--- embedaddon/sudo/ChangeLog 2013/07/22 10:46:10 1.1.1.4 +++ embedaddon/sudo/ChangeLog 2013/10/14 07:56:33 1.1.1.5 @@ -1,3 +1,775 @@ +2013-09-29 Todd C. Miller + + * include/missing.h: + Include stddef.h for rsize_t and errno_t on systems that support it + natively. + [bc547d47e9c6] + + * MANIFEST: + Fix braino. + [67b79747312f] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: + Rebuild message catalog files. + [0a9befb0674e] + + * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, + src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo, src/po/zh_CN.mo: + Rebuild message catalog files. + [25191089ddf2] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: + Czech translation for sudo from translationproject.org. + [8bc0ed069ddb] + +2013-09-18 Todd C. Miller + + * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, + src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, + src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.po: + Sync with translationproject.org + [c16f9bb4579e] + + * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Change "next" back to 2. In the context of "next Friday" we really + do want the friday of the upcoming (not current) week. + Unfortunately, this means that things like "next week" and "next + year" will match one more than we really want. Fixing this will + require some fairly major changes to the grammar. + [7f863c930121] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Mention that relative times don't always do what you might expect. + [710a9b0dd36f] + +2013-09-17 Todd C. Miller + + * doc/CONTRIBUTORS: + Add diacritical for Zdenek Behan. + [78d333f88e6c] + +2013-09-11 Todd C. Miller + + * src/regress/ttyname/check_ttyname.c: + Do not fail if ttyname() cannot determine the tty but sudo can. + Should fix problems with running "make check" under pbuilder. + [e6fc06a6c5cf] + + * plugins/sudoers/Makefile.in: + Remove extraneous $$CWD; from Bdale Garbee + [4d040ddd7446] + +2013-09-09 Todd C. Miller + + * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Make "this" and "next" qualifiers work a bit better. There is still + room for improvement as "this week" will use the current time + instead of the beginning of the week. That's a separate issue + though. + [e844c02f754a] + +2013-09-06 Todd C. Miller + + * common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c: + Mark main() public to silence a warning on HP-UX. + [ac0b869b9842] + +2013-09-03 Todd C. Miller + + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: + Be specific that we are talking about the Unix epoch; bug #615 + [25887775371b] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, + src/po/sudo.pot, src/selinux.c: + Do not use "setup" as a verb; bug #614 + [17c4750aac5f] + + * plugins/sudoers/iolog.c: + Fix logic goof when checking open() status. + [76ece1445d71] + + * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, + src/po/nl.po, src/po/ru.mo, src/po/ru.po: + Sync with translationproject.org + [21351498000f] + + * NEWS, plugins/sudoers/sudoreplay.c: + Work around a bug in sudo 1.8.7 timing files where the indexes are + off by two. + [4aa0cd58af58] + + * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/sudoreplay.c: + Repair writing of the I/O log file indices broken in sudo 1.8.7. + [6a5f867884f5] + +2013-08-31 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to improve the PAGERS noexec example a bit. + [226f11118daa] + +2013-08-30 Todd C. Miller + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document comment character in ldap.conf Clarify what is and is not + supported in TLS_KEYPW Mention that gsk8capicmd can be used to + create a stash file + [fb8f06ab4458] + +2013-08-26 Todd C. Miller + + * NEWS: + New bugs fixed for 1.8.8. + [c158df7cd9d2] + + * plugins/sudoers/visudo.c: + Fix setting of quiet flag when -q / --quiet is specified. Do not + print "sudoers: parsed OK" in quiet mode. + [df55acd57ce6] + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, + src/po/fi.po, src/po/it.mo, src/po/it.po: + Updated translations from translationproject.org + [e9e8abd23a28] + + * plugins/sudoers/check.c: + Don't allow root to change its SELinux role without a password. Bug + #611 + [f8b599acb29d] + +2013-08-21 Todd C. Miller + + * NEWS: + Mention new Mac OS X symbol interposition. + [98293b7c4e0f] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po, src/po/fr.mo, src/po/fr.po: + Updated translations from translationproject.org + [865be7454354] + + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add configure checks for the exec functions we will dummy out. This + is only really needed on Mac OS X when symbol interposition is being + performed but won't hurt elsewhere. + [49c20cf6bab0] + +2013-08-20 Todd C. Miller + + * config.h.in, configure, configure.in, src/Makefile.in, + src/sudo_noexec.c: + Fix installation of sudo_noexec on Mac OS X. Use library symbol + interposition on Mac OS X 10.4 and higher so we don't need to set + DYLD_FORCE_FLAT_NAMESPACE=1. + [a82999dff8e6] + +2013-08-17 Todd C. Miller + + * plugins/sudoers/ldap.c: + Fix error display from ldap_ssl_client_init(). There are two error + codes. The return value can be decoded via ldap_err2string() but + the ssl reason code cannot (you have to look it up in a table + online). + [0267125ce9f0] + +2013-08-19 Todd C. Miller + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix typo in tls_key example for Tivoli + [36599f424ac4] + + * src/parse_args.c: + Don't escape '$' when running "sudo -i command". Bug #564 + [17542d52f714] + + * plugins/sudoers/iolog_path.c: + Fix typo in comment. + [d0510ed5eaba] + + * plugins/sudoers/auth/pam.c: + Fix comment. + [4e89e0bfd6af] + + * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: + Quiet some gcc -Wformat=2 false positives + [28a2014b9822] + +2013-08-18 Todd C. Miller + + * plugins/sudoers/auth/pam.c: + Remove now-obsolete arg to env_merge() + [ba015cf5d935] + + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + Updated translations from translationproject.org + [72b6aeaba505] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: + French translation for sudo from translationproject.org. + [a72321771860] + + * plugins/sudoers/logging.h: + Add __printflike to audit_failure. + [1686b3699d41] + + * include/missing.h: + Use __nonnull__ attribute in __printflike. + [d123613a1fb6] + +2013-08-17 Todd C. Miller + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + When merging the PAM environment, allow environment variables set in + PAM to override ones set by sudo as long as they do not match the + env_keep or env_check lists. + [f3c64967fed7] + + * plugins/sudoers/auth/pam.c: + Call pam_getenvlist() after we've opened the session to get the + session-specific environment variables. + [b413fb9e1c77] + +2013-08-16 Todd C. Miller + + * NEWS: + option not flag + [08c31af7b818] + + * compat/getopt_long.c, config.h.in, configure, configure.in: + Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add + a check for optreset which is a BSD extension and provide a + definition in getopt_long.c if it is not present. + [3393e8d83400] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [f38f65830118] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: + Use lower case for the long option arguments to match the manual. + This is inconsistent with GNU but it is better to match the sudo + documentation. + [8fac2d64f5d2] + + * NEWS: + Sudo 1.8.8 + [105c73752474] + + * src/parse_args.c: + Use lower card for the long option arguments to match the manual. + This is inconsistent with GNU but it is better to match the sudo + documentation. + [af243dd39850] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Describe how remote command execution can be implemented. + [3eba7f93b7f6] + + * doc/sudoers.ldap.cat: + Bump version. + [0ee7f02f3627] + +2013-08-15 Todd C. Miller + + * src/sudo.c: + Make it a fatal error if the plugin returns invalid or out of range + command info. + [8a7e56c7584a] + + * plugins/sudoers/policy.c: + Use strtol() instead of atoi() and perform error checking of + parameters passed from the sudo front-end. + [05e05be3c6c4] + + * plugins/sudoers/auth/pam.c: + It is not possible for auth to be NULL here. + [771500e776e9] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Initialize user_runhost and user_srunhost to user_host and + user_shost in visudo and testsudoers. + [c47cca74e1fc] + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, + common/list.c, common/sudo_conf.c, common/sudo_debug.c, + compat/Makefile.in, compat/getopt_long.c, include/error.h, + include/fatal.h, plugins/sudoers/Makefile.in, + plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: + Rename error.h -> fatal.h now that there is no