|
version 1.1.1.4, 2013/07/22 10:46:10
|
version 1.1.1.5, 2013/10/14 07:56:33
|
|
Line 1
|
Line 1
|
| |
2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* include/missing.h: |
| |
Include stddef.h for rsize_t and errno_t on systems that support it |
| |
natively. |
| |
[bc547d47e9c6] |
| |
|
| |
* MANIFEST: |
| |
Fix braino. |
| |
[67b79747312f] |
| |
|
| |
* plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, |
| |
plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, |
| |
plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, |
| |
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, |
| |
plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: |
| |
Rebuild message catalog files. |
| |
[0a9befb0674e] |
| |
|
| |
* src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, |
| |
src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, |
| |
src/po/vi.mo, src/po/zh_CN.mo: |
| |
Rebuild message catalog files. |
| |
[25191089ddf2] |
| |
|
| |
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: |
| |
Czech translation for sudo from translationproject.org. |
| |
[8bc0ed069ddb] |
| |
|
| |
2013-09-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, |
| |
plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, |
| |
plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, |
| |
plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, |
| |
plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, |
| |
src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, |
| |
src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, |
| |
src/po/zh_CN.po: |
| |
Sync with translationproject.org |
| |
[c16f9bb4579e] |
| |
|
| |
* NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
| |
Change "next" back to 2. In the context of "next Friday" we really |
| |
do want the friday of the upcoming (not current) week. |
| |
Unfortunately, this means that things like "next week" and "next |
| |
year" will match one more than we really want. Fixing this will |
| |
require some fairly major changes to the grammar. |
| |
[7f863c930121] |
| |
|
| |
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: |
| |
Mention that relative times don't always do what you might expect. |
| |
[710a9b0dd36f] |
| |
|
| |
2013-09-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/CONTRIBUTORS: |
| |
Add diacritical for Zdenek Behan. |
| |
[78d333f88e6c] |
| |
|
| |
2013-09-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* src/regress/ttyname/check_ttyname.c: |
| |
Do not fail if ttyname() cannot determine the tty but sudo can. |
| |
Should fix problems with running "make check" under pbuilder. |
| |
[e6fc06a6c5cf] |
| |
|
| |
* plugins/sudoers/Makefile.in: |
| |
Remove extraneous $$CWD; from Bdale Garbee |
| |
[4d040ddd7446] |
| |
|
| |
2013-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
| |
Make "this" and "next" qualifiers work a bit better. There is still |
| |
room for improvement as "this week" will use the current time |
| |
instead of the beginning of the week. That's a separate issue |
| |
though. |
| |
[e844c02f754a] |
| |
|
| |
2013-09-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* common/regress/sudo_conf/conf_test.c, |
| |
common/regress/sudo_parseln/parseln_test.c: |
| |
Mark main() public to silence a warning on HP-UX. |
| |
[ac0b869b9842] |
| |
|
| |
2013-09-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: |
| |
Be specific that we are talking about the Unix epoch; bug #615 |
| |
[25887775371b] |
| |
|
| |
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, |
| |
src/po/sudo.pot, src/selinux.c: |
| |
Do not use "setup" as a verb; bug #614 |
| |
[17c4750aac5f] |
| |
|
| |
* plugins/sudoers/iolog.c: |
| |
Fix logic goof when checking open() status. |
| |
[76ece1445d71] |
| |
|
| |
* plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, |
| |
src/po/nl.po, src/po/ru.mo, src/po/ru.po: |
| |
Sync with translationproject.org |
| |
[21351498000f] |
| |
|
| |
* NEWS, plugins/sudoers/sudoreplay.c: |
| |
Work around a bug in sudo 1.8.7 timing files where the indexes are |
