This patch will upgrade Sudo version 1.8.5 patchlevel 2 to Sudo
version 1.8.5 patchlevel 3.  To apply:

    $ cd sudo-1.8.5p2
    $ patch -p1 < sudo-1.8.5p2.patch

diff -urNa sudo-1.8.5p2/ChangeLog sudo-1.8.5p3/ChangeLog
--- sudo-1.8.5p2/ChangeLog	Tue May 29 14:32:20 2012
+++ sudo-1.8.5p3/ChangeLog	Mon Aug 13 15:05:33 2012
@@ -1,3 +1,19 @@
+2012-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* NEWS:
+	Update for sudo 1.8.5p3
+	[6e102a5d4e8d]
+
+	* src/load_plugins.c:
+	Add missing check for I/O plugin API version when checking for the
+	presence of I/O plugin hooks.
+	[ef05c7eeaf81]
+
+	* src/hooks.c:
+	Can't call debug code in the process_hooks_xxx functions() since
+	ctime() may look up the timezone via the TZ environment variable.
+	[2179fb26bd8e]
+
 2012-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 
 	* NEWS:
diff -urNa sudo-1.8.5p2/NEWS sudo-1.8.5p3/NEWS
--- sudo-1.8.5p2/NEWS	Tue May 29 14:29:04 2012
+++ sudo-1.8.5p3/NEWS	Mon Aug 13 14:50:48 2012
@@ -1,3 +1,8 @@
+What's new in Sudo 1.8.5p3?
+
+ * Fixed the loading of I/O plugins that conform to a plugin API
+   version older than 1.2.
+
 What's new in Sudo 1.8.5p2?
 
  * Fixed use of the SUDO_ASKPASS environment variable which was
diff -urNa sudo-1.8.5p2/configure sudo-1.8.5p3/configure
--- sudo-1.8.5p2/configure	Tue May 29 14:32:55 2012
+++ sudo-1.8.5p3/configure	Mon Aug 13 14:48:10 2012
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for sudo 1.8.5p2.
+# Generated by GNU Autoconf 2.68 for sudo 1.8.5p3.
 #
 # Report bugs to <http://www.sudo.ws/bugs/>.
 #
@@ -570,8 +570,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.5p2'
-PACKAGE_STRING='sudo 1.8.5p2'
+PACKAGE_VERSION='1.8.5p3'
+PACKAGE_STRING='sudo 1.8.5p3'
 PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
 PACKAGE_URL=''
 
@@ -1447,7 +1447,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.8.5p2 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.5p3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1512,7 +1512,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.8.5p2:";;
+     short | recursive ) echo "Configuration of sudo 1.8.5p3:";;
    esac
   cat <<\_ACEOF
 
@@ -1730,7 +1730,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.8.5p2
+sudo configure 1.8.5p3
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2434,7 +2434,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.5p2, which was
+It was created by sudo $as_me 1.8.5p3, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -20682,7 +20682,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.8.5p2, which was
+This file was extended by sudo $as_me 1.8.5p3, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -20748,7 +20748,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.8.5p2
+sudo config.status 1.8.5p3
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.8.5p2/configure.in sudo-1.8.5p3/configure.in
--- sudo-1.8.5p2/configure.in	Tue May 29 14:32:41 2012
+++ sudo-1.8.5p3/configure.in	Mon Aug 13 14:47:58 2012
@@ -3,7 +3,7 @@
 dnl
 dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
-AC_INIT([sudo], [1.8.5p2], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.5p3], [http://www.sudo.ws/bugs/], [sudo])
 AC_CONFIG_HEADER([config.h pathnames.h])
 dnl
 dnl Note: this must come after AC_INIT
diff -urNa sudo-1.8.5p2/src/hooks.c sudo-1.8.5p3/src/hooks.c
--- sudo-1.8.5p2/src/hooks.c	Tue May 15 12:22:03 2012
+++ sudo-1.8.5p3/src/hooks.c	Mon Aug 13 14:48:19 2012
@@ -60,12 +60,12 @@
 static struct sudo_hook_list *sudo_hook_getenv_list;
 static struct sudo_hook_list *sudo_hook_putenv_list;
 
+/* NOTE: must not anything that might call setenv() */
 int
 process_hooks_setenv(const char *name, const char *value, int overwrite)
 {
     struct sudo_hook_list *hook;
     int rc = SUDO_HOOK_RET_NEXT;
-    debug_decl(process_hooks_setenv, SUDO_DEBUG_HOOKS)
 
     /* First process the hooks. */
     for (hook = sudo_hook_setenv_list; hook != NULL; hook = hook->next) {
@@ -77,20 +77,20 @@
 	    case SUDO_HOOK_RET_STOP:
 		goto done;
 	    default:
-		warningx("invalid setenv hook return value: %d", rc);
+		warningx2("invalid setenv hook return value: %d", rc);
 		break;
 	}
     }
 done:
-    debug_return_int(rc);
+    return rc;
 }
 
+/* NOTE: must not anything that might call putenv() */
 int
 process_hooks_putenv(char *string)
 {
     struct sudo_hook_list *hook;
     int rc = SUDO_HOOK_RET_NEXT;
-    debug_decl(process_hooks_putenv, SUDO_DEBUG_HOOKS)
 
     /* First process the hooks. */
     for (hook = sudo_hook_putenv_list; hook != NULL; hook = hook->next) {
@@ -102,21 +102,21 @@
 	    case SUDO_HOOK_RET_STOP:
 		goto done;
 	    default:
-		warningx("invalid putenv hook return value: %d", rc);
+		warningx2("invalid putenv hook return value: %d", rc);
 		break;
 	}
     }
 done:
-    debug_return_int(rc);
+    return rc;
 }
 
+/* NOTE: must not anything that might call getenv() */
 int
 process_hooks_getenv(const char *name, char **value)
 {
     struct sudo_hook_list *hook;
     char *val = NULL;
     int rc = SUDO_HOOK_RET_NEXT;
-    debug_decl(process_hooks_getenv, SUDO_DEBUG_HOOKS)
 
     /* First process the hooks. */
     for (hook = sudo_hook_getenv_list; hook != NULL; hook = hook->next) {
@@ -128,22 +128,22 @@
 	    case SUDO_HOOK_RET_STOP:
 		goto done;
 	    default:
-		warningx("invalid getenv hook return value: %d", rc);
+		warningx2("invalid getenv hook return value: %d", rc);
 		break;
 	}
     }
 done:
     if (val != NULL)
 	*value = val;
-    debug_return_int(rc);
+    return rc;
 }
 
+/* NOTE: must not anything that might call unsetenv() */
 int
 process_hooks_unsetenv(const char *name)
 {
     struct sudo_hook_list *hook;
     int rc = SUDO_HOOK_RET_NEXT;
-    debug_decl(process_hooks_unsetenv, SUDO_DEBUG_HOOKS)
 
     /* First process the hooks. */
     for (hook = sudo_hook_unsetenv_list; hook != NULL; hook = hook->next) {
@@ -155,12 +155,12 @@
 	    case SUDO_HOOK_RET_STOP:
 		goto done;
 	    default:
-		warningx("invalid unsetenv hook return value: %d", rc);
+		warningx2("invalid unsetenv hook return value: %d", rc);
 		break;
 	}
     }
 done:
-    debug_return_int(rc);
+    return rc;
 }
 
 /* Hook registration internals. */
diff -urNa sudo-1.8.5p2/src/load_plugins.c sudo-1.8.5p3/src/load_plugins.c
--- sudo-1.8.5p2/src/load_plugins.c	Tue May 15 12:22:03 2012
+++ sudo-1.8.5p3/src/load_plugins.c	Mon Aug 13 14:49:01 2012
@@ -159,7 +159,9 @@
     if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 2)) {
 	if (policy_plugin->u.policy->register_hooks != NULL)
 	    policy_plugin->u.policy->register_hooks(SUDO_HOOK_VERSION, register_hook);
-	tq_foreach_fwd(io_plugins, container) {
+    }
+    tq_foreach_fwd(io_plugins, container) {
+	if (container->u.io->version >= SUDO_API_MKVERSION(1, 2)) {
 	    if (container->u.io->register_hooks != NULL)
 		container->u.io->register_hooks(SUDO_HOOK_VERSION, register_hook);
 	}