version 1.1.1.2, 2012/05/29 12:26:48
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 1
|
Line 1
|
|
|
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6p3 |
|
[97fef3d9ed65] |
|
|
|
2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh: |
|
Don't use embedded newline when matching, use \n. This got expanded |
|
at some point. Bug #573 |
|
[6652f834b8f5] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not |
|
all file systems support d_type. Bug #572 |
|
[8b861c62945f] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Avoid calling fclose(NULL) in the error path when we cannot open an |
|
I/O log file. |
|
[9401d5c4bb05] |
|
|
|
2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Sudo 1.8.6p2 |
|
[6e32496280f2] |
|
|
|
* src/exec.c: |
|
When setting the signal handler for SIGTSTP to the default value in |
|
non-I/O log mode, store the old handler value for when we restore it |
|
after resume. |
|
[242628694e42] |
|
|
|
2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention support for SUCCESS=return in /etc/nsswitch.conf |
|
[ef1f35aa0863] |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6p1 |
|
[73a5e1f004b3] |
|
|
|
2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/env.c: |
|
Avoid setting LOGNAME, USER and USERNAME variables twice when |
|
set_logname is enabled. |
|
[0de4f5fbd1d4] |
|
|
|
* plugins/sudoers/env.c: |
|
Fix duplicate detection in sudo_putenv(), do not prune out the |
|
variable we just set when overwriting an existing instance. Fixes |
|
bug #570 |
|
[854ee714c831] |
|
|
|
* plugins/sudoers/env.c: |
|
Add some debuggging |
|
[a25cd3305823] |
|
|
|
2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Disable word wrap in list mode when stdout is a pipe to make "sudo |
|
-l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. |
|
[65ade04511fd] |
|
|
|
* common/lbuf.c: |
|
Print a trailing newline in lbuf_print() when there is not enough |
|
space to do word wrapping and the lbuf does not end with a newline. |
|
[c0200e19cd09] |
|
|
|
* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: |
|
Add support for [SUCCESS=return] in nsswitch.conf; from Daniel |
|
Kopecek |
|
[5c480316e3ce] |
|
|
|
* MANIFEST: |
|
Add sssd.c |
|
[9cadd014ef97] |
|
|
|
2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, |
|
plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, |
|
plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, |
|
src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: |
|
regen .po files |
|
[62423d4d143d] |
|
|
|
* MANIFEST, plugins/sudoers/po/vi.mo: |
|
Add Vietnamese sudoers translation from translationproject.org |
|
[33666a605525] |
|
|
|
* NEWS: |
|
mention PIE |
|
[05032e5304c6] |
|
|
|
* MANIFEST, plugins/sudoers/po/vi.po: |
|
Add Vietnamese sudoers translation from translationproject.org |
|
[015c2204bae2] |
|
|
|
2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, compat/Makefile.in, mkdep.pl: |
|
Add missing signame dependency |
|
[e493bfb01929] |
|
|
|
* src/exec.c, src/ttyname.c: |
|
Silence compiler warnings. |
|
[1c5374b66d9b] |
|
|
|
* MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, |
|
config.h.in, configure, configure.in, include/missing.h, mkdep.pl, |
|
src/exec.c, src/exec_pty.c: |
|
Replace strsigname() with sig2str(), emulating it as needed. |
|
[1e348cca1fa6] |
|
|
|
* config.h.in, configure, configure.in, src/utmp.c: |
|
Use fseeko() for legacy utmp handling if available. |
|
[b4bbd8d2c0e9] |
|
|
|
2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/strsigname.c, config.h.in, configure, configure.in: |
|
Detect sys_sigabbrev[] and use it in place of sys_signame[] if |
|
present. For some reason glibc does not declare sys_sigabbrev so we |
|
must add an extern definition of our own. |
|
[b38f3fbd7078] |
|
|
|
* compat/strsignal.c, compat/strsigname.c: |
|
Handle NULL entries in sys_siglist and sys_signame. |
|
[a388959d9654] |
|
|
|
* compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, |
|
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: |
|
Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} |
|
[711e41aba59a] |
|
|
|
2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
sync |
|
[5a2522488754] |
|
|
|
* src/exec.c: |
|
Pass on SIGTSTP to the command if it was sent by a user process (not |
|
the kernel or the terminal) when we are not I/O logging and set the |
|
default SIGTSTP handler when we re-send the signal to ourself, |
|
restoring our handler after we resume. |
|
[4259c47e31c0] |
|
|
|
* src/exec.c: |
|
Shells typically change their process group when they start up so |
|
that they can implement job control. Most well-behaved shells |
|
change the pgrp back to its original value before suspending so we |
|
must not try to restore in that case, lest we race with the child |
|
upon resume, potentially stopping sudo with SIGTTOU while the |
|
command continues to run. Some shells, such as pdksh, just suspend |
|
the shell by sending SIGSTOP to themselves without restoring the |
|
pgrp. In this case we need to change the pgrp back for them. Should |
|
fix bug #568 |
|
[6ac6751ffd17] |
|
|
|
2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, compat/Makefile.in, compat/mksigname.c, |
|
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, |
|
config.h.in, configure, configure.in, include/missing.h, mkdep.pl, |
|
src/exec.c, src/exec_pty.c: |
|
Use strsigname() to print signal names in the debug output. If the |
|
system has no strsigname(), use our own. |
|
[0735f18906b9] |
|
|
|
2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/testsudoers/test5.inc, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Remove generated file and change path for temporary include file. |
|
[4e9fa830c6b5] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
When running regress tests, list pass/fail rate for each dir |
|
(testsudoers and visudo) instead of the total. Also prevent the |
|
result files from clobbering each other by keeping them in the |
|
relevant directories. |
|
[6aac53baff7d] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Don't print an error message in yyerror() if open_sudoers() fails, |
|
we've already printed an error message. Also restore the check for |
|
sudoers_warnings in yyerror(). |
|
[aa6036df5fb2] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l: |
|
Avoid printing the >>> parse error <<< message for testsudoers when |
|
the -t flag is specified. |
|
[76f3433c8992] |
|
|
|
2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix NULL deref when an entry has no Runas_Entry |
|
[4b14983ff6e7] |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[440e9c9b37de] |
|
|
|
* NEWS: |
|
sync |
|
[3142ba2dce60] |
|
|
|
* plugins/sudoers/check.c: |
|
Correct the check_user() comment header. |
|
[73da30308fff] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c: |
|
Change a log_fatal() into log_error() when no auth methods are |
|
configured. The caller already checks the return value. |
|
[05f5c39793a7] |
|
|
|
* plugins/sudoers/logging.c: |
|
Add missing debug_return |
|
[3a76bb7c2fe7] |
|
|
|
2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Make the capitalization consistent for .Ss and .Sx |
|
[5c5735ee4b2f] |
|
|
|
* doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, |
|
doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Add COMMAND EXECUTION section that describes how sudo runs the |
|
command, the extra sudo processes and signal handling. |
|
[dff2d88e984e] |
|
|
|
2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Happy Easter |
|
[4b9d697c6b83] |
|
|
|
2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in: |
|
Don't echo the awk command when building siglist.in |
|
[21daa72921e6] |
|
|
|
* doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Cosmetic changes. |
|
[19259528e9ad] |
|
|
|
* doc/Makefile.in: |
|
The HISTORY, LICENSE and CONTRIBUTORS files are not longer |
|
generated. |
|
[ea6ac9e981e6] |
|
|
|
* MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, |
|
plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, |
|
src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, |
|
src/po/uk.po, src/po/vi.po: |
|
Sync with translationproject.org and add Italian sudoers |
|
translation. |
|
[9276740aea59] |
|
|
|
2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Expand description of fqdn to talk about systems where the hosts |
|
file is searched before DNS. |
|
[4ee812ca6116] |
|
|
|
2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/Makefile.in: |
|
For cat pages there is nothing to make unless DEVEL is set. |
|
[fab4a5b68708] |
|
|
|
* configure, configure.in, doc/Makefile.in: |
|
Always use mandoc to format cat pages and remove now-extraneous |
|
nroff configure tests. |
|
[5747f4ed5762] |
|
|
|
* pp: |
|
sync polypkg from git |
|
[89ddf6ea3e3f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Use AI_FQDN instead of AI_CANONNAME if available since "canonical" |
|
is not always the same as "fully qualified". |
|
[7c1d9c098386] |
|
|
|
2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.mdoc.in: |
|
Fix some typos. Describe error messages not related to policy |
|
permissions. |
|
[f5ebf9030d85] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/visudo.c: |
|
Add new check_defaults() function to check (but not update) the |
|
Defaults entries. Visudo can now use this instead of |
|
update_defaults to check all the defaults regardless instead of just |
|
the global Defaults entries. |
|
[3fa879ce1b65] |
|
|
|
2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document sudoers log format. |
|
[08998a7061ab] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5p3 |
|
[6e102a5d4e8d] |
|
|
|
* src/load_plugins.c: |
|
Add missing check for I/O plugin API version when checking for the |
|
presence of I/O plugin hooks. |
|
[ef05c7eeaf81] |
|
|
|
* src/hooks.c: |
|
Can't call debug code in the process_hooks_xxx functions() since |
|
ctime() may look up the timezone via the TZ environment variable. |
|
[2179fb26bd8e] |
|
|
|
2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_common.c, src/sesh.c, src/utmp.c: |
|
Include signal.h before sudo_exec.h since it uses sigset_t * in the |
|
fork_pty prototype. |
|
[94fc0d859600] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Remove OPTIONS section; options now go inside DESCRIPTION |
|
[a619fc58a746] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[44719d80bc06] |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: |
|
Sync with translationproject.org and add new Slovenian translation. |
|
[34b4b966bbac] |
|
|
|
* common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/testsudoers.c: |
|
Reduce the number of "internal error, foo overflow" messages that |
|
need to be translated. |
|
[93ffa2b3d53f] |
|
|
|
* NEWS: |
|
Mention HP-UX reboot fix. |
|
[1e39b5aa32ac] |
|
|
|
* INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, |
|
doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: |
|
Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers |
|
data source. From Daniel Kopecek and Pavel Brezina. |
|
[3f85e95d6928] |
|
|
|
2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_conf.c, src/load_plugins.c: |
|
If sudo.conf contains an I/O plugin but no policy plugin, use |
|
sudoers for the policy plugin. If a policy plugin is specified |
|
without an I/O plugin, only the policy plugin will be loaded. |
|
[ea192df2439d] |
|
|
|
* doc/Makefile.in, doc/sudoers.man.in: |
|
Do not modify the .Os section when building the .man.in file from |
|
.mdoc.in. |
|
[a9f9628e147f] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add a note about wildcards matching multiple words and include an |
|
example. Also mention that for sudoedit, a wildcard in command line |
|
args does not match a slash. |
|
[fcb9fbac14e0] |
|
|
|
2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c, src/sudo_exec.h: |
|
Fix a comment, update a variable name in a prototype; all cosmetic. |
|
[e89f10cbd6e1] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Cast 2nd argument of lseek() to off_t if it is a constant for |
|
systems with 64-bit off_t but without a proper lseek() prototype. |
|
[d8779da135d0] |
|
|
|
* compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/visudo.c: |
|
Fix some warnings from clang checker-267 |
|
[1e44ef7860b5] |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Fix memory leak found by clang checker-267 |
|
[f8a43617fdfb] |
|
|
|
2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: |
|
If we receive a signal from the command we executed, do not forward |
|
it back to the command. This fixes a problem with BSD-derived |
|
versions of the reboot command which send SIGTERM to all other |
|
processes, including the sudo process. Sudo would then deliver |
|
SIGTERM to reboot which would die before calling the reboot() system |
|
call, effectively leaving the system in single user mode. |
|
[4ffab9ab9e98] |
|
|
|
2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh, doc/fixmdoc.sh: |
|
Remove section about Solaris 10 on other systems. Add missing |
|
sudoers.man.in bit to fixman.sh. |
|
[176559199ba7] |
|
|
|
2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Expand section on Solaris privileges. |
|
[3a1bfa2f1743] |
|
|
|
* NEWS: |
|
Expand a bit on the Solaris priv set changes. |
|
[bffb78b4a520] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
The second argument to init_parser() is now bool. |
|
[fb727a4fb651] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Fix printing of parse error message to stderr. |
|
[dea6b420b84f] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: |
|
