summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2019-11-03 18:04:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2019-11-03 18:05:07 +0000
commitecac483390e8c5b75ddbb57d345f700457a9006a (patch)
tree2b8adde9ebef26c1f920579f3947fdfb281f753c
parentReleasing progress-linux version 1.8.28p1-1~progress5+u1. (diff)
downloadsudo-ecac483390e8c5b75ddbb57d345f700457a9006a.tar.xz
sudo-ecac483390e8c5b75ddbb57d345f700457a9006a.zip
Merging upstream version 1.8.29.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--ChangeLog5932
-rw-r--r--MANIFEST6
-rw-r--r--Makefile.in2
-rw-r--r--NEWS27
-rw-r--r--config.h.in3
-rwxr-xr-xconfigure42
-rw-r--r--configure.ac6
-rw-r--r--doc/Makefile.in2
-rw-r--r--doc/UPGRADE17
-rw-r--r--doc/sudo.conf.man.in6
-rw-r--r--doc/sudo.conf.mdoc.in6
-rw-r--r--doc/sudo.man.in34
-rw-r--r--doc/sudo.mdoc.in34
-rw-r--r--doc/sudo_plugin.man.in38
-rw-r--r--doc/sudo_plugin.mdoc.in36
-rw-r--r--doc/sudoers.ldap.man.in4
-rw-r--r--doc/sudoers.ldap.mdoc.in4
-rw-r--r--doc/sudoers.man.in229
-rw-r--r--doc/sudoers.mdoc.in293
-rw-r--r--doc/sudoers_timestamp.man.in6
-rw-r--r--doc/sudoers_timestamp.mdoc.in6
-rw-r--r--doc/visudo.man.in8
-rw-r--r--doc/visudo.mdoc.in8
-rw-r--r--examples/Makefile.in2
-rw-r--r--include/Makefile.in2
-rw-r--r--include/sudo_compat.h5
-rw-r--r--include/sudo_plugin.h2
-rw-r--r--include/sudo_util.h9
-rw-r--r--lib/util/Makefile.in130
-rw-r--r--lib/util/closefrom.c3
-rw-r--r--lib/util/getaddrinfo.c2
-rw-r--r--lib/util/getgrouplist.c4
-rw-r--r--lib/util/gidlist.c2
-rw-r--r--lib/util/regress/strtofoo/strtobool_test.c86
-rw-r--r--lib/util/regress/strtofoo/strtoid_test.c (renamed from lib/util/regress/atofoo/atofoo_test.c)129
-rw-r--r--lib/util/regress/strtofoo/strtomode_test.c79
-rw-r--r--lib/util/regress/strtofoo/strtonum_test.c123
-rw-r--r--lib/util/str2sig.c3
-rw-r--r--lib/util/strtoid.c124
-rw-r--r--lib/util/strtonum.c124
-rw-r--r--lib/util/sudo_conf.c2
-rw-r--r--lib/util/ttysize.c4
-rw-r--r--lib/util/util.exp.in3
-rw-r--r--lib/zlib/Makefile.in5
-rwxr-xr-xmkdep.pl2
-rw-r--r--plugins/group_file/Makefile.in5
-rw-r--r--plugins/group_file/getgrent.c2
-rw-r--r--plugins/sample/Makefile.in5
-rw-r--r--plugins/sudoers/Makefile.in23
-rw-r--r--plugins/sudoers/audit.c6
-rw-r--r--plugins/sudoers/boottime.c2
-rw-r--r--plugins/sudoers/cvtsudoers.c4
-rw-r--r--plugins/sudoers/cvtsudoers_json.c12
-rw-r--r--plugins/sudoers/cvtsudoers_pwutil.c8
-rw-r--r--plugins/sudoers/def_data.c8
-rw-r--r--plugins/sudoers/def_data.h4
-rw-r--r--plugins/sudoers/def_data.in6
-rw-r--r--plugins/sudoers/defaults.c6
-rw-r--r--plugins/sudoers/iolog.c18
-rw-r--r--plugins/sudoers/iolog_util.c13
-rw-r--r--plugins/sudoers/ldap.c6
-rw-r--r--plugins/sudoers/ldap_conf.c3
-rw-r--r--plugins/sudoers/logging.c117
-rw-r--r--plugins/sudoers/match.c4
-rw-r--r--plugins/sudoers/match_addr.c4
-rw-r--r--plugins/sudoers/parse_ldif.c194
-rw-r--r--plugins/sudoers/po/eo.mobin48087 -> 48204 bytes
-rw-r--r--plugins/sudoers/po/eo.po564
-rw-r--r--plugins/sudoers/po/fr.mobin55859 -> 55950 bytes
-rw-r--r--plugins/sudoers/po/fr.po559
-rw-r--r--plugins/sudoers/po/hr.mobin49952 -> 50700 bytes
-rw-r--r--plugins/sudoers/po/hr.po1272
-rw-r--r--plugins/sudoers/po/it.mobin50037 -> 50152 bytes
-rw-r--r--plugins/sudoers/po/it.po559
-rw-r--r--plugins/sudoers/po/ja.mobin56925 -> 57055 bytes
-rw-r--r--plugins/sudoers/po/ja.po559
-rw-r--r--plugins/sudoers/po/ko.mobin51270 -> 51972 bytes
-rw-r--r--plugins/sudoers/po/ko.po1213
-rw-r--r--plugins/sudoers/po/pl.mobin50709 -> 50837 bytes
-rw-r--r--plugins/sudoers/po/pl.po547
-rw-r--r--plugins/sudoers/po/pt.mobin49218 -> 49337 bytes
-rw-r--r--plugins/sudoers/po/pt.po559
-rw-r--r--plugins/sudoers/po/pt_BR.mobin50955 -> 51032 bytes
-rw-r--r--plugins/sudoers/po/pt_BR.po560
-rw-r--r--plugins/sudoers/po/sudoers.pot316
-rw-r--r--plugins/sudoers/po/sv.mobin48682 -> 48795 bytes
-rw-r--r--plugins/sudoers/po/sv.po561
-rw-r--r--plugins/sudoers/po/uk.mobin67966 -> 68120 bytes
-rw-r--r--plugins/sudoers/po/uk.po561
-rw-r--r--plugins/sudoers/po/zh_TW.mobin46336 -> 46422 bytes
-rw-r--r--plugins/sudoers/po/zh_TW.po565
-rw-r--r--plugins/sudoers/policy.c38
-rw-r--r--plugins/sudoers/pwutil.c62
-rw-r--r--plugins/sudoers/regress/cvtsudoers/test26.err.ok6
-rwxr-xr-xplugins/sudoers/regress/cvtsudoers/test26.sh7
-rw-r--r--plugins/sudoers/regress/iolog_path/check_iolog_path.c4
-rw-r--r--plugins/sudoers/regress/logging/check_wrap.c6
-rw-r--r--plugins/sudoers/regress/parser/check_addr.c2
-rw-r--r--plugins/sudoers/regress/starttime/check_starttime.c2
-rw-r--r--plugins/sudoers/sssd.c2
-rw-r--r--plugins/sudoers/starttime.c1
-rw-r--r--plugins/sudoers/sudoers.c27
-rw-r--r--plugins/sudoers/sudoers.h1
-rw-r--r--plugins/sudoers/testsudoers.c12
-rw-r--r--plugins/sudoers/tsgetgrpw.c6
-rw-r--r--plugins/sudoers/visudo.c4
-rw-r--r--plugins/system_group/Makefile.in5
-rw-r--r--plugins/system_group/system_group.c2
-rw-r--r--po/de.mobin20998 -> 21078 bytes
-rw-r--r--po/de.po350
-rw-r--r--po/eo.mobin19026 -> 19114 bytes
-rw-r--r--po/eo.po351
-rw-r--r--po/fr.mobin20749 -> 20840 bytes
-rw-r--r--po/fr.po346
-rw-r--r--po/hr.mobin19463 -> 19810 bytes
-rw-r--r--po/hr.po555
-rw-r--r--po/it.mobin20155 -> 20239 bytes
-rw-r--r--po/it.po344
-rw-r--r--po/ja.mobin23111 -> 23197 bytes
-rw-r--r--po/ja.po346
-rw-r--r--po/ko.mobin20933 -> 21188 bytes
-rw-r--r--po/ko.po543
-rw-r--r--po/pl.mobin20100 -> 20185 bytes
-rw-r--r--po/pl.po344
-rw-r--r--po/pt.mobin19569 -> 19645 bytes
-rw-r--r--po/pt.po346
-rw-r--r--po/pt_BR.mobin20215 -> 20291 bytes
-rw-r--r--po/pt_BR.po346
-rw-r--r--po/sudo.pot84
-rw-r--r--po/sv.mobin19274 -> 19364 bytes
-rw-r--r--po/sv.po348
-rw-r--r--po/tr.mobin19438 -> 19506 bytes
-rw-r--r--po/tr.po348
-rw-r--r--po/uk.mobin26984 -> 27109 bytes
-rw-r--r--po/uk.po348
-rw-r--r--po/zh_TW.mobin18752 -> 18824 bytes
-rw-r--r--po/zh_TW.po348
-rw-r--r--src/Makefile.in25
-rw-r--r--src/exec.c67
-rw-r--r--src/limits.c204
-rw-r--r--src/parse_args.c2
-rw-r--r--src/sesh.c2
-rw-r--r--src/sudo.c93
-rw-r--r--src/sudo.h49
-rw-r--r--src/ttyname.c4
145 files changed, 13722 insertions, 8697 deletions
diff --git a/ChangeLog b/ChangeLog
index c92b337..9696a83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,209 @@
+2019-10-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_8_29 for changeset e36c1e564efa
+ [e0f35f614a93] [tip] <1.8>
+
+ * Makefile.in:
+ Fix ChangeLog generation on a branch.
+ [e36c1e564efa] [SUDO_1_8_29] <1.8>
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/de.mo,
+ po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo,
+ po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo,
+ po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo,
+ po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo,
+ po/uk.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [cb43f71bd622] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac, doc/sudo.man.in,
+ doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/visudo.man.in, lib/util/Makefile.in, lib/util/getgrouplist.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/parse_args.c, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.29 into the 1.8 branch.
+ [743b37fb1153] <1.8>
+
+2019-10-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/strtonum.c:
+ Avoid invalid read when minval > maxval
+ [7f1a6f992e4f]
+
+2019-10-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, plugins/sudoers/policy.c, src/sudo.c:
+ Don't pass an invalid session or process group ID to the plugin.
+ Fixes a regression in 1.8.28 when there is no terminal session
+ leader.
+ [d9c626167b3c]
+
+2019-10-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [70f4543f177c]
+
+ * src/limits.c:
+ Not all systems support RLIMIT_NPROC and RLIMIT_RSS
+ [26b8e2afe755]
+
+ * doc/Makefile.in, examples/Makefile.in, include/Makefile.in,
+ lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Add depend target to all Makefile.in files.
+ [0a22d80ef716]
+
+ * NEWS, configure, configure.ac, doc/UPGRADE:
+ Sudo 1.8.29
+ [736c9a5c3720]
+
+ * MANIFEST, lib/util/Makefile.in, src/Makefile.in, src/exec.c,
+ src/limits.c, src/sudo.c, src/sudo.h:
+ Set resource limits in the sudo process to unlimited. We don't want
+ sudo to be limited by the caller's resource limits. The original
+ resource limits are restore before session setup.
+ [6c3bf214caf0]
+
+2019-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/starttime.c, src/ttyname.c:
+ Older FreeBSD needs sys/param.h included before sys/user.h. From
+ Darren Tucker
+ [88c060df0439]
+
+ * include/sudo_util.h, lib/util/getgrouplist.c, lib/util/gidlist.c,
+ lib/util/regress/strtofoo/strtoid_test.c, lib/util/strtoid.c,
+ lib/util/util.exp.in, plugins/group_file/getgrent.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/sudo.c:
+ Rename sudo_strtoid() to sudo_strtoidx() and add simplified
+ sudo_strtoid()
+ [94a418cdbae6]
+
+2019-10-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/UPGRADE, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/testsudoers.c, src/exec.c:
+ Refer to user-ID and group-ID instead of "user ID" and "group ID"
+ [36d7bd4ab52d]
+
+2019-10-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ sudoedit doesn't create a new PAM session so PAM umask does not
+ apply.
+ [8ae167d0ae7c]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, include/sudo_plugin.h,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/exec.c, src/sudo.c, src/sudo.h:
+ Change how the umask is handled with PAM and login.conf. If the
+ umask is explicitly set in sudoers, use that value regardless of
+ what is in PAM or login.conf. If using the default umask from
+ sudoers, allow PAM or login.conf to override it. Bug #900
+ [7c0a835ac512]
+
+2019-10-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/audit.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.c:
+ Add log_allowed and log_denied sudoers flags, defaulting to true.
+ [fb1e188a3d05]
+
+ * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
+ Enable security auditing malloc options for "make check".
+ [333632dd3134]
+
2019-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Be more consistent with how we talk about sudoers Defaults settings.
+ Use "flag" not "option" when referring to boolean flags. Use
+ "setting" in place of "Defaults setting" in most places. Use "the
+ foo option" instead of "sudo's foo option" for command line options.
+ [8058378c4b35]
+
+ * plugins/sudoers/Makefile.in:
+ No need to check existing sudoers file when installing to DESTDIR
+ This check can cause problems on systems where /etc/sudoers.d is not
+ readable.
+ [2ec01e9fe408]
+
+ * lib/util/str2sig.c:
+ Inclue sudo_util.h to get sudo_strtonum() prototype.
+ [8b0b4ee28d5f]
+
+ * lib/util/str2sig.c:
+ strtonum -> sudo_strtonum
+ [4d2363678583]
+
+ * MANIFEST:
+ Add split out strtofoo tests.
+ [0cc598502faf]
+
+ * lib/util/strtonum.c:
+ Make sure we don't go past the end of the string when out of range.
+ [2b89961c524a]
+
+ * lib/util/regress/strtofoo/strtonum_test.c, lib/util/strtonum.c:
+ Fix stronum() regress test and the errno value for out of range
+ numbers.
+ [3547d022bead]
+
+ * lib/util/Makefile.in, lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c:
+ Split atofoo.c regress into multiple tests.
+ [75b7547e33bd]
+
+ * .hgtags:
+ Added tag SUDO_1_8_28p1 for changeset 69d6caf0c3e0
+ [11c029ffdad3] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.28p1
+ [69d6caf0c3e0] [SUDO_1_8_28p1] <1.8>
+
* NEWS, configure, configure.ac:
Sudo 1.8.28p1
[09ceaddc94f9]
@@ -8,10 +212,75 @@
* plugins/sudoers/parse.c:
The fix for bug #869 broke "sudo -v" when verifypw=all (the default)
+ [718dc5caf5fd] <1.8>
+
+ * plugins/sudoers/parse.c:
+ The fix for bug #869 broke "sudo -v" when verifypw=all (the default)
[aac35bcd8584]
+2019-10-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/closefrom.c, lib/util/getaddrinfo.c, lib/util/strtonum.c,
+ lib/util/sudo_conf.c, lib/util/ttysize.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ src/parse_args.c, src/sesh.c, src/sudo.c, src/ttyname.c:
+ Use sudo_strtonum() explicitly instead of via a macro.
+ [f75f786eddd5]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/Makefile.in, lib/util/strtoid.c, lib/util/strtonum.c,
+ lib/util/util.exp.in, mkdep.pl:
+ Always use our own strtonum and implement sudo_strtoid in terms of
+ it.
+ [94b1114ef79d]
+
+ * plugins/sudoers/pwutil.c:
+ Use errno in warning when sudo_make_*_item() fails. Previously we
+ always said "out of memory" if not ENOENT.
+ [68e5a208c242]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/parse_ldif.c,
+ plugins/sudoers/regress/cvtsudoers/test26.err.ok,
+ plugins/sudoers/regress/cvtsudoers/test26.sh:
+ Reject non-LDIF input when converting from LDIF to sudoers or JSON.
+ [2d08d4aa0e01]
+
+ * .hgtags:
+ Added tag SUDO_1_8_28 for changeset 3b5377478dfa
+ [0dadefd5968e] <1.8>
+
2019-10-10 Todd C. Miller <Todd.Miller@sudo.ws>
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/cvtsudoers.cat, doc/sudo.cat,
+ doc/sudo.conf.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoers_timestamp.cat, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in,
+ lib/util/Makefile.in, lib/util/event.c, lib/util/getgrouplist.c,
+ lib/util/getline.c, mkpkg, plugins/group_file/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_event.h,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/testsudoers/test3.d/root,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.28 from tip into the 1.8 branch.
+ [3b5377478dfa] [SUDO_1_8_28] <1.8>
+
* plugins/sudoers/po/ca.mo, plugins/sudoers/po/da.mo,
plugins/sudoers/po/el.mo, plugins/sudoers/po/eu.mo,
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fur.mo,
@@ -27,6 +296,11 @@
regen
[362645d256b7]
+ * NEWS, lib/util/strtoid.c:
+ Treat an ID of -1 as invalid since that means "no change". Fixes
+ CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+ [83db8dba09e7]
+
* lib/util/regress/atofoo/atofoo_test.c,
plugins/sudoers/regress/testsudoers/test5.out.ok,
plugins/sudoers/regress/testsudoers/test5.sh:
@@ -34,11 +308,6 @@
testsudoers/test5 which relied upon gid -1 parsing.
[db06a8336c09]
- * NEWS, lib/util/strtoid.c:
- Treat an ID of -1 as invalid since that means "no change". Fixes
- CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
- [83db8dba09e7]
-
2019-10-06 Todd C. Miller <Todd.Miller@sudo.ws>
* INSTALL, configure, configure.ac:
@@ -156,6 +425,13 @@
Create new files with the umask specified in sudoers.
[4d0b6152834b]
+2019-09-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse_ldif.c:
+ More case-insensitive compare for LDAP attributes and string lists.
+ Only the ALL keyword should be compared case-sensitive.
+ [87cd688b2648]
+
2019-08-30 Todd C. Miller <Todd.Miller@sudo.ws>
* src/sudo.h:
@@ -1170,6 +1446,21 @@
void in cases where snprintf cannot fail
[2af6dfb31a49]
+2019-01-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_8_27 for changeset b28989f9ada5
+ [fcd7a6d8330e] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac, doc/CONTRIBUTORS,
+ doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c:
+ merge sudo 1.8.27 from tip
+ [b28989f9ada5] [SUDO_1_8_27] <1.8>
+
2019-01-07 Todd C. Miller <Todd.Miller@sudo.ws>
* NEWS:
@@ -1385,6 +1676,30 @@
2018-11-12 Todd C. Miller <Todd.Miller@sudo.ws>
+ * .hgtags:
+ Added tag SUDO_1_8_26 for changeset 02d6cbd61499
+ [653de4bdaf6b] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, lib/util/Makefile.in, lib/util/event.c,
+ lib/util/getgrouplist.c, plugins/group_file/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_util.h,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/exec_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo.c,
+ src/ttyname.c:
+ merge sudo 1.8.26 from tip
+ [02d6cbd61499] [SUDO_1_8_26] <1.8>
+
* NEWS:
Mention schema.olcSudo
[320adcd29a61]
@@ -1719,14 +2034,6 @@
Add --enable-pvs-studio configure option to create PVS-Studio.cfg.
[772e86227c11]
- * .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in,
- include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
- mkdep.pl, plugins/group_file/Makefile.in,
- plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
- plugins/system_group/Makefile.in, src/Makefile.in:
- Add pvs-studio target and associated production rules.
- [3dbcef5ac205]
-
* lib/util/aix.c, lib/util/arc4random.c,
lib/util/arc4random_uniform.c, lib/util/closefrom.c,
lib/util/digest.c, lib/util/digest_gcrypt.c,
@@ -1826,6 +2133,14 @@
Add comments in .c files so PVS-Studio will check them.
[b42b6dcb48a6]
+ * .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ mkdep.pl, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add pvs-studio target and associated production rules.
+ [3dbcef5ac205]
+
2018-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
* plugins/sudoers/iolog_util.c:
@@ -2131,6 +2446,14 @@
2018-09-12 Todd C. Miller <Todd.Miller@sudo.ws>
+ * .hgtags:
+ Added tag SUDO_1_8_25p1 for changeset 8978f707313d
+ [0713e60b5159] <1.8>
+
+ * NEWS, configure, configure.ac, doc/CONTRIBUTORS:
+ merge sudo 1.8.25p1 from tip
+ [8978f707313d] [SUDO_1_8_25p1] <1.8>
+
* doc/CONTRIBUTORS:
Add Kan Sasaki
[ff277fb5b0c9]
@@ -2147,6 +2470,21 @@
2018-09-02 Todd C. Miller <Todd.Miller@sudo.ws>
+ * .hgtags:
+ Added tag SUDO_1_8_25 for changeset 614440f3c9a5
+ [6ea93b83e610] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac, doc/CONTRIBUTORS,
+ doc/sudo.cat, doc/sudo_plugin.cat, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat,
+ lib/util/Makefile.in, lib/util/event.c, mkpkg,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/exec_pty.c:
+ Merge sudo 1.8.25 from tip
+ [614440f3c9a5] [SUDO_1_8_25] <1.8>
+
* plugins/sudoers/po/sudoers.pot:
regen
[04afa00445ef]
@@ -2378,13 +2716,6 @@
Only include stdarg.h if we need it.
[c266d34454ba]
- * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c,
- plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
- plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c,
- src/sudo_noexec.c:
- Include stddef.h for offsetof() definition.
- [15d13ae1ba46]
-
* plugins/sudoers/bsm_audit.c, plugins/sudoers/timestamp.c:
fix compiler warnings on Solaris 11
[6c92c438a38e]
@@ -2393,6 +2724,13 @@
Fix setting of errno when gotdata() fails.
[4fab71fa575f]
+ * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c,
+ src/sudo_noexec.c:
+ Include stddef.h for offsetof() definition.
+ [15d13ae1ba46]
+
* NEWS:
Bugs 846 and 847
[a0ba7ad24812]
@@ -2469,16 +2807,16 @@
2018-08-19 Todd C. Miller <Todd.Miller@sudo.ws>
- * plugins/sudoers/iolog.c:
- Use a monotonic timer that only runs while not suspended for the
- iolog timing values and write nsec-precision entries.
- [7f37f0b24ce7]
-
* aclocal.m4, config.h.in, configure, configure.ac,
include/sudo_util.h, lib/util/gettime.c, lib/util/util.exp.in:
Add sudo_gettime_uptime() to measure time while not sleeping.
[a128e7d51740]
+ * plugins/sudoers/iolog.c:
+ Use a monotonic timer that only runs while not suspended for the
+ iolog timing values and write nsec-precision entries.
+ [7f37f0b24ce7]
+
2018-08-18 Todd C. Miller <Todd.Miller@sudo.ws>
* mkpkg:
@@ -2493,6 +2831,25 @@
using it.
[4ea419ac5bee]
+ * .hgtags:
+ Added tag SUDO_1_8_24 for changeset e708ac0bf63a
+ [e05f06e9bd46] <1.8>
+
+ * Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/visudo.cat, doc/visudo.man.in, lib/util/Makefile.in,
+ lib/util/getgrouplist.c, mkpkg, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/filedigest_gcrypt.c,
+ plugins/sudoers/filedigest_openssl.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/parse_args.c, src/sudo.c:
+ merge sudo 1.8.24 from tip
+ [e708ac0bf63a] [SUDO_1_8_24] <1.8>
+
* NEWS:
Fix for Bug #844
[51cfeb79669c]
@@ -2514,16 +2871,16 @@
Fix get_starttime() on HP-UX.
[329a4ad9f4ef]
- * src/net_ifs.c:
- Avoid a compilation problem on HP-UX 11.31 with gcc and
- machine/sys/getppdp.h
- [b861e894271b]
-
* mkpkg:
Detect number of CPUs on HP-UX. Use MAKE environment variable if
set.
[c95ab5d6d392]
+ * src/net_ifs.c:
+ Avoid a compilation problem on HP-UX 11.31 with gcc and
+ machine/sys/getppdp.h
+ [b861e894271b]
+
2018-08-16 Todd C. Miller <Todd.Miller@sudo.ws>
* plugins/sudoers/Makefile.in:
@@ -2556,12 +2913,6 @@
sync with translationproject.org
[19f7eba39013]
-2018-08-08 Todd C. Miller <Todd.Miller@sudo.ws>
-
- * NEWS:
- sync
- [1448675b44aa]
-
2018-08-11 Todd C. Miller <Todd.Miller@sudo.ws>
* plugins/sudoers/iolog.c:
@@ -2575,6 +2926,12 @@
sync with translationproject.org
[4109b52f393f]
+2018-08-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ sync
+ [1448675b44aa]
+
2018-08-07 Todd C. Miller <Todd.Miller@sudo.ws>
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
@@ -2897,12 +3254,6 @@
2018-05-24 Todd C. Miller <Todd.Miller@sudo.ws>
- * lib/util/Makefile.in, lib/util/mktemp.c,
- plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c,
- plugins/sudoers/insults.h:
- Use arc4random for mkstemp() and insults.
- [b8c7447756f2]
-
* MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h,
lib/util/Makefile.in, lib/util/arc4random.c, lib/util/arc4random.h,
lib/util/arc4random_uniform.c, lib/util/chacha_private.h,
@@ -2912,6 +3263,12 @@
fallback code does not have as many OS-specific bits as libressl.
[310d65e466bd]
+ * lib/util/Makefile.in, lib/util/mktemp.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/insults.h:
+ Use arc4random for mkstemp() and insults.
+ [b8c7447756f2]
+
* MANIFEST, configure, configure.ac, include/sudo_digest.h,
lib/util/Makefile.in, lib/util/digest.c, lib/util/digest_gcrypt.c,
lib/util/digest_openssl.c, lib/util/util.exp.in, mkdep.pl,
@@ -3161,6 +3518,26 @@
2018-04-29 Todd C. Miller <Todd.Miller@sudo.ws>
+ * .hgtags:
+ Added tag SUDO_1_8_23 for changeset 39986613b42f
+ [d98428bb8e4c] <1.8>
+
+ * INSTALL, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, lib/util/event.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c, po/sudo.pot, src/exec_pty.c,
+ src/load_plugins.c, src/parse_args.c, src/sudo.c, src/ttyname.c:
+ merge sudo 1.8.23 from tip
+ [39986613b42f] [SUDO_1_8_23] <1.8>
+
* configure, configure.ac:
fix version
[bfed601130b5]
@@ -3385,6 +3762,13 @@
sync with translationproject.org
[3495b17becb0]
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c:
+ Prune alias contents when pruning and expanding aliases. This abuses
+ the userlist_matches_filter() and hostlist_matches_filter()
+ functions. A better approach would be to call the correct function
+ from user_matches() and host_matches().
+ [0ae5f351b09f]
+
* MANIFEST, examples/sudoers, plugins/sudoers/Makefile.in,
plugins/sudoers/regress/cvtsudoers/sudoers,
plugins/sudoers/regress/cvtsudoers/sudoers.defs,
@@ -3435,13 +3819,6 @@
cvtsudoers regress tests
[72fd218b5036]
- * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c:
- Prune alias contents when pruning and expanding aliases. This abuses
- the userlist_matches_filter() and hostlist_matches_filter()
- functions. A better approach would be to call the correct function
- from user_matches() and host_matches().
- [0ae5f351b09f]
-
2018-04-14 Todd C. Miller <Todd.Miller@sudo.ws>
* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
@@ -3840,25 +4217,6 @@
Kill dead store found by clang-analyzer.
[af2021d3d396]
-2018-03-02 Todd C. Miller <Todd.Miller@sudo.ws>
-
- * MANIFEST, plugins/sudoers/Makefile.in,
- plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok,
- plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok:
- Add tests for round-tripping sudoers -> ldif -> sudoers
- [72e3e73fb612]
-
-2018-03-04 Todd C. Miller <Todd.Miller@sudo.ws>
-
* plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
plugins/sudoers/gram.c, plugins/sudoers/gram.y,
@@ -3878,6 +4236,10 @@
Special case comment lines in lbufs.
[10d6d229ffae]
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Handle escaped commas when skipping over the cn.
+ [61aed7ff5e1c]
+
2018-03-03 Todd C. Miller <Todd.Miller@sudo.ws>
* plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c,
@@ -3885,14 +4247,23 @@
When formatting as sudoers, flush the lbuf after each userspec.
[060266dd440c]
-2018-03-04 Todd C. Miller <Todd.Miller@sudo.ws>
-
- * plugins/sudoers/cvtsudoers_ldif.c:
- Handle escaped commas when skipping over the cn.
- [61aed7ff5e1c]
-
2018-03-02 Todd C. Miller <Todd.Miller@sudo.ws>
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok:
+ Add tests for round-tripping sudoers -> ldif -> sudoers
+ [72e3e73fb612]
+
* plugins/sudoers/cvtsudoers_ldif.c:
Add missing sudoOrder support to parse_ldif().
[8c5e9f22f0da]
@@ -4550,6 +4921,30 @@
2018-01-15 Todd C. Miller <Todd.Miller@sudo.ws>
+ * .hgtags:
+ Added tag SUDO_1_8_22 for changeset 39b58e206a15
+ [bada7b6981ef] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, lib/util/Makefile.in, lib/util/event.c,
+ lib/util/getgrouplist.c, mkpkg, plugins/group_file/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/redblack.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/exec_pty.c, src/load_plugins.c, src/parse_args.c, src/sudo.c,
+ src/ttyname.c:
+ merge sudo 1.8.22 from tip
+ [39b58e206a15] [SUDO_1_8_22] <1.8>
+
* plugins/sudoers/tsdump.c:
treat uid as unsigned in error message
[2672d4ca3479]
@@ -5038,12 +5433,6 @@
SIGTTIN or SIGTTOU (which it currently is not).
[ba6885b57891]
-2017-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
- Better describe things when a command is run in a pty.
- [0f34fc342ab5]
-
2017-11-29 Todd C. Miller <Todd.Miller@sudo.ws>
* src/exec_monitor.c, src/signal.c:
@@ -5051,14 +5440,6 @@
[bf33574bc603]
* src/exec_pty.c:
- Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the
- tty. We can't use a signal event for these since that would restart
- the system call after the signal was handled and the callback would
- not get a chance to run. Fixes running a command in the background
- that write to the tty when the TOSTOP terminal flag is set.
- [5ac68f05249a]
-
- * src/exec_pty.c:
We don't need to be the foreground process to be able to write to
the terminal in most cases. If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
@@ -5066,6 +5447,14 @@
TOSTOP local flag set.
[3fc25570d482]
+ * src/exec_pty.c:
+ Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the
+ tty. We can't use a signal event for these since that would restart
+ the system call after the signal was handled and the callback would
+ not get a chance to run. Fixes running a command in the background
+ that write to the tty when the TOSTOP terminal flag is set.
+ [5ac68f05249a]
+
2017-11-28 Todd C. Miller <Todd.Miller@sudo.ws>
* plugins/sudoers/sssd.c:
@@ -5096,6 +5485,12 @@
Add missing initprogname() calls.
[ad4f8d236d89]
+2017-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Better describe things when a command is run in a pty.
+ [0f34fc342ab5]
+
2017-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/ldap.c:
@@ -5238,6 +5633,14 @@
2017-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_21p2 for changeset a37c61a2a2c2
+ [33ce7afbd0b1] <1.8>
+
+ * NEWS, configure, configure.ac, lib/util/event.c:
+ merge sudo 1.8.21p2 from tip
+ [a37c61a2a2c2] [SUDO_1_8_21p2] <1.8>
+
* NEWS, configure, configure.ac:
sudo 1.8.21p2
[94d18888e7c4]
@@ -5269,6 +5672,15 @@
2017-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_21p1 for changeset 5c53ead6e4af
+ [60a25b72a535] <1.8>
+
+ * NEWS, configure, configure.ac, doc/sudo.cat, doc/sudo.man.in,
+ doc/visudo.cat, mkpkg, plugins/sudoers/check.c:
+ merge sudo 1.8.21p1 from tip
+ [5c53ead6e4af] [SUDO_1_8_21p1] <1.8>
+
* NEWS, configure, configure.ac:
Sudo 1.8.21p1
[7e6bf56cb06c]
@@ -5331,6 +5743,24 @@
2017-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_21 for changeset 6cf677ec7646
+ [24199e596a57] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, lib/util/Makefile.in, lib/util/event.c,
+ mkpkg, plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/exec_pty.c, src/parse_args.c, src/sudo.c, src/ttyname.c:
+ merge sudo 1.8.21 from tip
+ [6cf677ec7646] [SUDO_1_8_21] <1.8>
+
* sudo.pp:
Fix path to LICENSE and NEWS files that get used in the installer.
Previously, the installed versions were used instead of the ones in
@@ -5599,22 +6029,22 @@
2017-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
- Log window size change events in the sudoers I/O plugin. Let
- sudoreplay parse a timing file with window change events (currently
- ignored).
- [a67f4627dfa7]
+ * lib/util/term.c:
+ Clear input, output, control and local flags before copying them
+ from the source terminal. Otherwise, flags that are disabled in the
+ source terminal may still be enabled in the destination.
+ [ead41242b820]
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c:
Pass window size change events to the plugin.
[529b5c9d16a4]
- * lib/util/term.c:
- Clear input, output, control and local flags before copying them
- from the source terminal. Otherwise, flags that are disabled in the
- source terminal may still be enabled in the destination.
- [ead41242b820]
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Log window size change events in the sudoers I/O plugin. Let
+ sudoreplay parse a timing file with window change events (currently
+ ignored).
+ [a67f4627dfa7]
* Makefile.in, doc/Makefile.in, examples/Makefile.in,
include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
@@ -5633,13 +6063,6 @@
consistent with policy_open().
[519abb3c09d0]
-2017-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * lib/util/event.c:
- Move the bits to fill in the new event base to sudo_ev_base_init(),
- which is not currently exported.
- [9be46693bed1]
-
2017-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
* config.h.in, configure, configure.ac, lib/util/mktemp.c:
@@ -5729,11 +6152,32 @@
devsearch is ignored on BSD, macOS and Solaris
[b041a1d64eda]
+2017-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/event.c:
+ Move the bits to fill in the new event base to sudo_ev_base_init(),
+ which is not currently exported.
+ [9be46693bed1]
+
2017-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS:
+ * .hgtags:
+ Added tag SUDO_1_8_20p2 for changeset 47836f4c9834
+ [20d3e47ba46c] <1.8>
+
+ * src/ttyname.c:
+ A command name may also contain newline characters so read
+ /proc/self/stat until EOF. It is not legal for /proc/self/stat to
+ contain embedded NUL bytes so treat the file as corrupt if we see
+ any. With help from Qualys.
+
+ This is not exploitable due to the /dev traversal changes in sudo
+ 1.8.20p1 (thanks Solar!).
+ [15a46f4007dd] <1.8>
+
+ * NEWS, configure, configure.ac:
Sudo 1.8.20p2
- [39f199a38383]
+ [47836f4c9834] [SUDO_1_8_20p2] <1.8>
* src/ttyname.c:
A command name may also contain newline characters so read
@@ -5745,12 +6189,21 @@
1.8.20p1 (thanks Solar!).
[9ad60fe663e5]
+ * NEWS:
+ Sudo 1.8.20p2
+ [39f199a38383]
+
2017-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
* src/ttyname.c:
Use /proc/self consistently on Linux. As far as I know, only AIX
doesn't support /proc/self.
- [ef737b5d4ed8]
+ [6f3d9816541b] <1.8>
+
+ * src/selinux.c:
+ After opening a tty device, fstat() and error out if it is not a
+ character device.
+ [e03cfa98f2b6]
* INSTALL, configure, configure.ac, doc/sudo.conf.cat,
doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h,
@@ -5761,13 +6214,21 @@
The default value can be set at configure time.
[7ab1be502dc3]
- * src/selinux.c:
- After opening a tty device, fstat() and error out if it is not a
- character device.
- [e03cfa98f2b6]
+ * src/ttyname.c:
+ Use /proc/self consistently on Linux. As far as I know, only AIX
+ doesn't support /proc/self.
+ [ef737b5d4ed8]
2017-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_20p1 for changeset 94d010e2bb50
+ [98ef2ef47aba] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.20p1
+ [94d010e2bb50] [SUDO_1_8_20p1] <1.8>
+
* NEWS, configure:
Sudo 1.8.20p1
[c34da84ae8e4]
@@ -5782,6 +6243,18 @@
Also stop performing a breadth-first traversal of /dev when looking
for the device. Only the directories specified in search_devs[] are
checked.
+ [d5dd22356194] <1.8>
+
+ * src/ttyname.c:
+ Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
+ the process name contains spaces. Since the user has control over
+ the command name this could be used by a user with sudo access to
+ overwrite an arbitrary file. Thanks to Qualys for investigating and
+ reporting this bug.
+
+ Also stop performing a breadth-first traversal of /dev when looking
+ for the device. Only the directories specified in search_devs[] are
+ checked.
[b5460cbbb11b]
2017-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -5842,20 +6315,6 @@
2017-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c:
- Avoid a clang analyzer false positive.
- [9f4f915a2e28]
-
- * Makefile.in:
- Add cov-build and cov-submit targets for checking with coverity.
- [bf88b4439c7b]
-
- * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
- plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c,
- plugins/sudoers/visudo.c:
- Use debug logging instead of ignore_result() where possible.
- [9c9fde5b52cc]
-
* config.h.in, configure, configure.ac, include/sudo_compat.h,
lib/util/term.c, plugins/sudoers/auth/bsdauth.c,
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoreplay.c,
@@ -5865,31 +6324,38 @@
Remove use of non-standard sigaction_t
[81a57af4c7a9]
- * include/sudo_compat.h, plugins/sudoers/timestamp.c,
- src/tcsetpgrp_nobg.c, src/tgetpass.c:
- Remove use of the non-standard SA_INTERRUPT
- [3ec05ffb0dcb]
+ * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c:
+ Use debug logging instead of ignore_result() where possible.
+ [9c9fde5b52cc]
- * configure, configure.ac:
- sudo 1.8.21
- [76aa5455903e]
+ * Makefile.in:
+ Add cov-build and cov-submit targets for checking with coverity.
+ [bf88b4439c7b]
- * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
- plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
- plugins/sudoers/env_pattern.c,
- plugins/sudoers/regress/env_match/check_env_pattern.c,
- plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h:
- Add support for multiple '*' in env_keep, env_check and env_delete
- entries.
- [b55270a8ecc4]
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c:
+ Avoid a clang analyzer false positive.
+ [9f4f915a2e28]
- * src/signal.c:
- Add SIGCHLD to the list of signals we install sudo_handler() for.
- Otherwise, it is possible for the command to exit before the SIGCHLD
- handler is installed. POSIX says that signals that are ignored by
- default are still ignored even if the signal mask would block them.
- We need to have a handler installed for SIGCHLD before the fork().
- [a26f04459c37]
+ * plugins/sudoers/sudoreplay.c:
+ Restore the error message for sudo_ev_add() failure.
+ [267305606577]
+
+ * include/sudo_event.h, lib/util/event.c:
+ Add support for signal events in sudo's event subsystem
+ [0d48fab2dec8]
+
+ * include/sudo_event.h, lib/util/event.c:
+ Handle the possibility of the siginfo parameter in sa_sigaction
+ handler being NULL.
+ [0835ca553426]
+
+ * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
+ src/signal.c, src/sudo.h, src/sudo_exec.h:
+ Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the
+ signal_pipe explicitly.
+ [841e2ca6a4a6]
* lib/util/event.c:
Activate the sigevents inside the signal pipe callback itself and
@@ -5899,24 +6365,31 @@
next one.
[d94e202b8e57]
- * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
- src/signal.c, src/sudo.h, src/sudo_exec.h:
- Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the
- signal_pipe explicitly.
- [841e2ca6a4a6]
+ * src/signal.c:
+ Add SIGCHLD to the list of signals we install sudo_handler() for.
+ Otherwise, it is possible for the command to exit before the SIGCHLD
+ handler is installed. POSIX says that signals that are ignored by
+ default are still ignored even if the signal mask would block them.
+ We need to have a handler installed for SIGCHLD before the fork().
+ [a26f04459c37]
- * include/sudo_event.h, lib/util/event.c:
- Handle the possibility of the siginfo parameter in sa_sigaction
- handler being NULL.
- [0835ca553426]
+ * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/env_pattern.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h:
+ Add support for multiple '*' in env_keep, env_check and env_delete
+ entries.
+ [b55270a8ecc4]
- * include/sudo_event.h, lib/util/event.c:
- Add support for signal events in sudo's event subsystem
- [0d48fab2dec8]
+ * configure, configure.ac:
+ sudo 1.8.21
+ [76aa5455903e]
- * plugins/sudoers/sudoreplay.c:
- Restore the error message for sudo_ev_add() failure.
- [267305606577]
+ * include/sudo_compat.h, plugins/sudoers/timestamp.c,
+ src/tcsetpgrp_nobg.c, src/tgetpass.c:
+ Remove use of the non-standard SA_INTERRUPT
+ [3ec05ffb0dcb]
* include/sudo_queue.h:
Add workaround for clang static analyzer being confused by
@@ -5927,10 +6400,32 @@
* plugins/sudoers/Makefile.in:
Fix "make check" when openssl or gcrypt is used. Bug #787
+ [fd76c0bd8b80] <1.8>
+
+ * plugins/sudoers/Makefile.in:
+ Fix "make check" when openssl or gcrypt is used. Bug #787
[7968686742e2]
2017-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_20 for changeset 6e9347749620
+ [33d429b11974] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/visudo.cat, doc/visudo.man.in, lib/util/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/exec_pty.c, src/parse_args.c, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.20 from tip
+ [6e9347749620] [SUDO_1_8_20] <1.8>
+
* plugins/sudoers/sudoreplay.c:
Only display string version of errno if sudo_ev_add() fails for now
[24244a02c93f]
@@ -6359,6 +6854,11 @@
error.
[bb12cfce16fd]
+ * plugins/sudoers/sssd.c:
+ zero out nss->handle after it has been freed to make sure we cannot
+ free it twice
+ [00d5340b7541]
+
2017-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
@@ -6368,15 +6868,6 @@
directory.
[7a4a10cafe08]
-2017-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/sssd.c:
- zero out nss->handle after it has been freed to make sure we cannot
- free it twice
- [00d5340b7541]
-
-2017-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
-
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
@@ -6527,18 +7018,6 @@
2017-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
- plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c:
- Add support for using the message digest functions in libgcrypt
- instead of sudo's own SHA2 implementation.
- [0259467c38dd]
-
- * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
- plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c:
- Add support for using the message digest functions in OpenSSL
- instead of sudo's own SHA2 implementation.
- [d77639c97e43]
-
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c,
plugins/sudoers/filedigest.c, plugins/sudoers/ldap.c,
plugins/sudoers/match.c, plugins/sudoers/parse.h,
@@ -6549,6 +7028,18 @@
(string) and use it.
[9213d8c94b8f]
+ * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c:
+ Add support for using the message digest functions in OpenSSL
+ instead of sudo's own SHA2 implementation.
+ [d77639c97e43]
+
+ * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c:
+ Add support for using the message digest functions in libgcrypt
+ instead of sudo's own SHA2 implementation.
+ [0259467c38dd]
+
* plugins/sudoers/gmtoff.c:
Check for gmtime() or localtime() returning NULL and just use a zero
offset in that case. Should not be possible.
@@ -6626,33 +7117,13 @@
regen
[46a124dd72aa]
- * plugins/sudoers/Makefile.in:
- Only inhibit ASAN leak detector for tests that result in a parse
- error. The parser cannot currently clean up completely on error.
- [b2f82dcd2545]
-
- * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
- Plug some memory leaks found by ASAN.
- [08189098a5b6]
-
- * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
- List SELinux role/type for "sudo -l" with LDAP and SSSd backends.
- Also fix printing of the timeout.
- [740723a49ab5]
-
- * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
- Only inherit SELinux role/type and Solaris privilege sets if the
- command does not include any. Previously, a command with only a role
- would inherit a type from the previous command which is not what was
- intended.
- [171a3ad972e7]
-
- * doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in,
- doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
plugins/sudoers/gram.y, plugins/sudoers/parse.h:
- Split out tags again so they must precede the command and not allow
- them to be mixed in with options.
- [e7e7d60316cc]
+ Merge command tags, SELinux type/role and Solaris privs settings
+ into "command options". This relaxes the order of things so tags and
+ other options can be interspersed.
+ [0970fd78cbe8]
* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
@@ -6677,13 +7148,33 @@
command will be terminated.
[a36a748e9324]
- * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
- plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ * doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h,
plugins/sudoers/gram.y, plugins/sudoers/parse.h:
- Merge command tags, SELinux type/role and Solaris privs settings
- into "command options". This relaxes the order of things so tags and
- other options can be interspersed.
- [0970fd78cbe8]
+ Split out tags again so they must precede the command and not allow
+ them to be mixed in with options.
+ [e7e7d60316cc]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Only inherit SELinux role/type and Solaris privilege sets if the
+ command does not include any. Previously, a command with only a role
+ would inherit a type from the previous command which is not what was
+ intended.
+ [171a3ad972e7]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ List SELinux role/type for "sudo -l" with LDAP and SSSd backends.
+ Also fix printing of the timeout.
+ [740723a49ab5]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Plug some memory leaks found by ASAN.
+ [08189098a5b6]
+
+ * plugins/sudoers/Makefile.in:
+ Only inhibit ASAN leak detector for tests that result in a parse
+ error. The parser cannot currently clean up completely on error.
+ [b2f82dcd2545]
* plugins/sudoers/rcstr.c:
supress cppcheck memory leak false positive
@@ -6856,6 +7347,17 @@
2017-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_19p2 for changeset fb029d0665cd
+ [9334c7cef133] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac, lib/util/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
+ src/sudo.c:
+ merge sudo 1.8.19p2 from tip
+ [fb029d0665cd] [SUDO_1_8_19p2] <1.8>
+
* configure, configure.ac:
Define HAVE_NANOSLEEP if we find nanosleep in librt
[ec8d949bf411]
@@ -6928,6 +7430,14 @@
2016-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_19p1 for changeset a5ec3e40ef02
+ [c2b75b22696b] <1.8>
+
+ * NEWS, configure, configure.ac:
+ merge sudo 1.8.19p1 from tip
+ [a5ec3e40ef02] [SUDO_1_8_19p1] <1.8>
+
* NEWS, configure, configure.ac:
sudo 1.8.19p1
[7bfd43fa5caf]
@@ -6953,6 +7463,26 @@
2016-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_19 for changeset d3677b10ea55
+ [9c8110b69af0] <1.8>
+
+ * INSTALL, NEWS, config.h.in, configure, configure.ac, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, lib/util/Makefile.in, mkpkg,
+ plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/aixcrypt.exp, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/sudo.c:
+ merge sudo 1.8.19 from tip
+ [d3677b10ea55] [SUDO_1_8_19] <1.8>
+
* include/sudo_compat.h:
HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2
is, we need to check its value, not whether it is defined.
@@ -7309,8 +7839,18 @@
Add checks for sudoers_locale early Defaults
[582c08c9418c]
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Add the argument vector allocated for -s and -i mode to the garbage
+ collector list. Avoids an ASAN warning on exit when the -s or -i
+ flags are used.
+ [652691a5216b]
+
2016-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/iolog.c:
+ add missing sudo_pw_delref/sudo_gr_delref to plug memory leak
+ [c4ba4c26e0c1]
+
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
plugins/sudoers/gram.c, plugins/sudoers/gram.y,
plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
@@ -7323,20 +7863,6 @@
defaults like sudoers_locale.
[ff1328a86b97]
-2016-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * src/parse_args.c, src/sudo.c, src/sudo.h:
- Add the argument vector allocated for -s and -i mode to the garbage
- collector list. Avoids an ASAN warning on exit when the -s or -i
- flags are used.
- [652691a5216b]
-
-2016-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/iolog.c:
- add missing sudo_pw_delref/sudo_gr_delref to plug memory leak
- [c4ba4c26e0c1]
-
* mkpkg:
Use expr instead of POSIX sh numerical expression to avoid a syntax
error on older shells.
@@ -7681,6 +8207,15 @@
2016-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_18p1 for changeset b84bd5ed47ec
+ [abda86e3b777] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ merge sudo 1.8.18p1 from trunk
+ [b84bd5ed47ec] [SUDO_1_8_18p1] <1.8>
+
* src/sudo_noexec.c:
Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on
AIX 5.1 at least.
@@ -7733,8 +8268,29 @@
Clean .json files created by "make check"
[d214117fbda1]
+2016-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_8_18 for changeset 00cf83739608
+ [a1ff38bb3cd1] <1.8>
+
2016-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS, configure, configure.ac, doc/CONTRIBUTORS, doc/sudo.cat,
+ doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/visudo.cat, lib/util/Makefile.in, lib/util/getgrouplist.c,
+ mkpkg, plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.18 from trunk
+ [00cf83739608] [SUDO_1_8_18] <1.8>
+
* po/ca.mo, po/da.mo, po/eo.mo, po/es.mo, po/eu.mo, po/fi.mo,
po/gl.mo, po/hr.mo, po/hu.mo, po/ko.mo, po/nl.mo, po/ru.mo,
po/sk.mo, po/sl.mo, po/sr.mo, po/tr.mo:
@@ -8624,6 +9180,14 @@
Update copyright year.