error() function. + [3a3827f10f04] + + * common/sudo_debug.c, include/sudo_debug.h: + Add support to the debug subsystem for zero-length strings. This + can happen for things like warning(NULL) or fatal(NULL) where we + just want to log the errno string. + [3ed739c5cc91] + + * include/error.h: + Add __printflike for vfatal, vfatalx, vwarning and vwarningx. + [57e65ed595d2] + + * plugins/sudoers/audit.c: + Need to include gettext.h for BSM audit. + [a87fda2d0123] + + * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, + src/parse_args.c, src/sudo.c: + Change some fatalx(NULL) that should be fatal(NULL). + [8b1efda9f578] + + * include/error.h, include/missing.h: + Use __printf0like for warning() and fatal() since the fmt string may + be NULL. + [858a890f00ad] + + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [98f47f89ce60] + + * mkpkg: + Enable bsm audit on Mac OS X and Solaris >= 11. + [8607488f986c] + + * plugins/sudoers/bsm_audit.c: + Fix compilation on Solaris 11. + [01aa46298ed7] + + * plugins/sudoers/bsm_audit.c: + Add missing missing.h + [080de69a55a1] + + * plugins/sudoers/sudoers.c: + Move the -C (user_closefrom) check until after set_cmnd() so that + closefrom_override can be used in a command-specific Defaults line. + Fixes bug #610 from Mengtao Sun. + [413565c6ff6b] + +2013-08-14 Todd C. Miller + + * src/exec.c: + If not using a pty and the child process gets SIGTTOU or SIGTTIN and + sudo is the foreground process, make the child the foreground + process and continue it. + [5ff433443bc4] + + * src/sudo.c: + If sudo is not setuid and was not invoked with a full path, look in + the user's PATH for the sudo binary to give a better error message. + [a740129a38f0] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.h: + Add limited support for "sudo -l -h other_host". Since group + lookups are done on the local host, rules that use group membership + may be incorrect if the group database is not synchronized between + hosts. + [2c8b222a5f7f] + + * src/parse_args.c: + Fix parsing of "-h host" when used in conjunction with the -l flag. + [62f3d726d52b] + + * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, + src/sudo_usage.h.in: + Simplify usage messages a bit and make --help output more closely + resemble GNU usage wrt long options. Sync usage and man page + SYNOPSYS sections and improve long options in the manual pages. Now + that we have long options we don't need to give the mnemonic for the + single-character options in the description. + [17b7e386955a] + +2013-08-13 Todd C. Miller + + * plugins/sudoers/logging.c: + Fix setting of mailer argv[0] to basename of mailerpath. No need to + strdup() mailerpath as it is not modified. + [8843cdd958ee] + + * plugins/sudoers/logging.c: + Make sure the mailer exists and is a regular file before trying to + exec it. + [b73d6214014f] + + * plugins/sudoers/timestamp.c: + If tty_tickets are enabled but there is no tty, use a ticket file + based on the parent pid. + [75408bd61ced] + + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: + Allow default plugin dir to be configured in sudo.conf. + [478883594cc5] + + * doc/CONTRIBUTORS: + UTF8 for Ruusamae, Elan; from Tae Wong + [02e0c95b4fa6] + +2013-08-12 Todd C. Miller + + * MANIFEST, common/regress/sudo_conf/test5.in, + common/regress/sudo_conf/test5.out.ok, + common/regress/sudo_conf/test6.in, + common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, + doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: + Don't allow max_groups to be set to zero, it just complicates things + needlessly. Fixes an assertion in visudo when there is a group- + based Defaults entry. + [d62a8ea32db9] + +2013-08-08 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/gidlist.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h: + Refactor code to parse list of gids into its own function that is + shared by the sudo front-end and the sudoers module. Make uid/gid + parse error be fatal, not just a warning. + [da3b2b06605c] + + * common/atoid.c: + Add function comment block. + [09a324de716f] + + * common/atoid.c: + Default text domain is now sudo, not sudoers. + [1acb1da6f304] + + * common/Makefile.in: + Update dependency for atoid.lo + [5e367cd44288] + + * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, + src/sudo.h: + Add endpointer and separator args to atoid() + [2077e4ed8578] + +2013-08-07 Todd C. Miller + + * compat/getgrouplist.c: + Use