Diffusion sudo 640851ab3d3e

Update sudo to 1.8.26

Authored by kyrios123 on Nov 15 2018, 9:33 AM.


Update sudo to 1.8.26


  • Fixed a bug in cvtsudoers when converting to JSON format when alias expansion is enabled.
  • Sudo no long sets the USERNAME environment variable when running commands. This is a non-standard environment variable that was set on some older Linux systems.
  • Sudo now treats the LOGNAME and USER environment variables as a single unit. If one is preserved or removed from the environment using env_keep, env_check or env_delete, so is the other.
  • Added support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
  • Sudo now logs when the command was suspended and resumed in the I/O logs. This information is used by sudoreplay to skip the time suspended when replaying the session unless the new -S flag is used.
  • Fixed documentation problems found by the igor utility.
  • Sudo now prints a warning message when there is an error or end of file while reading the password instead of exiting silently.
  • Fixed a bug in the sudoers LDAP back-end parsing the command_timeout, role, type, privs and limitprivs sudoOptions. This also affected cvtsudoers conversion from LDIF to sudoers or JSON.
  • Fixed a bug that prevented timeout settings in sudoers from functioning unless a timeout was also specified on the command line.
  • When generating LDIF output, cvtsudoers can now be configured to pad the sudoOrder increment such that the start order is used as a prefix.
  • If the user specifies a group via sudo's -g option that matches any of the target user's groups, it is now allowed even if no groups are present in the Runas_Spec. Previously, it was only allowed if it matched the target user's primary group.
  • The sudoers LDAP back-end now supports negated sudoRunAsUser and sudoRunAsGroup entries.
  • Sudo now provides a proper error message when the "fqdn" sudoers option is set and it is unable to resolve the local host name.
  • Asturian & Portuguese translation for sudo and sudoers from
  • Sudo now includes sudoers LDAP schema for the on-line configuration supported by OpenLDAP.

Signed-off-by: Pierre-Yves <>

Test Plan: sudo su still working fine

Reviewers: Triage Team, DataDrake

Reviewed By: Triage Team, DataDrake

Subscribers: DataDrake

Differential Revision:


kyrios123Nov 17 2018, 8:06 PM
kyrios123Nov 17 2018, 8:06 PM
Triage Team
Differential Revision
D4358: Update sudo to 1.8.26
R2974:4aaadb3acf46: Moved PAM config to stateless directory
tag: sudo-1.8.26-21