| |
off by two. |
| |
[4aa0cd58af58] |
| |
|
| |
* MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, |
| |
plugins/sudoers/sudoreplay.c: |
| |
Repair writing of the I/O log file indices broken in sudo 1.8.7. |
| |
[6a5f867884f5] |
| |
|
| |
2013-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
| |
Try to improve the PAGERS noexec example a bit. |
| |
[226f11118daa] |
| |
|
| |
2013-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
| |
doc/sudoers.ldap.mdoc.in: |
| |
Document comment character in ldap.conf Clarify what is and is not |
| |
supported in TLS_KEYPW Mention that gsk8capicmd can be used to |
| |
create a stash file |
| |
[fb8f06ab4458] |
| |
|
| |
2013-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* NEWS: |
| |
New bugs fixed for 1.8.8. |
| |
[c158df7cd9d2] |
| |
|
| |
* plugins/sudoers/visudo.c: |
| |
Fix setting of quiet flag when -q / --quiet is specified. Do not |
| |
print "sudoers: parsed OK" in quiet mode. |
| |
[df55acd57ce6] |
| |
|
| |
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
| |
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, |
| |
src/po/fi.po, src/po/it.mo, src/po/it.po: |
| |
Updated translations from translationproject.org |
| |
[e9e8abd23a28] |
| |
|
| |
* plugins/sudoers/check.c: |
| |
Don't allow root to change its SELinux role without a password. Bug |
| |
#611 |
| |
[f8b599acb29d] |
| |
|
| |
2013-08-21 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* NEWS: |
| |
Mention new Mac OS X symbol interposition. |
| |
[98293b7c4e0f] |
| |
|
| |
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, |
| |
src/po/eo.po, src/po/fr.mo, src/po/fr.po: |
| |
Updated translations from translationproject.org |
| |
[865be7454354] |
| |
|
| |
* config.h.in, configure, configure.in, src/sudo_noexec.c: |
| |
Add configure checks for the exec functions we will dummy out. This |
| |
is only really needed on Mac OS X when symbol interposition is being |
| |
performed but won't hurt elsewhere. |
| |
[49c20cf6bab0] |
| |
|
| |
2013-08-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* config.h.in, configure, configure.in, src/Makefile.in, |
| |
src/sudo_noexec.c: |
| |
Fix installation of sudo_noexec on Mac OS X. Use library symbol |
| |
interposition on Mac OS X 10.4 and higher so we don't need to set |
| |
DYLD_FORCE_FLAT_NAMESPACE=1. |
| |
[a82999dff8e6] |
| |
|
| |
2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/ldap.c: |
| |
Fix error display from ldap_ssl_client_init(). There are two error |
| |
codes. The return value can be decoded via ldap_err2string() but |
| |
the ssl reason code cannot (you have to look it up in a table |
| |
online). |
| |
[0267125ce9f0] |
| |
|
| |
2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
| |
doc/sudoers.ldap.mdoc.in: |
| |
Fix typo in tls_key example for Tivoli |
| |
[36599f424ac4] |
| |
|
| |
* src/parse_args.c: |
| |
Don't escape '$' when running "sudo -i command". Bug #564 |
| |
[17542d52f714] |
| |
|
| |
* plugins/sudoers/iolog_path.c: |
| |
Fix typo in comment. |
| |
[d0510ed5eaba] |
| |
|
| |
* plugins/sudoers/auth/pam.c: |
| |
Fix comment. |
| |
[4e89e0bfd6af] |
| |
|
| |
* plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: |
| |
Quiet some gcc -Wformat=2 false positives |
| |
[28a2014b9822] |
| |
|
| |
2013-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/auth/pam.c: |
| |
Remove now-obsolete arg to env_merge() |
| |
[ba015cf5d935] |
| |
|
| |
* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
| |
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, |
| |
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
| |
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
| |
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
| |
src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, |
| |
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
| |
src/po/zh_CN.mo, src/po/zh_CN.po: |
| |
Updated translations from translationproject.org |
| |
[72b6aeaba505] |
| |
|
| |
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: |
| |
