release.


SHA256 checksum:

MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.9.1b1 and 1.9.0:

 * Fixed an AIX-specific problem when I/O logging was enabled.
   The terminal device was not being properly set to raw mode.
   Bug #927.

 * Corrected handling of sudo_logsrvd connections without associated
   I/O log data.  This fixes support for RejectMessage as well as
   AcceptMessage when the expect_iobufs flag is not set.

 * Added an "iolog_path" entry to the JSON-format event log produced
   by sudo_logsrvd.  Previously, it was only possible to determine
   the I/O log file an event belonged to using sudo-format logs.

 * Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.

 * I/O log files produced by the sudoers plugin now clear the write
   bits on the I/O log timing file when the log is complete.  This
   is consistent with how sudo_logsrvd indicates that a log is

 * The sudoreplay utility has a new "-F" (follow) command line
   option to allow replaying a session that is still in progress,
   similar to "tail -f".

 * The @include and @includedir directives can be used in sudoers
   instead of #include and #includedir.  In addition, include paths
   may now have embedded white space by either using a double-quoted
   string or escaping the space characters with a backslash.

 * Fixed some Solaris 11.4 compilation errors.

 * When running a command in a pty, sudo will no longer try to
   suspend itself if the user's tty has been revoked (for instance
   when the parent ssh daemon is killed).  This fixes a bug where
   sudo would continuously suspend the command (which would succeed),
   then suspend itself (which would fail due to the missing tty)
   and then resume the command.

 * If sudo's event loop fails due to the tty being revoked, remove
   the user's tty events and restart the event loop (once).  This
   fixes a problem when running "sudo reboot" in a pty on some
   systems.  When the event loop exited unexpectedly, sudo would
   kill the command running in the pty, which in the case of "reboot",
   could lead to the system being in a half-rebooted state.

 * The audit plugin API has been changed slightly.  The sudo front-end
   now audits an accept event itself after all approval plugins are
   run and the I/O logging plugins (if any) are opened.  This makes
   it possible for an audit plugin to only log a single overall
   accept event if desired.

 * The sudoers plugin can now be loaded as an audit plugin.  Logging
   of successful commands is now performed in the audit plugin's
   accept function.  As a result, commands are now only logged if
   allowed by sudoers and all approval plugins.  Commands rejected
   by an approval plugin are now also logged by the sudoers plugin.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20200606/55c795d6/attachment.bin>

More information about the sudo-workers mailing list