private version of atoid() to avoid a dependency on libcommon.a + (since that already depends on libreplace.a). + [7c12d63b0560] + + * doc/CONTRIBUTORS: + More UTF8 in names; from Tae Wong + [512b263f51c8] + + * compat/getgrouplist.c, plugins/sudoers/iolog.c, + plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: + Use atoid() in more places. + [06f4ae57c707] + + * MANIFEST, common/Makefile.in, common/atoid.c, + plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: + Move atoid() to common so it can be used in src and compat too. + [095d730701e4] + + * compat/closefrom.c: + Avoid a crash on Mac OS X 10.8 (at least) when we close + libdispatch's fds out from under it before executing the command. + Switch to just setting the close on exec flag instead. + [349ebf4987df] + + * doc/CONTRIBUTORS: + Convert to last, first for easier sorting and use UTF8 (including a + BOM). + [8c30d221bd75] + + * plugins/sudoers/atoid.c: + Add atoid() function to convert a string to an id_t (uid, gid or + pid). We have to be careful to choose() either strtol() or + strtoul() depending on whether the string appears to be signed or + unsigned. Always using strtoul() is unsafe on 64-bit platforms since + the uid might be represented as a negative number and (unsigned + long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. + Fixes a problem with uids larger than 0x7fffffff on 32-bit + platforms. + [5d818e399157] + + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Add atoid() function to convert a string to an id_t (uid, gid or + pid). We have to be careful to choose() either strtol() or + strtoul() depending on whether the string appears to be signed or + unsigned. Always using strtoul() is unsafe on 64-bit platforms since + the uid might be represented as a negative number and (unsigned + long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. + Fixes a problem with uids larger than 0x7fffffff on 32-bit + platforms. + [cd92246a710f] + + * plugins/sudoers/sudoers.c: + Avoid "perm stack underflow" error when logging the unknown uid + error. + [871514c713b7] + + * plugins/sudoers/set_perms.c: + In rewind_perms() there is nothing to do if perm_stack_depth == 0. + [98de335f47f0] + +2013-08-06 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: + Add pam_setcred sudoers option to allow the user to control whether + pam_setcred() is called on the user's behalf. + [4260a8e43073] + + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_service and pam_login_service sudoers settings to control + the service name passed to pam_start. + [5ea0e3588f3a] + + * mkpkg: + Newer Xcode places the SDKs under Xcode.app + [4b54379d5c45] + +2013-08-03 Todd C. Miller + + * MANIFEST, common/Makefile.in, common/zero_bytes.c, + compat/Makefile.in, compat/memset_s.c, config.h.in, configure, + configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, + mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c, plugins/sudoers/sha2.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, + src/tgetpass.c: + Implement memset_s() and use it instead of zero_bytes(). A new + constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the + max conversation reply length. This constant can be used as a max + value for memset_s() when clearing passwords filled in by the + conversation function. + [264ec146028e] + +2013-08-01 Todd C. Miller + + * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/system_group/Makefile.in: + Do not try to install plugins when shared modules are disabled + (sudoers already had the check). + [3d582c042042] + + * plugins/sudoers/Makefile.in: + Update dependencies to take into account compat/getopt.h and + compat/dlfcn.h. + [301fb31cd121] + + * src/Makefile.in: + Update dependencies now that sudo_usage.h is always included from + the build dir. + [c1ff70ec9515] + +2013-07-31 Todd C. Miller + + * plugins/sudoers/ldap.c: + Add some warnings and debugging to sasl ccname handling. + [467f415861f0] + + * plugins/sudoers/ldap.c: + Fix write loop invariant in sudo_krb5_copy_cc_file() + [6948cf6e9b9f] + +2013-07-30 Todd C. Miller + + * plugins/sudoers/ldap.c: + Strip off leading FILE: or WRFILE: prefix before trying to copy the + user's credential cache. + [56c16feab62f] + +2013-07-29 Todd C. Miller + + * src/sudo.c: + Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, + just save RLIMIT_NPROC in exec_setup() before the final