French translation for sudo from translationproject.org. |
| |
[a72321771860] |
| |
|
| |
* plugins/sudoers/logging.h: |
| |
Add __printflike to audit_failure. |
| |
[1686b3699d41] |
| |
|
| |
* include/missing.h: |
| |
Use __nonnull__ attribute in __printflike. |
| |
[d123613a1fb6] |
| |
|
| |
2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/env.c, plugins/sudoers/sudoers.h: |
| |
When merging the PAM environment, allow environment variables set in |
| |
PAM to override ones set by sudo as long as they do not match the |
| |
env_keep or env_check lists. |
| |
[f3c64967fed7] |
| |
|
| |
* plugins/sudoers/auth/pam.c: |
| |
Call pam_getenvlist() after we've opened the session to get the |
| |
session-specific environment variables. |
| |
[b413fb9e1c77] |
| |
|
| |
2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* NEWS: |
| |
option not flag |
| |
[08c31af7b818] |
| |
|
| |
* compat/getopt_long.c, config.h.in, configure, configure.in: |
| |
Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add |
| |
a check for optreset which is a BSD extension and provide a |
| |
definition in getopt_long.c if it is not present. |
| |
[3393e8d83400] |
| |
|
| |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
| |
regen |
| |
[f38f65830118] |
| |
|
| |
* plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: |
| |
Use lower case for the long option arguments to match the manual. |
| |
This is inconsistent with GNU but it is better to match the sudo |
| |
documentation. |
| |
[8fac2d64f5d2] |
| |
|
| |
* NEWS: |
| |
Sudo 1.8.8 |
| |
[105c73752474] |
| |
|
| |
* src/parse_args.c: |
| |
Use lower card for the long option arguments to match the manual. |
| |
This is inconsistent with GNU but it is better to match the sudo |
| |
documentation. |
| |
[af243dd39850] |
| |
|
| |
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
| |
doc/sudo_plugin.mdoc.in: |
| |
Describe how remote command execution can be implemented. |
| |
[3eba7f93b7f6] |
| |
|
| |
* doc/sudoers.ldap.cat: |
| |
Bump version. |
| |
[0ee7f02f3627] |
| |
|
| |
2013-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* src/sudo.c: |
| |
Make it a fatal error if the plugin returns invalid or out of range |
| |
command info. |
| |
[8a7e56c7584a] |
| |
|
| |
* plugins/sudoers/policy.c: |
| |
Use strtol() instead of atoi() and perform error checking of |
| |
parameters passed from the sudo front-end. |
| |
[05e05be3c6c4] |
| |
|
| |
* plugins/sudoers/auth/pam.c: |
| |
It is not possible for auth to be NULL here. |
| |
[771500e776e9] |
| |
|
| |
* plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
| |
Initialize user_runhost and user_srunhost to user_host and |
| |
user_shost in visudo and testsudoers. |
| |
[c47cca74e1fc] |
| |
|
| |
* MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, |
| |
common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, |
| |
common/list.c, common/sudo_conf.c, common/sudo_debug.c, |
| |
compat/Makefile.in, compat/getopt_long.c, include/error.h, |
| |
include/fatal.h, plugins/sudoers/Makefile.in, |
| |
plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, |
| |
plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, |
| |
plugins/sudoers/regress/check_symbols/check_symbols.c, |
| |
plugins/sudoers/regress/logging/check_wrap.c, |
| |
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
| |
src/Makefile.in, src/locale_stub.c, src/net_ifs.c, |
| |
src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: |
| |
Rename error.h -> fatal.h now that there is no error() function. |
| |
[3a3827f10f04] |
| |
|
| |
* common/sudo_debug.c, include/sudo_debug.h: |
| |
Add support to the debug subsystem for zero-length strings. This |
| |
can happen for things like warning(NULL) or fatal(NULL) where we |
| |
just want to log the errno string. |
| |
[3ed739c5cc91] |
| |
|
| |
* include/error.h: |
| |
Add __printflike for vfatal, vfatalx, vwarning and vwarningx. |
| |
[57e65ed595d2] |
| |
|
| |
* plugins/sudoers/audit.c: |
| |
Need to include gettext.h for BSM audit. |
| |
[a87fda2d0123] |
| |
|
| |
