Opened 9 years ago

Closed 9 years ago

#7078 closed enhancement (fixed)

sudo-1.8.15

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Fernando de Oliveira)

Interesting: 

• Individual records are now locked in the time stamp file instead of
   the entire file. This allows sudo to avoid prompting for a password
   multiple times on the same terminal when used in a pipeline. In other
   words, sudo cat foo | sudo grep bar now only prompts for the password
   once. Previously, both sudo processes would prompt for a password,
   often making it impossible to enter. Bug #705.

http://www.sudo.ws/dist/sudo-1.8.15.tar.gz

http://www.sudo.ws/dist/sudo-1.8.15.tar.gz.sig

http://www.sudo.ws/download.html#source

sha256: 4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308

There is an MD5 file (a SHA256 as well), but they have been updated with the wrong file 1.8.5 instead off 1.5.15:

http://www.sudo.ws/dist/MD5

Including here, hoping to be useful for next release.

http://www.sudo.ws/stable.html#1.8.15 

Major changes between version 1.8.15 and 1.8.14p3:

 • Fixed a bug that prevented sudo from building outside the source tree
   on some platforms. Bug #708.

 • Fixed the location of the sssd library in the RHEL/Centos packages.
   Bug #710.

 • Fixed a build problem on systems that don't implicitly include
   sys/types.h from other header files. Bug #711.

 • Fixed a problem on Linux using containers where sudo would ignore
   signals sent by a process in a different container.

 • Sudo now refuses to run a command if the PAM session module returns
   an error.

 • When editing files with sudoedit, symbolic links will no longer be
   followed by default. The old behavior can be restored by enabling the
   sudoedit_follow option in sudoers or on a per-command basis with the
   FOLLOW and NOFOLLOW tags. Bug #707.

 • Fixed a bug introduced in version 1.8.14 that caused the last valid
   editor in the sudoers "editor" list to be used by visudo and sudoedit
   instead of the first. Bug #714.

 • Fixed a bug in visudo that prevented the addition of a final newline
   to edited files without one.

 • Fixed a bug decoding certain base64 digests in sudoers when the
   intermediate format included a '=' character.

 • Individual records are now locked in the time stamp file instead of
   the entire file. This allows sudo to avoid prompting for a password
   multiple times on the same terminal when used in a pipeline. In other
   words, sudo cat foo | sudo grep bar now only prompts for the password
   once. Previously, both sudo processes would prompt for a password,
   often making it impossible to enter. Bug #705.

 • Fixed a bug where sudo would fail to run commands as a non-root user
   on systems that lack both setresuid() and setreuid(). Bug #713.

 • Fixed a bug introduced in sudo 1.8.14 that prevented visudo from
   re-editing the correct file when a syntax error was detected.

 • Fixed a bug where sudo would not relay a SIGHUP signal to the command
   when the terminal is closed and the command is not run in its own
   pseudo-tty. Bug #719.

 • If some, but not all, of the LOGNAME, USER or USERNAME environment
   variables have been preserved from the invoking user's environment,
   sudo will now use the preserved value to set the remaining variables
   instead of using the runas user. This ensures that if, for example,
   only LOGNAME is present in the env_keep list, that sudo will not set
   USER and USERNAME to the runas user.

 • When the command sudo is running dies due to a signal, sudo will now
   send itself that same signal with the default signal handler
   installed instead of exiting. The bash shell appears to ignore some
   signals, e.g. SIGINT, unless the command being run is killed by that
   signal. This makes the behavior of commands run under sudo the same
   as without sudo when bash is the shell. Bug #722.

 • Slovak translation for sudo from translationproject.org.

 • Hungarian and Slovak translations for sudoers from
   translationproject.org.

 • Previously, when env_reset was enabled (the default) and the -s
   option was not used, the SHELL environment variable was set to the
   shell of the invoking user. Now, when env_reset is enabled and the -s
   option is not used, SHELL is set based on the target user.

 • Fixed challenge/response style BSD authentication.

 • Added the sudoedit_checkdir Defaults option to prevent sudoedit from
   editing files located in a directory that is writable by the invoking
   user.

 • Added the always_query_group_plugin Defaults option to control
   whether groups not found in the system group database are passed to
   the group plugin. Previously, unknown system groups were always
   passed to the group plugin.

 • When creating a new file, sudoedit will now check that the file's
   parent directory exists before running the editor.

 • Fixed the compiler stack protector test in configure for compilers
   that support -fstack-protector but don't actually have the ssp
   library available.

Change History (4)

comment:1 by Fernando de Oliveira, 9 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 9 years ago

Description: modified (diff)

Changed sha256, it seems a typo also here.

comment:3 by Fernando de Oliveira, 9 years ago

Think a patch will be coming soon, as was the case in 1.8.14 or one of tits patches.

comment:4 by Fernando de Oliveira, 9 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16594.

Note: See TracTickets for help on using tickets.