This patch will upgrade Sudo version 1.8.11 to Sudo version 1.8.11
patchlevel 2.  To apply:

    $ cd sudo-1.8.11p1
    $ patch -p1 < sudo-1.8.11p2.patch

diff -urNa sudo-1.8.11p1/ChangeLog sudo-1.8.11p2/ChangeLog
--- sudo-1.8.11p1/ChangeLog	Tue Oct  7 20:29:28 2014
+++ sudo-1.8.11p2/ChangeLog	Wed Oct 29 13:40:09 2014
@@ -1,3 +1,16 @@
+2014-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* NEWS, configure, configure.ac:
+	Sudo 1.8.11p2
+	[caff4aedc61a]
+
+	* src/env_hooks.c:
+	Mark the putenv(), setenv() and unsetenv() symbols as global, not
+	hidden. Fixes a mismatch where a plugin (or its loaded dso) would
+	call setenv() to set a variables but be unable to find it later with
+	getenv().
+	[96127ac4bbb3]
+
 2014-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 
 	* NEWS:
diff -urNa sudo-1.8.11p1/NEWS sudo-1.8.11p2/NEWS
--- sudo-1.8.11p1/NEWS	Tue Oct  7 20:29:03 2014
+++ sudo-1.8.11p2/NEWS	Wed Oct 29 15:56:21 2014
@@ -1,3 +1,10 @@
+What's new in Sudo 1.8.11p2
+
+ * Fixed a bug where dynamic shared objects loaded from a plugin
+   could use the hooked version of getenv() but not the hooked
+   versions of putenv(), setenv() or unsetenv().  This can cause
+   problems for PAM modules that use those functions.
+
 What's new in Sudo 1.8.11p1
 
  * Fixed a compilation problem on some systems when the
diff -urNa sudo-1.8.11p1/configure sudo-1.8.11p2/configure
--- sudo-1.8.11p1/configure	Tue Oct  7 14:26:20 2014
+++ sudo-1.8.11p2/configure	Wed Oct 29 15:56:21 2014
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.8.11p1.
+# Generated by GNU Autoconf 2.69 for sudo 1.8.11p2.
 #
 # Report bugs to <http://www.sudo.ws/bugs/>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.11p1'
-PACKAGE_STRING='sudo 1.8.11p1'
+PACKAGE_VERSION='1.8.11p2'
+PACKAGE_STRING='sudo 1.8.11p2'
 PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
 PACKAGE_URL=''
 
@@ -1507,7 +1507,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.8.11p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.11p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1572,7 +1572,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.8.11p1:";;
+     short | recursive ) echo "Configuration of sudo 1.8.11p2:";;
    esac
   cat <<\_ACEOF
 
@@ -1807,7 +1807,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.8.11p1
+sudo configure 1.8.11p2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2516,7 +2516,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.11p1, which was
+It was created by sudo $as_me 1.8.11p2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -23693,7 +23693,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.8.11p1, which was
+This file was extended by sudo $as_me 1.8.11p2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23759,7 +23759,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.8.11p1
+sudo config.status 1.8.11p2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.8.11p1/configure.ac sudo-1.8.11p2/configure.ac
--- sudo-1.8.11p1/configure.ac	Tue Oct  7 14:26:20 2014
+++ sudo-1.8.11p2/configure.ac	Wed Oct 29 15:56:21 2014
@@ -4,7 +4,7 @@
 dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.8.11p1], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.11p2], [http://www.sudo.ws/bugs/], [sudo])
 AC_CONFIG_HEADER([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl
diff -urNa sudo-1.8.11p1/src/env_hooks.c sudo-1.8.11p2/src/env_hooks.c
--- sudo-1.8.11p1/src/env_hooks.c	Tue Sep 23 10:40:15 2014
+++ sudo-1.8.11p2/src/env_hooks.c	Wed Oct 29 13:33:06 2014
@@ -76,9 +76,7 @@
     return rpl_getenv(name);
 }
 
-__dso_public char *getenv(const char *);
-
-char *
+__dso_public char *
 getenv(const char *name)
 {
     char *val = NULL;
@@ -148,7 +146,7 @@
     return rpl_putenv(string);
 }
 
-int
+__dso_public int
 putenv(PUTENV_CONST char *string)
 {
     switch (process_hooks_putenv((char *)string)) {
@@ -216,7 +214,7 @@
     return rpl_setenv(var, val, overwrite);
 }
 
-int
+__dso_public int
 setenv(const char *var, const char *val, int overwrite)
 {
     switch (process_hooks_setenv(var, val, overwrite)) {
@@ -281,9 +279,9 @@
 }
 
 #ifdef UNSETENV_VOID
-void
+__dso_public void
 #else
-int
+__dso_public int
 #endif
 unsetenv(const char *var)
 {