setuid() and + restore it immediately after. We don't need to modify RLIMIT_NPROC + for simple euid changes, just for changing the real (and saved) uids + before we exec. This also means we no longer need to worry about + _SC_CHILD_MAX returning -1. Bug #565 + [1372f1909039] + +2013-07-28 Todd C. Miller + + * plugins/sudoers/ldap.c, src/preload.c: + Now that the ldap code runs with the real and effective uid set to + 0, it is not possible for the gssapi libs to find the user's krb5 + credential cache file. To work around this, we make a temporary + copy of the user's credential cache specified by KRB5CCNAME (opened + with the user's effective uid) and point gssapi to it. To set the + credential cache file name, we dynamically look up + gss_krb5_ccache_name() and use it if available, otherwise fall back + to setting KRB5CCNAME. + [8b86c134541a] + +2013-07-19 Todd C. Miller + + * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, + doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c: + Long option support for visudo and sudoreplay. + [91427968be71] + +2013-07-18 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, + src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: + Add support for long options and fix inclusion of sudo_usage.h with + modern gcc broken in 8597:1fcb7ba13018. + [d13134819944] + + * src/Makefile.in: + Add rule to rebuild sudo_usage.h when the .in file changes. + [59a32899e251] + + * compat/Makefile.in, mkdep.pl, src/Makefile.in: + Add make rules for building getopt_long.c + [5f57593b3a8b] + + * src/parse_args.c: + Make "-h hostname" work. Optional args in GNU getopt() only work + when there is no space between the option flag and the argument. + [b8258659cabb] + +2013-07-17 Todd C. Miller + + * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, + configure, configure.in, doc/LICENSE, src/parse_args.c: + Use getopt_long() so we can make the -h flag take an optional + argument. Includes a version for those without it. + [d1dd66c8a86b] + +2013-07-16 Todd C. Miller + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document that the -h option can be used specify a host name for + future plugins. + [8470c74cf326] + + * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: + Overload -h option to specify an optional hostname for remote + access. This is future-proofing; no policy plugins currently support + this. + [0e01d8c3c623] + + * configure, configure.in: + Bump version to 1.8.8 + [a1155bfaa28f] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document the remote_host setting (-h host) + [c737db906f5d] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + fix "the the" + [0025464a3942] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Do not error out if arg to -U option cannot be resolved, that is for + the plugin to decide. There is no need for runas_user and + runas_group to be global, make them local to parse_args() instead. + [fb02a62a72ba] + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, + src/po/pt_BR.mo, src/po/pt_BR.po: + Sync with translationproject.org + [e8f4772d918a] + +2013-07-11 Todd C. Miller + + * doc/TROUBLESHOOTING: + Remove old bits about sudo setuid problems that should have been + cleaned up in changeset 7917:fa4894896d8a. Also update the mode of + sudo to 04755 to match current packaging. + [1e3904cdc2de] + + * plugins/sudoers/auth/pam.c: + Go back to ignoring the return value of pam_setcred() since with + stacked PAM auth modules a failure from one module may override + PAM_SUCCESS from another. If the first module in the stack fails, + the others may be run (and succeed) but an error will be returned. + This can cause a spurious warning on systems with non-local users + (e.g. pam_ldap or pam_sss) where pam_unix is consulted first. + [b6022e26135a] + + * src/net_ifs.c: + Remove unused variable. + [93dde7d82fde] + + * NEWS: + Fix typo + [5ef79671c2c7] + +2013-07-09 Todd C. Miller + + * plugins/sudoers/sssd.c: + Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). + From Dan Harnett. + [4a0af6f12765] + +2013-06-18 Todd C. Miller + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix formatting typo; from Eric S. Raymond + [058b533ba460] + +2013-06-17 Todd C. Miller + + * mkpkg: + Use -gxcoff on aix so dbx can be used to debug sudo. + [4950e019ed2d] + 2013-06-12 Todd C. Miller * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: