version 1.1.1.1, 2012/02/21 16:23:01
|
version 1.1.1.2, 2012/05/29 12:26:48
|
Line 1
|
Line 1
|
2012-01-24 Todd C. Miller <Todd.Miller@courtesan.com> | 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Update for 1.8.5p1 |
|
[c33c49bf5b4b] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix #includedir; from Mike Frysinger |
|
[d4833d4e39a0] |
|
|
|
* plugins/sudoers/check.c: |
|
Don't prompt for a password if the user is in the exempt group, is |
|
root, or is running the command as themselves even if the -k option |
|
was specified. This makes "sudo -k command" consistent with the |
|
behavior one would get if the user ran "sudo -k" immediately before |
|
running the command. |
|
[632b3961df00] |
|
|
|
2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
Fix capitalization |
|
[7258aa977caf] |
|
|
|
* mkpkg: |
|
Build PIE executable on Mac OS X 10.5 and above. |
|
[2a5c7ef92182] |
|
|
|
2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.4p5 |
|
[21164f508b68] |
|
|
|
* plugins/sudoers/match_addr.c: |
|
Add missing break between AF_INET and AF_INET6 in |
|
addr_matches_if_netmask() |
|
[672a4793931a] |
|
|
|
* plugins/sudoers/mon_systrace.c: |
|
Move systrace monitor code to the attic |
|
[d6faf4754e9c] |
|
|
|
2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
The pointer to the siginfo_t struct in a signal handler may be NULL. |
|
[41a4ee934b53] |
|
|
|
2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Fix an alignment problem on NetBSD systems with a 64-bit time_t and |
|
strict alignment. Based on a patch from Martin Husemann. |
|
[1e5ba3c18f17] |
|
|
|
* include/missing.h: |
|
Add offsetof macro for those without it. |
|
[e44cb51d2587] |
|
|
|
* MANIFEST: |
|
add system_group plugin |
|
[6169793b510c] |
|
|
|
2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/dlopen.c: |
|
Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. |
|
[85bd03bc5d94] |
|
|
|
2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention system_group plugin |
|
[05393dd4bdb8] |
|
|
|
* Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in: |
|
update depends |
|
[6feb0b824fc4] |
|
|
|
* plugins/system_group/system_group.c: |
|
Only call gr_delref() when use sudo's password caching functions. |
|
[1103442e21fa] |
|
|
|
* plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: |
|
Add missing dependency on libreplace.la |
|
[05bfd9d4657f] |
|
|
|
* compat/dlopen.c: |
|
Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and |
|
PROG_HANDLE. |
|
[2382d0693acc] |
|
|
|
* Makefile.in, configure, configure.in, |
|
plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, |
|
plugins/system_group/system_group.sym: |
|
Add group plugin that does lookups by name using the system group |
|
database. |
|
[2ddbb604112f] |
|
|
|
* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, |
|
src/po/pl.po: |
|
sync with translationproject.org |
|
[4ef05df4226d] |
|
|
|
2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, |
|
src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[115c3f828fc5] |
|
|
|
2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add mode for docdir and use '-' (default) for localedir mode. Fixes |
|
a problem on Linux when building in a directory with the setgid bit |
|
set. |
|
[582279c8bcb1] |
|
|
|
2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Match CentOS 6.0 |
|
[1e99ef210f98] |
|
|
|
2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with recent changes |
|
[c5fc220ba696] |
|
|
|
* pp: |
|
Fix version check on AIX |
|
[d272e39112f4] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[72b23509465a] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP |
|
SDK. |
|
[87b685e70b9a] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Fix printing of invalid uri |
|
[645aa53acdde] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Pass PAM_SILENT when deleting creds to remove an annoying warning |
|
message on Solaris. |
|
[1dd0301ef293] |
|
|
|
2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/utmp.c: |
|
Fix the setutxent and endutxent compatibility defines (this time |
|
correctly) when only setutent and endutent are available. |
|
[d136d2867db9] |
|
|
|
* plugins/sudoers/ldap.c: |
|
sudo_ldap_set_options_global() should not take an LDAP handle as an |
|
argument since the options affect the global settings. |
|
[1dc39b9d20f2] |
|
|
|
* mkpkg: |
|
Debian sudo has not been built with --with-exempt=sudo since 1.6.8. |
|
[c7716291a856] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, |
|
src/sudo.h: |
|
Call the policy's init_session() function before we fork the child. |
|
That way, the session is created and destroyed in the same process, |
|
which is needed by some modules, such as pam_mount. |
|
[ece552ba002e] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is |
|
not specified. |
|
[bd293e100b28] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Delete creds after closing the PAM session. |
|
[5158d726d6a5] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Provide a more useful error message if using a Mozilla-style LDAP |
|
SDK and you forgot to specify TLS_CERT in ldap.conf. |
|
[7cb78feb899c] |
|
|
|
* src/exec_pty.c: |
|
Add missing initialization of a sigaction structure when I/O |
|
logging. Fixes a potential problem when suspending the command. |
|
[f4480f2ba816] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Split global and per-connection LDAP options into separate arrays. |
|
Set global LDAP options before calling ldap_initialize() or |
|
ldap_init(). After we have an LDAP handle, set the per-connection |
|
options. Fixes a problem with OpenLDAP using the nss crypto backend; |
|
bug #342 |
|
[265c9d2dc12b] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[6d7fe44be21e] |
|
|
|
2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c, src/sudo.h: |
|
Move struct passwd pointer into struct command details. |
|
[d6fb1eff2065] |
|
|
|
2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Sync with upstream for Mac OS X (and other) fixes. |
|
[c2f4998d01b0] |
|
|
|
* mkpkg: |
|
Only built Mac intel universal binary on an intel machine. |
|
[0009e0b7e5a8] |
|
|
|
* src/Makefile.in: |
|
Do not pass libtool the -static-libtool-libs option when building |
|
sudo and sesh. Otherwise, libtool may prefer a static version of an |
|
installed library over a dynamic one when linking. |
|
[6fbac9adc885] |
|
|
|
2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, |
|
plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: |
|
Add German translation for sudo Add Croatian translation for sudoers |
|
[fa4da1a6530c] |
|
|
|
* plugins/sudoers/iolog.c: |
|
typo fix in comment |
|
[abd721d1288e] |
|
|
|
2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with recent changes |
|
[6fa11e8448b9] |
|
|
|
* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Sort xgettext output by file name. |
|
[f650841810f0] |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: |
|
Clarify what "sudoreplay -l" displays and mention that it is sorted. |
|
[84031c117bd6] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Use AC_HEADER_MAJOR to determine where major/minor are defined. |
|
[3c949650a223] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Include sys/mkdev.h if present instead of sys/sysmacros.h for |
|
minor(). This is needed on Solaris (at least) where the makedev |
|
macros in sysmacros.h are obsolete and library functions should be |
|
used instead. |
|
[343928acf81e] |
|
|
|
* mkpkg: |
|
When building on Mac OS X, only set SDK_FLAGS if specified osversion |
|
doesn't match host. |
|
[d84c6efac872] |
|
|
|
2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Add back buf and tty variables for _ttyname() case that were |
|
inadvertantly removed. |
|
[a4a820b22a44] |
|
|
|
2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[5446b12c1250] |
|
|
|
* configure, configure.in: |
|
Remove b8 from version number. |
|
[5adc4dcec061] |
|
|
|
* src/ttyname.c: |
|
remove some XXX |
|
[187579a5f593] |
|
|
|
* src/ttyname.c: |
|
When looking for a device match, do a breadth-first search instead |
|
of depth-first. We already special case /dev/pts/ so chances are |
|
good that if it is not a pseudo-tty it is in the base of /dev/. Also |
|
avoid a stat(2) when possible if struct dirent has d_type. |
|
[0183f8a1b278] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
src/sudo.c, src/sudo.h: |
|
Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. |
|
[f0574d878491] |
|
|
|
* src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, |
|
src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, |
|
src/po/vi.mo: |
|
sync with translationproject.org |
|
[4527ea78fbd5] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, |
|
src/po/hr.mo, src/po/hr.po: |
|
New Croatian and Galician translations from translationproject.org |
|
[ad4bd924b4de] |
|
|
|
* src/ttyname.c: |
|
Add depth-first traversal of /dev/ for the /proc case when not |
|
/dev/pts/N |
|
[499bd3456774] |
|
|
|
* config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: |
|
If struct dirent has d_type, use it to avoid an extra stat(). |
|
[741dabbe4bcd] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Sort output of "sudoreplay -l" |
|
[c0615795bd4b] |
|
|
|
2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix duplicate free introduced in last rev |
|
[efdaabe69d75] |
|
|
|
2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Instead of treating ^C from tgetpass() specially, always return |
|
AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL |
|
like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. |
|
[a3b17298d4d0] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Rototill code to determine the tty. For Linux, we now look up the |
|
tty device in /proc/pid/stat instead of trying to open |
|
/proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given |
|
device number to a string. On BSD, we can use devname(). On |
|
Solaris, _ttyname_dev() does what we want. TODO: write /dev/ |
|
traversal code for the generic sudo_ttyname_dev(). |
|
[6b22be4d09f0] |
|
|
|
2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Define PRNODEV for those w/o it. |
|
[f17290e64559] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Check for SVR4-style struct psinfo.pr_ttydev and use that to |
|
determine the tty if std{in,out,err} are not ttys. |
|
[76ad33a91f4b] |
|
|
|
* src/ttyname.c: |
|
Better support for SVR4-style /proc entries where we can't use |
|
ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, |
|
attempt to map the device number back to the correct pseudo-tty |
|
slave device. |
|
[4f9f48cc79eb] |
|
|
|
* src/ttyname.c: |
|
When trying to determine the tty name, check parent's stderr in |
|
addition to its stdin and stdout. |
|
[604644056c7d] |
|
|
|
* src/exec_pty.c: |
|
Treat a tty read failure like EOF as it usually means the pty has |
|
gone away. Handle write() on the tty returning EIO. |
|
[16957f4a706f] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Linux select() may return ENOMEM if there is a kernel resource |
|
shortage. Older Solaris select() may return EIO instead of EBADF |
|
when the tty goes away. If we get an unhandled select() failure, |
|
kill the child and exit cleanly. |
|
[d93940a311ab] |
|
|
|
* src/ttyname.c: |
|
Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might |
|
block in open. |
|
[a9f809d09d52] |
|
|
|
2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix restoration of AIX permissions. |
|
[30c717115988] |
|
|
|
* src/parse_args.c: |
|
Allow the -k flag to be used along with the -i and -s flags. |
|
[0653b17c97f1] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Plug memory leak in parse_logfile() in the error path. |
|
[9cce86fa833b] |
|
|
|
* plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, |
|
src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, |
|
src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[14af43d0b170] |
|
|
|
2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/regress/glob/globtest.c, config.h.in, configure, |
|
configure.in, plugins/sudoers/match.c: |
|
Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the |
|
glob() and fnmatch() results to be consistent. |
|
[4226750d73c2] |
|
|
|
2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, |
|
src/ttysize.c: |
|
Move ttysize.c to common so sudoreplay can use it. |
|
[b4a0aa514cd4] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
If I/O log file includes rows + cols, warn if the user's tty is not |
|
big enough. |
|
[b980ef89efff] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix printing of TSID in "sudoreplay -l" |
|
[4221e3e108b4] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, |
|
plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, |
|
src/exec_pty.c: |
|
Log the process id in the debug file output. Since we don't want to |
|
keep calling getpid(), stash the value at init time and when we |
|
fork(). |
|
[2782d30c024d] |
|
|
|
* src/exec_pty.c: |
|
Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It |
|
is better to receive EIO from read()/write() than to be suspended |
|
when we don't expect it. Fixes a problem when our terminal is |
|
revoked which can happen when, e.g. our sshd is killed |
|
unceremoniously. Also, only change the value of "alive" from true to |
|
false, never from false to true. It is possible for us to receive |
|
notification of the child having stopped after it is already dead. |
|
This does not mean it has risen from the grave. |
|
[26c9fe8ce0f9] |
|
|
|
* src/exec_pty.c: |
|
Distinguish between signals we received from the parent vs. those |
|
delivered explicitly to the monitor process in debugging info. |
|
[40716cb180e5] |
|
|
|
2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". |
|
Update tty_is_devpts() to match so we can determine when the tty has |
|
been reused. |
|
[2689665df027] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h: |
|
Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() |
|
and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. |
|
This allows consumers of sudo_debug_printf() to log that data |
|
without having to specify it manually. |
|
[7c94c4879208] |
|
|
|
* src/exec_pty.c: |
|
Make this compile after last change. |
|
[ee09034f3266] |
|
|
|
* src/exec_pty.c: |
|
Don't try to restore the terminal if we are not the foreground |
|
process. Otherwise, we may be stopped by SIGTTOU when we try to |
|
update the terminal settings when cleaning up. |
|
[c48b24335456] |
|
|
|
* src/exec.c: |
|
If select() return EBADF in the main event loop, one of the ttys |
|
must have gone away so perform any I/O we can and close the bad fds. |
|
[3bc8678c03ce] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l: |
|
Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the |
|
function, file and line number in the debug log for warning() and |
|
error(). |
|
[894cd131f11d] |
|
|
|
2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
src/conversation.c: |
|
Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. |
|
Use this flag when wrapping error() and warning() so the debug |
|
output includes the error string. |
|
[1e2c67adaf1f] |
|
|
|
2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5 |
|
[7d2b62b823fe] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[718ad9de92cd] |
|
|
|
* doc/CONTRIBUTORS: |
|
sync |
|
[f48013aea641] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Use ecalloc() |
|
[fabd23c1f271] |
|
|
|
* src/exec_pty.c: |
|
Don't need zero_bytes() after ecalloc() |
|
[1a9d95cd10ef] |
|
|
|
* config.h.in, configure, configure.in, src/sudo_noexec.c: |
|
Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to |
|
sudo_noexec.c. |
|
[cbaa1d4b0f8a] |
|
|
|
* src/utmp.c: |
|
Fix compat setutxent and endutxent macros for systems with |
|
setutent() but not setutxent(). From Gustavo Zacarias |
|
[d7ce622fc5f2] |
|
|
|
2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure.in: |
|
Add ignore_result definition to AH_BOTTOM |
|
[8d4096838a98] |
|
|
|
* common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, |
|
src/exec.c, src/exec_pty.c, src/tgetpass.c: |
|
Fix compiler warnings on some platforms and provide a better method |
|
of defeating gcc's warn_unused_result attribute. |
|
[9a8f804fcc75] |
|
|
|
* configure, configure.in: |
|
Fix building the builtin zlib from a build dir. When a zlib dir was |
|
specified, prepend its include path instead of appending so we get |
|
the right zlib headers. |
|
[5f61d591b186] |
|
|
|
* doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, |
|
zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, |
|
zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, |
|
zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, |
|
zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: |
|
Update zlib to version 1.2.6 |
|
[173c4bc4d4fc] |
|
|
|
2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
g/c __unused which is no longer used |
|
[7ef3f23edcd6] |
|
|
|
* src/env_hooks.c: |
|
Fix compilation if RTLD_NEXT is not defined. |
|
[d5605f468b71] |
|
|
|
* src/po/sr.mo, src/po/sr.po: |
|
sync with translationproject.org |
|
[27d559f7985d] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, |
|
doc/sudoers.man.in: |
|
regen |
|
[f9f63ce478b6] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[59035d82d15a] |
|
|
|
* Makefile.in: |
|
Ignore Project-Id-Version when comparing pot files. |
|
[22feb9ede46b] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Use error() instead of log_fatal() |
|
[54130bda4b50] |
|
|
|
* plugins/sudoers/env.c: |
|
Fix signedness of didvar in env_update_didvar() |
|
[77048a80b3e4] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Quiet a compiler warning on some platforms. |
|
[8fdcaece0400] |
|
|
|
* compat/fnmatch.c: |
|
cast ctype(3) function/macro arguments from char to unsigned char to |
|
avoid potential negative subscripting. |
|
[bdcf7eef21ef] |
|
|
|
* common/setgroups.c: |
|
Quiet a warning on systems where the gids array in setgroups() is |
|
not prototyped as being const, even though it really is. |
|
[fdd758c6302d] |
|
|
|
* src/env_hooks.c: |
|
Quiet a compiler warning on systems where the argument to putenv(3) |
|
is const. |
|
[51bae2193b53] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Undo an incorrect int -> bool conversion. |
|
[b9a4ce320f14] |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, |
|
src/po/sv.mo, src/po/sv.po: |
|
Add Swedish sudo and sudoers translations from |
|
translationproject.org |
|
[f7ce1de9073f] |
|
|
|
* plugins/sudoers/env.c: |
|
No need to preserve ODMDIR on AIX now that we always read |
|
/etc/environment. |
|
[4aa04b2f0125] |
|
|
|
2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod, plugins/sudoers/env.c: |
|
When initializing the environment for env_reset, start out with the |
|
contents of /etc/environment on AIX and login.conf on BSD. |
|
[5717bdc321e2] |
|
|
|
* doc/TROUBLESHOOTING, src/sudo.c: |
|
If we are not running with an effective uid of 0, try to give the |
|
user enough information to debug the problem. |
|
[fa4894896d8a] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
Quiet a clang-analyzer false positive. |
|
[c4c0c1b9c8b0] |
|
|
|
* src/tgetpass.c: |
|
If there is nothing to read from the askpass program, set errno to |
|
EINTR. This makes the cancel button behave like the user entered ^C |
|
at the password prompt when PAM is used. |
|
[594302cb9caf] |
|
|
|
* src/sudo.h, src/tgetpass.c: |
|
Fetch the value of "askpass" from the sudo conf struct. |
|
[4593ee8f1bd3] |
|
|
|
* common/sudo_conf.c: |
|
Fix matching of "Path askpass" and "Path noexec" |
|
[4df28d62afb9] |
|
|
|
2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Quiet a clang-analyzer dead store warning. |
|
[dd90bf385a3f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
If the "timestampowner" user cannot be resolved, use ROOT_UID |
|
instead of exiting with a fatal error. |
|
[8d62aae99715] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
|
Remove the NO_EXIT flag to log_error() and add a log_fatal() |
|
function that exits and is marked no_return. Fixes false positives |
|
from static analyzers and is easier for humans to read too. |
|
[a0fe785c2a3d] |
|
|
|
2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, |
|
src/po/eo.po: |
|
sync with translationproject.org |
|
[df5e8777de13] |
|
|
|
2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/da.mo, src/po/da.po: |
|
sync with translationproject.org |
|
[629d99548b78] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
|
sync with translationproject.org |
|
[9d122a2860d6] |
|
|
|
2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/it.mo, src/po/it.po: |
|
sync with translationproject.org |
|
[6397593b15cf] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, |
|
src/load_plugins.c: |
|
Use ecalloc() when allocating structs. |
|
[8b5888868db2] |
|
|
|
* common/alloc.c, include/alloc.h: |
|
Add ecalloc() and commented out recalloc(). Use inline strnlen() |
|
instead of strlen() in estrndup(). |
|
[7fb9aa46c1e0] |
|
|
|
2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[45a032c37334] |
|
|
|
2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Remove unused label |
|
[2660bb0c1313] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: |
|
Document what changed in each plugin API revision |
|
[59b30a6fc4d1] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Remove bogus optimization that could lead to a double free of the |
|
group list. |
|
[b0bfbd2a83a8] |
|
|
|
2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Expand AIX /etc/security/privcmds entry. |
|
[9f3f072e034e] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5 |
|
[086049011f25] |
|
|
|
* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, |
|
doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, |
|
include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
Rename plugin "args" to "options" |
|
[f25624951bd2] |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Lithuanian and Vietnamese translators |
|
[2b4c075b69e3] |
|
|
|
* Makefile.in: |
|
Ignore comments when comparing new and old pot files. |
|
[f872999347b3] |
|
|
|
* src/Makefile.in: |
|
regen |
|
[c8193b1b11c7] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in: |
|
regen |
|
[15e3c17e8a3a] |
|
|
|
* doc/sudo_plugin.pod, include/sudo_plugin.h, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, |
|
src/sudo.c, src/sudo.h: |
|
Pass a pointer to user_env in to the init_session policy plugin |
|
function so session setup can modify the user environment as needed. |
|
For PAM authentication, merge the PAM environment with the user |
|
environment at init_session time. We no longer need to swap in the |
|
user_env for environ during session init, nor do we need to disable |
|
the env hooks at init_session time. |
|
[3f5277b359d8] |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Add explicit NULL entries for init_session, register_hooks and |
|
deregister_hooks with appropriate comments. |
|
[727a57978b40] |
|
|
|
* compat/pw_dup.c: |
|
Quiet a gcc "used uninitialized in this function" false positive. |
|
[f14b68379ce9] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
We should always call warning() with a format string or a string |
|
literal. In this case, the argument (path) is not user-controlled. |
|
[e9ef51224024] |
|
|
|
2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/selinux.c: |
|
Include sudo_exec.h for the sudo_execve() prototype. |
|
[769e58065edc] |
|
|
|
* config.h.in, configure, configure.in: |
|
Add check for pam_getenvlist() |
|
[36bde3f26c60] |
|
|
|
* common/sudo_conf.c: |
|
Set args to NULL in default plugin info struct when there is no |
|
Plugin line in sudo.conf. |
|
[93ec67708f01] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[a9287677795c] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
regen |
|
[a242769d7962] |
|
|
|
* configure, configure.in: |
|
Bump version to 1.8.5 |
|
[e8618f0c2505] |
|
|
|
* doc/sudo_plugin.pod: |
|
Document hooks API |
|
[e6ad07d27958] |
|
|
|
2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. |
|
[fd72340042d3] |
|
|
|
* include/sudo_plugin.h: |
|
Use sudo_hook_fn_t in struct sudo_hook. |
|
[938f93112d6e] |
|
|
|
* doc/TROUBLESHOOTING: |
|
If cross compiling, --host must include the OS in the tuple. E.g. |
|
--host powerpc-unknown-linux |
|
[b8c010070c1e] |
|
|
|
2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix bogus int -> bool conversion; tags can have a value of -1. |
|
[e63d6434a303] |
|
|
|
* plugins/sudoers/env.c: |
|
Add env_should_keep() and env_should_delete() wrapper functions to |
|
simplify things a bit and hide the fact that matches_env_check() is |
|
not bool. |
|
[7a03d7a12b50] |
|
|
|
* sudo.pp: |
|
Fix application of debian-specific sudoers mods when building |
|
packages as non-root. |
|
[34bf4c52c425] |
|
|
|
* plugins/sudoers/env.c: |
|
matches_env_check() returns int, not boolean |
|
[0ad915b8d5cb] |
|
|
|
* src/sudo_edit.c: |
|
Fix compilation when seteuid() is not available. |
|
[8a722f998000] |
|
|
|
* src/ttyname.c: |
|
Simply move the free of ki_proc outside the realloc() loop. |
|
[217b786da760] |
|
|
|
* src/ttyname.c: |
|
Bring back the erealloc() for the ENOMEM loop and just zero the |
|
pointer after we free it. |
|
[29a016e45127] |
|
|
|
* src/ttyname.c: |
|
Don't try to erealloc() a potentially freed pointer; Mateusz Guzik |
|
[266e08844065] |
|
|
|
2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Use normal error path if unable to set sudoers gid. |
|
[01c816918c99] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Make this work again on systems w/o seteuid(). |
|
[2e67f7421e97] |
|
|
|
2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix compilation if no seteuid/setreuid/setresuid available. |
|
[d0b3c1f88eb4] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Better error messages, and added debugging throughout. Fixed |
|
seteuid() version of set_perms()/restore_perms(). Fixed logic bug in |
|
AIX version of restore_perms(). Added checks to avoid changing |
|
uid/gid when we don't have to. Never set gid/uid state to -1, use |
|
the old value instead. |
|
[29188d469b5c] |
|
|
|
* src/exec_pty.c, src/ttyname.c: |
|
Fix format string warning on Solaris with gcc 3.4.3. |
|
[d1eeb6e1dd0f] |
|
|
* src/sudo.c: |
* src/sudo.c: |
Fixed a format string vulnerability when the sudo binary (or a | Always declare environ now that we swap it around unilaterally. |
symbolic link to the sudo binary) contains printf format escapes | [aaa3e92e7d0d] |
and the -D (debugging) flag is used. | |
|
|
|
* src/Makefile.in: |
|
Honor LDFLAGS when linking sesh; from Vita Cizek |
|
[498b41438f6e] |
|
|
|
* src/sesh.c: |
|
Include alloc.h for estrdup() prototype; from Vita Cizek |
|
[93203655a320] |
|
|
|
2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't read /etc/environment on Linux when using PAM, PAM should set |
|
the environment variables as needed via pam_env. |
|
[b1ef62cb2d40] |
|
|
|
* INSTALL: |
|
Fix editor goof. |
|
[0c3dd3bb8b57] |
|
|
|
* src/hooks.c, src/sudo.c, src/sudo.h: |
|
Disable environment hooks after we get user_env back to make sure a |
|
plugin can't to modify user_env after we "own" it. This is kind of |
|
a hack but we don't want the init_session plugin function to modify |
|
user_env. |
|
[8e6d119452a5] |
|
|
|
* src/hooks.c, src/sudo.c: |
|
Add support for deregistering hooks. If an I/O log plugin fails to |
|
initialize, deregister its hooks (if any). |
|
[ac00c93900c5] |
|
|
|
2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c, src/sudo.c: |
|
Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook |
|
setenv. |
|
[e75469dd9908] |
|
|
|
* MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, |
|
compat/setenv.c, compat/unsetenv.c, config.h.in, configure, |
|
configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, |
|
plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, |
|
src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, |
|
src/sudo_plugin_int.h: |
|
Initial cut at a hooks implementation. The plugin can register |
|
hooks for getenv, putenv, setenv and unsetenv. This makes it |
|
possible for the plugin to trap changes to the environment made by |
|
authentication methods such as PAM or BSD auth so that such changes |
|
are reflected in the environment passed back to sudo for execve(). |
|
[61cffa06f863] |
|
|
|
2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, src/po/vi.mo, src/po/vi.po: |
|
Add Vietnamese sudo translation from translationproject.org |
|
[96df426790d5] |
|
|
|
2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, |
|
doc/sudoers.pod: |
|
List sudo_noexec.so not noexec.so in the sample sudo.conf |
|
[53844e190ec5] |
|
|
|
* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, |
|
doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, |
|
include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
Add support for plugin args at the end of a Plugin line in |
|
sudo.conf. Bump the minor number accordingly and update the |
|
documentation. A plugin must check the sudo front end's version |
|
before using the plugin_args parameter since it is only supported |
|
for API version 1.2 and higher. |
|
[587f1f819536] |
|
|
|
2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
update depends |
|
[6d2da44e11e5] |
|
|
|
* MANIFEST: |
|
secure_path.c is in common, not compat |
|
[619c4a663dde] |
|
|
|
* configure, configure.in: |
|
Add check for variadic macro support in cpp. |
|
[756854caf675] |
|
|
|
2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/secure_path.c, common/sudo_conf.c, include/secure_path.h, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add type param to sudo_secure_path() and add sudo_secure_file() and |
|
sudo_secure_dir() wrappers which get by #includedir in sudoers. |
|
[2ec2d3d8df04] |
|
|
|
2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.pod, plugins/sudoers/visudo.c: |
|
Check the owner and mode in -c (check) mode unless the -f option is |
|
specified. Previously, the owner and mode were checked on the main |
|
sudoers file when the -s (strict) option was given, but this was not |
|
documented. |
|
[b2d6ee1e547a] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some |
|
versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. |
|
[159f6a50456a] |
|
|
|
2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Eric Lakin for patch in bug #538 |
|
[490c29c234c6] |
|
|
|
* src/exec_pty.c: |
|
Fix typo in safe_close() made while converting to debug framework |
|
that prevented it from actually closing anything. |
|
[a66422a62afd] |
|
|
|
* src/exec_pty.c: |
|
Add some more debugging. |
|
[b5667947dda9] |
|
|
|
* common/Makefile.in, compat/Makefile.in, doc/Makefile.in, |
|
include/Makefile.in: |
|
We need sysconfdir in compat/Makfile to get the proper sudo.conf |
|
path. Add standard prefix and foodir expansion in all Makefiles to |
|
avoid this problem in the future. |
|
[62b6ce4ecae9] |
|
|
|
2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: |
|
New Lithuanian sudoers translation from translationproject.org |
|
[10436b649035] |
|
|
|
* plugins/sudoers/po/ja.po: |
|
Update from translationproject.org |
|
[acb8db5f8ef1] |
|
|
|
2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
When adding gids to the LDAP filter, only add the primary gid once. |
|
This is consistent with the space computation/allocation. From Eric |
|
Lakin |
|
[35d9d99c92c6] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add entry for AIX enhanced RBAC config. |
|
[5e10b6f8def7] |
|
|
|
* mkpkg: |
|
Target Mac OS X 10.5 when building packages. |
|
[06fce9bbebee] |
|
|
|
2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/secure_path.c, |
|
common/sudo_conf.c, include/secure_path.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: |
|
Relax the user/group/mode checks on sudoers files. As long as the |
|
file is owned by the right user, not world-writable and not writable |
|
by a group other than the one specified at configure time (gid 0 by |
|
default), the file is considered OK. Note that visudo will still |
|
set the mode to the value specified at configure time. |
|
[241174babfcc] |
|
|
|
2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Add AIX-specific version of permission setting code to make sure |
|
that the saved uid gets restored properly. |
|
[9a6f5d22c301] |
|
|
|
* config.h.in, configure, configure.in, src/exec_common.c: |
|
Check for LD_PRELOAD variants in configure instead of checkign cpp |
|
symbols. In disable_execute(), compute the length of the new envp |
|
and allocate it once instead of reallocating on demand. Also append |
|
old value of LD_PRELOAD (if any) to the new value. |
|
[680266346917] |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: |
|
Fix the description of noexec. |
|
[6a6d142f3c80] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
|
The "op" parameter to set_default() must be int, not bool since it |
|
is set to '+' or '-' for list add and subtract. |
|
[8da5b137bea2] |
|
|
|
* sudo.pp: |
|
Make sure sudoers is writable before calling ed script. |
|
[95352ab6336b] |
|
|
|
2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, doc/contributors.pod: |
|
Update contributors. Now includes translators and authors of compat |
|
code. |
|
[4fb5b616b50a] |
|
|
|
2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/sudo.pot: |
|
regen |
|
[2c86e2c328fe] |
|
|
|
* pp, sudo.pp: |
|
Build flat packages, not package bundles, on Mac OS X. |
|
[57bda3cd5520] |
|
|
|
2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Move macos section to be with the other OS-specific sections. |
|
[51423bb2973a] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[8ce41cbb8da0] |
|
|
|
* configure, configure.in: |
|
Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS |
|
[fa979aa6fe7d] |
|
|
|
* sudo.pp: |
|
Add Mac OS X support, printing the latest chunk of the NEWS file and |
|
the license text in the installer. |
|
[ffeab72387c0] |
|
|
|
* sudo.pp: |
|
Add explicit file modes that match those used by "make install" |
|
[7eb37242c920] |
|
|
|
* pp: |
|
Sync with upstream for Mac OS X fixes. |
|
[97cba179041e] |
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Got back to using "install-sh -M" for files installed as non- |
|
readable by owner. This fixes "make install" as non-root for |
|
package building. |
|
[967804ee77d6] |
|
|
|
2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: |
|
Sync with translationproject.org |
|
[0e53db12039a] |
|
|
|
* Makefile.in, doc/Makefile.in, include/Makefile.in, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Use -m not -M for install-sh for everything except setuid. Install |
|
locale .mo files mode 0444, not 0644. If timedir parent doesn't |
|
exist, use default dir mode, not 0700. |
|
[8b6f64c92090] |
|
|
|
2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Re-sync with upstream; no longer need a local patch. |
|
[97a2c7be5e59] |
|
|
|
* mkpkg: |
|
Add support for building Mac OS X packages. |
|
[94d49ac223a4] |
|
|
|
* pp: |
|
Sync with upstream |
|
[1c97654fc841] |
|
|
|
* src/Makefile.in: |
|
No longer need to define _PATH_SUDO_CONF here. |
|
[2560905b7482] |
|
|
|
* src/exec_common.c: |
|
Fix noexec for Mac OS X. |
|
[b7a744bca2c0] |
|
|
|
2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in: |
|
Move _PATH_SUDO_CONF override to common to match sudo_debug.c |
|
[f0788972a63a] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
More complete fix for LDR_PRELOAD on AIX. The addition of |
|
set_perm(PERM_ROOT) before calling the nss open functions (needed to |
|
avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective |
|
and then real uid to 0 for PERM_ROOT works around the issue. |
|
[5888eda051af] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[997fe403e219] |
|
|
|
* src/sudo.c: |
|
Set real uid to root before calling sudo_edit() or run_command() so |
|
that the monitor process is owned by root and not by the user. |
|
Otherwise, on AIX at least, the monitor process shows up in ps as |
|
belonging to the user (and can be killed by the user). |
|
[d4772d7d2fc5] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
For PERM_ROOT when using setreuid(), only set the euid to 0 prior to |
|
the call to setuid(0) if the current euid is non-zero. This |
|
effectively restores the state of things prior to rev 7bfeb629fccb. |
|
Fixes a problem on AIX where LDR_PRELOAD was not being honored for |
|
the command being executed. |
|
[b9b40325b4dc] |
|
|
|
* MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, |
|
include/missing.h, src/sudo.c: |
|
Make a copy of the struct passwd in exec_setup() to make sure |
|
nothing in the policy init modifies it. |
|
[b721261c921f] |
|
|
|
2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod: |
|
update copyright |
|
[f9d229d1f65e] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h: |
|
g/c now-unused debug subsystems |
|
[8f21726e698f] |
|
|
|
* doc/sudo.pod, doc/sudoers.pod: |
|
Enumerate the debug subsystems used by sudo and sudoers. |
|
[ac4f84293d14] |
|
|
|
2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, |
|
include/sudo_conf.h, src/sudo.c: |
|
Normally, sudo disables core dumps while it is running. This |
|
behavior can now be modified at run time with a line in sudo.conf |
|
like "Set disable_coredumps false" |
|
[ad14e0508b0d] |
|
|
|
* NEWS: |
|
Mention Spanish translation |
|
[600f3205bd6e] |
|
|
|
* common/sudo_debug.c: |
|
Make sure we don't try to fall back to using the conversation |
|
function for debugging in the main sudo process if we are unable to |
|
open the debug file. |
|
[ffa329aa908c] |
|
|
|
* MANIFEST, src/po/es.mo, src/po/es.po: |
|
Add sudo Spanish translation from translationproject.org |
|
[c1906654e740] |
|
|
|
2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Better debug subsystem usage |
|
[1a31f115743c] |
|
|
|
* src/sudo.c: |
|
Remove duplicate function prototypes |
|
[ae04b00532eb] |
|
|
|
2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Error out if user specified --with-pam but we can't find the headers |
|
or library. Also throw an error if the headers are present but the |
|
library is not and vice versa. |
|
[d6bf3e3d0aae] |
|
|
|
2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fix the sudoers permission check when the expected sudoers mode is |
|
owner-writable. |
|
[8b0b7e770a22] |
|
|
|
2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Verify that we can link executables built with -D_FORTIFY_SOURCE |
|
before using it. |
|
[7578215d1a95] |
|
|
|
* src/exec_common.c: |
|
Fix potential off-by-one when making a copy of the environment for |
|
LD_PRELOAD insertion. Fixes bug #534 |
|
[cc699cd551b6] |
|
|
|
* configure, configure.in: |
|
Add rudimentary check for _FORTIFY_SOURCE support by checking for |
|
__sprintf_chk, one of the functions used by gcc to support it. |
|
[a992673d2ef8] |
|
|
|
* compat/stdbool.h, config.h.in, configure, configure.in: |
|
Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. |
|
[8ba1370884b3] |
|
|
|
2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[1e0b38397705] |
|
|
|
2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/sudo.c: |
|
The change in 818e82ecbbfc that caused to exit when the monitor dies |
|
created a race condition between the monitor exiting and the status |
|
being read. All we really want to do is make sure that select() |
|
notifies us that there is a status change when the monitor dies |
|
unexpectedly so shutdown the socketpair connected to the monitor for |
|
writing when it dies. That way we can still read the status that is |
|
pending on the socket and select() on Linux will tell us that the fd |
|
is ready. |
|
[7fb5b30ea48d] |
|
|
|
* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, |
|
src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, |
|
src/sudo_exec.h: |
|
Refactor disable_execute() and my_execve() into exec_common.c for |
|
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of |
|
disabling exec in exec_setup(), disable it immediately before |
|
executing the command. Adapted from a diff by Arno Schuring. |
|
[ec4d8b53db6b] |
|
|
|
2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Add custom version of AC_CHECK_LIB that uses the extra libs in the |
|
cache value name. With this we no longer need to rely on a modified |
|
version of autoconf. |
|
[1c3b1d482d6c] |
|
|
|
2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Better handling of network functions that need -lsocket -lnsl |
|
[cc386342ec2b] |
|
|
|
* src/sudo.c: |
|
When setting up the execution environment, set groups before |
|
gid/egid like sudo 1.7 did. |
|
[928e1c5fa6c1] |
|
|
|
* configure, configure.in: |
|
Remove "WARNING: unable to find foo() trying -lsocket -lnsl" |
|
[84b23cdf138f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
For "sudo -g" prepend the specified group ID to the beginning of the |
|
groups list. This matches BSD convention where the effective gid is |
|
the first entry in the group list. This is required on newer |
|
FreeBSD where the effective gid is not tracked separately and thus |
|
setgroups() changes the egid if this convention is not followed. |
|
Fixes bug #532 |
|
[782d6909108b] |
|
|
|
2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Fix sh warning; use "test" instead of "[" |
|
[c6ee3407f65e] |
|
|
|
* src/exec.c: |
|
When not logging I/O, use a signal handler that only forwards |
|
SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. |
|
Fixes a race in the non-I/O logging path where the command may |
|
receive two keyboard-generated signals; one from the kernel and one |
|
from the sudo process. |
|
[9638684e786a] |
|
|
|
* src/exec.c: |
|
Back out change that put the command in its own pgrp when not |
|
logging I/O. It causes problems with pipelines. |
|
[4fc9c6e1e770] |
|
|
|
2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in, configure, configure.in: |
|
Only run compat regress tests on compat objects we actually build. |
|
Fixes "make check" in the compat dir for systems that don't |
|
implement character classes in fnmatch() or glob(). Bug #531 |
|
[a7addc305e83] |
|
|
|
2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
|
Update po files from translationproject.org |
|
[5ea066af1356] |
|
|
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.pp: |
* sudo.pp: |
Include parent directories in case they don't already exist. This |
Include parent directories in case they don't already exist. This |
fixes a directory permissions problem with the AIX package when the |
fixes a directory permissions problem with the AIX package when the |
/usr/local directories don't already exist. |
/usr/local directories don't already exist. |
|
[a14f783dc827] |
|
|
|
* pp: |
|
sync with git version |
|
[2f79d0543661] |
|
|
|
* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: |
|
regen dependencies |
|
[24c92ca6c64d] |
|
|
|
* MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: |
|
Move tty name lookup code to its own file. |
|
[58faf072cbf4] |
|
|
|
2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with latest sudo 1.8.4 changes. |
|
[a4ffe4f42528] |
|
|
|
* config.h.in, configure, configure.in: |
|
Remove obsolete template for HAVE_TIMESPEC |
|
[75709007c906] |
|
|
|
* src/sudo.c: |
|
Add a check for devname() returning a fully-qualified pathname. None |
|
of the devname() implementations do this today but you never know |
|
when this might change. |
|
[16813ace38f9] |
|
|
|
2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
For "visudo -c" also list include files that were checked when |
|
everything is OK. |
|
[ad6f85b35c9c] |
|
|
|
* src/sudo.c: |
|
The device name returned by devname() does not include the /dev/ |
|
prefix so we need to add it ourselves. |
|
[b55285abb7ed] |
|
|
|
* src/sudo.c: |
|
Add debug warning if KERN_PROC sysctl fails or devname() can't |
|
resolve the tty device to a name. |
|
[b5a23916ba3a] |
|
|
|
* common/sudo_debug.c: |
|
The result of writev() is never checked so just cast to NULL. |
|
[4be4e9b58d5b] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: |
|
Update Esperanto, Finnish, Polish and Ukrainian translations from |
|
translationproject.org. |
|
[bb91bc6ad7e9] |
|
|
|
2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/sudo.c: |
|
Add support for determining tty via sysctl on other BSD variants. |
|
[fd15f63f719a] |
|
|
|
* configure, configure.in: |
|
Only check for struct kinfo_proc.ki_tdev on systems that support |
|
sysctl. |
|
[109b3f07a39d] |
|
|
|
* src/sudo.c: |
|
For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on |
|
ttyname() of std{in,out,err}. |
|
[95969b70bd68] |
|
|
|
2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/sudo.c: |
|
On newer FreeBSD we can get the parent's tty name via sysctl(). |
|
[3207290501ee] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Include locale.h |
|
[a602cd0b8c2d] |
|
|
|
* src/sudo.c: |
|
Silence a gcc warning. |
|
[8c6d0e3cd534] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Need to include gettext.h and sudo_debug.h; from John Hein |
|
[447912aa7300] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Initialize the debug framework from the I/O plugin too. |
|
[ce1bf44d96d2] |
|
|
|
2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Enable debugging via sudo.conf. |
|
[d85669c749d0] |
|
|
|
2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Use SUDO_DEBUG_ALIAS for alias checking functions. |
|
[fb84af30dc76] |
|
|
|
* configure, configure.in: |
|
More complete test for getaddrinfo() that doesn't rely on the |
|
network libraries already being added to LIBS. |
|
[cbaf2369f4f0] |
|
|
|
2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/aix.c: |
|
Add debug support. |
|
[def1bdf24485] |
|
|
|
* configure, configure.in: |
|
Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. |
|
[a2ea1c2eac61] |
|
|
|
* compat/getaddrinfo.c: |
|
Include errno.h and missing.h |
|
[7d15e17cc2f2] |
|
|
|
* .hgignore: |
|
ignore doc/varsub |
|
[417f9fc3231b] |
|
|
|
* configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, |
|
src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Update copyright year. |
|
[5d0ffc7dd567] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.4 |
|
[841e3eff9844] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen pot files |
|
[c509cb45b66a] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Enable debugging via sudo.conf. |
|
[5087aaee8484] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Enable debugging via sudo.conf. |
|
[04b067c16ed3] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Allow "visudo -c" to work when we only have read-only access to the |
|
sudoers include files. |
|
[d8c6713fe5c1] |
|
|
|
* doc/sudo.pod, doc/visudo.pod: |
|
Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add |
|
HISTORY section in sudo that points to HISTORY file. |
|
[d1f1bcb051c5] |
|
|
|
* doc/sudo.pod, doc/sudo_plugin.pod: |
|
Document Debug setting in sudo.conf and debug_flags in plugin. |
|
[acfc505aa4a9] |
|
|
|
2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match.c: |
|
Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a |
|
bug where a pattern like "/usr/*" include /usr/bin/ in the results, |
|
which would be incorrectly be interpreted as if the sudoers file had |
|
specified a directory. From Vitezslav Cizek. |
|
[0cdb6252188c] |
|
|
|
* INSTALL, config.h.in, configure, configure.in, |
|
plugins/sudoers/auth/kerb5.c: |
|
Add --enable-kerb5-instance configure option to allow people using |
|
Kerberos V authentication to use a custom instance. Adapted from a |
|
diff by Michael E Burr. |
|
[e83af8bb7aa7] |
|
|
|
* doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Remove -D debug_level option. |
|
[cbcd05094347] |
|
|
|
* doc/LICENSE: |
|
Update copyright year. |
|
[9f43dd7aa852] |
|
|
|
2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
parse_error is now bool, not int |
|
[5ea7fb6fda38] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c: |
|
Print a more sensible error if yyparse() returns non-zero but |
|
yyerror() was not called. |
|
[d44ec88f1183] |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, |
|
plugins/sudoers/gram.c: |
|
Replace y.tab.c with the correct filename in #line directives. |
|
[3c84fcb7e959] |
|
|
|
2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c: |
|
When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} |
|
if the main process's fds 0-2 are not hooked up to a tty. Adapted |
|
from a diff by Zdenek Behan. |
|
[b9dfce12af85] |
|
|
|
* src/exec.c: |
|
When not logging I/O, put command in its own pgrp and make that the |
|
controlling pgrp if the command is in the foreground. Fixes a race |
|
in the non-I/O logging path where the command may receive two |
|
keyboard-generated signals; one from the kernel and one from the |
|
sudo process. |
|
[d0e263ce496c] |
|
|
|
2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo_edit.c: |
|
Quiet a bogus gcc warning. |
|
[2009669e0608] |
|
|
|
* src/parse_args.c, src/sudo.h: |
|
Fix warnings related to sudo.conf accessors. |
|
[08ddc29ba50b] |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h: |
|
Separate sudo.conf parsing from plugin loading and move the parse |
|
functions into the common lib so that visudo, etc. can use them. |
|
[f1fc659a8079] |
|
|
|
* MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, |
|
src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: |
|
Separate sudo.conf parsing from plugin loading and move the parse |
|
functions into the common lib so that visudo, etc. can use them. |
|
[e1f2cf6bd57a] |
|
|
|
* doc/sudoers.pod, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/sudoers.c, src/sudo.c: |
|
Remove support for noexec_file in sudoers and the plugin API |
|
[3e2fd58879b5] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't dump interfaces if there are none. |
|
[9081bb4d3e9e] |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: |
|
Add missing %s printf escape to the group_plugin, iolog_dir and |
|
iolog_file descriptions. |
|
[7db03f2b737e] |
|
|
|
2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: |
|
Fix typo in visiblepw description; from Joel Pickett |
|
[2fb4b26d5c2c] |
|
|
|
2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c: |
|
When running a login shell with a login_class specified, use |
|
LOGIN_SETENV instead of rolling our own login.conf setenv support |
|
since FreeBSD's login.conf has more than just setenv capabilities. |
|
This requires us to swap the plugin-provided envp for the global |
|
environ before calling setusercontext() and then stash the resulting |
|
environ pointer back into the command details, which is kind of a |
|
hack. |
|
[ad4f1190143b] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
If srcdir is "." just use the basename of the yacc/lex file when |
|
generating the C version. This matches the generated files |
|
currently in the repo. |
|
[0b11c3df87a8] |
|
|
|
* doc/Makefile.in, plugins/sudoers/Makefile.in: |
|
Clean up the DEVEL noise |
|
[9de2afe457fd] |
|
|
|
* src/exec.c: |
|
Handle different Unix domain socket (actually socketpair) semantics |
|
in BSD vs. Linux. In BSD if one end of the socketpair goes away |
|
select() returns the fd as readable and the read will fail with |
|
ECONNRESET. This doesn't appear to happen on Linux so if we notice |
|
that the monitor process has died when I/O logging is enabled, |
|
behave like the command has exited. This means we log the wait |
|
status of the monitor, not the command, but there is nothing else we |
|
can do at that point. This should only be an issue if SIGKILL is |
|
sent to the monitor process. |
|
[818e82ecbbfc] |
|
|
|
* src/exec_pty.c: |
|
Catch common signals in the monitor process so they get passed to |
|
the command. Fixes a problem when the entire login session is |
|
killed when ssh is disconnected or the terminal window is closed. |
|
Previously, the monitor would exit and plugin's close method would |
|
not be called. |
|
[0e4658263138] |
|
|
|
* INSTALL, configure, configure.in: |
|
Mention how to configure pam_hpsec on HP-UX to play nicely with |
|
sudo. |
|
[a7294cd8ce98] |
|
|
|
2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Escape values in the search expression as per RFC 4515. |
|
[c2adbc5db92b] |
|
|
|
* doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
src/Makefile.in: |
|
No need for install target to depend explicitly on install-dirs, the |
|
install-foo targets all depend on it. |
|
[62a36ed98279] |
|
|
|
2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
ignore src/sesh |
|
[463d492f6782] |
|
|
|
* MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/Makefile.in: |
|
Add support for setenv entries in login.conf. We can't use |
|
LOGIN_SETENV since the plugin sets up the envp the command is |
|
executed with. Also regen the Makefile.in files while here. Fixes |
|
bug #527 |
|
[088d507926e2] |
|
|
|
2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, |
|
config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, |
|
src/net_ifs.c: |
|
Add getaddrinfo() for those without it, written by Russ Allbery |
|
[4cf9ac831222] |
|
|
|
* doc/Makefile.in: |
|
Restore PACKAGE_TARNAME, it is used in docdir |
|
[9d65e893edb1] |
|
|
|
* MANIFEST, compat/stdbool.h: |
|
SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to |
|
the MANIFEST |
|
[e67700dc5621] |
|
|
|
* common/atobool.c, common/term.c, src/exec.c: |
|
Remove duplicate return statements. |
|
[48a20d5215fd] |
|
|
|
* plugins/sudoers/auth/bsdauth.c: |
|
Remove inaccurate comment |
|
[e7f0265cf657] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: |
|
Fetch the login class for the user we authenticate specifically when |
|
using BSD authentication. That user may have a different login |
|
class than what we will use to run the command. When setting the |
|
login class for the command, use the target user's struct passwd, |
|
not the invoking user's. Fixes bug 526 |
|
[21bf0af892f7] |
|
|
|
* compat/Makefile.in, configure, configure.in, doc/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" |
|
[8ee6e0891f27] |
|
|
|
* plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Fix "make check" fallout from the sudo_conv changes in sudo_debug. |
|
[b0aaa63c9081] |
|
|
|
* common/fileops.c, common/sudo_debug.c, configure, configure.in, |
|
include/fileops.h, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/env.c, plugins/sudoers/find_path.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, |
|
src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, |
|
src/sudo_plugin_int.h, src/utmp.c: |
|
Use stdbool.h instead of rolling our own TRUE/FALSE macros. |
|
[dcb0bbc42fc9] |
|
|
|
2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/stdbool.h, config.h.in, configure, configure.in: |
|
Add stdbool.h for systems without it. |
|
[18bd9dda1dcd] |
|
|
|
* aclocal.m4, config.h.in, configure, configure.in: |
|
No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default |
|
includes have unistd.h in them. Add check for socklen_t for |
|
upcoming getaddrinfo compat. |
|
[d705465bef69] |
|
|
|
* common/fileops.c, compat/nanosleep.c, config.h.in, configure, |
|
configure.in, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, |
|
plugins/sudoers/sudoreplay.c, src/net_ifs.c: |
|
Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of |
|
HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. |
|
[fa187c9bd2be] |
|
|
|
* src/sudo_noexec.c: |
|
No longer need to include time.h here as missing.h does not use |
|
time_t. |
|
[fa3a089bf5b1] |
|
|
|
2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Fix mode on sudoers as needed when the -f option is not specified. |
|
[7a1c40b0dc03] |
|
|
|
* MANIFEST, src/po/sr.mo, src/po/sr.po: |
|
Add Serbian translation for sudo from translationproject.org |
|
[9a0c25e25cba] |
|
|
|
* common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, |
|
src/parse_args.c: |
|
No longer pass debug_file to plugin, plugins must now use |
|
CONV_DEBUG_MSG |
|
[810cda1abb0b] |
|
|
|
* mkpkg: |
|
Build PIE executables for newer Debian and Ubuntu |
|
[1c5f25f8904a] |
|
|
|
* common/sudo_debug.c: |
|
Include time.h for ctime() prototype. |
|
[10090cf3bca1] |
|
|
|
2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, src/exec.c, |
|
src/exec_pty.c: |
|
Do not close error pipe or debug fd via closefrom() as we need them |
|
to report an exec error should one occur. |
|
[732f6587fafa] |
|
|
|
* doc/sudoers.ldap.pod: |
|
Document that a sudoUser may now be a group ID. |
|
[2fef46b9d3d3] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Add support for permitting access by group ID in addition to group |
|
name. |
|
[b9450fdf1f69] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() |
|
[d62a1e7cff4f] |
|
|
|
* compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: |
|
Replace UCB fnmatch.c with a non-recursive version written by |
|
William A. Rowe Jr. |
|
[354d3384adb8] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Fix typo, return_debug vs. debug_return |
|
[1b522efcbb0d] |
|
|
|
2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: |
|
Update Japanese sudoers translation from translationproject.org |
|
[ec0f2beaad36] |
|
|
|
* doc/sudoers.pod: |
|
Make the env_reset descriptions consistent. |
|
[41c056f02688] |
|
|
|
2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Do multiple expansion when expanding paths to the noexec file, sesh |
|
and the plugin directory. Adapted from a diff by Mike Frysinger |
|
[d7e16c876c66] |
|
|
|
* common/Makefile.in: |
|
regen |
|
[9d729e09c186] |
|
|
|
2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
Add ignore file; from Mike Frysinger |
|
[1fa8d52425f8] |
|
|
|
* mkdep.pl: |
|
no longer save old Makefile.in to .old |
|
[378dd2395545] |
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
|
regen |
|
[769faf517720] |
|
|
|
* config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, |
|
m4/ltoptions.m4, m4/ltversion.m4: |
|
Update to libtool 2.4.2 |
|
[9dac78d84b4f] |
|
|
|
2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump grammar version for #include and #includedir relative path |
|
support. |
|
[82a4f7cd8f71] |
|
|
|
2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add support for relative paths in #include and #includedir |
|
[4d6e3bd0c24f] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix install-plugin when shared objects are unsupported or disabled. |
|
[cbdd770a7a1b] |
|
|
|
* plugins/sudoers/goodpath.c: |
|
Don't write to sbp if it is NULL |
|
[fc438f8e8570] |
|
|
|
2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, |
|
only install matching .mo files |
|
[c1dc30ab4ebc] |
|
|
|
2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/sudoers.c, src/conversation.c: |
|
Fix non-dynamic (no dlopen) sudo build. |
|
[b0bd3fa925a3] |
|
|
|
* configure, configure.in: |
|
Don't error out if the user specified --disable-shared |
|
[cf035dd1e5cc] |
|
|
|
* common/sudo_debug.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/conversation.c: |
|
Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to |
|
the debug file. |
|
[640c62f83251] |
|
|
|
* plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, |
|
plugins/sudoers/sudoers.h: |
|
Make sudo_goodpath() return value bolean |
|
[fea2d59a6e55] |
|
|
|
* INSTALL, MANIFEST, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: |
|
Remove obsolete securid auth method. |
|
[4e54f860214b] |
|
|
|
* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, |
|
plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h: |
|
Prefix authentication functions with a "sudo_" prefix to avoid |
|
namespace problems. |
|
[581d74063ea1] |
|
|
|
* INSTALL, MANIFEST, config.h.in, configure, configure.in, |
|
doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: |
|
Remove the old Kerberos IV support |
|
[2e4b4a44209d] |
|
|
|
2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
Don't print garbage at the end of the custom lecture. |
|
[44bb788fafaa] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add lexer tracing as debug@parser |
|
[d850f3f9d414] |
|
|
|
* plugins/sudoers/alias.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/gram.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c: |
|
Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and |
|
<def_data.h> and not "def_data.h" when generating the parser in a |
|
build dir. |
|
[7da701def753] |
|
|
|
2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkdep.pl, plugins/sudoers/Makefile.in: |
|
Better devdir support in mkdep.pl |
|
[7dcec57bd155] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add devdir before srcdir in include path and fix up dependecies |
|
accordingly. |
|
[6e9958eca485] |
|
|
|
* plugins/sudoers/alias.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
|
#include "gram.h" not <gram.h> and "def_data.h" and not |
|
<def_data.h>. |
|
[003bdb078a15] |
|
|
|
* sudo.pp: |
|
Mark libexec files as optional. If we build without shared object |
|
support, libexec is not used. |
|
[4bffcf482219] |
|
|
|
* src/load_plugins.c: |
|
Change Debug sudo.conf setting to take a program name as the first |
|
argument. In the future, this will allow visudo and sudoreplay to |
|
use their own Debug entries. |
|
[cfb8f7e4867c] |
|
|
|
* src/sudo.c: |
|
fix sudo_debug_printf priority |
|
[dcb67e965609] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
add missing debug_return_int |
|
[d88ec450c592] |
|
|
|
2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: |
|
Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR |
|
[dcee8efc294f] |
|
|
|
* doc/UPGRADE: |
|
Add missing word in HOME security note. |
|
[fd844fdcc1ac] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Prevent "testsudoers -d username" from trying to malloc(0). |
|
[839126e56e8c] |
|
|
|
2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/sudoers/test10.in, |
|
plugins/sudoers/regress/sudoers/test10.out.ok, |
|
plugins/sudoers/regress/sudoers/test10.toke.ok, |
|
plugins/sudoers/regress/sudoers/test10.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test11.in, |
|
plugins/sudoers/regress/sudoers/test11.out.ok, |
|
plugins/sudoers/regress/sudoers/test11.toke.ok, |
|
plugins/sudoers/regress/sudoers/test11.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test12.in, |
|
plugins/sudoers/regress/sudoers/test12.out.ok, |
|
plugins/sudoers/regress/sudoers/test12.toke.ok, |
|
plugins/sudoers/regress/sudoers/test13.in, |
|
plugins/sudoers/regress/sudoers/test13.out.ok, |
|
plugins/sudoers/regress/sudoers/test13.toke.ok, |
|
plugins/sudoers/regress/sudoers/test9.in, |
|
plugins/sudoers/regress/sudoers/test9.out.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.out.ok: |
|
Tests for empty sudoers (should parse OK) and syntax errors within a |
|
line (should report correct line number) both with and without the |
|
trailing newline. |
|
[d57c879c4718] |
|
|
|
* plugins/sudoers/regress/sudoers/test4.out.ok, |
|
plugins/sudoers/regress/sudoers/test5.out.ok, |
|
plugins/sudoers/regress/sudoers/test7.out.ok, |
|
plugins/sudoers/regress/sudoers/test8.out.ok, |
|
plugins/sudoers/testsudoers.c: |
|
Print line number when there is a parser error. |
|
[5444ef6ac6dc] |
|
|
|
2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Keep track of the last token returned. On error, if the last token |
|
was COMMENT, decrement sudolineno since the error most likely |
|
occurred on the preceding line. Previously we always uses |
|
sudolineno-1 which will give the wrong line number for errors within |
|
a line. |
|
[d661a03a64da] |
|
|
|
2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
update with sudo 1.8.3p1 info |
|
[0f79ff31f602] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fix crash when "sudo -g group -i" is run. Fixes bug 521 |
|
[a3087ae337c4] |
|
|
|
2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Make alias_remove_recursive() return TRUE/FALSE as its callers |
|
expect and remove two unused arguments. Fixes bug 519. |
|
[2ee3b2882844] |
|
|
|
* plugins/sudoers/regress/visudo/test1.out.ok, |
|
plugins/sudoers/regress/visudo/test1.sh: |
|
Add regress test for bugzilla 519 |
|
[48000ebedf97] |
|
|
|
* plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Disable warning/error wrapping in regress tests. |
|
[373c589ba561] |
|
|
2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Do compile-po as part of sync-po so that the .mo files get rebuild |
|
automatically when we sync with translationproject.org |
|
[83f3cbfc2f33] |
|
|
* plugins/sudoers/Makefile.in: |
* plugins/sudoers/Makefile.in: |
check_addr needs to link with the network libraries on Solaris |
check_addr needs to link with the network libraries on Solaris |
[322bd70e316e] |
[322bd70e316e] |
Line 29
|
Line 2249
|
process. Fixes a crash in the monitor on Solaris; bugzilla #518 |
process. Fixes a crash in the monitor on Solaris; bugzilla #518 |
[e82809f86fb3] |
[e82809f86fb3] |
|
|
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* .hgtags: | * src/exec.c: |
Added tag SUDO_1_8_3 for changeset 82bec4d3a203 | Get rid of done: label. If the child exits we still need to close |
[6c953ef6f577] <1.8> | the pty, update utmp and restore the SELinux tty context. |
| [cc127bf48405] |
|
|
* Update Japanese sudoers translation from translationproject.org | 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com> |
[82bec4d3a203] [SUDO_1_8_3] <1.8> | |
|
|
|
* common/Makefile.in, common/atobool.c, common/fileops.c, |
|
common/fmt_string.c, common/lbuf.c, common/list.c, |
|
common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/alias.c, plugins/sudoers/audit.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, |
|
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, |
|
plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logwrap.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, |
|
src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, |
|
src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
|
src/tgetpass.c, src/ttysize.c, src/utmp.c: |
|
Add debug_decl/debug_return (almost) everywhere. Remove old |
|
sudo_debug() and convert users to sudo_debug_printf(). |
|
[8f3bbf907b67] |
|
|
|
* common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/error.c: |
|
Wrap error/errorx and warning/warningx functions with debug |
|
statements. Disable wrapping for standalone sudoers programs as well |
|
as memory allocation functions (to avoid infinite recursion). |
|
[562ed7b5ae8d] |
|
|
|
* README, config.h.in, configure, configure.in: |
|
Add checks for __func__ and __FUNCTION__ and mention that we now |
|
require a cpp that supports variadic macros. |
|
[314cfe4c5d23] |
|
|
|
* MANIFEST, common/Makefile.in, common/sudo_debug.c, |
|
include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, |
|
src/load_plugins.c, src/parse_args.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
New debug framework for sudo and plugins using /etc/sudo.conf that |
|
also supports function call tracing. |
|
[cded741e9f10] |
|
|
|
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: |
|
Update Japanese sudoers translation from translationproject.org |
|
[c24725775e32] |
|
|
2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Override and ignore the --disable-static option. Sudo already runs |
Override and ignore the --disable-static option. Sudo already runs |
libtool with -tag=disable-static where applicable and we need non- |
libtool with -tag=disable-static where applicable and we need non- |
PIC objects to build the executables. |
PIC objects to build the executables. |
[dff177464029] <1.8> | [aff1227b853a] |
|
|
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: |
* NEWS: |
Add sudoedit fix |
Add sudoedit fix |
[3238dc7e4fb2] <1.8> | [74655c7ccad1] |
|
|
* plugins/sudoers/po/sudoers.pot: |
* plugins/sudoers/po/sudoers.pot: |
regen pot files |
regen pot files |
[7981d6cbf1ab] <1.8> | [28d89a831ed3] |
|
|
* Ignore set_logname (which is now the default) for sudoedit since we | * plugins/sudoers/env.c: |
| Ignore set_logname (which is now the default) for sudoedit since we |
want the LOGNAME, USER and USERNAME environment variables to refer |
want the LOGNAME, USER and USERNAME environment variables to refer |
to the calling user since that is who the editor runs as. This |
to the calling user since that is who the editor runs as. This |
allows the editor to find the user's startup files. Fixes bugzilla |
allows the editor to find the user's startup files. Fixes bugzilla |
#515 |
#515 |
[3b9486e5fddb] <1.8> | [6c5dddf5ff05] |
|
|
* Instead of trying to grow the buffer in make_grlist_item(), simply | * plugins/sudoers/pwutil.c: |
| Instead of trying to grow the buffer in make_grlist_item(), simply |
increase the total length, free the old buffer and allocate a new |
increase the total length, free the old buffer and allocate a new |
one. This is less error prone and saves us from having to adjust |
one. This is less error prone and saves us from having to adjust |
all the pointers in the buffer. This code path is only taken when |
all the pointers in the buffer. This code path is only taken when |
there are groups longer than the length of the user field in struct |
there are groups longer than the length of the user field in struct |
utmp or utmpx, which should be quite rare. |
utmp or utmpx, which should be quite rare. |
[cb7c5ac834b5] <1.8> | [5587dc8cffaf] |
|
|
* Add Italian translation for sudo from translationproject.org | * src/po/it.mo: |
[c7876fccbc38] <1.8> | Add Italian translation for sudo from translationproject.org |
| [1b3dd886e7e3] |
|
|
* NEWS: | * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
| src/po/ja.mo, src/po/ja.po: |
Japanese translation for sudo and sudoers from |
Japanese translation for sudo and sudoers from |
translationproject.org |
translationproject.org |
[9945a3ef7ff7] <1.8> | [c06dd866be6e] |
|
|
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudoreplay depends on timestr.lo too; from Mike Frysinger | * plugins/sudoers/Makefile.in: |
[ad9ae493205f] <1.8> | sudoreplay depends on timestr.lo too; from Mike Frysinger |
| [b9e73214b2f1] |
|
|
2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot: |
* plugins/sudoers/po/sudoers.pot: |
Regen sudoers pot file. |
Regen sudoers pot file. |
[2c4d99361994] <1.8> | [019588bafdb3] |
|
|
* NEWS: |
* NEWS: |
Update with latest sudo 1.8.3 news |
Update with latest sudo 1.8.3 news |
[4e7f59d339d4] <1.8> | [6868042a88e9] |
|
|
* ldap_start_tls_s() on Debian (at least) sets the effective and saved | * plugins/sudoers/sudoers.c: |
uids to the same value as the real uid. This prevents sudo from | It appears that LDAP or NSS may modify the euid so we need to be |
setting the uid or gid later on. As a workaround, we now set perms | root for the open(). We restore the old perms at the end of |
to root during sudoers_policy_open(). | sudoers_policy_open(). |
[eb4c4f15833a] <1.8> | [2da67a5497ef] |
|
|
* Better warning message on setuid() failure for the setreuid() | * plugins/sudoers/set_perms.c: |
| Better warning message on setuid() failure for the setreuid() |
version of set_perms(). |
version of set_perms(). |
[308c72f601e4] <1.8> | [07abcfe7bd9a] |
|
|
2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Combine new translations in NEWS item |
|
[0aa07471a5e6] <1.8> |
|
|
|
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Delref auth_pw at the end of check_user() instead of getting a ref | * plugins/sudoers/check.c: |
| Delref auth_pw at the end of check_user() instead of getting a ref |
twice. |
twice. |
[1c882f2fb46c] <1.8> | [cb665f55e6a5] |
|
|
* Make sudo_auth_{init,cleanup} return TRUE on success and check for | * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: |
| Make sudo_auth_{init,cleanup} return TRUE on success and check for |
sudo_auth_init() return value in check_user(). |
sudo_auth_init() return value in check_user(). |
[573bf35ecac9] <1.8> | [92631c919356] |
|
|
* Do not return without restoring permissions. | * plugins/sudoers/auth/sudo_auth.c: |
[2444a0b96469] <1.8> | Do not return without restoring permissions. |
| [59ef40b6696a] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
regen pot files |
regen pot files |
[d286bce8dbb1] <1.8> | [9f320a340b7c] |
|
|
* NEWS: | * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, |
Update for latest release candidate | plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, |
[63d184ba6263] <1.8> | plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
| plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
regen pot files | plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, |
[ac3ec1315df7] <1.8> | plugins/sudoers/check.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
* Modify the authentication API such that the init and cleanup | Modify the authentication API such that the init and cleanup |
functions are always called, regardless of whether or not we are |
functions are always called, regardless of whether or not we are |
going to verify a password. This is needed for proper PAM session |
going to verify a password. This is needed for proper PAM session |
support. |
support. |
[ea281ca46d94] <1.8> | [19a53f3fb596] |
|
|
* Add missing dependency for getspwgen other depends. | * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: |
[9c124272910d] <1.8> | Add missing dependency for getspwuid.lo and regen other depends. |
| [f7f70eae819a] |
|
|
* Fix a PAM_USER mismatch in session open/close. We update PAM_USER | * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
| plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: |
| Fix a PAM_USER mismatch in session open/close. We update PAM_USER |
to the target user immediately before setting resource limits, which |
to the target user immediately before setting resource limits, which |
is after the monitor process has forked (so it has the old value). |
is after the monitor process has forked (so it has the old value). |
Also, if the user did not authenticate, there is no pamh in the |
Also, if the user did not authenticate, there is no pamh in the |
monitor so we need to init pam here too. This means we end up |
monitor so we need to init pam here too. This means we end up |
calling pam_start() twice, which should be fixed, but at least the |
calling pam_start() twice, which should be fixed, but at least the |
session is always properly closed now. |
session is always properly closed now. |
[d0866ee5f190] <1.8> | [fbc063a2a872] |
|
|
* Add check for old being NULL in utmp_setid(); from Steven McDonald | * src/utmp.c: |
[30cc283ac2b4] <1.8> | Add check for old being NULL in utmp_setid(); from Steven McDonald |
| [e87126442f2e] |
|
|
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If the invoking user cannot be resolved by uid fake the struct | * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
| If the invoking user cannot be resolved by uid fake the struct |
passwd and store it in the cache so we can delref it on exit. |
passwd and store it in the cache so we can delref it on exit. |
[19d44f44d45d] <1.8> | [a27e2f8b9f5e] |
|
|
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't error out if the group plugin cannot be loaded, just warn. | * plugins/sudoers/sudoers.c: |
[e91d9912c9a0] <1.8> | Don't error out if the group plugin cannot be loaded, just warn. |
| [0fbfcd381e33] |
|
|
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Quiet a false positive found by several static analysis tools. These | * plugins/sudoers/sudoers.c: |
| Quiet a false positive found by several static analysis tools. These |
tools don't know that log_error() does not return (it longjmps to |
tools don't know that log_error() does not return (it longjmps to |
error_jmp which returns to the sudo front-end). |
error_jmp which returns to the sudo front-end). |
[3cc319e31ed6] <1.8> | [33d0469df21b] |
|
|
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Italian translation for sudo from translationproject.org Regen | * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, |
| plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, |
| plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: |
| Add Italian translation for sudo from translationproject.org Regen |
.mo files |
.mo files |
[c0b27f9d7e57] <1.8> | [c3c888a82be6] |
|
|
* .hgtags: |
|
Added tag SUDO_1_8_2 for changeset 3682e51af1d0 |
|
[f0be566e9ea2] <1.8> |
|
|
|
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update to current reality and add bit about ssh auth | * doc/TROUBLESHOOTING: |
[48dcb86ce9be] <1.8> | Update to current reality and add bit about ssh auth |
| [184a1e7c2eeb] |
|
|
* Make "verbose" static; fixes a namespace clash with | * plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
| Make "verbose" static; fixes a namespace clash with |
pam_ssh_agent_auth (and it doesn't need to be extern these days). |
pam_ssh_agent_auth (and it doesn't need to be extern these days). |
[b60fdd82de94] <1.8> | [cc38d2eb2f4c] |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, src/get_pty.c: |
FreeBSD has libutil.h not util.h |
FreeBSD has libutil.h not util.h |
[c03b121e0193] <1.8> | [dab4c94b6d4f] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD |
Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD |
[002e3e0bb173] <1.8> | [41c362f0a92a] |
|
|
* Update po files from translationproject.org | 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com> |
[2b36af902213] <1.8> | |
|
|
|
* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: |
|
Update po files from translationproject.org |
|
[1e99e147c7fa] |
|
|
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
Mention DEREF support | |
[dfeb152f1686] <1.8> | |
| |
* plugins/sudoers/po/sudoers.pot: | |
sync pot files | |
[1fba22e927a3] <1.8> | |
| |
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: | |
Add support for DEREF in ldap.conf. |
Add support for DEREF in ldap.conf. |
[fe1cf6ad0add] <1.8> | [3c1937a98547] |
|
|
* Makefile.in: |
* Makefile.in: |
install target should depend on ChangeLog too, not just install-doc |
install target should depend on ChangeLog too, not just install-doc |
[f54e2ab633b8] <1.8> | [1a7c83941175] |
|
|
* NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in: | * doc/sudoers.pod: |
Only iolog_file (not iolog_dir) supports mktemp-style suffixes. |
Only iolog_file (not iolog_dir) supports mktemp-style suffixes. |
[44a25099594e] <1.8> | [0eca47d60a2c] |
|
|
* configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * NEWS: |
regen pot files | Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. |
[e14ee85cf49b] <1.8> | [0501415cc5ff] |
|
|
|
* doc/UPGRADE: |
|
Document group lookup change and possible side effects. |
|
[585743e1ebf7] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix some square brackets in case statements that needed to be |
Fix some square brackets in case statements that needed to be |
doubled up. While here, use $OSMAJOR when it makes sense. |
doubled up. While here, use $OSMAJOR when it makes sense. |
[853c6e5f994c] <1.8> | [8973343f4696] |
|
|
* Fix a crash in make_grlist_item() on 64-bit machines with strict | * plugins/sudoers/pwutil.c: |
| Fix a crash in make_grlist_item() on 64-bit machines with strict |
alignment. |
alignment. |
[e877c89ae32f] <1.8> | [c89508c73c46] |
|
|
* Remove list_options() function that is no longer used now that "sudo | * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
| Remove list_options() function that is no longer used now that "sudo |
-L" is gone. |
-L" is gone. |
[f31543c80b98] <1.8> | [fcc6a776c135] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Error message if user tries --with-CC |
Error message if user tries --with-CC |
[0ed7558b8924] <1.8> | [ec5b478f813a] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Check for -libmldap too when looking for ldap libs, which is the |
Check for -libmldap too when looking for ldap libs, which is the |
Tivoli Directory Server client library. |
Tivoli Directory Server client library. |
[831e32d1453c] <1.8> | [bb3007a97206] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen pot files for 1.8.3 |
|
[df2fb085cff2] <1.8> |
|
|
|
* NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, |
|
doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, |
|
doc/visudo.man.in: |
|
Update for version 1.8.3 |
|
[38cf153add0a] <1.8> |
|
|
|
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Honor NOPASSWD tag for denied commands too. | * plugins/sudoers/parse.c: |
[f473c443ad54] <1.8> | Honor NOPASSWD tag for denied commands too. |
| [8dd92656db92] |
|
|
|
2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Remove --with-CC option; it doesn't work correctly now that we use |
Remove --with-CC option; it doesn't work correctly now that we use |
libtool. Users can get the same effect by setting the CC |
libtool. Users can get the same effect by setting the CC |
environment variable when running configure. |
environment variable when running configure. |
[4f04869d74fd] <1.8> | [ec22bd1a55e0] |
|
|
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, |
| src/sudo_edit.c: |
Assume all modern systems support fstat(2). |
Assume all modern systems support fstat(2). |
[0422b19dced3] <1.8> | [6a5a8985f6a0] |
|
|
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * compat/regress/glob/globtest.c, config.h.in, configure, |
| configure.in, include/missing.h, plugins/sudoers/sudoers.h, |
| src/sudo.h, src/sudo_noexec.c: |
Add configure test for missing errno declaration and only declare it |
Add configure test for missing errno declaration and only declare it |
ourselves if it is missing. |
ourselves if it is missing. |
[6d26974f7e16] <1.8> | [456e76c809a2] |
|
|
* Include errno.h before sudo.h to avoid conflicting with the system | * plugins/sudoers/alias.c: |
| Include errno.h before sudo.h to avoid conflicting with the system |
definition of errno. |
definition of errno. |
[8000bdc0968f] <1.8> | [d0b97e392512] |
|
|
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Only print individual check status when there is a failure. | * plugins/sudoers/regress/parser/check_addr.c: |
[bbdd669e7615] <1.8> | Only print individual check status when there is a failure. |
| [2ac704c91441] |
|
|
* Add calls to setprogname() for test programs. | * plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
[c721f3466a3a] <1.8> | plugins/sudoers/regress/logging/check_wrap.c, |
| plugins/sudoers/regress/parser/check_addr.c: |
| Add calls to setprogname() for test programs. |
| [a8d9b420e826] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add -Wall and -Werror after all tests so they don't cause failures. |
Add -Wall and -Werror after all tests so they don't cause failures. |
[20d75ce40086] <1.8> | [2661188ff3fa] |
|
|
* Actually run check_addr in the check target | * plugins/sudoers/Makefile.in: |
[dcd96ef0dc57] <1.8> | Actually run check_addr in the check target |
| [0b2778bc86bf] |
|
|
* Split out address matching into its own file and add regression | * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, |
| plugins/sudoers/match_addr.c, |
| plugins/sudoers/regress/parser/check_addr.c, |
| plugins/sudoers/regress/parser/check_addr.in: |
| Split out address matching into its own file and add regression |
tests for it. |
tests for it. |
[863f28589c24] <1.8> | [12b9a2bf8dba] |
|
|
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix matching a network number with netmask when the network number | * plugins/sudoers/match.c: |
is not the first address in the CIDR block. | When matching an address with a netmask in sudoers, AND the mask and |
[719942c986e9] <1.8> | addr before checking against the local addresses. |
| [9747bb6d7b1c] |
|
|
2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't assume all editors support the +linenumber command line | * plugins/sudoers/match.c: |
| Fix netmask matching. |
| [a3c8f8cc1464] |
| |
| * plugins/sudoers/visudo.c: |
| Don't assume all editors support the +linenumber command line |
argument, use a whitelist of known good editors. |
argument, use a whitelist of known good editors. |
[d8d884af3b05] <1.8> | [21d43a91fd10] |
|
|
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Silence compiler warnings on Solaris with gcc 3.4.3 | * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, |
[8047cdb5d6a1] <1.8> | src/exec_pty.c, src/sudo.c: |
| Silence compiler warnings on Solaris with gcc 3.4.3 |
| [da620bae6fdb] |
|
|
* Fix building on RHEL 3 | * mkpkg: |
[6bb0464a7450] <1.8> | Fix building on RHEL 3 |
| [f3227fb2a252] |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add --enable-werror configure option. |
Add --enable-werror configure option. |
[aa40fd459836] <1.8> | [fec2cdb95543] |
|
|
* setgroups() proto lives in grp.h on RHEL4, perhaps others. | * common/setgroups.c: |
[92f98cbaebf0] <1.8> | setgroups() proto lives in grp.h on RHEL4, perhaps others. |
| [de91c0de5a98] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Use PAM by default on AIX 6 and higher. |
Use PAM by default on AIX 6 and higher. |
[7ef53d5ac819] <1.8> | [e16493208e5f] |
|
|
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add new Esperanto translation from translationproject.org | * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
[109ed683b885] <1.8> | src/po/eo.mo, src/po/eo.po: |
| Add new Esperanto translation from translationproject.org |
| [0d9a59e04c64] |
|
|
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Quiet an innocuous valgrind warning. | * plugins/sudoers/iolog_path.c: |
[fc453e49f9dd] <1.8> | Quiet an innocuous valgrind warning. |
| [0582b6027161] |
|
|
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix expansion of strftime() escapes in log_dir and add a regress | * plugins/sudoers/iolog_path.c, |
| plugins/sudoers/regress/iolog_path/data: |
| Fix expansion of strftime() escapes in log_dir and add a regress |
test that exhibited the problem. |
test that exhibited the problem. |
[784e60d21f11] <1.8> | [a5c7c1c4c589] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * plugins/sudoers/Makefile.in: |
Fix "make check" return value. |
Fix "make check" return value. |
[d3608efd8da6] <1.8> | [33b58e175230] |
|
|
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot: | * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Regen pot files |
Regen pot files |
[3682e51af1d0] [SUDO_1_8_2] <1.8> | [063841aac19b] |
|
|
* Makefile.in: |
* Makefile.in: |
Fix logic inversion in pot file up to date check. |
Fix logic inversion in pot file up to date check. |
[343dbbca9422] <1.8> | [f6a8ca8654df] |
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, |
|
doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/visudo.cat, doc/visudo.man.in: |
|
regen docs |
|
[96234478bde2] <1.8> |
|
|
|
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add caching for gettext() checks. |
Add caching for gettext() checks. |
[4039d21424c3] <1.8> | [01b7200f6105] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Better handling of libintl header and library mismatch. |
Better handling of libintl header and library mismatch. |
[cc9faee8e486] <1.8> | [9a49b1d4db69] |
|
|
2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
sync |
|
[73649a44d934] <1.8> |
|
|
|
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Also check sudoers gid if sudoers is group writable. | * plugins/sudoers/sudoers.c: |
[3d345347f6ac] <1.8> | Also check sudoers gid if sudoers is group writable. |
| [23ef96ca0d33] |
|
|
* NEWS: |
|
Update for 1.8.2 final |
|
[441c22fea363] <1.8> |
|
|
|
2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
If dlopen is present but libtool doesn't find it, error out since it |
If dlopen is present but libtool doesn't find it, error out since it |
probably means that libtool doesn't support the system. |
probably means that libtool doesn't support the system. |
[6fc7c0de4f6d] <1.8> | [a9da0a5f7941] |
|
|
* configure args on the command line should override builtin defaults. | * mkpkg: |
| configure args on the command line should override builtin defaults. |
Disable NLS for non-Linux/Solaris unless explicitly enabled. |
Disable NLS for non-Linux/Solaris unless explicitly enabled. |
[0ef165f892c2] <1.8> | [b2fb05614504] |
|
|
* Fix loop that calls authenticate(). If there was an error message | * plugins/sudoers/auth/aix_auth.c: |
| Fix loop that calls authenticate(). If there was an error message |
from authenticate(), display it. |
from authenticate(), display it. |
[f0686011ff2e] <1.8> | [063a0c4f0b9a] |
|
|
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * m4/libtool.m4, m4/ltversion.m4: |
Update to autoconf 2.68 and libtool 2.4 |
Update to autoconf 2.68 and libtool 2.4 |
[00df5f3647e1] <1.8> | [5a912a6eb67b] |
|
|
* Fix typo; OPT should be OTP | * config.guess, config.sub, configure, configure.in, ltmain.sh: |
[31da1f989740] <1.8> | Update to autoconf 2.68 and libtool 2.4 |
| [931ab56aecf6] |
|
|
* Rename libsudoers convenience library to libparsesudoers to avoid | * doc/sudoers.pod: |
| Fix typo; OPT should be OTP |
| [e97bd2e46544] |
| |
| * plugins/sudoers/Makefile.in: |
| Rename libsudoers convenience library to libparsesudoers to avoid |
libtool confusion. |
libtool confusion. |
[e9ae9d611dd5] <1.8> | [2a89a613f537] |
|
|
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Danish sudoers translation from translationproject.org | * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
[fa9cd9758249] <1.8> | Add Danish sudoers translation from translationproject.org |
| [27b96e85eb13] |
|
|
* Add dedicated callback function for runas_default sudoers setting | * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: |
| Add dedicated callback function for runas_default sudoers setting |
that only sets runas_pw if no runas user or group was specified by |
that only sets runas_pw if no runas user or group was specified by |
the user. |
the user. |
[3fb4b18525de] <1.8> | [b8382d8eea34] |
|
|
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update Finish, Polish, Russian and Ukrainian translations from | * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
| plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
| plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, |
| src/po/ru.po: |
| Update Finish, Polish, Russian and Ukrainian translations from |
translationproject.org. |
translationproject.org. |
[0fcd8f6aff0a] <1.8> | [f9339aff664e] |
|
|
* Makefile.in: | * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, |
| plugins/sudoers/testsudoers.c: |
Go back to using a callback for runas_default to keep runas_pw in |
Go back to using a callback for runas_default to keep runas_pw in |
sync. This is needed to make per-entry runas_default settings work |
sync. This is needed to make per-entry runas_default settings work |
with LDAP-based sudoers. Instead of declaring it a callback in |
with LDAP-based sudoers. Instead of declaring it a callback in |
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a |
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a |
bit naughty, but avoids requiring stub functions in visudo and the |
bit naughty, but avoids requiring stub functions in visudo and the |
tests. |
tests. |
[4e8e70832f06] <1.8> | [9aaefb908415] |
|
|
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen pot files |
|
[ca5c58c599a6] <1.8> |
|
|
|
* Makefile.in: |
* Makefile.in: |
Add check for out of date message catalogs when doing "make dist". |
Add check for out of date message catalogs when doing "make dist". |
[36414e5c762b] <1.8> | [e45a29b612f4] |
|
|
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * configure: |
| regen |
| [d6f9ad26774a] |
| |
| * configure.in: |
Make sure compiler supports static-libgcc before using it. |
Make sure compiler supports static-libgcc before using it. |
[6c98e8809291] <1.8> | [b01bd9566e50] |
|
|
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc | * src/Makefile.in: |
[a0a3a3fa6470] <1.8> | Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc |
| [c99c7ab3edef] |
|
|
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add new Russian sudo translation from translationproject.org and | * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, |
| plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, |
| plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, |
| src/po/zh_CN.mo: |
| Add new Russian sudo translation from translationproject.org and |
rebuild the other translation files. |
rebuild the other translation files. |
[e953d7d1ca6d] <1.8> | [e20015459056] |
|
|
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update Finish and Polish translations from translationproject.org | * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: |
[17e408d73c85] <1.8> | Update Finish and Polish translations from translationproject.org |
| [4e3dbba4a1de] |
|
|
* Go back to escaping the command args for "sudo -i" and "sudo -s" | * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: |
| Go back to escaping the command args for "sudo -i" and "sudo -s" |
before calling the plugin. Otherwise, spaces in the command args |
before calling the plugin. Otherwise, spaces in the command args |
are not treated properly. The sudoers plugin will unescape non- |
are not treated properly. The sudoers plugin will unescape non- |
spaces to make matching easier. |
spaces to make matching easier. |
[f666191a4e80] <1.8> | [dfa2c4636f33] |
|
|
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix some potential problems found by the clang static analyzer, none | * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/ldap.c, plugins/sudoers/parse.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, |
| plugins/sudoers/toke.l: |
| Fix some potential problems found by the clang static analyzer, none |
serious. |
serious. |
[c1ab4b940980] <1.8> | [ff64aa74aae6] |
|
|
* Updated Ukranian and Chinese (simplified) po files from | * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, |
| src/po/zh_CN.po: |
| Updated Ukranian and Chinese (simplified) po files from |
translationproject.org |
translationproject.org |
[792a66672715] <1.8> | [ec792becb48e] |
|
|
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Updated Polish translation from translationproject.org | * plugins/sudoers/po/pl.po: |
[5f434cc04482] <1.8> | Updated Polish translation from translationproject.org |
| [a3af53cb649c] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Rebuild pot files |
Rebuild pot files |
[639230dbd741] <1.8> | [c650524c0f0a] |
|
|
* Don't try to audit failure if the runas user does not exist. We | * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: |
| Don't try to audit failure if the runas user does not exist. We |
don't have the user's command at this point so there is nothing to |
don't have the user's command at this point so there is nothing to |
audit. Add a NULL check in audit_success() and audit_failure() just |
audit. Add a NULL check in audit_success() and audit_failure() just |
to be on the safe side. |
to be on the safe side. |
[2bfb96a32b00] <1.8> | [2a0007c2022f] |
|
|
* Add -g to CFLAG for PIE builds. | * mkpkg: |
[e4c94977ca4e] <1.8> | Add -g to CFLAG for PIE builds. |
| [32a0a9693c9c] |
|
|
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Remove fallback to per-group lookup when matching groups in sudoers. | * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/sudo.c: |
| Remove fallback to per-group lookup when matching groups in sudoers. |
The sudo front-end will now use getgrouplist() to get the user's |
The sudo front-end will now use getgrouplist() to get the user's |
list of groups if getgroups() fails or returns zero groups so we |
list of groups if getgroups() fails or returns zero groups so we |
always have a list of the user's groups. For systems with |
always have a list of the user's groups. For systems with |
mbr_check_membership() which support more that NGROUPS_MAX groups |
mbr_check_membership() which support more that NGROUPS_MAX groups |
(Mac OS X), skip the call to getgroups() and use getgrouplist() so |
(Mac OS X), skip the call to getgroups() and use getgrouplist() so |
we get all the groups. |
we get all the groups. |
[168d6d4a386b] <1.8> | [51b3ed8c600b] |
|
|
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix setgroups() fallback code on EINVAL. | * common/setgroups.c: |
[dd1310945ab3] <1.8> | Fix setgroups() fallback code on EINVAL. |
| [2b6faecd56a4] |
|
|
* Fix two PERM_INITIAL cases that were still using user_gids. | * plugins/sudoers/set_perms.c: |
[d497d0d47a23] <1.8> | Fix two PERM_INITIAL cases that were still using user_gids. |
| [9680bab0acc6] |
|
|
* Add Polish sudo message catalog | * MANIFEST: |
[1a0aa3f9f179] <1.8> | Add Polish sudo message catalog |
| [8bb40c3ba576] |
|
|
* user_group is no longer used, remove it | * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
[379185a76094] <1.8> | user_group is no longer used, remove it |
| [9acede0fe6c5] |
|
|
2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Polish translation from translationproject.org | * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: |
[2e7cdfe4ef41] <1.8> | Add Polish translation from translationproject.org |
| [afac5c638573] |
|
|
* Add a wrapper for setgroups() that trims off extra groups and | * MANIFEST, common/Makefile.in, common/setgroups.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, |
| src/sudo.h, src/sudo_edit.c: |
| Add a wrapper for setgroups() that trims off extra groups and |
retries if setgroups() fails. Also add some missing addrefs for |
retries if setgroups() fails. Also add some missing addrefs for |
PERM_USER and PERM_FULL_USER. |
PERM_USER and PERM_FULL_USER. |
[bacb4170a510] <1.8> | [224dfd8aae5c] |
|
|
* configure, configure.in: | * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, |
| configure, configure.in, include/missing.h, mkdep.pl, |
| plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: |
Instead of keeping separate groups and gids arrays, create struct |
Instead of keeping separate groups and gids arrays, create struct |
group_info and use it to store both, along with a count for each. |
group_info and use it to store both, along with a count for each. |
Cache group info on a per-user basis using getgrouplist() to get the |
Cache group info on a per-user basis using getgrouplist() to get the |
groups. We no longer need special to special case the user or list |
groups. We no longer need special to special case the user or list |
user for user_in_group() and thus no longer need to reset the groups |
user for user_in_group() and thus no longer need to reset the groups |
list when listing another user. |
list when listing another user. |
[f1d8962821a0] <1.8> | [0ad849a8b2d5] |
|
|
* Don't rely on NULL since we don't include a header for it. | * src/preload.c: |
[ed46286f848b] <1.8> | Don't rely on NULL since we don't include a header for it. |
| [b40937f1890c] |
|
|
* Fix typo | 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
[a38b8fbb0e70] <1.8> | |
|
|
* Do not shadow global sudo_mode with a local variable in set_cmnd() | * doc/sudoers.pod: |
[8e462ebafea4] <1.8> | Fix typo |
| [c1035360e169] |
|
|
|
2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Do not shadow global sudo_mode with a local variable in set_cmnd() |
|
[0c72969503ad] |
|
|
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* bash 2.x doesd not support the -l flag and exits with an error if it | * plugins/sudoers/sudoers.c: |
| bash 2.x doesd not support the -l flag and exits with an error if it |
is specified so use --login instead. This causes an error with bash |
is specified so use --login instead. This causes an error with bash |
1.x (which uses -login instead) but this version is hopefully less |
1.x (which uses -login instead) but this version is hopefully less |
used than 2.x. |
used than 2.x. |
[73020a67b9d5] <1.8> | [5c4c296e30e6] |
|
|
* Add Polish translation from translationproject.org | * src/po/pl.mo, src/po/pl.po: |
[8cac0da9ffb1] <1.8> | Add Polish translation from translationproject.org |
| [48592dd6edcf] |
|
|
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Make error strings translatable. | * plugins/sudoers/set_perms.c: |
[d1ff594f27b5] <1.8> | Make error strings translatable. |
| [414c5c484768] |
|
|
* Only run configure with --with-pam-login for RHEL 5 and above. | * mkpkg: |
[2f1a0ff5230e] <1.8> | Only run configure with --with-pam-login for RHEL 5 and above. |
| [6c16e4de4026] |
|
|
* Fix typo in summary | * sudo.pp: |
[1e1d7dcae9ab] <1.8> | Fix typo in summary |
| [9ac618c9a749] |
|
|
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add missing logwrap.c | * plugins/sudoers/logwrap.c: |
[abcd28c194d2] <1.8> | Add missing logwrap.c |
| [c12a413ecc1d] |
|
|
* Split out log file word wrap code into its own file and add unit | * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, |
| plugins/sudoers/logging.h, |
| plugins/sudoers/regress/logging/check_wrap.c, |
| plugins/sudoers/regress/logging/check_wrap.in, |
| plugins/sudoers/regress/logging/check_wrap.out.ok: |
| Split out log file word wrap code into its own file and add unit |
tests. Fixes an off-by one in the word wrap when the log line |
tests. Fixes an off-by one in the word wrap when the log line |
length matches loglinelen. |
length matches loglinelen. |
[0ae1c7aa9ef1] <1.8> | [52ed277f6690] |
|
|
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* For SuSE, only use /usr/lib64 as libexec if generating 64-bit | * mkpkg: |
| For SuSE, only use /usr/lib64 as libexec if generating 64-bit |
binaries. |
binaries. |
[4448fa1c639f] <1.8> | [645ab903cf77] |
|
|
* Fix build error when --without-noexec configure option is used. | * src/load_plugins.c, src/sudo.c: |
[f6bfd748ae45] <1.8> | Fix build error when --without-noexec configure option is used. |
| [b994f7b0d8b4] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX |
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX |
5.3 and above. |
5.3 and above. |
[9d957ae1840d] <1.8> | [c2a6f9b472f3] |
|
|
2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, doc/UPGRADE: |
|
Document group lookup change and possible side effects. |
|
[fe4b2d2701b2] <1.8> |
|
|
|
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Resolve the list of gids passed in from the sudo frontend (the | * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
| Resolve the list of gids passed in from the sudo frontend (the |
result of getgroups()) to names and store both the group names and |
result of getgroups()) to names and store both the group names and |
ids in the sudo_user struct. When matching groups in the sudoers |
ids in the sudo_user struct. When matching groups in the sudoers |
file, match based on the names in the groups list first and only do |
file, match based on the names in the groups list first and only do |
Line 637
|
Line 3000
|
group name (as it is listed in sudoers) instead of id (which we |
group name (as it is listed in sudoers) instead of id (which we |
would have to resolve) we save a lot of group lookups for sudoers |
would have to resolve) we save a lot of group lookups for sudoers |
files with a lot of groups in them. |
files with a lot of groups in them. |
[c10d208bd7e5] <1.8> | [8dc19353f148] |
|
|
2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for 1.8.2rc5 |
|
[f6a3aa2edf7a] <1.8> |
|
|
|
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Workaround for "sudo -i command" and newer versions of bash which | * plugins/sudoers/sudoers.c: |
| Workaround for "sudo -i command" and newer versions of bash which |
don't go into login mode when -c is specified unless -l is too. |
don't go into login mode when -c is specified unless -l is too. |
[381e74d35006] <1.8> | [9393762b80f3] |
|
|
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Rewrite logfile word wrapping code to be more straight-forward and | * plugins/sudoers/logging.c: |
| Rewrite logfile word wrapping code to be more straight-forward and |
actually wrap at the correct place. |
actually wrap at the correct place. |
[8a7862d6a82f] <1.8> | [f712a0c90f55] |
|
|
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: |
Fix typo | Set use_pty=true in command details when use_pty is set in sudoers. |
[2456ad2ad3e3] <1.8> | |
| |
* NEWS: | |
Mention use_pty bug fix | |
[f4eab5193452] <1.8> | |
| |
* Set use_pty=true in command details when use_pty is set in sudoers. | |
From Ludwig Nussel |
From Ludwig Nussel |
[abaafc5793d9] <1.8> | [8d95a163dfc1] |
|
|
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Sync Chinese (simplified) PO files from translationproject.org | * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
[a4cf84dd9ddf] <1.8> | src/po/zh_CN.mo, src/po/zh_CN.po: |
| Sync Chinese (simplified) PO files from translationproject.org |
| [acce8eb7be18] |
|
|
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Danish translation from translationproject.org and add missing | * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, |
| plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: |
| Add Danish translation from translationproject.org and add missing |
Basque mo files. |
Basque mo files. |
[672b88adcc34] <1.8> | [0c22bb21b9c4] |
|
|
* Makefile.in, configure, configure.in: |
* Makefile.in, configure, configure.in: |
No longer need to specify LINGUAS in configure, "make install-nls" |
No longer need to specify LINGUAS in configure, "make install-nls" |
now just installs all the .mo files it finds. |
now just installs all the .mo files it finds. |
[c226a39ece48] <1.8> | [fcd45cf04885] |
|
|
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Build CONTRIBUTORS from newly-added contributors.pod | * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: |
[b8871dd293ff] <1.8> | Build CONTRIBUTORS from newly-added contributors.pod |
| [8b192f2720f4] |
|
|
* Rework the wording in the leading paragraph | * doc/CONTRIBUTORS: |
[d8b081dedeb3] <1.8> | Rework the wording in the leading paragraph |
| [312044145cdd] |
|
|
2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add a CONTRIBUTORS file with the names of folks who have contributed | * MANIFEST, doc/CONTRIBUTORS: |
| Add a CONTRIBUTORS file with the names of folks who have contributed |
code or patches to sudo since I started maintaining it (plus the |
code or patches to sudo since I started maintaining it (plus the |
original authors). |
original authors). |
[8b064e8996af] <1.8> | [b8bdd8b59528] |
|
|
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Preserve SHELL variable for "sudo -s". Otherwise we can end up with | * plugins/sudoers/env.c: |
| Preserve SHELL variable for "sudo -s". Otherwise we can end up with |
a situation where the SHELL variable and the actual shell being run |
a situation where the SHELL variable and the actual shell being run |
do not match. |
do not match. |
[8f5bb61a8b76] <1.8> | [b8b3974aee3e] |
|
|
2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Only enable Solaris project support when setproject() is present in |
Only enable Solaris project support when setproject() is present in |
libproject. |
libproject. |
[bf370ff3c194] <1.8> | [49ad7857ab89] |
|
|
* Explicitly set mode and owner of /etc/sudoers instead of relying on | * sudo.pp: |
| Explicitly set mode and owner of /etc/sudoers instead of relying on |
"cp -p" to work in the postinstall script. On AIX 6.1 at least the |
"cp -p" to work in the postinstall script. On AIX 6.1 at least the |
postinstall script runs before the final file permissions are set. |
postinstall script runs before the final file permissions are set. |
[7a4a87405349] <1.8> | [e41ffc0212b2] |
|
|
* Refer the user to the "Command Environment" section in description | 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * doc/sudo.pod, doc/sudoers.pod: |
| Refer the user to the "Command Environment" section in description |
of sudo's -i option. |
of sudo's -i option. |
[1a063eaf9670] <1.8> | [263cc3be7eef] |
|
|
* Fix typo | * doc/sudo.pod: |
[442c50370c44] <1.8> | Fix typo |
| [35dfac450f4d] |
|
|
* If there is no old dependency for an object file, use the MANIFEST | 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkdep.pl: |
| If there is no old dependency for an object file, use the MANIFEST |
to find its source. |
to find its source. |
[d95c77ad283f] <1.8> | [d15e3b9899f9] |
|
|
* Remove dependency for getgrouplist.lo as we don't ship that source | * compat/Makefile.in: |
| Remove dependency for getgrouplist.lo as we don't ship that source |
file. |
file. |
[bbede77e6256] <1.8> | [312a6d5fe6b0] |
|
|
* Do not declare yyparse() static as the actual function generated by | 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
| Do not declare yyparse() static as the actual function generated by |
yacc is extern. |
yacc is extern. |
[8e615bd15a4c] <1.8> | [9017b79dcf55] |
|
|
|
2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: |
* Makefile.in: |
Remove locale files in "make uninstall" |
Remove locale files in "make uninstall" |
[9791be90d5ac] <1.8> | [201ff261ecbe] |
|
|
2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> | * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, |
| plugins/sudoers/po/uk.po, src/po/eu.po: |
* configure.in: | |
Add Basque translation and sync Finish and Ukranian translations. |
Add Basque translation and sync Finish and Ukranian translations. |
[64af34789164] <1.8> | [66d2c78c8a13] |
|
|
* NEWS: |
|
Update PAM change to reflect latest checkin. |
|
[657cddf2077a] <1.8> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
FreeBSD no longer needs the main sudo binary to link with -lpam now |
FreeBSD no longer needs the main sudo binary to link with -lpam now |
that plug-ins are loaded with RTLD_GLOBAL. |
that plug-ins are loaded with RTLD_GLOBAL. |
[573a6f4b29af] <1.8> | [96c710df2457] |
|
|
* Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes | * plugins/sudoers/group_plugin.c, src/load_plugins.c: |
| Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes |
problems with pam modules not having access to symbols provided by |
problems with pam modules not having access to symbols provided by |
libpam on some platforms. Affects FreeBSD and SLES 10 at least. |
libpam on some platforms. Affects FreeBSD and SLES 10 at least. |
[4ec864fdba46] <1.8> | [0d016983ec84] |
|
|
* Makefile.in: |
* Makefile.in: |
Move xgettext invocation out of update-po target into update-pot |
Move xgettext invocation out of update-po target into update-pot |
[421ac1a073ea] <1.8> | [19a73c6d017c] |
|
|
2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Regenerate .pot files for 1.8.2rc2 |
Regenerate .pot files for 1.8.2rc2 |
[d2a891e3d3dd] <1.8> | [c3037f591dd8] |
|
|
* Makefile.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, |
| doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
| src/Makefile.in, zlib/Makefile.in: |
Move nls targets to the top level Makefile so the paths in the pot |
Move nls targets to the top level Makefile so the paths in the pot |
file are saner |
file are saner |
[6c256cb77f78] <1.8> | [65b9285cd8d9] |
|
|
* NEWS: | * src/po/fi.mo: |
Update 1.8.2 news | Add compiled version of sudo Finish translation |
[17bd04278b04] <1.8> | [8f2405384ea3] |
|
|
* Add compiled version of sudo Finish translation | * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: |
[ff9d20a02aa0] <1.8> | Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo |
| |
* Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo | |
files |
files |
[60c4f3b3829c] <1.8> | [a165e70fa9ec] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/fi.po: |
Add Finish translation from translationproject.org |
Add Finish translation from translationproject.org |
[ade788a35521] <1.8> | [4466f8a96ceb] |
|
|
* The group named by exempt_group should not have a % prefix. | 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com> |
[1f74c691c1e1] <1.8> | |
|
|
* Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" | * doc/sudoers.pod: |
[58d36c0e76f9] <1.8> | The group named by exempt_group should not have a % prefix. |
| [df084d6b32c8] |
|
|
* Fix compressed io log corruption in background mode by using _exit() | 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * doc/sudoers.pod: |
| Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" |
| [5113699a3f8b] |
| |
| 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * src/exec.c, src/exec_pty.c: |
| Fix compressed io log corruption in background mode by using _exit() |
instead of exit() to avoid flushing buffers twice. |
instead of exit() to avoid flushing buffers twice. |
|
|
Improved background mode support. When not allocating a pty, the |
Improved background mode support. When not allocating a pty, the |
command is run in its own process group. This prevents write access |
command is run in its own process group. This prevents write access |
to the tty. When running in a pty, stdin is not hooked up and we |
to the tty. When running in a pty, stdin is not hooked up and we |
never read from /dev/tty, which results in similar behavior. |
never read from /dev/tty, which results in similar behavior. |
[fe50d6a5c5b9] <1.8> | [87c15149894c] |
|
|
2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> | * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: |
| Clean up regress files Generate proper dependencies for regress objs |
* Clean up regress files Generate proper dependencies for regress objs | |
in compat |
in compat |
[264196584549] <1.8> | [88bfc728c1e7] |
|
|
* Add missing dependency for check_fill.o. | * plugins/sudoers/Makefile.in: |
[c41f4e6ff078] <1.8> | Add missing dependency for check_fill.o. |
| [0bd6362e3e17] |
|
|
2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add support for --enable-nls[=location] |
Add support for --enable-nls[=location] |
[0ea8e7bd1739] <1.8> | [b90db44a050f] |
|
|
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Include gettext.h | * plugins/sudoers/linux_audit.c: |
[fe8bab6403c6] <1.8> | Include gettext.h |
| [7f909a6e48cb] |
|
|
* Quiet gcc warnings. | * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: |
[aa16d09710a7] <1.8> | Quiet gcc warnings. |
| [b41a6cdca583] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Don't install .mo files if gettext was not found. |
Don't install .mo files if gettext was not found. |
[c6b233e829aa] <1.8> | [1397b34cc165] |
|
|
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Always allocate a pty when running a command in the background but | * src/exec.c: |
| Always allocate a pty when running a command in the background but |
call setsid() after forking to make sure we don't end up with a |
call setsid() after forking to make sure we don't end up with a |
controlling tty. |
controlling tty. |
[77c6b2923714] <1.8> | [b6454ba172e8] |
|
|
* Add missing space between command name and the first command line | * plugins/sudoers/iolog.c: |
| Add missing space between command name and the first command line |
argument. |
argument. |
[d0a36b9c0f38] <1.8> | [fe217f0a36d4] |
|
|
* Quiet a compiler warning on some platforms. | * plugins/sudoers/sudoreplay.c: |
[654e76cf0574] <1.8> | Quiet a compiler warning on some platforms. |
| [de9f2849f236] |
|
|
* README file that directs people to translationproject.org | * plugins/sudoers/po/README, src/po/README: |
[5545e9a5ae37] <1.8> | README file that directs people to translationproject.org |
| [30c0fc323281] |
|
|
* Sync translations with TP | * plugins/sudoers/po/uk.po, src/po/fi.po: |
[b054ce577022] <1.8> | Sync translations with TP |
| [1d7d64559cba] |
|
|
* Makefile.in: |
* Makefile.in: |
Add 'sync-po' target to top-level Makefile to rsync the po files |
Add 'sync-po' target to top-level Makefile to rsync the po files |
from translationproject.org. |
from translationproject.org. |
[87a5011b0410] <1.8> | [20508211aaa3] |
|
|
* install nls files from install target | * plugins/sudoers/Makefile.in: |
[a3feba9ef323] <1.8> | install nls files from install target |
| [5fc07b6cab38] |
|
|
* Makefile.in: | * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: |
Include .mo files in sudo binary packags. |
Include .mo files in sudo binary packags. |
[bc3ee7e7fb44] <1.8> | [278d4821a916] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/zh_CN.mo, |
| plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
Add simplified chinese translation |
Add simplified chinese translation |
[c22e6842c766] <1.8> | [2b33ffc755b9] |
|
|
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/uk.mo, |
| plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: |
Add ukranian translation |
Add ukranian translation |
[0bb9e6437f0f] <1.8> | [2d8102688e93] |
|
|
* refer to siglist.c, not ./siglist.c since not all makes will treat | * compat/Makefile.in: |
| refer to siglist.c, not ./siglist.c since not all makes will treat |
foo and ./foo the same. |
foo and ./foo the same. |
[909051ff6061] <1.8> | [6639d293ffba] |
|
|
* Set def_preserve_groups before searching for the command when the -P | * plugins/sudoers/sudoers.c: |
| Set def_preserve_groups before searching for the command when the -P |
flag is specified. |
flag is specified. |
[08e9378f50e4] <1.8> | [0edc7942f875] |
|
|
* Makefile.in: | * Makefile.in, compat/Makefile.in, mkdep.pl, |
| plugins/sudoers/Makefile.in: |
Add dependency for siglist.lo in compat. This is a generated file |
Add dependency for siglist.lo in compat. This is a generated file |
so "make depend" needs to depend on it. |
so "make depend" needs to depend on it. |
[e6c0daf36af0] <1.8> | [28d0932f8b50] |
|
|
* More dependency fixes. | * compat/Makefile.in: |
[7fed03624689] <1.8> | More dependency fixes. |
| [aad0d05cd020] |
|
|
* Fix a few dependencies. | * compat/Makefile.in: |
[7cb86c721961] <1.8> | Fix a few dependencies. |
| [eb21aa35a032] |
|
|
* Place compiled mo files in the src dir, not the build dir. When | * plugins/sudoers/Makefile.in, src/Makefile.in: |
| Place compiled mo files in the src dir, not the build dir. When |
installing compiled mo files, display a status message. |
installing compiled mo files, display a status message. |
[b87aa18a9968] <1.8> | [e15634c29cd3] |
|
|
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Tivoli Directory Server requires that seconds be present in a | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
| Tivoli Directory Server requires that seconds be present in a |
timestamp, even though RFC 4517 states that they are optional. |
timestamp, even though RFC 4517 states that they are optional. |
[47ebf110ea7a] <1.8> | [55fe23dd4ef9] |
|
|
* Add missing bit of copyright | * plugins/sudoers/sudo_nss.h: |
[d05d28a91bc4] <1.8> | Add missing bit of copyright |
| [d2eba3c364ca] |
|
|
* Mention cycle detection warnings | * doc/visudo.pod: |
[ee8231aa1aed] <1.8> | Mention cycle detection warnings |
| [a76bef15ab67] |
|
|
* When checking aliases, also check the contents of the alias in case | * plugins/sudoers/visudo.c: |
| When checking aliases, also check the contents of the alias in case |
there are problems with an alias that is referenced inside another. |
there are problems with an alias that is referenced inside another. |
Replace the self reference check with real alias cycle detection. |
Replace the self reference check with real alias cycle detection. |
[abcfe1bc95d8] <1.8> | [a66c904cf53b] |
|
|
* Set errno to ELOOP in alias_find() if there is a cycle. Set errno to | * plugins/sudoers/alias.c: |
| Set errno to ELOOP in alias_find() if there is a cycle. Set errno to |
ENOENT in alias_find() and alias_remove() if the entry could not be |
ENOENT in alias_find() and alias_remove() if the entry could not be |
found. |
found. |
[e73d169f4e9b] <1.8> | [b4f0b89e433c] |
|
|
* Increment alias_seqno before calls to alias_remove_recursive() to | * plugins/sudoers/visudo.c: |
| Increment alias_seqno before calls to alias_remove_recursive() to |
avoid false positives with the alias loop detection. Fixes spurious |
avoid false positives with the alias loop detection. Fixes spurious |
warnings about unused aliases when they are nested. |
warnings about unused aliases when they are nested. |
[ac094820ef19] <1.8> | [a344483b8193] |
|
|
* add mkdep.pl | * MANIFEST: |
[3721e9654ba6] <1.8> | add mkdep.pl |
| [86b7ed33eab2] |
|
|
* Add dependency on convenience libs to binaries | * plugins/sudoers/Makefile.in: |
[8a4db8226dfe] <1.8> | Add dependency on convenience libs to binaries |
| [cd3078b3c997] |
|
|
* Makefile.in: |
* Makefile.in: |
mkdep.pl only works when run from the src dir |
mkdep.pl only works when run from the src dir |
[2480427a0680] <1.8> | [f35a5e47c944] |
|
|
* Makefile.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, |
| plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
| plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
Auto-generate Makefile dependencies with a perl script. |
Auto-generate Makefile dependencies with a perl script. |
[ef5f56907d97] <1.8> | [a3e4afcd7975] |
|
|
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If the user specifies a runas group via sudo's -g option that | * plugins/sudoers/match.c: |
| If the user specifies a runas group via sudo's -g option that |
matches the runas user's group in the passwd database and that group |
matches the runas user's group in the passwd database and that group |
is not denied in the Runas_Spec, allow it. Thus, if user root's gid |
is not denied in the Runas_Spec, allow it. Thus, if user root's gid |
in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if |
in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if |
no groups are present in the Runas_Spec. |
no groups are present in the Runas_Spec. |
[942e1e7c5090] <1.8> | [e3f9732dc564] |
|
|
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * plugins/sudoers/Makefile.in, src/Makefile.in: |
Mention what is new in 1.8.2 (for now) | Add dependencies on gettext.h |
[d44b26eceee5] <1.8> | [a3a9dc51f78b] |
|
|
* Add dependencies on gettext.h | * plugins/sudoers/Makefile.in, src/Makefile.in: |
[32c61c6af852] <1.8> | Fix install-nls target with HP-UX sh when gettext is not present. |
| [0c6b9655cd41] |
|
|
* Fix install-nls target with HP-UX sh when gettext is not present. |
|
[3441cece9638] <1.8> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen for sudo 1.8.2 |
|
[9ea124b542cc] <1.8> |
|
|
|
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, |
| src/Makefile.in, src/po/sudo.pot: |
regenerate .pot files for lbuf changes |
regenerate .pot files for lbuf changes |
[a8a9cc62c3a5] <1.8> | [918ded125a0b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add missing "checking" message for gettext when using the cache. |
Add missing "checking" message for gettext when using the cache. |
[4136bc346576] <1.8> | [9c21187ad1d2] |
|
|
* Add primitive format string support to the lbuf code to make | * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, |
| plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, |
| src/parse_args.c: |
| Add primitive format string support to the lbuf code to make |
translations simpler. |
translations simpler. |
[22fc74618d09] <1.8> | [ee71c7ef5299] |
|
|
* configure, configure.in, plugins/sudoers/po/sudoers.pot, | * MANIFEST, plugins/sudoers/Makefile.in, |
src/po/sudo.pot: | plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: |
Bump version to 1.8.2 | Add message catalog template files for sudo and the sudoers module. |
[999de1ac5b3e] <1.8> | [f3f8acb1f014] |
|
|
* Add message catalog template files for sudo and the sudoers module. | * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, |
[6afad75e7afa] <1.8> | config.h.in, configure.in, doc/Makefile.in, include/gettext.h, |
| plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
* configure.in: | plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, |
| src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: |
Add gettext.h convenience header. This is similar to but distinct |
Add gettext.h convenience header. This is similar to but distinct |
from the one included with the gettext package. |
from the one included with the gettext package. |
[5ae5a86e0d06] <1.8> | [930a0591f73c] |
|
|
|
2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add checks for nroff -c and -Tascii flags |
Add checks for nroff -c and -Tascii flags |
[580c21905280] <1.8> | [19ca990b3149] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add check for HP bundled C Compiler (which cannot create shared |
Add check for HP bundled C Compiler (which cannot create shared |
libs) |
libs) |
[34f616cbb0f3] <1.8> | [517716a7072d] |
|
|
* Fix C format warnings. | * plugins/sudoers/sudoreplay.c: |
[f20a43a817f0] <1.8> | Fix C format warnings. |
| [6514326013fa] |
|
|
* Add __printflike | * include/error.h: |
[76bf8a4bf075] <1.8> | Add __printflike |
| [e1749a30a406] |
|
|
* Translate help / usage strings. | * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, |
[16c5b7902d4c] <1.8> | plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, |
| plugins/sudoers/visudo.c, src/parse_args.c: |
| Translate help / usage strings. |
| [ee1cc9b1a8bd] |
|
|
* Set --msgid-bugs-address to the bugzilla url | * plugins/sudoers/Makefile.in, src/Makefile.in: |
[3e3cfa7b4ceb] <1.8> | Set --msgid-bugs-address to the bugzilla url |
| [5a0aa250ca21] |
|
|
* INSTALL, Makefile.in, README, configure, configure.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, |
| configure.in, doc/Makefile.in, include/Makefile.in, |
| plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
| plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
Add scaffolding to update .po files and install .mo files. |
Add scaffolding to update .po files and install .mo files. |
[a51e60b35e47] <1.8> | [f05f4eed1fe1] |
|
|
* Minor warning/error cleanup | * doc/license.pod: |
[593144ac87ff] <1.8> | update copyright year |
| [fa0c62523875] |
|
|
* configure.in: | * INSTALL, README: |
| No need to include version number at the top of these files. |
| [9f2981325351] |
| |
| 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
| plugins/sudoers/visudo.c: |
| Minor warning/error cleanup |
| [9236dc85aeab] |
| |
| * config.h.in, configure.in: |
Emulate ngettext for the non-nls case |
Emulate ngettext for the non-nls case |
[7cdf82de4dee] <1.8> | [13571d63fa36] |
|
|
* Do not mark untranslatable strings for translation | * plugins/sudoers/ldap.c: |
[088271ed02d0] <1.8> | Do not mark untranslatable strings for translation |
| [735f5d4413fe] |
|
|
* Use ROOT_UID not 0. | * plugins/sudoers/check.c: |
[f901fa2fdaf2] <1.8> | Use ROOT_UID not 0. |
| [09a268db8da4] |
|
|
* Minor warning/error message cleanup | * plugins/sudoers/check.c, plugins/sudoers/iolog.c, |
[b99c7ef46236] <1.8> | plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, |
| src/load_plugins.c, src/sudo.c, src/sudo_edit.c: |
| Minor warning/error message cleanup |
| [3c7b1a7939b5] |
|
|
* cannot -> "unable to" in warning/error messages can't -> "unable to" | * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, |
in warning/error messages | plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
[5119140fabc7] <1.8> | plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, |
| src/exec_pty.c, src/net_ifs.c, src/selinux.c: |
| cannot -> "unable to" in warning/error messages |
| [31c3897649e9] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, |
|
src/sudo.c, src/utmp.c: |
|
can't -> "unable to" in warning/error messages |
|
[127b75f15291] |
|
|
* configure, configure.in: |
* configure, configure.in: |
FreeBSD needs the main sudo executable to link with -lpam when |
FreeBSD needs the main sudo executable to link with -lpam when |
loading dynaic pam modules for some reason. |
loading dynaic pam modules for some reason. |
[738b6778a505] <1.8> | [944522cc9bef] |
|
|
* We don't want to translate debugging messages. | 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
[357a575c2dfd] <1.8> | |
|
|
* configure, configure.in: | * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: |
| We don't want to translate debugging messages. |
| [56a1a365815a] |
| |
| * configure, configure.in, plugins/sudoers/Makefile.in, |
| plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, |
| src/Makefile.in, src/sesh.c, src/sudo.c: |
Add calls to bindtextdomain() and textdomain() Currently there are |
Add calls to bindtextdomain() and textdomain() Currently there are |
two domains, one for the sudo front-end and one for the sudoers |
two domains, one for the sudo front-end and one for the sudoers |
plugin and its associated utilities. |
plugin and its associated utilities. |
[907f39439d80] <1.8> | [0426138f789e] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix caching of libc gettext check. |
Fix caching of libc gettext check. |
[e229c21f412f] <1.8> | [942142d2c43a] |
|
|
* Mark defaults descriptions for translation | * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, |
[65e03d1f8203] <1.8> | plugins/sudoers/mkdefaults: |
| Mark defaults descriptions for translation |
| [5b27f018e6cf] |
|
|
* NEWS: |
* NEWS: |
Update for sudo 1.8.1p2 |
Update for sudo 1.8.1p2 |
[89c31f2aa11e] <1.8> | [747c4dee2ca7] |
|
|
* Quiet compiler warning when SELinux is enabled. | 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
[51b1d7c8aa86] <1.8> | |
|
|
* dd missing includes of libintl.h. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[25662143d36d] <1.8> | Quiet compiler warning when SELinux is enabled. |
| [1fbf77dda240] |
|
|
* Fix gettext marker. | * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, |
[7618856ba5de] <1.8> | src/error.c, src/net_ifs.c, src/sesh.c: |
| Add missing includes of libintl.h. |
| [bc1d66316082] |
|
|
* Include libint.h where needed. | * plugins/sudoers/auth/pam.c: |
[cc256b297b9d] <1.8> | Fix gettext marker. |
| [a5cf4ed66c66] |
|
|
* Prepare sudoers module messages for translation. | * common/aix.c, common/alloc.c, compat/strsignal.c, |
[1b7f0bbaa55f] <1.8> | plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: |
| Include libint.h where needed. |
| [2b0e5a663c7b] |
|
|
* Only check gid of sudoers file if it is group-readable. | * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, |
[f3cae943f35a] <1.8> | plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
| plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, |
| plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
| plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, |
| plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, |
| plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/gram.c, |
| plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, |
| plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
| plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
| plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, |
| plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, |
| plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
| plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
| plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
| Prepare sudoers module messages for translation. |
| [7212ae1909c5] |
|
|
* For AIX, keep calling authenticate() until reenter reaches 0. | * plugins/sudoers/sudoers.c: |
[e412676bac73] <1.8> | Only check gid of sudoers file if it is group-readable. |
| [50e3bc0cb242] |
|
|
|
* plugins/sudoers/auth/aix_auth.c: |
|
For AIX, keep calling authenticate() until reenter reaches 0. |
|
[e240815b74b1] |
|
|
|
2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Cache the status of the initial gettext() check. |
Cache the status of the initial gettext() check. |
[c32281768c0f] <1.8> | [32751ebe1704] |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add --disable-nls flag and improve checks for gettext. |
Add --disable-nls flag and improve checks for gettext. |
[b39674c1e538] <1.8> | [c7e6b17052de] |
|
|
* configure, configure.in: |
* configure, configure.in: |
When building with gcc on HP-UX, use -march=1.1 to produce portable |
When building with gcc on HP-UX, use -march=1.1 to produce portable |
binaries on a pa-risc2 host. Previously, the +Dportable option was |
binaries on a pa-risc2 host. Previously, the +Dportable option was |
used for the HP-UX C compiler but gcc always produced native |
used for the HP-UX C compiler but gcc always produced native |
binaries. |
binaries. |
[41351c23ad41] <1.8> | [8f4c749324d7] |
|
|
* Prepare sudo front end messages for translation. | 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com> |
[7807d6f74dac] <1.8> | |
|
|
* configure, configure.in: | * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, |
Add initial scaffolding to support localization via gettext() | src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, |
[cdbbff7e6376] <1.8> | src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, |
| src/sudo_edit.c, src/tgetpass.c, src/utmp.c: |
| Prepare sudo front end messages for translation. |
| [2fc2fabceccb] |
|
|
2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/license.pod: |
|
update copyright year |
|
[d681661f03cc] <1.8> |
|
|
|
* INSTALL, README: |
|
No need to include version number at the top of these files. |
|
[7e11f673f773] <1.8> |
|
|
|
* README: |
|
This is sudo 1.8.1 not 1.8.0 |
|
[4d674f230d8a] <1.8> |
|
|
|
2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't let the fnmatch/glob macros expand the function prototype. | * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: |
[d449e9a8f447] <1.8> | Add initial scaffolding to support localization via gettext() |
| [7d47b59fcf95] |
|
|
|
* compat/fnmatch.h, compat/glob.h: |
|
Don't let the fnmatch/glob macros expand the function prototype. |
|
[a9014aa0288e] |
|
|
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Resolve namespace collisions on HP-UX ia64 and possibly others by | * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: |
| Resolve namespace collisions on HP-UX ia64 and possibly others by |
adding a rpl_ prefix to our fnmatch and glob replacements and |
adding a rpl_ prefix to our fnmatch and glob replacements and |
#defining rpl_foo to foo in the header files. |
#defining rpl_foo to foo in the header files. |
[d23889375b21] <1.8> | [caa9b690a15d] |
|
|
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Split ALL, ROLE and TYPE into their own actions. Since you can only | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Split ALL, ROLE and TYPE into their own actions. Since you can only |
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in |
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in |
the non-SELinux case. This is safe because the actions are in one |
the non-SELinux case. This is safe because the actions are in one |
big switch() statement. |
big switch() statement. |
[0bd9b7e37ab1] <1.8> | [7473fc2cfa2c] |
|
|
* Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[8dec97b359e0] <1.8> | Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. |
| [9be3480c2865] |
|
|
* askpass moved from sudoers to sudo.conf in sudo 1.8.0 | 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com> |
[1001d87d82ed] <1.8> | |
|
|
* Remove obsolete warning about runas_default and ordering. Move | * doc/UPGRADE, doc/sudoers.pod: |
| askpass moved from sudoers to sudo.conf in sudo 1.8.0 |
| [b2c2956cec4e] |
| |
| * doc/sudoers.pod: |
| Remove obsolete warning about runas_default and ordering. Move |
syslog facility and priority lists into the section where the |
