[sudo-workers] sudo 1.9.1rc1 released
Todd C. Miller
Todd.Miller at sudo.ws
Fri Jun 12 13:10:24 MDT 2020
The first release candidate of sudo 1.9.1 is now available. Sudo
1.9.1 is primarily a bug fix release.
Source:
https://www.sudo.ws/dist/beta/sudo-1.9.1rc1.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.9.1rc1.tar.gz
SHA256 checksum:
57aadbf1e6ad69c7c08dbfefd32c367c8969d741377d67b1e56677da536536f0
MD5 checksum:
6be7ac97f8006170df283c986efcaa80
Binary packages:
https://www.sudo.ws/dist/beta/packages/index.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.9.1rc1 and 1.9.b1:
* Romanian translation for sudo and sudoers from translationproject.org.
* Updated translations from translationproject.org.
Major changes between sudo 1.9.1b1 and 1.9.0:
* Fixed an AIX-specific problem when I/O logging was enabled.
The terminal device was not being properly set to raw mode.
Bug #927.
* Corrected handling of sudo_logsrvd connections without associated
I/O log data. This fixes support for RejectMessage as well as
AcceptMessage when the expect_iobufs flag is not set.
* Added an "iolog_path" entry to the JSON-format event log produced
by sudo_logsrvd. Previously, it was only possible to determine
the I/O log file an event belonged to using sudo-format logs.
* Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.
* I/O log files produced by the sudoers plugin now clear the write
bits on the I/O log timing file when the log is complete. This
is consistent with how sudo_logsrvd indicates that a log is
complete.
* The sudoreplay utility has a new "-F" (follow) command line
option to allow replaying a session that is still in progress,
similar to "tail -f".
* The @include and @includedir directives can be used in sudoers
instead of #include and #includedir. In addition, include paths
may now have embedded white space by either using a double-quoted
string or escaping the space characters with a backslash.
* Fixed some Solaris 11.4 compilation errors.
* When running a command in a pty, sudo will no longer try to
suspend itself if the user's tty has been revoked (for instance
when the parent ssh daemon is killed). This fixes a bug where
sudo would continuously suspend the command (which would succeed),
then suspend itself (which would fail due to the missing tty)
and then resume the command.
* If sudo's event loop fails due to the tty being revoked, remove
the user's tty events and restart the event loop (once). This
fixes a problem when running "sudo reboot" in a pty on some
systems. When the event loop exited unexpectedly, sudo would
kill the command running in the pty, which in the case of "reboot",
could lead to the system being in a half-rebooted state.
* Fixed a regression introduced in sudo 1.8.23 in the LDAP and
SSSD back-ends where a missing sudoHost attribute was treated
as an "ALL" wildcard value. A sudoRole with no sudoHost attribute
is now ignored as it was prior to version 1.8.23.
* The audit plugin API has been changed slightly. The sudo front-end
now audits an accept event itself after all approval plugins are
run and the I/O logging plugins (if any) are opened. This makes
it possible for an audit plugin to only log a single overall
accept event if desired.
* The sudoers plugin can now be loaded as an audit plugin. Logging
of successful commands is now performed in the audit plugin's
accept function. As a result, commands are now only logged if
allowed by sudoers and all approval plugins. Commands rejected
by an approval plugin are now also logged by the sudoers plugin.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20200612/33e2c42b/attachment.bin>
More information about the sudo-workers
mailing list