If a command matches using an empty Runas_List (i.e. Runas_List is |
|
present but empty) and the -u option was not specified, set runas_pw |
|
to user_pw instead of using runas_default. This is intended to be |
|
used in conjunction with the Solaris Privilege Set support for rules |
|
that grant privileges without changing the user. |
|
[e84a081f3c11] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.h, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: |
|
Add support for parsing an empty Runas_List, which only allows the |
|
command to be run as the invoking user. This can be used in |
|
conjunction with the Solaris Privilege Set support to grant |
|
privileges without changing the user. |
|
[dc34373792fc] |
|
|
|
2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh: |
|
Fix HP-UX, just use ".TH name section" like the vendor manuals. |
|
[559738237c92] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix compilation on Solaris |
|
[2d310302207c] |
|
|
|
* .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, |
|
doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, |
|
doc/sudoers.mdoc.sh: |
|
Generate a sed script file when munging *.mdoc or *.man instead of |
|
passing sed expressions on the command line. Older seds do not |
|
support \n in a replacement so generate and run a sed script |
|
instead. |
|
[0bcce3f1ca18] |
|
|
|
* doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, |
|
doc/visudo.man.in: |
|
Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" |
|
[fe0f10b63776] |
|
|
|
2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
When checking whether a signal is user-generated, compare si_code |
|
against SI_USER instead of <= 0 since on HP-UX, terminal-related |
|
signals get a code of 0. |
|
[4e9021243343] |
|
|
|
* src/sudo.c: |
|
SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX |
|
interchangably. This causes problems when setting RLIMIT_NPROC to |
|
RLIM_INFINITY due to a bug in bash where bash tries to honor the |
|
value of _SC_CHILD_MAX but treats a value of -1 as an error, and |
|
uses a default value of 32 instead. |
|
|
|
Previously, we just checked RLIMIT_NPROC and, if it was unlimited, |
|
restored the previous value of RLIMIT_NPROC. However, that makes it |
|
impossible to set nproc to unlimited. We now only restore the nproc |
|
resource limit if sysconf(_SC_CHILD_MAX) is negative. In most |
|
cases, pam_limits will set RLIMIT_NPROC for us. |
|
[cb71cc8d0b08] |
|
|
|
2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Active Directory apparently requires that tenths of a second be |
|
present in a date so append .0 to the "now" value in the time |
|
filter. Also remove space for the global AND from TIMEFILTER_LENGTH |
|
since it was not being used consistently. Buffers of |
|
TIMEFILTER_LENGTH now need to account for the terminating NUL byte. |
|
[d28619ff6e45] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix SELinux build |
|
[cc0d1f4e851b] |
|
|
|
2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST: |
|
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they |
|
were not being kept in sync. |
|
[fc3ad1847cb1] |
|
|
|
* doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, |
|
doc/license.pod: |
|
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they |
|
were not being kept in sync. |
|
[950363dffe3a] |
|
|
|
2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
Fix printing of the permission denied message to standard error when |
|
a user is not allowed to run a command. This got broken by the |
|
recent logging changes. |
|
[b7af63da3ca1] |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump grammar version for Solaris privs. |
|
[2a2baf024477] |
|
|
|
* doc/schema.ActiveDirectory: |
|
Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder |
|
were added. From David Hicks. |
|
[3fc432a8edb4] |
|
|
|
2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Remove lex.yy.c when building toke.c |
|
[72bb9e62b289] |
|
|
|
* doc/Makefile.in: |
|
Fix building docs in a build dir. |
|
[7a6f435af022] |
|
|
|
* doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, |
|
doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, |
|
doc/sudoreplay.pod, doc/visudo.pod: |
|
Remove pod versions of the manual; we now use mdoc. |
|
[5c967d2dd5db] |
|
|
|
* MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, |
|
doc/sudoers.man.sh, doc/sudoers.mdoc.sh: |
|
Add post-processing scripts to strip out login class, BSD auth, |
|
SELinux and privilege set bits when they are not supported. |
|
[d0d51f72f597] |
|
|
|
* NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, |
|
doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: |
|
Merge in Solaris privilege support by Darren Moffat and John |
|
Zolnowsky |
|
[3aa0a64f2f5c] |
|
|
|
2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/contributors.pod: |
|
Sync with CONTRIBUTORS file |
|
[9a0852306ad9] |
|
|
|
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, |
|
doc/sudoers.man.in, doc/sudoreplay.man.in: |
|
Regen .man.in files with my private mandoc. |
|
[dc3c9fc449eb] |
|
|
|
* doc/Makefile.in: |
|
add MANDOC variable |
|
[35527e66afc5] |
|
|
|
2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, |
|
doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: |
|
Regen .man.in files with hacked mandoc to avoid issues with historic |
|
nroff. |
|
[d45cfa7d665f] |
|
|
|
2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.mdoc.in, doc/sudoers.mdoc.in: |
|
Fix groff warnings. |
|
[111d522ca807] |
|
|
|
* doc/Makefile.in: |
|
Fix dependencies for .man.in files. |
|
[aefeffe1af2b] |
|
|
|
* .hgignore: |
|
Add doc/*.mdoc to ignore file |
|
[1e4de6ef2ad8] |
|
|
|
* INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, |
|
doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Build .man.in and .cat files from .mdoc.in files. Add new --with-man |
|
and --with-mdoc configure options. |
|
[c963fd7e8f80] |
|
|
|
2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Sudo manuals formatted in mdoc, to replace the pod versions. |
|
[e6dca4030451] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, |
|
doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: |
|
More minor costmetic fixes. |
|
[a7287a68385a] |
|
|
|
2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: |
|
Minor cosmetic fixes. |
|
[9c48bdaf3946] |
|
|
|
2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: |
|
Use "a password is required" instead of "password required" when the |
|
-n flag is used and we need to read a password. |
|
[a3c30fc41648] |
|
|
|
2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention logging changes. |
|
[8238fd6e02e8] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[e2cf634ba63b] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: |
|
Document that other mail_* flags have precedence over mail_badpass. |
|
[9f4cc9188f40] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Move log_denial() calls and logic to log_failure(). Move |
|
authentication failure logging to log_auth_failure(). Both of these |
|
call audit_failure() for us. |
|
|
|
This subtly changes logging for commands that are denied by sudoers |
|
but where the user failed to enter the correct password. |
|
Previously, these would be logged as "N incorrect password attempts" |
|
but now are logged as "command not allowed". Fixes bug #563 |
|
[cad35f0b3ad7] |
|
|
|
2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/aix.c: |
|
Do not set a resource limit to zero when we are unable to fetch a |
|
value from /etc/security/limits. |
|
[62bfb0a7895e] |
|
|
|
2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add "Provides: sudo" to debian sudo-ldap package |
|
[beb8afa0beb2] |
|
|
|
2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, zlib/Makefile.in: |
|
Define NO_VIZ for zlib when gcc doesn't support symbol visibility |
|
attributes. |
|
[9fdcbf526386] |
|
|
|
* configure, configure.in: |
|
Use the autoconf cache when checking for symbol export control |
|
support. |
|
[03c2cce8711f] |
|
|
|
* INSTALL, common/Makefile.in, compat/Makefile.in, configure, |
|
configure.in, mkpkg, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in: |
|
Add configure check for building PIE executables instead of doing it |
|
in mkpkg. |
|
[02b5b78ef258] |
|
|
|
* sudo.pp: |
|
MacOS pp backend doesn't like modes longer than 4 characters. |
|
[01b49022bf01] |
|
|
|
2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding |
|
-fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool |
|
will strip -fstack-protector from the linker flags and we always |
|
link with libtool. |
|
[0a0a0250ac2b] |
|
|
|
2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen for sudo 1.8.6 |
|
[1657ee28b496] |
|
|
|
* NEWS, doc/sudoers.ldap.pod: |
|
Document improved Tivoli Directory Server support. |
|
[fb411edf4687] |
|
|
|
* config.h.in, configure, configure.in, plugins/sudoers/ldap.c: |
|
Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf |
|
option to specify Tivoli key db password. Allow TLS ciphers to be |
|
configured for Tivoli. |
|
[737e17c91e60] |
|
|
|
