[sudo-workers] sudo 1.9.7rc2 released
Todd C. Miller
Todd.Miller at sudo.ws
Mon May 10 15:11:53 MDT 2021
The second (and hopefully final) release candidate for sudo 1.9.7
is now available. In addition to bug fixes, sudo 1.9.7 adds a relay
mode to sudo_logsrvd. This can be used to create a hierarchy of
log servers and supports both real-time relaying as well as a
store-and-forward mode.
Source:
https://www.sudo.ws/dist/beta/sudo-1.9.7rc2.tar.gz
ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.9.7rc2.tar.gz
SHA256 checksum:
a2f5e744073beaef8c32f96b4538287c50ad310801be3a7a931256136d260ca5
MD5 checksum:
af9f58f155248d91918bf2dcafb6915e
Binary packages:
https://www.sudo.ws/dist/beta/packages/index.html#binary
For a list of download mirror sites, see:
https://www.sudo.ws/download_mirrors.html
Sudo web site:
https://www.sudo.ws/
Sudo web site mirrors:
https://www.sudo.ws/mirrors.html
Major changes between sudo 1.9.7rc2 and 1.9.7rc1:
* Fixed a regression introduced in sudo 1.9.7b1 where suspending
a command while logging to sudo_logsrvd would result in an error.
* Fixed a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument like SIGTSTP.
Major changes between sudo 1.9.7rc1 and 1.9.7b2:
* The configure script now outputs a summary of the user-configurable
options at the end, separate from output of configure script tests.
Bug #820.
* Corrected the description of which groups may be specified via the
-g option in the Runas_Spec section. Bug #975.
* Updated translations from translationproject.org.
Major changes between sudo 1.9.7b2 and 1.9.7b1:
* Fixed a bug that prevented the "log_server_verify" sudoers option
from taking effect.
* The sudo_sendlog utility has a new -s option to cause it to stop
sending I/O records after a user-specified elapsed time. This
can be used to test the I/O log restart functionality of sudo_logsrvd.
* Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
attempting to restart an interrupted I/O log transfer.
* The TLS connection timeout in the sudoers log client was previously
hard-coded to 10 seconds. It now uses the value of log_server_timeout.
* Updated translations from translationproject.org.
Major changes between sudo 1.9.7b1 and 1.9.6p1:
* The "fuzz" Makefile target now runs all the fuzzers for 8192
passes (can be overridden via the FUZZ_RUNS variable). This makes
it easier to run the fuzzers in-tree. To run a fuzzer indefinitely,
set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
* Fixed fuzzing on FreeBSD where the ld.lld linker returns an
error by default when a symbol is multiply-defined.
* Added support for determining local IPv6 addresses on systems
that lack the getifaddrs() function. This now works on AIX,
HP-UX and Solaris (at least). Bug #969.
* Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
report a usage error. Also, when invoked as sudoedit, sudo now
allows a more restricted set of options that matches the usage
statement and documentation. GitHub issue #95.
* Fixed a crash in sudo_sendlog when the specified certificate
or key does not exist or is invalid. Bug #970
* Fixed a compilation error when sudo is configured with the
--disable-log-client option.
* Sudo's limited support for SUCCESS=return entries in nsswitch.conf
is now documented. Bug #971.
* Sudo now requires autoconf 2.70 or higher to regenerate the
configure script. Bug #972.
* sudo_logsrvd now has a relay mode which can be used to create
a hierarchy of log servers. By default, when a relay server is
defined, messages from the client are forwarded immediately to
the relay. However, if the "store_first" setting is enabled,
the log will be stored locally until the command completes and
then relayed. Bug #965.
* Sudo now links with OpenSSL by default if it is available unless
the --disable-openssl configure option is used or both the
--disable-log-client and --disable-log-server configure options
are specified.
* Fixed configure's Python version detection when the version minor
number is more than a single digit, for example Python 3.10.
* The sudo Python module tests now pass for Python 3.10.
* Sudo will now avoid changing the datasize resource limit
as long as the existing value is at least 1GB. This works around
a problem on 64-bit HP-UX where it is not possible to exactly
restore the original datasize limit. Bug #973.
* Fixed a race condition that could result in a hang when sudo is
executed by a process where the SIGCHLD handler is set to SIG_IGN.
This fixes the bug described by GitHub PR #98.
* Fixed an out-of-bounds read in sudoedit and visudo when the
EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
unescaped backslash. Also fixed the handling of quote characters
that are escaped by a backslash. GitHub issue #99.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20210510/e2905176/attachment.bin>
More information about the sudo-workers
mailing list