* common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, |
| |
src/parse_args.c, src/sudo.c: |
| |
Change some fatalx(NULL) that should be fatal(NULL). |
| |
[8b1efda9f578] |
| |
|
| |
* include/error.h, include/missing.h: |
| |
Use __printf0like for warning() and fatal() since the fmt string may |
| |
be NULL. |
| |
[858a890f00ad] |
| |
|
| |
* compat/pw_dup.c: |
| |
Quiet a gcc "used uninitialized in this function" false positive. |
| |
[98f47f89ce60] |
| |
|
| |
* mkpkg: |
| |
Enable bsm audit on Mac OS X and Solaris >= 11. |
| |
[8607488f986c] |
| |
|
| |
* plugins/sudoers/bsm_audit.c: |
| |
Fix compilation on Solaris 11. |
| |
[01aa46298ed7] |
| |
|
| |
* plugins/sudoers/bsm_audit.c: |
| |
Add missing missing.h |
| |
[080de69a55a1] |
| |
|
| |
* plugins/sudoers/sudoers.c: |
| |
Move the -C (user_closefrom) check until after set_cmnd() so that |
| |
closefrom_override can be used in a command-specific Defaults line. |
| |
Fixes bug #610 from Mengtao Sun. |
| |
[413565c6ff6b] |
| |
|
| |
2013-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* src/exec.c: |
| |
If not using a pty and the child process gets SIGTTOU or SIGTTIN and |
| |
sudo is the foreground process, make the child the foreground |
| |
process and continue it. |
| |
[5ff433443bc4] |
| |
|
| |
* src/sudo.c: |
| |
If sudo is not setuid and was not invoked with a full path, look in |
| |
the user's PATH for the sudo binary to give a better error message. |
| |
[a740129a38f0] |
| |
|
| |
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
| |
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
| |
plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, |
| |
plugins/sudoers/sudoers.h: |
| |
Add limited support for "sudo -l -h other_host". Since group |
| |
lookups are done on the local host, rules that use group membership |
| |
may be incorrect if the group database is not synchronized between |
| |
hosts. |
| |
[2c8b222a5f7f] |
| |
|
| |
* src/parse_args.c: |
| |
Fix parsing of "-h host" when used in conjunction with the -l flag. |
| |
[62f3d726d52b] |
| |
|
| |
* configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, |
| |
doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
| |
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
| |
doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, |
| |
plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, |
| |
src/sudo_usage.h.in: |
| |
Simplify usage messages a bit and make --help output more closely |
| |
resemble GNU usage wrt long options. Sync usage and man page |
| |
SYNOPSYS sections and improve long options in the manual pages. Now |
| |
that we have long options we don't need to give the mnemonic for the |
| |
single-character options in the description. |
| |
[17b7e386955a] |
| |
|
| |
2013-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/logging.c: |
| |
Fix setting of mailer argv[0] to basename of mailerpath. No need to |
| |
strdup() mailerpath as it is not modified. |
| |
[8843cdd958ee] |
| |
|
| |
* plugins/sudoers/logging.c: |
| |
Make sure the mailer exists and is a regular file before trying to |
| |
exec it. |
| |
[b73d6214014f] |
| |
|
| |
* plugins/sudoers/timestamp.c: |
| |
If tty_tickets are enabled but there is no tty, use a ticket file |
| |
based on the parent pid. |
| |
[75408bd61ced] |
| |
|
| |
* common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
| |
doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: |
| |
Allow default plugin dir to be configured in sudo.conf. |
| |
[478883594cc5] |
| |
|
| |
* doc/CONTRIBUTORS: |
| |
UTF8 for Ruusamae, Elan; from Tae Wong |
| |
[02e0c95b4fa6] |
| |
|
| |
2013-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* MANIFEST, common/regress/sudo_conf/test5.in, |
| |
common/regress/sudo_conf/test5.out.ok, |
| |
common/regress/sudo_conf/test6.in, |
| |
common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, |
| |
doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, |
| |
plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: |
| |