2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Tivoli Directory Server 6.3 libs always return a (bogus) error when |
|
setting LDAP_OPT_CONNECT_TIMEOUT. |
|
[504406637c38] |
|
|
|
* NEWS: |
|
Update |
|
[687a755604e8] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the |
|
same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a |
|
set an ldap option fatal. |
|
[17cf93ae3304] |
|
|
|
2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Zero pointers in sudo_user struct after freeing, just in case. |
|
[8eff1f80b943] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Free user_gids in close function if it has not already been freed. |
|
[cbce28877f37] |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Defer group ID to name resolution until we actually need it. |
|
[463e75b81e89] |
|
|
|
* src/sudo.c: |
|
It is safe to read in sudo.conf before calling user_info(). |
|
[3290b6434e3c] |
|
|
|
* plugins/sudoers/env.c, plugins/sudoers/ldap.c: |
|
Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to |
|
prevent potential truncation. Bug #562. |
|
[29d9fc4e0c4e] |
|
|
|
2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
If installing with installp, error out if there is already an |
|
instance of the rpm package installed. |
|
[ec24c6faba22] |
|
|
|
* mkpkg: |
|
Add --disable-nls for AIX |
|
[192ac2f7d65e] |
|
|
|
2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Debian sudo-ldap packages should now depend on libldap-2.4-2, not |
|
libldap2. |
|
[cbcec71e6b58] |
|
|
|
2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add Homepage and Bugs to debian control file. |
|
[0f19d7d14e66] |
|
|
|
2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg: |
|
fix typo when setting aix_freeware |
|
[2fd6feb50195] |
|
|
|
* common/Makefile.in, compat/Makefile.in, configure, configure.in, |
|
doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
|
Don't run regress tests or sudoers sanity check (using the newly- |
|
built visudo) when cross compiling. Bug #560 |
|
[0c4e3f68b2f5] |
|
|
|
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, |
|
plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.exp, |
|
plugins/sample_group/sample_group.map, |
|
plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, |
|
plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.exp, |
|
plugins/system_group/system_group.map, |
|
plugins/system_group/system_group.sym: |
|
Rename foo.sym -> foo.exp Remove foo.map from the repo and generate |
|
it on demand Use a loader option file for HP-UX ld to explicitly |
|
export symbols |
|
[2402ff5302ab] |
|
|
|
* src/Makefile.in: |
|
Remove extraneous backslash |
|
[8ca054de138c] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Don't check for errorx as an exported symbols as it is now a macro. |
|
Check for user_in_group() instead. |
|
[7b02c8ecd3ea] |
|
|
|
2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Adjust ld map file support to use an anonymous scope to match the |
|
updated .map files. |
|
[49be44282d9e] |
|
|
|
2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, include/gettext.h: |
|
Older versions of Solaris lack ngettext() |
|
[028af10dfa5f] |
|
|
|
* configure, configure.in: |
|
Move the check for -static-libgcc until after AC_LANG_WERROR has |
|
been called and use AX_CHECK_COMPILE_FLAG(). |
|
[a7b09120e7ff] |
|
|
|
* include/gettext.h: |
|
Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H |
|
[3aa2780d4a4e] |
|
|
|
* include/error.h, include/sudo_debug.h: |
|
Fix gcc 2.x variant macro support. |
|
[8e71c2370997] |
|
|
|
* plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: |
|
Fix compilation on gcc 2.95 and other compilers that only allow |
|
variable declarations at the beginning of a block. |
|
[9d80c802bb46] |
|
|
|
* configure, configure.in, plugins/sudoers/Makefile.in: |
|
Link check_symbols with SUDO_LIBS to make sure we link with the |
|
requisite libraries to successfully dlopen sudoers.so. This is |
|
needed on HP-UX where a program dlopen()ing a shared object that |
|
uses pthreads must also be linked with pthreads (and HP-UX LDAP uses |
|
pthreads). |
|
[b8961cd82337] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Add check for exported local symbols. This will cause a "make |
|
check" failure on systems where we don't support symbol hiding. |
|
[8aa549389bb1] |
|
|
|
* configure, configure.in: |
|
Additional ${foo} -> $(foo) Makefile tweaks. |
|
[046bbde18f52] |
|
|
|
* plugins/sample/sample_plugin.map, |
|
plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, |
|
plugins/system_group/system_group.map: |
|
No need to provide a name for the scope in the map file since we |
|
don't use the it for versioning. |
|
[5ed4b997560d] |
|
|
|
2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Add regress test for symbol visibility. |
|
[9adddd4e0518] |
|
|
|
2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6 |
|
[57008a7afb77] |
|
|
|
* configure, configure.in, include/missing.h: |
|
Add support for controlling symbol visibility using the HP and |
|
Solaris C compilers. |
|
[46d5b468979e] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.h: |
|
Use the expanded io log dir when updating the sequence number. |
|
Includes a workaround for older versions of sudo where the sequence |
|
number was stored in the unexpanded io log dir. |
|
[210797dab9a8] |
|
|
|
2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/parse_args.c: |
|
Simplify "sudo -s" argv rewriting. |
|
[7be143dae7c5] |
|
|
|
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, |
|
src/sudo_noexec.map: |
|
Don't use a map file for sudo_noexec.so since Solaris ld doesn't |
|
allow '*' in the global section. The libtool export flag is now |
|
added to LT_LDFLAGS instead of commenting/uncommenting lines. |
|
[38fc37a66b04] |
|
|
|
2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, include/missing.h: |
|
The visibility attribute was actually added in gcc 3.3.x, not 4.0. |
|
Just assume that if -fvisibility=hidden works that the attribute is |
|
usable. |
|
[d3904d6faf14] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, |
|
plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, |
|
plugins/system_group/system_group.c: |
|
Export group cache from sudoers.so for system_group.so to use. |
|
[16695d207fc5] |
|
|
|
* MANIFEST, configure, configure.in, include/missing.h, |
|
plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, |
|
plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.map, src/sudo_noexec.c, |
|
src/sudo_noexec.map: |
|
Use gcc's visibility attribute to specify when symbols are visible |
|
or hidden, if available. If not available, use an ELF version |
|
script if it is supported. If all else fails, fall back to using |
|
libtool's -export-symbols. |
|
[64e889921727] |
|
|
|
2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add mode for installed locale files but leave the directories with |
|
default mode and owner. |
|
[142237dbb31f] |
|
|
|
2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg, sudo.pp: |
|
Install AIX packages under /opt/freeware with links in /usr/bin and |
|
/usr/sbin. This matches the layout of the sudo package from AIX |
|
freeware. |
|
[0b79d47bbe01] |
|
|
|
* Makefile.in, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: |
|
Install shared objects with mode 0644 except on HP-UX which needs |
|
the executable bit set. |
|
[ae416af0ba6c] |
|
|
|
* Makefile.in, doc/Makefile.in, include/Makefile.in, |
|
plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Make installed file modes consistent with the file modes in the sudo |
|
package. |
|
[307386373289] |
|
|
|
2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod: |
|
Add "%:" prefix when talking about QAS non-Unix group support. |
|
[7cb25f6861f8] |
|
|
|
* pp, sudo.pp: |
|
Fix packaging of symbolic links on HP-UX when the link source |
|
already exists in the filesystem. |
|
[c9bb48031596] |
|
|
|
* mkpkg: |
|
Only specify prefix if we are overriding the default value. Fixes |
|
the man dir (/usr/local/man vs. /usr/local/share/man). |
|
[65351b6c1697] |
|
|
|
* sudo.pp: |
|
Fix setting of sudoedit_man variable. |
|
[9beed9ae5bba] |
|
|
|
* doc/Makefile.in: |
|
Echo the command when linking the sudoedit manual. |
|
[6c83b5657b55] |
|
|
|
2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg, sudo.pp: |
|
Build .deb packages with selinux support. |
|
[3fd9cb1b4526] |
|
|
|
2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Don't list paths for unstripped binaries in the lintial overrides. |
|
[4c8e16f1773b] |
|
|
|
* pp: |
|
Add support for Installed-Size header in control file, required by |
|
newer debian versions. |
|
[e97d76234bee] |
|
|
|
* pp: |
|
Fix extended description in .deb files. |
|
[d35e27ace146] |
|
|
|
* sudo.pp: |
|
Add Depends, Replaces and Conflicts headers for .deb packages. |
|
[76eb6c4b3278] |
|
|
|
2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
If there are no privs to print, write the message to the lbuf |
|
instead of printing it directly. |
|
[ecd56226abb7] |
|
|
|
2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Set -e in %pos and %preun for debian to quiet a lintian warning. |
|
[8bb908514df9] |
|
|
|
* doc/Makefile.in, src/Makefile.in, sudo.pp: |
|
Install sudoedit and the sudoedit manual as symbolic links, not hard |
|
links and package them as such. |
|
[f317ff3cf3e7] |
|
|
|
* sudo.pp: |
|
Make sudo binary permissions 755 instead of 111 Add lintian |
|
overrides file for .deb files. |
|
[991cd7d7f0e1] |
|
|
|
* configure, configure.in, doc/Makefile.in, mkpkg: |
|
Replace out of date MAN_POSTINSTALL with MANCOMPRESS and |
|
MANCOMPRESSEXT which can be used to compress the installed manual |
|
pages. Compress the man pages for .deb files to appease lintian. |
|
[4e34083b41d2] |
|
|
|
* sudo.pp: |
|
Debian fixes: |
|
* fix modes to be more in line with what Debian expects |
|
* add section |
|
* install LICENSE as copyright and ChangeLog as changelog |
|
* create stub changelog.debian |
|
[7f6c5647f588] |
|
|
|
* pp: |
|
Fix find command to properly skip files in the DEBIAN dir when |
|
building md5sums. |
|
[8918bde941fa] |
|
|
|
* pp, sudo.pp: |
|
Use a debian-compliant package maintainer field. |
|
[fc51a94170eb] |
|
|
|
2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
No need to loop over atomic_writev(), it guarantees to write all |
|
data or return an error. |
|
|
|
Fix handling of stdout/stderr that contains "\r\n" and handle a |
|
"\r\n" pair that spans a buffer. |
|
[8aaf02d90c45] |
|
|
|
2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5p2 |
|
[d369d4d40a19] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Instead of doing extra write()s when replaying stdout, build up a |
|
vector for writev() instead. This results in far fewer system |
|
calls. |
|
[303d866c025c] |
|
|
|
2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/env_hooks.c, src/sudo.h, src/tgetpass.c: |
|
Provide unhooked version of getenv() and use it when looking up |
|
DISPLAY and SUDO_ASKPASS in the environment. |
|
[04dbdccf4a14] |
|
|
|
2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
When replaying a log of stdout or stderr, do newline to carriage |
|
return + linefeed conversion. We cannot have termios do this for us |
|
since we've disabled output postprocessing (POST) when setting raw |
|
mode. |
|
[61352a7d996f] |
|
|
|
2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
When checking for -fstack-protector, treat warnings as fatal errors. |
|
[4124cd12d511] |
|
|
|
2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Fix test for -z relro |
|
[548bdb6f5c4a] |
|
|
|
* MANIFEST: |
|
Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 |
|
[ed063264a2a1] |
|
|
|
* INSTALL, aclocal.m4, configure, configure.in, |
|
m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: |
|
Build with -fstack-protector and link with -zrelo where supported. |
|
Added --disable-hardening option to disable hardening options. |
|
[0b6c1a1ceb03] |
|
|
|
2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/testsudoers/test1.sh, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test4.out.ok, |
|
plugins/sudoers/regress/testsudoers/test4.sh, |
|
plugins/sudoers/regress/testsudoers/test5.inc, |
|
plugins/sudoers/regress/testsudoers/test5.out.ok, |
|
plugins/sudoers/regress/testsudoers/test5.sh, |
|
plugins/sudoers/testsudoers.c: |
|
Add tests for sudoers mode, owner and group checks. |
|
[a7607443aba0] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
|
If sudoers_mode is group-readable but the actual sudoers file is |
|
not, open the file as uid 0, not uid 1. This fixes a problem when |
|
sudoers has a more restrictive mode than what sudo expects to find. |
|
In older versions, sudo would silently chmod the file to add the |
|
group-readable bit. |
|
[c056b6003e6f] |
|
|
|
* INSTALL, common/secure_path.c, config.h.in, configure, configure.in: |
|
No longer throw an error if sudoers is a symbolic link. Deprecated |
|
the --with-stow option as that is now (effectively) the default. |
|
[8ce783e54886] |
|
|
|
2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/testsudoers/test2.inc, |
|
plugins/sudoers/regress/testsudoers/test2.out.ok, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.d/root, |
|
plugins/sudoers/regress/testsudoers/test3.out.ok, |
|
plugins/sudoers/regress/testsudoers/test3.sh: |
|
Add basic tests for #include and #includedir |
|
[b303e4218951] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Add -U sudoers_uid option to testsudoers. |
|
[3f8ed13501ba] |
|
|
2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS, configure, configure.in: |
* NEWS, configure, configure.in: |