syslog facility and priority lists into the section where the |
relevant options are described. |
relevant options are described. |
[1286b9624021] <1.8> | [e57b8dc3f779] |
|
|
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix SIA support; we no longer have access to the real argc and argv | * plugins/sudoers/auth/sia.c: |
| Fix SIA support; we no longer have access to the real argc and argv |
so allocate space for a fake one and use the argv passed to the |
so allocate space for a fake one and use the argv passed to the |
plugin with "sudo" for argv[0]. |
plugin with "sudo" for argv[0]. |
[7c11eeffb91c] <1.8> | [1c0552772ad2] |
|
|
* Remove useless realloc when trying to get the buffer size right. | 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
[58128e7f4e28] <1.8> | |
|
|
* Be explicit when setting euid to 0 before call to setreuid(0, 0) | * src/net_ifs.c: |
[95769a564ab8] <1.8> | Remove useless realloc when trying to get the buffer size right. |
| [792225380a62] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Be explicit when setting euid to 0 before call to setreuid(0, 0) |
|
[7bfeb629fccb] |
|
|
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: |
|
sudo 1.8.1p1 updates |
|
[de3d688b5bb1] <1.8> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
Need to do checks for krb5_verify_user, krb5_init_secure_context and |
Need to do checks for krb5_verify_user, krb5_init_secure_context and |
krb5_get_init_creds_opt_alloc regardless of whether or | krb5_get_init_creds_opt_alloc regardless of whether or not |
notkrb5-config is present. | krb5-config is present. |
[456c4a9cd5d6] <1.8> | [9d1b98ece1d3] |
|
|
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Work around weird AIX saved uid semantics on setuid() and | * plugins/sudoers/set_perms.c: |
| Work around weird AIX saved uid semantics on setuid() and |
setreuid(). On AIX, setuid() will only set the saved uid if the euid |
setreuid(). On AIX, setuid() will only set the saved uid if the euid |
is already 0. |
is already 0. |
[5d0a69e9d181] <1.8> | [069fc08150ca] |
|
|
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* update copyright year | * sudo.pp: |
[fa8da6d55783] <1.8> | update copyright year |
| [1c42d579ba6e] |
|
|
* Treat a missing includedir like an empty one and do not return an | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Treat a missing includedir like an empty one and do not return an |
error. |
error. |
[5fd9fe004728] <1.8> | [92f71d8cbfd4] |
|
|
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix ARCH setting in cross-compile Solaris packages. | * pp: |
[8ce40940f6c9] <1.8> | Fix ARCH setting in cross-compile Solaris packages. |
| [b0de281cc889] |
|
|
* Fix aix version setting. | * sudo.pp: |
[02a9e25d46ba] <1.8> | Fix aix version setting. |
| [98437dbfb085] |
|
|
* Remove extraneous parens in LDAP filter when sudoers_search_filter | * plugins/sudoers/ldap.c: |
| Remove extraneous parens in LDAP filter when sudoers_search_filter |
is enabled that causes a search error. From Matthew Thomas. |
is enabled that causes a search error. From Matthew Thomas. |
[b67be9b51ec6] <1.8> | [1d75bf1fc8d9] |
|
|
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Correct sizeof() to fix test failure. | * plugins/sudoers/regress/iolog_path/check_iolog_path.c: |
[a11b89fd13f9] <1.8> | Correct sizeof() to fix test failure. |
| [fd2f7c0c0572] |
|
|
* "install" target should depend on "install-dirs". Fixes "make -j" | * plugins/sudoers/Makefile.in: |
| "install" target should depend on "install-dirs". Fixes "make -j" |
problem and closes bz #487. From Chris Coleman. |
problem and closes bz #487. From Chris Coleman. |
[06ab0558f848] <1.8> | [083902d38edb] |
|
|
2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgtags: |
|
Added tag SUDO_1_8_1 for changeset 0ed6281995f0 |
|
[543d41a163e9] <1.8> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen man pages for 1.8.1 |
|
[0ed6281995f0] [SUDO_1_8_1] <1.8> |
|
|
|
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add HAVE_RFC1938_SKEYCHALLENGE | * config.h.in: |
[c0d7eb39799d] <1.8> | Add HAVE_RFC1938_SKEYCHALLENGE |
| [a94cb33758a8] |
|
|
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Mention plugin loading and libgcc changes | * NEWS: |
[b74929cba37c] <1.8> | Mention plugin loading and libgcc changes |
| [e11b30b5026a] |
|
|
* Load plugins after parsing arguments and potentially printing the | * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: |
| Load plugins after parsing arguments and potentially printing the |
version. That way, an error loading or initializing a plugin |
version. That way, an error loading or initializing a plugin |
doesn't break "sudo -h" or "sudo -V". |
doesn't break "sudo -h" or "sudo -V". |
[c1ecb5979cf0] <1.8> | [1b76f2b096a2] |
|
|
* Makefile.in: |
* Makefile.in: |
When using a sub-shell to invoke the sub-make, exec make instead of |
When using a sub-shell to invoke the sub-make, exec make instead of |
running it inside the shell to avoid an extra process. |
running it inside the shell to avoid an extra process. |
[9439f016c993] <1.8> | [fd2c04a71fbf] |
|
|
* Stop testing unspecified behavior in fnmatch Make glob test more | * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: |
| Stop testing unspecified behavior in fnmatch Make glob test more |
portable |
portable |
[87a91d76fbff] <1.8> | [229803093725] |
|
|
* No need to add current dir to include path and having it breaks the | * compat/Makefile.in: |
| No need to add current dir to include path and having it breaks the |
test programs that expect to get the system glob.h and fnmatch.h |
test programs that expect to get the system glob.h and fnmatch.h |
[3ae7f9e7b710] <1.8> | [68085f624be4] |
|
|
* configure, configure.in: | * INSTALL, configure, configure.in: |
Fix and document --with-plugindir; partially from Diego Elio Petteno |
Fix and document --with-plugindir; partially from Diego Elio Petteno |
[0220a0c2606f] <1.8> | [07edc52ea89e] |
|
|
* Fix fnmatch and glob tests to not use hard-coded flag values in the | * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, |
| compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, |
| compat/regress/glob/globtest.in: |
| Fix fnmatch and glob tests to not use hard-coded flag values in the |
input file. Link test programs with libreplace so we get our |
input file. Link test programs with libreplace so we get our |
replacement verions as needed. |
replacement verions as needed. |
[66bab80241e0] <1.8> | [c2cca448f660] |
|
|
* Makefile.in: |
* Makefile.in: |
If make in a subdir fails, fail the target in the upper level |
If make in a subdir fails, fail the target in the upper level |
Makefile too. Adapted from a patch from Diego Elio Petteno |
Makefile too. Adapted from a patch from Diego Elio Petteno |
[bc35b7813507] <1.8> | [76fc9a0d96fd] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/auth/rfc1938.c: |
Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also |
Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also |
has this. Adapted from a patch from Diego Elio Petteno |
has this. Adapted from a patch from Diego Elio Petteno |
[bb6228f484b9] <1.8> | [a97279a59b93] |
|
|
* Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ | * plugins/sudoers/Makefile.in: |
| Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ |
directly. |
directly. |
[47e6d5fadc6d] <1.8> | [47b884029b3b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix warnings when -without-skey, --without-opie, --without-kerb4, |
Fix warnings when -without-skey, --without-opie, --without-kerb4, |
--without-kerb5 or --without-SecurID were specified. |
--without-kerb5 or --without-SecurID were specified. |
[1b75035dd129] <1.8> | [71ad150f4d24] |
|
|
* Add plugins/sudoers/sudoers_version.h | * MANIFEST: |
[1d470c6033ca] <1.8> | Add plugins/sudoers/sudoers_version.h |
| [7423966de440] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that |
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that |
now include LDFLAGS in the sudoers Makefile.in. Add missing settng |
now include LDFLAGS in the sudoers Makefile.in. Add missing settng |
of @LDFLAGS@ in plugin Makefile.in files. |
of @LDFLAGS@ in plugin Makefile.in files. |
[dd237f43aa12] <1.8> | [b835826f889c] |
|
|
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Mention %#gid support in User_List and Runas_List | * NEWS: |
[37e259b9181b] <1.8> | Mention %#gid support in User_List and Runas_List |
| [5a983dff017a] |
|
|
* Keep track of sudoers grammar version and report it in the -V | * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, |
| plugins/sudoers/visudo.c: |
| Keep track of sudoers grammar version and report it in the -V |
output. |
output. |
[0e0b891dd8a4] <1.8> | [52901a3c0296] |
|
|
* Add multiple inclusion guard | * plugins/sudoers/sudo_nss.h: |
[ec6884f51ea8] <1.8> | Add multiple inclusion guard |
| [50853aed046e] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
set it to -Wc,-static-libgcc if not using GNU ld so we don't |
set it to -Wc,-static-libgcc if not using GNU ld so we don't |
have a dependency on the shared libgcc in sudoers.so. |
have a dependency on the shared libgcc in sudoers.so. |
[28d03f3eb0d2] <1.8> | [66ad8bc5e32d] |
|
|
* Fix typo; from Petr Uzel | * doc/sudoers.pod: |
[d19b9bd92bd3] <1.8> | Fix typo; from Petr Uzel |
| [f9a7afd80892] |
|
|
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* In dump-only mode, use "root" as the default username instead of | * plugins/sudoers/testsudoers.c: |
| In dump-only mode, use "root" as the default username instead of |
"nobody" as the latter may not be available on all systems. |
"nobody" as the latter may not be available on all systems. |
[b304111616dd] <1.8> | [0c48e6414337] |
|
|
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Remove NewArgv/NewArgc, they are no longer needed. | * plugins/sudoers/testsudoers.c: |
[c0a36a42a68c] <1.8> | Remove NewArgv/NewArgc, they are no longer needed. |
| [16e18f734c7e] |
|
|
* Fix setting of user_args | * plugins/sudoers/testsudoers.c: |
[529e79ea95d1] <1.8> | Fix setting of user_args |
| [aa29e0d0a54a] |
|
|
* Add '!' token to lex tracing | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[aef295d428e7] <1.8> | Add '!' token to lex tracing |
| [5227ad266235] |
|
|
* Use group bin in test, not wheel as most systems have the bin group | * plugins/sudoers/regress/testsudoers/test1.sh: |
| Use group bin in test, not wheel as most systems have the bin group |
but the same is no longer true of wheel. |
but the same is no longer true of wheel. |
[350347f09c1a] <1.8> | [718802b3b45e] |
|
|
* Avoid using pre or post increment in a parameter to a ctype(3) | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Avoid using pre or post increment in a parameter to a ctype(3) |
function as it might be a macro that causes the increment to happen |
function as it might be a macro that causes the increment to happen |
more than once. |
more than once. |
[8a94ebdd53b8] <1.8> | [78e281152c3a] |
|
|
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Strip off the beta or release candidate version when building AIX | * sudo.pp: |
| Strip off the beta or release candidate version when building AIX |
packages. |
packages. |
[00ad950764e2] <1.8> | [28fe31668559] |
|
|
* configure, configure.in: |
* configure, configure.in: |
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx |
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx |
structure checks for glibc which only has __e_termination visible |
structure checks for glibc which only has __e_termination visible |
when _GNU_SOURCE is *not* defined. |
when _GNU_SOURCE is *not* defined. |
[1d58420a4a4a] <1.8> | [59ae1698911f] |
|
|
* getuserattr(user, ...) will fall back to the "default" entry | * common/aix.c: |
| getuserattr(user, ...) will fall back to the "default" entry |
automatically, there's no need to check "default" manually. |
automatically, there's no need to check "default" manually. |
[cefffa82967d] <1.8> | [3c7a47a61fdb] |
|
|
* Document parser changes. |
|
[5038238f60eb] <1.8> |
|
|
|
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: | * doc/UPGRADE: |
| Document parser changes. |
| [ec415503308d] |
| |
| * Makefile.in, common/Makefile.in, compat/Makefile.in, |
| doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
| src/Makefile.in, zlib/Makefile.in: |
If there is an existing sudoers file, only install if it passes a |
If there is an existing sudoers file, only install if it passes a |
syntax check. |
syntax check. |
[b1e4c9c56fe0] <1.8> | [37427c73e8cb] |
|
|
* Add runasgroup support to testsudoers | * plugins/sudoers/regress/sudoers/test6.out.ok, |
[30838590e9de] <1.8> | plugins/sudoers/testsudoers.c: |
| Add runasgroup support to testsudoers |
| [047ea5571f33] |
|
|
* For "make check", keep going even if a test fails. | * plugins/sudoers/Makefile.in: |
[d3a72f67227e] <1.8> | For "make check", keep going even if a test fails. |
| [ce6a0a73c372] |
|
|
* More useful exit codes: | * plugins/sudoers/testsudoers.c: |
| More useful exit codes: |
* 0 - parsed OK and command matched. |
* 0 - parsed OK and command matched. |
* 1 - parse error |
* 1 - parse error |
* 2 - command not matched |
* 2 - command not matched |
* 3 - command denied |
* 3 - command denied |
[59301e0769cd] <1.8> | [1d2ce1361903] |
|
|
* Document %#gid, and %:#nonunix_gid syntax. | * doc/sudoers.pod: |
[39ee15af58e9] <1.8> | Document %#gid, and %:#nonunix_gid syntax. |
| [492d4f9696c4] |
|
|
* Add support to user_in_group() for treating group names that begin | * plugins/sudoers/pwutil.c: |
| Add support to user_in_group() for treating group names that begin |
with a '#' as gids. |
with a '#' as gids. |
[0eb19980cf5f] <1.8> | [20240c94a134] |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, src/utmp.c: |
Add explicit check for struct utmpx.ut_exit.e_termination and struct |
Add explicit check for struct utmpx.ut_exit.e_termination and struct |
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update |
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update |
ut_exit if we detect one or the other. |
ut_exit if we detect one or the other. |
[ab5b665fc04b] <1.8> | [b4e8cab777e6] |
|
|
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add back missing #include of config.h | * plugins/sudoers/toke.c: |
[9c82bec81018] <1.8> | Add back missing #include of config.h |
| [9ab3897a1b2e] |
|
|
* Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like | * plugins/sudoers/iolog_path.c, |
| plugins/sudoers/regress/iolog_path/data: |
| Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like |
strftime() does. |
strftime() does. |
[1ae630470f8a] <1.8> | [93395762cdcd] |
|
|
* Quote first argument to AC_DEFUN(); from Elan Ruusamae | * aclocal.m4: |
[c467e9e3b399] <1.8> | Quote first argument to AC_DEFUN(); from Elan Ruusamae |
| [97f53ad31d77] |
|
|
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* add new sudoers tests | * MANIFEST: |
[05f2a0924acc] <1.8> | add new sudoers tests |
| [476af91b3da3] |
|
|
* Add test for a newline in the middle of a string when no line | * plugins/sudoers/regress/sudoers/test8.in, |
| plugins/sudoers/regress/sudoers/test8.out.ok, |
| plugins/sudoers/regress/sudoers/test8.toke.ok: |
| Add test for a newline in the middle of a string when no line |
continuation character is used. |
continuation character is used. |
[24b79be5822b] <1.8> | [de2394bc86ab] |
|
|
* Use bitwise AND instead of modulus to check for length being odd. A | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Use bitwise AND instead of modulus to check for length being odd. A |
newline in the middle of a string is an error unless a line |
newline in the middle of a string is an error unless a line |
continuation character is used. |
continuation character is used. |
[65c468599688] <1.8> | [bdb1d762a1d5] |
|
|
* Move lexer globals initialization into init_lexer. | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
[07a1171a1853] <1.8> | plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Move lexer globals initialization into init_lexer. |
| [1ce62211aadb] |
|
|
* Fix a potential crash when a non-regular file is present in an | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Fix a potential crash when a non-regular file is present in an |
includedir. Fixes bz #452 |
includedir. Fixes bz #452 |
[5057cb9516e4] <1.8> | [1586760c3525] |
|
|
* On some Linux systems, "uname -p" contains detailed processor info | * pp: |
| On some Linux systems, "uname -p" contains detailed processor info |
so check "uname -m" first and then "uname -p" if needed. Recognize |
so check "uname -m" first and then "uname -p" if needed. Recognize |
PLD Linux. |
PLD Linux. |
[56226c84a060] <1.8> | [b8535cb9012e] |
|
|
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't need all sudoers.h here. | * plugins/sudoers/redblack.c: |
[43b6ae5999c5] <1.8> | Don't need all sudoers.h here. |
| [8c0929f42dab] |
|
|
* Print sudo version early, in case policy plugin init fails. | * src/sudo.c: |
[620f2d0ec4b1] <1.8> | Print sudo version early, in case policy plugin init fails. |
| [47cddc4358bc] |
|
|
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update to match change in input. | * plugins/sudoers/regress/sudoers/test4.toke.ok: |
[69540f84721d] <1.8> | Update to match change in input. |
| [4a3af8e68790] |
|
|
* Make an empty group or netgroup a syntax error. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[4b85bddc494e] <1.8> | Make an empty group or netgroup a syntax error. |
| [66f51ddc2ff6] |
|
|
* An empty group or netgroup should be a syntax error. | * plugins/sudoers/regress/sudoers/test7.in, |
[6ec796972eff] <1.8> | plugins/sudoers/regress/sudoers/test7.out.ok, |
| plugins/sudoers/regress/sudoers/test7.toke.ok: |
| An empty group or netgroup should be a syntax error. |
| [bd5bf1e2edce] |
|
|
* Check that uids work in per-user and per-runas Defaults Check that | * plugins/sudoers/regress/sudoers/test6.in, |
| plugins/sudoers/regress/sudoers/test6.out.ok, |
| plugins/sudoers/regress/sudoers/test6.toke.ok: |
| Check that uids work in per-user and per-runas Defaults Check that |
uids and gids work in a Command_Spec |
uids and gids work in a Command_Spec |
[68cf62353420] <1.8> | [c5e848e6082b] |
|
|
* Test empty string in User_Alias and Command_Spec | * plugins/sudoers/regress/sudoers/test5.in, |
[017d487c31be] <1.8> | plugins/sudoers/regress/sudoers/test5.out.ok, |
| plugins/sudoers/regress/sudoers/test5.toke.ok: |
| Test empty string in User_Alias and Command_Spec |
| [3a084d777e03] |
|
|
* Allow a group ID in the User_Spec. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[37e0bf69c8d8] <1.8> | Allow a group ID in the User_Spec. |
| [bc2859eb71dc] |
|
|
* Return an error for the empty string when a word is expected. Allow |
|
an ID for per-user or per-runas Defaults. |
|
[4c9020779582] <1.8> |
|
|
|
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix printing "User_Alias FOO = ALL" | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[97c9fd7caeb7] <1.8> | Return an error for the empty string when a word is expected. Allow |
| an ID for per-user or per-runas Defaults. |
| [915c259b00ff] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix printing "User_Alias FOO = ALL" |
|
[ba58c3d548b3] |
|
|
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Better error message about invalid -C argument | * src/parse_args.c: |
[2301e7a3835b] <1.8> | Better error message about invalid -C argument |
| [c9a8d15bbf5d] |
|
|
* fix typo | * NEWS: |
[c5acde62a309] <1.8> | fix typo |
| [cdcfbafed013] |
|
|
* Fix placement of equal size ('=') in user specification summary. | * doc/sudoers.pod: |
[4d0ffef77ae4] <1.8> | Fix placement of equal size ('=') in user specification summary. |
| [5ad7178b230d] |
|
|
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* update to match sudoers regress | * MANIFEST: |
[0efb8dc9092a] <1.8> | update to match sudoers regress |
| [e04db0648717] |
|
|
* Restore ability to define TRACELEXER and have trace output go to | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Restore ability to define TRACELEXER and have trace output go to |
stderr. |
stderr. |
[441c8b372217] <1.8> | [d9531e4d1b20] |
|
|
* Restore old behavior of setting sawspace = TRUE for command line | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Restore old behavior of setting sawspace = TRUE for command line |
args when a line continuation character is hit to avoid causing |
args when a line continuation character is hit to avoid causing |
problems for existing sudoers files. |
problems for existing sudoers files. |
[963ded6ce070] <1.8> | [fd930ad25550] |
|
|
* Add test for line continuation and aliases | * plugins/sudoers/regress/sudoers/test4.in, |
[5703d11a3c46] <1.8> | plugins/sudoers/regress/sudoers/test4.out.ok, |
| plugins/sudoers/regress/sudoers/test4.toke.ok: |
| Add test for line continuation and aliases |
| [29ab538ca6bb] |
|
|
* Make test output line up nicely for parse vs. toke | * plugins/sudoers/Makefile.in: |
[15321ce2d7d9] <1.8> | Make test output line up nicely for parse vs. toke |
| [257ef82c1434] |
|
|
* plugins/sudoers/regress/testsudoers/test1.ok, | * plugins/sudoers/Makefile.in, |
| plugins/sudoers/regress/sudoers/test1.in, |
| plugins/sudoers/regress/sudoers/test1.out.ok, |
| plugins/sudoers/regress/sudoers/test1.toke.ok, |
| plugins/sudoers/regress/sudoers/test2.in, |
| plugins/sudoers/regress/sudoers/test2.out.ok, |
| plugins/sudoers/regress/sudoers/test2.toke.ok, |
| plugins/sudoers/regress/sudoers/test3.in, |
| plugins/sudoers/regress/sudoers/test3.out.ok, |
| plugins/sudoers/regress/sudoers/test3.toke.ok, |
| plugins/sudoers/regress/testsudoers/test1.ok, |
| plugins/sudoers/regress/testsudoers/test1.out.ok, |
| plugins/sudoers/regress/testsudoers/test1.sh, |
plugins/sudoers/regress/testsudoers/test2.out, |
plugins/sudoers/regress/testsudoers/test2.out, |
plugins/sudoers/regress/testsudoers/test2.sh, |
plugins/sudoers/regress/testsudoers/test2.sh, |
plugins/sudoers/regress/testsudoers/test3.ok, |
plugins/sudoers/regress/testsudoers/test3.ok, |
Line 1511
|
Line 4077
|
plugins/sudoers/regress/visudo/test1.sh: |
plugins/sudoers/regress/visudo/test1.sh: |
Move parser tests to sudoers directory and test the tokenizer output |
Move parser tests to sudoers directory and test the tokenizer output |
too. |
too. |
[111c1ccda334] <1.8> | [44f529b3cdb6] |
|
|
* If we match a rule anchored to the beginning of a line after parsing | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| If we match a rule anchored to the beginning of a line after parsing |
a line continuation character, return an ERROR token. It would be |
a line continuation character, return an ERROR token. It would be |
nicer to use REJECT instead but that substantially slows down the |
nicer to use REJECT instead but that substantially slows down the |
lexer. |
lexer. |
[67e54b14aa9d] <1.8> | [355478293f8c] |
|
|
* Move LEXTRACE macro to toke.h so we can use it in yyerror(). | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
[e6e04037deed] <1.8> | plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
| plugins/sudoers/toke.l: |
| Move LEXTRACE macro to toke.h so we can use it in yyerror(). |
| [72ee7a06d3ca] |
|
|
* Make lex tracing settable at run-time in testsudoers via the -t | 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
| plugins/sudoers/toke.l: |
| Make lex tracing settable at run-time in testsudoers via the -t |
flag. Trace output goes to stderr. Will be used by regress tests |
flag. Trace output goes to stderr. Will be used by regress tests |
to check lexer. |
to check lexer. |
[a973f43cc0c2] <1.8> | [93bd53c413c8] |
|
|
* Allow whitespace after the modifier in a Defaults entry. E.g. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Allow whitespace after the modifier in a Defaults entry. E.g. |
"Defaults: username set_home" |
"Defaults: username set_home" |
[bf876c9fc5bb] <1.8> | [9dfcf8dd8a3a] |
|
|
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't set CC when cross-compiling. | * mkpkg: |
[d3c33dcb02f2] <1.8> | Don't set CC when cross-compiling. |
| [4b95b0c04e1c] |
|
|
* Credit Matthew Thomas for the sudoers_search_filter changes. | * NEWS: |
[2209b80664af] <1.8> | Credit Matthew Thomas for the sudoers_search_filter changes. |
| [a65998ab09f7] |
|
|
* Add the .sym files to the MANIFEST | * MANIFEST: |
[bb452b28a009] <1.8> | Add the .sym files to the MANIFEST |
| [f599225cc861] |
|
|
* Update for sudo 1.8.1 beta | * NEWS: |
[700d42d80e00] <1.8> | Update for sudo 1.8.1 beta |
| [71021e854c49] |
|
|
* user_shell -> run_shell to avoid confusion with the user's SHELL | * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: |
| user_shell -> run_shell to avoid confusion with the user's SHELL |
variable. |
variable. |
[451b96d5f97e] <1.8> | [dc0ac6dafc21] |
|
|
* Save the controlling tty process group before suspending in pty | * src/exec_pty.c: |
| Save the controlling tty process group before suspending in pty |
mode. Previously, we assumed that the child pgrp == child pid |
mode. Previously, we assumed that the child pgrp == child pid |
(which is usually, but not always, the case). |
(which is usually, but not always, the case). |
[b0841d861191] <1.8> | [10b2883b7875] |
|
|
* Add support for sudoers_search_filter setting in ldap.conf. This | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
| Add support for sudoers_search_filter setting in ldap.conf. This |
can be used to restrict the set of records returned by the LDAP |
can be used to restrict the set of records returned by the LDAP |
query. |
query. |
[70c5f496e2b3] <1.8> | [b0f1b721d102] |
|
|
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Remove the hack to disable -g in CFLAGS unless --with-devel |
Remove the hack to disable -g in CFLAGS unless --with-devel |
[9459839f50ba] <1.8> | [89822cf84ef4] |
|
|
* The '@' character does not normally need to be quoted. | * doc/sudoers.pod: |
[e66c4c64e514] <1.8> | The '@' character does not normally need to be quoted. |
| [7823f5ed829a] |
|
|
* We normaly transition from GOTDEFS to STARTDEFS on whitespace, but | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| We normaly transition from GOTDEFS to STARTDEFS on whitespace, but |
if that whitespace is followed by a comma, we want to treat it as |
if that whitespace is followed by a comma, we want to treat it as |
part of a list and not transition. |
part of a list and not transition. |
[52ae2df9959d] <1.8> | [1ca6943e1824] |
|
|
* Add check for whitespace when a User_List is used for a per-user | * plugins/sudoers/regress/testsudoers/test3.ok, |
| plugins/sudoers/regress/testsudoers/test3.sh: |
| Add check for whitespace when a User_List is used for a per-user |
Defaults entry. |
Defaults entry. |
[44a4db95be86] <1.8> | [91f75e6dd19a] |
|
|
* Expand quoted name checks to cover recent fixes. | * plugins/sudoers/regress/testsudoers/test2.out, |
[bd494b5c2bed] <1.8> | plugins/sudoers/regress/testsudoers/test2.sh: |
| Expand quoted name checks to cover recent fixes. |
| [ce4f76bca146] |
|
|
* Fix parsing of double-quoted names in Defaults and Aliases which was | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Fix parsing of double-quoted names in Defaultd and Aliases which was |
broken in 601d97ea8792. |
broken in 601d97ea8792. |
[dfdd58c3eb3b] <1.8> | [424b0d6c1dc4] |
|
|
* toke_util.c lives in $(srcdir) not $(devdir) | * plugins/sudoers/Makefile.in: |
[94f8f024782e] <1.8> | toke_util.c lives in $(srcdir) not $(devdir) |
| [94866bebee83] |
|
|
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Update version to 1.8.1 | Change trunk version to 1.8.x to distinguish from real 1.8.0. |
[531a7d520f18] <1.8> | [a9781e61d064] |
|
|
* Document major changes in 1.8.1 and add upgrade notes. | * NEWS, doc/UPGRADE: |
[116821646140] <1.8> | Document major changes in 1.8.1 and add upgrade notes. |
| [f2cf51b0d9ce] |
|
|
* Be careful not to deref user_stat if it is NULL. This cannot | * plugins/sudoers/match.c: |
| Be careful not to deref user_stat if it is NULL. This cannot |
currently happen in sudo but might in other programs using the |
currently happen in sudo but might in other programs using the |
parser. |
parser. |
[d72a9c7151c4] <1.8> | [06a2334dd674] |
|
|
* configure will not add -O2 to CFLAGS if it is already defined to add | * mkpkg: |
| configure will not add -O2 to CFLAGS if it is already defined to add |
-O2 to the CFLAGS we pass in when PIE is being used. |
-O2 to the CFLAGS we pass in when PIE is being used. |
[2c7fe82be93d] <1.8> | [1ce6481ece59] |
|
|
* Warn about the dangers of log_input and mention iolog_file and | * doc/sudoers.pod: |
| Warn about the dangers of log_input and mention iolog_file and |
iolog_dir in the log_input and log_output descriptions. |
iolog_dir in the log_input and log_output descriptions. |
[edc6aa59aa45] <1.8> | [ae854ffb0768] |
|
|
* sync with git version | * pp: |
[b121cf739c77] <1.8> | sync with git version |
| [a993e39ce3cb] |
|
|
* It seems that h comes after i | * doc/sudoers.pod: |
[99ad15015f05] <1.8> | It seems that h comes after i |
| [0f621109220d] |
|
|
* Move log_input and log_output to their proper, sorted, location. | * doc/sudoers.pod: |
| Move log_input and log_output to their proper, sorted, location. |
Document set_utmp and utmp_runas. |
Document set_utmp and utmp_runas. |
[216ce8b0ae1a] <1.8> | [273b234b9c34] |
|
|
* Save the controlling tty process group before suspending so we can | * src/exec.c: |
| Save the controlling tty process group before suspending so we can |
restore it when we resume. Fixes job control problems on Linux |
restore it when we resume. Fixes job control problems on Linux |
caused by the previous attemp to fix resuming a shell when I/O |
caused by the previous attemp to fix resuming a shell when I/O |
logging not enabled. |
logging not enabled. |
[dfe038f733be] <1.8> | [f03a660315ee] |
|
|
* Fix printing of the remainder after a newline. Fixes "sudo -l" | * common/lbuf.c: |
| Fix printing of the remainder after a newline. Fixes "sudo -l" |
output corruption that could occur in some cases. |
output corruption that could occur in some cases. |
[ab2f0a629e0d] <1.8> | [25d83fb501fc] |
|
|
* Add support for ut_exit | 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
[7039ec6a73fa] <1.8> | |
|
|
* Add support for controlling whether utmp is updated and which user | * config.h.in, configure, configure.in, src/exec_pty.c, |
| src/sudo_exec.h, src/utmp.c: |
| Add support for ut_exit |
| [b574c13f1bba] |
| |
| * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, |
| plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
| plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, |
| src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: |
| Add support for controlling whether utmp is updated and which user |
is listed in the entry. |
is listed in the entry. |
[1b008ce71eab] <1.8> | [44a81632133f] |
|
|
* Fix typo; tupple vs. tuple | * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, |
[67bb5c67ae3d] <1.8> | plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, |
| plugins/sudoers/parse.c: |
| Fix typo; tupple vs. tuple |
| [697744acb710] |
|
|
* For legacy utmp, strip the /dev/ prefix before trying to determine | * src/utmp.c: |
| For legacy utmp, strip the /dev/ prefix before trying to determine |
slot since the ttys file does not include the /dev/ prefix. |
slot since the ttys file does not include the /dev/ prefix. |
[8f597114381d] <1.8> | [7ad5b81ff90c] |
|
|
* Add check for _PATH_UTMP | * aclocal.m4, configure, configure.in, pathnames.h.in: |
[fe7e2456f017] <1.8> | Add check for _PATH_UTMP |
| [21e638029bfd] |
|
|
* Adapt check_iolog_path to sessid changes | 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
[3016201869b6] <1.8> | |
|
|
* Redo utmp handling. If no getutent()/getutxent() is available, | * plugins/sudoers/regress/iolog_path/check_iolog_path.c: |
| Adapt check_iolog_path to sessid changes |
| [728b5fe2be6f] |
| |
| * config.h.in, configure, configure.in, src/Makefile.in, |
| src/exec_pty.c, src/sudo_exec.h, src/utmp.c: |
| Redo utmp handling. If no getutent()/getutxent() is available, |
assume a ttyslot-based utmp. If getttyent() is available, use that |
assume a ttyslot-based utmp. If getttyent() is available, use that |
directly instead of ttyslot() so we don't have to do the stdin dup2 |
directly instead of ttyslot() so we don't have to do the stdin dup2 |
dance. |
dance. |
[817490c7c20e] <1.8> | [18aa455cd140] |
|
|
* Move utmp handling into utmp.c | 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> |
[e4729d9259e9] <1.8> | |
|
|
* Update copyright years. | * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, |
[1065afc00233] <1.8> | src/utmp.c: |
| Move utmp handling into utmp.c |
| [f6eae6c8e012] |
|
|
2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> | * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, |
| common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, |
| compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, |
| compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, |
| compat/utimes.c, doc/sudo.pod, doc/visudo.pod, |
| include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
| plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, |
| plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, |
| plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, |
| plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, |
| plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, |
| plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
| plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
| plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
| plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, |
| plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, |
| plugins/sudoers/logging.c, plugins/sudoers/parse.c, |
| plugins/sudoers/parse.h, plugins/sudoers/redblack.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, |
| plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, |
| src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, |
| src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, |
| src/sudo_plugin_int.h, src/tgetpass.c: |
| Update copyright years. |
| [16aa39f9060a] |
|
|
* Add "user_shell" boolean as a way to indicate to the plugin that the | * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/parse_args.c: |
| Add "user_shell" boolean as a way to indicate to the plugin that the |
-s flag was given. |
-s flag was given. |
[6e8bc49b7ea7] <1.8> | [fb1ef0897b32] |
|
|
* Move sessid out of sudo_user. | * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
[00d67d5ba894] <1.8> | plugins/sudoers/sudoers.h: |
| Move sessid out of sudo_user. |
| [ba298ddb57f4] |
|
|
* Log the TSID even if it is not a simple session ID. | * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
[490cf0adae29] <1.8> | plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
| Log the TSID even if it is not a simple session ID. |
| [d7cc1b9c513c] |
|
|
* Document noexec in sample.sudo.conf and add back noexec_file section | * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: |
| Document noexec in sample.sudo.conf and add back noexec_file section |
in sudoers with a note that it is deprecated. |
in sudoers with a note that it is deprecated. |
[c7a2d8d0c563] <1.8> | [4a6e961e494d] |
|
|
* Fix running commands as non-root on systems where setreuid() changes | * plugins/sudoers/set_perms.c: |
| Fix running commands as non-root on systems where setreuid() changes |
the saved uid based on the effective uid we are changing to. |
the saved uid based on the effective uid we are changing to. |
[f3b27db56ba6] <1.8> | [df0769b71b34] |
|
|
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Move noexec path into sudo.conf now that sudo itself handles noexec. | * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, |
| src/sudo.h: |
| Move noexec path into sudo.conf now that sudo itself handles noexec. |
Currently can be configured in sudoers too but is now undocumented |
Currently can be configured in sudoers too but is now undocumented |
and will be removed in a future release. |
and will be removed in a future release. |
[9c5f64709994] <1.8> | [6fa8befdc110] |
|
|
* Document "Path noexec ..." in sudo.conf. No longer document | * doc/sudo.pod, doc/sudoers.pod: |
| Document "Path noexec ..." in sudo.conf. No longer document |
noexec_file in sudoers, it will be removed in a future release. |
noexec_file in sudoers, it will be removed in a future release. |
[959fa6b5217b] <1.8> | [24eee3a0b3e5] |
|
|
* Move noexec handling to sudo front-end where it is documented as | * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: |
| Move noexec handling to sudo front-end where it is documented as |
being. |
being. |
[ef6cd4a40c61] <1.8> | [3ed4f10d7052] |
|
|
* Add support for disabling exec via solaris privileges. Includes | * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, |
| src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
| src/sudo_exec.h: |
| Add support for disabling exec via solaris privileges. Includes |
preparation for moving noexec support out of sudoers and into front |
preparation for moving noexec support out of sudoers and into front |
end as documented. |
end as documented. |
[d9c05ba9a24f] <1.8> | [dec843ed553e] |
|
|
* Only export the symbols corresponding to the plugin structs. | * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, |
[cb07af1d9b39] <1.8> | plugins/sample_group/Makefile.in, |
| plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, |
| plugins/sudoers/sudoers.sym: |
| Only export the symbols corresponding to the plugin structs. |
| [8d8d03b0ca54] |
|
|
* Install plugins manually instead of using libtool. This works | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
| Install plugins manually instead of using libtool. This works |
around a problem on AIX where libtool will install a .a file |
around a problem on AIX where libtool will install a .a file |
containing the .so file instead of the .so file itself. |
containing the .so file instead of the .so file itself. |
[1ccf5af58c05] <1.8> | [796971cfbddb] |
|
|
* Makefile.in: |
* Makefile.in: |
Move check into its own rule since some versions of make will run |
Move check into its own rule since some versions of make will run |
both targets as the default rule. |
both targets as the default rule. |
[7159f37eb552] <1.8> | [34d759979176] |
|
|
* Update to libtool 2.2.10 | * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, |
[9e49773b32b7] <1.8> | m4/ltversion.m4, m4/lt~obsolete.m4: |
| Update to libtool 2.2.10 |
| [34c130de6af7] |
|
|
* In handle_signals(), restart the read() on EINTR to make sure we | 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * src/exec.c: |
| In handle_signals(), restart the read() on EINTR to make sure we |
keep up with the signal pipe. Don't return -1 on EAGAIN, it just |
keep up with the signal pipe. Don't return -1 on EAGAIN, it just |
means we have emptied the pipe. |
means we have emptied the pipe. |
[dc2926097b2d] <1.8> | [d5b9c8eb9000] |
|
|
* Reorder functions to quiet a compiler warning. | * compat/mktemp.c: |
[5201367e5db4] <1.8> | Reorder functions to quiet a compiler warning. |
| [c9e9a23729f0] |
|
|
* Use the Sun Studio C compiler on Solaris if possible | * mkpkg: |
[b8d43b423fb9] <1.8> | Use the Sun Studio C compiler on Solaris if possible |
| [11a86e27891e] |
|
|
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix default setting of osversion variable. | * mkpkg: |
[e12905851be5] <1.8> | Fix default setting of osversion variable. |
| [52e49ca1cedd] |
|
|
* Make two login_class entris consistent. | * doc/sudo_plugin.pod: |
[0671d7b204be] <1.8> | Make two login_class entris consistent. |
| [18ff1fa94a91] |
|
|
* Add support for adding a utmp entry when allocating a new pty. | * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, |
| src/sudo_exec.h: |
| Add support for adding a utmp entry when allocating a new pty. |
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). |
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). |
Currently only creates a new entry if the existing tty has a utmp |
Currently only creates a new entry if the existing tty has a utmp |
entry. |
entry. |
[40ff30099e79] <1.8> | [32db72b81d80] |
|
|
* Avoid pulling in headers we don't need on Linux For getutx?id(), | * plugins/sudoers/boottime.c: |
| Avoid pulling in headers we don't need on Linux For getutx?id(), |
call setutx?ent() first and always call endutx?ent(). |
call setutx?ent() first and always call endutx?ent(). |
[b86f7a13aae9] <1.8> | [5dad21e1ee1b] |
|
|
* Add some more libs to SUDOERS_LIBS instead of relying on them to be | * configure, configure.in: |
| Add some more libs to SUDOERS_LIBS instead of relying on them to be |
pulled in by SUDO_LIBS. |
pulled in by SUDO_LIBS. |
[bcbd16ec56c6] <1.8> | [18a7c21c09a7] |
|
|
* Fix return value of "sudo -l command" when command is not allowed, | * plugins/sudoers/sudoers.c: |
| Fix return value of "sudo -l command" when command is not allowed, |
broken in [c7097ea22111]. The default return value is now TRUE and |
broken in [c7097ea22111]. The default return value is now TRUE and |
a bad: label is used when permission is denied. Also fixed missing |
a bad: label is used when permission is denied. Also fixed missing |
permissions restoration on certain errors. On error()/errorx(), the |
permissions restoration on certain errors. On error()/errorx(), the |
password and group files are now closed before returning. |
password and group files are now closed before returning. |
[757c941a47b2] <1.8> | [4f2d0e869ae5] |
|
|
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix passing of login class back to sudo front end. | * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
[5e649de6b7f5] <1.8> | Fix passing of login class back to sudo front end. |
| [6f70a784ce48] |
|
|
* Add --osversion flag to specify OS instead of running "pp | * mkpkg: |
| Add --osversion flag to specify OS instead of running "pp |
--probeonly" |
--probeonly" |
[8a03943ac5e8] <1.8> | [a8efdccb7bc1] |
|
|
* Fix expr usage w/ GNU expr | * sudo.pp: |
[bdecfa1f54fc] <1.8> | Fix expr usage w/ GNU expr |
| [48895599ee63] |
|
|
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix exit value for validate and list mode. | * plugins/sudoers/sudoers.c: |
[6f8b20199935] <1.8> | Fix exit value for validate and list mode. |
| [c7097ea22111] |
|
|
* Fix non-interactive mode with sudoers plugin. | * plugins/sudoers/sudoers.c: |
[cf5aca4fcbcf] <1.8> | Fix non-interactive mode with sudoers plugin. |
| [172f29597bd2] |
|
|
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudoreplay can now find IDs other than %{seq} and display the | * doc/sudoreplay.pod: |
| sudoreplay can now find IDs other than %{seq} and display the |
session. |
session. |
[60396b417633] <1.8> | [fc3dd3be67e9] |
|
|
* Add support for replaying sessions when iolog_file is set to |
|
something other than %{seq}. |
|
[1cd2baa74d56] <1.8> |
|
|
|
2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If we are killed by a signal, display the name of the signal that | * plugins/sudoers/sudoreplay.c: |
| Add support for replaying sessions when iolog_file is set to |
| something other than %{seq}. |
| [ca3131243874] |
| |
| * plugins/sudoers/visudo.c: |
| If we are killed by a signal, display the name of the signal that |
got us. |
got us. |
[1b38c4d42282] <1.8> | [994bb76a990e] |
|
|
* Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS | * configure, configure.in: |
| Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS |
where they belong. |
where they belong. |
[78e97a921104] <1.8> | [40f94b936fa4] |
|
|
* Fix bug in skey/opie check that could cause a shell warning. | * configure.in: |
[f20229a04f30] <1.8> | Fix bug in skey/opie check that could cause a shell warning. |
| [83c043072be5] |
|
|
* No longer need sudo_getepw() stubs. | * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
[795631ac7db0] <1.8> | No longer need sudo_getepw() stubs. |
| [bbee15c36912] |
|
|
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix exit value of "sudo -l command" in sudoers module. | * plugins/sudoers/sudo_nss.c: |
[4a05d6019b3d] <1.8> | Fix exit value of "sudo -l command" in sudoers module. |
| [a6541867521b] |
|
|
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Use fgets() not fgetln() for portability. | * compat/regress/glob/globtest.c: |
[1f2050745096] <1.8> | Use fgets() not fgetln() for portability. |
| [df1bb67fb168] |
|
|
* Don't use the beta or release candidate version as the rpm release. | * sudo.pp: |
[a5b049477646] <1.8> | Don't use the beta or release candidate version as the rpm release. |
| [d661ef78021a] |
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> | |
| |
* Makefile.in: | |
Adjust ChangeLog rule now that 1.8 is branched | |
[a994ac361e44] <1.8> | |
| |
* .hgtags: | |
Added tag SUDO_1_8_0 for changeset f6530d56f6ae | |
[99a2b3801419] <1.8> | |
|
|
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|