Don't allow max_groups to be set to zero, it just complicates things |
| |
needlessly. Fixes an assertion in visudo when there is a group- |
| |
based Defaults entry. |
| |
[d62a8ea32db9] |
| |
|
| |
2013-08-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* MANIFEST, common/Makefile.in, common/gidlist.c, |
| |
plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, |
| |
src/sudo.h: |
| |
Refactor code to parse list of gids into its own function that is |
| |
shared by the sudo front-end and the sudoers module. Make uid/gid |
| |
parse error be fatal, not just a warning. |
| |
[da3b2b06605c] |
| |
|
| |
* common/atoid.c: |
| |
Add function comment block. |
| |
[09a324de716f] |
| |
|
| |
* common/atoid.c: |
| |
Default text domain is now sudo, not sudoers. |
| |
[1acb1da6f304] |
| |
|
| |
* common/Makefile.in: |
| |
Update dependency for atoid.lo |
| |
[5e367cd44288] |
| |
|
| |
* common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, |
| |
plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, |
| |
src/sudo.h: |
| |
Add endpointer and separator args to atoid() |
| |
[2077e4ed8578] |
| |
|
| |
2013-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* compat/getgrouplist.c: |
| |
Use private version of atoid() to avoid a dependency on libcommon.a |
| |
(since that already depends on libreplace.a). |
| |
[7c12d63b0560] |
| |
|
| |
* doc/CONTRIBUTORS: |
| |
More UTF8 in names; from Tae Wong |
| |
[512b263f51c8] |
| |
|
| |
* compat/getgrouplist.c, plugins/sudoers/iolog.c, |
| |
plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: |
| |
Use atoid() in more places. |
| |
[06f4ae57c707] |
| |
|
| |
* MANIFEST, common/Makefile.in, common/atoid.c, |
| |
plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: |
| |
Move atoid() to common so it can be used in src and compat too. |
| |
[095d730701e4] |
| |
|
| |
* compat/closefrom.c: |
| |
Avoid a crash on Mac OS X 10.8 (at least) when we close |
| |
libdispatch's fds out from under it before executing the command. |
| |
Switch to just setting the close on exec flag instead. |
| |
[349ebf4987df] |
| |
|
| |
* doc/CONTRIBUTORS: |
| |
Convert to last, first for easier sorting and use UTF8 (including a |
| |
BOM). |
| |
[8c30d221bd75] |
| |
|
| |
* plugins/sudoers/atoid.c: |
| |
Add atoid() function to convert a string to an id_t (uid, gid or |
| |
pid). We have to be careful to choose() either strtol() or |
| |
strtoul() depending on whether the string appears to be signed or |
| |
unsigned. Always using strtoul() is unsafe on 64-bit platforms since |
| |
the uid might be represented as a negative number and (unsigned |
| |
long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. |
| |
Fixes a problem with uids larger than 0x7fffffff on 32-bit |
| |
platforms. |
| |
[5d818e399157] |
| |
|
| |
* MANIFEST, config.h.in, configure, configure.in, |
| |
plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, |
| |
plugins/sudoers/sudoers.h: |
| |
Add atoid() function to convert a string to an id_t (uid, gid or |
| |
pid). We have to be careful to choose() either strtol() or |
| |
strtoul() depending on whether the string appears to be signed or |
| |
unsigned. Always using strtoul() is unsafe on 64-bit platforms since |
| |
the uid might be represented as a negative number and (unsigned |
| |
long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. |
| |
Fixes a problem with uids larger than 0x7fffffff on 32-bit |
| |
platforms. |
| |
[cd92246a710f] |
| |
|
| |
* plugins/sudoers/sudoers.c: |
| |
Avoid "perm stack underflow" error when logging the unknown uid |
| |
error. |
| |
[871514c713b7] |
| |
|
| |
* plugins/sudoers/set_perms.c: |
| |
In rewind_perms() there is nothing to do if perm_stack_depth == 0. |
| |
[98de335f47f0] |
| |
|
| |
2013-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
| |
plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, |
| |
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: |
| |
Add pam_setcred sudoers option to allow the user to control whether |
| |
pam_setcred() is called on the user's behalf. |
| |
[4260a8e43073] |
| |
|
| |
* configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, |
| |
doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, |
| |
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
| |
plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: |
| |
Add pam_service and pam_login_service sudoers settings to control |
| |
the service name passed to pam_start. |
| |
[5ea0e3588f3a] |
| |
|
| |
* mkpkg: |
| |
Newer Xcode places the SDKs under Xcode.app |
| |
[4b54379d5c45] |
| |
|
| |
2013-08-03 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* MANIFEST, common/Makefile.in, common/zero_bytes.c, |
| |
compat/Makefile.in, compat/memset_s.c, config.h.in, configure, |
| |
configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
| |
doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, |
| |
mkdep.pl, plugins/sudoers/Makefile.in, |
| |
plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, |
| |
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, |
| |
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, |
| |
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, |
| |
plugins/sudoers/logging.c, plugins/sudoers/sha2.c, |
| |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| |
plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, |
| |
src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, |
| |
src/tgetpass.c: |
| |
Implement memset_s() and use it instead of zero_bytes(). A new |
| |
constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the |
| |
max conversation reply length. This constant can be used as a max |
| |
value for memset_s() when clearing passwords filled in by the |
| |
conversation function. |
| |
[264ec146028e] |
| |
|
| |
2013-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
| |
plugins/system_group/Makefile.in: |
| |
Do not try to install plugins when shared modules are disabled |
| |
(sudoers already had the check). |
| |
[3d582c042042] |
| |
|
| |
* plugins/sudoers/Makefile.in: |
| |
Update dependencies to take into account compat/getopt.h and |
| |
compat/dlfcn.h. |
| |
[301fb31cd121] |
| |
|
| |
* src/Makefile.in: |
| |
Update dependencies now that sudo_usage.h is always included from |
| |
the build dir. |
| |
[c1ff70ec9515] |
| |
|
| |
2013-07-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/ldap.c: |
| |
Add some warnings and debugging to sasl ccname handling. |
| |
[467f415861f0] |
| |
|
| |
* plugins/sudoers/ldap.c: |
| |
Fix write loop invariant in sudo_krb5_copy_cc_file() |
| |
[6948cf6e9b9f] |
| |
|
| |
2013-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/ldap.c: |
| |
Strip off leading FILE: or WRFILE: prefix before trying to copy the |
| |
user's credential cache. |
| |
[56c16feab62f] |
| |
|
| |
2013-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* src/sudo.c: |
| |
Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, |
| |
just save RLIMIT_NPROC in exec_setup() before the final setuid() and |
| |
restore it immediately after. We don't need to modify RLIMIT_NPROC |
| |
for simple euid changes, just for changing the real (and saved) uids |
| |
before we exec. This also means we no longer need to worry about |
| |
_SC_CHILD_MAX returning -1. Bug #565 |
| |
[1372f1909039] |
| |
|
| |
2013-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/ldap.c, src/preload.c: |
| |
Now that the ldap code runs with the real and effective uid set to |
| |
0, it is not possible for the gssapi libs to find the user's krb5 |
| |
credential cache file. To work around this, we make a temporary |
| |
copy of the user's credential cache specified by KRB5CCNAME (opened |
| |
with the user's effective uid) and point gssapi to it. To set the |
| |
credential cache file name, we dynamically look up |
| |
gss_krb5_ccache_name() and use it if available, otherwise fall back |
| |
to setting KRB5CCNAME. |
| |
[8b86c134541a] |
| |
|
| |
2013-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, |
| |
doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, |
| |
doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, |
| |
plugins/sudoers/visudo.c: |
| |
Long option support for visudo and sudoreplay. |
| |
[91427968be71] |
| |
|
| |
2013-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, |
| |
src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: |
| |
Add support for long options and fix inclusion of sudo_usage.h with |
| |
modern gcc broken in 8597:1fcb7ba13018. |
| |
[d13134819944] |
| |
|
| |
* src/Makefile.in: |
| |
Add rule to rebuild sudo_usage.h when the .in file changes. |
| |
[59a32899e251] |
| |
|
| |
* compat/Makefile.in, mkdep.pl, src/Makefile.in: |
| |
Add make rules for building getopt_long.c |
| |
[5f57593b3a8b] |
| |
|
| |
* src/parse_args.c: |
| |
Make "-h hostname" work. Optional args in GNU getopt() only work |
| |
when there is no space between the option flag and the argument. |
| |
[b8258659cabb] |
| |
|
| |
2013-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, |
| |
configure, configure.in, doc/LICENSE, src/parse_args.c: |
| |
Use getopt_long() so we can make the -h flag take an optional |
| |
argument. Includes a version for those without it. |
| |
[d1dd66c8a86b] |
| |
|
| |
2013-07-16 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
| |
Document that the -h option can be used specify a host name for |
| |
future plugins. |
| |
[8470c74cf326] |
| |
|
| |
* include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: |
| |
Overload -h option to specify an optional hostname for remote |
| |
access. This is future-proofing; no policy plugins currently support |
| |
this. |
| |
[0e01d8c3c623] |
| |
|
| |
* configure, configure.in: |
| |
Bump version to 1.8.8 |
| |
[a1155bfaa28f] |
| |
|
| |
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
| |
doc/sudo_plugin.mdoc.in: |
| |
Document the remote_host setting (-h host) |
| |
[c737db906f5d] |
| |
|
| |
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
| |
fix "the the" |
| |
[0025464a3942] |
| |
|
| |
* src/parse_args.c, src/sudo.c, src/sudo.h: |
| |
Do not error out if arg to -U option cannot be resolved, that is for |
| |
the plugin to decide. There is no need for runas_user and |
| |
runas_group to be global, make them local to parse_args() instead. |
| |
[fb02a62a72ba] |
| |
|
| |
* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, |
| |
plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, |
| |
src/po/pt_BR.mo, src/po/pt_BR.po: |
| |
Sync with translationproject.org |
| |
[e8f4772d918a] |
| |
|
| |
2013-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/TROUBLESHOOTING: |
| |
Remove old bits about sudo setuid problems that should have been |
| |
cleaned up in changeset 7917:fa4894896d8a. Also update the mode of |
| |
sudo to 04755 to match current packaging. |
| |
[1e3904cdc2de] |
| |
|
| |
* plugins/sudoers/auth/pam.c: |
| |
Go back to ignoring the return value of pam_setcred() since with |
| |
stacked PAM auth modules a failure from one module may override |
| |
PAM_SUCCESS from another. If the first module in the stack fails, |
| |
the others may be run (and succeed) but an error will be returned. |
| |
This can cause a spurious warning on systems with non-local users |
| |
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first. |
| |
[b6022e26135a] |
| |
|
| |
* src/net_ifs.c: |
| |
Remove unused variable. |
| |
[93dde7d82fde] |
| |
|
| |
* NEWS: |
| |
Fix typo |
| |
[5ef79671c2c7] |
| |
|
| |
2013-07-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* plugins/sudoers/sssd.c: |
| |
Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). |
| |
From Dan Harnett. |
| |
[4a0af6f12765] |
| |
|
| |
2013-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
| |
Fix formatting typo; from Eric S. Raymond |
| |
[058b533ba460] |
| |
|
| |
2013-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| |
* mkpkg: |
| |
Use -gxcoff on aix so dbx can be used to debug sudo. |
| |
[4950e019ed2d] |
| |
|
| 2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
|
| * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ChangeLog CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo