Diff for /embedaddon/sudo/ChangeLog between versions 1.1.1.4 and 1.1.1.5

version 1.1.1.4, 2013/07/22 10:46:10 version 1.1.1.5, 2013/10/14 07:56:33
Line 1 Line 1
   2013-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Include stddef.h for rsize_t and errno_t on systems that support it
           natively.
           [bc547d47e9c6]
   
           * MANIFEST:
           Fix braino.
           [67b79747312f]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
           Rebuild message catalog files.
           [0a9befb0674e]
   
           * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
           src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
           src/po/vi.mo, src/po/zh_CN.mo:
           Rebuild message catalog files.
           [25191089ddf2]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
           Czech translation for sudo from translationproject.org.
           [8bc0ed069ddb]
   
   2013-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
           src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
           src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
           src/po/zh_CN.po:
           Sync with translationproject.org
           [c16f9bb4579e]
   
           * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Change "next" back to 2. In the context of "next Friday" we really
           do want the friday of the upcoming (not current) week.
           Unfortunately, this means that things like "next week" and "next
           year" will match one more than we really want. Fixing this will
           require some fairly major changes to the grammar.
           [7f863c930121]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Mention that relative times don't always do what you might expect.
           [710a9b0dd36f]
   
   2013-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add diacritical for Zdenek Behan.
           [78d333f88e6c]
   
   2013-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/regress/ttyname/check_ttyname.c:
           Do not fail if ttyname() cannot determine the tty but sudo can.
           Should fix problems with running "make check" under pbuilder.
           [e6fc06a6c5cf]
   
           * plugins/sudoers/Makefile.in:
           Remove extraneous $$CWD; from Bdale Garbee
           [4d040ddd7446]
   
   2013-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Make "this" and "next" qualifiers work a bit better. There is still
           room for improvement as "this week" will use the current time
           instead of the beginning of the week. That's a separate issue
           though.
           [e844c02f754a]
   
   2013-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c:
           Mark main() public to silence a warning on HP-UX.
           [ac0b869b9842]
   
   2013-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
           Be specific that we are talking about the Unix epoch; bug #615
           [25887775371b]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
           src/po/sudo.pot, src/selinux.c:
           Do not use "setup" as a verb; bug #614
           [17c4750aac5f]
   
           * plugins/sudoers/iolog.c:
           Fix logic goof when checking open() status.
           [76ece1445d71]
   
           * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
           src/po/nl.po, src/po/ru.mo, src/po/ru.po:
           Sync with translationproject.org
           [21351498000f]
   
           * NEWS, plugins/sudoers/sudoreplay.c:
           Work around a bug in sudo 1.8.7 timing files where the indexes are
           off by two.
           [4aa0cd58af58]
   
           * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
           plugins/sudoers/sudoreplay.c:
           Repair writing of the I/O log file indices broken in sudo 1.8.7.
           [6a5f867884f5]
   
   2013-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Try to improve the PAGERS noexec example a bit.
           [226f11118daa]
   
   2013-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Document comment character in ldap.conf Clarify what is and is not
           supported in TLS_KEYPW Mention that gsk8capicmd can be used to
           create a stash file
           [fb8f06ab4458]
   
   2013-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           New bugs fixed for 1.8.8.
           [c158df7cd9d2]
   
           * plugins/sudoers/visudo.c:
           Fix setting of quiet flag when -q / --quiet is specified. Do not
           print "sudoers: parsed OK" in quiet mode.
           [df55acd57ce6]
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
           src/po/fi.po, src/po/it.mo, src/po/it.po:
           Updated translations from translationproject.org
           [e9e8abd23a28]
   
           * plugins/sudoers/check.c:
           Don't allow root to change its SELinux role without a password. Bug
           #611
           [f8b599acb29d]
   
   2013-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention new Mac OS X symbol interposition.
           [98293b7c4e0f]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
           src/po/eo.po, src/po/fr.mo, src/po/fr.po:
           Updated translations from translationproject.org
           [865be7454354]
   
           * config.h.in, configure, configure.in, src/sudo_noexec.c:
           Add configure checks for the exec functions we will dummy out. This
           is only really needed on Mac OS X when symbol interposition is being
           performed but won't hurt elsewhere.
           [49c20cf6bab0]
   
   2013-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/Makefile.in,
           src/sudo_noexec.c:
           Fix installation of sudo_noexec on Mac OS X. Use library symbol
           interposition on Mac OS X 10.4 and higher so we don't need to set
           DYLD_FORCE_FLAT_NAMESPACE=1.
           [a82999dff8e6]
   
   2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Fix error display from ldap_ssl_client_init(). There are two error
           codes. The return value can be decoded via ldap_err2string() but
           the ssl reason code cannot (you have to look it up in a table
           online).
           [0267125ce9f0]
   
   2013-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Fix typo in tls_key example for Tivoli
           [36599f424ac4]
   
           * src/parse_args.c:
           Don't escape '$' when running "sudo -i command". Bug #564
           [17542d52f714]
   
           * plugins/sudoers/iolog_path.c:
           Fix typo in comment.
           [d0510ed5eaba]
   
           * plugins/sudoers/auth/pam.c:
           Fix comment.
           [4e89e0bfd6af]
   
           * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
           Quiet some gcc -Wformat=2 false positives
           [28a2014b9822]
   
   2013-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Remove now-obsolete arg to env_merge()
           [ba015cf5d935]
   
           * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           Updated translations from translationproject.org
           [72b6aeaba505]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
           French translation for sudo from translationproject.org.
           [a72321771860]
   
           * plugins/sudoers/logging.h:
           Add __printflike to audit_failure.
           [1686b3699d41]
   
           * include/missing.h:
           Use __nonnull__ attribute in __printflike.
           [d123613a1fb6]
   
   2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
           When merging the PAM environment, allow environment variables set in
           PAM to override ones set by sudo as long as they do not match the
           env_keep or env_check lists.
           [f3c64967fed7]
   
           * plugins/sudoers/auth/pam.c:
           Call pam_getenvlist() after we've opened the session to get the
           session-specific environment variables.
           [b413fb9e1c77]
   
   2013-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           option not flag
           [08c31af7b818]
   
           * compat/getopt_long.c, config.h.in, configure, configure.in:
           Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
           a check for optreset which is a BSD extension and provide a
           definition in getopt_long.c if it is not present.
           [3393e8d83400]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [f38f65830118]
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
           Use lower case for the long option arguments to match the manual.
           This is inconsistent with GNU but it is better to match the sudo
           documentation.
           [8fac2d64f5d2]
   
           * NEWS:
           Sudo 1.8.8
           [105c73752474]
   
           * src/parse_args.c:
           Use lower card for the long option arguments to match the manual.
           This is inconsistent with GNU but it is better to match the sudo
           documentation.
           [af243dd39850]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Describe how remote command execution can be implemented.
           [3eba7f93b7f6]
   
           * doc/sudoers.ldap.cat:
           Bump version.
           [0ee7f02f3627]
   
   2013-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Make it a fatal error if the plugin returns invalid or out of range
           command info.
           [8a7e56c7584a]
   
           * plugins/sudoers/policy.c:
           Use strtol() instead of atoi() and perform error checking of
           parameters passed from the sudo front-end.
           [05e05be3c6c4]
   
           * plugins/sudoers/auth/pam.c:
           It is not possible for auth to be NULL here.
           [771500e776e9]
   
           * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Initialize user_runhost and user_srunhost to user_host and
           user_shost in visudo and testsudoers.
           [c47cca74e1fc]
   
           * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
           common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
           common/list.c, common/sudo_conf.c, common/sudo_debug.c,
           compat/Makefile.in, compat/getopt_long.c, include/error.h,
           include/fatal.h, plugins/sudoers/Makefile.in,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
           src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
           Rename error.h -> fatal.h now that there is no error() function.
           [3a3827f10f04]
   
           * common/sudo_debug.c, include/sudo_debug.h:
           Add support to the debug subsystem for zero-length strings. This
           can happen for things like warning(NULL) or fatal(NULL) where we
           just want to log the errno string.
           [3ed739c5cc91]
   
           * include/error.h:
           Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
           [57e65ed595d2]
   
           * plugins/sudoers/audit.c:
           Need to include gettext.h for BSM audit.
           [a87fda2d0123]
   
           * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
           src/parse_args.c, src/sudo.c:
           Change some fatalx(NULL) that should be fatal(NULL).
           [8b1efda9f578]
   
           * include/error.h, include/missing.h:
           Use __printf0like for warning() and fatal() since the fmt string may
           be NULL.
           [858a890f00ad]
   
           * compat/pw_dup.c:
           Quiet a gcc "used uninitialized in this function" false positive.
           [98f47f89ce60]
   
           * mkpkg:
           Enable bsm audit on Mac OS X and Solaris >= 11.
           [8607488f986c]
   
           * plugins/sudoers/bsm_audit.c:
           Fix compilation on Solaris 11.
           [01aa46298ed7]
   
           * plugins/sudoers/bsm_audit.c:
           Add missing missing.h
           [080de69a55a1]
   
           * plugins/sudoers/sudoers.c:
           Move the -C (user_closefrom) check until after set_cmnd() so that
           closefrom_override can be used in a command-specific Defaults line.
           Fixes bug #610 from Mengtao Sun.
           [413565c6ff6b]
   
   2013-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           If not using a pty and the child process gets SIGTTOU or SIGTTIN and
           sudo is the foreground process, make the child the foreground
           process and continue it.
           [5ff433443bc4]
   
           * src/sudo.c:
           If sudo is not setuid and was not invoked with a full path, look in
           the user's PATH for the sudo binary to give a better error message.
           [a740129a38f0]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.h:
           Add limited support for "sudo -l -h other_host". Since group
           lookups are done on the local host, rules that use group membership
           may be incorrect if the group database is not synchronized between
           hosts.
           [2c8b222a5f7f]
   
           * src/parse_args.c:
           Fix parsing of "-h host" when used in conjunction with the -l flag.
           [62f3d726d52b]
   
           * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
           doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
           doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
           src/sudo_usage.h.in:
           Simplify usage messages a bit and make --help output more closely
           resemble GNU usage wrt long options. Sync usage and man page
           SYNOPSYS sections and improve long options in the manual pages. Now
           that we have long options we don't need to give the mnemonic for the
           single-character options in the description.
           [17b7e386955a]
   
   2013-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           Fix setting of mailer argv[0] to basename of mailerpath. No need to
           strdup() mailerpath as it is not modified.
           [8843cdd958ee]
   
           * plugins/sudoers/logging.c:
           Make sure the mailer exists and is a regular file before trying to
           exec it.
           [b73d6214014f]
   
           * plugins/sudoers/timestamp.c:
           If tty_tickets are enabled but there is no tty, use a ticket file
           based on the parent pid.
           [75408bd61ced]
   
           * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
           Allow default plugin dir to be configured in sudo.conf.
           [478883594cc5]
   
           * doc/CONTRIBUTORS:
           UTF8 for Ruusamae, Elan; from Tae Wong
           [02e0c95b4fa6]
   
   2013-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/regress/sudo_conf/test5.in,
           common/regress/sudo_conf/test5.out.ok,
           common/regress/sudo_conf/test6.in,
           common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
           doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
           Don't allow max_groups to be set to zero, it just complicates things
           needlessly. Fixes an assertion in visudo when there is a group-
           based Defaults entry.
           [d62a8ea32db9]
   
   2013-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/gidlist.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
           src/sudo.h:
           Refactor code to parse list of gids into its own function that is
           shared by the sudo front-end and the sudoers module. Make uid/gid
           parse error be fatal, not just a warning.
           [da3b2b06605c]
   
           * common/atoid.c:
           Add function comment block.
           [09a324de716f]
   
           * common/atoid.c:
           Default text domain is now sudo, not sudoers.
           [1acb1da6f304]
   
           * common/Makefile.in:
           Update dependency for atoid.lo
           [5e367cd44288]
   
           * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
           src/sudo.h:
           Add endpointer and separator args to atoid()
           [2077e4ed8578]
   
   2013-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c:
           Use private version of atoid() to avoid a dependency on libcommon.a
           (since that already depends on libreplace.a).
           [7c12d63b0560]
   
           * doc/CONTRIBUTORS:
           More UTF8 in names; from Tae Wong
           [512b263f51c8]
   
           * compat/getgrouplist.c, plugins/sudoers/iolog.c,
           plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
           Use atoid() in more places.
           [06f4ae57c707]
   
           * MANIFEST, common/Makefile.in, common/atoid.c,
           plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
           Move atoid() to common so it can be used in src and compat too.
           [095d730701e4]
   
           * compat/closefrom.c:
           Avoid a crash on Mac OS X 10.8 (at least) when we close
           libdispatch's fds out from under it before executing the command.
           Switch to just setting the close on exec flag instead.
           [349ebf4987df]
   
           * doc/CONTRIBUTORS:
           Convert to last, first for easier sorting and use UTF8 (including a
           BOM).
           [8c30d221bd75]
   
           * plugins/sudoers/atoid.c:
           Add atoid() function to convert a string to an id_t (uid, gid or
           pid). We have to be careful to choose() either strtol() or
           strtoul() depending on whether the string appears to be signed or
           unsigned. Always using strtoul() is unsafe on 64-bit platforms since
           the uid might be represented as a negative number and (unsigned
           long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
           Fixes a problem with uids larger than 0x7fffffff on 32-bit
           platforms.
           [5d818e399157]
   
           * MANIFEST, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h:
           Add atoid() function to convert a string to an id_t (uid, gid or
           pid). We have to be careful to choose() either strtol() or
           strtoul() depending on whether the string appears to be signed or
           unsigned. Always using strtoul() is unsafe on 64-bit platforms since
           the uid might be represented as a negative number and (unsigned
           long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
           Fixes a problem with uids larger than 0x7fffffff on 32-bit
           platforms.
           [cd92246a710f]
   
           * plugins/sudoers/sudoers.c:
           Avoid "perm stack underflow" error when logging the unknown uid
           error.
           [871514c713b7]
   
           * plugins/sudoers/set_perms.c:
           In rewind_perms() there is nothing to do if perm_stack_depth == 0.
           [98de335f47f0]
   
   2013-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
           Add pam_setcred sudoers option to allow the user to control whether
           pam_setcred() is called on the user's behalf.
           [4260a8e43073]
   
           * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
           Add pam_service and pam_login_service sudoers settings to control
           the service name passed to pam_start.
           [5ea0e3588f3a]
   
           * mkpkg:
           Newer Xcode places the SDKs under Xcode.app
           [4b54379d5c45]
   
   2013-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/zero_bytes.c,
           compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
           configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
           mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
           plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
           src/tgetpass.c:
           Implement memset_s() and use it instead of zero_bytes(). A new
           constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
           max conversation reply length. This constant can be used as a max
           value for memset_s() when clearing passwords filled in by the
           conversation function.
           [264ec146028e]
   
   2013-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/system_group/Makefile.in:
           Do not try to install plugins when shared modules are disabled
           (sudoers already had the check).
           [3d582c042042]
   
           * plugins/sudoers/Makefile.in:
           Update dependencies to take into account compat/getopt.h and
           compat/dlfcn.h.
           [301fb31cd121]
   
           * src/Makefile.in:
           Update dependencies now that sudo_usage.h is always included from
           the build dir.
           [c1ff70ec9515]
   
   2013-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Add some warnings and debugging to sasl ccname handling.
           [467f415861f0]
   
           * plugins/sudoers/ldap.c:
           Fix write loop invariant in sudo_krb5_copy_cc_file()
           [6948cf6e9b9f]
   
   2013-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Strip off leading FILE: or WRFILE: prefix before trying to copy the
           user's credential cache.
           [56c16feab62f]
   
   2013-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
           just save RLIMIT_NPROC in exec_setup() before the final setuid() and
           restore it immediately after. We don't need to modify RLIMIT_NPROC
           for simple euid changes, just for changing the real (and saved) uids
           before we exec. This also means we no longer need to worry about
           _SC_CHILD_MAX returning -1. Bug #565
           [1372f1909039]
   
   2013-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c, src/preload.c:
           Now that the ldap code runs with the real and effective uid set to
           0, it is not possible for the gssapi libs to find the user's krb5
           credential cache file. To work around this, we make a temporary
           copy of the user's credential cache specified by KRB5CCNAME (opened
           with the user's effective uid) and point gssapi to it. To set the
           credential cache file name, we dynamically look up
           gss_krb5_ccache_name() and use it if available, otherwise fall back
           to setting KRB5CCNAME.
           [8b86c134541a]
   
   2013-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
           doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
           doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c:
           Long option support for visudo and sudoreplay.
           [91427968be71]
   
   2013-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
           src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
           Add support for long options and fix inclusion of sudo_usage.h with
           modern gcc broken in 8597:1fcb7ba13018.
           [d13134819944]
   
           * src/Makefile.in:
           Add rule to rebuild sudo_usage.h when the .in file changes.
           [59a32899e251]
   
           * compat/Makefile.in, mkdep.pl, src/Makefile.in:
           Add make rules for building getopt_long.c
           [5f57593b3a8b]
   
           * src/parse_args.c:
           Make "-h hostname" work. Optional args in GNU getopt() only work
           when there is no space between the option flag and the argument.
           [b8258659cabb]
   
   2013-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
           configure, configure.in, doc/LICENSE, src/parse_args.c:
           Use getopt_long() so we can make the -h flag take an optional
           argument. Includes a version for those without it.
           [d1dd66c8a86b]
   
   2013-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document that the -h option can be used specify a host name for
           future plugins.
           [8470c74cf326]
   
           * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
           Overload -h option to specify an optional hostname for remote
           access. This is future-proofing; no policy plugins currently support
           this.
           [0e01d8c3c623]
   
           * configure, configure.in:
           Bump version to 1.8.8
           [a1155bfaa28f]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document the remote_host setting (-h host)
           [c737db906f5d]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           fix "the the"
           [0025464a3942]
   
           * src/parse_args.c, src/sudo.c, src/sudo.h:
           Do not error out if arg to -U option cannot be resolved, that is for
           the plugin to decide. There is no need for runas_user and
           runas_group to be global, make them local to parse_args() instead.
           [fb02a62a72ba]
   
           * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
           plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
           src/po/pt_BR.mo, src/po/pt_BR.po:
           Sync with translationproject.org
           [e8f4772d918a]
   
   2013-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Remove old bits about sudo setuid problems that should have been
           cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
           sudo to 04755 to match current packaging.
           [1e3904cdc2de]
   
           * plugins/sudoers/auth/pam.c:
           Go back to ignoring the return value of pam_setcred() since with
           stacked PAM auth modules a failure from one module may override
           PAM_SUCCESS from another. If the first module in the stack fails,
           the others may be run (and succeed) but an error will be returned.
           This can cause a spurious warning on systems with non-local users
           (e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
           [b6022e26135a]
   
           * src/net_ifs.c:
           Remove unused variable.
           [93dde7d82fde]
   
           * NEWS:
           Fix typo
           [5ef79671c2c7]
   
   2013-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sssd.c:
           Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
           From Dan Harnett.
           [4a0af6f12765]
   
   2013-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Fix formatting typo; from Eric S. Raymond
           [058b533ba460]
   
   2013-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg:
           Use -gxcoff on aix so dbx can be used to debug sudo.
           [4950e019ed2d]
   
 2013-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:          * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:

Removed from v.1.1.1.4  
changed lines
  Added in v.1.1.1.5


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>