[638c964e44fd]
+ * .hgtags:
+ Added tag SUDO_1_8_17p1 for changeset a4487f2a59d2
+ [55a6f49366e7] <1.8>
+
+ * NEWS, configure, configure.ac, src/sudo.c:
+ merge sudo 1.8.17p1 from trunk.
+ [a4487f2a59d2] [SUDO_1_8_17p1] <1.8>
+
* NEWS, configure, configure.ac:
Sudo 1.8.17p1
[bc30a172370c]
@@ -8633,6 +9197,27 @@
policy_init_session(). Bug #749
[3bf16489800c]
+2016-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_8_17 for changeset ce03d9647415
+ [700e92e0beec] <1.8>
+
+ * INSTALL, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, lib/util/Makefile.in,
+ lib/util/event.c, plugins/group_file/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/sudo.c:
+ merge sudo 1.8.17 from trunk.
+ [ce03d9647415] [SUDO_1_8_17] <1.8>
+
2016-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
@@ -9463,6 +10048,25 @@
The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).
[d3afd5bd550f]
+ * .hgtags:
+ Added tag SUDO_1_8_16 for changeset 6b4fbb23d67b
+ [8407163d6832] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, README, config.h.in, configure,
+ configure.ac, doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, lib/util/getgrouplist.c, mkpkg,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/exec_pty.c, src/load_plugins.c, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.16 from trunk.
+ [6b4fbb23d67b] [SUDO_1_8_16] <1.8>
+
2016-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/policy.c:
@@ -9904,24 +10508,6 @@
2016-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/ldap.c:
- In sudo_netgroup_lookup() only build up the search filter once
- instead of once per netgroup_base.
- [a03440237078]
-
- * plugins/sudoers/ldap.c:
- It is safe to pass ldap_msgfree() a NULL pointer.
- [abc2eaddbf83]
-
- * plugins/sudoers/ldap.c:
- On overflow, warn before freeing anything.
- [2e3bcfa4a8f9]
-
- * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
- Use user_runhost and user_srunhost instead of user_host and
- user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd.
- [e1abfdc82242]
-
* plugins/sudoers/match.c:
Silence warning in digest_matches() on systems with no fexecve(2).
[0cd3cc8fa195]
@@ -9941,6 +10527,24 @@
sudo_edit_openat_nofollow() for systems without O_NOFOLLOW.
[574e4a840879]
+ * plugins/sudoers/ldap.c:
+ In sudo_netgroup_lookup() only build up the search filter once
+ instead of once per netgroup_base.
+ [a03440237078]
+
+ * plugins/sudoers/ldap.c:
+ It is safe to pass ldap_msgfree() a NULL pointer.
+ [abc2eaddbf83]
+
+ * plugins/sudoers/ldap.c:
+ On overflow, warn before freeing anything.
+ [2e3bcfa4a8f9]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Use user_runhost and user_srunhost instead of user_host and
+ user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd.
+ [e1abfdc82242]
+
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
Update description of sudoedit_checkdir. Reported by Sander Bos.
[ee44e7255096]
@@ -10143,6 +10747,26 @@
2015-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_15 for changeset d9c51e8ccba3
+ [96337794a571] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac, doc/CONTRIBUTORS,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/visudo.cat, include/compat/timespec.h, lib/util/Makefile.in,
+ mkpkg, plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in,
+ src/exec_pty.c, src/sudo.c:
+ Merge sudo 1.8.15 from trunk
+ [d9c51e8ccba3] [SUDO_1_8_15] <1.8>
+
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo,
po/da.po:
sync with translationproject.org
@@ -10566,63 +11190,6 @@
2015-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/check.c:
- Avoid touching the time stamp directory for "sudo -k command"
- [391d20c17775]
-
- * plugins/sudoers/timestamp.c:
- Bring back the check for time stamp files that predate the boot
- time. Instead of truncating we now unlink the file since another
- process may be sleeping on the lock.
- [9cdf7468d0f2]
-
- * config.h.in, configure, configure.ac, plugins/sudoers/iolog.c,
- plugins/sudoers/timestamp.c:
- Use pread(2) and pwrite(2) where possible.
- [86cd3f6bab9e]
-
- * src/exec_pty.c:
- sudo_term_* already restart themselve for all but SIGTTOU so we
- don't need to use our own restart loops.
- [113924cd05c0]
-
- * lib/util/locking.c:
- Set errno to EINVAL if sudo_lock_* is called with a bad type.
- [cfba014f1c1a]
-
- * plugins/sudoers/timestamp.c:
- Adjust new locking to work when tty_tickets is disabled. We need to
- use per-tty/ppid locking to gain exclusive access to the tty for the
- password prompt but use a separate (short term) lock that is shared
- among all sudo processes for the user.
- [d6d7a0bb6bd0]
-
- * plugins/sudoers/timestamp.c:
- Allow the time stamp lock to be interrupted by signals.
- [aa5017f86210]
-
- * lib/util/term.c, plugins/sudoers/check.c,
- plugins/sudoers/sudoreplay.c, src/tgetpass.c:
- Implement suspend/resume callbacks for the conversation function. If
- suspended, close the timestamp file (dropping all locks). On resume,
- lock the record before reading the password.
-
- For this to work properly we need to be able to run th callback when
- tsetattr() suspends us, not just when the user does. To accomplish
- this the term_* functions now return EINTR if SIGTTOU would be
- generated. The caller now has to restart the term_* function (and
- send itself SIGTTOU) instead of it being done automatically.
- [572374035897]
-
- * config.h.in, configure, configure.ac, include/sudo_util.h,
- lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c,
- plugins/sudoers/check.h, plugins/sudoers/policy.c,
- plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
- Lock individual records in the timestamp file instead of the entire
- file. This will make it possible for multiple sudo processes using
- the same tty to serialize their timestamp lookups.
- [f4ad82e36d90]
-
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
doc/sudo_plugin.mdoc.in, include/sudo_fatal.h,
include/sudo_plugin.h, lib/util/fatal.c, plugins/sudoers/auth/afs.c,
@@ -10641,6 +11208,63 @@
the conversation function.
[5608cb4c18f2]
+ * config.h.in, configure, configure.ac, include/sudo_util.h,
+ lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
+ Lock individual records in the timestamp file instead of the entire
+ file. This will make it possible for multiple sudo processes using
+ the same tty to serialize their timestamp lookups.
+ [f4ad82e36d90]
+
+ * lib/util/term.c, plugins/sudoers/check.c,
+ plugins/sudoers/sudoreplay.c, src/tgetpass.c:
+ Implement suspend/resume callbacks for the conversation function. If
+ suspended, close the timestamp file (dropping all locks). On resume,
+ lock the record before reading the password.
+
+ For this to work properly we need to be able to run th callback when
+ tsetattr() suspends us, not just when the user does. To accomplish
+ this the term_* functions now return EINTR if SIGTTOU would be
+ generated. The caller now has to restart the term_* function (and
+ send itself SIGTTOU) instead of it being done automatically.
+ [572374035897]
+
+ * plugins/sudoers/timestamp.c:
+ Allow the time stamp lock to be interrupted by signals.
+ [aa5017f86210]
+
+ * plugins/sudoers/timestamp.c:
+ Adjust new locking to work when tty_tickets is disabled. We need to
+ use per-tty/ppid locking to gain exclusive access to the tty for the
+ password prompt but use a separate (short term) lock that is shared
+ among all sudo processes for the user.
+ [d6d7a0bb6bd0]
+
+ * lib/util/locking.c:
+ Set errno to EINVAL if sudo_lock_* is called with a bad type.
+ [cfba014f1c1a]
+
+ * src/exec_pty.c:
+ sudo_term_* already restart themselve for all but SIGTTOU so we
+ don't need to use our own restart loops.
+ [113924cd05c0]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/iolog.c,
+ plugins/sudoers/timestamp.c:
+ Use pread(2) and pwrite(2) where possible.
+ [86cd3f6bab9e]
+
+ * plugins/sudoers/timestamp.c:
+ Bring back the check for time stamp files that predate the boot
+ time. Instead of truncating we now unlink the file since another
+ process may be sleeping on the lock.
+ [9cdf7468d0f2]
+
+ * plugins/sudoers/check.c:
+ Avoid touching the time stamp directory for "sudo -k command"
+ [391d20c17775]
+
2015-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
@@ -10750,6 +11374,10 @@
2015-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * MANIFEST:
+ add .json regress files to MANIFEST
+ [03ddb3a9671b]
+
* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
regen
[5abaa0eeab86]
@@ -10785,10 +11413,6 @@
Sudo 1.8.15
[bf18da363b06]
- * MANIFEST:
- add .json regress files to MANIFEST
- [03ddb3a9671b]
-
* plugins/sudoers/Makefile.in,
plugins/sudoers/regress/sudoers/test1.json.ok,
plugins/sudoers/regress/sudoers/test10.json.ok,
@@ -10838,12 +11462,6 @@
Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. Bug #710
[428421925a20]
-2015-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * doc/CONTRIBUTORS:
- Add Jakub Wilk
- [78bfdf2e441b]
-
2015-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
* doc/CONTRIBUTORS, src/Makefile.in:
@@ -10857,6 +11475,14 @@
Replace two "return 0" with debug_return_bool(false).
[49f8fb3dcd36]
+ * .hgtags:
+ Added tag SUDO_1_8_14p3 for changeset 7af6d4b9a71c
+ [cb3d85741f49] <1.8>
+
+ * NEWS, configure, configure.ac, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.14p3 from trunk.
+ [7af6d4b9a71c] [SUDO_1_8_14p3] <1.8>
+
* src/ttyname.c:
fix typo in previous commit
[094488696f2c]
@@ -10895,6 +11521,14 @@
2015-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_14p1 for changeset 3eb9763706b2
+ [fd224b6f682a] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Merge sudo 1.8.14p1 from trunk.
+ [3eb9763706b2] [SUDO_1_8_14p1] <1.8>
+
* NEWS, configure, configure.ac:
Sudo 1.8.14p1
[973705806759]
@@ -10906,6 +11540,31 @@
2015-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_14 for changeset f93a3f006a69
+ [1a267258d4b2] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, include/sudo_alloc.h, lib/util/Makefile.in,
+ lib/util/alloc.c, lib/util/event.c, lib/util/getgrouplist.c,
+ lib/util/locale_weak.c, m4/ax_sys_weak_alias.m4, mkpkg,
+ plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/locale_stub.c, src/parse_args.c, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.14 from trunk.
+ [f93a3f006a69] [SUDO_1_8_14] <1.8>
+
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/uk.mo,
plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
rebuild
@@ -11016,6 +11675,10 @@
/var/lib for timestamp files.
[0f4c49a3768e]
+ * doc/CONTRIBUTORS:
+ Add Jakub Wilk
+ [78bfdf2e441b]
+
* plugins/sudoers/boottime.c:
Strip newline from /proc/stat btime line to avoid a strtonum()
failure. From Jakub Wilk.
@@ -11219,12 +11882,6 @@
2015-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
- plugins/sudoers/sudoers.h:
- Return -1, not 0 from sudoers when there is an error (as opposed to
- a policy denial).
- [5d197fe29e0e]
-
* plugins/sudoers/check.c, plugins/sudoers/check.h,
plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
plugins/sudoers/parse.c, plugins/sudoers/policy.c,
@@ -11234,6 +11891,12 @@
value back up the call stack.
[c9beeed2b614]
+ * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Return -1, not 0 from sudoers when there is an error (as opposed to
+ a policy denial).
+ [5d197fe29e0e]
+
* doc/CONTRIBUTORS:
Add Joel Pelaez Jorge
[55387b44d6e9]
@@ -11265,6 +11928,11 @@
Use our own bitmap macros instead of borrowing the ones from select.
[51ef403511d9]
+ * lib/util/sudo_debug.c:
+ Must call round_nfds() with fd+1 since it takes a count not the fd
+ number. In other words, the lowest value is 1, not 0.
+ [cc175cba5371]
+
* src/ttyname.c:
Quiet clang analyzer false positive.
[9ebecd6b6b29]
@@ -11274,11 +11942,6 @@
cannot be opened. At least one of these is a false positive.
[98b417c1307a]
- * lib/util/sudo_debug.c:
- Must call round_nfds() with fd+1 since it takes a count not the fd
- number. In other words, the lowest value is 1, not 0.
- [cc175cba5371]
-
2015-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
* lib/util/getline.c, plugins/sudoers/toke_util.c:
@@ -11463,11 +12126,6 @@
We require ANSI C so stop using the obsolete STDC_HEADERS.
[35a5a680e5fe]
- * config.h.in, configure, configure.ac:
- Add back _REENTRANT define on HP-UX to expose strtok_r on some
- versions. We may need to define it on other systems too.
- [12c36f12eed2]
-
* lib/util/getgrouplist.c, lib/util/regress/glob/globtest.c,
lib/util/sudo_debug.c, plugins/group_file/getgrent.c,
plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c,
@@ -11479,6 +12137,11 @@
Use strtok_r() instead of strtok()
[6b8e3c253dcf]
+ * config.h.in, configure, configure.ac:
+ Add back _REENTRANT define on HP-UX to expose strtok_r on some
+ versions. We may need to define it on other systems too.
+ [12c36f12eed2]
+
* configure, configure.ac:
Fix check for strnlen() when cross-compiling.
[e501c508891a]
@@ -11798,25 +12461,6 @@
operates on non-C strings (requires a length parameter).
[45fb50775249]
-2015-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/auth/sia.c:
- Use reallocarray() instead of sudo_emallocarray() and return an
- error on allocation failure.
- [fee12ac1e0c8]
-
- * plugins/sudoers/auth/kerb5.c:
- In our krb5_get_init_creds_opt_alloc() replacement use malloc()
- instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation
- failure. Only old versions of Kerberos V will need this.
- [95ac6c5b7b60]
-
- * lib/util/event.c, lib/util/event_select.c:
- Use non-exiting allocators.
- [91bbc657901d]
-
-2015-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
-
* lib/util/fatal.c:
Use a static buffer for sudo_warn/sudo_fatal messages where
possible.
@@ -11898,6 +12542,23 @@
warnings from splint.
[64fc04debc58]
+2015-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sia.c:
+ Use reallocarray() instead of sudo_emallocarray() and return an
+ error on allocation failure.
+ [fee12ac1e0c8]
+
+ * plugins/sudoers/auth/kerb5.c:
+ In our krb5_get_init_creds_opt_alloc() replacement use malloc()
+ instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation
+ failure. Only old versions of Kerberos V will need this.
+ [95ac6c5b7b60]
+
+ * lib/util/event.c, lib/util/event_select.c:
+ Use non-exiting allocators.
+ [91bbc657901d]
+
2015-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
* config.h.in, configure, configure.ac, src/sudo.c:
@@ -12093,17 +12754,17 @@
calls getenv() (jemalloc).
[441846664820]
- * src/sudo.c:
- Defer conversation initialization until right before plugins are
- initialized.
- [83db53d4945c]
-
* include/sudo_debug.h, src/sudo.c:
Split variable declaration out of debug_decl into debug_decl_vars()
so we can use it in main() when we know sudo_debug_enter() cannot
succeed.
[6931948a57f8]
+ * src/sudo.c:
+ Defer conversation initialization until right before plugins are
+ initialized.
+ [83db53d4945c]
+
2015-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
@@ -12188,6 +12849,11 @@
tmpfiles.d/sudo.conf in sudo.pp.
[930983f88927]
+ * sudo.pp:
+ Fix setting of pp_rpm_version when there is no patchlevel present.
+ Also tighten up the regexp for pp_rpm_release.
+ [d6a89aafd99d]
+
2015-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
* INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
@@ -12196,15 +12862,6 @@
DATAROOTDIR/examples/sudo on BSD systems.
[4c1271298712]
-2015-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * sudo.pp:
- Fix setting of pp_rpm_version when there is no patchlevel present.
- Also tighten up the regexp for pp_rpm_release.
- [d6a89aafd99d]
-
-2015-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
-
* src/Makefile.in, sudo.pp:
Install /usr/lib/tmpfiles.d/sudo.conf on systems with systemd but do
not package it. For packages we create /usr/lib/tmpfiles.d/sudo.conf
@@ -12240,6 +12897,23 @@
2015-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_13 for changeset 47c586301b01
+ [777dc5a17bf3] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/sudoers.cat, doc/sudoers.man.in, include/compat/utime.h,
+ lib/util/Makefile.in, lib/util/clock_gettime.c, lib/util/utimes.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, po/sudo.pot, src/Makefile.in, src/sudo.c:
+ Merge sudo 1.8.13 from trunk.
+ [47c586301b01] [SUDO_1_8_13] <1.8>
+
* NEWS:
Update for 1.8.13 final.
[4c03db3a740f]
@@ -12566,24 +13240,6 @@
behavior on a per-command (or Cmnd_Alias) basis.
[04f30a064c25]
-2015-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
- plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
- plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
- Add mail_all_cmnds to always mail when a user runs a command (or
- tries to) including sudoedit. The mail_always flag goes back to its
- old semantic of always mailing when sudo is run.
- [edc904502061]
-
-2015-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * lib/util/getline.c, plugins/group_file/getgrent.c,
- plugins/sudoers/regress/check_symbols/check_symbols.c,
- plugins/sudoers/sudoreplay.c, plugins/sudoers/tsgetgrpw.c:
- All modern systems should have LINE_MAX.
- [117322b6d86c]
-
* config.h.in, configure, configure.ac, include/sudo_compat.h,
lib/util/closefrom.c, lib/util/setgroups.c,
plugins/sudoers/pwutil_impl.c, src/sudo.c:
@@ -12594,6 +13250,12 @@
the HAVE_* defines are no longer used.
[c3058a6cca86]
+ * lib/util/getline.c, plugins/group_file/getgrent.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/tsgetgrpw.c:
+ All modern systems should have LINE_MAX.
+ [117322b6d86c]
+
* Makefile.in, sudo.pp:
Don't need to pass exampledir to polypkg now that it is just under
docdir.
@@ -12626,6 +13288,16 @@
used by sudo_compat.h. Bug #686
[0ab6450a96ec]
+2015-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
+ Add mail_all_cmnds to always mail when a user runs a command (or
+ tries to) including sudoedit. The mail_always flag goes back to its
+ old semantic of always mailing when sudo is run.
+ [edc904502061]
+
2015-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
@@ -12648,6 +13320,31 @@
Typo.
[b9257ea66116]
+ * .hgtags:
+ Added tag SUDO_1_8_12 for changeset 48fe8a3d7537
+ [effc92deaace] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, config.h.in, configure, configure.ac,
+ doc/CONTRIBUTORS, doc/sample.pam, doc/sample.sudo.conf,
+ doc/sample.sudoers, doc/sample.syslog.conf, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
+ doc/visudo.cat, doc/visudo.man.in, lib/util/Makefile.in,
+ lib/util/event.c, lib/util/sudo_printf.c,
+ plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.12 from trunk.
+ [48fe8a3d7537] [SUDO_1_8_12] <1.8>
+
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
Fix typos.
[ac1467f71ac0]
@@ -12711,17 +13408,17 @@
Don't assume argv[0] is set without first checking argc.
[aabdc9d0ba26]
+ * lib/util/progname.c:
+ Call setprogname("sudo") if getprogname() returns NULL or the empty
+ string.
+ [45438f7227b1]
+
* plugins/sudoers/set_perms.c:
Handle sudo_get_grlist() returning NULL which can happen if
getgrouplist() fails even after allocating the appropriate amount of
memory. From Stephane Chazelas
[25747a0ead7c]
- * lib/util/progname.c:
- Call setprogname("sudo") if getprogname() returns NULL or the empty
- string.
- [45438f7227b1]
-
* config.h.in, configure, configure.ac:
Remove configure checks for strrchr() and strtoll() for which the
HAVE_* defines are no longer used.
@@ -12733,17 +13430,17 @@
Require POSIX regular expression support for sudoreplay.
[1486747cd470]
- * plugins/sudoers/policy.c:
- The plugin no longer needs to call initprogname() now that it links
- with the same libsudo_util as sudo.
- [78b65a352ac5]
-
* config.h.in, configure, configure.ac, include/sudo_compat.h:
Check whether getdomainname(), innetgr(), setresuid() and
setresgid() are declared and add prototypes in sudo_compat.h as
needed.
[03aa144afce4]
+ * plugins/sudoers/policy.c:
+ The plugin no longer needs to call initprogname() now that it links
+ with the same libsudo_util as sudo.
+ [78b65a352ac5]
+
2015-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo.pp:
@@ -12751,16 +13448,6 @@
explicitly added to the package.
[ef1aa52b0aad]
-2015-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
- plugins/sudoers/logging.c:
- Don't send mail about pseudo-command failure unless it is an
- authentication failure.
- [deddcfc1f2ab]
-
-2015-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
-
* plugins/sudoers/po/da.mo, po/da.mo:
Sync with translationproject.org
[943986acd31c]
@@ -12826,6 +13513,12 @@
when not explicitly asking for c99.
[ae9435631600]
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/logging.c:
+ Don't send mail about pseudo-command failure unless it is an
+ authentication failure.
+ [deddcfc1f2ab]
+
* configure, configure.ac:
Fix check for SIZE_MAX, which should be in stdint.h not limits.h.
[47bf0ab7dfca]
@@ -13176,28 +13869,6 @@
Mention fix for bug #678
[7f7a6d8b985b]
-2014-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
- plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
- plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
- plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
- plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
- plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
- plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
- plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
- plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
- plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
- plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
- plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
- po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
- po/eo.po, po/fi.mo, po/fi.po, po/it.mo, po/it.po, po/nb.mo,
- po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo,
- po/ru.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
- po/zh_CN.po:
- Sync with translationproject.org
- [e51055fdffe1]
-
2014-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/sudoers.c:
@@ -13265,6 +13936,26 @@
We only build .lo (not .o) files for libsudo_util
[2c1e0475cddc]
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
+ po/eo.po, po/fi.mo, po/fi.po, po/it.mo, po/it.po, po/nb.mo,
+ po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo,
+ po/ru.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ Sync with translationproject.org
+ [e51055fdffe1]
+
2014-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
@@ -13278,6 +13969,17 @@
which case it could be ignored. Bug #676
[a4caaaaa47a8]
+2014-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, lib/util/mktemp.c:
+ Use arc4random() for mkstemp/mkdtemp if available. If not, try to
+ seed from /dev/urandom before falling back to the gettimeofday seed.
+ [7a7096ab82c9]
+
+ * lib/util/sudo_debug.c:
+ Use a static buffer for sudo_debug_execve2() if possible.
+ [abf1fd5891ab]
+
2014-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
@@ -13285,14 +13987,15 @@
Update to libtool 2.4.3 + HP-UX patches
[9ddfd96f3bea]
-2014-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+2014-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
- * config.h.in, configure, configure.ac, lib/util/mktemp.c:
- Use arc4random() for mkstemp/mkdtemp if available. If not, try to
- seed from /dev/urandom before falling back to the gettimeofday seed.
- [7a7096ab82c9]
+ * .hgtags, NEWS:
+ Added tag SUDO_1_8_11p2 for changeset caff4aedc61a
+ [88af2b52eb2b] <1.8>
-2014-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.11p2
+ [caff4aedc61a] [SUDO_1_8_11p2] <1.8>
* configure, configure.ac, include/sudo_compat.h, lib/util/mktemp.c:
If a system lacks mkdtemp() or mkstemps(), use our own mkdtemp() and
@@ -13300,13 +14003,12 @@
guts are the same we might as well use them.
[12d4ac64462f]
-2014-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * lib/util/sudo_debug.c:
- Use a static buffer for sudo_debug_execve2() if possible.
- [abf1fd5891ab]
-
-2014-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * src/env_hooks.c:
+ Mark the putenv(), setenv() and unsetenv() symbols as global, not
+ hidden. Fixes a mismatch where a plugin (or its loaded dso) would
+ call setenv() to set a variables but be unable to find it later with
+ getenv().
+ [a9dfcbac5793] <1.8>
* src/env_hooks.c:
Mark the putenv(), setenv() and unsetenv() symbols as global, not
@@ -13659,18 +14361,18 @@
plugin via one or more debug_flags settings.
[62fb1102e1e2]
- * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
- doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/load_plugins.c,
- src/sudo.c, src/sudo_plugin_int.h:
- Pass plugin path in the settings array.
- [45bc2d087115]
-
* src/parse_args.c, src/sudo.c, src/sudo.h:
Return settings from parse_args as struct sudo_settings and format
for the plugin at plugin open time. This will allow for additional,
plugin-specific settings to be added to the array.
[167929871b94]
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/load_plugins.c,
+ src/sudo.c, src/sudo_plugin_int.h:
+ Pass plugin path in the settings array.
+ [45bc2d087115]
+
* plugins/sudoers/parse.c:
Remove an unneeded NULL check to quiet a cppcheck warning.
[64cb92122658]
@@ -13711,10 +14413,26 @@
2014-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_11p1 for changeset 2e7de4fe0d9f
+ [011eb11b6865] <1.8>
+
+ * NEWS:
+ Remove change that is part of 1.8.12 not 1.8.11p1
+ [2e7de4fe0d9f] [SUDO_1_8_11p1] <1.8>
+
* NEWS:
Remove change that is part of 1.8.12 not 1.8.11p1
[8fdad4c4f314]
+ * configure:
+ regen
+ [8a869a3200e4] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.11p1
+ [78f40a47db17] <1.8>
+
* NEWS, configure, configure.ac:
Update for sudo 1.8.11p1
[80e9898f7c04]
@@ -13722,19 +14440,37 @@
* src/regress/ttyname/check_ttyname.c:
Only check stdin for the tty and avoid the check entirely if we
don't have a way to get the tty from the kernel. Bug #643
+ [b0ce2079c69d] <1.8>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Only check stdin for the tty and avoid the check entirely if we
+ don't have a way to get the tty from the kernel. Bug #643
[deb799e16416]
* lib/util/sudo_debug.c:
Make a copy of ap in sudo_debug_vprintf2() in case the static buffer
is not big enough and we need to call vasprintf().
+ [49f3b8cb67f4] <1.8>
+
+ * lib/util/sudo_debug.c:
+ Make a copy of ap in sudo_debug_vprintf2() in case the static buffer
+ is not big enough and we need to call vasprintf().
[a5d32b9d63be]
* src/sudo.c:
Avoid comparing new cwd with old one if getcwd() failed. Bug #670
+ [7c4f39105264] <1.8>
+
+ * src/sudo.c:
+ Avoid comparing new cwd with old one if getcwd() failed. Bug #670
[e99093578ca7]
* plugins/sudoers/env.c:
Fix debugging printout output for env_should_keep()
+ [c5a5fb78815f] <1.8>
+
+ * plugins/sudoers/env.c:
+ Fix debugging printout output for env_should_keep()
[a9e7ea4b6751]
2014-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -13742,6 +14478,11 @@
* Makefile.in, include/Makefile.in:
Use INSTALL_OWNER instead of -O/-G flags so we can work with the
autotools install-sh too. Bug #669
+ [d6a4d443e344] <1.8>
+
+ * Makefile.in, include/Makefile.in:
+ Use INSTALL_OWNER instead of -O/-G flags so we can work with the
+ autotools install-sh too. Bug #669
[a5f87f6a52b7]
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
@@ -13766,6 +14507,11 @@
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
Use correct names when referring to subsections in the sudoers
manual.
+ [4cad107af562] <1.8>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Use correct names when referring to subsections in the sudoers
+ manual.
[7a016916f0ab]
2014-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -13782,15 +14528,30 @@
Fix detection of functions in network libs like -lsocket, -lnsl and
-linet when we have already added those libs to NET_LIBS. Fixes a
problem where inet_pton() was not detected on Solaris.
+ [86c6f94a50ca] <1.8>
+
+ * configure, configure.ac:
+ Fix detection of functions in network libs like -lsocket, -lnsl and
+ -linet when we have already added those libs to NET_LIBS. Fixes a
+ problem where inet_pton() was not detected on Solaris.
[27e10183649e]
* NEWS:
Mention --disable-shared-libutil fix.
+ [4fa15658cd8f] <1.8>
+
+ * NEWS:
+ Mention --disable-shared-libutil fix.
[7efe70688237]
* src/Makefile.in:
Always use --tag=disable-static to avoid installing a static
sudo_noexec.
+ [cd7f959c2d62] <1.8>
+
+ * src/Makefile.in:
+ Always use --tag=disable-static to avoid installing a static
+ sudo_noexec.
[5d7d58879f99]
* configure, configure.ac, lib/util/Makefile.in,
@@ -13799,6 +14560,14 @@
just treat it as a convenience library. Do the same with sudoers for
--enable-static-sudoers. Fixes link errors on Solaris among others
when --disable-shared-libutil is used.
+ [e7915f1709b1] <1.8>
+
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Instead of building libutil statically for --disable-shared-libutil,
+ just treat it as a convenience library. Do the same with sudoers for
+ --enable-static-sudoers. Fixes link errors on Solaris among others
+ when --disable-shared-libutil is used.
[c5357fe78ab7]
* configure, configure.ac, lib/util/Makefile.in,
@@ -13806,11 +14575,23 @@
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the
compiler-specific option to restrict symbol exporting.
+ [20962abfcd11] <1.8>
+
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
+ Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the
+ compiler-specific option to restrict symbol exporting.
[09e8dab6f528]
* src/preload.c:
Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a
build issue on Solaris.
+ [8ce735daccaa] <1.8>
+
+ * src/preload.c:
+ Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a
+ build issue on Solaris.
[b8917967df41]
2014-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -13818,6 +14599,11 @@
* src/regress/ttyname/check_ttyname.c:
Fix cust & pasto in error message when there is a mismatch between
the sudo and libc ttys. From Diego Elio Petteno'. Bug #643
+ [ddef0124f123] <1.8>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix cust & pasto in error message when there is a mismatch between
+ the sudo and libc ttys. From Diego Elio Petteno'. Bug #643
[87d5f1a49535]
2014-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -13825,6 +14611,11 @@
* plugins/sudoers/env.c:
Add BASH_FUNC_* to environment blacklist for newer-style bash
functions.
+ [574014aafe1e] <1.8>
+
+ * plugins/sudoers/env.c:
+ Add BASH_FUNC_* to environment blacklist for newer-style bash
+ functions.
[b6e66c4a782e]
* Makefile.in:
@@ -13834,6 +14625,10 @@
* NEWS:
Add post-1.8.11 changes
+ [be93aa0aa75b] <1.8>
+
+ * NEWS:
+ Add post-1.8.11 changes
[11169ace8fa4]
* Makefile.in, configure.ac, plugins/sudoers/auth/pam.c,
@@ -13844,38 +14639,70 @@
* plugins/sudoers/auth/sudo_auth.c:
Simplify how we count the password tries
+ [517d8c550b7f] <1.8>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Simplify how we count the password tries
[71b9f2021561]
* plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c:
Block SIGINT and SIGQUIT while verifying passwords so that
authentication modules that use sleep() are not interrupted. If the
user interrupted authentication, exit the loop.
+ [524d95ac222e] <1.8>
+
+ * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c:
+ Block SIGINT and SIGQUIT while verifying passwords so that
+ authentication modules that use sleep() are not interrupted. If the
+ user interrupted authentication, exit the loop.
[1cfafd7fcb13]
* configure, configure.ac:
Remove Convex support; it is not modern enough to run sudo 1.8.
+ [f27e7ee66e82] <1.8>
+
+ * configure, configure.ac:
+ Remove Convex support; it is not modern enough to run sudo 1.8.
[c3bdfbb2ee11]
* configure, configure.ac:
Only check for -lshadow if we haven't already found getspnam() in
libc. Rather than treat this specially, just add -lshadow as another
place to search in addition to -lgen.
+ [34cc6e6e4e26] <1.8>
+
+ * configure, configure.ac:
+ Only check for -lshadow if we haven't already found getspnam() in
+ libc. Rather than treat this specially, just add -lshadow as another
+ place to search in addition to -lgen.
[fdf06757f25d]
2014-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/auth/sudo_auth.c:
If all authentication methods fail init/setup, fail with an error.
+ [3de36911e328] <1.8>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ If all authentication methods fail init/setup, fail with an error.
[4cd0481bf05e]
* plugins/sudoers/auth/sudo_auth.c:
Move pass_warn() so that it is defined before it is called().
+ [b149f3f68300] <1.8>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Move pass_warn() so that it is defined before it is called().
[6ea697e89fef]
2014-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
* pp:
Remove duplicate Requires: line in generated rpm spec file.
+ [8d1b260fa3b8] <1.8>
+
+ * pp:
+ Remove duplicate Requires: line in generated rpm spec file.
[335703b110c7]
* pp:
@@ -13883,10 +14710,113 @@
Solaris sh where simply using typeset doesn't causes the variable to
be treated as local so we can inadvertantly inherit a value from a
previous call.
+ [9018323475fe] <1.8>
+
+ * pp:
+ In pp_files_expand() set _target to be empty. Fixes a problem with
+ Solaris sh where simply using typeset doesn't causes the variable to
+ be treated as local so we can inadvertantly inherit a value from a
+ previous call.
[f3cecca3c7b0]
+ * .hgtags:
+ Added tag SUDO_1_8_11 for changeset b0778dffd245
+ [db1efb7d426d] <1.8>
+
2014-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * INSTALL, Makefile.in, NEWS, common/Makefile.in, common/aix.c,
+ common/alloc.c, common/atobool.c, common/atoid.c, common/atomode.c,
+ common/event.c, common/event_poll.c, common/event_select.c,
+ common/fatal.c, common/fileops.c, common/fmt_string.c,
+ common/gidlist.c, common/lbuf.c, common/progname.c,
+ common/regress/atofoo/atofoo_test.c,
+ common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_conf/test1.in,
+ common/regress/sudo_conf/test1.out.ok,
+ common/regress/sudo_conf/test2.in,
+ common/regress/sudo_conf/test2.out.ok,
+ common/regress/sudo_conf/test3.in,
+ common/regress/sudo_conf/test3.out.ok,
+ common/regress/sudo_conf/test4.in,
+ common/regress/sudo_conf/test4.out.ok,
+ common/regress/sudo_conf/test5.err.ok,
+ common/regress/sudo_conf/test5.in,
+ common/regress/sudo_conf/test5.out.ok,
+ common/regress/sudo_conf/test6.in,
+ common/regress/sudo_conf/test6.out.ok,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/sudo_parseln/test1.in,
+ common/regress/sudo_parseln/test1.out.ok,
+ common/regress/sudo_parseln/test2.in,
+ common/regress/sudo_parseln/test2.out.ok,
+ common/regress/sudo_parseln/test3.in,
+ common/regress/sudo_parseln/test3.out.ok,
+ common/regress/sudo_parseln/test4.in,
+ common/regress/sudo_parseln/test4.out.ok,
+ common/regress/sudo_parseln/test5.in,
+ common/regress/sudo_parseln/test5.out.ok,
+ common/regress/sudo_parseln/test6.in,
+ common/regress/sudo_parseln/test6.out.ok,
+ common/regress/tailq/hltq_test.c, common/secure_path.c,
+ common/setgroups.c, common/sudo_conf.c, common/sudo_debug.c,
+ common/sudo_dso.c, common/sudo_printf.c, common/term.c,
+ common/ttysize.c, compat/Makefile.in, compat/charclass.h,
+ compat/clock_gettime.c, compat/closefrom.c, compat/endian.h,
+ compat/fnmatch.c, compat/fnmatch.h, compat/getaddrinfo.c,
+ compat/getaddrinfo.h, compat/getcwd.c, compat/getgrouplist.c,
+ compat/getline.c, compat/getopt.h, compat/getopt_long.c,
+ compat/glob.c, compat/glob.h, compat/inet_pton.c, compat/isblank.c,
+ compat/memrchr.c, compat/memset_s.c, compat/mksiglist.c,
+ compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h,
+ compat/mktemp.c, compat/nss_dbdefs.h, compat/pw_dup.c,
+ compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
+ compat/regress/glob/globtest.c, compat/regress/glob/globtest.in,
+ compat/sig2str.c, compat/siglist.in, compat/snprintf.c,
+ compat/stdbool.h, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/strtonum.c, compat/timespec.h,
+ compat/utime.h, compat/utimes.c, config.h.in, configure,
+ configure.ac, doc/CONTRIBUTORS, doc/sudo.cat, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/visudo.cat, doc/visudo.man.in, include/alloc.h, include/fatal.h,
+ include/fileops.h, include/gettext.h, include/lbuf.h,
+ include/missing.h, include/queue.h, include/secure_path.h,
+ lib/util/Makefile.in, lib/util/event.c, lib/util/getgrouplist.c,
+ mkpkg, plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c,
+ plugins/sudoers/sha2.c, plugins/sudoers/sha2.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ po/sudo.pot, src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/po/README, src/po/ca.mo, src/po/ca.po,
+ src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po,
+ src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
+ src/po/es.mo, src/po/es.po, src/po/eu.mo, src/po/eu.po,
+ src/po/fi.mo, src/po/fi.po, src/po/fr.mo, src/po/fr.po,
+ src/po/gl.mo, src/po/gl.po, src/po/hr.mo, src/po/hr.po,
+ src/po/it.mo, src/po/it.po, src/po/ja.mo, src/po/ja.po,
+ src/po/nl.mo, src/po/nl.po, src/po/pl.mo, src/po/pl.po,
+ src/po/pt_BR.mo, src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po,
+ src/po/sl.mo, src/po/sl.po, src/po/sr.mo, src/po/sr.po,
+ src/po/sudo.pot, src/po/sv.mo, src/po/sv.po, src/po/tr.mo,
+ src/po/tr.po, src/po/uk.mo, src/po/uk.po, src/po/vi.mo,
+ src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po, src/sudo.c,
+ src/ttyname.c, zlib/Makefile.in, zlib/adler32.c, zlib/compress.c,
+ zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, zlib/deflate.h,
+ zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c,
+ zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, zlib/inffast.h,
+ zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c,
+ zlib/inftrees.h, zlib/trees.c, zlib/trees.h, zlib/uncompr.c,
+ zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Merge sudo 1.8.11 from trunk
+ [b0778dffd245] [SUDO_1_8_11] <1.8>
+
* configure, configure.ac:
Fix version for release.
[39f6a2e9a098]
@@ -14814,17 +15744,6 @@
Fix sudo when --disable-shared configure option was specified.
[07899f6b43f0]
-2014-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * configure, configure.ac, lib/util/Makefile.in,
- plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
- plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
- src/Makefile.in:
- Use libtool to install/uninstall the plugins and sudo_noexec.
- [18ae09c53f2e]
-
-2014-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
-
* configure, m4/libtool.m4:
Do not set an internal name for HP-UX modules, only archives. This
works around a problem with some versions of HP-UX ld where setting
@@ -14843,6 +15762,13 @@
2014-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Use libtool to install/uninstall the plugins and sudo_noexec.
+ [18ae09c53f2e]
+
* configure, ltmain.sh, m4/libtool.m4:
Fix my typos in the HP-UX libtool patch
[6e70066d86bb]
@@ -14984,50 +15910,6 @@
we no longer link sudo directly with libdl.so.
[fe6942873c2d]
- * MANIFEST, Makefile.in, include/lbuf.h, include/sudo_lbuf.h,
- lib/util/Makefile.in, lib/util/lbuf.c, lib/util/util.exp,
- plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
- plugins/sudoers/parse.c, plugins/sudoers/sssd.c,
- plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
- plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
- plugins/sudoers/toke.l, src/Makefile.in, src/parse_args.c:
- Don't pollute the namespace with lbuf struct and functions
- [7859e3c22fb9]
-
- * include/sudo_util.h, lib/util/gidlist.c, lib/util/util.exp,
- plugins/sudoers/policy.c, src/sudo.c:
- Rename parse_gid_list -> sudo_parse_gids to avoid namespace
- pollution.
- [d88f3cab97e1]
-
- * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
- lib/util/fmt_string.c, lib/util/key_val.c, lib/util/util.exp,
- plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
- src/Makefile.in, src/exec_common.c, src/parse_args.c, src/sudo.c:
- Rename fmt_string -> sudo_new_key_val to better describe its
- function.
- [f9061e319cc3]
-
- * include/fileops.h, lib/util/fileops.c, lib/util/util.exp,
- plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
- plugins/sudoers/logging.c, plugins/sudoers/timestamp.c,
- plugins/sudoers/visudo.c, src/sudo_edit.c:
- Remove touch() from fileops.c and just call utimes/futimes directly.
- Rename lock_file -> sudo_lock_file to avoid namespace pollution
- [ec08128b6900]
-
- * NEWS, configure, configure.ac:
- Sudo 1.8.11
- [5fb775825aab]
-
- * include/fatal.h, lib/util/fatal.c, lib/util/util.exp,
- plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
- plugins/sudoers/sudoers.c:
- Remove use of setjmp/longjmp in the sudoers plugin. We no longer
- call fatal() except in the malloc wrappers and due to libsudo_util
- there is now a single copy of fatal/fatalx.
- [109407210f9c]
-
* MANIFEST, Makefile.in, doc/Makefile.in, include/alloc.h,
include/compat/fnmatch.h, include/compat/getaddrinfo.h,
include/compat/getopt.h, include/compat/glob.h,
@@ -15051,6 +15933,50 @@
using __dso_public.
[18faff6ab915]
+ * include/fatal.h, lib/util/fatal.c, lib/util/util.exp,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c:
+ Remove use of setjmp/longjmp in the sudoers plugin. We no longer
+ call fatal() except in the malloc wrappers and due to libsudo_util
+ there is now a single copy of fatal/fatalx.
+ [109407210f9c]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.11
+ [5fb775825aab]
+
+ * include/fileops.h, lib/util/fileops.c, lib/util/util.exp,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
+ Remove touch() from fileops.c and just call utimes/futimes directly.
+ Rename lock_file -> sudo_lock_file to avoid namespace pollution
+ [ec08128b6900]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/fmt_string.c, lib/util/key_val.c, lib/util/util.exp,
+ plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
+ src/Makefile.in, src/exec_common.c, src/parse_args.c, src/sudo.c:
+ Rename fmt_string -> sudo_new_key_val to better describe its
+ function.
+ [f9061e319cc3]
+
+ * include/sudo_util.h, lib/util/gidlist.c, lib/util/util.exp,
+ plugins/sudoers/policy.c, src/sudo.c:
+ Rename parse_gid_list -> sudo_parse_gids to avoid namespace
+ pollution.
+ [d88f3cab97e1]
+
+ * MANIFEST, Makefile.in, include/lbuf.h, include/sudo_lbuf.h,
+ lib/util/Makefile.in, lib/util/lbuf.c, lib/util/util.exp,
+ plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, src/Makefile.in, src/parse_args.c:
+ Don't pollute the namespace with lbuf struct and functions
+ [7859e3c22fb9]
+
* config.h.in, configure, configure.ac, include/compat/fnmatch.h,
include/compat/getaddrinfo.h, include/compat/getopt.h,
include/compat/glob.h, include/missing.h, lib/util/clock_gettime.c,
@@ -15359,6 +16285,15 @@
2014-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_10p3 for changeset 1b6396910792
+ [4504146bc230] <1.8>
+
+ * compat/getgrouplist.c, plugins/group_file/group_file.c,
+ plugins/system_group/system_group.c:
+ deal with NULL gr_mem here too
+ [1b6396910792] [SUDO_1_8_10p3] <1.8>
+
* compat/getgrouplist.c, plugins/group_file/group_file.c,
plugins/system_group/system_group.c:
deal with NULL gr_mem here too
@@ -15366,6 +16301,10 @@
* NEWS, configure, configure.ac:
Sudo 1.8.10p3
+ [367a743e8c47] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.10p3
[3f415a180023]
2014-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -15401,6 +16340,13 @@
poll() or select() returns 0 and there are no active events. This
fixes a problem on some systems where the last buffer was not being
written when the command exited.
+ [4340e0967e91] <1.8>
+
+ * common/event.c:
+ Fix non-blocking mode. We only want to exit the event loop when
+ poll() or select() returns 0 and there are no active events. This
+ fixes a problem on some systems where the last buffer was not being
+ written when the command exited.
[deb6b1a7b241]
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
@@ -15452,12 +16398,22 @@
* plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
Make get_boottime() return bool.
+ [c405be621507] <1.8>
+
+ * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
+ Make get_boottime() return bool.
[9ff15a995d01]
* doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
Fix fd leak on Linux when determing boot time. This is usually
masked by the closefrom() call in sudo. From Jamie Anderson. Bug
#645
+ [5c0ee562df88] <1.8>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
+ Fix fd leak on Linux when determing boot time. This is usually
+ masked by the closefrom() call in sudo. From Jamie Anderson. Bug
+ #645
[0b4c430e8b88]
2014-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -15512,10 +16468,21 @@
changing the user. This is the correct flag to use with a program
that changes the uid like su or sudo and fixes a role problem on
Solaris. From Gary Winiger; Bug #642
+ [4c0eab1a5617] <1.8>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
+ Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
+ changing the user. This is the correct flag to use with a program
+ that changes the uid like su or sudo and fixes a role problem on
+ Solaris. From Gary Winiger; Bug #642
[ec23c3bf41bb]
* plugins/sudoers/defaults.c:
pam_setcred should default to true; from Gary Winiger Bug #642
+ [89a73675963a] <1.8>
+
+ * plugins/sudoers/defaults.c:
+ pam_setcred should default to true; from Gary Winiger Bug #642
[23e6628ec546]
2014-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -15566,10 +16533,22 @@
plugins/sudoers/regress/testsudoers/test7.out.ok,
plugins/sudoers/regress/testsudoers/test7.sh:
Fix matching of uids and gids broken in sudo 1.8.9.
+ [d4048708102e] <1.8>
+
+ * MANIFEST, plugins/sudoers/match.c,
+ plugins/sudoers/regress/testsudoers/test6.out.ok,
+ plugins/sudoers/regress/testsudoers/test6.sh,
+ plugins/sudoers/regress/testsudoers/test7.out.ok,
+ plugins/sudoers/regress/testsudoers/test7.sh:
+ Fix matching of uids and gids broken in sudo 1.8.9.
[315eff4add59]
* plugins/sudoers/testsudoers.c:
Fix -P option in usage()
+ [4465be0a9010] <1.8>
+
+ * plugins/sudoers/testsudoers.c:
+ Fix -P option in usage()
[50753b6222b7]
2014-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -15702,16 +16681,6 @@
placeholders for future audit hooks.
[434ee47c83dc]
-2014-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
- plugins/sudoers/auth/sudo_auth.h:
- Remove unused FLAG_USER auth flag. We have no auth methods that
- require that authentication be run as the invoking user.
- [4a9a9f557cb1]
-
-2014-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
-
* src/net_ifs.c:
Fix aliasing warning in old-style interface probe code.
[1d6ce6f46da1]
@@ -15731,10 +16700,24 @@
plugins/sudoers/sudoers.h:
Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
or targetpw is set. Bug #639
+ [7d253b9abfc1] <1.8>
+
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/sudoers.h:
+ Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
+ or targetpw is set. Bug #639
[dff0208d1194]
2014-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_10p2 for changeset 78452d8fb950
+ [f4c8a00a83eb] <1.8>
+
+ * NEWS, configure, configure.ac, doc/visudo.cat, doc/visudo.man.in:
+ Merge sudo 1.8.10p2 from trunk
+ [78452d8fb950] [SUDO_1_8_10p2] <1.8>
+
* NEWS, configure, configure.ac:
Sudo 1.8.10p2
[774ebec63b41]
@@ -15753,6 +16736,15 @@
2014-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_10p1 for changeset 8c6c509e8f93
+ [532e16482b03] <1.8>
+
+ * NEWS, common/Makefile.in, configure, configure.ac,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Merge sudo 1.8.10p1 from trunk.
+ [8c6c509e8f93] [SUDO_1_8_10p1] <1.8>
+
* NEWS, configure, configure.ac:
Sudo 1.8.10p1
[33828a3385ad]
@@ -15788,8 +16780,29 @@
Fix diff of toke and err output files in "make check"
[485cdf3c75e7]
+2014-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_8_10 for changeset 0bee95ccb32d
+ [08b09b3d5531] <1.8>
+
2014-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * INSTALL, Makefile.in, NEWS, common/Makefile.in, config.h.in,
+ configure, configure.ac, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, mkpkg, plugins/group_file/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/exec_pty.c, src/ttyname.c:
+ Merge sudo 1.8.10 from trunk
+ [0bee95ccb32d] [SUDO_1_8_10] <1.8>
+
* src/po/de.mo, src/po/de.po:
sync with translationproject.org
[d246c72a2350]
@@ -15845,6 +16858,12 @@
Fix typo in setreuid() PERM_ROOT error message.
[533415f53165]
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Remove unused FLAG_USER auth flag. We have no auth methods that
+ require that authentication be run as the invoking user.
+ [4a9a9f557cb1]
+
* mkpkg:
No longer need to disable setresuid() on debian.
[96ba687c35f0]
@@ -16120,6 +17139,22 @@
Update for sudo 1.8.9p5
[efb737c32615]
+ * .hgtags:
+ Added tag SUDO_1_8_9p5 for changeset 3ee678307ef4
+ [f26286408d41] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p5
+ [3ee678307ef4] [SUDO_1_8_9p5] <1.8>
+
+ * src/preserve_fds.c:
+ When the closefrom limit is greater than any of the preserved fds,
+ the pfds list will be non-empty but lastfd will be -1 triggering an
+ ecalloc(0) assertion. Instead, test for lastfd being -1 and make
+ sure we always update it, even if dup() fails. Also restore initial
+ value of lowfd after we are done relocating. Fixes bug #633
+ [74edc1fb146e] <1.8>
+
* src/preserve_fds.c:
When the closefrom limit is greater than any of the preserved fds,
the pfds list will be non-empty but lastfd will be -1 triggering an
@@ -16289,6 +17324,14 @@
directory.
[7e16eb37bacc]
+ * common/atomode.c:
+ Zero out errstr when there is no error; fixes bug #632
+ [b92cf96181a2] <1.8>
+
+ * common/atomode.c:
+ Zero out errstr when there is no error; fixes bug #632
+ [74950ef1a0dc]
+
2014-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
@@ -16298,12 +17341,6 @@
runas_pw.
[73a13ccc7933]
-2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * common/atomode.c:
- Zero out errstr when there is no error; fixes bug #632
- [74950ef1a0dc]
-
2014-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.ac, plugins/sudoers/interfaces.c,
@@ -16318,15 +17355,28 @@
* include/missing.h:
Fix typo, ULONG_MAX vs. ULLONG_MAX
+ [e8c08b4c845a] <1.8>
+
+ * include/missing.h:
+ Fix typo, ULONG_MAX vs. ULLONG_MAX
[5d274daa9fb1]
* plugins/sudoers/sudo_nss.c:
Fix typo in the AIX case.
+ [5d4ee88e90a7] <1.8>
+
+ * plugins/sudoers/sudo_nss.c:
+ Fix typo in the AIX case.
[ee531c950fce]
* plugins/sudoers/sudo_nss.c:
Size pointer for sudo_parseln() should be size_t not ssize_t. This
was already correct for the nsswitch.conf case.
+ [982e95bf4a39] <1.8>
+
+ * plugins/sudoers/sudo_nss.c:
+ Size pointer for sudo_parseln() should be size_t not ssize_t. This
+ was already correct for the nsswitch.conf case.
[cfaf895c1db4]
2014-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -16374,6 +17424,14 @@
Eliminate dead store found by clang checker.
[86874d5340f1]
+ * .hgtags:
+ Added tag SUDO_1_8_9p4 for changeset dd9558752283
+ [af887ad59425] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p4
+ [dd9558752283] [SUDO_1_8_9p4] <1.8>
+
* NEWS, configure, configure.ac:
Update for sudo 1.8.9p4
[f79ab7c6c1c5]
@@ -16381,6 +17439,11 @@
* common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
When relocating fds, update the debug fd if it is set so we are
guaranteed to get debugging output.
+ [09a89709b9c4] <1.8>
+
+ * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
+ When relocating fds, update the debug fd if it is set so we are
+ guaranteed to get debugging output.
[b1deaa472aa6]
2014-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -16389,6 +17452,12 @@
If the event loop exits due to an error and we are not logging I/O,
kill the command if still running. Fixes a bug where sudo could exit
while the command was still running.
+ [9c108f87b6a2] <1.8>
+
+ * src/exec.c:
+ If the event loop exits due to an error and we are not logging I/O,
+ kill the command if still running. Fixes a bug where sudo could exit
+ while the command was still running.
[844018ff8a8c]
* src/preserve_fds.c:
@@ -16398,11 +17467,25 @@
debugging fd could be relocated to the same fd as the error
backchannel temporarily, resulting in debugging output being printed
to the backchannel if util@debug was enabled.
+ [0c9606ee7ba5] <1.8>
+
+ * src/preserve_fds.c:
+ When relocating preserved fds, start with the highest ones first to
+ avoid moving fds around more than we have to. Now uses a bitmap to
+ keep track of which fds are being preserved. Fixes a bug where the
+ debugging fd could be relocated to the same fd as the error
+ backchannel temporarily, resulting in debugging output being printed
+ to the backchannel if util@debug was enabled.
[55e006dbeaf3]
* src/preserve_fds.c:
When restoring fds traverse list from high -> low, not low -> high
to avoid implicitly closing an fd we want to relocate.
+ [36380b9c4c0b] <1.8>
+
+ * src/preserve_fds.c:
+ When restoring fds traverse list from high -> low, not low -> high
+ to avoid implicitly closing an fd we want to relocate.
[6351225f47d7]
* src/exec.c:
@@ -16410,6 +17493,13 @@
the other end of the backchannel is closed. Just remove the
backchannel event in this case or we will continue to receive the
event. Bug #631
+ [8b45840a91c0] <1.8>
+
+ * src/exec.c:
+ If not logging I/O we may get EOF when the command is executed and
+ the other end of the backchannel is closed. Just remove the
+ backchannel event in this case or we will continue to receive the
+ event. Bug #631
[a204b69d91f7]
* src/po/sr.mo, src/po/sr.po:
@@ -16418,18 +17508,78 @@
2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_9p3 for changeset 37fc8a4e815c
+ [89d8e653c664] <1.8>
+
+ * src/ttyname.c:
+ Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
+ [37fc8a4e815c] [SUDO_1_8_9p3] <1.8>
+
* src/ttyname.c:
Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
[3448dffe9701]
* NEWS, configure, configure.ac:
Update for sudo 1.8.9p3
+ [9ae534bdf6c5] <1.8>
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p3
[22e5a6f69999]
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Do not leak old istack if realloc fails; found by cppcheck. Also
+ modify yyless() to avoid a harmless cppcheck warning every time it
+ is used.
+ [021077017a23]
+
+ * common/term.c:
+ Add suppression line to quiet a bogus (inconclusive) cppcheck
+ warning.
+ [065207271e5d]
+
+ * plugins/group_file/plugin_test.c:
+ Make this compile again
+ [f0ff8df475e8]
+
* plugins/sudoers/logwrap.c:
Remove dead store; found by cppcheck
[a59833af3401]
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Add cppcheck target to run cppcheck on all source files.
+ [d207c2ef49a2]
+
+2014-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_8_9p2 for changeset 25da8040f402
+ [ed8a0ba4ec58] <1.8>
+
+ * NEWS, config.h.in, configure, configure.ac:
+ Merge sudo 1.8.9p2 from trunk
+ [25da8040f402] [SUDO_1_8_9p2] <1.8>
+
+2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p2
+ [2e7fe6e371a4]
+
+ * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
+ m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to libtool-2.4.2.418
+ [d1dbed89d733]
+
+ * config.guess, config.sub:
+ Update from http://git.savannah.gnu.org/gitweb/?p=config.git
+ [2b5e32d23be5]
+
2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
* src/sesh.c:
@@ -16461,54 +17611,20 @@
Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck.
[f2619d2eb7a8]
-2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/group_file/plugin_test.c:
- Make this compile again
- [f0ff8df475e8]
-
- * common/term.c:
- Add suppression line to quiet a bogus (inconclusive) cppcheck
- warning.
- [065207271e5d]
-
- * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
- Do not leak old istack if realloc fails; found by cppcheck. Also
- modify yyless() to avoid a harmless cppcheck warning every time it
- is used.
- [021077017a23]
-
- * Makefile.in, common/Makefile.in, compat/Makefile.in,
- doc/Makefile.in, include/Makefile.in,
- plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
- plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
- src/Makefile.in, zlib/Makefile.in:
- Add cppcheck target to run cppcheck on all source files.
- [d207c2ef49a2]
-
-2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * NEWS, configure, configure.ac:
- Update for sudo 1.8.9p2
- [2e7fe6e371a4]
-
- * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
- m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
- Update to libtool-2.4.2.418
- [d1dbed89d733]
-
- * config.guess, config.sub:
- Update from http://git.savannah.gnu.org/gitweb/?p=config.git
- [2b5e32d23be5]
-
-2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
-
* NEWS:
Sudo 1.8.9 also fixes bug #617
[cc5c18228719]
2014-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_9p1 for changeset 533cffd52bf7
+ [2396eb3187be] <1.8>
+
+ * NEWS, configure, configure.ac, plugins/sudoers/iolog.c:
+ Merge sudo 1.8.9p1 from trunk.
+ [533cffd52bf7] [SUDO_1_8_9p1] <1.8>
+
* NEWS:
The fix for the hang was already in the 1.8.9 tarballs.
[f038ebcc1071]
@@ -16539,6 +17655,27 @@
sudo_ev_loopcontinue().
[1723561c46b0]
+ * .hgtags:
+ Added tag SUDO_1_8_9 for changeset 022007ba7bb4
+ [0025b0b10716] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, common/Makefile.in, common/list.c,
+ compat/dlfcn.h, compat/dlopen.c, compat/getprogname.c,
+ compat/nanosleep.c, config.h.in, configure, configure.ac,
+ configure.in, doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
+ doc/visudo.cat, doc/visudo.man.in, include/list.h, mkpkg,
+ plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/po/sudo.pot, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.9 from trunk.
+ [022007ba7bb4] [SUDO_1_8_9] <1.8>
+
* NEWS:
Update for 1.8.9 final.
[d49c14d21410]
@@ -17711,6 +18848,26 @@
2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_8 for changeset 556477b26944
+ [029d30018f5e] <1.8>
+
+ * NEWS, common/Makefile.in, common/error.c, common/zero_bytes.c,
+ config.h.in, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, include/error.h, mkpkg,
+ plugins/group_file/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/parse_args.c, src/po/sudo.pot, src/sudo.c:
+ Merge sudo 1.8.8 from trunk.
+ [556477b26944] [SUDO_1_8_8] <1.8>
+
* include/missing.h:
Include stddef.h for rsize_t and errno_t on systems that support it
natively.
@@ -17889,14 +19046,6 @@
DYLD_FORCE_FLAT_NAMESPACE=1.
[a82999dff8e6]
-2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/ldap.c:
- Fix error display from ldap_ssl_client_init(). There are two error
- codes. The return value can be decoded via ldap_err2string() but the
- ssl reason code cannot (you have to look it up in a table online).
- [0267125ce9f0]
-
2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
@@ -17962,6 +19111,12 @@
session-specific environment variables.
[b413fb9e1c77]
+ * plugins/sudoers/ldap.c:
+ Fix error display from ldap_ssl_client_init(). There are two error
+ codes. The return value can be decoded via ldap_err2string() but the
+ ssl reason code cannot (you have to look it up in a table online).
+ [0267125ce9f0]
+
2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
@@ -18479,12 +19634,45 @@
2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_7 for changeset 27c89c95d1c2
+ [6c7cec552ea3] <1.8>
+
+ * doc/visudo.cat, doc/visudo.man.in:
+ Merge typo fix from trunk
+ [27c89c95d1c2] [SUDO_1_8_7] <1.8>
+
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
Fix typo; bug 605
[41f7b46a6e51]
2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+ * INSTALL, Makefile.in, NEWS, README, common/Makefile.in, config.h.in,
+ configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in, mkpkg, plugins/group_file/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c,
+ plugins/sample_group/sample_group.exp, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/mon_systrace.h, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/sudoers/test10.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test11.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.out.ok,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/visudo.c, src/Makefile.in, src/error.c,
+ src/exec_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/po/sudo.pot, src/sudo.c, src/ttyname.c:
+ Merge sudo 1.8.7 from trunk for release.
+ [417e640b4411] <1.8>
+
* src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
src/po/tr.mo:
Regen .mo files that were out of date.
@@ -19019,6 +20207,24 @@
standalone authentication methods.
[7eba4439db73]
+ * NEWS:
+ Fix typo
+ [f9c859bb2aae] <1.8>
+
+ * .hgtags:
+ Added tag SUDO_1_8_6p8 for changeset 1d2d78415eed
+ [66a7fa13334e] <1.8>
+
+ * NEWS, configure, configure.in:
+ Update for sudo 1.8.6p8
+ [1d2d78415eed] [SUDO_1_8_6p8] <1.8>
+
+ * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
+ Check for crypt() returning NULL. Traditionally, crypt() never
+ returned NULL but newer versions of eglibc have a crypt() that does.
+ Bug #598
+ [e0928108c18b] <1.8>
+
* plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
Check for crypt() returning NULL. Traditionally, crypt() never
returned NULL but newer versions of eglibc have a crypt() that does.
@@ -19046,16 +20252,30 @@
* mkpkg:
Disable PIE on Solaris where it is not really supported.
+ [2ecea6093862] <1.8>
+
+ * mkpkg:
+ Disable PIE on Solaris where it is not really supported.
[c36c84cdcc7a]
* src/ttyname.c:
AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
before we try to match it against st_rdev.
+ [6f16a64ebf22] <1.8>
+
+ * src/ttyname.c:
+ AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
+ before we try to match it against st_rdev.
[5dab449fb962]
* src/ttyname.c:
Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
a problem finding the tty name when it is not in /dev/pts.
+ [5ab14529a774] <1.8>
+
+ * src/ttyname.c:
+ Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
+ a problem finding the tty name when it is not in /dev/pts.
[6c205d087fa0]
* compat/snprintf.c:
@@ -19666,6 +20886,30 @@
2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_6p7 for changeset ebd6cc75020f
+ [87c1a5cea66b] <1.8>
+
+ * plugins/sudoers/check.c:
+ Completely ignore time stamp file if it is set to the epoch,
+ regardless of what gettimeofday() returns.
+ [ebd6cc75020f] [SUDO_1_8_6p7] <1.8>
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Store the session ID in the tty ticket file too. A tty may only be
+ in one session at a time so if the session ID doesn't match we
+ ignore the ticket.
+ [049a12a5cc14] <1.8>
+
+ * configure, configure.in:
+ Sudo 1.8.6p7
+ [3334bc872111] <1.8>
+
+ * NEWS:
+ Update for Sudo 1.8.6p7
+ [3b853ddc529c] <1.8>
+
* NEWS:
Update for Sudo 1.8.6p7
[0858a73e9c40]
@@ -19899,6 +21143,10 @@
* NEWS:
Add Sudo 1.8.6p7
+ [77480be0f378] <1.8>
+
+ * NEWS:
+ Add Sudo 1.8.6p7
[5192fc511cbe]
2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20051,12 +21299,24 @@
2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_6p6 for changeset 9963ed81732d
+ [eda4cb921ce8] <1.8>
+
+ * NEWS:
+ Clarify ttyname changes.
+ [9963ed81732d] [SUDO_1_8_6p6] <1.8>
+
* NEWS:
Clarify ttyname changes.
[cbf2f80fe582]
* NEWS:
Add 1.8.6p6
+ [162ea7fae117] <1.8>
+
+ * NEWS:
+ Add 1.8.6p6
[3aa591e98b3b]
* src/ttyname.c:
@@ -20064,6 +21324,13 @@
kernel for the tty device via /proc or sysctl(). If there is no
controlling tty, it is better to just treat the tty as unknown
rather than to blindly use what is hooked up to std{in,out,err}.
+ [2f3225a2a4a4] <1.8>
+
+ * src/ttyname.c:
+ Remove ttyname() fall back code on systems where we can query the
+ kernel for the tty device via /proc or sysctl(). If there is no
+ controlling tty, it is better to just treat the tty as unknown
+ rather than to blindly use what is hooked up to std{in,out,err}.
[b2bd3005d2e4]
2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20096,11 +21363,28 @@
Add regress test for bug 361
[54c7fb61b82d]
+ * .hgtags:
+ Added tag SUDO_1_8_6p5 for changeset e16ecb5c6677
+ [dbbaa562b897] <1.8>
+
+ * plugins/sudoers/iolog.c:
+ Add __dso_public to extern declaration of declaration to match
+ actual definition.
+ [e16ecb5c6677] [SUDO_1_8_6p5] <1.8>
+
* plugins/sudoers/iolog.c:
Add __dso_public to extern declaration of declaration to match
actual definition.
[4695ded501e6]
+ * configure, configure.in:
+ Sudo 1.8.6p5
+ [8d7c8bd159c5] <1.8>
+
+ * NEWS:
+ Add 1.8.6p5
+ [1cb9b7c4f626] <1.8>
+
* NEWS:
Add 1.8.6p5
[b07b28c5c4d7]
@@ -20117,6 +21401,11 @@
* plugins/sudoers/visudo.c:
Fix potential stack overflow due to infinite recursion in alias
cycle detection. From Daniel Kopecek.
+ [77f2228877bc] <1.8>
+
+ * plugins/sudoers/visudo.c:
+ Fix potential stack overflow due to infinite recursion in alias
+ cycle detection. From Daniel Kopecek.
[d7e018a87434]
* common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
@@ -20164,6 +21453,12 @@
Use _getgroupsbymember() on Solaris to get the groups list. Fixes
performance problems with the getgroupslist() compat on Solaris
systems with network-based group databases.
+ [6ab76bea5ea4] <1.8>
+
+ * compat/getgrouplist.c, config.h.in, configure, configure.in:
+ Use _getgroupsbymember() on Solaris to get the groups list. Fixes
+ performance problems with the getgroupslist() compat on Solaris
+ systems with network-based group databases.
[287d3ae2ce8d]
2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20201,10 +21496,20 @@
Rename signal handler to avoid name clash with one in exec.c
[8913101a29b6]
+2013-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_8_6p4 for changeset 708b8db3b30e
+ [c947aaef4880] <1.8>
+
2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
* src/sudo.c:
Add missing call to save_signals().
+ [708b8db3b30e] [SUDO_1_8_6p4] <1.8>
+
+ * src/sudo.c:
+ Add missing call to save_signals().
[47d075d7326b]
2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20249,6 +21554,11 @@
* configure, configure.in:
Use -fstack-protector-all in preference to -fstack-protector where
supported.
+ [52ac4eadf5c9] <1.8>
+
+ * configure, configure.in:
+ Use -fstack-protector-all in preference to -fstack-protector where
+ supported.
[f930c95ceb51]
2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20256,10 +21566,23 @@
* configure, configure.in:
Only test for -fstack-protector and -fvisibility=hidden on GNU
compatible compilers.
+ [5f31c5b4edc9] <1.8>
+
+ * configure, configure.in:
+ Only test for -fstack-protector and -fvisibility=hidden on GNU
+ compatible compilers.
[796f4696d863]
2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Sudo 1.8.6p4
+ [e8032237c4b1] <1.8>
+
+ * NEWS:
+ Add Sudo 1.8.6p4
+ [88358d481baa] <1.8>
+
* NEWS:
Add Sudo 1.8.6p4
[8a928de8e717]
@@ -20270,6 +21593,14 @@
src/Makefile.in:
Break out stack smashing protector options into SSP_CFLAGS and
SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
+ [9c3662776afa] <1.8>
+
+ * common/Makefile.in, compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Break out stack smashing protector options into SSP_CFLAGS and
+ SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
[01be114fc9fb]
2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20278,6 +21609,12 @@
In rbrepair(), make sure we never try to change the color of the
sentinel node, which is the first entry, not the root. From Michael
King
+ [24ebb817e1ee] <1.8>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
+ In rbrepair(), make sure we never try to change the color of the
+ sentinel node, which is the first entry, not the root. From Michael
+ King
[3fc4dc4004ec]
2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20296,6 +21633,10 @@
* configure, configure.in:
Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
+ [ce07ef64d410] <1.8>
+
+ * configure, configure.in:
+ Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
[9ed48f696595]
2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20552,6 +21893,10 @@
* plugins/sudoers/visudo.c:
Avoid NULL deref for unknown Defaults in strict mode.
+ [4c2d9717d91e] <1.8>
+
+ * plugins/sudoers/visudo.c:
+ Avoid NULL deref for unknown Defaults in strict mode.
[545c21c1e7d6]
* common/sudo_conf.c, common/sudo_debug.c:
@@ -20567,6 +21912,11 @@
* plugins/sudoers/Makefile.in:
Fold preinstall into install-plugin and pass the path to the plugin
binary to the preinstall command.
+ [994f8f58495e] <1.8>
+
+ * plugins/sudoers/Makefile.in:
+ Fold preinstall into install-plugin and pass the path to the plugin
+ binary to the preinstall command.
[2c2205af8bb7]
* pp:
@@ -20692,19 +22042,6 @@
Expand def_mailsub in the sudoers locale, not the user's.
[a4775f2fb385]
- * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
- plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
- plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
- plugins/sudoers/env.c, plugins/sudoers/iolog.c,
- plugins/sudoers/locale.c, plugins/sudoers/logging.c,
- plugins/sudoers/logging.h, plugins/sudoers/parse.c,
- plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
- plugins/sudoers/timestamp.c:
- Call gettext inside log_error et al instead of having the caller do
- it. This way we can display any messages to the user in their own
- locale but log in the sudoers local.
- [286e0444f785]
-
* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
@@ -20721,17 +22058,18 @@
Display warning/error messages in the user's locale.
[00a04165c0cf]
- * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
- plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
- audit_failure() now calls gettext itself using the sudoers locale.
- [d77f1d78799a]
-
- * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
- plugins/sudoers/sudoers.c:
- Convert setlocale() to sudoers_setlocale() in the sudoers module.
- This only converts existing uses, there are more places where we
- need to sprinkle sudoers_setlocale() calls.
- [8ee0cbf0d0a9]
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/timestamp.c:
+ Call gettext inside log_error et al instead of having the caller do
+ it. This way we can display any messages to the user in their own
+ locale but log in the sudoers local.
+ [286e0444f785]
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
plugins/sudoers/locale.c, plugins/sudoers/logging.h,
@@ -20741,6 +22079,18 @@
setlocale() calls when we don't need to.
[5c61582fdeee]
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c:
+ Convert setlocale() to sudoers_setlocale() in the sudoers module.
+ This only converts existing uses, there are more places where we
+ need to sprinkle sudoers_setlocale() calls.
+ [8ee0cbf0d0a9]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ audit_failure() now calls gettext itself using the sudoers locale.
+ [d77f1d78799a]
+
* common/sudo_debug.c, include/error.h, include/sudo_debug.h,
plugins/sudoers/plugin_error.c, src/error.c:
Add variants of warn/error and sudo_debug_printf that take a va_list
@@ -20763,15 +22113,31 @@
Do not inform the user that the command was not permitted by the
policy if they do not successfully authenticate. This is a
regression introduced in sudo 1.8.6.
+ [e5c1e760954e] <1.8>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
+ Do not inform the user that the command was not permitted by the
+ policy if they do not successfully authenticate. This is a
+ regression introduced in sudo 1.8.6.
[c1279df08bfb]
* plugins/sudoers/Makefile.in:
Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
the rpath in HP-UX SOM shared libraries for the LDAP libs.
+ [685796ea58fe] <1.8>
+
+ * plugins/sudoers/Makefile.in:
+ Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
+ the rpath in HP-UX SOM shared libraries for the LDAP libs.
[b07185657b42]
* src/parse_args.c:
The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
+ [4e112e7da105] <1.8>
+
+ * src/parse_args.c:
+ The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
[22c73cbe3ff9]
2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20785,6 +22151,11 @@
* doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
Allow sudo to be build with sss support without also including ldap
support. From Stephane Graber.
+ [7e0bd9191589] <1.8>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
+ Allow sudo to be build with sss support without also including ldap
+ support. From Stephane Graber.
[b992a80ebea1]
2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -20917,6 +22288,12 @@
Fix running commands that need the terminal in the background when
I/O logging is enabled. E.g. "sudo vi &". When the command is
foregrounded, it will now resume properly.
+ [c30ec73a5da8] <1.8>
+
+ * src/exec_pty.c:
+ Fix running commands that need the terminal in the background when
+ I/O logging is enabled. E.g. "sudo vi &". When the command is
+ foregrounded, it will now resume properly.
[0bc13a253429]
* plugins/sudoers/match.c:
@@ -20935,6 +22312,14 @@
2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_6p3 for changeset f25e20b889d7
+ [355e4b19c559] <1.8>
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6p3
+ [f25e20b889d7] [SUDO_1_8_6p3] <1.8>
+
* NEWS, configure, configure.in:
sudo 1.8.6p3
[97fef3d9ed65]
@@ -20944,6 +22329,11 @@
* doc/fixman.sh:
Don't use embedded newline when matching, use \n. This got expanded
at some point. Bug #573
+ [8acba0ac9d61] <1.8>
+
+ * doc/fixman.sh:
+ Don't use embedded newline when matching, use \n. This got expanded
+ at some point. Bug #573
[6652f834b8f5]
* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
@@ -20963,15 +22353,33 @@
* plugins/sudoers/sudoreplay.c:
Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
all file systems support d_type. Bug #572
+ [2bd868ea6b1a] <1.8>
+
+ * plugins/sudoers/sudoreplay.c:
+ Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
+ all file systems support d_type. Bug #572
[8b861c62945f]
* plugins/sudoers/sudoreplay.c:
Avoid calling fclose(NULL) in the error path when we cannot open an
I/O log file.
+ [609a690a0bed] <1.8>
+
+ * plugins/sudoers/sudoreplay.c:
+ Avoid calling fclose(NULL) in the error path when we cannot open an
+ I/O log file.
[9401d5c4bb05]
2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_6p2 for changeset 56852147a260
+ [bef325e8796b] <1.8>
+
+ * NEWS, configure, configure.in:
+ Sudo 1.8.6p2
+ [56852147a260] [SUDO_1_8_6p2] <1.8>
+
* NEWS, configure, configure.in:
Sudo 1.8.6p2
[6e32496280f2]
@@ -20980,6 +22388,12 @@
When setting the signal handler for SIGTSTP to the default value in
non-I/O log mode, store the old handler value for when we restore it
after resume.
+ [4ee18bf30a47] <1.8>
+
+ * src/exec.c:
+ When setting the signal handler for SIGTSTP to the default value in
+ non-I/O log mode, store the old handler value for when we restore it
+ after resume.
[242628694e42]
* plugins/sudoers/env.c:
@@ -21015,10 +22429,22 @@
2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_6p1 for changeset 98436a0a8cf1
+ [8a026a49b7bc] <1.8>
+
+ * NEWS:
+ Merge NEWS update for sudo 1.8.6p1
+ [98436a0a8cf1] [SUDO_1_8_6p1] <1.8>
+
* NEWS:
Mention support for SUCCESS=return in /etc/nsswitch.conf
[ef1f35aa0863]
+ * NEWS, configure, configure.in, plugins/sudoers/env.c:
+ Merge sudo 1.8.6p1 from trunk.
+ [2d59f6359ef1] <1.8>
+
* NEWS, configure, configure.in:
sudo 1.8.6p1
[73a5e1f004b3]
@@ -21057,6 +22483,26 @@
Kopecek
[5c480316e3ce]
+ * .hgtags:
+ Added tag SUDO_1_8_6 for changeset 15ed71afbd50
+ [4cb658a2ea83] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, common/Makefile.in, config.h.in,
+ configure, configure.in, doc/contributors.pod, doc/history.pod,
+ doc/license.pod, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.pl,
+ doc/sudo.pod, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
+ doc/sudoers.man.pl, doc/sudoers.pod, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.pod, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.pod, plugins/sample/sample_plugin.sym,
+ plugins/sample_group/sample_group.sym, plugins/sudoers/env.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.sym,
+ plugins/system_group/system_group.sym, src/Makefile.in,
+ src/exec_pty.c, src/load_plugins.c, src/po/sudo.pot:
+ Merge sudo 1.8.6 from trunk.
+ [15ed71afbd50] [SUDO_1_8_6] <1.8>
+
* MANIFEST:
Add sssd.c
[9cadd014ef97]
@@ -21312,6 +22758,24 @@
Update for sudo 1.8.5p3
[6e102a5d4e8d]
+ * .hgtags:
+ Added tag SUDO_1_8_5p3 for changeset 008a7807c354
+ [a3c594dbb588] <1.8>
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.5p3
+ [008a7807c354] [SUDO_1_8_5p3] <1.8>
+
+ * src/load_plugins.c:
+ Add missing check for I/O plugin API version when checking for the
+ presence of I/O plugin hooks.
+ [0e76dfb47d7c] <1.8>
+
+ * src/hooks.c:
+ Can't call debug code in the process_hooks_xxx functions() since
+ ctime() may look up the timezone via the TZ environment variable.
+ [2bc7c226fc6a] <1.8>
+
* src/load_plugins.c:
Add missing check for I/O plugin API version when checking for the
presence of I/O plugin hooks.
@@ -22134,6 +23598,14 @@
2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_5p2 for changeset 5ea444be3db2
+ [ce85f4da7443] <1.8>
+
+ * NEWS:
+ Update for sudo 1.8.5p2
+ [5ea444be3db2] [SUDO_1_8_5p2] <1.8>
+
* NEWS:
Update for sudo 1.8.5p2
[d369d4d40a19]
@@ -22148,6 +23620,11 @@
* src/env_hooks.c, src/sudo.h, src/tgetpass.c:
Provide unhooked version of getenv() and use it when looking up
DISPLAY and SUDO_ASKPASS in the environment.
+ [e803618ccf54] <1.8>
+
+ * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
+ Provide unhooked version of getenv() and use it when looking up
+ DISPLAY and SUDO_ASKPASS in the environment.
[04dbdccf4a14]
2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -22202,6 +23679,14 @@
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
+ [d367d7479328] <1.8>
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ If sudoers_mode is group-readable but the actual sudoers file is
+ not, open the file as uid 0, not uid 1. This fixes a problem when
+ sudoers has a more restrictive mode than what sudo expects to find.
+ In older versions, sudo would silently chmod the file to add the
+ group-readable bit.
[c056b6003e6f]
* INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
@@ -22227,12 +23712,24 @@
2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_5p1 for changeset f164691ff871
+ [1a55e9d482a5] <1.8>
+
+ * NEWS, configure, configure.in:
+ Update for 1.8.5p1
+ [f164691ff871] [SUDO_1_8_5p1] <1.8>
+
* NEWS, configure, configure.in:
Update for 1.8.5p1
[c33c49bf5b4b]
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Fix #includedir; from Mike Frysinger
+ [8a376d578bb5] <1.8>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix #includedir; from Mike Frysinger
[d4833d4e39a0]
* plugins/sudoers/check.c:
@@ -22245,6 +23742,27 @@
2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_5 for changeset 1bccb3781dfa
+ [abd23c25b793] <1.8>
+
+ * Makefile.in:
+ Create ChangeLog from default branch now that the 1.8 branch is only
+ used for building releases.
+ [1bccb3781dfa] [SUDO_1_8_5] <1.8>
+
+ * INSTALL, Makefile.in, NEWS, common/Makefile.in, compat/setenv.c,
+ compat/unsetenv.c, config.h.in, configure, configure.in,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in,
+ plugins/sudoers/env.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/exec_pty.c,
+ src/po/sudo.pot, src/ttysize.c:
+ Merge sudo 1.8.5 from trunk
+ [b935e0f0a49e] <1.8>
+
* INSTALL:
Fix capitalization
[7258aa977caf]
@@ -22253,8 +23771,16 @@
Build PIE executable on Mac OS X 10.5 and above.
[2a5c7ef92182]
+ * .hgtags:
+ Added tag SUDO_1_8_4p5 for changeset 70b2e996c2ce
+ [6c8ac406bd8c] <1.8>
+
2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS, configure, configure.in:
+ Update for sudo 1.8.4p5
+ [70b2e996c2ce] [SUDO_1_8_4p5] <1.8>
+
* NEWS:
Update for sudo 1.8.4p5
[21164f508b68]
@@ -22262,6 +23788,11 @@
* plugins/sudoers/match_addr.c:
Add missing break between AF_INET and AF_INET6 in
addr_matches_if_netmask()
+ [1d765ba5e7fa] <1.8>
+
+ * plugins/sudoers/match_addr.c:
+ Add missing break between AF_INET and AF_INET6 in
+ addr_matches_if_netmask()
[672a4793931a]
* plugins/sudoers/mon_systrace.c:
@@ -23099,6 +24630,10 @@
* sudo.pp:
Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
+ [908819c39844] <1.8>
+
+ * sudo.pp:
+ Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
[fd72340042d3]
* include/sudo_plugin.h:
@@ -23112,6 +24647,18 @@
2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_4p4 for changeset 11a942f61d47
+ [4a20e5e9af5d] <1.8>
+
+ * NEWS, configure, configure.in:
+ Update for sudo 1.8.4p4
+ [11a942f61d47] [SUDO_1_8_4p4] <1.8>
+
+ * plugins/sudoers/parse.c:
+ Fix bogus int -> bool conversion; tags can have a value of -1.
+ [85ec4ae84fcf] <1.8>
+
* plugins/sudoers/parse.c:
Fix bogus int -> bool conversion; tags can have a value of -1.
[e63d6434a303]
@@ -23125,8 +24672,25 @@
* sudo.pp:
Fix application of debian-specific sudoers mods when building
packages as non-root.
+ [e3e7f75d718c] <1.8>
+
+ * sudo.pp:
+ Fix application of debian-specific sudoers mods when building
+ packages as non-root.
[34bf4c52c425]
+ * .hgtags:
+ Added tag SUDO_1_8_4p3 for changeset 3093c8558862
+ [b82d3b208a4d] <1.8>
+
+ * NEWS, configure, configure.in:
+ Update for sudo 1.8.4p3
+ [3093c8558862] [SUDO_1_8_4p3] <1.8>
+
+ * plugins/sudoers/env.c:
+ matches_env_check() returns int, not boolean
+ [110f954181e1] <1.8>
+
* plugins/sudoers/env.c:
matches_env_check() returns int, not boolean
[0ad915b8d5cb]
@@ -23137,13 +24701,30 @@
* src/ttyname.c:
Simply move the free of ki_proc outside the realloc() loop.
+ [18209f1ff9f7] <1.8>
+
+ * src/ttyname.c:
+ Simply move the free of ki_proc outside the realloc() loop.
[217b786da760]
* src/ttyname.c:
Bring back the erealloc() for the ENOMEM loop and just zero the
pointer after we free it.
+ [83a1c1ec6b03] <1.8>
+
+ * src/ttyname.c:
+ Bring back the erealloc() for the ENOMEM loop and just zero the
+ pointer after we free it.
[29a016e45127]
+ * doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [04ea41a8657c] <1.8>
+
+ * src/ttyname.c:
+ Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
+ [cca8a33ed286] <1.8>
+
* src/ttyname.c:
Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
[266e08844065]
@@ -23174,6 +24755,10 @@
* src/exec_pty.c, src/ttyname.c:
Fix format string warning on Solaris with gcc 3.4.3.
+ [45322f41e677] <1.8>
+
+ * src/exec_pty.c, src/ttyname.c:
+ Fix format string warning on Solaris with gcc 3.4.3.
[d1eeb6e1dd0f]
* src/sudo.c:
@@ -23182,10 +24767,18 @@
* src/Makefile.in:
Honor LDFLAGS when linking sesh; from Vita Cizek
+ [349b3c929637] <1.8>
+
+ * src/Makefile.in:
+ Honor LDFLAGS when linking sesh; from Vita Cizek
[498b41438f6e]
* src/sesh.c:
Include alloc.h for estrdup() prototype; from Vita Cizek
+ [f5ed422a6553] <1.8>
+
+ * src/sesh.c:
+ Include alloc.h for estrdup() prototype; from Vita Cizek
[93203655a320]
2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -23197,6 +24790,10 @@
* INSTALL:
Fix editor goof.
+ [574f0b17a91f] <1.8>
+
+ * INSTALL:
+ Fix editor goof.
[0c3dd3bb8b57]
* src/hooks.c, src/sudo.c, src/sudo.h:
@@ -23271,6 +24868,10 @@
* configure, configure.in:
Add check for variadic macro support in cpp.
+ [1ce59ac2e4f9] <1.8>
+
+ * configure, configure.in:
+ Add check for variadic macro support in cpp.
[756854caf675]
2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -23290,11 +24891,23 @@
specified. Previously, the owner and mode were checked on the main
sudoers file when the -s (strict) option was given, but this was not
documented.
+ [dff2805fc49e] <1.8>
+
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
+ Check the owner and mode in -c (check) mode unless the -f option is
+ specified. Previously, the owner and mode were checked on the main
+ sudoers file when the -s (strict) option was given, but this was not
+ documented.
[b2d6ee1e547a]
* config.h.in, configure, configure.in, src/ttyname.c:
Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
+ [dceb6078cda5] <1.8>
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
+ of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
[159f6a50456a]
2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -23303,6 +24916,19 @@
Add Eric Lakin for patch in bug #538
[490c29c234c6]
+ * .hgtags:
+ Added tag SUDO_1_8_4p2 for changeset db564e1c02cf
+ [52638c160a4b] <1.8>
+
+ * NEWS, configure, configure.in:
+ bump version to 1.8.4p2
+ [db564e1c02cf] [SUDO_1_8_4p2] <1.8>
+
+ * src/exec_pty.c:
+ Fix typo in safe_close() made while converting to debug framework
+ that prevented it from actually closing anything.
+ [833a8ce346d2] <1.8>
+
* src/exec_pty.c:
Fix typo in safe_close() made while converting to debug framework
that prevented it from actually closing anything.
@@ -23317,6 +24943,13 @@
We need sysconfdir in compat/Makfile to get the proper sudo.conf
path. Add standard prefix and foodir expansion in all Makefiles to
avoid this problem in the future.
+ [ce1caa89c24d] <1.8>
+
+ * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
+ include/Makefile.in:
+ We need sysconfdir in compat/Makfile to get the proper sudo.conf
+ path. Add standard prefix and foodir expansion in all Makefiles to
+ avoid this problem in the future.
[62b6ce4ecae9]
2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -23335,14 +24968,28 @@
When adding gids to the LDAP filter, only add the primary gid once.
This is consistent with the space computation/allocation. From Eric
Lakin
+ [229db740f035] <1.8>
+
+ * plugins/sudoers/ldap.c:
+ When adding gids to the LDAP filter, only add the primary gid once.
+ This is consistent with the space computation/allocation. From Eric
+ Lakin
[35d9d99c92c6]
* doc/TROUBLESHOOTING:
Add entry for AIX enhanced RBAC config.
+ [24f1e176e398] <1.8>
+
+ * doc/TROUBLESHOOTING:
+ Add entry for AIX enhanced RBAC config.
[5e10b6f8def7]
* mkpkg:
Target Mac OS X 10.5 when building packages.
+ [7b296251013d] <1.8>
+
+ * mkpkg:
+ Target Mac OS X 10.5 when building packages.
[06fce9bbebee]
2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -23371,6 +25018,28 @@
old value of LD_PRELOAD (if any) to the new value.
[680266346917]
+ * .hgtags:
+ Added tag SUDO_1_8_4p1 for changeset aeb6b9701150
+ [26bc7af7c304] <1.8>
+
+ * NEWS:
+ List 1.8.4p1
+ [aeb6b9701150] [SUDO_1_8_4p1] <1.8>
+
+ * configure, configure.in:
+ bump version to 1.8.4p1
+ [2c7edc0bf0b7] <1.8>
+
+ * Fix the description of noexec.
+ [b5baebe2f820] <1.8>
+
+ * The "op" parameter to set_default() must be int, not bool since it
+ is set to '+' or '-' for list add and subtract.
+ [b6bf0980fb08] <1.8>
+
+ * Make sure sudoers is writable before calling ed script.
+ [97e0078b19ae] <1.8>
+
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
Fix the description of noexec.
[6a6d142f3c80]
@@ -23386,6 +25055,14 @@
2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_4 for changeset 7b0b7dfc84c7
+ [18d646360da5] <1.8>
+
+ * Update contributors. Now includes translators and authors of compat
+ code.
+ [7b0b7dfc84c7] [SUDO_1_8_4] <1.8>
+
* doc/CONTRIBUTORS, doc/contributors.pod:
Update contributors. Now includes translators and authors of compat
code.
@@ -23395,8 +25072,15 @@
* src/po/sudo.pot:
regen
+ [fda54a3b1cd1] <1.8>
+
+ * src/po/sudo.pot:
+ regen
[2c86e2c328fe]
+ * Build flat packages, not package bundles, on Mac OS X.
+ [2f6f0704a09e] <1.8>
+
* pp, sudo.pp:
Build flat packages, not package bundles, on Mac OS X.
[57bda3cd5520]
@@ -23407,6 +25091,9 @@
Move macos section to be with the other OS-specific sections.
[51423bb2973a]
+ * Sync with translationproject.org
+ [77a0b5480ae5] <1.8>
+
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
Sync with translationproject.org
@@ -23414,13 +25101,36 @@
* configure, configure.in:
Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
+ [6588fc4a55a1] <1.8>
+
+ * configure, configure.in:
+ Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
[fa979aa6fe7d]
* sudo.pp:
+ Move macos section to be with the other OS-specific sections.
+ [c3cc794fd586] <1.8>
+
+ * Add Mac OS X support, printing the latest chunk of the NEWS file and
+ the license text in the installer.
+ [905d8fab423f] <1.8>
+
+ * sudo.pp:
Add Mac OS X support, printing the latest chunk of the NEWS file and
the license text in the installer.
[ffeab72387c0]
+ * Add explicit file modes that match those used by "make install"
+ [7e1eb99baf92] <1.8>
+
+ * Sync with upstream for Mac OS X fixes.
+ [90cec33d1108] <1.8>
+
+ * Got back to using "install-sh -M" for files installed as non-
+ readable by owner. This fixes "make install" as non-root for package
+ building.
+ [9e1e87961712] <1.8>
+
* sudo.pp:
Add explicit file modes that match those used by "make install"
[7eb37242c920]
@@ -23437,6 +25147,15 @@
2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Sync with translationproject.org
+ [0c835326e22c] <1.8>
+
+ * Makefile.in:
+ Use -m not -M for install-sh for everything except setuid. Install
+ locale .mo files mode 0444, not 0644. If timedir parent doesn't
+ exist, use default dir mode, not 0700.
+ [451576bb0772] <1.8>
+
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
@@ -23455,14 +25174,26 @@
2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Re-sync with upstream; no longer need a local patch.
+ [342d3dceba65] <1.8>
+
* pp:
Re-sync with upstream; no longer need a local patch.
[97a2c7be5e59]
+ * Add support for building Mac OS X packages.
+ [e047b6fbba17] <1.8>
+
* mkpkg:
Add support for building Mac OS X packages.
[94d49ac223a4]
+ * Sync with upstream
+ [20cc2ff83ee3] <1.8>
+
+ * No longer need to define _PATH_SUDO_CONF here.
+ [7da6e017c6d0] <1.8>
+
* pp:
Sync with upstream
[1c97654fc841]
@@ -23471,16 +25202,32 @@
No longer need to define _PATH_SUDO_CONF here.
[2560905b7482]
+ * Fix noexec for Mac OS X.
+ [71b8ee9eea74] <1.8>
+
* src/exec_common.c:
Fix noexec for Mac OS X.
[b7a744bca2c0]
2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Move _PATH_SUDO_CONF override to common to match sudo_conf.c
+ [639fe46fc8c0] <1.8>
+
* common/Makefile.in:
Move _PATH_SUDO_CONF override to common to match sudo_debug.c
[f0788972a63a]
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ fix version in .pot files
+ [37dbb6f99fc9] <1.8>
+
+ * More complete fix for LDR_PRELOAD on AIX. The addition of
+ set_perm(PERM_ROOT) before calling the nss open functions (needed to
+ avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
+ and then real uid to 0 for PERM_ROOT works around the issue.
+ [5d52d2565dca] <1.8>
+
* plugins/sudoers/set_perms.c:
More complete fix for LDR_PRELOAD on AIX. The addition of
set_perm(PERM_ROOT) before calling the nss open functions (needed to
@@ -23490,8 +25237,30 @@
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
regen
+ [98e788019e50] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
[997fe403e219]
+ * Set real uid to root before calling sudo_edit() or run_command() so
+ that the monitor process is owned by root and not by the user.
+ Otherwise, on AIX at least, the monitor process shows up in ps as
+ belonging to the user (and can be killed by the user).
+ [de4d852fef96] <1.8>
+
+ * For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
+ the call to setuid(0) if the current euid is non-zero. This
+ effectively restores the state of things prior to rev 7bfeb629fccb.
+ Fixes a problem on AIX where LDR_PRELOAD was not being honored for
+ the command being executed.
+ [be1222842fc1] <1.8>
+
+ * configure, configure.in:
+ Make a copy of the struct passwd in exec_setup() to make sure
+ nothing in the policy init modifies it.
+ [5cbbbfffd1dc] <1.8>
+
* src/sudo.c:
Set real uid to root before calling sudo_edit() or run_command() so
that the monitor process is owned by root and not by the user.
@@ -23515,10 +25284,23 @@
2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, doc/sudoers.man.in:
+ regen
+ [b67fc8934d2e] <1.8>
+
+ * update copyright
+ [df51e0f417de] <1.8>
+
* doc/sudoers.pod:
update copyright
[f9d229d1f65e]
+ * g/c now-unused debug subsystems
+ [888961d378f3] <1.8>
+
+ * Enumerate the debug subsystems used by sudo and sudoers.
+ [5418d7dd8ef4] <1.8>
+
* common/sudo_debug.c, include/sudo_debug.h:
g/c now-unused debug subsystems
[8f21726e698f]
@@ -23529,6 +25311,12 @@
2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS, doc/sudo.cat, doc/sudo.man.in:
+ Normally, sudo disables core dumps while it is running. This
+ behavior can now be modified at run time with a line in sudo.conf
+ like "Set disable_coredumps false"
+ [ad21e940c5c2] <1.8>
+
* NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
include/sudo_conf.h, src/sudo.c:
Normally, sudo disables core dumps while it is running. This
@@ -23538,14 +25326,32 @@
* NEWS:
Mention Spanish translation
+ [bef71da9a4c2] <1.8>
+
+ * NEWS:
+ Mention Spanish translation
[600f3205bd6e]
+ * Make sure we don't try to fall back to using the conversation
+ function for debugging in the main sudo process if we are unable to
+ open the debug file.
+ [1f0e6451c85c] <1.8>
+
* common/sudo_debug.c:
Make sure we don't try to fall back to using the conversation
function for debugging in the main sudo process if we are unable to
open the debug file.
[ffa329aa908c]
+ * Add sudo Spanish translation from translationproject.org
+ [2f71e4ecc6f9] <1.8>
+
+ * Better debug subsystem usage
+ [b313903c1fe4] <1.8>
+
+ * Remove duplicate function prototypes
+ [60860ae4d303] <1.8>
+
* MANIFEST, src/po/es.mo, src/po/es.po:
Add sudo Spanish translation from translationproject.org
[c1906654e740]
@@ -23566,10 +25372,20 @@
Error out if user specified --with-pam but we can't find the headers
or library. Also throw an error if the headers are present but the
library is not and vice versa.
+ [445de14974ff] <1.8>
+
+ * configure, configure.in:
+ Error out if user specified --with-pam but we can't find the headers
+ or library. Also throw an error if the headers are present but the
+ library is not and vice versa.
[d6bf3e3d0aae]
2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix the sudoers permission check when the expected sudoers mode is
+ owner-writable.
+ [ee1104bb2142] <1.8>
+
* plugins/sudoers/sudoers.c:
Fix the sudoers permission check when the expected sudoers mode is
owner-writable.
@@ -23580,8 +25396,17 @@
* configure, configure.in:
Verify that we can link executables built with -D_FORTIFY_SOURCE
before using it.
+ [4dee7e2b5795] <1.8>
+
+ * configure, configure.in:
+ Verify that we can link executables built with -D_FORTIFY_SOURCE
+ before using it.
[7578215d1a95]
+ * Fix potential off-by-one when making a copy of the environment for
+ LD_PRELOAD insertion. Fixes bug #534
+ [3ddcf9a4de63] <1.8>
+
* src/exec_common.c:
Fix potential off-by-one when making a copy of the environment for
LD_PRELOAD insertion. Fixes bug #534
@@ -23590,6 +25415,15 @@
* configure, configure.in:
Add rudimentary check for _FORTIFY_SOURCE support by checking for
__sprintf_chk, one of the functions used by gcc to support it.
+ [029db376a497] <1.8>
+
+ * configure, configure.in:
+ Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
+ [201d1f3b4aa2] <1.8>
+
+ * configure, configure.in:
+ Add rudimentary check for _FORTIFY_SOURCE support by checking for
+ __sprintf_chk, one of the functions used by gcc to support it.
[a992673d2ef8]
* compat/stdbool.h, config.h.in, configure, configure.in:
@@ -23600,10 +25434,24 @@
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
regen
+ [3c0ebf67b333] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
[1e0b38397705]
2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * The change in 4fe0f357d34b that caused to exit when the monitor dies
+ created a race condition between the monitor exiting and the status
+ being read. All we really want to do is make sure that select()
+ notifies us that there is a status change when the monitor dies
+ unexpectedly so shutdown the socketpair connected to the monitor for
+ writing when it dies. That way we can still read the status that is
+ pending on the socket and select() on Linux will tell us that the fd
+ is ready.
+ [16c1a3da35c6] <1.8>
+
* src/exec.c, src/sudo.c:
The change in 818e82ecbbfc that caused to exit when the monitor dies
created a race condition between the monitor exiting and the status
@@ -23615,6 +25463,12 @@
is ready.
[7fb5b30ea48d]
+ * Refactor disable_execute() and my_execve() into exec_common.c for
+ use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
+ disabling exec in exec_setup(), disable it immediately before
+ executing the command. Adapted from a diff by Arno Schuring.
+ [d266fdb5d00e] <1.8>
+
* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
src/sudo_exec.h:
@@ -23626,6 +25480,12 @@
2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Add custom version of AC_CHECK_LIB that uses the extra libs in the
+ cache value name. With this we no longer need to rely on a modified
+ version of autoconf.
+ [f5293f1a5968] <1.8>
+
* aclocal.m4, configure, configure.in:
Add custom version of AC_CHECK_LIB that uses the extra libs in the
cache value name. With this we no longer need to rely on a modified
@@ -23636,8 +25496,20 @@
* configure, configure.in:
Better handling of network functions that need -lsocket -lnsl
+ [91dcddb6ec61] <1.8>
+
+ * configure, configure.in:
+ Better handling of network functions that need -lsocket -lnsl
[cc386342ec2b]
+ * When setting up the execution environment, set groups before
+ gid/egid like sudo 1.7 did.
+ [97a921461313] <1.8>
+
+ * configure, configure.in:
+ Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
+ [c1c174183607] <1.8>
+
* src/sudo.c:
When setting up the execution environment, set groups before
gid/egid like sudo 1.7 did.
@@ -23647,6 +25519,14 @@
Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
[84b23cdf138f]
+ * For "sudo -g" prepend the specified group ID to the beginning of the
+ groups list. This matches BSD convention where the effective gid is
+ the first entry in the group list. This is required on newer FreeBSD
+ where the effective gid is not tracked separately and thus
+ setgroups() changes the egid if this convention is not followed.
+ Fixes bug #532
+ [5050708c2579] <1.8>
+
* plugins/sudoers/sudoers.c:
For "sudo -g" prepend the specified group ID to the beginning of the
groups list. This matches BSD convention where the effective gid is
@@ -23660,8 +25540,29 @@
* configure, configure.in:
Fix sh warning; use "test" instead of "["
+ [417fbc1dc5e8] <1.8>
+
+ * configure, configure.in:
+ Fix sh warning; use "test" instead of "["
[c6ee3407f65e]
+ * When not logging I/O, use a signal handler that only forwards
+ SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
+ Fixes a race in the non-I/O logging path where the command may
+ receive two keyboard-generated signals; one from the kernel and one
+ from the sudo process.
+ [24137cae39af] <1.8>
+
+ * Back out change that put the command in its own pgrp when not
+ logging I/O. It causes problems with pipelines.
+ [9c906f88e28c] <1.8>
+
+ * configure, configure.in:
+ Only run compat regress tests on compat objects we actually build.
+ Fixes "make check" in the compat dir for systems that don't
+ implement character classes in fnmatch() or glob(). Bug #531
+ [c052875fa32e] <1.8>
+
* src/exec.c:
When not logging I/O, use a signal handler that only forwards
SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
@@ -23685,18 +25586,35 @@
2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Update po files from translationproject.org
+ [8e54824c7b71] <1.8>
+
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
Update po files from translationproject.org
[5ea066af1356]
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Include parent directories in case they don't already exist. This
+ fixes a directory permissions problem with the AIX package when the
+ /usr/local directories don't already exist.
+ [83df6fcba859] <1.8>
+
* sudo.pp:
Include parent directories in case they don't already exist. This
fixes a directory permissions problem with the AIX package when the
/usr/local directories don't already exist.
[a14f783dc827]
+ * sync with git version
+ [0964a02ba83e] <1.8>
+
+ * regen dependencies
+ [342e3719dc9e] <1.8>
+
+ * Move tty name lookup code to its own file.
+ [9679de390de0] <1.8>
+
* pp:
sync with git version
[2f79d0543661]
@@ -23713,6 +25631,19 @@
* NEWS:
Update with latest sudo 1.8.4 changes.
+ [ef4e0a762766] <1.8>
+
+ * configure, configure.in:
+ Remove obsolete template for HAVE_TIMESPEC
+ [54a81b130d7e] <1.8>
+
+ * Add a check for devname() returning a fully-qualified pathname. None
+ of the devname() implementations do this today but you never know
+ when this might change.
+ [634654d38143] <1.8>
+
+ * NEWS:
+ Update with latest sudo 1.8.4 changes.
[a4ffe4f42528]
* config.h.in, configure, configure.in:
@@ -23727,11 +25658,24 @@
2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * For "visudo -c" also list include files that were checked when
+ everything is OK.
+ [aa3be04c5d12] <1.8>
+
* plugins/sudoers/visudo.c:
For "visudo -c" also list include files that were checked when
everything is OK.
[ad6f85b35c9c]
+ * The device name returned by devname() does not include the /dev/
+ prefix so we need to add it ourselves. Also add debug warning if
+ KERN_PROC sysctl fails or devname() can't resolve the tty device to
+ a name.
+ [5e90760f6c24] <1.8>
+
+ * The result of writev() is never checked so just cast to NULL.
+ [4a6820c77d7c] <1.8>
+
* src/sudo.c:
The device name returned by devname() does not include the /dev/
prefix so we need to add it ourselves.
@@ -23746,6 +25690,10 @@
The result of writev() is never checked so just cast to NULL.
[4be4e9b58d5b]
+ * Update Esperanto, Finnish, Polish and Ukrainian translations from
+ translationproject.org.
+ [3796fba03ff1] <1.8>
+
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
@@ -23756,6 +25704,10 @@
2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Add support for determining tty via sysctl on other BSD variants.
+ [6e4b1ce7f45a] <1.8>
+
* config.h.in, configure, configure.in, src/sudo.c:
Add support for determining tty via sysctl on other BSD variants.
[fd15f63f719a]
@@ -23763,6 +25715,15 @@
* configure, configure.in:
Only check for struct kinfo_proc.ki_tdev on systems that support
sysctl.
+ [33c700b439ff] <1.8>
+
+ * For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
+ ttyname() of std{in,out,err}.
+ [30789189030b] <1.8>
+
+ * configure, configure.in:
+ Only check for struct kinfo_proc.ki_tdev on systems that support
+ sysctl.
[109b3f07a39d]
* src/sudo.c:
@@ -23772,6 +25733,16 @@
2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ On newer FreeBSD we can get the parent's tty name via sysctl().
+ [d9449833859b] <1.8>
+
+ * Include locale.h
+ [98114209d1b5] <1.8>
+
+ * Silence a gcc warning.
+ [113934aaafa8] <1.8>
+
* config.h.in, configure, configure.in, src/sudo.c:
On newer FreeBSD we can get the parent's tty name via sysctl().
[3207290501ee]
@@ -23784,10 +25755,27 @@
Silence a gcc warning.
[8c6d0e3cd534]
+ * Need to include gettext.h and sudo_debug.h; from John Hein
+ [3ec4bf7fcacf] <1.8>
+
* plugins/sudoers/bsm_audit.c:
Need to include gettext.h and sudo_debug.h; from John Hein
[447912aa7300]
+ * Initialize the debug framework from the I/O plugin too.
+ [ff525b1d9c4b] <1.8>
+
+ * Enable debugging via sudo.conf.
+ [2970ab524d25] <1.8>
+
+ * Use SUDO_DEBUG_ALIAS for alias checking functions.
+ [854fd74fe685] <1.8>
+
+ * configure, configure.in:
+ More complete test for getaddrinfo() that doesn't rely on the
+ network libraries already being added to LIBS.
+ [543af760a5d3] <1.8>
+
* plugins/sudoers/iolog.c:
Initialize the debug framework from the I/O plugin too.
[ce1bf44d96d2]
@@ -23811,22 +25799,54 @@
2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add debug support.
+ [3b6aff4ee2bd] <1.8>
+
* common/aix.c:
Add debug support.
[def1bdf24485]
* configure, configure.in:
Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
+ [f5b3fba6c83a] <1.8>
+
+ * Include errno.h and missing.h
+ [8a05166bb4d0] <1.8>
+
+ * configure, configure.in:
+ Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
[a2ea1c2eac61]
* compat/getaddrinfo.c:
Include errno.h and missing.h
[7d15e17cc2f2]
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [f45ed34d9a97] <1.8>
+
+ * ignore doc/varsub
+ [51d0dfb2e274] <1.8>
+
* .hgignore:
ignore doc/varsub
[417f9fc3231b]
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [9ba13496954e] <1.8>
+
+ * configure.in:
+ Update copyright year.
+ [5219ae27b734] <1.8>
+
+ * NEWS:
+ Update for sudo 1.8.4
+ [75a6711efa76] <1.8>
+
* configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
plugins/sudoers/gram.y, plugins/sudoers/match.c,
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
@@ -23840,8 +25860,44 @@
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
regen pot files
+ [c8183dc16517] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
[c509cb45b66a]
+ * Enable debugging via sudo.conf.
+ [63bee1548d5b] <1.8>
+
+ * Allow "visudo -c" to work when we only have read-only access to the
+ sudoers include files.
+ [c8a5e1f16e60] <1.8>
+
+ * Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
+ HISTORY section in sudo that points to HISTORY file.
+ [8d845530d44f] <1.8>
+
+ * Document Debug setting in sudo.conf and debug_flags in plugin.
+ [da43e61209c0] <1.8>
+
+ * Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
+ bug where a pattern like "/usr/*" include /usr/bin/ in the results,
+ which would be incorrectly be interpreted as if the sudoers file had
+ specified a directory. From Vitezslav Cizek.
+ [5c71c962d1ad] <1.8>
+
+ * INSTALL, configure, configure.in:
+ Add --enable-kerb5-instance configure option to allow people using
+ Kerberos V authentication to use a custom instance. Adapted from a
+ diff by Michael E Burr.
+ [f432314f0a33] <1.8>
+
+ * Remove -D debug_level option.
+ [2754a61efbbe] <1.8>
+
+ * Update copyright year.
+ [3bd531625eeb] <1.8>
+
* plugins/sudoers/sudoreplay.c:
Enable debugging via sudo.conf.
[5087aaee8484]
@@ -23890,6 +25946,16 @@
2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+ * parse_error is now bool, not int
+ [0cbd5c12b3eb] <1.8>
+
+ * Print a more sensible error if yyparse() returns non-zero but
+ yyerror() was not called.
+ [325a9871ff32] <1.8>
+
+ * Replace y.tab.c with the correct filename in #line directives.
+ [3073f5823a41] <1.8>
+
* plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
plugins/sudoers/visudo.c:
parse_error is now bool, not int
@@ -23906,6 +25972,371 @@
Replace y.tab.c with the correct filename in #line directives.
[3c84fcb7e959]
+ * configure, configure.in:
+ Bump version to 1.8.4
+ [4fe77346a1d1] <1.8>
+
+ * When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
+ if the main process's fds 0-2 are not hooked up to a tty. Adapted
+ from a diff by Zdenek Behan.
+ [40863388db30] <1.8>
+
+ * When not logging I/O, put command in its own pgrp and make that the
+ controlling pgrp if the command is in the foreground. Fixes a race
+ in the non-I/O logging path where the command may receive two
+ keyboard-generated signals; one from the kernel and one from the
+ sudo process.
+ [9f6ed53a62d6] <1.8>
+
+ * Quiet a bogus gcc warning.
+ [423322e16e27] <1.8>
+
+ * Fix warnings related to sudo.conf accessors.
+ [67b769099eec] <1.8>
+
+ * Separate sudo.conf parsing from plugin loading and move the parse
+ functions into the common lib so that visudo, etc. can use them.
+ [916162ff2443] <1.8>
+
+ * Remove support for noexec_file in sudoers and the plugin API
+ [e8a6743911be] <1.8>
+
+ * Don't dump interfaces if there are none.
+ [5a0326c36a1b] <1.8>
+
+ * Add missing %s printf escape to the group_plugin, iolog_dir and
+ iolog_file descriptions.
+ [05e3018e336c] <1.8>
+
+ * Fix typo in visiblepw description; from Joel Pickett
+ [f3a99aaf938f] <1.8>
+
+ * configure, configure.in, plugins/sudoers/login_class.c:
+ When running a login shell with a login_class specified, use
+ LOGIN_SETENV instead of rolling our own login.conf setenv support
+ since FreeBSD's login.conf has more than just setenv capabilities.
+ This requires us to swap the plugin-provided envp for the global
+ environ before calling setusercontext() and then stash the resulting
+ environ pointer back into the command details, which is kind of a
+ hack.
+ [99c71b6f629a] <1.8>
+
+ * If srcdir is "." just use the basename of the yacc/lex file when
+ generating the C version. This matches the generated files currently
+ in the repo.
+ [abcc3703d2e4] <1.8>
+
+ * Clean up the DEVEL noise
+ [b22a09c484cf] <1.8>
+
+ * Handle different Unix domain socket (actually socketpair) semantics
+ in BSD vs. Linux. In BSD if one end of the socketpair goes away
+ select() returns the fd as readable and the read will fail with
+ ECONNRESET. This doesn't appear to happen on Linux so if we notice
+ that the monitor process has died when I/O logging is enabled,
+ behave like the command has exited. This means we log the wait
+ status of the monitor, not the command, but there is nothing else we
+ can do at that point. This should only be an issue if SIGKILL is
+ sent to the monitor process.
+ [4fe0f357d34b] <1.8>
+
+ * Catch common signals in the monitor process so they get passed to
+ the command. Fixes a problem when the entire login session is killed
+ when ssh is disconnected or the terminal window is closed.
+ Previously, the monitor would exit and plugin's close method would
+ not be called.
+ [e41b2d9fc2c2] <1.8>
+
+ * INSTALL, configure, configure.in:
+ Mention how to configure pam_hpsec on HP-UX to play nicely with
+ sudo.
+ [ee4c73cce11d] <1.8>
+
+ * Escape values in the search expression as per RFC 4515.
+ [a249b85caccc] <1.8>
+
+ * No need for install target to depend explicitly on install-dirs, the
+ install-foo targets all depend on it.
+ [5f40ec883621] <1.8>
+
+ * ignore src/sesh
+ [0227b029ee08] <1.8>
+
+ * configure, configure.in:
+ Add support for setenv entries in login.conf. We can't use
+ LOGIN_SETENV since the plugin sets up the envp the command is
+ executed with. Also regen the Makefile.in files while here. Fixes
+ bug #527
+ [67d30f44bf45] <1.8>
+
+ * configure, configure.in:
+ Add getaddrinfo() for those without it, written by Russ Allbery
+ [57dd9b565bb6] <1.8>
+
+ * Restore PACKAGE_TARNAME, it is used in docdir
+ [cf27a773d65e] <1.8>
+
+ * SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
+ the MANIFEST
+ [4fa4f6cef15e] <1.8>
+
+ * Remove duplicate return statements.
+ [f0f9000461c1] <1.8>
+
+ * emove inaccurate comment
+ [e3bf2cef6256] <1.8>
+
+ * Fetch the login class for the user we authenticate specifically when
+ using BSD authentication. That user may have a different login class
+ than what we will use to run the command. When setting the login
+ class for the command, use the target user's struct passwd, not the
+ invoking user's. Fixes bug 526
+ [e3094ce63bd7] <1.8>
+
+ * configure, configure.in:
+ Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
+ [453f562645a2] <1.8>
+
+ * Fix "make check" fallout from the sudo_conv changes in sudo_debug.
+ [1e2f0d298b06] <1.8>
+
+ * configure, configure.in:
+ Use stdbool.h instead of rolling our own TRUE/FALSE macros.
+ [2a5841db0c50] <1.8>
+
+ * configure, configure.in:
+ Add stdbool.h for systems without it.
+ [8ac0317f2ba0] <1.8>
+
+ * configure, configure.in:
+ No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
+ includes have unistd.h in them. Add check for socklen_t for upcoming
+ getaddrinfo compat.
+ [7c0ed30c075d] <1.8>
+
+ * configure, configure.in:
+ Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
+ HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
+ [57a6a5bf69a2] <1.8>
+
+ * No longer need to include time.h here as missing.h does not use
+ time_t.
+ [029653d78ba2] <1.8>
+
+ * Fix mode on sudoers as needed when the -f option is not specified.
+ [c4aba4a1b23b] <1.8>
+
+ * Add Serbian translation for sudo from translationproject.org
+ [47a04d718e36] <1.8>
+
+ * No longer pass debug_file to plugin, plugins must now use
+ CONV_DEBUG_MSG
+ [c7ceddf724bf] <1.8>
+
+ * Build PIE executables for newer Debian and Ubuntu
+ [2e9162e59c2c] <1.8>
+
+ * Include time.h for ctime() prototype.
+ [5f27df493b93] <1.8>
+
+ * Do not close error pipe or debug fd via closefrom() as we need them
+ to report an exec error should one occur.
+ [9638f4e7fd14] <1.8>
+
+ * Document that a sudoUser may now be a group ID.
+ [42d725aa8b6d] <1.8>
+
+ * Add support for permitting access by group ID in addition to group
+ name.
+ [3506e5c7e41c] <1.8>
+
+ * Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
+ [4c973a863d0d] <1.8>
+
+ * Replace UCB fnmatch.c with a non-recursive version written by
+ William A. Rowe Jr.
+ [76666139f49d] <1.8>
+
+ * Fix typo, return_debug vs. debug_return
+ [810d9b2d2f9a] <1.8>
+
+ * Update Japanese sudoers translation from translationproject.org
+ [b051e2bc692e] <1.8>
+
+ * Make the env_reset descriptions consistent.
+ [3cf883ec8b33] <1.8>
+
+ * configure, configure.in:
+ Do multiple expansion when expanding paths to the noexec file, sesh
+ and the plugin directory. Adapted from a diff by Mike Frysinger
+ [68cdecdd8457] <1.8>
+
+ * regen
+ [ca37d8cb647b] <1.8>
+
+ * Add ignore file; from Mike Frysinger
+ [0bd0f92a2d40] <1.8>
+
+ * no longer save old Makefile.in to .old
+ [7dcf2a857c6b] <1.8>
+
+ * regen
+ [a029a2ad7256] <1.8>
+
+ * configure:
+ Update to libtool 2.4.2
+ [6590ddb6a23f] <1.8>
+
+ * Bump grammar version for #include and #includedir relative path
+ support.
+ [138a446a638e] <1.8>
+
+ * Add support for relative paths in #include and #includedir
+ [8bf56e39e1ad] <1.8>
+
+ * Fix install-plugin when shared objects are unsupported or disabled.
+ [952cf7867482] <1.8>
+
+ * Don't write to sbp if it is NULL
+ [0cc959722ab8] <1.8>
+
+ * Makefile.in:
+ If LINGUAS is set, only install matching .mo files
+ [5d83050eec1f] <1.8>
+
+ * Fix non-dynamic (no dlopen) sudo build.
+ [fd688ac640a0] <1.8>
+
+ * configure, configure.in:
+ Don't error out if the user specified --disable-shared
+ [4f811a8ee9e8] <1.8>
+
+ * Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
+ the debug file.
+ [bc6124038170] <1.8>
+
+ * Make sudo_goodpath() return value bolean
+ [25bf43cdf7f0] <1.8>
+
+ * INSTALL, configure, configure.in, plugins/sudoers/auth/securid.c:
+ Remove obsolete securid auth method.
+ [a8a092f8bd83] <1.8>
+
+ * Prefix authentication functions with a "sudo_" prefix to avoid
+ namespace problems.
+ [049ea2995793] <1.8>
+
+ * INSTALL, configure, configure.in, plugins/sudoers/auth/kerb4.c:
+ Remove the old Kerberos IV support
+ [c59b0b39af66] <1.8>
+
+ * Don't print garbage at the end of the custom lecture.
+ [4f1fd9a1241a] <1.8>
+
+ * Add lexer tracing as debug@parser
+ [ebf43f87296a] <1.8>
+
+ * Add devdir before srcdir in include path and fix up dependecies
+ accordingly and add better devdir support to mkdep.pl. We also need
+ to #include <gram.h> not "gram.h" and <def_data.h> and not
+ "def_data.h" when generating the parser in a build dir.
+ [daeafaec094b] <1.8>
+
+ * Mark libexec files as optional. If we build without shared object
+ support, libexec is not used.
+ [194434733454] <1.8>
+
+ * Change Debug sudo.conf setting to take a program name as the first
+ argument. In the future, this will allow visudo and sudoreplay to
+ use their own Debug entries.
+ [92abedbd38c6] <1.8>
+
+ * fix sudo_debug_printf priority
+ [0815bedee086] <1.8>
+
+ * add missing debug_return_int
+ [37840a0d8fe4] <1.8>
+
+ * Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
+ [82f7deaff7ba] <1.8>
+
+ * Add missing word in HOME security note.
+ [87bd6a891eac] <1.8>
+
+ * Prevent "testsudoers -d username" from trying to malloc(0).
+ [d7acceacf6e8] <1.8>
+
+ * Tests for empty sudoers (should parse OK) and syntax errors within a
+ line (should report correct line number) both with and without the
+ trailing newline.
+ [cf44b45af86d] <1.8>
+
+ * Print line number when there is a parser error.
+ [34380cefcfdf] <1.8>
+
+ * Keep track of the last token returned. On error, if the last token
+ was COMMENT, decrement sudolineno since the error most likely
+ occurred on the preceding line. Previously we always uses
+ sudolineno-1 which will give the wrong line number for errors within
+ a line.
+ [02ce7cc40f4d] <1.8>
+
+ * NEWS:
+ update with sudo 1.8.3p1 info
+ [5f4cd440bf00] <1.8>
+
+ * Fix crash when "sudo -g group -i" is run. Fixes bug 521
+ [83ee9a90b107] <1.8>
+
+ * Make alias_remove_recursive() return TRUE/FALSE as its callers
+ expect and remove two unused arguments. Fixes bug 519.
+ [ec2cfa235c65] <1.8>
+
+ * Add regress test for bugzilla 519
+ [237b3698c8ae] <1.8>
+
+ * Disable warning/error wrapping in regress tests.
+ [630ac985bcfc] <1.8>
+
+ * Makefile.in:
+ Do compile-po as part of sync-po so that the .mo files get rebuild
+ automatically when we sync with translationproject.org
+ [f09f15a5c40e] <1.8>
+
+ * check_addr needs to link with the network libraries on Solaris
+ [04465307990f] <1.8>
+
+ * When matching a RunasAlias for a runas group, pass the alias in as
+ the group_list, not the user_list. From Daniel Kopecek.
+ [9c8f4b57b7cb] <1.8>
+
+ * We need to init the auth system regardless of whether we need a
+ password since we will be closing the PAM session in the monitor
+ process. Fixes a crash in the monitor on Solaris; bugzilla #518
+ [7e312caf74eb] <1.8>
+
+ * Get rid of done: label. If the child exits we still need to close
+ the pty, update utmp and restore the SELinux tty context.
+ [cda935f856e8] <1.8>
+
+ * Add debug_decl/debug_return (almost) everywhere. Remove old
+ sudo_debug() and convert users to sudo_debug_printf().
+ [a97d9dc61e3f] <1.8>
+
+ * Wrap error/errorx and warning/warningx functions with debug
+ statements. Disable wrapping for standalone sudoers programs as well
+ as memory allocation functions (to avoid infinite recursion).
+ [e942083dab8e] <1.8>
+
+ * README, configure, configure.in:
+ Add checks for __func__ and __FUNCTION__ and mention that we now
+ require a cpp that supports variadic macros.
+ [961dfb044b4e] <1.8>
+
+ * New debug framework for sudo and plugins using /etc/sudo.conf that
+ also supports function call tracing.
+ [94d9aa72df19] <1.8>
+
2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
* src/sudo.c:
@@ -24543,6 +26974,13 @@
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+ * .hgtags:
+ Added tag SUDO_1_8_3 for changeset 82bec4d3a203
+ [6c953ef6f577] <1.8>
+
+ * Update Japanese sudoers translation from translationproject.org
+ [82bec4d3a203] [SUDO_1_8_3] <1.8>
+
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
Update Japanese sudoers translation from translationproject.org
[c24725775e32]
@@ -24553,18 +26991,39 @@
Override and ignore the --disable-static option. Sudo already runs
libtool with -tag=disable-static where applicable and we need non-
PIC objects to build the executables.
+ [dff177464029] <1.8>
+
+ * configure, configure.in:
+ Override and ignore the --disable-static option. Sudo already runs
+ libtool with -tag=disable-static where applicable and we need non-
+ PIC objects to build the executables.
[aff1227b853a]
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
Add sudoedit fix
+ [3238dc7e4fb2] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen pot files
+ [7981d6cbf1ab] <1.8>
+
+ * NEWS:
+ Add sudoedit fix
[74655c7ccad1]
* plugins/sudoers/po/sudoers.pot:
regen pot files
[28d89a831ed3]
+ * Ignore set_logname (which is now the default) for sudoedit since we
+ want the LOGNAME, USER and USERNAME environment variables to refer
+ to the calling user since that is who the editor runs as. This
+ allows the editor to find the user's startup files. Fixes bugzilla
+ #515
+ [3b9486e5fddb] <1.8>
+
* plugins/sudoers/env.c:
Ignore set_logname (which is now the default) for sudoedit since we
want the LOGNAME, USER and USERNAME environment variables to refer
@@ -24573,6 +27032,17 @@
#515
[6c5dddf5ff05]
+ * Instead of trying to grow the buffer in make_grlist_item(), simply
+ increase the total length, free the old buffer and allocate a new
+ one. This is less error prone and saves us from having to adjust all
+ the pointers in the buffer. This code path is only taken when there
+ are groups longer than the length of the user field in struct utmp
+ or utmpx, which should be quite rare.
+ [cb7c5ac834b5] <1.8>
+
+ * Add Italian translation for sudo from translationproject.org
+ [c7876fccbc38] <1.8>
+
* plugins/sudoers/pwutil.c:
Instead of trying to grow the buffer in make_grlist_item(), simply
increase the total length, free the old buffer and allocate a new
@@ -24586,6 +27056,11 @@
Add Italian translation for sudo from translationproject.org
[1b3dd886e7e3]
+ * NEWS:
+ Japanese translation for sudo and sudoers from
+ translationproject.org
+ [9945a3ef7ff7] <1.8>
+
* MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
src/po/ja.mo, src/po/ja.po:
Japanese translation for sudo and sudoers from
@@ -24594,6 +27069,9 @@
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * sudoreplay depends on timestr.lo too; from Mike Frysinger
+ [ad9ae493205f] <1.8>
+
* plugins/sudoers/Makefile.in:
sudoreplay depends on timestr.lo too; from Mike Frysinger
[b9e73214b2f1]
@@ -24602,12 +27080,30 @@
* plugins/sudoers/po/sudoers.pot:
Regen sudoers pot file.
+ [2c4d99361994] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Regen sudoers pot file.
[019588bafdb3]
* NEWS:
Update with latest sudo 1.8.3 news
+ [4e7f59d339d4] <1.8>
+
+ * NEWS:
+ Update with latest sudo 1.8.3 news
[6868042a88e9]
+ * ldap_start_tls_s() on Debian (at least) sets the effective and saved
+ uids to the same value as the real uid. This prevents sudo from
+ setting the uid or gid later on. As a workaround, we now set perms
+ to root during sudoers_policy_open().
+ [eb4c4f15833a] <1.8>
+
+ * Better warning message on setuid() failure for the setreuid()
+ version of set_perms().
+ [308c72f601e4] <1.8>
+
* plugins/sudoers/sudoers.c:
It appears that LDAP or NSS may modify the euid so we need to be
root for the open(). We restore the old perms at the end of
@@ -24619,8 +27115,29 @@
version of set_perms().
[07abcfe7bd9a]
+2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Combine new translations in NEWS item
+ [0aa07471a5e6] <1.8>
+
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Delref auth_pw at the end of check_user() instead of getting a ref
+ twice.
+ [1c882f2fb46c] <1.8>
+
+ * Make sudo_auth_{init,cleanup} return TRUE on success and check for
+ sudo_auth_init() return value in check_user().
+ [573bf35ecac9] <1.8>
+
+ * Do not return without restoring permissions.
+ [2444a0b96469] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [d286bce8dbb1] <1.8>
+
* plugins/sudoers/check.c:
Delref auth_pw at the end of check_user() instead of getting a ref
twice.
@@ -24635,10 +27152,39 @@
Do not return without restoring permissions.
[59ef40b6696a]
+ * NEWS:
+ Update for latest release candidate
+ [63d184ba6263] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [ac3ec1315df7] <1.8>
+
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
regen pot files
[9f320a340b7c]
+ * Modify the authentication API such that the init and cleanup
+ functions are always called, regardless of whether or not we are
+ going to verify a password. This is needed for proper PAM session
+ support.
+ [ea281ca46d94] <1.8>
+
+ * Add missing dependency for getspwgen other depends.
+ [9c124272910d] <1.8>
+
+ * Fix a PAM_USER mismatch in session open/close. We update PAM_USER to
+ the target user immediately before setting resource limits, which is
+ after the monitor process has forked (so it has the old value).
+ Also, if the user did not authenticate, there is no pamh in the
+ monitor so we need to init pam here too. This means we end up
+ calling pam_start() twice, which should be fixed, but at least the
+ session is always properly closed now.
+ [d0866ee5f190] <1.8>
+
+ * Add check for old being NULL in utmp_setid(); from Steven McDonald
+ [30cc283ac2b4] <1.8>
+
* plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
@@ -24674,6 +27220,10 @@
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * If the invoking user cannot be resolved by uid fake the struct
+ passwd and store it in the cache so we can delref it on exit.
+ [19d44f44d45d] <1.8>
+
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
plugins/sudoers/sudoers.h:
If the invoking user cannot be resolved by uid fake the struct
@@ -24682,12 +27232,20 @@
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Don't error out if the group plugin cannot be loaded, just warn.
+ [e91d9912c9a0] <1.8>
+
* plugins/sudoers/sudoers.c:
Don't error out if the group plugin cannot be loaded, just warn.
[0fbfcd381e33]
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Quiet a false positive found by several static analysis tools. These
+ tools don't know that log_error() does not return (it longjmps to
+ error_jmp which returns to the sudo front-end).
+ [3cc319e31ed6] <1.8>
+
* plugins/sudoers/sudoers.c:
Quiet a false positive found by several static analysis tools. These
tools don't know that log_error() does not return (it longjmps to
@@ -24696,6 +27254,10 @@
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add Italian translation for sudo from translationproject.org Regen
+ .mo files
+ [c0b27f9d7e57] <1.8>
+
* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
@@ -24703,8 +27265,30 @@
.mo files
[c3c888a82be6]
+ * .hgtags:
+ Added tag SUDO_1_8_2 for changeset 3682e51af1d0
+ [f0be566e9ea2] <1.8>
+
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Update to current reality and add bit about ssh auth
+ [48dcb86ce9be] <1.8>
+
+ * Make "verbose" static; fixes a namespace clash with
+ pam_ssh_agent_auth (and it doesn't need to be extern these days).
+ [b60fdd82de94] <1.8>
+
+ * configure, configure.in:
+ FreeBSD has libutil.h not util.h
+ [c03b121e0193] <1.8>
+
+ * configure, configure.in:
+ Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
+ [002e3e0bb173] <1.8>
+
+ * Update po files from translationproject.org
+ [2b36af902213] <1.8>
+
* doc/TROUBLESHOOTING:
Update to current reality and add bit about ssh auth
[184a1e7c2eeb]
@@ -24732,18 +27316,42 @@
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS:
+ Mention DEREF support
+ [dfeb152f1686] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot:
+ sync pot files
+ [1fba22e927a3] <1.8>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ Add support for DEREF in ldap.conf.
+ [fe1cf6ad0add] <1.8>
+
* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
Add support for DEREF in ldap.conf.
[3c1937a98547]
* Makefile.in:
install target should depend on ChangeLog too, not just install-doc
+ [f54e2ab633b8] <1.8>
+
+ * Makefile.in:
+ install target should depend on ChangeLog too, not just install-doc
[1a7c83941175]
+ * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:
+ Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
+ [44a25099594e] <1.8>
+
* doc/sudoers.pod:
Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
[0eca47d60a2c]
+ * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [e14ee85cf49b] <1.8>
+
* NEWS:
Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
[0501415cc5ff]
@@ -24755,8 +27363,42 @@
* configure, configure.in:
Fix some square brackets in case statements that needed to be
doubled up. While here, use $OSMAJOR when it makes sense.
+ [853c6e5f994c] <1.8>
+
+ * Fix a crash in make_grlist_item() on 64-bit machines with strict
+ alignment.
+ [e877c89ae32f] <1.8>
+
+ * Remove list_options() function that is no longer used now that "sudo
+ -L" is gone.
+ [f31543c80b98] <1.8>
+
+ * configure, configure.in:
+ Error message if user tries --with-CC
+ [0ed7558b8924] <1.8>
+
+ * configure, configure.in:
+ Check for -libmldap too when looking for ldap libs, which is the
+ Tivoli Directory Server client library.
+ [831e32d1453c] <1.8>
+
+ * configure, configure.in:
+ Fix some square brackets in case statements that needed to be
+ doubled up. While here, use $OSMAJOR when it makes sense.
[8973343f4696]
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files for 1.8.3
+ [df2fb085cff2] <1.8>
+
+ * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ Update for version 1.8.3
+ [38cf153add0a] <1.8>
+
* plugins/sudoers/pwutil.c:
Fix a crash in make_grlist_item() on 64-bit machines with strict
alignment.
@@ -24778,10 +27420,19 @@
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Honor NOPASSWD tag for denied commands too.
+ [f473c443ad54] <1.8>
+
* plugins/sudoers/parse.c:
Honor NOPASSWD tag for denied commands too.
[8dd92656db92]
+ * INSTALL, configure, configure.in:
+ Remove --with-CC option; it doesn't work correctly now that we use
+ libtool. Users can get the same effect by setting the CC environment
+ variable when running configure.
+ [4f04869d74fd] <1.8>
+
2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
* INSTALL, configure, configure.in:
@@ -24792,6 +27443,10 @@
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Assume all modern systems support fstat(2).
+ [0422b19dced3] <1.8>
+
* config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
src/sudo_edit.c:
Assume all modern systems support fstat(2).
@@ -24799,6 +27454,11 @@
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Add configure test for missing errno declaration and only declare it
+ ourselves if it is missing.
+ [6d26974f7e16] <1.8>
+
* compat/regress/glob/globtest.c, config.h.in, configure,
configure.in, include/missing.h, plugins/sudoers/sudoers.h,
src/sudo.h, src/sudo_noexec.c:
@@ -24806,6 +27466,10 @@
ourselves if it is missing.
[456e76c809a2]
+ * Include errno.h before sudo.h to avoid conflicting with the system
+ definition of errno.
+ [8000bdc0968f] <1.8>
+
* plugins/sudoers/alias.c:
Include errno.h before sudo.h to avoid conflicting with the system
definition of errno.
@@ -24813,6 +27477,19 @@
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Only print individual check status when there is a failure.
+ [bbdd669e7615] <1.8>
+
+ * Add calls to setprogname() for test programs.
+ [c721f3466a3a] <1.8>
+
+ * configure, configure.in:
+ Add -Wall and -Werror after all tests so they don't cause failures.
+ [20d75ce40086] <1.8>
+
+ * Actually run check_addr in the check target
+ [dcd96ef0dc57] <1.8>
+
* plugins/sudoers/regress/parser/check_addr.c:
Only print individual check status when there is a failure.
[2ac704c91441]
@@ -24831,6 +27508,10 @@
Actually run check_addr in the check target
[0b2778bc86bf]
+ * Split out address matching into its own file and add regression
+ tests for it.
+ [863f28589c24] <1.8>
+
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
plugins/sudoers/match_addr.c,
plugins/sudoers/regress/parser/check_addr.c,
@@ -24841,6 +27522,10 @@
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix matching a network number with netmask when the network number
+ is not the first address in the CIDR block.
+ [719942c986e9] <1.8>
+
* plugins/sudoers/match.c:
When matching an address with a netmask in sudoers, AND the mask and
addr before checking against the local addresses.
@@ -24852,6 +27537,10 @@
Fix netmask matching.
[a3c8f8cc1464]
+ * Don't assume all editors support the +linenumber command line
+ argument, use a whitelist of known good editors.
+ [d8d884af3b05] <1.8>
+
* plugins/sudoers/visudo.c:
Don't assume all editors support the +linenumber command line
argument, use a whitelist of known good editors.
@@ -24859,17 +27548,34 @@
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Silence compiler warnings on Solaris with gcc 3.4.3
+ [8047cdb5d6a1] <1.8>
+
* plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
src/exec_pty.c, src/sudo.c:
Silence compiler warnings on Solaris with gcc 3.4.3
[da620bae6fdb]
+ * Fix building on RHEL 3
+ [6bb0464a7450] <1.8>
+
* mkpkg:
Fix building on RHEL 3
[f3227fb2a252]
* INSTALL, configure, configure.in:
Add --enable-werror configure option.
+ [aa40fd459836] <1.8>
+
+ * setgroups() proto lives in grp.h on RHEL4, perhaps others.
+ [92f98cbaebf0] <1.8>
+
+ * configure, configure.in:
+ Use PAM by default on AIX 6 and higher.
+ [7ef53d5ac819] <1.8>
+
+ * INSTALL, configure, configure.in:
+ Add --enable-werror configure option.
[fec2cdb95543]
* common/setgroups.c:
@@ -24882,6 +27588,9 @@
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add new Esperanto translation from translationproject.org
+ [109ed683b885] <1.8>
+
* MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
src/po/eo.mo, src/po/eo.po:
Add new Esperanto translation from translationproject.org
@@ -24889,12 +27598,23 @@
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Quiet an innocuous valgrind warning.
+ [fc453e49f9dd] <1.8>
+
* plugins/sudoers/iolog_path.c:
Quiet an innocuous valgrind warning.
[0582b6027161]
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix expansion of strftime() escapes in log_dir and add a regress
+ test that exhibited the problem.
+ [784e60d21f11] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Fix "make check" return value.
+ [d3608efd8da6] <1.8>
+
* plugins/sudoers/iolog_path.c,
plugins/sudoers/regress/iolog_path/data:
Fix expansion of strftime() escapes in log_dir and add a regress
@@ -24907,26 +27627,61 @@
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/po/sudoers.pot:
+ Regen pot files
+ [3682e51af1d0] [SUDO_1_8_2] <1.8>
+
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
Regen pot files
[063841aac19b]
* Makefile.in:
Fix logic inversion in pot file up to date check.
+ [343dbbca9422] <1.8>
+
+ * Makefile.in:
+ Fix logic inversion in pot file up to date check.
[f6a8ca8654df]
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/visudo.cat, doc/visudo.man.in:
+ regen docs
+ [96234478bde2] <1.8>
+
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.in:
Add caching for gettext() checks.
+ [4039d21424c3] <1.8>
+
+ * configure, configure.in:
+ Add caching for gettext() checks.
[01b7200f6105]
* configure, configure.in:
Better handling of libintl header and library mismatch.
+ [cc9faee8e486] <1.8>
+
+ * configure, configure.in:
+ Better handling of libintl header and library mismatch.
[9a49b1d4db69]
+2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [73649a44d934] <1.8>
+
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Also check sudoers gid if sudoers is group writable.
+ [3d345347f6ac] <1.8>
+
+ * NEWS:
+ Update for 1.8.2 final
+ [441c22fea363] <1.8>
+
* plugins/sudoers/sudoers.c:
Also check sudoers gid if sudoers is group writable.
[23ef96ca0d33]
@@ -24936,8 +27691,21 @@
* configure, configure.in:
If dlopen is present but libtool doesn't find it, error out since it
probably means that libtool doesn't support the system.
+ [6fc7c0de4f6d] <1.8>
+
+ * configure, configure.in:
+ If dlopen is present but libtool doesn't find it, error out since it
+ probably means that libtool doesn't support the system.
[a9da0a5f7941]
+ * configure args on the command line should override builtin defaults.
+ Disable NLS for non-Linux/Solaris unless explicitly enabled.
+ [0ef165f892c2] <1.8>
+
+ * Fix loop that calls authenticate(). If there was an error message
+ from authenticate(), display it.
+ [f0686011ff2e] <1.8>
+
* mkpkg:
configure args on the command line should override builtin defaults.
Disable NLS for non-Linux/Solaris unless explicitly enabled.
@@ -24950,6 +27718,10 @@
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Update to autoconf 2.68 and libtool 2.4
+ [00df5f3647e1] <1.8>
+
* m4/libtool.m4, m4/ltversion.m4:
Update to autoconf 2.68 and libtool 2.4
[5a912a6eb67b]
@@ -24958,10 +27730,17 @@
Update to autoconf 2.68 and libtool 2.4
[931ab56aecf6]
+ * Fix typo; OPT should be OTP
+ [31da1f989740] <1.8>
+
* doc/sudoers.pod:
Fix typo; OPT should be OTP
[e97bd2e46544]
+ * Rename libsudoers convenience library to libparsesudoers to avoid
+ libtool confusion.
+ [e9ae9d611dd5] <1.8>
+
* plugins/sudoers/Makefile.in:
Rename libsudoers convenience library to libparsesudoers to avoid
libtool confusion.
@@ -24969,10 +27748,18 @@
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add Danish sudoers translation from translationproject.org
+ [fa9cd9758249] <1.8>
+
* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
Add Danish sudoers translation from translationproject.org
[27b96e85eb13]
+ * Add dedicated callback function for runas_default sudoers setting
+ that only sets runas_pw if no runas user or group was specified by
+ the user.
+ [3fb4b18525de] <1.8>
+
* plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
Add dedicated callback function for runas_default sudoers setting
that only sets runas_pw if no runas user or group was specified by
@@ -24981,6 +27768,10 @@
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Update Finish, Polish, Russian and Ukrainian translations from
+ translationproject.org.
+ [0fcd8f6aff0a] <1.8>
+
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
@@ -24989,6 +27780,15 @@
translationproject.org.
[f9339aff664e]
+ * Makefile.in:
+ Go back to using a callback for runas_default to keep runas_pw in
+ sync. This is needed to make per-entry runas_default settings work
+ with LDAP-based sudoers. Instead of declaring it a callback in
+ def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
+ bit naughty, but avoids requiring stub functions in visudo and the
+ tests.
+ [4e8e70832f06] <1.8>
+
* plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
plugins/sudoers/testsudoers.c:
Go back to using a callback for runas_default to keep runas_pw in
@@ -25001,12 +27801,24 @@
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regen pot files
+ [ca5c58c599a6] <1.8>
+
+ * Makefile.in:
+ Add check for out of date message catalogs when doing "make dist".
+ [36414e5c762b] <1.8>
+
* Makefile.in:
Add check for out of date message catalogs when doing "make dist".
[e45a29b612f4]
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Make sure compiler supports static-libgcc before using it.
+ [6c98e8809291] <1.8>
+
* configure:
regen
[d6f9ad26774a]
@@ -25017,12 +27829,19 @@
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
+ [a0a3a3fa6470] <1.8>
+
* src/Makefile.in:
Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
[c99c7ab3edef]
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add new Russian sudo translation from translationproject.org and
+ rebuild the other translation files.
+ [e953d7d1ca6d] <1.8>
+
* MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
@@ -25033,10 +27852,19 @@
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Update Finish and Polish translations from translationproject.org
+ [17e408d73c85] <1.8>
+
* plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
Update Finish and Polish translations from translationproject.org
[4e3dbba4a1de]
+ * Go back to escaping the command args for "sudo -i" and "sudo -s"
+ before calling the plugin. Otherwise, spaces in the command args are
+ not treated properly. The sudoers plugin will unescape non- spaces
+ to make matching easier.
+ [f666191a4e80] <1.8>
+
* plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
Go back to escaping the command args for "sudo -i" and "sudo -s"
before calling the plugin. Otherwise, spaces in the command args are
@@ -25046,6 +27874,10 @@
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix some potential problems found by the clang static analyzer, none
+ serious.
+ [c1ab4b940980] <1.8>
+
* plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
@@ -25054,6 +27886,10 @@
serious.
[ff64aa74aae6]
+ * Updated Ukranian and Chinese (simplified) po files from
+ translationproject.org
+ [792a66672715] <1.8>
+
* plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
src/po/zh_CN.po:
Updated Ukranian and Chinese (simplified) po files from
@@ -25062,14 +27898,30 @@
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Updated Polish translation from translationproject.org
+ [5f434cc04482] <1.8>
+
* plugins/sudoers/po/pl.po:
Updated Polish translation from translationproject.org
[a3af53cb649c]
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
Rebuild pot files
+ [639230dbd741] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Rebuild pot files
[c650524c0f0a]
+ * Don't try to audit failure if the runas user does not exist. We
+ don't have the user's command at this point so there is nothing to
+ audit. Add a NULL check in audit_success() and audit_failure() just
+ to be on the safe side.
+ [2bfb96a32b00] <1.8>
+
+ * Add -g to CFLAG for PIE builds.
+ [e4c94977ca4e] <1.8>
+
* plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
Don't try to audit failure if the runas user does not exist. We
don't have the user's command at this point so there is nothing to
@@ -25083,6 +27935,15 @@
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Remove fallback to per-group lookup when matching groups in sudoers.
+ The sudo front-end will now use getgrouplist() to get the user's
+ list of groups if getgroups() fails or returns zero groups so we
+ always have a list of the user's groups. For systems with
+ mbr_check_membership() which support more that NGROUPS_MAX groups
+ (Mac OS X), skip the call to getgroups() and use getgrouplist() so
+ we get all the groups.
+ [168d6d4a386b] <1.8>
+
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
plugins/sudoers/sudoers.h, src/sudo.c:
Remove fallback to per-group lookup when matching groups in sudoers.
@@ -25096,22 +27957,62 @@
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix setgroups() fallback code on EINVAL.
+ [dd1310945ab3] <1.8>
+
* common/setgroups.c:
Fix setgroups() fallback code on EINVAL.
[2b6faecd56a4]
+ * Fix two PERM_INITIAL cases that were still using user_gids.
+ [d497d0d47a23] <1.8>
+
* plugins/sudoers/set_perms.c:
Fix two PERM_INITIAL cases that were still using user_gids.
[9680bab0acc6]
+ * Add Polish sudo message catalog
+ [1a0aa3f9f179] <1.8>
+
* MANIFEST:
Add Polish sudo message catalog
[8bb40c3ba576]
+ * user_group is no longer used, remove it
+ [379185a76094] <1.8>
+
* plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
user_group is no longer used, remove it
[9acede0fe6c5]
+2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Add Polish translation from translationproject.org
+ [2e7cdfe4ef41] <1.8>
+
+ * Add a wrapper for setgroups() that trims off extra groups and
+ retries if setgroups() fails. Also add some missing addrefs for
+ PERM_USER and PERM_FULL_USER.
+ [bacb4170a510] <1.8>
+
+ * configure, configure.in:
+ Instead of keeping separate groups and gids arrays, create struct
+ group_info and use it to store both, along with a count for each.
+ Cache group info on a per-user basis using getgrouplist() to get the
+ groups. We no longer need special to special case the user or list
+ user for user_in_group() and thus no longer need to reset the groups
+ list when listing another user.
+ [f1d8962821a0] <1.8>
+
+ * Don't rely on NULL since we don't include a header for it.
+ [ed46286f848b] <1.8>
+
+ * Fix typo
+ [a38b8fbb0e70] <1.8>
+
+ * Do not shadow global sudo_mode with a local variable in set_cmnd()
+ [8e462ebafea4] <1.8>
+
2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
* MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
@@ -25157,6 +28058,15 @@
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * bash 2.x doesd not support the -l flag and exits with an error if it
+ is specified so use --login instead. This causes an error with bash
+ 1.x (which uses -login instead) but this version is hopefully less
+ used than 2.x.
+ [73020a67b9d5] <1.8>
+
+ * Add Polish translation from translationproject.org
+ [8cac0da9ffb1] <1.8>
+
* plugins/sudoers/sudoers.c:
bash 2.x doesd not support the -l flag and exits with an error if it
is specified so use --login instead. This causes an error with bash
@@ -25170,24 +28080,41 @@
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Make error strings translatable.
+ [d1ff594f27b5] <1.8>
+
* plugins/sudoers/set_perms.c:
Make error strings translatable.
[414c5c484768]
+ * Only run configure with --with-pam-login for RHEL 5 and above.
+ [2f1a0ff5230e] <1.8>
+
* mkpkg:
Only run configure with --with-pam-login for RHEL 5 and above.
[6c16e4de4026]
+ * Fix typo in summary
+ [1e1d7dcae9ab] <1.8>
+
* sudo.pp:
Fix typo in summary
[9ac618c9a749]
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add missing logwrap.c
+ [abcd28c194d2] <1.8>
+
* plugins/sudoers/logwrap.c:
Add missing logwrap.c
[c12a413ecc1d]
+ * Split out log file word wrap code into its own file and add unit
+ tests. Fixes an off-by one in the word wrap when the log line length
+ matches loglinelen.
+ [0ae1c7aa9ef1] <1.8>
+
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
plugins/sudoers/logging.h,
plugins/sudoers/regress/logging/check_wrap.c,
@@ -25200,11 +28127,18 @@
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+ * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
+ binaries.
+ [4448fa1c639f] <1.8>
+
* mkpkg:
For SuSE, only use /usr/lib64 as libexec if generating 64-bit
binaries.
[645ab903cf77]
+ * Fix build error when --without-noexec configure option is used.
+ [f6bfd748ae45] <1.8>
+
* src/load_plugins.c, src/sudo.c:
Fix build error when --without-noexec configure option is used.
[b994f7b0d8b4]
@@ -25212,10 +28146,31 @@
* configure, configure.in:
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
and above.
+ [9d957ae1840d] <1.8>
+
+ * configure, configure.in:
+ Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
+ and above.
[c2a6f9b472f3]
+2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, doc/UPGRADE:
+ Document group lookup change and possible side effects.
+ [fe4b2d2701b2] <1.8>
+
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Resolve the list of gids passed in from the sudo frontend (the
+ result of getgroups()) to names and store both the group names and
+ ids in the sudo_user struct. When matching groups in the sudoers
+ file, match based on the names in the groups list first and only do
+ a gid-based match when we absolutely have to. By matching on the
+ group name (as it is listed in sudoers) instead of id (which we
+ would have to resolve) we save a lot of group lookups for sudoers
+ files with a lot of groups in them.
+ [c10d208bd7e5] <1.8>
+
* plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
@@ -25229,8 +28184,18 @@
files with a lot of groups in them.
[8dc19353f148]
+2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for 1.8.2rc5
+ [f6a3aa2edf7a] <1.8>
+
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Workaround for "sudo -i command" and newer versions of bash which
+ don't go into login mode when -c is specified unless -l is too.
+ [381e74d35006] <1.8>
+
* plugins/sudoers/sudoers.c:
Workaround for "sudo -i command" and newer versions of bash which
don't go into login mode when -c is specified unless -l is too.
@@ -25238,6 +28203,10 @@
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Rewrite logfile word wrapping code to be more straight-forward and
+ actually wrap at the correct place.
+ [8a7862d6a82f] <1.8>
+
* plugins/sudoers/logging.c:
Rewrite logfile word wrapping code to be more straight-forward and
actually wrap at the correct place.
@@ -25245,6 +28214,18 @@
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS:
+ Fix typo
+ [2456ad2ad3e3] <1.8>
+
+ * NEWS:
+ Mention use_pty bug fix
+ [f4eab5193452] <1.8>
+
+ * Set use_pty=true in command details when use_pty is set in sudoers.
+ From Ludwig Nussel
+ [abaafc5793d9] <1.8>
+
* doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
Set use_pty=true in command details when use_pty is set in sudoers.
From Ludwig Nussel
@@ -25252,6 +28233,9 @@
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Sync Chinese (simplified) PO files from translationproject.org
+ [a4cf84dd9ddf] <1.8>
+
* plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
src/po/zh_CN.mo, src/po/zh_CN.po:
Sync Chinese (simplified) PO files from translationproject.org
@@ -25259,6 +28243,10 @@
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add Danish translation from translationproject.org and add missing
+ Basque mo files.
+ [672b88adcc34] <1.8>
+
* MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
Add Danish translation from translationproject.org and add missing
@@ -25268,18 +28256,36 @@
* Makefile.in, configure, configure.in:
No longer need to specify LINGUAS in configure, "make install-nls"
now just installs all the .mo files it finds.
+ [c226a39ece48] <1.8>
+
+ * Makefile.in, configure, configure.in:
+ No longer need to specify LINGUAS in configure, "make install-nls"
+ now just installs all the .mo files it finds.
[fcd45cf04885]
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Build CONTRIBUTORS from newly-added contributors.pod
+ [b8871dd293ff] <1.8>
+
* MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
Build CONTRIBUTORS from newly-added contributors.pod
[8b192f2720f4]
+ * Rework the wording in the leading paragraph
+ [d8b081dedeb3] <1.8>
+
* doc/CONTRIBUTORS:
Rework the wording in the leading paragraph
[312044145cdd]
+2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Add a CONTRIBUTORS file with the names of folks who have contributed
+ code or patches to sudo since I started maintaining it (plus the
+ original authors).
+ [8b064e8996af] <1.8>
+
2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
* MANIFEST, doc/CONTRIBUTORS:
@@ -25290,6 +28296,11 @@
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
+ a situation where the SHELL variable and the actual shell being run
+ do not match.
+ [8f5bb61a8b76] <1.8>
+
* plugins/sudoers/env.c:
Preserve SHELL variable for "sudo -s". Otherwise we can end up with
a situation where the SHELL variable and the actual shell being run
@@ -25301,6 +28312,39 @@
* configure, configure.in:
Only enable Solaris project support when setproject() is present in
libproject.
+ [bf370ff3c194] <1.8>
+
+ * Explicitly set mode and owner of /etc/sudoers instead of relying on
+ "cp -p" to work in the postinstall script. On AIX 6.1 at least the
+ postinstall script runs before the final file permissions are set.
+ [7a4a87405349] <1.8>
+
+ * Refer the user to the "Command Environment" section in description
+ of sudo's -i option.
+ [1a063eaf9670] <1.8>
+
+ * Fix typo
+ [442c50370c44] <1.8>
+
+ * If there is no old dependency for an object file, use the MANIFEST
+ to find its source.
+ [d95c77ad283f] <1.8>
+
+ * Remove dependency for getgrouplist.lo as we don't ship that source
+ file.
+ [bbede77e6256] <1.8>
+
+ * Do not declare yyparse() static as the actual function generated by
+ yacc is extern.
+ [8e615bd15a4c] <1.8>
+
+ * Makefile.in:
+ Remove locale files in "make uninstall"
+ [9791be90d5ac] <1.8>
+
+ * configure, configure.in:
+ Only enable Solaris project support when setproject() is present in
+ libproject.
[49ad7857ab89]
* sudo.pp:
@@ -25345,11 +28389,33 @@
Remove locale files in "make uninstall"
[201ff261ecbe]
+ * configure.in:
+ Add Basque translation and sync Finish and Ukranian translations.
+ [64af34789164] <1.8>
+
* configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
plugins/sudoers/po/uk.po, src/po/eu.po:
Add Basque translation and sync Finish and Ukranian translations.
[66d2c78c8a13]
+ * NEWS:
+ Update PAM change to reflect latest checkin.
+ [657cddf2077a] <1.8>
+
+ * configure, configure.in:
+ FreeBSD no longer needs the main sudo binary to link with -lpam now
+ that plug-ins are loaded with RTLD_GLOBAL.
+ [573a6f4b29af] <1.8>
+
+ * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
+ problems with pam modules not having access to symbols provided by
+ libpam on some platforms. Affects FreeBSD and SLES 10 at least.
+ [4ec864fdba46] <1.8>
+
+ * Makefile.in:
+ Move xgettext invocation out of update-po target into update-pot
+ [421ac1a073ea] <1.8>
+
* configure, configure.in:
FreeBSD no longer needs the main sudo binary to link with -lpam now
that plug-ins are loaded with RTLD_GLOBAL.
@@ -25369,6 +28435,15 @@
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
Regenerate .pot files for 1.8.2rc2
+ [d2a891e3d3dd] <1.8>
+
+ * Makefile.in:
+ Move nls targets to the top level Makefile so the paths in the pot
+ file are saner
+ [6c256cb77f78] <1.8>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regenerate .pot files for 1.8.2rc2
[c3037f591dd8]
* Makefile.in, common/Makefile.in, compat/Makefile.in,
@@ -25379,15 +28454,45 @@
file are saner
[65b9285cd8d9]
+ * NEWS:
+ Update 1.8.2 news
+ [17bd04278b04] <1.8>
+
+ * Add compiled version of sudo Finish translation
+ [ff9d20a02aa0] <1.8>
+
* src/po/fi.mo:
Add compiled version of sudo Finish translation
[8f2405384ea3]
+ * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
+ files
+ [60c4f3b3829c] <1.8>
+
* MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
files
[a165e70fa9ec]
+ * configure, configure.in:
+ Add Finish translation from translationproject.org
+ [ade788a35521] <1.8>
+
+ * The group named by exempt_group should not have a % prefix.
+ [1f74c691c1e1] <1.8>
+
+ * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
+ [58d36c0e76f9] <1.8>
+
+ * Fix compressed io log corruption in background mode by using _exit()
+ instead of exit() to avoid flushing buffers twice.
+
+ Improved background mode support. When not allocating a pty, the
+ command is run in its own process group. This prevents write access
+ to the tty. When running in a pty, stdin is not hooked up and we
+ never read from /dev/tty, which results in similar behavior.
+ [fe50d6a5c5b9] <1.8>
+
* configure, configure.in, plugins/sudoers/po/fi.po:
Add Finish translation from translationproject.org
[4466f8a96ceb]
@@ -25416,6 +28521,13 @@
never read from /dev/tty, which results in similar behavior.
[87c15149894c]
+ * Clean up regress files Generate proper dependencies for regress objs
+ in compat
+ [264196584549] <1.8>
+
+ * Add missing dependency for check_fill.o.
+ [c41f4e6ff078] <1.8>
+
* compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
Clean up regress files Generate proper dependencies for regress objs
in compat
@@ -25425,6 +28537,12 @@
Add missing dependency for check_fill.o.
[0bd6362e3e17]
+2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Add support for --enable-nls[=location]
+ [0ea8e7bd1739] <1.8>
+
2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
* INSTALL, configure, configure.in:
@@ -25433,20 +28551,53 @@
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Include gettext.h
+ [fe8bab6403c6] <1.8>
+
* plugins/sudoers/linux_audit.c:
Include gettext.h
[7f909a6e48cb]
+ * Quiet gcc warnings.
+ [aa16d09710a7] <1.8>
+
* plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
Quiet gcc warnings.
[b41a6cdca583]
* configure, configure.in:
Don't install .mo files if gettext was not found.
+ [c6b233e829aa] <1.8>
+
+ * configure, configure.in:
+ Don't install .mo files if gettext was not found.
[1397b34cc165]
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Always allocate a pty when running a command in the background but
+ call setsid() after forking to make sure we don't end up with a
+ controlling tty.
+ [77c6b2923714] <1.8>
+
+ * Add missing space between command name and the first command line
+ argument.
+ [d0a36b9c0f38] <1.8>
+
+ * Quiet a compiler warning on some platforms.
+ [654e76cf0574] <1.8>
+
+ * README file that directs people to translationproject.org
+ [5545e9a5ae37] <1.8>
+
+ * Sync translations with TP
+ [b054ce577022] <1.8>
+
+ * Makefile.in:
+ Add 'sync-po' target to top-level Makefile to rsync the po files
+ from translationproject.org.
+ [87a5011b0410] <1.8>
+
* src/exec.c:
Always allocate a pty when running a command in the background but
call setsid() after forking to make sure we don't end up with a
@@ -25475,14 +28626,25 @@
from translationproject.org.
[20508211aaa3]
+ * install nls files from install target
+ [a3feba9ef323] <1.8>
+
* plugins/sudoers/Makefile.in:
install nls files from install target
[5fc07b6cab38]
+ * Makefile.in:
+ Include .mo files in sudo binary packags.
+ [bc3ee7e7fb44] <1.8>
+
* Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
Include .mo files in sudo binary packags.
[278d4821a916]
+ * configure, configure.in:
+ Add simplified chinese translation
+ [c22e6842c766] <1.8>
+
* configure, configure.in, plugins/sudoers/po/zh_CN.mo,
plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
Add simplified chinese translation
@@ -25490,11 +28652,23 @@
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+ * configure, configure.in:
+ Add ukranian translation
+ [0bb9e6437f0f] <1.8>
+
* configure, configure.in, plugins/sudoers/po/uk.mo,
plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
Add ukranian translation
[2d8102688e93]
+ * refer to siglist.c, not ./siglist.c since not all makes will treat
+ foo and ./foo the same.
+ [909051ff6061] <1.8>
+
+ * Set def_preserve_groups before searching for the command when the -P
+ flag is specified.
+ [08e9378f50e4] <1.8>
+
* compat/Makefile.in:
refer to siglist.c, not ./siglist.c since not all makes will treat
foo and ./foo the same.
@@ -25505,20 +28679,35 @@
flag is specified.
[0edc7942f875]
+ * Makefile.in:
+ Add dependency for siglist.lo in compat. This is a generated file so
+ "make depend" needs to depend on it.
+ [e6c0daf36af0] <1.8>
+
* Makefile.in, compat/Makefile.in, mkdep.pl,
plugins/sudoers/Makefile.in:
Add dependency for siglist.lo in compat. This is a generated file so
"make depend" needs to depend on it.
[28d0932f8b50]
+ * More dependency fixes.
+ [7fed03624689] <1.8>
+
* compat/Makefile.in:
More dependency fixes.
[aad0d05cd020]
+ * Fix a few dependencies.
+ [7cb86c721961] <1.8>
+
* compat/Makefile.in:
Fix a few dependencies.
[eb21aa35a032]
+ * Place compiled mo files in the src dir, not the build dir. When
+ installing compiled mo files, display a status message.
+ [b87aa18a9968] <1.8>
+
* plugins/sudoers/Makefile.in, src/Makefile.in:
Place compiled mo files in the src dir, not the build dir. When
installing compiled mo files, display a status message.
@@ -25526,15 +28715,40 @@
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Tivoli Directory Server requires that seconds be present in a
+ timestamp, even though RFC 4517 states that they are optional.
+ [47ebf110ea7a] <1.8>
+
* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
Tivoli Directory Server requires that seconds be present in a
timestamp, even though RFC 4517 states that they are optional.
[55fe23dd4ef9]
+ * Add missing bit of copyright
+ [d05d28a91bc4] <1.8>
+
* plugins/sudoers/sudo_nss.h:
Add missing bit of copyright
[d2eba3c364ca]
+ * Mention cycle detection warnings
+ [ee8231aa1aed] <1.8>
+
+ * When checking aliases, also check the contents of the alias in case
+ there are problems with an alias that is referenced inside another.
+ Replace the self reference check with real alias cycle detection.
+ [abcfe1bc95d8] <1.8>
+
+ * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
+ ENOENT in alias_find() and alias_remove() if the entry could not be
+ found.
+ [e73d169f4e9b] <1.8>
+
+ * Increment alias_seqno before calls to alias_remove_recursive() to
+ avoid false positives with the alias loop detection. Fixes spurious
+ warnings about unused aliases when they are nested.
+ [ac094820ef19] <1.8>
+
* doc/visudo.pod:
Mention cycle detection warnings
[a76bef15ab67]
@@ -25557,6 +28771,20 @@
warnings about unused aliases when they are nested.
[a344483b8193]
+ * add mkdep.pl
+ [3721e9654ba6] <1.8>
+
+ * Add dependency on convenience libs to binaries
+ [8a4db8226dfe] <1.8>
+
+ * Makefile.in:
+ mkdep.pl only works when run from the src dir
+ [2480427a0680] <1.8>
+
+ * Makefile.in:
+ Auto-generate Makefile dependencies with a perl script.
+ [ef5f56907d97] <1.8>
+
* MANIFEST:
add mkdep.pl
[86b7ed33eab2]
@@ -25577,6 +28805,13 @@
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * If the user specifies a runas group via sudo's -g option that
+ matches the runas user's group in the passwd database and that group
+ is not denied in the Runas_Spec, allow it. Thus, if user root's gid
+ in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
+ no groups are present in the Runas_Spec.
+ [942e1e7c5090] <1.8>
+
* plugins/sudoers/match.c:
If the user specifies a runas group via sudo's -g option that
matches the runas user's group in the passwd database and that group
@@ -25587,16 +28822,45 @@
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS:
+ Mention what is new in 1.8.2 (for now)
+ [d44b26eceee5] <1.8>
+
+ * Add dependencies on gettext.h
+ [32c61c6af852] <1.8>
+
* plugins/sudoers/Makefile.in, src/Makefile.in:
Add dependencies on gettext.h
[a3a9dc51f78b]
+ * Fix install-nls target with HP-UX sh when gettext is not present.
+ [3441cece9638] <1.8>
+
* plugins/sudoers/Makefile.in, src/Makefile.in:
Fix install-nls target with HP-UX sh when gettext is not present.
[0c6b9655cd41]
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Regen for sudo 1.8.2
+ [9ea124b542cc] <1.8>
+
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regenerate .pot files for lbuf changes
+ [a8a9cc62c3a5] <1.8>
+
+ * configure, configure.in:
+ Add missing "checking" message for gettext when using the cache.
+ [4136bc346576] <1.8>
+
+ * Add primitive format string support to the lbuf code to make
+ translations simpler.
+ [22fc74618d09] <1.8>
+
* plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
src/Makefile.in, src/po/sudo.pot:
regenerate .pot files for lbuf changes
@@ -25613,6 +28877,132 @@
translations simpler.
[ee71c7ef5299]
+ * configure, configure.in, plugins/sudoers/po/sudoers.pot,
+ src/po/sudo.pot:
+ Bump version to 1.8.2
+ [999de1ac5b3e] <1.8>
+
+ * Add message catalog template files for sudo and the sudoers module.
+ [6afad75e7afa] <1.8>
+
+ * configure.in:
+ Add gettext.h convenience header. This is similar to but distinct
+ from the one included with the gettext package.
+ [5ae5a86e0d06] <1.8>
+
+ * configure, configure.in:
+ Add checks for nroff -c and -Tascii flags
+ [580c21905280] <1.8>
+
+ * configure, configure.in:
+ Add check for HP bundled C Compiler (which cannot create shared
+ libs)
+ [34f616cbb0f3] <1.8>
+
+ * Fix C format warnings.
+ [f20a43a817f0] <1.8>
+
+ * Add __printflike
+ [76bf8a4bf075] <1.8>
+
+ * Translate help / usage strings.
+ [16c5b7902d4c] <1.8>
+
+ * Set --msgid-bugs-address to the bugzilla url
+ [3e3cfa7b4ceb] <1.8>
+
+ * INSTALL, Makefile.in, README, configure, configure.in:
+ Add scaffolding to update .po files and install .mo files.
+ [a51e60b35e47] <1.8>
+
+ * Minor warning/error cleanup
+ [593144ac87ff] <1.8>
+
+ * configure.in:
+ Emulate ngettext for the non-nls case
+ [7cdf82de4dee] <1.8>
+
+ * Do not mark untranslatable strings for translation
+ [088271ed02d0] <1.8>
+
+ * Use ROOT_UID not 0.
+ [f901fa2fdaf2] <1.8>
+
+ * Minor warning/error message cleanup
+ [b99c7ef46236] <1.8>
+
+ * cannot -> "unable to" in warning/error messages can't -> "unable to"
+ in warning/error messages
+ [5119140fabc7] <1.8>
+
+ * configure, configure.in:
+ FreeBSD needs the main sudo executable to link with -lpam when
+ loading dynaic pam modules for some reason.
+ [738b6778a505] <1.8>
+
+ * We don't want to translate debugging messages.
+ [357a575c2dfd] <1.8>
+
+ * configure, configure.in:
+ Add calls to bindtextdomain() and textdomain() Currently there are
+ two domains, one for the sudo front-end and one for the sudoers
+ plugin and its associated utilities.
+ [907f39439d80] <1.8>
+
+ * configure, configure.in:
+ Fix caching of libc gettext check.
+ [e229c21f412f] <1.8>
+
+ * Mark defaults descriptions for translation
+ [65e03d1f8203] <1.8>
+
+ * NEWS:
+ Update for sudo 1.8.1p2
+ [89c31f2aa11e] <1.8>
+
+ * Quiet compiler warning when SELinux is enabled.
+ [51b1d7c8aa86] <1.8>
+
+ * dd missing includes of libintl.h.
+ [25662143d36d] <1.8>
+
+ * Fix gettext marker.
+ [7618856ba5de] <1.8>
+
+ * Include libint.h where needed.
+ [cc256b297b9d] <1.8>
+
+ * Prepare sudoers module messages for translation.
+ [1b7f0bbaa55f] <1.8>
+
+ * Only check gid of sudoers file if it is group-readable.
+ [f3cae943f35a] <1.8>
+
+ * For AIX, keep calling authenticate() until reenter reaches 0.
+ [e412676bac73] <1.8>
+
+ * configure, configure.in:
+ Cache the status of the initial gettext() check.
+ [c32281768c0f] <1.8>
+
+ * INSTALL, configure, configure.in:
+ Add --disable-nls flag and improve checks for gettext.
+ [b39674c1e538] <1.8>
+
+ * configure, configure.in:
+ When building with gcc on HP-UX, use -march=1.1 to produce portable
+ binaries on a pa-risc2 host. Previously, the +Dportable option was
+ used for the HP-UX C compiler but gcc always produced native
+ binaries.
+ [41351c23ad41] <1.8>
+
+ * Prepare sudo front end messages for translation.
+ [7807d6f74dac] <1.8>
+
+ * configure, configure.in:
+ Add initial scaffolding to support localization via gettext()
+ [cdbbff7e6376] <1.8>
+
* MANIFEST, plugins/sudoers/Makefile.in,
plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
Add message catalog template files for sudo and the sudoers module.
@@ -25668,10 +29058,22 @@
update copyright year
[fa0c62523875]
+ * doc/license.pod:
+ update copyright year
+ [d681661f03cc] <1.8>
+
* INSTALL, README:
No need to include version number at the top of these files.
[9f2981325351]
+ * INSTALL, README:
+ No need to include version number at the top of these files.
+ [7e11f673f773] <1.8>
+
+ * README:
+ This is sudo 1.8.1 not 1.8.0
+ [4d674f230d8a] <1.8>
+
2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
@@ -25829,12 +29231,20 @@
Add initial scaffolding to support localization via gettext()
[7d47b59fcf95]
+ * Don't let the fnmatch/glob macros expand the function prototype.
+ [d449e9a8f447] <1.8>
+
* compat/fnmatch.h, compat/glob.h:
Don't let the fnmatch/glob macros expand the function prototype.
[a9014aa0288e]
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Resolve namespace collisions on HP-UX ia64 and possibly others by
+ adding a rpl_ prefix to our fnmatch and glob replacements and
+ #defining rpl_foo to foo in the header files.
+ [d23889375b21] <1.8>
+
* compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
Resolve namespace collisions on HP-UX ia64 and possibly others by
adding a rpl_ prefix to our fnmatch and glob replacements and
@@ -25843,6 +29253,12 @@
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Split ALL, ROLE and TYPE into their own actions. Since you can only
+ have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
+ the non-SELinux case. This is safe because the actions are in one
+ big switch() statement.
+ [0bd9b7e37ab1] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Split ALL, ROLE and TYPE into their own actions. Since you can only
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
@@ -25850,6 +29266,17 @@
big switch() statement.
[7473fc2cfa2c]
+ * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
+ [8dec97b359e0] <1.8>
+
+ * askpass moved from sudoers to sudo.conf in sudo 1.8.0
+ [1001d87d82ed] <1.8>
+
+ * Remove obsolete warning about runas_default and ordering. Move
+ syslog facility and priority lists into the section where the
+ relevant options are described.
+ [1286b9624021] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
[9be3480c2865]
@@ -25868,6 +29295,17 @@
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix SIA support; we no longer have access to the real argc and argv
+ so allocate space for a fake one and use the argv passed to the
+ plugin with "sudo" for argv[0].
+ [7c11eeffb91c] <1.8>
+
+ * Remove useless realloc when trying to get the buffer size right.
+ [58128e7f4e28] <1.8>
+
+ * Be explicit when setting euid to 0 before call to setreuid(0, 0)
+ [95769a564ab8] <1.8>
+
* plugins/sudoers/auth/sia.c:
Fix SIA support; we no longer have access to the real argc and argv
so allocate space for a fake one and use the argv passed to the
@@ -25886,6 +29324,16 @@
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * NEWS:
+ sudo 1.8.1p1 updates
+ [de3d688b5bb1] <1.8>
+
+ * configure, configure.in:
+ Need to do checks for krb5_verify_user, krb5_init_secure_context and
+ krb5_get_init_creds_opt_alloc regardless of whether or
+ notkrb5-config is present.
+ [456c4a9cd5d6] <1.8>
+
* configure, configure.in:
Need to do checks for krb5_verify_user, krb5_init_secure_context and
krb5_get_init_creds_opt_alloc regardless of whether or not
@@ -25894,6 +29342,11 @@
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Work around weird AIX saved uid semantics on setuid() and
+ setreuid(). On AIX, setuid() will only set the saved uid if the euid
+ is already 0.
+ [5d0a69e9d181] <1.8>
+
* plugins/sudoers/set_perms.c:
Work around weird AIX saved uid semantics on setuid() and
setreuid(). On AIX, setuid() will only set the saved uid if the euid
@@ -25902,10 +29355,17 @@
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+ * update copyright year
+ [fa8da6d55783] <1.8>
+
* sudo.pp:
update copyright year
[1c42d579ba6e]
+ * Treat a missing includedir like an empty one and do not return an
+ error.
+ [5fd9fe004728] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Treat a missing includedir like an empty one and do not return an
error.
@@ -25913,6 +29373,12 @@
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix ARCH setting in cross-compile Solaris packages.
+ [8ce40940f6c9] <1.8>
+
+ * Fix aix version setting.
+ [02a9e25d46ba] <1.8>
+
* pp:
Fix ARCH setting in cross-compile Solaris packages.
[b0de281cc889]
@@ -25921,6 +29387,10 @@
Fix aix version setting.
[98437dbfb085]
+ * Remove extraneous parens in LDAP filter when sudoers_search_filter
+ is enabled that causes a search error. From Matthew Thomas.
+ [b67be9b51ec6] <1.8>
+
* plugins/sudoers/ldap.c:
Remove extraneous parens in LDAP filter when sudoers_search_filter
is enabled that causes a search error. From Matthew Thomas.
@@ -25928,27 +29398,58 @@
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Correct sizeof() to fix test failure.
+ [a11b89fd13f9] <1.8>
+
* plugins/sudoers/regress/iolog_path/check_iolog_path.c:
Correct sizeof() to fix test failure.
[fd2f7c0c0572]
+ * "install" target should depend on "install-dirs". Fixes "make -j"
+ problem and closes bz #487. From Chris Coleman.
+ [06ab0558f848] <1.8>
+
* plugins/sudoers/Makefile.in:
"install" target should depend on "install-dirs". Fixes "make -j"
problem and closes bz #487. From Chris Coleman.
[083902d38edb]
+2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgtags:
+ Added tag SUDO_1_8_1 for changeset 0ed6281995f0
+ [543d41a163e9] <1.8>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Regen man pages for 1.8.1
+ [0ed6281995f0] [SUDO_1_8_1] <1.8>
+
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add HAVE_RFC1938_SKEYCHALLENGE
+ [c0d7eb39799d] <1.8>
+
* config.h.in:
Add HAVE_RFC1938_SKEYCHALLENGE
[a94cb33758a8]
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Mention plugin loading and libgcc changes
+ [b74929cba37c] <1.8>
+
* NEWS:
Mention plugin loading and libgcc changes
[e11b30b5026a]
+ * Load plugins after parsing arguments and potentially printing the
+ version. That way, an error loading or initializing a plugin doesn't
+ break "sudo -h" or "sudo -V".
+ [c1ecb5979cf0] <1.8>
+
* src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
Load plugins after parsing arguments and potentially printing the
version. That way, an error loading or initializing a plugin doesn't
@@ -25958,8 +29459,21 @@
* Makefile.in:
When using a sub-shell to invoke the sub-make, exec make instead of
running it inside the shell to avoid an extra process.
+ [9439f016c993] <1.8>
+
+ * Makefile.in:
+ When using a sub-shell to invoke the sub-make, exec make instead of
+ running it inside the shell to avoid an extra process.
[fd2c04a71fbf]
+ * Stop testing unspecified behavior in fnmatch Make glob test more
+ portable
+ [87a91d76fbff] <1.8>
+
+ * No need to add current dir to include path and having it breaks the
+ test programs that expect to get the system glob.h and fnmatch.h
+ [3ae7f9e7b710] <1.8>
+
* compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
Stop testing unspecified behavior in fnmatch Make glob test more
portable
@@ -25970,10 +29484,33 @@
test programs that expect to get the system glob.h and fnmatch.h
[68085f624be4]
+ * configure, configure.in:
+ Fix and document --with-plugindir; partially from Diego Elio Petteno
+ [0220a0c2606f] <1.8>
+
* INSTALL, configure, configure.in:
Fix and document --with-plugindir; partially from Diego Elio Petteno
[07edc52ea89e]
+ * Fix fnmatch and glob tests to not use hard-coded flag values in the
+ input file. Link test programs with libreplace so we get our
+ replacement verions as needed.
+ [66bab80241e0] <1.8>
+
+ * Makefile.in:
+ If make in a subdir fails, fail the target in the upper level
+ Makefile too. Adapted from a patch from Diego Elio Petteno
+ [bc35b7813507] <1.8>
+
+ * configure, configure.in:
+ Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
+ has this. Adapted from a patch from Diego Elio Petteno
+ [bb6228f484b9] <1.8>
+
+ * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
+ directly.
+ [47e6d5fadc6d] <1.8>
+
* compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
compat/regress/glob/globtest.in:
@@ -26000,12 +29537,26 @@
* configure, configure.in:
Fix warnings when -without-skey, --without-opie, --without-kerb4,
--without-kerb5 or --without-SecurID were specified.
+ [1b75035dd129] <1.8>
+
+ * configure, configure.in:
+ Fix warnings when -without-skey, --without-opie, --without-kerb4,
+ --without-kerb5 or --without-SecurID were specified.
[71ad150f4d24]
+ * Add plugins/sudoers/sudoers_version.h
+ [1d470c6033ca] <1.8>
+
* MANIFEST:
Add plugins/sudoers/sudoers_version.h
[7423966de440]
+ * configure, configure.in:
+ Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
+ now include LDFLAGS in the sudoers Makefile.in. Add missing settng
+ of @LDFLAGS@ in plugin Makefile.in files.
+ [dd237f43aa12] <1.8>
+
* configure, configure.in, plugins/sample/Makefile.in,
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
@@ -26015,10 +29566,20 @@
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Mention %#gid support in User_List and Runas_List
+ [37e259b9181b] <1.8>
+
* NEWS:
Mention %#gid support in User_List and Runas_List
[5a983dff017a]
+ * Keep track of sudoers grammar version and report it in the -V
+ output.
+ [0e0b891dd8a4] <1.8>
+
+ * Add multiple inclusion guard
+ [ec6884f51ea8] <1.8>
+
* plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
plugins/sudoers/visudo.c:
Keep track of sudoers grammar version and report it in the -V
@@ -26029,6 +29590,13 @@
Add multiple inclusion guard
[50853aed046e]
+ * configure, configure.in:
+ The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
+ LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
+ set it to -Wc,-static-libgcc if not using GNU ld so we don't have a
+ dependency on the shared libgcc in sudoers.so.
+ [28d03f3eb0d2] <1.8>
+
* configure, configure.in, plugins/sample/Makefile.in,
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
@@ -26037,12 +29605,19 @@
dependency on the shared libgcc in sudoers.so.
[66ad8bc5e32d]
+ * Fix typo; from Petr Uzel
+ [d19b9bd92bd3] <1.8>
+
* doc/sudoers.pod:
Fix typo; from Petr Uzel
[f9a7afd80892]
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+ * In dump-only mode, use "root" as the default username instead of
+ "nobody" as the latter may not be available on all systems.
+ [b304111616dd] <1.8>
+
* plugins/sudoers/testsudoers.c:
In dump-only mode, use "root" as the default username instead of
"nobody" as the latter may not be available on all systems.
@@ -26050,10 +29625,19 @@
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Remove NewArgv/NewArgc, they are no longer needed.
+ [c0a36a42a68c] <1.8>
+
* plugins/sudoers/testsudoers.c:
Remove NewArgv/NewArgc, they are no longer needed.
[16e18f734c7e]
+ * Fix setting of user_args
+ [529e79ea95d1] <1.8>
+
+ * Add '!' token to lex tracing
+ [aef295d428e7] <1.8>
+
* plugins/sudoers/testsudoers.c:
Fix setting of user_args
[aa29e0d0a54a]
@@ -26062,11 +29646,20 @@
Add '!' token to lex tracing
[5227ad266235]
+ * Use group bin in test, not wheel as most systems have the bin group
+ but the same is no longer true of wheel.
+ [350347f09c1a] <1.8>
+
* plugins/sudoers/regress/testsudoers/test1.sh:
Use group bin in test, not wheel as most systems have the bin group
but the same is no longer true of wheel.
[718802b3b45e]
+ * Avoid using pre or post increment in a parameter to a ctype(3)
+ function as it might be a macro that causes the increment to happen
+ more than once.
+ [8a94ebdd53b8] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Avoid using pre or post increment in a parameter to a ctype(3)
function as it might be a macro that causes the increment to happen
@@ -26075,6 +29668,10 @@
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Strip off the beta or release candidate version when building AIX
+ packages.
+ [00ad950764e2] <1.8>
+
* sudo.pp:
Strip off the beta or release candidate version when building AIX
packages.
@@ -26084,8 +29681,21 @@
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
structure checks for glibc which only has __e_termination visible
when _GNU_SOURCE is *not* defined.
+ [1d58420a4a4a] <1.8>
+
+ * configure, configure.in:
+ We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
+ structure checks for glibc which only has __e_termination visible
+ when _GNU_SOURCE is *not* defined.
[59ae1698911f]
+ * getuserattr(user, ...) will fall back to the "default" entry
+ automatically, there's no need to check "default" manually.
+ [cefffa82967d] <1.8>
+
+ * Document parser changes.
+ [5038238f60eb] <1.8>
+
* common/aix.c:
getuserattr(user, ...) will fall back to the "default" entry
automatically, there's no need to check "default" manually.
@@ -26097,6 +29707,11 @@
Document parser changes.
[ec415503308d]
+ * Makefile.in:
+ If there is an existing sudoers file, only install if it passes a
+ syntax check.
+ [b1e4c9c56fe0] <1.8>
+
* Makefile.in, common/Makefile.in, compat/Makefile.in,
doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
@@ -26105,6 +29720,12 @@
syntax check.
[37427c73e8cb]
+ * Add runasgroup support to testsudoers
+ [30838590e9de] <1.8>
+
+ * For "make check", keep going even if a test fails.
+ [d3a72f67227e] <1.8>
+
* plugins/sudoers/regress/sudoers/test6.out.ok,
plugins/sudoers/testsudoers.c:
Add runasgroup support to testsudoers
@@ -26114,6 +29735,13 @@
For "make check", keep going even if a test fails.
[ce6a0a73c372]
+ * More useful exit codes:
+ * 0 - parsed OK and command matched.
+ * 1 - parse error
+ * 2 - command not matched
+ * 3 - command denied
+ [59301e0769cd] <1.8>
+
* plugins/sudoers/testsudoers.c:
More useful exit codes:
* 0 - parsed OK and command matched.
@@ -26122,15 +29750,28 @@
* 3 - command denied
[1d2ce1361903]
+ * Document %#gid, and %:#nonunix_gid syntax.
+ [39ee15af58e9] <1.8>
+
* doc/sudoers.pod:
Document %#gid, and %:#nonunix_gid syntax.
[492d4f9696c4]
+ * Add support to user_in_group() for treating group names that begin
+ with a '#' as gids.
+ [0eb19980cf5f] <1.8>
+
* plugins/sudoers/pwutil.c:
Add support to user_in_group() for treating group names that begin
with a '#' as gids.
[20240c94a134]
+ * configure, configure.in:
+ Add explicit check for struct utmpx.ut_exit.e_termination and struct
+ utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
+ ut_exit if we detect one or the other.
+ [ab5b665fc04b] <1.8>
+
* config.h.in, configure, configure.in, src/utmp.c:
Add explicit check for struct utmpx.ut_exit.e_termination and struct
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
@@ -26139,22 +29780,39 @@
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Add back missing #include of config.h
+ [9c82bec81018] <1.8>
+
* plugins/sudoers/toke.c:
Add back missing #include of config.h
[9ab3897a1b2e]
+ * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
+ strftime() does.
+ [1ae630470f8a] <1.8>
+
* plugins/sudoers/iolog_path.c,
plugins/sudoers/regress/iolog_path/data:
Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
strftime() does.
[93395762cdcd]
+ * Quote first argument to AC_DEFUN(); from Elan Ruusamae
+ [c467e9e3b399] <1.8>
+
* aclocal.m4:
Quote first argument to AC_DEFUN(); from Elan Ruusamae
[97f53ad31d77]
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+ * add new sudoers tests
+ [05f2a0924acc] <1.8>
+
+ * Add test for a newline in the middle of a string when no line
+ continuation character is used.
+ [24b79be5822b] <1.8>
+
* MANIFEST:
add new sudoers tests
[476af91b3da3]
@@ -26166,12 +29824,24 @@
continuation character is used.
[de2394bc86ab]
+ * Use bitwise AND instead of modulus to check for length being odd. A
+ newline in the middle of a string is an error unless a line
+ continuation character is used.
+ [65c468599688] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Use bitwise AND instead of modulus to check for length being odd. A
newline in the middle of a string is an error unless a line
continuation character is used.
[bdb1d762a1d5]
+ * Move lexer globals initialization into init_lexer.
+ [07a1171a1853] <1.8>
+
+ * Fix a potential crash when a non-regular file is present in an
+ includedir. Fixes bz #452
+ [5057cb9516e4] <1.8>
+
* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Move lexer globals initialization into init_lexer.
@@ -26182,6 +29852,11 @@
includedir. Fixes bz #452
[1586760c3525]
+ * On some Linux systems, "uname -p" contains detailed processor info
+ so check "uname -m" first and then "uname -p" if needed. Recognize
+ PLD Linux.
+ [56226c84a060] <1.8>
+
* pp:
On some Linux systems, "uname -p" contains detailed processor info
so check "uname -m" first and then "uname -p" if needed. Recognize
@@ -26190,6 +29865,12 @@
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Don't need all sudoers.h here.
+ [43b6ae5999c5] <1.8>
+
+ * Print sudo version early, in case policy plugin init fails.
+ [620f2d0ec4b1] <1.8>
+
* plugins/sudoers/redblack.c:
Don't need all sudoers.h here.
[8c0929f42dab]
@@ -26200,10 +29881,33 @@
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Update to match change in input.
+ [69540f84721d] <1.8>
+
* plugins/sudoers/regress/sudoers/test4.toke.ok:
Update to match change in input.
[4a3af8e68790]
+ * Make an empty group or netgroup a syntax error.
+ [4b85bddc494e] <1.8>
+
+ * An empty group or netgroup should be a syntax error.
+ [6ec796972eff] <1.8>
+
+ * Check that uids work in per-user and per-runas Defaults Check that
+ uids and gids work in a Command_Spec
+ [68cf62353420] <1.8>
+
+ * Test empty string in User_Alias and Command_Spec
+ [017d487c31be] <1.8>
+
+ * Allow a group ID in the User_Spec.
+ [37e0bf69c8d8] <1.8>
+
+ * Return an error for the empty string when a word is expected. Allow
+ an ID for per-user or per-runas Defaults.
+ [4c9020779582] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Make an empty group or netgroup a syntax error.
[66f51ddc2ff6]
@@ -26238,16 +29942,28 @@
an ID for per-user or per-runas Defaults.
[915c259b00ff]
+ * Fix printing "User_Alias FOO = ALL"
+ [97c9fd7caeb7] <1.8>
+
* plugins/sudoers/testsudoers.c:
Fix printing "User_Alias FOO = ALL"
[ba58c3d548b3]
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Better error message about invalid -C argument
+ [2301e7a3835b] <1.8>
+
* src/parse_args.c:
Better error message about invalid -C argument
[c9a8d15bbf5d]
+ * fix typo
+ [c5acde62a309] <1.8>
+
+ * Fix placement of equal size ('=') in user specification summary.
+ [4d0ffef77ae4] <1.8>
+
* NEWS:
fix typo
[cdcfbafed013]
@@ -26258,21 +29974,68 @@
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+ * update to match sudoers regress
+ [0efb8dc9092a] <1.8>
+
* MANIFEST:
update to match sudoers regress
[e04db0648717]
+ * Restore ability to define TRACELEXER and have trace output go to
+ stderr.
+ [441c8b372217] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Restore ability to define TRACELEXER and have trace output go to
stderr.
[d9531e4d1b20]
+ * Restore old behavior of setting sawspace = TRUE for command line
+ args when a line continuation character is hit to avoid causing
+ problems for existing sudoers files.
+ [963ded6ce070] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Restore old behavior of setting sawspace = TRUE for command line
args when a line continuation character is hit to avoid causing
problems for existing sudoers files.
[fd930ad25550]
+ * Add test for line continuation and aliases
+ [5703d11a3c46] <1.8>
+
+ * Make test output line up nicely for parse vs. toke
+ [15321ce2d7d9] <1.8>
+
+ * plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Move parser tests to sudoers directory and test the tokenizer output
+ too.
+ [111c1ccda334] <1.8>
+
+ * If we match a rule anchored to the beginning of a line after parsing
+ a line continuation character, return an ERROR token. It would be
+ nicer to use REJECT instead but that substantially slows down the
+ lexer.
+ [67e54b14aa9d] <1.8>
+
+ * Move LEXTRACE macro to toke.h so we can use it in yyerror().
+ [e6e04037deed] <1.8>
+
+ * Make lex tracing settable at run-time in testsudoers via the -t
+ flag. Trace output goes to stderr. Will be used by regress tests to
+ check lexer.
+ [a973f43cc0c2] <1.8>
+
+ * Allow whitespace after the modifier in a Defaults entry. E.g.
+ "Defaults: username set_home"
+ [bf876c9fc5bb] <1.8>
+
* plugins/sudoers/regress/sudoers/test4.in,
plugins/sudoers/regress/sudoers/test4.out.ok,
plugins/sudoers/regress/sudoers/test4.toke.ok:
@@ -26335,18 +30098,34 @@
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Don't set CC when cross-compiling.
+ [d3c33dcb02f2] <1.8>
+
* mkpkg:
Don't set CC when cross-compiling.
[4b95b0c04e1c]
+ * Credit Matthew Thomas for the sudoers_search_filter changes.
+ [2209b80664af] <1.8>
+
* NEWS:
Credit Matthew Thomas for the sudoers_search_filter changes.
[a65998ab09f7]
+ * Add the .sym files to the MANIFEST
+ [bb452b28a009] <1.8>
+
* MANIFEST:
Add the .sym files to the MANIFEST
[f599225cc861]
+ * Update for sudo 1.8.1 beta
+ [700d42d80e00] <1.8>
+
+ * user_shell -> run_shell to avoid confusion with the user's SHELL
+ variable.
+ [451b96d5f97e] <1.8>
+
* NEWS:
Update for sudo 1.8.1 beta
[71021e854c49]
@@ -26356,12 +30135,21 @@
variable.
[dc0ac6dafc21]
+ * Save the controlling tty process group before suspending in pty
+ mode. Previously, we assumed that the child pgrp == child pid (which
+ is usually, but not always, the case).
+ [b0841d861191] <1.8>
+
* src/exec_pty.c:
Save the controlling tty process group before suspending in pty
mode. Previously, we assumed that the child pgrp == child pid (which
is usually, but not always, the case).
[10b2883b7875]
+ * Add support for sudoers_search_filter setting in ldap.conf. This can
+ be used to restrict the set of records returned by the LDAP query.
+ [70c5f496e2b3] <1.8>
+
* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
Add support for sudoers_search_filter setting in ldap.conf. This can
be used to restrict the set of records returned by the LDAP query.
@@ -26371,12 +30159,38 @@
* configure, configure.in:
Remove the hack to disable -g in CFLAGS unless --with-devel
+ [9459839f50ba] <1.8>
+
+ * configure, configure.in:
+ Remove the hack to disable -g in CFLAGS unless --with-devel
[89822cf84ef4]
+ * The '@' character does not normally need to be quoted.
+ [e66c4c64e514] <1.8>
+
* doc/sudoers.pod:
The '@' character does not normally need to be quoted.
[7823f5ed829a]
+ * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
+ if that whitespace is followed by a comma, we want to treat it as
+ part of a list and not transition.
+ [52ae2df9959d] <1.8>
+
+ * Add check for whitespace when a User_List is used for a per-user
+ Defaults entry.
+ [44a4db95be86] <1.8>
+
+ * Expand quoted name checks to cover recent fixes.
+ [bd494b5c2bed] <1.8>
+
+ * Fix parsing of double-quoted names in Defaults and Aliases which was
+ broken in 601d97ea8792.
+ [dfdd58c3eb3b] <1.8>
+
+ * toke_util.c lives in $(srcdir) not $(devdir)
+ [94f8f024782e] <1.8>
+
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
if that whitespace is followed by a comma, we want to treat it as
@@ -26406,6 +30220,18 @@
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
* configure, configure.in:
+ Update version to 1.8.1
+ [531a7d520f18] <1.8>
+
+ * Document major changes in 1.8.1 and add upgrade notes.
+ [116821646140] <1.8>
+
+ * Be careful not to deref user_stat if it is NULL. This cannot
+ currently happen in sudo but might in other programs using the
+ parser.
+ [d72a9c7151c4] <1.8>
+
+ * configure, configure.in:
Change trunk version to 1.8.x to distinguish from real 1.8.0.
[a9781e61d064]
@@ -26419,6 +30245,66 @@
parser.
[06a2334dd674]
+ * configure will not add -O2 to CFLAGS if it is already defined to add
+ -O2 to the CFLAGS we pass in when PIE is being used.
+ [2c7fe82be93d] <1.8>
+
+ * Warn about the dangers of log_input and mention iolog_file and
+ iolog_dir in the log_input and log_output descriptions.
+ [edc6aa59aa45] <1.8>
+
+ * sync with git version
+ [b121cf739c77] <1.8>
+
+ * It seems that h comes after i
+ [99ad15015f05] <1.8>
+
+ * Move log_input and log_output to their proper, sorted, location.
+ Document set_utmp and utmp_runas.
+ [216ce8b0ae1a] <1.8>
+
+ * Save the controlling tty process group before suspending so we can
+ restore it when we resume. Fixes job control problems on Linux
+ caused by the previous attemp to fix resuming a shell when I/O
+ logging not enabled.
+ [dfe038f733be] <1.8>
+
+ * Fix printing of the remainder after a newline. Fixes "sudo -l"
+ output corruption that could occur in some cases.
+ [ab2f0a629e0d] <1.8>
+
+ * Add support for ut_exit
+ [7039ec6a73fa] <1.8>
+
+ * Add support for controlling whether utmp is updated and which user
+ is listed in the entry.
+ [1b008ce71eab] <1.8>
+
+ * Fix typo; tupple vs. tuple
+ [67bb5c67ae3d] <1.8>
+
+ * For legacy utmp, strip the /dev/ prefix before trying to determine
+ slot since the ttys file does not include the /dev/ prefix.
+ [8f597114381d] <1.8>
+
+ * Add check for _PATH_UTMP
+ [fe7e2456f017] <1.8>
+
+ * Adapt check_iolog_path to sessid changes
+ [3016201869b6] <1.8>
+
+ * Redo utmp handling. If no getutent()/getutxent() is available,
+ assume a ttyslot-based utmp. If getttyent() is available, use that
+ directly instead of ttyslot() so we don't have to do the stdin dup2
+ dance.
+ [817490c7c20e] <1.8>
+
+ * Move utmp handling into utmp.c
+ [e4729d9259e9] <1.8>
+
+ * Update copyright years.
+ [1065afc00233] <1.8>
+
* mkpkg:
configure will not add -O2 to CFLAGS if it is already defined to add
-O2 to the CFLAGS we pass in when PIE is being used.
@@ -26532,28 +30418,46 @@
Update copyright years.
[16aa39f9060a]
+ * Add "user_shell" boolean as a way to indicate to the plugin that the
+ -s flag was given.
+ [6e8bc49b7ea7] <1.8>
+
* doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
plugins/sudoers/sudoers.h, src/parse_args.c:
Add "user_shell" boolean as a way to indicate to the plugin that the
-s flag was given.
[fb1ef0897b32]
+ * Move sessid out of sudo_user.
+ [00d67d5ba894] <1.8>
+
* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
plugins/sudoers/sudoers.h:
Move sessid out of sudo_user.
[ba298ddb57f4]
+ * Log the TSID even if it is not a simple session ID.
+ [490cf0adae29] <1.8>
+
* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
plugins/sudoers/sudoers.h:
Log the TSID even if it is not a simple session ID.
[d7cc1b9c513c]
+ * Document noexec in sample.sudo.conf and add back noexec_file section
+ in sudoers with a note that it is deprecated.
+ [c7a2d8d0c563] <1.8>
+
* doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
Document noexec in sample.sudo.conf and add back noexec_file section
in sudoers with a note that it is deprecated.
[4a6e961e494d]
+ * Fix running commands as non-root on systems where setreuid() changes
+ the saved uid based on the effective uid we are changing to.
+ [f3b27db56ba6] <1.8>
+
* plugins/sudoers/set_perms.c:
Fix running commands as non-root on systems where setreuid() changes
the saved uid based on the effective uid we are changing to.
@@ -26561,6 +30465,24 @@
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Move noexec path into sudo.conf now that sudo itself handles noexec.
+ Currently can be configured in sudoers too but is now undocumented
+ and will be removed in a future release.
+ [9c5f64709994] <1.8>
+
+ * Document "Path noexec ..." in sudo.conf. No longer document
+ noexec_file in sudoers, it will be removed in a future release.
+ [959fa6b5217b] <1.8>
+
+ * Move noexec handling to sudo front-end where it is documented as
+ being.
+ [ef6cd4a40c61] <1.8>
+
+ * Add support for disabling exec via solaris privileges. Includes
+ preparation for moving noexec support out of sudoers and into front
+ end as documented.
+ [d9c05ba9a24f] <1.8>
+
* plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
src/sudo.h:
Move noexec path into sudo.conf now that sudo itself handles noexec.
@@ -26587,6 +30509,9 @@
end as documented.
[dec843ed553e]
+ * Only export the symbols corresponding to the plugin structs.
+ [cb07af1d9b39] <1.8>
+
* plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
plugins/sample_group/Makefile.in,
plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
@@ -26594,6 +30519,30 @@
Only export the symbols corresponding to the plugin structs.
[8d8d03b0ca54]
+ * Install plugins manually instead of using libtool. This works around
+ a problem on AIX where libtool will install a .a file containing the
+ .so file instead of the .so file itself.
+ [1ccf5af58c05] <1.8>
+
+ * Makefile.in:
+ Move check into its own rule since some versions of make will run
+ both targets as the default rule.
+ [7159f37eb552] <1.8>
+
+ * Update to libtool 2.2.10
+ [9e49773b32b7] <1.8>
+
+ * In handle_signals(), restart the read() on EINTR to make sure we
+ keep up with the signal pipe. Don't return -1 on EAGAIN, it just
+ means we have emptied the pipe.
+ [dc2926097b2d] <1.8>
+
+ * Reorder functions to quiet a compiler warning.
+ [5201367e5db4] <1.8>
+
+ * Use the Sun Studio C compiler on Solaris if possible
+ [b8d43b423fb9] <1.8>
+
* configure, configure.in, plugins/sample/Makefile.in,
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
Install plugins manually instead of using libtool. This works around
@@ -26629,10 +30578,26 @@
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix default setting of osversion variable.
+ [e12905851be5] <1.8>
+
* mkpkg:
Fix default setting of osversion variable.
[52e49ca1cedd]
+ * Make two login_class entris consistent.
+ [0671d7b204be] <1.8>
+
+ * Add support for adding a utmp entry when allocating a new pty.
+ Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
+ Currently only creates a new entry if the existing tty has a utmp
+ entry.
+ [40ff30099e79] <1.8>
+
+ * Avoid pulling in headers we don't need on Linux For getutx?id(),
+ call setutx?ent() first and always call endutx?ent().
+ [b86f7a13aae9] <1.8>
+
* doc/sudo_plugin.pod:
Make two login_class entris consistent.
[18ff1fa94a91]
@@ -26650,11 +30615,22 @@
call setutx?ent() first and always call endutx?ent().
[5dad21e1ee1b]
+ * Add some more libs to SUDOERS_LIBS instead of relying on them to be
+ pulled in by SUDO_LIBS.
+ [bcbd16ec56c6] <1.8>
+
* configure, configure.in:
Add some more libs to SUDOERS_LIBS instead of relying on them to be
pulled in by SUDO_LIBS.
[18a7c21c09a7]
+ * Fix return value of "sudo -l command" when command is not allowed,
+ broken in [c7097ea22111]. The default return value is now TRUE and a
+ bad: label is used when permission is denied. Also fixed missing
+ permissions restoration on certain errors. On error()/errorx(), the
+ password and group files are now closed before returning.
+ [757c941a47b2] <1.8>
+
* plugins/sudoers/sudoers.c:
Fix return value of "sudo -l command" when command is not allowed,
broken in [c7097ea22111]. The default return value is now TRUE and a
@@ -26665,31 +30641,55 @@
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix passing of login class back to sudo front end.
+ [5e649de6b7f5] <1.8>
+
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
Fix passing of login class back to sudo front end.
[6f70a784ce48]
+ * Add --osversion flag to specify OS instead of running "pp
+ --probeonly"
+ [8a03943ac5e8] <1.8>
+
* mkpkg:
Add --osversion flag to specify OS instead of running "pp
--probeonly"
[a8efdccb7bc1]
+ * Fix expr usage w/ GNU expr
+ [bdecfa1f54fc] <1.8>
+
* sudo.pp:
Fix expr usage w/ GNU expr
[48895599ee63]
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix exit value for validate and list mode.
+ [6f8b20199935] <1.8>
+
* plugins/sudoers/sudoers.c:
Fix exit value for validate and list mode.
[c7097ea22111]
+ * Fix non-interactive mode with sudoers plugin.
+ [cf5aca4fcbcf] <1.8>
+
* plugins/sudoers/sudoers.c:
Fix non-interactive mode with sudoers plugin.
[172f29597bd2]
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+ * sudoreplay can now find IDs other than %{seq} and display the
+ session.
+ [60396b417633] <1.8>
+
+ * Add support for replaying sessions when iolog_file is set to
+ something other than %{seq}.
+ [1cd2baa74d56] <1.8>
+
* doc/sudoreplay.pod:
sudoreplay can now find IDs other than %{seq} and display the
session.
@@ -26702,11 +30702,25 @@
something other than %{seq}.
[ca3131243874]
+ * If we are killed by a signal, display the name of the signal that
+ got us.
+ [1b38c4d42282] <1.8>
+
* plugins/sudoers/visudo.c:
If we are killed by a signal, display the name of the signal that
got us.
[994bb76a990e]
+ * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
+ where they belong.
+ [78e97a921104] <1.8>
+
+ * Fix bug in skey/opie check that could cause a shell warning.
+ [f20229a04f30] <1.8>
+
+ * No longer need sudo_getepw() stubs.
+ [795631ac7db0] <1.8>
+
* configure, configure.in:
Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
where they belong.
@@ -26722,22 +30736,39 @@
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Fix exit value of "sudo -l command" in sudoers module.
+ [4a05d6019b3d] <1.8>
+
* plugins/sudoers/sudo_nss.c:
Fix exit value of "sudo -l command" in sudoers module.
[a6541867521b]
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Use fgets() not fgetln() for portability.
+ [1f2050745096] <1.8>
+
* compat/regress/glob/globtest.c:
Use fgets() not fgetln() for portability.
[df1bb67fb168]
+ * Don't use the beta or release candidate version as the rpm release.
+ [a5b049477646] <1.8>
+
* sudo.pp:
Don't use the beta or release candidate version as the rpm release.
[d661ef78021a]
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Makefile.in:
+ Adjust ChangeLog rule now that 1.8 is branched
+ [a994ac361e44] <1.8>
+
+ * .hgtags:
+ Added tag SUDO_1_8_0 for changeset f6530d56f6ae
+ [99a2b3801419] <1.8>
+
* configure, configure.in:
version 1.8.0
[f6530d56f6ae] [SUDO_1_8_0]
@@ -28656,14 +32687,6 @@
Add sample sudo.conf
[aafdba3fc411]
-2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/Makefile.in:
- Add PACKAGE_TARNAME for docdir
- [930c92b8f8f0]
-
-2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
-
* src/Makefile.in:
Pass install-sh -b~ here too.
[c3f5eb446c38]
@@ -28712,6 +32735,10 @@
.rpmsave suffix.
[58be2119f8e8]
+ * plugins/sudoers/Makefile.in:
+ Add PACKAGE_TARNAME for docdir
+ [930c92b8f8f0]
+
2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
* compat/mkstemps.c, plugins/sudoers/boottime.c:
@@ -28831,15 +32858,6 @@
SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
[786fb272e5fd]
-2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * mkpkg, pp, sudo.pp:
- Restore the dot removal in the os version reported by polypkg. Adapt
- mkpkg and sudo.pp to the change.
- [dcafdd53b88f]
-
-2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
-
* INSTALL:
document --with-pam-login
[ea93e4c6873c]
@@ -28850,6 +32868,11 @@
2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+ * mkpkg, pp, sudo.pp:
+ Restore the dot removal in the os version reported by polypkg. Adapt
+ mkpkg and sudo.pp to the change.
+ [dcafdd53b88f]
+
* sudo.pp:
Include flavor in solaris package name
[e605f6364c9f]
@@ -29643,30 +33666,12 @@
Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
[762448182fe3]
-2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
- Add selinux_enabled flag into struct command_details and set it in
- command_info_to_details(). Return an error from selinux_setup()
- instead of exiting. Call selinux_setup() from exec_setup().
- [011bea23a5a0]
-
-2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
-
* src/exec_pty.c:
Remove commented out copy of old sudo_execve() function.
[9c5e21380472]
2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/sudoers.c:
- Fix setting selinux type on command line.
- [814b20a0b3be]
-
- * plugins/sudoers/iolog.c:
- In sudoers_io_close(), skip NULL io_fds[] elements.
- [4011ff7d4daf]
-
* include/compat.h:
No longer need NGROUPS_MAX define
[cae4c49d7077]
@@ -29678,9 +33683,19 @@
known to be busted on some systems.
[4f97d79f2d41]
- * src/exec_pty.c:
- Remove duplicate call to selinux_setup().
- [82bd52764e21]
+ * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
+ Add selinux_enabled flag into struct command_details and set it in
+ command_info_to_details(). Return an error from selinux_setup()
+ instead of exiting. Call selinux_setup() from exec_setup().
+ [011bea23a5a0]
+
+ * plugins/sudoers/sudoers.c:
+ Fix setting selinux type on command line.
+ [814b20a0b3be]
+
+ * plugins/sudoers/iolog.c:
+ In sudoers_io_close(), skip NULL io_fds[] elements.
+ [4011ff7d4daf]
* plugins/sudoers/auth/pam.c:
If pam_open_session() fails, pass its status to pam_end.
@@ -29693,6 +33708,10 @@
#includedir files still result in a parse error (for now).
[ade99a4549a4]
+ * src/exec_pty.c:
+ Remove duplicate call to selinux_setup().
+ [82bd52764e21]
+
* WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
@@ -30918,6 +34937,13 @@
Merge fb4d571495fa from the 1.7 branch to trunk.
[c8fb424ad4d2]
+ * find_path.c:
+ Qualify the command even if it is in the current working directory,
+ e.g. "./foo" instead of just returning "foo". This removes an
+ ambiguity between real commands and possible pseudo-commands in
+ command matching.
+ [fb4d571495fa] <1.7>
+
2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
* src/script.c:
@@ -30954,6 +34980,14 @@
Add a note about the security implications of the fast_glob option.
[c37a92ab7c93]
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add a note about the security implications of the fast_glob option.
+ [84f8097553d9] <1.7>
+
+ * memrchr.c:
+ Remove duplicate includes
+ [3e8d90f4c30f] <1.7>
+
2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
* config.h.in, configure, configure.in:
@@ -30994,6 +35028,12 @@
We always install sudoreplay in 1.8
[ce52ba6617c9]
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Free str after using it in the version method. Use sudo_conv, not
+ io_conv since we don't have the IO conversation function pointer in
+ the I/O version method anymore now that io_open is delayed.
+ [f2ed132adeb0]
+
2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
* compat/siglist.in:
@@ -31007,16 +35047,6 @@
estrndup()
[57ec23b72958]
-2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
-
- * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
- Free str after using it in the version method. Use sudo_conv, not
- io_conv since we don't have the IO conversation function pointer in
- the I/O version method anymore now that io_open is delayed.
- [f2ed132adeb0]
-
-2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
-
* compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
compat/siglist.in:
Add license to mksiglist.c and note that the bits from pdksh are
@@ -31136,6 +35166,11 @@
getgrouplist(3) for those without it
[4ab4d21e3b16]
+ * configure, configure.in:
+ Fix installation of sudoers.ldap in "make install" when --with-ldap
+ was specified without a directory. From Prof. Dr. Andreas Mueller
+ [5177a284b9ff] <1.7>
+
* plugins/sudoers/sudoers.c:
Set preserve_groups or groups list in command_info
[1266119ad654]
@@ -31369,6 +35404,15 @@
Make this compile
[7041c441e1c8]
+ * Makefile:
+ Build sudoers plugin
+ [5cdf06e66978]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Use warningx in yyerror() so the conversation function gets used
+ when built as part of sudoers.
+ [85f964215eef]
+
* plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
Make _warning in error.c use the conversation function and remove
commented out warning/warningx in sudoers.c.
@@ -31382,15 +35426,6 @@
Quiet a libtool warning
[b2331fb006bc]
- * Makefile:
- Build sudoers plugin
- [5cdf06e66978]
-
- * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
- Use warningx in yyerror() so the conversation function gets used
- when built as part of sudoers.
- [85f964215eef]
-
2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sudoers/auth/pam.c:
@@ -31501,6 +35536,24 @@
error messages.
[c534cae1ac4a]
+ * match.c:
+ When doing a glob match, short circuit if gl.gl_pathc is 0. From
+ Mark Kettenis.
+ [549f8f7c2463] <1.7>
+
+2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Use parent process group id instead of parent process id when
+ checking foreground status and suspending parent. Fixes an issue
+ when running commands under /usr/bin/time and others.
+ [eac86126e335] <1.7>
+
+ * env.c:
+ In setenv(), if the var is empty, return 1 and set errno to EINVAL
+ instead of returning EINVAL directly.
+ [d202091ec15e] <1.7>
+
2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
* src/script.c:
@@ -31673,6 +35726,14 @@
flag in sudo itself.
[8c62daea3e9b]
+2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Check for pseudo-command by looking at the first character of the
+ command in sudoers instead of checking the user-supplied command for
+ a slash.
+ [88f3181692fe] <1.7>
+
2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
* plugins/sample/sample_plugin.c:
@@ -31915,8 +35976,47 @@
in the repo.
[251b70964673]
+2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.l:
+ Avoid a duplicate fclose() of the sudoers file.
+ [164d39108dde] <1.7>
+
+ * toke.l:
+ Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [8900bccef219] <1.7>
+
+2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c, config.h.in, configure, configure.in:
+ Use setrlimit64(), if available, instead of setrlimit() when setting
+ AIX resource limits since rlim_t is 32bits.
+ [2cbb14d98fc1] <1.7>
+
+ * logging.c:
+ Fix use after free when sending error messages. From Timo Juhani
+ Lindfors
+ [caf183fd9d94] <1.7>
+
+2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, Makefile.in:
+ Generate the ChangeLog as part of "make dist" instead of having it
+ in the repo.
+ [836c31615859] <1.7>
+
+2010-01-18 convert-repo <convert-repo>
+
+ * .hgtags:
+ update tags
+ [9b7aa44ae436]
+
2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Makefile.in:
+ Generate correct ChangeLog for 1.7 branch.
+ [586dd90b8878] <1.7>
+
* Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
@@ -31942,12 +36042,6 @@
Remove CVS $Sudo$ tags.
[de683a8b31f5]
-2010-01-18 convert-repo <convert-repo>
-
- * .hgtags:
- update tags
- [9b7aa44ae436]
-
2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
* sudo_usage.h.in:
@@ -34647,30 +38741,30 @@
regen
[301e5c5ccdbe]
- * sudoers.pod:
+ * Makefile.in, configure, configure.in:
Substitute in comment characters for lines partaining to login.conf,
BSD auth and SELinux and only enable them if pertinent.
- [c1c98fa163ce]
+ [9a02bd6a6658]
- * sudoers.man.pl:
+ * sudo.man.pl:
Substitute in comment characters for lines partaining to login.conf,
BSD auth and SELinux and only enable them if pertinent.
- [6c88f30b878a]
+ [0c56d4750ac3]
* sudo.pod:
Substitute in comment characters for lines partaining to login.conf,
BSD auth and SELinux and only enable them if pertinent.
[acdbdfd24e1d]
- * sudo.man.pl:
+ * sudoers.man.pl:
Substitute in comment characters for lines partaining to login.conf,
BSD auth and SELinux and only enable them if pertinent.
- [0c56d4750ac3]
+ [6c88f30b878a]
- * Makefile.in, configure, configure.in:
+ * sudoers.pod:
Substitute in comment characters for lines partaining to login.conf,
BSD auth and SELinux and only enable them if pertinent.
- [9a02bd6a6658]
+ [c1c98fa163ce]
* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
Remove the =cut on the first line (above the copyright notice) to
@@ -34745,21 +38839,21 @@
via the new sesh binary. Based on initial changes from Dan Walsh.
[1d4abfe2c004]
- * sesh.c:
+ * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+ def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+ pathnames.h.in, selinux.c:
Add support for SELinux RBAC. Sudoers entries may specify a role and
type. There are also role and type defaults that may be used. To
make sure a transition occurs, when using RBAC commands are executed
via the new sesh binary. Based on initial changes from Dan Walsh.
- [1e3b395ce049]
+ [6b421948286e]
- * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
- def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
- pathnames.h.in, selinux.c:
+ * sesh.c:
Add support for SELinux RBAC. Sudoers entries may specify a role and
type. There are also role and type defaults that may be used. To
make sure a transition occurs, when using RBAC commands are executed
via the new sesh binary. Based on initial changes from Dan Walsh.
- [6b421948286e]
+ [1e3b395ce049]
2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -36539,14 +40633,14 @@
2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
- * schema.OpenLDAP, schema.iPlanet:
- Break schema out into separate files.
- [15e598e4c60b]
-
* Makefile.in, README.LDAP:
Break schema out into separate files.
[1a53966ca1fa]
+ * schema.OpenLDAP, schema.iPlanet:
+ Break schema out into separate files.
+ [15e598e4c60b]
+
2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
* auth/aix_auth.c:
@@ -36672,15 +40766,15 @@
Ryabinkin. Include memrchr() for systems without it.
[66a50e8d553a]
- * memrchr.c:
+ * Makefile.in, config.h.in, configure, configure.in:
Redo the long syslog line splitting based on a patch from Eygene
Ryabinkin. Include memrchr() for systems without it.
- [2f6702b7d41b]
+ [407a46190921]
- * Makefile.in, config.h.in, configure, configure.in:
+ * memrchr.c:
Redo the long syslog line splitting based on a patch from Eygene
Ryabinkin. Include memrchr() for systems without it.
- [407a46190921]
+ [2f6702b7d41b]
* configure.in:
Since we need to be able to convert timespec to timeval for utimes()
@@ -36966,14 +41060,14 @@
Add mkstemp() for those poor souls without it.
[5fdd02e863e0]
- * mkstemp.c:
- Add mkstemp() for those poor souls without it.
- [c99401207860]
-
* Makefile.in:
Add mkstemp() for those poor souls without it.
[9c1cf2678f24]
+ * mkstemp.c:
+ Add mkstemp() for those poor souls without it.
+ [c99401207860]
+
2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
* env.c:
@@ -37145,30 +41239,30 @@
don't call sudo_ldap_display_cmnd if ldap not setup
[8bcf6c094ffe]
- * sudo_edit.c, visudo.c:
+ * check.c, compat.h:
Move declatation of struct timespec to its own include files for
systems without it since it needs time_t defined.
- [b95c333299a0]
+ [2ef2ace8fe85]
- * gettime.c:
+ * emul/timespec.h:
Move declatation of struct timespec to its own include files for
systems without it since it needs time_t defined.
- [021b4569cc0c]
+ [f95137771564]
* fileops.c:
Move declatation of struct timespec to its own include files for
systems without it since it needs time_t defined.
[dd8573b2ee7d]
- * emul/timespec.h:
+ * gettime.c:
Move declatation of struct timespec to its own include files for
systems without it since it needs time_t defined.
- [f95137771564]
+ [021b4569cc0c]
- * check.c, compat.h:
+ * sudo_edit.c, visudo.c:
Move declatation of struct timespec to its own include files for
systems without it since it needs time_t defined.
- [2ef2ace8fe85]
+ [b95c333299a0]
* ldap.c:
Don't set safe_cmnd for the "sudo ALL" case.
@@ -37510,14 +41604,14 @@
Update copyright years.
[0610c3654739]
- * Makefile.binary.in:
- Update copyright years.
- [d78ffc9f2e2b]
-
* LICENSE:
Update copyright years.
[f60473bca4b1]
+ * Makefile.binary.in:
+ Update copyright years.
+ [d78ffc9f2e2b]
+
* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
version 1.7
[aa977a544ca1]
@@ -38483,15 +42577,15 @@
reference glob
[bedc9a923423]
- * glob.c:
+ * emul/glob.h:
4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
removed.
- [81799451473c]
+ [0335cf31fb1e]
- * emul/glob.h:
+ * glob.c:
4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
removed.
- [0335cf31fb1e]
+ [81799451473c]
2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -39265,15 +43359,15 @@
2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudoers.pod:
+ * sudo.pod:
=back does not take an indentlevel (makes no difference to formatted
files).
- [9c8523bb382a]
+ [e5f479e24fa8]
- * sudo.pod:
+ * sudoers.pod:
=back does not take an indentlevel (makes no difference to formatted
files).
- [e5f479e24fa8]
+ [9c8523bb382a]
* CHANGES:
new
@@ -39288,14 +43382,14 @@
Add checksum idea from Steve Mancini
[e6ece1b766ba]
- * sudoers.cat, sudoers.man.in:
- regen
- [370d2317829f]
-
* sudo.cat, sudo.man.in:
regen
[f93d41fc38b1]
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [370d2317829f]
+
* sudo.pod, sudoers.pod:
Document the restriction on uids specified via -u when targetpw is
set.
@@ -39343,19 +43437,19 @@
regen
[a57658ca9177]
- * parse.c, parse.h, testsudoers.c, visudo.c:
+ * parse.yacc:
Don't pass user_cmnd and user_args to command_matches(), just use
the globals there. Since we keep state with statics anyway it is
misleading to pretend that passing in different cmnd and cmnd_args
will work.
- [0a2544991fd6]
+ [a4910bf6032b]
- * parse.yacc:
+ * parse.c, parse.h, testsudoers.c, visudo.c:
Don't pass user_cmnd and user_args to command_matches(), just use
the globals there. Since we keep state with statics anyway it is
misleading to pretend that passing in different cmnd and cmnd_args
will work.
- [a4910bf6032b]
+ [0a2544991fd6]
* parse.c:
Fix a bug introduced in rev. 1.149. When checking for pseudo-
@@ -39478,15 +43572,15 @@
regen
[9338c3d68250]
- * visudo.pod:
+ * CHANGES, parse.yacc, visudo.c:
Add a check in visudo for runas_default being set after it has
already been used.
- [6700358d7ad8]
+ [803560986a8a]
- * CHANGES, parse.yacc, visudo.c:
+ * visudo.pod:
Add a check in visudo for runas_default being set after it has
already been used.
- [803560986a8a]
+ [6700358d7ad8]
* sudo.tab.c:
regen
@@ -39508,37 +43602,37 @@
regen
[5acd12b730b3]
- * sudoers.pod:
- Correct description of where Defaults specs should go.
- [6b11ff53d7ad]
-
* sudoers:
Correct description of where Defaults specs should go.
[868db857630d]
- * testsudoers.c, visudo.c:
- update (c) year
- [272c8a53604c]
+ * sudoers.pod:
+ Correct description of where Defaults specs should go.
+ [6b11ff53d7ad]
- * logging.h:
+ * auth/bsdauth.c, auth/kerb5.c:
update (c) year
- [3cec76d400ce]
+ [d72eb434c068]
- * ldap.c:
+ * auth/pam.c:
update (c) year
- [f264632488a0]
+ [87149e0eed50]
* find_path.c:
update (c) year
[40c227af9227]
- * auth/pam.c:
+ * ldap.c:
update (c) year
- [87149e0eed50]
+ [f264632488a0]
- * auth/bsdauth.c, auth/kerb5.c:
+ * logging.h:
update (c) year
- [d72eb434c068]
+ [3cec76d400ce]
+
+ * testsudoers.c, visudo.c:
+ update (c) year
+ [272c8a53604c]
2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -39550,25 +43644,25 @@
Remove trailing spaces, no actual code changes.
[4c3bf2819293]
- * tgetpass.c:
- Remove trailing spaces, no actual code changes.
- [96f6e0a24c26]
-
* ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
Remove trailing spaces, no actual code changes.
[c7075d1cbed5]
- * getcwd.c:
+ * tgetpass.c:
Remove trailing spaces, no actual code changes.
- [776cc0374547]
+ [96f6e0a24c26]
+
+ * compat.h, defaults.c, env.c:
+ Remove trailing spaces, no actual code changes.
+ [893e83c33795]
* find_path.c:
Remove trailing spaces, no actual code changes.
[7ed7099f3c71]
- * compat.h, defaults.c, env.c:
+ * getcwd.c:
Remove trailing spaces, no actual code changes.
- [893e83c33795]
+ [776cc0374547]
* check.c:
Remove trailing spaces, no actual code changes.
@@ -39602,21 +43696,21 @@
regen
[4753c2788713]
- * sudo.h:
+ * parse.yacc:
Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
these in parse.yacc. Also in parse.yacc initialize the *_matches
vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
when setting *_matches to a value that may be
NOMATCH/UNSPEC/TRUE/FALSE.
- [2ba622e15a4d]
+ [746b519e41a6]
- * parse.yacc:
+ * sudo.h:
Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
these in parse.yacc. Also in parse.yacc initialize the *_matches
vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
when setting *_matches to a value that may be
NOMATCH/UNSPEC/TRUE/FALSE.
- [746b519e41a6]
+ [2ba622e15a4d]
* parse.yacc:
Initialize runas to -2, not -1 since we need to be able to
@@ -39630,14 +43724,14 @@
2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
- * sudo.c, visudo.c:
- Error out if argc < 1.
- [ce6b2a9eda3c]
-
* getprogname.c:
Error out if argc < 1.
[c566cce8dc78]
+ * sudo.c, visudo.c:
+ Error out if argc < 1.
+ [ce6b2a9eda3c]
+
* configure, configure.in:
Add tests for what libs we need to link with for ldap and for
whether or not lber.h needs to be explicitly included.
@@ -39660,12 +43754,12 @@
Add prototype for sudo_ldap_list_matches
[443b007a8dab]
- * configure, configure.in:
+ * compat.h:
Better check for dirfd macro--we now set HAVE_DIRFD for the macro
version too. Added check for dd_fd in `DIR' if no dirfd is found;
this is now used to confitionally define the dirfd macro in
compat.h.
- [567656978f7e]
+ [8d50ff1bbf2a]
* config.h.in:
Better check for dirfd macro--we now set HAVE_DIRFD for the macro
@@ -39674,12 +43768,12 @@
compat.h.
[34eace4faec8]
- * compat.h:
+ * configure, configure.in:
Better check for dirfd macro--we now set HAVE_DIRFD for the macro
version too. Added check for dd_fd in `DIR' if no dirfd is found;
this is now used to confitionally define the dirfd macro in
compat.h.
- [8d50ff1bbf2a]
+ [567656978f7e]
* closefrom.c:
Only check /proc/$$/fd if we have the dirfd function/macro.
@@ -39807,14 +43901,14 @@
regen
[af4f4b20e422]
- * CHANGES:
- sync
- [29ca3b699c24]
-
* BUGS:
sync
[3593f17f72ed]
+ * CHANGES:
+ sync
+ [29ca3b699c24]
+
* parse.c:
In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
explicitly denied and the command matched. This fixes a long-
@@ -39845,27 +43939,27 @@
sync
[4799b7d8b62c]
- * sudoers.pod:
+ * sample.sudoers:
Remove fastboot/fasthalt (who still remembers these?) and add a
minimal sudoedit example.
- [19d299f233cd]
+ [b1bca73d6250]
- * sample.sudoers:
+ * sudoers.pod:
Remove fastboot/fasthalt (who still remembers these?) and add a
minimal sudoedit example.
- [b1bca73d6250]
+ [19d299f233cd]
- * UPGRADE, sudo.c, visudo.c:
+ * CHANGES, INSTALL:
filesystem -> file system
- [1e1afaf30469]
+ [85948b608ffe]
* TROUBLESHOOTING:
filesystem -> file system
[39fb594e9338]
- * CHANGES, INSTALL:
+ * UPGRADE, sudo.c, visudo.c:
filesystem -> file system
- [85948b608ffe]
+ [1e1afaf30469]
* sudo.pod, sudoers.pod:
Fix some minor typos and formatting goofs
@@ -39899,11 +43993,11 @@
use /var/adm/sudo or /usr/adm/sudo.
[48d94c9f9ad4]
- * configure:
+ * CHANGES:
No longer use /tmp/.odus as a possible timestamp dir unless
specifically configured to do so. Instead, if no /var/run exists,
use /var/adm/sudo or /usr/adm/sudo.
- [058d7b8cf07b]
+ [6058c4cefcec]
* aclocal.m4:
No longer use /tmp/.odus as a possible timestamp dir unless
@@ -39911,26 +44005,26 @@
use /var/adm/sudo or /usr/adm/sudo.
[cf52c4c2803f]
- * CHANGES:
+ * configure:
No longer use /tmp/.odus as a possible timestamp dir unless
specifically configured to do so. Instead, if no /var/run exists,
use /var/adm/sudo or /usr/adm/sudo.
- [6058c4cefcec]
+ [058d7b8cf07b]
- * set_perms.c, sudo.c, tgetpass.c, visudo.c:
+ * check.c, compat.h:
Preliminary changes to support nsr-tandem-nsk. Based on patches from
Tom Bates.
- [2e5f81834383]
+ [390b698b5924]
* logging.c:
Preliminary changes to support nsr-tandem-nsk. Based on patches from
Tom Bates.
[934bbe6872b6]
- * check.c, compat.h:
+ * set_perms.c, sudo.c, tgetpass.c, visudo.c:
Preliminary changes to support nsr-tandem-nsk. Based on patches from
Tom Bates.
- [390b698b5924]
+ [2e5f81834383]
2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -40042,100 +44136,100 @@
More to a less restrictive, ISC-style license.
[a31b20e48003]
- * auth/kerb5.c, auth/pam.c:
- More to a less restrictive, ISC-style license.
- [e41f92b41216]
-
- * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+ * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
More to a less restrictive, ISC-style license.
- [87534c164a52]
+ [6d234be91c5e]
* auth/bsdauth.c:
More to a less restrictive, ISC-style license.
[e21be6594b58]
- * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+ * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
More to a less restrictive, ISC-style license.
- [6d234be91c5e]
+ [87534c164a52]
+
+ * auth/kerb5.c, auth/pam.c:
+ More to a less restrictive, ISC-style license.
+ [e41f92b41216]
* sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
visudo.man.in, visudo.pod:
More to a less restrictive, ISC-style license.
[b02aea324fd6]
- * sudo_noexec.c:
+ * Makefile.binary:
More to a less restrictive, ISC-style license.
- [a6da7631e0b2]
+ [1ed561734535]
- * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
- sudo_edit.c:
+ * parse.lex, parse.yacc:
More to a less restrictive, ISC-style license.
- [71cdcc241e94]
+ [2f5942e847a1]
- * sigaction.c, strerror.c:
+ * utime.c, version.h:
More to a less restrictive, ISC-style license.
- [4bccdedca58a]
+ [e2e038ad8209]
- * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
- set_perms.c:
+ * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+ defaults.c:
More to a less restrictive, ISC-style license.
- [64d772d70ab3]
+ [d8d7bfc8a18b]
- * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
- ins_goons.h, insults.h, interfaces.c, interfaces.h:
+ * defaults.h:
More to a less restrictive, ISC-style license.
- [520381c60a54]
+ [008f5d5743f5]
- * find_path.c, getprogname.c:
+ * env.c:
More to a less restrictive, ISC-style license.
- [f605d5eab6f1]
+ [d5bd859757de]
* fileops.c:
More to a less restrictive, ISC-style license.
[4129a8b38a67]
- * env.c:
+ * find_path.c, getprogname.c:
More to a less restrictive, ISC-style license.
- [d5bd859757de]
+ [f605d5eab6f1]
- * defaults.h:
+ * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, interfaces.h:
More to a less restrictive, ISC-style license.
- [008f5d5743f5]
+ [520381c60a54]
- * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
- defaults.c:
+ * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+ set_perms.c:
More to a less restrictive, ISC-style license.
- [d8d7bfc8a18b]
+ [64d772d70ab3]
- * utime.c, version.h:
+ * sigaction.c, strerror.c:
More to a less restrictive, ISC-style license.
- [e2e038ad8209]
+ [4bccdedca58a]
- * parse.lex, parse.yacc:
+ * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c:
More to a less restrictive, ISC-style license.
- [2f5942e847a1]
+ [71cdcc241e94]
- * Makefile.binary:
+ * sudo_noexec.c:
More to a less restrictive, ISC-style license.
- [1ed561734535]
+ [a6da7631e0b2]
2004-02-13 Aaron Spangler <aaron777@gmail.com>
- * sudoers2ldif:
- Merged in LDAP Support
- [3994c4d05947]
-
- * ldap.c, sudo.c, sudo.h:
+ * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
Merged in LDAP Support
- [547eaa346fcc]
+ [1038092a161e]
* def_data.c, def_data.h, def_data.in:
Merged in LDAP Support
[8fb255280e42]
- * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+ * ldap.c, sudo.c, sudo.h:
Merged in LDAP Support
- [1038092a161e]
+ [547eaa346fcc]
+
+ * sudoers2ldif:
+ Merged in LDAP Support
+ [3994c4d05947]
2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -40222,14 +44316,14 @@
Use the SET, CLR and ISSET macros.
[a8b0d7f1e8fd]
- * fnmatch.c:
- Use the SET, CLR and ISSET macros.
- [1afbcba22ba6]
-
* defaults.c, env.c:
Use the SET, CLR and ISSET macros.
[2f39431e0a49]
+ * fnmatch.c:
+ Use the SET, CLR and ISSET macros.
+ [1afbcba22ba6]
+
* interfaces.h:
MAIN was replaced with _SUDO_MAIN some time ago.
[ea1b38f2ac9d]
@@ -40440,14 +44534,14 @@
Add callback support
[a61c4ca983fb]
- * mkdefaults:
- Add a callback field and use it for runas_default
- [96b69c27df5e]
-
* def_data.c, def_data.in:
Add a callback field and use it for runas_default
[d3e9f06872b8]
+ * mkdefaults:
+ Add a callback field and use it for runas_default
+ [96b69c27df5e]
+
2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
* auth/fwtk.c:
@@ -40584,15 +44678,15 @@
functionality
[1297acae283a]
- * sudo.tab.h:
+ * sudo.tab.c:
Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
generated code.
- [dcab78c49273]
+ [0a61c735eabe]
- * sudo.tab.c:
+ * sudo.tab.h:
Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
generated code.
- [0a61c735eabe]
+ [dcab78c49273]
2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -40669,15 +44763,15 @@
way that will heopfully not be optimized away by sneaky compilers.
[161b6d74bfb4]
- * zero_bytes.c:
+ * Makefile.in, sudo.h:
Add a zero_bytes() function to do the equivalent of bzero in such a
way that will heopfully not be optimized away by sneaky compilers.
- [d035abf0af94]
+ [ff136de3e255]
- * Makefile.in, sudo.h:
+ * zero_bytes.c:
Add a zero_bytes() function to do the equivalent of bzero in such a
way that will heopfully not be optimized away by sneaky compilers.
- [ff136de3e255]
+ [d035abf0af94]
* err.c:
Use #ifdef __STDC__, not #if __STDC__.
@@ -40800,14 +44894,14 @@
2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
- * fnmatch.c:
- Remove advertising clause, UCB has disavowed it
- [43a26bbd6628]
-
* fnmatch.3:
Remove advertising clause, UCB has disavowed it
[3ff24291bcfa]
+ * fnmatch.c:
+ Remove advertising clause, UCB has disavowed it
+ [43a26bbd6628]
+
2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
* parse.c:
@@ -40850,63 +44944,63 @@
2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
- * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+ version.h:
add DARPA credit on affected files
- [7020785ee50d]
+ [868d54cbddea]
- * sudoers.pod:
+ * auth/kerb5.c, auth/pam.c:
add DARPA credit on affected files
- [83b46318750b]
+ [15da3021b49c]
- * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
- sudoers.man.in:
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+ find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+ interfaces.h:
add DARPA credit on affected files
- [d8adf1c2ba22]
+ [da66e28fb3f5]
- * set_perms.c:
+ * logging.c, parse.c:
add DARPA credit on affected files
- [3d79fdabb582]
+ [8f75f822755b]
* pathnames.h.in:
add DARPA credit on affected files
[e334cdda422f]
- * logging.c, parse.c:
- add DARPA credit on affected files
- [8f75f822755b]
-
- * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
- auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
- find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
- interfaces.h:
+ * set_perms.c:
add DARPA credit on affected files
- [da66e28fb3f5]
+ [3d79fdabb582]
- * auth/kerb5.c, auth/pam.c:
+ * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudoers.man.in:
add DARPA credit on affected files
- [15da3021b49c]
+ [d8adf1c2ba22]
- * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
- auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
- version.h:
+ * sudoers.pod:
add DARPA credit on affected files
- [868d54cbddea]
+ [83b46318750b]
- * env.c:
+ * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
add DARPA credit on affected files
- [90239f51ef0a]
+ [7020785ee50d]
- * defaults.c, defaults.h:
+ * Makefile.in, alloc.c, check.c:
add DARPA credit on affected files
- [6a64205fd1eb]
+ [cd939e05c810]
* compat.h:
add DARPA credit on affected files
[316a735783c4]
- * Makefile.in, alloc.c, check.c:
+ * defaults.c, defaults.h:
add DARPA credit on affected files
- [cd939e05c810]
+ [6a64205fd1eb]
+
+ * env.c:
+ add DARPA credit on affected files
+ [90239f51ef0a]
* LICENSE:
slightly different wording for the darpa credit
@@ -40935,14 +45029,14 @@
2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
- * sample.sudoers:
- builtin -> built-in; Jason McIntyre
- [027f2187923e]
-
* TROUBLESHOOTING, config.h.in, configure, configure.in:
builtin -> built-in; Jason McIntyre
[70b81ac48943]
+ * sample.sudoers:
+ builtin -> built-in; Jason McIntyre
+ [027f2187923e]
+
* sudoers.pod:
built in -> built-in; Jason McIntyre
[da658ef5138d]
@@ -41000,33 +45094,33 @@
regen
[1876cb840fe0]
- * configure.in:
+ * BUGS:
++version
- [480aff7c048e]
+ [ea3573432412]
- * README:
+ * CHANGES, version.h:
++version
- [488e0bbff613]
+ [f66985a64063]
- * Makefile.in:
+ * INSTALL:
++version
- [97ef63cedc38]
+ [555aeba5c2bf]
* INSTALL.binary:
++version
[a506204e77d0]
- * INSTALL:
+ * Makefile.in:
++version
- [555aeba5c2bf]
+ [97ef63cedc38]
- * CHANGES, version.h:
+ * README:
++version
- [f66985a64063]
+ [488e0bbff613]
- * BUGS:
+ * configure.in:
++version
- [ea3573432412]
+ [480aff7c048e]
* configure.in:
use krb5-config to determine Kerberos V details if it exists
@@ -41083,14 +45177,14 @@
2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
- * RUNSON, TODO:
- checkpoint for the sudo 1.6.7 release
- [096bab4da29a] [SUDO_1_6_7]
-
* CHANGES:
checkpoint for the sudo 1.6.7 release
[87322187ed78]
+ * RUNSON, TODO:
+ checkpoint for the sudo 1.6.7 release
+ [096bab4da29a] [SUDO_1_6_7]
+
2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
* logging.c:
@@ -41120,13 +45214,13 @@
regen
[638459118a2a]
- * configure.in:
+ * INSTALL:
Add --with-blibpath for AIX. An alternate libpath may be specified
or
-blibpath support can be disabled. Also change conifgure such that
-blibpath is not specified if no -L libpaths were added to
SUDO_LDFLAGS.
- [c7d17b480cad]
+ [4b4bbe5bbe1b]
* aclocal.m4:
Add --with-blibpath for AIX. An alternate libpath may be specified
@@ -41136,13 +45230,13 @@
SUDO_LDFLAGS.
[37022e991575]
- * INSTALL:
+ * configure.in:
Add --with-blibpath for AIX. An alternate libpath may be specified
or
-blibpath support can be disabled. Also change conifgure such that
-blibpath is not specified if no -L libpaths were added to
SUDO_LDFLAGS.
- [4b4bbe5bbe1b]
+ [c7d17b480cad]
* configure.in:
add AIX blibpath support
@@ -41491,24 +45585,24 @@
Add some more square backets to make autoconf 2.57 happy
[b5639c14faf7]
- * config.sub, mkinstalldirs:
- Updates from autoconf-2.57
- [36be35eb331b]
-
* config.guess:
Updates from autoconf-2.57
[ea0f8ca622af]
-2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+ * config.sub, mkinstalldirs:
+ Updates from autoconf-2.57
+ [36be35eb331b]
- * sudo.tab.h:
- regen
- [13a65a421567]
+2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
* lex.yy.c, sudo.tab.c:
regen
[0b529db7cb6d]
+ * sudo.tab.h:
+ regen
+ [13a65a421567]
+
* parse.lex, parse.yacc, sudoers.pod:
Add support for Defaults>RunasUser
[20d726373175]
@@ -41875,14 +45969,14 @@
perror().
[d826b25e62ff]
- * TROUBLESHOOTING:
- Update for new error messages from set_perms()
- [78007c3f76a9]
-
* PORTING:
Update for new error messages from set_perms()
[60c545a6bcff]
+ * TROUBLESHOOTING:
+ Update for new error messages from set_perms()
+ [78007c3f76a9]
+
2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
* auth/pam.c:
@@ -41914,14 +46008,14 @@
PAM_PERM_DENIED.
[73db145fa179]
- * Makefile.in:
- Don't need a '/' between $(DESTDIR) and a directory.
- [0901ca618176]
-
* Makefile.binary:
Don't need a '/' between $(DESTDIR) and a directory.
[cd7eb6098b87]
+ * Makefile.in:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [0901ca618176]
+
2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
* configure:
@@ -42569,21 +46663,21 @@
copyright year
[764ba3d4fa13]
- * getspwuid.c, goodpath.c, interfaces.c:
+ * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+ fnmatch.c:
o Reorder some headers and use STDC_HEADERS define properly o Update
copyright year
- [fb46d46140d4]
+ [dab8f192a3ed]
* getcwd.c:
o Reorder some headers and use STDC_HEADERS define properly o Update
copyright year
[b199d70ac7ab]
- * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
- fnmatch.c:
+ * getspwuid.c, goodpath.c, interfaces.c:
o Reorder some headers and use STDC_HEADERS define properly o Update
copyright year
- [dab8f192a3ed]
+ [fb46d46140d4]
* configure:
regen
@@ -43709,21 +47803,21 @@
based on whether or not the pattern contains a '.'.
[fbd2887d9811]
- * parse.h:
+ * lex.yy.c, parse.c, parse.lex, parse.yacc:
Fully qualified hosts w/ wildcards were not matching the FQHOST
token type. There's really no need for a separate token for fully-
qualified vs. unqualified anymore so FQHOST is now history and
hostname_matches now decides which hostname (short or long) to check
based on whether or not the pattern contains a '.'.
- [dd7bbe223461]
+ [630d9d205397]
- * lex.yy.c, parse.c, parse.lex, parse.yacc:
+ * parse.h:
Fully qualified hosts w/ wildcards were not matching the FQHOST
token type. There's really no need for a separate token for fully-
qualified vs. unqualified anymore so FQHOST is now history and
hostname_matches now decides which hostname (short or long) to check
based on whether or not the pattern contains a '.'.
- [630d9d205397]
+ [dd7bbe223461]
* parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
@@ -44149,15 +48243,15 @@
Otherwise there would be division by zero.
[b20c14db6029]
- * insults.h:
+ * CHANGES, RUNSON:
Don't allow insults to be enabled if the insults[] array is empty.
Otherwise there would be division by zero.
- [028f130204b0]
+ [974f4780254b]
- * CHANGES, RUNSON:
+ * insults.h:
Don't allow insults to be enabled if the insults[] array is empty.
Otherwise there would be division by zero.
- [974f4780254b]
+ [028f130204b0]
* insults.h:
Don't care about USE_INSULTS #define since the insult stuff may be
@@ -45318,15 +49412,15 @@
add 4th term to license similar to term 5 in the apache license
[afae9f2bf9ec]
- * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
- add 4th term to license similar to term 5 in the apache license
- [c389d3fdafac]
-
* Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
getspwuid.c, goodpath.c:
add 4th term to license similar to term 5 in the apache license
[969e63dbd38e]
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ add 4th term to license similar to term 5 in the apache license
+ [c389d3fdafac]
+
* LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
insults.h, logging.c, sudo.c, sudo.h:
there was a 1995 release too
@@ -54759,14 +58853,14 @@
1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
- * INSTALL:
- rewrote most of this
- [a6750923f9c9]
-
* README:
minor update + spell fix
[a411717a7249]
+ * INSTALL:
+ rewrote most of this
+ [a6750923f9c9]
+
* sudo.h:
added all options that are in the Makefile
[6db3b3b841b3]
diff --git a/MANIFEST b/MANIFEST
index e9b8ff2..e03fef6 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -124,7 +124,6 @@ lib/util/pipe2.c
lib/util/progname.c
lib/util/pw_dup.c
lib/util/reallocarray.c
-lib/util/regress/atofoo/atofoo_test.c
lib/util/regress/fnmatch/fnm_test.c
lib/util/regress/fnmatch/fnm_test.in
lib/util/regress/getdelim/getdelim_test.c
@@ -137,6 +136,10 @@ lib/util/regress/parse_gids/parse_gids_test.c
lib/util/regress/progname/progname_test.c
lib/util/regress/strsig/strsig_test.c
lib/util/regress/strsplit/strsplit_test.c
+lib/util/regress/strtofoo/strtobool_test.c
+lib/util/regress/strtofoo/strtoid_test.c
+lib/util/regress/strtofoo/strtomode_test.c
+lib/util/regress/strtofoo/strtonum_test.c
lib/util/regress/sudo_conf/conf_test.c
lib/util/regress/sudo_conf/test1.in
lib/util/regress/sudo_conf/test1.out.ok
@@ -777,6 +780,7 @@ src/exec_nopty.c
src/exec_pty.c
src/get_pty.c
src/hooks.c
+src/limits.c
src/load_plugins.c
src/net_ifs.c
src/openbsd.c
diff --git a/Makefile.in b/Makefile.in
index b6babf7..787888b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -202,7 +202,7 @@ depend: siglist.c signame.c
ChangeLog:
if test -d $(srcdir)/.hg && cd $(srcdir); then \
- if hg log --style=changelog -b default > $@.tmp; then \
+ if hg log --style=changelog -r "sort(branch(.) or follow(), -date)" > $@.tmp; then \
mv -f $@.tmp $@; \
else \
rm -f $@.tmp; \
diff --git a/NEWS b/NEWS
index 9694e9b..2182d12 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,30 @@
+What's new in Sudo 1.8.29
+
+ * The cvtsudoers command will now reject non-LDIF input when converting
+ from LDIF format to sudoers or JSON formats.
+
+ * The new log_allowed and log_denied sudoers settings make it possible
+ to disable logging and auditing of allowed and/or denied commands.
+
+ * The umask is now handled differently on systems with PAM or login.conf.
+ If the umask is explicitly set in sudoers, that value is used regardless
+ of what PAM or login.conf may specify. However, if the umask is not
+ explicitly set in sudoers, PAM or login.conf may now override the default
+ sudoers umask. Bug #900.
+
+ * For "make install", the sudoers file is no longer checked for syntax
+ errors when DESTDIR is set. The default sudoers file includes the
+ contents of /etc/sudoers.d which may not be readable as non-root.
+ Bug #902.
+
+ * Sudo now sets most resource limits to their maximum value to avoid
+ problems caused by insufficient resources, such as an inability to
+ allocate memory or open files and pipes.
+
+ * Fixed a regression introduced in sudo 1.8.28 where sudo would refuse
+ to run if the parent process was not associated with a session.
+ This was due to sudo passing a session ID of -1 to the plugin.
+
What's new in Sudo 1.8.28p1
* The fix for Bug #869 caused "sudo -v" to prompt for a password
diff --git a/config.h.in b/config.h.in
index 2ffb3c2..9e8e143 100644
--- a/config.h.in
+++ b/config.h.in
@@ -742,9 +742,6 @@
/* Define to 1 if you have the `strsignal' function. */
#undef HAVE_STRSIGNAL
-/* Define to 1 if you have the `strtonum' function. */
-#undef HAVE_STRTONUM
-
/* Define to 1 if `d_namlen' is a member of `struct dirent'. */
#undef HAVE_STRUCT_DIRENT_D_NAMLEN
diff --git a/configure b/configure
index c0bb851..414b0ab 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.8.28p1.
+# Generated by GNU Autoconf 2.69 for sudo 1.8.29.
#
# Report bugs to <https://bugzilla.sudo.ws/>.
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.28p1'
-PACKAGE_STRING='sudo 1.8.28p1'
+PACKAGE_VERSION='1.8.29'
+PACKAGE_STRING='sudo 1.8.29'
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
PACKAGE_URL=''
@@ -1544,7 +1544,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures sudo 1.8.28p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.29 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1609,7 +1609,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of sudo 1.8.28p1:";;
+ short | recursive ) echo "Configuration of sudo 1.8.29:";;
esac
cat <<\_ACEOF
@@ -1875,7 +1875,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-sudo configure 1.8.28p1
+sudo configure 1.8.29
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2584,7 +2584,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by sudo $as_me 1.8.28p1, which was
+It was created by sudo $as_me 1.8.29, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -21053,30 +21053,6 @@ else
done
fi
-# We wrap OpenBSD's strtonum() to get translatable error strings.
-for ac_func in strtonum
-do :
- ac_fn_c_check_func "$LINENO" "strtonum" "ac_cv_func_strtonum"
-if test "x$ac_cv_func_strtonum" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_STRTONUM 1
-_ACEOF
-
-fi
-done
-
-case " $LIBOBJS " in
- *" strtonum.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS strtonum.$ac_objext"
- ;;
-esac
-
-
- for _sym in sudo_strtonum; do
- COMPAT_EXP="${COMPAT_EXP}${_sym}
-"
- done
-
ac_fn_c_check_member "$LINENO" "struct tm" "tm_gmtoff" "ac_cv_member_struct_tm_tm_gmtoff" "
$ac_includes_default
#include <errno.h>
@@ -27537,7 +27513,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by sudo $as_me 1.8.28p1, which was
+This file was extended by sudo $as_me 1.8.29, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -27603,7 +27579,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-sudo config.status 1.8.28p1
+sudo config.status 1.8.29
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index c05801e..a28b3b2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
dnl
AC_PREREQ([2.59])
-AC_INIT([sudo], [1.8.28p1], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.8.29], [https://bugzilla.sudo.ws/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
AC_CONFIG_SRCDIR([src/sudo.c])
dnl
@@ -2800,10 +2800,6 @@ else
# Missing or non-compliant v?snprintf(), assume missing/bad v?asprintf()
SUDO_APPEND_COMPAT_EXP(sudo_snprintf sudo_vsnprintf sudo_asprintf sudo_vasprintf)
fi
-# We wrap OpenBSD's strtonum() to get translatable error strings.
-AC_CHECK_FUNCS([strtonum])
-AC_LIBOBJ(strtonum)
-SUDO_APPEND_COMPAT_EXP(sudo_strtonum)
AC_CHECK_MEMBERS([struct tm.tm_gmtoff], [], [], [
AC_INCLUDES_DEFAULT
#include <errno.h>
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 469246a..56c3cc1 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -119,6 +119,8 @@ lint: all
exit $$rval; \
fi
+depend:
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file doc/Makefile
diff --git a/doc/UPGRADE b/doc/UPGRADE
index 58d4e51..a95f6a6 100644
--- a/doc/UPGRADE
+++ b/doc/UPGRADE
@@ -1,6 +1,15 @@
Notes on upgrading from an older release
========================================
+o Upgrading from a version prior to 1.8.29:
+
+ Starting with version 1.8.29, if the umask is explicitly set
+ in sudoers, that value is used regardless of the umask specified
+ by PAM or login.conf. However, if the umask is not explicitly
+ set in sudoers, PAM or login.conf may now override the default
+ sudoers umask. Previously, the sudoers umask always overrode
+ the umask set by PAM, which was not the documented behavior.
+
o Upgrading from a version prior to 1.8.28:
Starting with version 1.8.28, sudo stores the signal that caused
@@ -186,13 +195,13 @@ o Upgrading from a version prior to 1.8.2:
When matching Unix groups in the sudoers file, sudo will now
match based on the name of the group as it appears in sudoers
- instead of the group ID. This can substantially reduce the
+ instead of the group-ID. This can substantially reduce the
number of group lookups for sudoers files that contain a large
number of groups. There are a few side effects of this change.
- 1) Unix groups with different names but the same group ID are
+ 1) Unix groups with different names but the same group-ID are
can no longer be used interchangeably. Sudo will look up all
- of a user's groups by group ID and use the resulting group
+ of a user's groups by group-ID and use the resulting group
names when matching sudoers entries. If there are multiple
groups with the same ID, the group name returned by the
system getgrgid() library function is the name that will be
@@ -338,7 +347,7 @@ o Upgrading from a version prior to 1.7.0:
Starting with sudo 1.7.0, comments in the sudoers file must not
have a digit or minus sign immediately after the comment character
('#'). Otherwise, the comment may be interpreted as a user or
- group ID.
+ group-ID.
When sudo is build with LDAP support the /etc/nsswitch.conf file is
now used to determine the sudoers sea ch order. sudo will default to
diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in
index 65ac7f4..678e6e0 100644
--- a/doc/sudo.conf.man.in
+++ b/doc/sudo.conf.man.in
@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
-.TH "SUDO.CONF" "@mansectform@" "July 3, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO.CONF" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -334,12 +334,12 @@ Set disable_coredump false
.RS 10n
.sp
All modern operating systems place restrictions on core dumps
-from setuid processes like
+from set-user-ID processes like
\fBsudo\fR
so this option can be enabled without compromising security.
To actually get a
\fBsudo\fR
-core file you will likely need to enable core dumps for setuid processes.
+core file you will likely need to enable core dumps for set-user-ID processes.
On
BSD
and Linux systems this is accomplished in the
diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in
index a0ba54a..f49c8a0 100644
--- a/doc/sudo.conf.mdoc.in
+++ b/doc/sudo.conf.mdoc.in
@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.nr SL @SEMAN@
-.Dd July 3, 2019
+.Dd October 20, 2019
.Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -305,12 +305,12 @@ Set disable_coredump false
.Ed
.Pp
All modern operating systems place restrictions on core dumps
-from setuid processes like
+from set-user-ID processes like
.Nm sudo
so this option can be enabled without compromising security.
To actually get a
.Nm sudo
-core file you will likely need to enable core dumps for setuid processes.
+core file you will likely need to enable core dumps for set-user-ID processes.
On
.Bx
and Linux systems this is accomplished in the
diff --git a/doc/sudo.man.in b/doc/sudo.man.in
index 6425a17..9ec675e 100644
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
-.TH "SUDO" "@mansectsu@" "May 27, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -98,7 +98,7 @@ as the superuser or another user, as specified by the security
policy.
The invoking user's real
(\fInot\fR effective)
-user ID is used to determine the user name with which
+user-ID is used to determine the user name with which
to query the security policy.
.PP
\fBsudo\fR
@@ -260,7 +260,7 @@ If
is
\fB-\fR,
the default login class of the target user will be used.
-Otherwise, the command must be run as the superuser (user ID 0), or
+Otherwise, the command must be run as the superuser (user-ID 0), or
\fBsudo\fR
must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional
@@ -361,7 +361,7 @@ instead of the primary group specified by the target
user's password database entry.
The
\fIgroup\fR
-may be either a group name or a numeric group ID
+may be either a group name or a numeric group-ID
(GID)
prefixed with the
\(oq#\(cq
@@ -504,7 +504,7 @@ By default, the
\fIsudoers\fR
policy will initialize the group vector to the list of groups the
target user is a member of.
-The real and effective group IDs, however, are still set to match
+The real and effective group-IDs, however, are still set to match
the target user.
.TP 12n
\fB\-p\fR \fIprompt\fR, \fB\--prompt\fR=\fIprompt\fR
@@ -629,7 +629,7 @@ Run the command as a user other than the default target user
\fIroot\fR).
The
\fIuser\fR
-may be either a user name or a numeric user ID
+may be either a user name or a numeric user-ID
(UID)
prefixed with the
\(oq#\(cq
@@ -719,13 +719,13 @@ option was specified).
The following parameters may be specified by security policy:
.TP 3n
\fB\(bu\fR
-real and effective user ID
+real and effective user-ID
.TP 3n
\fB\(bu\fR
-real and effective group ID
+real and effective group-ID
.TP 3n
\fB\(bu\fR
-supplementary group IDs
+supplementary group-IDs
.TP 3n
\fB\(bu\fR
the environment list
@@ -1027,7 +1027,7 @@ To prevent the disclosure of potentially sensitive information,
disables core dumps by default while it is executing (they are
re-enabled for the command that is run).
This historical practice dates from a time when most operating
-systems allowed setuid processes to dump core by default.
+systems allowed set-user-ID processes to dump core by default.
To aid in debugging
\fBsudo\fR
crashes, you may wish to re-enable core dumps by setting
@@ -1138,7 +1138,7 @@ Default editor to use in
(sudoedit) mode.
.TP 17n
\fRSUDO_GID\fR
-Set to the group ID of the user who invoked sudo.
+Set to the group-ID of the user who invoked sudo.
.TP 17n
\fRSUDO_PROMPT\fR
Used as the default password prompt unless
@@ -1152,7 +1152,7 @@ If set,
will be set to its value for the program being run.
.TP 17n
\fRSUDO_UID\fR
-Set to the user ID of the user who invoked sudo.
+Set to the user-ID of the user who invoked sudo.
.TP 17n
\fRSUDO_USER\fR
Set to the login name of the user who invoked sudo.
@@ -1272,7 +1272,7 @@ for more information.
was not run with root privileges.
The
\fBsudo\fR
-binary must be owned by the root user and have the Set-user-ID bit set.
+binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the
\(oqnosuid\(cq
option or on an NFS file system that maps uid 0 to an unprivileged uid.
@@ -1338,7 +1338,7 @@ was not run with root privileges.
The
\fBsudo\fR
binary does not have the correct owner or permissions.
-It must be owned by the root user and have the Set-user-ID bit set.
+It must be owned by the root user and have the set-user-ID bit set.
.TP 6n
\fRsudoedit is not supported on this platform\fR
It is only possible to run
@@ -1350,7 +1350,7 @@ The user did not enter a password before the password timeout
(5 minutes by default) expired.
.TP 6n
\fRyou do not exist in the passwd database\fR
-Your user ID does not appear in the system passwd database.
+Your user-ID does not appear in the system passwd database.
.TP 6n
\fRyou may not specify environment variables in edit mode\fR
It is only possible to specify environment variables when running
@@ -1417,9 +1417,9 @@ section for more information.
.PP
Running shell scripts via
\fBsudo\fR
-can expose the same kernel bugs that make setuid shell scripts
+can expose the same kernel bugs that make set-user-ID shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory,
-setuid shell scripts are generally safe).
+set-user-ID shell scripts are generally safe).
.SH "BUGS"
If you feel you have found a bug in
\fBsudo\fR,
diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in
index c49be27..29669cb 100644
--- a/doc/sudo.mdoc.in
+++ b/doc/sudo.mdoc.in
@@ -24,7 +24,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
-.Dd May 27, 2019
+.Dd October 20, 2019
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -100,7 +100,7 @@ as the superuser or another user, as specified by the security
policy.
The invoking user's real
.Pq Em not No effective
-user ID is used to determine the user name with which
+user-ID is used to determine the user name with which
to query the security policy.
.Pp
.Nm
@@ -252,7 +252,7 @@ If
is
.Cm - ,
the default login class of the target user will be used.
-Otherwise, the command must be run as the superuser (user ID 0), or
+Otherwise, the command must be run as the superuser (user-ID 0), or
.Nm
must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional
@@ -341,7 +341,7 @@ instead of the primary group specified by the target
user's password database entry.
The
.Ar group
-may be either a group name or a numeric group ID
+may be either a group name or a numeric group-ID
.Pq GID
prefixed with the
.Ql #
@@ -475,7 +475,7 @@ By default, the
.Em sudoers
policy will initialize the group vector to the list of groups the
target user is a member of.
-The real and effective group IDs, however, are still set to match
+The real and effective group-IDs, however, are still set to match
the target user.
.It Fl p Ar prompt , Fl -prompt Ns = Ns Ar prompt
Use a custom password prompt with optional escape sequences.
@@ -583,7 +583,7 @@ Run the command as a user other than the default target user
.Em root ) .
The
.Ar user
-may be either a user name or a numeric user ID
+may be either a user name or a numeric user-ID
.Pq UID
prefixed with the
.Ql #
@@ -671,11 +671,11 @@ option was specified).
The following parameters may be specified by security policy:
.Bl -bullet -width 1n
.It
-real and effective user ID
+real and effective user-ID
.It
-real and effective group ID
+real and effective group-ID
.It
-supplementary group IDs
+supplementary group-IDs
.It
the environment list
.It
@@ -968,7 +968,7 @@ To prevent the disclosure of potentially sensitive information,
disables core dumps by default while it is executing (they are
re-enabled for the command that is run).
This historical practice dates from a time when most operating
-systems allowed setuid processes to dump core by default.
+systems allowed set-user-ID processes to dump core by default.
To aid in debugging
.Nm
crashes, you may wish to re-enable core dumps by setting
@@ -1067,7 +1067,7 @@ Default editor to use in
.Fl e
(sudoedit) mode.
.It Ev SUDO_GID
-Set to the group ID of the user who invoked sudo.
+Set to the group-ID of the user who invoked sudo.
.It Ev SUDO_PROMPT
Used as the default password prompt unless
the
@@ -1078,7 +1078,7 @@ If set,
.Ev PS1
will be set to its value for the program being run.
.It Ev SUDO_UID
-Set to the user ID of the user who invoked sudo.
+Set to the user-ID of the user who invoked sudo.
.It Ev SUDO_USER
Set to the login name of the user who invoked sudo.
.It Ev USER
@@ -1174,7 +1174,7 @@ for more information.
was not run with root privileges.
The
.Nm
-binary must be owned by the root user and have the Set-user-ID bit set.
+binary must be owned by the root user and have the set-user-ID bit set.
Also, it must not be located on a file system mounted with the
.Sq nosuid
option or on an NFS file system that maps uid 0 to an unprivileged uid.
@@ -1233,7 +1233,7 @@ was not run with root privileges.
The
.Nm
binary does not have the correct owner or permissions.
-It must be owned by the root user and have the Set-user-ID bit set.
+It must be owned by the root user and have the set-user-ID bit set.
.It Li sudoedit is not supported on this platform
It is only possible to run
.Nm sudoedit
@@ -1242,7 +1242,7 @@ on systems that support setting the effective user-ID.
The user did not enter a password before the password timeout
(5 minutes by default) expired.
.It Li you do not exist in the passwd database
-Your user ID does not appear in the system passwd database.
+Your user-ID does not appear in the system passwd database.
.It Li you may not specify environment variables in edit mode
It is only possible to specify environment variables when running
a command.
@@ -1305,9 +1305,9 @@ section for more information.
.Pp
Running shell scripts via
.Nm
-can expose the same kernel bugs that make setuid shell scripts
+can expose the same kernel bugs that make set-user-ID shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory,
-setuid shell scripts are generally safe).
+set-user-ID shell scripts are generally safe).
.Sh BUGS
If you feel you have found a bug in
.Nm ,
diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in
index f95669f..f35c289 100644
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.TH "SUDO_PLUGIN" "5" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -459,20 +459,20 @@ cwd=string
The user's current working directory.
.TP 6n
egid=gid_t
-The effective group ID of the user invoking
+The effective group-ID of the user invoking
\fBsudo\fR.
.TP 6n
euid=uid_t
-The effective user ID of the user invoking
+The effective user-ID of the user invoking
\fBsudo\fR.
.TP 6n
gid=gid_t
-The real group ID of the user invoking
+The real group-ID of the user invoking
\fBsudo\fR.
.TP 6n
groups=list
The user's supplementary group list formatted as a string of
-comma-separated group IDs.
+comma-separated group-IDs.
.TP 6n
host=string
The local machine's hostname as returned by the
@@ -552,7 +552,7 @@ the value will be empty, as in
\(lq\fRtty=\fR\(rq.
.TP 6n
uid=uid_t
-The real user ID of the user invoking
+The real user-ID of the user invoking
\fBsudo\fR.
.TP 6n
umask=octal
@@ -991,29 +991,29 @@ initializing the group vector based on
\fRrunas_user\fR.
.TP 6n
runas_egid=gid
-Effective group ID to run the command as.
+Effective group-ID to run the command as.
If not specified, the value of
\fIrunas_gid\fR
is used.
.TP 6n
runas_euid=uid
-Effective user ID to run the command as.
+Effective user-ID to run the command as.
If not specified, the value of
\fIrunas_uid\fR
is used.
.TP 6n
runas_gid=gid
-Group ID to run the command as.
+Group-ID to run the command as.
.TP 6n
runas_groups=list
The supplementary group vector to use for the command in the form
-of a comma-separated list of group IDs.
+of a comma-separated list of group-IDs.
If
\fIpreserve_groups\fR
is set, this option is ignored.
.TP 6n
runas_uid=uid
-User ID to run the command as.
+User-ID to run the command as.
.TP 6n
selinux_role=string
SELinux role to use when executing the command.
@@ -1079,6 +1079,15 @@ If non-zero then when the timeout expires the command will be killed.
.TP 6n
umask=octal
The file creation mask to use when executing the command.
+This value may be overridden by PAM or login.conf on some systems
+unless the
+\fIumask_override\fR
+option is also set.
+.TP 6n
+umask_override=bool
+Force the value specified by the
+\fIumask\fR
+option to override any umask set by PAM or login.conf.
.TP 6n
use_pty=bool
Allocate a pseudo-terminal to run the command in, regardless of whether
@@ -2950,6 +2959,13 @@ Version 1.13 (sudo 1.8.26)
The
\fRlog_suspend\fR
field was added to the io_plugin struct.
+.TP 6n
+Version 1.14 (sudo 1.8.29)
+The
+\fIumask_override\fR
+entry was added to the
+\fRcommand_info\fR
+list.
.SH "SEE ALSO"
sudo.conf(@mansectform@),
sudoers(@mansectform@),
diff --git a/doc/sudo_plugin.mdoc.in b/doc/sudo_plugin.mdoc.in
index ed91d42..cffaf19 100644
--- a/doc/sudo_plugin.mdoc.in
+++ b/doc/sudo_plugin.mdoc.in
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd June 20, 2019
+.Dd October 20, 2019
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -411,17 +411,17 @@ If there is no terminal device available, a default value of 80 is used.
.It cwd=string
The user's current working directory.
.It egid=gid_t
-The effective group ID of the user invoking
+The effective group-ID of the user invoking
.Nm sudo .
.It euid=uid_t
-The effective user ID of the user invoking
+The effective user-ID of the user invoking
.Nm sudo .
.It gid=gid_t
-The real group ID of the user invoking
+The real group-ID of the user invoking
.Nm sudo .
.It groups=list
The user's supplementary group list formatted as a string of
-comma-separated group IDs.
+comma-separated group-IDs.
.It host=string
The local machine's hostname as returned by the
.Xr gethostname 2
@@ -491,7 +491,7 @@ If the user has no terminal device associated with the session,
the value will be empty, as in
.Dq Li tty= .
.It uid=uid_t
-The real user ID of the user invoking
+The real user-ID of the user invoking
.Nm sudo .
.It umask=octal
The invoking user's file creation mask.
@@ -877,25 +877,25 @@ will preserve the user's group vector instead of
initializing the group vector based on
.Li runas_user .
.It runas_egid=gid
-Effective group ID to run the command as.
+Effective group-ID to run the command as.
If not specified, the value of
.Em runas_gid
is used.
.It runas_euid=uid
-Effective user ID to run the command as.
+Effective user-ID to run the command as.
If not specified, the value of
.Em runas_uid
is used.
.It runas_gid=gid
-Group ID to run the command as.
+Group-ID to run the command as.
.It runas_groups=list
The supplementary group vector to use for the command in the form
-of a comma-separated list of group IDs.
+of a comma-separated list of group-IDs.
If
.Em preserve_groups
is set, this option is ignored.
.It runas_uid=uid
-User ID to run the command as.
+User-ID to run the command as.
.It selinux_role=string
SELinux role to use when executing the command.
.It selinux_type=string
@@ -953,6 +953,14 @@ Command timeout.
If non-zero then when the timeout expires the command will be killed.
.It umask=octal
The file creation mask to use when executing the command.
+This value may be overridden by PAM or login.conf on some systems
+unless the
+.Em umask_override
+option is also set.
+.It umask_override=bool
+Force the value specified by the
+.Em umask
+option to override any umask set by PAM or login.conf.
.It use_pty=bool
Allocate a pseudo-terminal to run the command in, regardless of whether
or not I/O logging is in use.
@@ -2589,6 +2597,12 @@ field was added to the io_plugin struct.
The
.Li log_suspend
field was added to the io_plugin struct.
+.It Version 1.14 (sudo 1.8.29)
+The
+.Em umask_override
+entry was added to the
+.Li command_info
+list.
.El
.Sh SEE ALSO
.Xr sudo.conf @mansectform@ ,
diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in
index 5791e4c..d2481eb 100644
--- a/doc/sudoers.ldap.man.in
+++ b/doc/sudoers.ldap.man.in
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.TH "SUDOERS.LDAP" "@mansectform@" "February 26, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS.LDAP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -112,7 +112,7 @@ The equivalent of a sudoer in LDAP is a
It consists of the following attributes:
.TP 6n
\fBsudoUser\fR
-A user name, user ID (prefixed with
+A user name, user-ID (prefixed with
\(oq#\(cq),
Unix group name or ID (prefixed with
\(oq%\(cq
diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in
index d88d48b..8807be4 100644
--- a/doc/sudoers.ldap.mdoc.in
+++ b/doc/sudoers.ldap.mdoc.in
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd February 26, 2018
+.Dd October 20, 2019
.Dt SUDOERS.LDAP @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -106,7 +106,7 @@ The equivalent of a sudoer in LDAP is a
It consists of the following attributes:
.Bl -tag -width 4n
.It Sy sudoUser
-A user name, user ID (prefixed with
+A user name, user-ID (prefixed with
.Ql # ) ,
Unix group name or ID (prefixed with
.Ql %
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 82b0bcf..4adf58d 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "September 16, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -123,13 +123,13 @@ sudoers_uid=uid
The
\fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
+It should be specified as a numeric user-ID.
.TP 10n
sudoers_gid=gid
The
\fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file.
-It must be specified as a numeric group ID (not a group name).
+It must be specified as a numeric group-ID (not a group name).
.TP 10n
sudoers_mode=mode
The
@@ -191,10 +191,10 @@ flags are enabled.
This allows users to
determine for themselves whether or not they are allowed to use
\fBsudo\fR.
-All attempts to run
+By default, all attempts to run
\fBsudo\fR
(successful or not)
-will be logged, regardless of whether or not mail is sent.
+are logged, regardless of whether or not mail is sent.
.PP
If
\fBsudo\fR
@@ -220,7 +220,7 @@ file lookup is still done for root, not the user specified by
\fBsudoers\fR
uses per-user time stamp files for credential caching.
Once a user has been authenticated, a record is written
-containing the user ID that was used to authenticate, the
+containing the user-ID that was used to authenticate, the
terminal session ID, the start time of the session leader
(or parent process) and a time stamp
(using a monotonic clock if one is available).
@@ -242,20 +242,25 @@ option can be used to select the type of time stamp record
\fBsudoers\fR
will use.
.SS "Logging"
+By default,
\fBsudoers\fR
-can log both successful and unsuccessful attempts (as well
-as errors) to
+logs both successful and unsuccessful attempts (as well
+as errors).
+The
+\fIlog_allowed\fR
+and
+\fIlog_denied\fR
+flags can be used to control this behavior.
+Messages can be logged to
syslog(3),
a log file, or both.
-By default,
-\fBsudoers\fR
-will log via
+The default is to log to
syslog(3)
-but this is changeable via the
+but this is configurable via the
\fIsyslog\fR
and
\fIlogfile\fR
-Defaults settings.
+settings.
See
\fILOG FORMAT\fR
for a description of the log file format.
@@ -290,7 +295,7 @@ can deal with environment variables.
.PP
By default, the
\fIenv_reset\fR
-option is enabled.
+flag is enabled.
This causes commands
to be executed with a new, minimal environment.
On AIX (and Linux
@@ -303,7 +308,7 @@ On
BSD
systems, if the
\fIuse_loginclass\fR
-option is enabled, the environment is initialized
+flag is enabled, the environment is initialized
based on the
\fIpath\fR
and
@@ -369,7 +374,7 @@ Prior to version 1.8.11, such variables were always removed.
.PP
If, however, the
\fIenv_reset\fR
-option is disabled, any variables not
+flag is disabled, any variables not
explicitly denied by the
\fIenv_check\fR
and
@@ -472,7 +477,7 @@ list.
.PP
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
-setuid executables, including
+set-user-ID executables, including
\fBsudo\fR.
Depending on the operating
system this may include
@@ -491,8 +496,7 @@ and, as such, it is not possible for
\fBsudo\fR
to preserve them.
.PP
-As a special case, if
-\fBsudo\fR's
+As a special case, if the
\fB\-i\fR
option (initial login) is
specified,
@@ -708,7 +712,7 @@ User ::= '!'* user name |
.PP
A
\fRUser_List\fR
-is made up of one or more user names, user IDs
+is made up of one or more user names, user-IDs
(prefixed with
\(oq#\(cq),
system group names and IDs (prefixed with
@@ -807,10 +811,13 @@ it can contain
\fRRunas_Alias\fRes.
Note that
user names and groups are matched as strings.
-In other words, two
-users (groups) with the same uid (gid) are considered to be distinct.
-If you wish to match all user names with the same uid (e.g.,
-root and toor), you can use a uid instead (#0 in the example given).
+In other words, two users (groups) with the same user (group) ID
+are considered to be distinct.
+If you wish to match all user names with the same user-ID (e.g., root and
+toor), you can use a user-ID instead of a name (#0 in the example given).
+Note that the user-ID or group-ID specified in a
+\fRRunas_Member\fR
+need not be listed in the password or group database.
.nf
.sp
.RS 0n
@@ -852,7 +859,7 @@ but unless the
command on your machine returns the fully
qualified host name, you'll need to use the
\fIfqdn\fR
-option for wildcards to be useful.
+flag for wildcards to be useful.
Note that
\fBsudo\fR
only inspects actual network interfaces; this means that IP address
@@ -1130,13 +1137,10 @@ consists of two
and enclosed in a set of parentheses.
The first
\fRRunas_List\fR
-indicates
-which users the command may be run as via
-\fBsudo\fR's
+indicates which users the command may be run as via the
\fB\-u\fR
option.
-The second defines a list of groups that can be specified via
-\fBsudo\fR's
+The second defines a list of groups that can be specified via the
\fB\-g\fR
option in addition to any of the target user's groups.
If both
@@ -1438,7 +1442,7 @@ timeout values:
\fR30s10m4h\fR,
\fR1d2d3h\fR.
.PP
-This option is only supported by version 1.8.20 or higher.
+This setting is only supported by version 1.8.20 or higher.
.SS "Tag_Spec"
A command may have zero or more tags associated with it.
The following tag values are supported:
@@ -1510,7 +1514,7 @@ Starting with version 1.8.15,
\fBsudoedit\fR
will not open a file that is a symbolic link unless the
\fIsudoedit_follow\fR
-option is enabled.
+flag is enabled.
The
\fIFOLLOW\fR
and
@@ -1527,7 +1531,7 @@ command and are ignored for all other commands.
.sp
These tags override the value of the
\fIlog_input\fR
-option on a per-command basis.
+flag on a per-command basis.
For more information, see the description of
\fIlog_input\fR
in the
@@ -1538,7 +1542,7 @@ section below.
.sp
These tags override the value of the
\fIlog_output\fR
-option on a per-command basis.
+flag on a per-command basis.
For more information, see the description of
\fIlog_output\fR
in the
@@ -1551,7 +1555,7 @@ These tags provide fine-grained control over whether
mail will be sent when a user runs a command by
overriding the value of the
\fImail_all_cmnds\fR
-option on a per-command basis.
+flag on a per-command basis.
They have no effect when
\fBsudo\fR
is run with the
@@ -1630,7 +1634,7 @@ Note, however, that the
\fRPASSWD\fR
tag has no effect on users who are in the group specified by the
\fIexempt_group\fR
-option.
+setting.
.sp
By default, if the
\fRNOPASSWD\fR
@@ -1655,12 +1659,12 @@ options.
.sp
These tags override the value of the
\fIsetenv\fR
-option on a per-command basis.
+flag on a per-command basis.
Note that if
\fRSETENV\fR
has been set for a command, the user may disable the
\fIenv_reset\fR
-option from the command line via the
+flag from the command line via the
\fB\-E\fR
option.
Additionally, environment variables set on the command
@@ -1968,7 +1972,7 @@ The pound sign
is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a
-uid).
+user-ID).
Both the comment character and any text after it, up to the end of
the line, are ignored.
.PP
@@ -2088,13 +2092,12 @@ If enabled,
will set the
\fRHOME\fR
environment variable to the home directory of the target user
-(which is root unless
-\fBsudo\fR's
+(which is the root user unless the
\fB\-u\fR
option is used).
-This option is largely obsolete and has no effect unless the
+This flag is largely obsolete and has no effect unless the
\fIenv_reset\fR
-option has been disabled or
+flag has been disabled or
\fRHOME\fR
is present in the
\fIenv_keep\fR
@@ -2134,8 +2137,7 @@ This flag is
by default.
.TP 18n
closefrom_override
-If set, the user may use
-\fBsudo\fR's
+If set, the user may use the
\fB\-C\fR
option which overrides the default starting point at which
\fBsudo\fR
@@ -2230,7 +2232,7 @@ or
environment variables before falling back on the default editor list.
Note that
\fBvisudo\fR
-is typically run as root so this option may allow a user with
+is typically run as root so this flag may allow a user with
\fBvisudo\fR
privileges to run arbitrary commands as root without logging.
An alternative is to place a colon-separated list of
@@ -2282,14 +2284,14 @@ variables.
Any variables in the caller's environment or in the file specified
by the
\fIrestricted_env_file\fR
-option that match the
+setting that match the
\fRenv_keep\fR
and
\fRenv_check\fR
lists are then added, followed by any variables present in the file
specified by the
\fIenv_file\fR
-option (if any).
+setting (if any).
The contents of the
\fRenv_keep\fR
and
@@ -2303,7 +2305,7 @@ is run by root with the
option.
If the
\fIsecure_path\fR
-option is set, its value will be used for the
+setting is enabled, its value will be used for the
\fRPATH\fR
environment variable.
This flag is
@@ -2323,7 +2325,7 @@ when the pattern references a network file system that is mounted
on demand (auto mounted).
The
\fIfast_glob\fR
-option causes
+flag causes
\fBsudo\fR
to use the
fnmatch(3)
@@ -2338,7 +2340,7 @@ This has security implications when path names that include globbing
characters are used with the negation operator,
\(oq!\&\(cq,
as such rules can be trivially bypassed.
-As such, this option should not be used when the
+As such, this flag should not be used when the
\fIsudoers\fR
file contains rules that contain negated path names which include globbing
characters.
@@ -2354,7 +2356,7 @@ file when the local host name (as returned by the
command) does not contain the domain name.
In other words, instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
-This option is only effective when the
+This flag is only effective when the
\(lqcanonical\(rq
host name, as returned by the
\fBgetaddrinfo\fR()
@@ -2396,7 +2398,7 @@ host name, and the short version as an alias.
.sp
If the machine's hosts file entry is not formatted properly, the
\fIfqdn\fR
-option will not be effective if it is queried before DNS.
+flag will not be effective if it is queried before DNS.
.sp
Beware that when using DNS for host name resolution, turning on
\fIfqdn\fR
@@ -2469,7 +2471,7 @@ This flag only has an effect when
\fBsudoers\fR
is configured to use file-based logging via the
\fIlogfile\fR
-option.
+setting.
This flag is
\fIon\fR
by default.
@@ -2482,10 +2484,10 @@ This is intended for Enterprises that wish to prevent the usage of local
sudoers files so that only LDAP is used.
This thwarts the efforts of rogue operators who would attempt to add roles to
\fI@sysconfdir@/sudoers\fR.
-When this option is present,
+When this flag is enabled,
\fI@sysconfdir@/sudoers\fR
does not even need to exist.
-Since this option tells
+Since this flag tells
\fBsudo\fR
how to behave when no specific LDAP entries have been matched, this
sudoOption is only meaningful for the
@@ -2514,10 +2516,33 @@ This flag is
\fI@insults@\fR
by default.
.TP 18n
+log_allowed
+If set,
+\fBsudoers\fR
+will log commands allowed by the policy to the system audit log
+(where supported) as well as to syslog and/or a log file.
+This flag is
+\fIon\fR
+by default.
+.sp
+This setting is only supported by version 1.8.29 or higher.
+.TP 18n
+log_denied
+If set,
+\fBsudoers\fR
+will log commands denied by the policy to the system audit log
+(where supported) as well as to syslog and/or a log file.
+This flag is
+\fIon\fR
+by default.
+.sp
+This setting is only supported by version 1.8.29 or higher.
+.TP 18n
log_host
-If set, the host name will be logged in the (non-syslog)
-\fBsudo\fR
-log file.
+If set, the host name will be included in log entries written to
+the file configured by the
+\fIlogfile\fR
+setting.
This flag is
\fIoff\fR
by default.
@@ -2661,7 +2686,7 @@ by default.
match_group_by_gid
By default,
\fBsudoers\fR
-will look up each group the user is a member of by group ID to
+will look up each group the user is a member of by group-ID to
determine the group name (this is only done once).
The resulting list of the user's group names is used when matching
groups listed in the
@@ -2680,21 +2705,21 @@ running commands via
may take longer than normal.
On such systems it may be faster to use the
\fImatch_group_by_gid\fR
-flag to avoid resolving the user's group IDs to group names.
+flag to avoid resolving the user's group-IDs to group names.
In this case,
\fBsudoers\fR
must look up any group name listed in the
\fIsudoers\fR
-file and use the group ID instead of the group name when determining
+file and use the group-ID instead of the group name when determining
whether the user is a member of the group.
.sp
Note that if
\fImatch_group_by_gid\fR
is enabled, group database lookups performed by
\fBsudoers\fR
-will be keyed by group name as opposed to group ID.
+will be keyed by group name as opposed to group-ID.
On systems where there are multiple sources for the group database,
-it is possible to have conflicting group names or group IDs in the local
+it is possible to have conflicting group names or group-IDs in the local
\fI/etc/group\fR
file and the remote group database.
On such systems, enabling or disabling
@@ -2850,7 +2875,7 @@ will initialize the group vector to the list of groups the target user is in.
When
\fIpreserve_groups\fR
is set, the user's existing group vector is left unaltered.
-The real and effective group IDs, however, are still set to match the
+The real and effective group-IDs, however, are still set to match the
target user.
This flag is
\fIoff\fR
@@ -2938,13 +2963,12 @@ is invoked with the
option, the
\fRHOME\fR
environment variable will be set to the home directory of the target
-user (which is root unless
-\fBsudo\fR's
+user (which is the root user unless the
\fB\-u\fR
option is used).
-This option is largely obsolete and has no effect unless the
+This flag is largely obsolete and has no effect unless the
\fIenv_reset\fR
-option has been disabled or
+flag has been disabled or
\fRHOME\fR
is present in the
\fIenv_keep\fR
@@ -3042,9 +3066,9 @@ This option changes that behavior such that the real UID is left
as the invoking user's UID.
In other words, this makes
\fBsudo\fR
-act as a setuid wrapper.
+act as a set-user-ID wrapper.
This can be useful on systems that disable some potentially
-dangerous functionality when a program is run setuid.
+dangerous functionality when a program is run set-user-ID.
This option is only effective on systems that support either the
setreuid(2)
or
@@ -3119,7 +3143,7 @@ option (defaults to
\fRroot\fR)
instead of the password of the invoking user
when running a command or editing a file.
-Note that this flag precludes the use of a uid not listed in the passwd
+Note that this flag precludes the use of a user-ID not listed in the passwd
database as an argument to the
\fB\-u\fR
option.
@@ -3387,20 +3411,35 @@ and
respectively.
.TP 18n
umask
-Umask to use when running the command.
-Negate this option or set it to 0777 to preserve the user's umask.
-The actual umask that is used will be the union of the user's umask
-and the value of the
+File mode creation mask to use when running the command.
+Negate this option or set it to 0777 to prevent
+\fBsudoers\fR
+from changing the umask.
+Unless the
+\fIumask_override\fR
+flag is set, the actual umask will be the union of the
+user's umask and the value of the
\fIumask\fR
-option, which defaults to
+setting, which defaults to
\fR@sudo_umask@\fR.
This guarantees
that
\fBsudo\fR
never lowers the umask when running a command.
-Note: on systems that use PAM, the default PAM configuration may specify
-its own umask which will override the value set in
-\fIsudoers\fR.
+.sp
+If
+\fIumask\fR
+is explicitly set in
+\fIsudoers\fR,
+it will override any umask setting in PAM or login.conf.
+If
+\fIumask\fR
+is not set in
+\fIsudoers\fR,
+the umask specified by PAM or login.conf will take precedence.
+The umask setting in PAM is not used for
+\fBsudoedit\fR,
+which does not create a new PAM session.
.PP
\fBStrings\fR:
.TP 18n
@@ -3493,7 +3532,7 @@ where every two digits are used to form a new directory, e.g.,
expanded to the invoking user's login name
.TP 6n
\fR%{group}\fR
-expanded to the name of the invoking user's real group ID
+expanded to the name of the invoking user's real group-ID
.TP 6n
\fR%{runas_user}\fR
expanded to the login name of the user the command will
@@ -3578,19 +3617,19 @@ by default.
This setting is only supported by version 1.8.20 or higher.
.TP 18n
iolog_group
-The group name to look up when setting the group ID on new I/O log
+The group name to look up when setting the group-ID on new I/O log
files and directories.
If
\fIiolog_group\fR
is not set,
-the primary group ID of the user specified by
+the primary group-ID of the user specified by
\fIiolog_user\fR
is used.
If neither
\fIiolog_group\fR
nor
\fIiolog_user\fR
-are set, I/O log files and directories are created with group ID 0.
+are set, I/O log files and directories are created with group-ID 0.
.sp
This setting is only supported by version 1.8.19 or higher.
.TP 18n
@@ -3608,19 +3647,19 @@ Defaults to 0600 (read and write by user only).
This setting is only supported by version 1.8.19 or higher.
.TP 18n
iolog_user
-The user name to look up when setting the user and group IDs on new
+The user name to look up when setting the user and group-IDs on new
I/O log files and directories.
If
\fIiolog_group\fR
-is set, it will be used instead of the user's primary group ID.
+is set, it will be used instead of the user's primary group-ID.
By default, I/O log files and directories are created with user and
-group ID 0.
+group-ID 0.
.sp
This setting can be useful when the I/O logs are stored on a Network
File System (NFS) share.
Having a dedicated user own the I/O log files means that
\fBsudoers\fR
-does not write to the log files as user ID 0, which is usually
+does not write to the log files as user-ID 0, which is usually
not permitted by NFS.
.sp
This setting is only supported by version 1.8.19 or higher.
@@ -4366,7 +4405,7 @@ is run by root with the
\fB\-V\fR
option.
Note that many operating systems will remove potentially dangerous
-variables from the environment of any setuid process (such as
+variables from the environment of any set-user-ID process (such as
\fBsudo\fR).
.TP 18n
env_keep
@@ -4423,7 +4462,7 @@ syntax described earlier.
.PP
Group provider plugins are specified via the
\fIgroup_plugin\fR
-Defaults setting.
+setting.
The argument to
\fIgroup_plugin\fR
should consist of the plugin path, either fully-qualified or relative to the
@@ -4593,7 +4632,7 @@ failed attempts and the value of the
option.
.TP 3n
a password is required
-\fBsudo\fR's
+The
\fB\-n\fR
option was specified but a password was required.
.TP 3n
@@ -4636,7 +4675,7 @@ The
file could not be opened for reading.
This can happen when the
\fIsudoers\fR
-file is located on a remote file system that maps user ID 0 to
+file is located on a remote file system that maps user-ID 0 to
a different value.
Normally,
\fBsudoers\fR
@@ -4649,7 +4688,7 @@ or adding an argument like
\(lqsudoers_uid=N\(rq
(where
\(oqN\(cq
-is the user ID that owns the
+is the user-ID that owns the
\fIsudoers\fR
file) to the end of the
\fBsudoers\fR
@@ -4678,7 +4717,7 @@ file owner, please add
\(lqsudoers_uid=N\(rq
(where
\(oqN\(cq
-is the user ID that owns the
+is the user-ID that owns the
\fIsudoers\fR
file) to the
\fBsudoers\fR
@@ -4714,7 +4753,7 @@ file group ownership, please add
\(lqsudoers_gid=N\(rq
(where
\(oqN\(cq
-is the group ID that owns the
+is the group-ID that owns the
\fIsudoers\fR
file) to the
\fBsudoers\fR
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index ade2b0d..b11c0b9 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -24,7 +24,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
-.Dd September 16, 2019
+.Dd October 20, 2019
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -47,7 +47,7 @@ The policy format is described in detail in the
.Sx SUDOERS FILE FORMAT
section.
For information on storing
-.Nm sudoers
+.Nm
policy information
in LDAP, please see
.Xr sudoers.ldap @mansectform@ .
@@ -113,12 +113,12 @@ file.
The
.Em sudoers_uid
argument can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
+It should be specified as a numeric user-ID.
.It sudoers_gid=gid
The
.Em sudoers_gid
argument can be used to override the default group of the sudoers file.
-It must be specified as a numeric group ID (not a group name).
+It must be specified as a numeric group-ID (not a group name).
.It sudoers_mode=mode
The
.Em sudoers_mode
@@ -131,7 +131,7 @@ For more information on configuring
please refer to its manual.
.Ss User Authentication
The
-.Nm sudoers
+.Nm
security policy requires that most users authenticate
themselves before they can use
.Nm sudo .
@@ -142,7 +142,7 @@ user or command.
Unlike
.Xr su 1 ,
when
-.Nm sudoers
+.Nm
requires
authentication, it validates the invoking user's credentials, not
the target user's (or root's) credentials.
@@ -180,10 +180,10 @@ flags are enabled.
This allows users to
determine for themselves whether or not they are allowed to use
.Nm sudo .
-All attempts to run
+By default, all attempts to run
.Nm sudo
(successful or not)
-will be logged, regardless of whether or not mail is sent.
+are logged, regardless of whether or not mail is sent.
.Pp
If
.Nm sudo
@@ -191,7 +191,7 @@ is run by root and the
.Ev SUDO_USER
environment variable
is set, the
-.Nm sudoers
+.Nm
policy will use this value to determine who
the actual user is.
This can be used by a user to log commands
@@ -206,10 +206,10 @@ Note, however, that the
file lookup is still done for root, not the user specified by
.Ev SUDO_USER .
.Pp
-.Nm sudoers
+.Nm
uses per-user time stamp files for credential caching.
Once a user has been authenticated, a record is written
-containing the user ID that was used to authenticate, the
+containing the user-ID that was used to authenticate, the
terminal session ID, the start time of the session leader
(or parent process) and a time stamp
(using a monotonic clock if one is available).
@@ -223,34 +223,39 @@ minutes unless overridden by the
option
.Pc .
By default,
-.Nm sudoers
+.Nm
uses a separate record for each terminal, which means that
a user's login sessions are authenticated separately.
The
.Em timestamp_type
option can be used to select the type of time stamp record
-.Nm sudoers
+.Nm
will use.
.Ss Logging
-.Nm sudoers
-can log both successful and unsuccessful attempts (as well
-as errors) to
+By default,
+.Nm
+logs both successful and unsuccessful attempts (as well
+as errors).
+The
+.Em log_allowed
+and
+.Em log_denied
+flags can be used to control this behavior.
+Messages can be logged to
.Xr syslog 3 ,
a log file, or both.
-By default,
-.Nm sudoers
-will log via
+The default is to log to
.Xr syslog 3
-but this is changeable via the
+but this is configurable via the
.Em syslog
and
.Em logfile
-Defaults settings.
+settings.
See
.Sx "LOG FORMAT"
for a description of the log file format.
.Pp
-.Nm sudoers
+.Nm
is also capable of running a command in a pseudo-terminal and logging all
input and/or output.
The standard input, standard output and standard error can be logged
@@ -270,17 +275,17 @@ See
for details on how I/O log files are stored.
.Ss Command environment
Since environment variables can influence program behavior,
-.Nm sudoers
+.Nm
provides a means to restrict which variables from the user's
environment are inherited by the command to be run.
There are two
distinct ways
-.Nm sudoers
+.Nm
can deal with environment variables.
.Pp
By default, the
.Em env_reset
-option is enabled.
+flag is enabled.
This causes commands
to be executed with a new, minimal environment.
On AIX (and Linux
@@ -293,7 +298,7 @@ On
.Bx
systems, if the
.Em use_loginclass
-option is enabled, the environment is initialized
+flag is enabled, the environment is initialized
based on the
.Em path
and
@@ -359,7 +364,7 @@ Prior to version 1.8.11, such variables were always removed.
.Pp
If, however, the
.Em env_reset
-option is disabled, any variables not
+flag is disabled, any variables not
explicitly denied by the
.Em env_check
and
@@ -459,7 +464,7 @@ list.
.Pp
Note that the dynamic linker on most operating systems will remove
variables that can control dynamic linking from the environment of
-setuid executables, including
+set-user-ID executables, including
.Nm sudo .
Depending on the operating
system this may include
@@ -478,12 +483,11 @@ and, as such, it is not possible for
.Nm sudo
to preserve them.
.Pp
-As a special case, if
-.Nm sudo Ns 's
+As a special case, if the
.Fl i
option (initial login) is
specified,
-.Nm sudoers
+.Nm
will initialize the environment regardless
of the value of
.Em env_reset .
@@ -682,7 +686,7 @@ User ::= '!'* user name |
.Pp
A
.Li User_List
-is made up of one or more user names, user IDs
+is made up of one or more user names, user-IDs
(prefixed with
.Ql # ) ,
system group names and IDs (prefixed with
@@ -777,10 +781,13 @@ it can contain
.Li Runas_Alias Ns es .
Note that
user names and groups are matched as strings.
-In other words, two
-users (groups) with the same uid (gid) are considered to be distinct.
-If you wish to match all user names with the same uid (e.g.,
-root and toor), you can use a uid instead (#0 in the example given).
+In other words, two users (groups) with the same user (group) ID
+are considered to be distinct.
+If you wish to match all user names with the same user-ID (e.g., root and
+toor), you can use a user-ID instead of a name (#0 in the example given).
+Note that the user-ID or group-ID specified in a
+.Li Runas_Member
+need not be listed in the password or group database.
.Bd -literal
Host_List ::= Host |
Host ',' Host_List
@@ -819,7 +826,7 @@ but unless the
command on your machine returns the fully
qualified host name, you'll need to use the
.Em fqdn
-option for wildcards to be useful.
+flag for wildcards to be useful.
Note that
.Nm sudo
only inspects actual network interfaces; this means that IP address
@@ -1083,13 +1090,10 @@ consists of two
and enclosed in a set of parentheses.
The first
.Li Runas_List
-indicates
-which users the command may be run as via
-.Nm sudo Ns 's
+indicates which users the command may be run as via the
.Fl u
option.
-The second defines a list of groups that can be specified via
-.Nm sudo Ns 's
+The second defines a list of groups that can be specified via the
.Fl g
option in addition to any of the target user's groups.
If both
@@ -1297,7 +1301,7 @@ or
character.
.\}
.Ss Date_Spec
-.Nm sudoers
+.Nm
rules can be specified with a start and end date via the
.Li NOTBEFORE
and
@@ -1359,7 +1363,7 @@ timeout values:
.Li 30s10m4h ,
.Li 1d2d3h .
.Pp
-This option is only supported by version 1.8.20 or higher.
+This setting is only supported by version 1.8.20 or higher.
.Ss Tag_Spec
A command may have zero or more tags associated with it.
The following tag values are supported:
@@ -1425,7 +1429,7 @@ Starting with version 1.8.15,
.Nm sudoedit
will not open a file that is a symbolic link unless the
.Em sudoedit_follow
-option is enabled.
+flag is enabled.
The
.Em FOLLOW
and
@@ -1441,7 +1445,7 @@ command and are ignored for all other commands.
.sp
These tags override the value of the
.Em log_input
-option on a per-command basis.
+flag on a per-command basis.
For more information, see the description of
.Em log_input
in the
@@ -1451,7 +1455,7 @@ section below.
.sp
These tags override the value of the
.Em log_output
-option on a per-command basis.
+flag on a per-command basis.
For more information, see the description of
.Em log_output
in the
@@ -1463,7 +1467,7 @@ These tags provide fine-grained control over whether
mail will be sent when a user runs a command by
overriding the value of the
.Em mail_all_cmnds
-option on a per-command basis.
+flag on a per-command basis.
They have no effect when
.Nm sudo
is run with the
@@ -1534,7 +1538,7 @@ Note, however, that the
.Li PASSWD
tag has no effect on users who are in the group specified by the
.Em exempt_group
-option.
+setting.
.Pp
By default, if the
.Li NOPASSWD
@@ -1557,12 +1561,12 @@ options.
.sp
These tags override the value of the
.Em setenv
-option on a per-command basis.
+flag on a per-command basis.
Note that if
.Li SETENV
has been set for a command, the user may disable the
.Em env_reset
-option from the command line via the
+flag from the command line via the
.Fl E
option.
Additionally, environment variables set on the command
@@ -1845,7 +1849,7 @@ The pound sign
is used to indicate a comment (unless it is part of a #include
directive or unless it occurs in the context of a user name and is
followed by one or more digits, in which case it is treated as a
-uid).
+user-ID).
Both the comment character and any text after it, up to the end of
the line, are ignored.
.Pp
@@ -1960,13 +1964,12 @@ If enabled,
will set the
.Ev HOME
environment variable to the home directory of the target user
-(which is root unless
-.Nm sudo Ns 's
+(which is the root user unless the
.Fl u
option is used).
-This option is largely obsolete and has no effect unless the
+This flag is largely obsolete and has no effect unless the
.Em env_reset
-option has been disabled or
+flag has been disabled or
.Ev HOME
is present in the
.Em env_keep
@@ -2002,8 +2005,7 @@ This flag is
.Em on
by default.
.It closefrom_override
-If set, the user may use
-.Nm sudo Ns 's
+If set, the user may use the
.Fl C
option which overrides the default starting point at which
.Nm sudo
@@ -2095,7 +2097,7 @@ or
environment variables before falling back on the default editor list.
Note that
.Nm visudo
-is typically run as root so this option may allow a user with
+is typically run as root so this flag may allow a user with
.Nm visudo
privileges to run arbitrary commands as root without logging.
An alternative is to place a colon-separated list of
@@ -2146,14 +2148,14 @@ variables.
Any variables in the caller's environment or in the file specified
by the
.Em restricted_env_file
-option that match the
+setting that match the
.Li env_keep
and
.Li env_check
lists are then added, followed by any variables present in the file
specified by the
.Em env_file
-option (if any).
+setting (if any).
The contents of the
.Li env_keep
and
@@ -2167,7 +2169,7 @@ is run by root with the
option.
If the
.Em secure_path
-option is set, its value will be used for the
+setting is enabled, its value will be used for the
.Ev PATH
environment variable.
This flag is
@@ -2186,7 +2188,7 @@ when the pattern references a network file system that is mounted
on demand (auto mounted).
The
.Em fast_glob
-option causes
+flag causes
.Nm sudo
to use the
.Xr fnmatch 3
@@ -2201,7 +2203,7 @@ This has security implications when path names that include globbing
characters are used with the negation operator,
.Ql !\& ,
as such rules can be trivially bypassed.
-As such, this option should not be used when the
+As such, this flag should not be used when the
.Em sudoers
file contains rules that contain negated path names which include globbing
characters.
@@ -2216,7 +2218,7 @@ file when the local host name (as returned by the
command) does not contain the domain name.
In other words, instead of myhost you would use myhost.mydomain.edu.
You may still use the short form if you wish (and even mix the two).
-This option is only effective when the
+This flag is only effective when the
.Dq canonical
host name, as returned by the
.Fn getaddrinfo
@@ -2255,7 +2257,7 @@ host name, and the short version as an alias.
.sp
If the machine's hosts file entry is not formatted properly, the
.Em fqdn
-option will not be effective if it is queried before DNS.
+flag will not be effective if it is queried before DNS.
.Pp
Beware that when using DNS for host name resolution, turning on
.Em fqdn
@@ -2325,7 +2327,7 @@ This flag only has an effect when
.Nm
is configured to use file-based logging via the
.Em logfile
-option.
+setting.
This flag is
.Em on
by default.
@@ -2337,10 +2339,10 @@ This is intended for Enterprises that wish to prevent the usage of local
sudoers files so that only LDAP is used.
This thwarts the efforts of rogue operators who would attempt to add roles to
.Pa @sysconfdir@/sudoers .
-When this option is present,
+When this flag is enabled,
.Pa @sysconfdir@/sudoers
does not even need to exist.
-Since this option tells
+Since this flag tells
.Nm sudo
how to behave when no specific LDAP entries have been matched, this
sudoOption is only meaningful for the
@@ -2366,10 +2368,31 @@ will insult users when they enter an incorrect password.
This flag is
.Em @insults@
by default.
+.It log_allowed
+If set,
+.Nm
+will log commands allowed by the policy to the system audit log
+(where supported) as well as to syslog and/or a log file.
+This flag is
+.Em on
+by default.
+.Pp
+This setting is only supported by version 1.8.29 or higher.
+.It log_denied
+If set,
+.Nm
+will log commands denied by the policy to the system audit log
+(where supported) as well as to syslog and/or a log file.
+This flag is
+.Em on
+by default.
+.Pp
+This setting is only supported by version 1.8.29 or higher.
.It log_host
-If set, the host name will be logged in the (non-syslog)
-.Nm sudo
-log file.
+If set, the host name will be included in log entries written to
+the file configured by the
+.Em logfile
+setting.
This flag is
.Em off
by default.
@@ -2458,7 +2481,7 @@ user if the user running
.Nm sudo
does not enter the correct password.
If the command the user is attempting to run is not permitted by
-.Nm sudoers
+.Nm
and one of the
.Em mail_all_cmnds ,
.Em mail_always ,
@@ -2502,7 +2525,7 @@ by default.
.It match_group_by_gid
By default,
.Nm
-will look up each group the user is a member of by group ID to
+will look up each group the user is a member of by group-ID to
determine the group name (this is only done once).
The resulting list of the user's group names is used when matching
groups listed in the
@@ -2521,21 +2544,21 @@ running commands via
may take longer than normal.
On such systems it may be faster to use the
.Em match_group_by_gid
-flag to avoid resolving the user's group IDs to group names.
+flag to avoid resolving the user's group-IDs to group names.
In this case,
.Nm
must look up any group name listed in the
.Em sudoers
-file and use the group ID instead of the group name when determining
+file and use the group-ID instead of the group name when determining
whether the user is a member of the group.
.Pp
Note that if
.Em match_group_by_gid
is enabled, group database lookups performed by
.Nm
-will be keyed by group name as opposed to group ID.
+will be keyed by group name as opposed to group-ID.
On systems where there are multiple sources for the group database,
-it is possible to have conflicting group names or group IDs in the local
+it is possible to have conflicting group names or group-IDs in the local
.Pa /etc/group
file and the remote group database.
On such systems, enabling or disabling
@@ -2683,7 +2706,7 @@ will initialize the group vector to the list of groups the target user is in.
When
.Em preserve_groups
is set, the user's existing group vector is left unaltered.
-The real and effective group IDs, however, are still set to match the
+The real and effective group-IDs, however, are still set to match the
target user.
This flag is
.Em off
@@ -2765,13 +2788,12 @@ is invoked with the
option, the
.Ev HOME
environment variable will be set to the home directory of the target
-user (which is root unless
-.Nm sudo Ns 's
+user (which is the root user unless the
.Fl u
option is used).
-This option is largely obsolete and has no effect unless the
+This flag is largely obsolete and has no effect unless the
.Em env_reset
-option has been disabled or
+flag has been disabled or
.Ev HOME
is present in the
.Em env_keep
@@ -2864,9 +2886,9 @@ This option changes that behavior such that the real UID is left
as the invoking user's UID.
In other words, this makes
.Nm sudo
-act as a setuid wrapper.
+act as a set-user-ID wrapper.
This can be useful on systems that disable some potentially
-dangerous functionality when a program is run setuid.
+dangerous functionality when a program is run set-user-ID.
This option is only effective on systems that support either the
.Xr setreuid 2
or
@@ -2936,7 +2958,7 @@ option (defaults to
.Li root )
instead of the password of the invoking user
when running a command or editing a file.
-Note that this flag precludes the use of a uid not listed in the passwd
+Note that this flag precludes the use of a user-ID not listed in the passwd
database as an argument to the
.Fl u
option.
@@ -3190,20 +3212,35 @@ and
.Dq Li sudo -k
respectively.
.It umask
-Umask to use when running the command.
-Negate this option or set it to 0777 to preserve the user's umask.
-The actual umask that is used will be the union of the user's umask
-and the value of the
+File mode creation mask to use when running the command.
+Negate this option or set it to 0777 to prevent
+.Nm
+from changing the umask.
+Unless the
+.Em umask_override
+flag is set, the actual umask will be the union of the
+user's umask and the value of the
.Em umask
-option, which defaults to
+setting, which defaults to
.Li @sudo_umask@ .
This guarantees
that
.Nm sudo
never lowers the umask when running a command.
-Note: on systems that use PAM, the default PAM configuration may specify
-its own umask which will override the value set in
-.Em sudoers .
+.Pp
+If
+.Em umask
+is explicitly set in
+.Em sudoers ,
+it will override any umask setting in PAM or login.conf.
+If
+.Em umask
+is not set in
+.Em sudoers ,
+the umask specified by PAM or login.conf will take precedence.
+The umask setting in PAM is not used for
+.Nm sudoedit ,
+which does not create a new PAM session.
.El
.Pp
.Sy Strings :
@@ -3288,7 +3325,7 @@ where every two digits are used to form a new directory, e.g.,
.It Li %{user}
expanded to the invoking user's login name
.It Li %{group}
-expanded to the name of the invoking user's real group ID
+expanded to the name of the invoking user's real group-ID
.It Li %{runas_user}
expanded to the login name of the user the command will
be run as (e.g., root)
@@ -3366,19 +3403,19 @@ by default.
.Pp
This setting is only supported by version 1.8.20 or higher.
.It iolog_group
-The group name to look up when setting the group ID on new I/O log
+The group name to look up when setting the group-ID on new I/O log
files and directories.
If
.Em iolog_group
is not set,
-the primary group ID of the user specified by
+the primary group-ID of the user specified by
.Em iolog_user
is used.
If neither
.Em iolog_group
nor
.Em iolog_user
-are set, I/O log files and directories are created with group ID 0.
+are set, I/O log files and directories are created with group-ID 0.
.Pp
This setting is only supported by version 1.8.19 or higher.
.It iolog_mode
@@ -3394,19 +3431,19 @@ Defaults to 0600 (read and write by user only).
.Pp
This setting is only supported by version 1.8.19 or higher.
.It iolog_user
-The user name to look up when setting the user and group IDs on new
+The user name to look up when setting the user and group-IDs on new
I/O log files and directories.
If
.Em iolog_group
-is set, it will be used instead of the user's primary group ID.
+is set, it will be used instead of the user's primary group-ID.
By default, I/O log files and directories are created with user and
-group ID 0.
+group-ID 0.
.Pp
This setting can be useful when the I/O logs are stored on a Network
File System (NFS) share.
Having a dedicated user own the I/O log files means that
.Nm
-does not write to the log files as user ID 0, which is usually
+does not write to the log files as user-ID 0, which is usually
not permitted by NFS.
.Pp
This setting is only supported by version 1.8.19 or higher.
@@ -3569,7 +3606,7 @@ Note that changing the locale may affect how sudoers is interpreted.
Defaults to
.Dq Li C .
.It timestamp_type
-.Nm sudoers
+.Nm
uses per-user time stamp files for credential caching.
The
.Em timestamp_type
@@ -3727,7 +3764,7 @@ If the operating system does not support the
system call, this setting has no effect.
.It group_plugin
A string containing a
-.Nm sudoers
+.Nm
group plugin with optional arguments.
The string should consist of the plugin
path, either fully-qualified or relative to the
@@ -4072,7 +4109,7 @@ is run by root with the
.Fl V
option.
Note that many operating systems will remove potentially dangerous
-variables from the environment of any setuid process (such as
+variables from the environment of any set-user-ID process (such as
.Nm sudo ) .
.It env_keep
Environment variables to be preserved in the user's environment when the
@@ -4129,7 +4166,7 @@ syntax described earlier.
.Pp
Group provider plugins are specified via the
.Em group_plugin
-Defaults setting.
+setting.
The argument to
.Em group_plugin
should consist of the plugin path, either fully-qualified or relative to the
@@ -4277,7 +4314,7 @@ failed attempts and the value of the
.Em passwd_tries
option.
.It a password is required
-.Nm sudo Ns 's
+The
.Fl n
option was specified but a password was required.
.It sorry, you are not allowed to set the following environment variables
@@ -4317,7 +4354,7 @@ The
file could not be opened for reading.
This can happen when the
.Em sudoers
-file is located on a remote file system that maps user ID 0 to
+file is located on a remote file system that maps user-ID 0 to
a different value.
Normally,
.Nm
@@ -4330,7 +4367,7 @@ or adding an argument like
.Dq sudoers_uid=N
(where
.Sq N
-is the user ID that owns the
+is the user-ID that owns the
.Em sudoers
file) to the end of the
.Nm
@@ -4356,7 +4393,7 @@ file owner, please add
.Dq sudoers_uid=N
(where
.Sq N
-is the user ID that owns the
+is the user-ID that owns the
.Em sudoers
file) to the
.Nm
@@ -4390,7 +4427,7 @@ file group ownership, please add
.Dq sudoers_gid=N
(where
.Sq N
-is the group ID that owns the
+is the group-ID that owns the
.Em sudoers
file) to the
.Nm
@@ -4399,7 +4436,7 @@ line in the
.Xr sudo.conf @mansectform@
file.
.It unable to open @rundir@/ts/username
-.Nm sudoers
+.Nm
was unable to read or create the user's time stamp file.
This can happen when
.Em timestampowner
@@ -4410,7 +4447,7 @@ The default mode for
.Pa @rundir@
is 0711.
.It unable to write to @rundir@/ts/username
-.Nm sudoers
+.Nm
was unable to write to the user's time stamp file.
.It @rundir@/ts is owned by uid X, should be Y
The time stamp directory is owned by a user other than
@@ -4418,18 +4455,18 @@ The time stamp directory is owned by a user other than
This can occur when the value of
.Em timestampowner
has been changed.
-.Nm sudoers
+.Nm
will ignore the time stamp directory until the owner is corrected.
.It @rundir@/ts is group writable
The time stamp directory is group-writable; it should be writable only by
.Em timestampowner .
The default mode for the time stamp directory is 0700.
-.Nm sudoers
+.Nm
will ignore the time stamp directory until the mode is corrected.
.El
.Ss Notes on logging via syslog
By default,
-.Nm sudoers
+.Nm
logs messages via
.Xr syslog 3 .
The
@@ -4455,11 +4492,11 @@ For more information, see the description of
If the
.Em logfile
option is set,
-.Nm sudoers
+.Nm
will log to a local file, such as
.Pa /var/log/sudo .
When logging to a file,
-.Nm sudoers
+.Nm
uses a format similar to
.Xr syslog 3 ,
with a few important differences:
@@ -4627,11 +4664,11 @@ List of network groups
I/O log files
.It Pa @rundir@/ts
Directory containing time stamps for the
-.Nm sudoers
+.Nm
security policy
.It Pa @vardir@/lectured
Directory containing lecture status files for the
-.Nm sudoers
+.Nm
security policy
.It Pa /etc/environment
Initial environment for
@@ -5175,7 +5212,7 @@ user permission to run
(see below).
.Ss Secure editing
The
-.Nm sudoers
+.Nm
plugin includes
.Nm sudoedit
support which allows users to securely edit files with the editor
@@ -5249,7 +5286,7 @@ tag in the
.Em sudoers
file.
.Ss Time stamp file checks
-.Nm sudoers
+.Nm
will check the ownership of its time stamp directory
.Po
.Pa @rundir@/ts
@@ -5273,14 +5310,14 @@ or
.Pa /var/run
directory.
To avoid potential problems,
-.Nm sudoers
+.Nm
will ignore time stamp files that date from before the machine booted
on systems where the boot time is available.
.Pp
Some systems with graphical desktop environments allow unprivileged
users to change the system clock.
Since
-.Nm sudoers
+.Nm
relies on the system clock for time stamp validation, it may be
possible on such systems for a user to run
.Nm sudo
@@ -5288,16 +5325,16 @@ for longer than
.Em timestamp_timeout
by setting the clock back.
To combat this,
-.Nm sudoers
+.Nm
uses a monotonic clock (which never moves backwards) for its time stamps
if the system supports it.
.Pp
-.Nm sudoers
+.Nm
will not honor time stamps set far in the future.
Time stamps with a date greater than current_time + 2 *
.Li TIMEOUT
will be ignored and
-.Nm sudoers
+.Nm
will log and complain.
.Pp
If the
@@ -5394,7 +5431,7 @@ file
network interface handling
.It Em nss
network service switch handling in
-.Nm sudoers
+.Nm
.It Em parser
.Em sudoers
file parsing
diff --git a/doc/sudoers_timestamp.man.in b/doc/sudoers_timestamp.man.in
index 0c3e509..66a1e70 100644
--- a/doc/sudoers_timestamp.man.in
+++ b/doc/sudoers_timestamp.man.in
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS_TIMESTAMP" "@mansectform@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -117,13 +117,13 @@ and
which is used only when matching records.
.TP 6n
auth_uid
-The user ID that was used for authentication.
+The user-ID that was used for authentication.
Depending on the value of the
\fIrootpw\fR,
\fIrunaspw\fR
and
\fItargetpw\fR
-options, the user ID may be that of the invoking user, the root user,
+options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user.
.TP 6n
sid
diff --git a/doc/sudoers_timestamp.mdoc.in b/doc/sudoers_timestamp.mdoc.in
index f8dc956..b318abf 100644
--- a/doc/sudoers_timestamp.mdoc.in
+++ b/doc/sudoers_timestamp.mdoc.in
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd October 7, 2018
+.Dd October 20, 2019
.Dt SUDOERS_TIMESTAMP @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -109,13 +109,13 @@ and
.Li TS_ANYUID ,
which is used only when matching records.
.It auth_uid
-The user ID that was used for authentication.
+The user-ID that was used for authentication.
Depending on the value of the
.Em rootpw ,
.Em runaspw
and
.Em targetpw
-options, the user ID may be that of the invoking user, the root user,
+options, the user-ID may be that of the invoking user, the root user,
the default runas user or the target user.
.It sid
The ID of the user's terminal session, if present.
diff --git a/doc/visudo.man.in b/doc/visudo.man.in
index f04ff36..eb48f4b 100644
--- a/doc/visudo.man.in
+++ b/doc/visudo.man.in
@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "VISUDO" "@mansectsu@" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -305,13 +305,13 @@ sudoers_uid=uid
The
\fIsudoers_uid\fR
argument can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
+It should be specified as a numeric user-ID.
.TP 10n
sudoers_gid=gid
The
\fIsudoers_gid\fR
argument can be used to override the default group of the sudoers file.
-It must be specified as a numeric group ID (not a group name).
+It must be specified as a numeric group-ID (not a group name).
.TP 10n
sudoers_mode=mode
The
@@ -379,7 +379,7 @@ You didn't run
as root.
.TP 6n
\fRyou do not exist in the passwd database\fR
-Your user ID does not appear in the system passwd database.
+Your user-ID does not appear in the system passwd database.
.TP 6n
\fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in
index 059dc7b..8c0a1c3 100644
--- a/doc/visudo.mdoc.in
+++ b/doc/visudo.mdoc.in
@@ -20,7 +20,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd June 20, 2019
+.Dd October 20, 2019
.Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -295,12 +295,12 @@ file.
The
.Em sudoers_uid
argument can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
+It should be specified as a numeric user-ID.
.It sudoers_gid=gid
The
.Em sudoers_gid
argument can be used to override the default group of the sudoers file.
-It must be specified as a numeric group ID (not a group name).
+It must be specified as a numeric group-ID (not a group name).
.It sudoers_mode=mode
The
.Em sudoers_mode
@@ -364,7 +364,7 @@ You didn't run
.Nm
as root.
.It Li you do not exist in the passwd database
-Your user ID does not appear in the system passwd database.
+Your user-ID does not appear in the system passwd database.
.It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of
diff --git a/examples/Makefile.in b/examples/Makefile.in
index a42c5e4..c5e58b9 100644
--- a/examples/Makefile.in
+++ b/examples/Makefile.in
@@ -56,6 +56,8 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
all: $(EXAMPLES)
+depend:
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file examples/Makefile
diff --git a/include/Makefile.in b/include/Makefile.in
index 6bd74d5..d5b9758 100644
--- a/include/Makefile.in
+++ b/include/Makefile.in
@@ -50,6 +50,8 @@ SHELL = @SHELL@
all:
+depend:
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file include/Makefile
diff --git a/include/sudo_compat.h b/include/sudo_compat.h
index 90327b0..8be6ebc 100644
--- a/include/sudo_compat.h
+++ b/include/sudo_compat.h
@@ -379,11 +379,6 @@ int getdomainname(char *, size_t);
# endif
#endif /* __hpux && !__LP64__ */
-/* We wrap OpenBSD's strtonum() to get translatable error strings. */
-__dso_public long long sudo_strtonum(const char *, long long, long long, const char **);
-#undef strtonum
-#define strtonum(_a, _b, _c, _d) sudo_strtonum((_a), (_b), (_c), (_d))
-
/*
* Functions "missing" from libc.
* All libc replacements are prefixed with "sudo_" to avoid namespace issues.
diff --git a/include/sudo_plugin.h b/include/sudo_plugin.h
index cb767fd..1ca3eb7 100644
--- a/include/sudo_plugin.h
+++ b/include/sudo_plugin.h
@@ -21,7 +21,7 @@
/* API version major/minor */
#define SUDO_API_VERSION_MAJOR 1
-#define SUDO_API_VERSION_MINOR 13
+#define SUDO_API_VERSION_MINOR 14
#define SUDO_API_MKVERSION(x, y) (((x) << 16) | (y))
#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR)
diff --git a/include/sudo_util.h b/include/sudo_util.h
index a3904c1..9fc832f 100644
--- a/include/sudo_util.h
+++ b/include/sudo_util.h
@@ -246,9 +246,16 @@ __dso_public const char *sudo_strsplit_v1(const char *str, const char *endstr, c
__dso_public int sudo_strtobool_v1(const char *str);
#define sudo_strtobool(_a) sudo_strtobool_v1((_a))
+/* strtonum.c */
+/* Not versioned for historical reasons. */
+__dso_public long long sudo_strtonum(const char *, long long, long long, const char **);
+
/* strtoid.c */
__dso_public id_t sudo_strtoid_v1(const char *str, const char *sep, char **endp, const char **errstr);
-#define sudo_strtoid(_a, _b, _c, _d) sudo_strtoid_v1((_a), (_b), (_c), (_d))
+__dso_public id_t sudo_strtoid_v2(const char *str, const char **errstr);
+#define sudo_strtoid(_a, _b) sudo_strtoid_v2((_a), (_b))
+__dso_public id_t sudo_strtoidx_v1(const char *str, const char *sep, char **endp, const char **errstr);
+#define sudo_strtoidx(_a, _b, _c, _d) sudo_strtoidx_v1((_a), (_b), (_c), (_d))
/* strtomode.c */
__dso_public int sudo_strtomode_v1(const char *cp, const char **errstr);
diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in
index 147cf62..b07572e 100644
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -98,8 +98,9 @@ PVS_IGNORE = 'V707,V011,V002,V536'
PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE)
# Regression tests
-TEST_PROGS = atofoo_test conf_test hltq_test parseln_test progname_test \
- strsplit_test parse_gids_test getgrouplist_test @COMPAT_TEST_PROGS@
+TEST_PROGS = conf_test hltq_test parseln_test progname_test strsplit_test \
+ strtobool_test strtoid_test strtomode_test strtonum_test \
+ parse_gids_test getgrouplist_test @COMPAT_TEST_PROGS@
TEST_LIBS = @LIBS@
TEST_LDFLAGS = @LDFLAGS@
@@ -117,15 +118,13 @@ SHELL = @SHELL@
LTOBJS = @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo gettime.lo \
getgrouplist.lo gidlist.lo lbuf.lo locking.lo parseln.lo progname.lo \
secure_path.lo setgroups.lo strsplit.lo strtobool.lo strtoid.lo \
- strtomode.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo term.lo \
- ttyname_dev.lo ttysize.lo @COMMON_OBJS@ @LTLIBOBJS@
+ strtomode.lo strtonum.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo \
+ term.lo ttyname_dev.lo ttysize.lo @COMMON_OBJS@ @LTLIBOBJS@
IOBJS = $(LTOBJS:.lo=.i)
POBJS = $(IOBJS:.i=.plog)
-ATOFOO_TEST_OBJS = atofoo_test.lo strtobool.lo strtoid.lo strtomode.lo
-
MKTEMP_TEST_OBJS = mktemp_test.lo mktemp.lo
PARSELN_TEST_OBJS = parseln_test.lo parseln.lo
@@ -142,6 +141,14 @@ GLOBTEST_OBJS = globtest.lo glob.lo
GETDELIM_TEST_OBJS = getdelim_test.lo getdelim.lo
+STRTOBOOL_TEST_OBJS = strtobool_test.lo strtobool.lo
+
+STRTOMODE_TEST_OBJS = strtomode_test.lo strtomode.lo
+
+STRTOID_TEST_OBJS = strtoid_test.lo strtoid.lo strtonum.lo
+
+STRTONUM_TEST_OBJS = strtonum_test.lo strtonum.lo
+
STRSPLIT_TEST_OBJS = strsplit_test.lo strsplit.lo
PARSE_GIDS_TEST_OBJS = parse_gids_test.lo gidlist.lo
@@ -159,6 +166,11 @@ pvs-log-files: $(POBJS)
pvs-studio: $(POBJS)
plog-converter $(PVS_LOG_OPTS) $(POBJS)
+depend:
+ $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \
+ --builddir=`pwd`/$(top_builddir) lib/util/Makefile.in
+ cd $(top_builddir) && ./config.status --file lib/util/Makefile
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file lib/util/Makefile
@@ -209,9 +221,6 @@ $(srcdir)/mksigname.h: $(srcdir)/siglist.in
$(AWK) 'BEGIN {print "/* public domain */\n"} /^ [A-Z]/ {printf("#ifdef SIG%s\n if (sudo_sys_signame[SIG%s] == NULL)\n\tsudo_sys_signame[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, $$1)}' < $(srcdir)/siglist.in > $@; \
fi
-atofoo_test: $(ATOFOO_TEST_OBJS) libsudo_util.la
- $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(ATOFOO_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
-
conf_test: $(CONF_TEST_OBJS) libsudo_util.la
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
@@ -248,6 +257,18 @@ strsplit_test: $(STRSPLIT_TEST_OBJS) libsudo_util.la
strsig_test: $(STRSIG_TEST_OBJS) libsudo_util.la
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRSIG_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+strtobool_test: $(STRTOBOOL_TEST_OBJS) libsudo_util.la
+ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRTOBOOL_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
+strtomode_test: $(STRTOMODE_TEST_OBJS) libsudo_util.la
+ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRTOMODE_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
+strtonum_test: $(STRTONUM_TEST_OBJS) libsudo_util.la
+ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRTONUM_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
+strtoid_test: $(STRTOID_TEST_OBJS) libsudo_util.la
+ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(STRTOID_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
vsyslog_test: $(VSYSLOG_TEST_OBJS) libsudo_util.la
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(VSYSLOG_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
@@ -288,6 +309,8 @@ pvs-log-files: $(POBJS)
# Note: some regress checks are run from srcdir for consistent error messages
check: $(TEST_PROGS)
@if test X"$(cross_compiling)" != X"yes"; then \
+ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \
+ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \
rval=0; \
if test -f parse_gids_test; then \
./parse_gids_test || rval=`expr $$rval + $$?`; \
@@ -317,7 +340,10 @@ check: $(TEST_PROGS)
./strsig_test || rval=`expr $$rval + $$?`; \
fi; \
./getgrouplist_test || rval=`expr $$rval + $$?`; \
- ./atofoo_test || rval=`expr $$rval + $$?`; \
+ ./strtobool_test || rval=`expr $$rval + $$?`; \
+ ./strtoid_test || rval=`expr $$rval + $$?`; \
+ ./strtomode_test || rval=`expr $$rval + $$?`; \
+ ./strtonum_test || rval=`expr $$rval + $$?`; \
./hltq_test || rval=`expr $$rval + $$?`; \
./progname_test || rval=`expr $$rval + $$?`; \
rm -f ./progname_test2; ln -s ./progname_test ./progname_test2; \
@@ -422,22 +448,12 @@ arc4random_uniform.i: $(srcdir)/arc4random_uniform.c $(incdir)/sudo_compat.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
arc4random_uniform.plog: arc4random_uniform.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/arc4random_uniform.c --i-file $< --output-file $@
-atofoo_test.lo: $(srcdir)/regress/atofoo/atofoo_test.c \
- $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
- $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
- $(top_builddir)/config.h
- $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/atofoo/atofoo_test.c
-atofoo_test.i: $(srcdir)/regress/atofoo/atofoo_test.c \
- $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
- $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
- $(top_builddir)/config.h
- $(CC) -E -o $@ $(CPPFLAGS) $<
-atofoo_test.plog: atofoo_test.i
- rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/atofoo/atofoo_test.c --i-file $< --output-file $@
-closefrom.lo: $(srcdir)/closefrom.c $(incdir)/sudo_compat.h \
+closefrom.lo: $(srcdir)/closefrom.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/closefrom.c
-closefrom.i: $(srcdir)/closefrom.c $(incdir)/sudo_compat.h \
+closefrom.i: $(srcdir)/closefrom.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
closefrom.plog: closefrom.i
@@ -946,9 +962,13 @@ snprintf.i: $(srcdir)/snprintf.c $(incdir)/sudo_compat.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
snprintf.plog: snprintf.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/snprintf.c --i-file $< --output-file $@
-str2sig.lo: $(srcdir)/str2sig.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
+str2sig.lo: $(srcdir)/str2sig.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/str2sig.c
-str2sig.i: $(srcdir)/str2sig.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
+str2sig.i: $(srcdir)/str2sig.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $<
str2sig.plog: str2sig.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/str2sig.c --i-file $< --output-file $@
@@ -1032,6 +1052,18 @@ strtobool.i: $(srcdir)/strtobool.c $(incdir)/compat/stdbool.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
strtobool.plog: strtobool.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strtobool.c --i-file $< --output-file $@
+strtobool_test.lo: $(srcdir)/regress/strtofoo/strtobool_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/strtofoo/strtobool_test.c
+strtobool_test.i: $(srcdir)/regress/strtofoo/strtobool_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(CC) -E -o $@ $(CPPFLAGS) $<
+strtobool_test.plog: strtobool_test.i
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/strtofoo/strtobool_test.c --i-file $< --output-file $@
strtoid.lo: $(srcdir)/strtoid.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
@@ -1044,6 +1076,18 @@ strtoid.i: $(srcdir)/strtoid.c $(incdir)/compat/stdbool.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
strtoid.plog: strtoid.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strtoid.c --i-file $< --output-file $@
+strtoid_test.lo: $(srcdir)/regress/strtofoo/strtoid_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/strtofoo/strtoid_test.c
+strtoid_test.i: $(srcdir)/regress/strtofoo/strtoid_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(CC) -E -o $@ $(CPPFLAGS) $<
+strtoid_test.plog: strtoid_test.i
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/strtofoo/strtoid_test.c --i-file $< --output-file $@
strtomode.lo: $(srcdir)/strtomode.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
@@ -1056,14 +1100,40 @@ strtomode.i: $(srcdir)/strtomode.c $(incdir)/compat/stdbool.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
strtomode.plog: strtomode.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strtomode.c --i-file $< --output-file $@
-strtonum.lo: $(srcdir)/strtonum.c $(incdir)/sudo_compat.h \
- $(incdir)/sudo_gettext.h $(top_builddir)/config.h
+strtomode_test.lo: $(srcdir)/regress/strtofoo/strtomode_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/strtofoo/strtomode_test.c
+strtomode_test.i: $(srcdir)/regress/strtofoo/strtomode_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(CC) -E -o $@ $(CPPFLAGS) $<
+strtomode_test.plog: strtomode_test.i
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/strtofoo/strtomode_test.c --i-file $< --output-file $@
+strtonum.lo: $(srcdir)/strtonum.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_gettext.h \
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/strtonum.c
-strtonum.i: $(srcdir)/strtonum.c $(incdir)/sudo_compat.h \
- $(incdir)/sudo_gettext.h $(top_builddir)/config.h
+strtonum.i: $(srcdir)/strtonum.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_gettext.h \
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $<
strtonum.plog: strtonum.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/strtonum.c --i-file $< --output-file $@
+strtonum_test.lo: $(srcdir)/regress/strtofoo/strtonum_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/strtofoo/strtonum_test.c
+strtonum_test.i: $(srcdir)/regress/strtofoo/strtonum_test.c \
+ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \
+ $(top_builddir)/config.h
+ $(CC) -E -o $@ $(CPPFLAGS) $<
+strtonum_test.plog: strtonum_test.i
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/strtofoo/strtonum_test.c --i-file $< --output-file $@
sudo_conf.lo: $(srcdir)/sudo_conf.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
diff --git a/lib/util/closefrom.c b/lib/util/closefrom.c
index 80fdfa4..06aac55 100644
--- a/lib/util/closefrom.c
+++ b/lib/util/closefrom.c
@@ -39,6 +39,7 @@
#endif
#include "sudo_compat.h"
+#include "sudo_util.h"
#include "pathnames.h"
#ifndef _POSIX_OPEN_MAX
@@ -116,7 +117,7 @@ sudo_closefrom(int lowfd)
struct dirent *dent;
while ((dent = readdir(dirp)) != NULL) {
const char *errstr;
- int fd = strtonum(dent->d_name, lowfd, INT_MAX, &errstr);
+ int fd = sudo_strtonum(dent->d_name, lowfd, INT_MAX, &errstr);
if (errstr == NULL && fd != dirfd(dirp)) {
# ifdef __APPLE__
/* Avoid potential libdispatch crash when we close its fds. */
diff --git a/lib/util/getaddrinfo.c b/lib/util/getaddrinfo.c
index 046e4db..5232649 100644
--- a/lib/util/getaddrinfo.c
+++ b/lib/util/getaddrinfo.c
@@ -239,7 +239,7 @@ gai_service(const char *servname, int flags, int *type, unsigned short *port)
const char *errstr;
unsigned short value;
- value = strtonum(servname, 0, USHRT_MAX, &errstr);
+ value = sudo_strtonum(servname, 0, USHRT_MAX, &errstr);
if (errstr == NULL) {
*port = value;
} else if (errno == ERANGE) {
diff --git a/lib/util/getgrouplist.c b/lib/util/getgrouplist.c
index 91d398e..bd53eee 100644
--- a/lib/util/getgrouplist.c
+++ b/lib/util/getgrouplist.c
@@ -165,7 +165,7 @@ sudo_getgrouplist2_v1(const char *name, GETGROUPS_T basegid,
groups[0] = basegid;
for (cp = strtok_r(grset, ",", &last); cp != NULL; cp = strtok_r(NULL, ",", &last)) {
- gid = sudo_strtoid(cp, NULL, NULL, &errstr);
+ gid = sudo_strtoid(cp, &errstr);
if (errstr == NULL && gid != basegid) {
if (ngroups == grpsize)
goto done;
@@ -251,7 +251,7 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
*fieldsep++ = '\0';
- id = sudo_strtoid(cp, NULL, NULL, &errstr);
+ id = sudo_strtoid(cp, &errstr);
if (errstr != NULL) {
/*
* A range error is always a fatal error, but ignore garbage
diff --git a/lib/util/gidlist.c b/lib/util/gidlist.c
index 85a6b89..8d08abd 100644
--- a/lib/util/gidlist.c
+++ b/lib/util/gidlist.c
@@ -76,7 +76,7 @@ sudo_parse_gids_v1(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp
gids[ngids++] = *basegid;
cp = gidstr;
do {
- gids[ngids] = (GETGROUPS_T) sudo_strtoid(cp, ",", &ep, &errstr);
+ gids[ngids] = (GETGROUPS_T) sudo_strtoidx(cp, ",", &ep, &errstr);
if (errstr != NULL) {
sudo_warnx(U_("%s: %s"), cp, U_(errstr));
free(gids);
diff --git a/lib/util/regress/strtofoo/strtobool_test.c b/lib/util/regress/strtofoo/strtobool_test.c
new file mode 100644
index 0000000..f786b86
--- /dev/null
+++ b/lib/util/regress/strtofoo/strtobool_test.c
@@ -0,0 +1,86 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2014-2019 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif
+
+#include "sudo_compat.h"
+#include "sudo_util.h"
+#include "sudo_fatal.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+/* sudo_strtobool() tests */
+static struct strtobool_data {
+ const char *bool_str;
+ int value;
+} strtobool_data[] = {
+ { "true", true },
+ { "false", false },
+ { "TrUe", true },
+ { "fAlSe", false },
+ { "1", true },
+ { "0", false },
+ { "on", true },
+ { "off", false },
+ { "yes", true },
+ { "no", false },
+ { "nope", -1 },
+ { "10", -1 },
+ { "one", -1 },
+ { "zero", -1 },
+ { NULL, 0 }
+};
+
+/*
+ * Simple tests for sudo_strtobool()
+ */
+int
+main(int argc, char *argv[])
+{
+ struct strtobool_data *d;
+ int errors = 0;
+ int ntests = 0;
+ int value;
+
+ initprogname(argc > 0 ? argv[0] : "strtobool_test");
+
+ for (d = strtobool_data; d->bool_str != NULL; d++) {
+ ntests++;
+ value = sudo_strtobool(d->bool_str);
+ if (value != d->value) {
+ sudo_warnx_nodebug("FAIL: %s != %d", d->bool_str, d->value);
+ errors++;
+ }
+ }
+
+ if (ntests != 0) {
+ printf("%s: %d tests run, %d errors, %d%% success rate\n",
+ getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
+ }
+
+ return errors;
+}
diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/strtofoo/strtoid_test.c
index fb41c1a..c97f98c 100644
--- a/lib/util/regress/atofoo/atofoo_test.c
+++ b/lib/util/regress/strtofoo/strtoid_test.c
@@ -21,11 +21,6 @@
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
-#ifdef HAVE_STDBOOL_H
-# include <stdbool.h>
-#else
-# include "compat/stdbool.h"
-#endif
#include <errno.h>
#include "sudo_compat.h"
@@ -34,55 +29,14 @@
__dso_public int main(int argc, char *argv[]);
-/* sudo_strtobool() tests */
-static struct strtobool_data {
- const char *bool_str;
- int value;
-} strtobool_data[] = {
- { "true", true },
- { "false", false },
- { "TrUe", true },
- { "fAlSe", false },
- { "1", true },
- { "0", false },
- { "on", true },
- { "off", false },
- { "yes", true },
- { "no", false },
- { "nope", -1 },
- { "10", -1 },
- { "one", -1 },
- { "zero", -1 },
- { NULL, 0 }
-};
-
-static int
-test_strtobool(int *ntests)
-{
- struct strtobool_data *d;
- int errors = 0;
- int value;
-
- for (d = strtobool_data; d->bool_str != NULL; d++) {
- (*ntests)++;
- value = sudo_strtobool(d->bool_str);
- if (value != d->value) {
- sudo_warnx_nodebug("FAIL: %s != %d", d->bool_str, d->value);
- errors++;
- }
- }
-
- return errors;
-}
-
-/* sudo_strtoid() tests */
-static struct strtoid_data {
+/* sudo_strtoidx() tests */
+static struct strtoidx_data {
const char *idstr;
id_t id;
const char *sep;
const char *ep;
int errnum;
-} strtoid_data[] = {
+} strtoidx_data[] = {
{ "0,1", 0, ",", ",", 0 },
{ "10", 10, NULL, NULL, 0 },
{ "-1", 0, NULL, NULL, EINVAL },
@@ -97,19 +51,25 @@ static struct strtoid_data {
{ NULL, 0, NULL, NULL, 0 }
};
-static int
-test_strtoid(int *ntests)
+/*
+ * Simple tests for sudo_strtoidx()
+ */
+int
+main(int argc, char *argv[])
{
- struct strtoid_data *d;
+ struct strtoidx_data *d;
const char *errstr;
char *ep;
int errors = 0;
+ int ntests = 0;
id_t value;
- for (d = strtoid_data; d->idstr != NULL; d++) {
- (*ntests)++;
+ initprogname(argc > 0 ? argv[0] : "strtoid_test");
+
+ for (d = strtoidx_data; d->idstr != NULL; d++) {
+ ntests++;
errstr = "some error";
- value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
+ value = sudo_strtoidx(d->idstr, d->sep, &ep, &errstr);
if (d->errnum != 0) {
if (errstr == NULL) {
sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
@@ -137,67 +97,10 @@ test_strtoid(int *ntests)
}
}
- return errors;
-}
-
-/* sudo_strtomode() tests */
-static struct strtomode_data {
- const char *mode_str;
- mode_t mode;
-} strtomode_data[] = {
- { "755", 0755 },
- { "007", 007 },
- { "7", 7 },
- { "8", (mode_t)-1 },
- { NULL, 0 }
-};
-
-static int
-test_strtomode(int *ntests)
-{
- struct strtomode_data *d;
- const char *errstr;
- int errors = 0;
- mode_t mode;
-
- for (d = strtomode_data; d->mode_str != NULL; d++) {
- (*ntests)++;
- errstr = "some error";
- mode = sudo_strtomode(d->mode_str, &errstr);
- if (errstr != NULL) {
- if (d->mode != (mode_t)-1) {
- sudo_warnx_nodebug("FAIL: %s: %s", d->mode_str, errstr);
- errors++;
- }
- } else if (mode != d->mode) {
- sudo_warnx_nodebug("FAIL: %s != 0%o", d->mode_str,
- (unsigned int) d->mode);
- errors++;
- }
- }
-
- return errors;
-}
-
-/*
- * Simple tests for sudo_strtobool(), sudo_strtoid(), sudo_strtomode().
- */
-int
-main(int argc, char *argv[])
-{
- int errors = 0;
- int ntests = 0;
-
- initprogname(argc > 0 ? argv[0] : "atofoo");
-
- errors += test_strtobool(&ntests);
- errors += test_strtoid(&ntests);
- errors += test_strtomode(&ntests);
-
if (ntests != 0) {
printf("%s: %d tests run, %d errors, %d%% success rate\n",
getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
}
- exit(errors);
+ return errors;
}
diff --git a/lib/util/regress/strtofoo/strtomode_test.c b/lib/util/regress/strtofoo/strtomode_test.c
new file mode 100644
index 0000000..9c33940
--- /dev/null
+++ b/lib/util/regress/strtofoo/strtomode_test.c
@@ -0,0 +1,79 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2014-2019 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "sudo_compat.h"
+#include "sudo_util.h"
+#include "sudo_fatal.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+/* sudo_strtomode() tests */
+static struct strtomode_data {
+ const char *mode_str;
+ mode_t mode;
+} strtomode_data[] = {
+ { "755", 0755 },
+ { "007", 007 },
+ { "7", 7 },
+ { "8", (mode_t)-1 },
+ { NULL, 0 }
+};
+
+/*
+ * Simple tests for sudo_strtomode().
+ */
+int
+main(int argc, char *argv[])
+{
+ struct strtomode_data *d;
+ const char *errstr;
+ int errors = 0;
+ int ntests = 0;
+ mode_t mode;
+
+ initprogname(argc > 0 ? argv[0] : "strtomode_test");
+
+ for (d = strtomode_data; d->mode_str != NULL; d++) {
+ ntests++;
+ errstr = "some error";
+ mode = sudo_strtomode(d->mode_str, &errstr);
+ if (errstr != NULL) {
+ if (d->mode != (mode_t)-1) {
+ sudo_warnx_nodebug("FAIL: %s: %s", d->mode_str, errstr);
+ errors++;
+ }
+ } else if (mode != d->mode) {
+ sudo_warnx_nodebug("FAIL: %s != 0%o", d->mode_str,
+ (unsigned int) d->mode);
+ errors++;
+ }
+ }
+
+ if (ntests != 0) {
+ printf("%s: %d tests run, %d errors, %d%% success rate\n",
+ getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
+ }
+
+ return errors;
+}
diff --git a/lib/util/regress/strtofoo/strtonum_test.c b/lib/util/regress/strtofoo/strtonum_test.c
new file mode 100644
index 0000000..96c1f58
--- /dev/null
+++ b/lib/util/regress/strtofoo/strtonum_test.c
@@ -0,0 +1,123 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2019 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <errno.h>
+
+#include "sudo_compat.h"
+#include "sudo_util.h"
+#include "sudo_fatal.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+/* sudo_strtonum() tests */
+static struct strtonum_data {
+ const char *str;
+ long long minval;
+ long long maxval;
+ long long retval;
+ int errnum;
+} strtonum_data[] = {
+ { "0,1", LLONG_MIN, LLONG_MAX, 0, EINVAL },
+ { "0", INT_MAX, INT_MIN, 0, EINVAL },
+ { "", 0, UINT_MAX, 0, EINVAL },
+ { " ", 0, UINT_MAX, 0, EINVAL },
+ { "-1 ", 0, UINT_MAX, 0, EINVAL },
+ { "9223372036854775808X", LLONG_MIN, LLONG_MAX, 0, EINVAL },
+ { "-9223372036854775809X", LLONG_MIN, LLONG_MAX, 0, EINVAL },
+
+ { "10", 0, 255, 10, 0 },
+ { "-1", 0, UINT_MAX, 0, ERANGE },
+
+ { "-40", -100, -50, 0, ERANGE },
+ { "-60", -100, -50, -60, 0 },
+ { "-200", -100, -50, 0, ERANGE },
+
+ { "42", 42, 42, 42, 0 },
+ { "-42", -42, -42, -42, 0 },
+
+ { "4294967295", 0, UINT_MAX, UINT_MAX, 0 },
+ { "4294967295", INT_MIN, INT_MAX, 0, ERANGE },
+ { "4294967296", 0, UINT_MAX, 0, ERANGE },
+
+ { "2147483647", INT_MIN, INT_MAX, INT_MAX, 0 },
+ { "-2147483648", INT_MIN, INT_MAX, INT_MIN, 0 },
+ { "2147483648", INT_MIN, INT_MAX, 0, ERANGE },
+ { "-2147483649", INT_MIN, INT_MAX, 0, ERANGE },
+
+ { "9223372036854775807", LLONG_MIN, LLONG_MAX, LLONG_MAX, 0 },
+ { "-9223372036854775808", LLONG_MIN, LLONG_MAX, LLONG_MIN, 0 },
+ { "9223372036854775808", LLONG_MIN, LLONG_MAX, 0, ERANGE },
+ { "-9223372036854775809", LLONG_MIN, LLONG_MAX, 0, ERANGE },
+
+ { NULL, 0, 0, 0, 0 }
+};
+
+/*
+ * Simple tests for sudo_strtonum()
+ */
+int
+main(int argc, char *argv[])
+{
+ struct strtonum_data *d;
+ const char *errstr;
+ int errors = 0;
+ int ntests = 0;
+ long long value;
+
+ initprogname(argc > 0 ? argv[0] : "strtonum_test");
+
+ for (d = strtonum_data; d->str != NULL; d++) {
+ ntests++;
+ errstr = "some error";
+ value = sudo_strtonum(d->str, d->minval, d->maxval, &errstr);
+ if (d->errnum != 0) {
+ if (errstr == NULL) {
+ sudo_warnx_nodebug("FAIL: \"%s\": missing errstr for errno %d",
+ d->str, d->errnum);
+ errors++;
+ } else if (value != 0) {
+ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
+ d->str);
+ errors++;
+ } else if (errno != d->errnum) {
+ sudo_warnx_nodebug("FAIL: \"%s\": errno mismatch, %d != %d",
+ d->str, errno, d->errnum);
+ errors++;
+ }
+ } else if (errstr != NULL) {
+ sudo_warnx_nodebug("FAIL: \"%s\": %s", d->str, errstr);
+ errors++;
+ } else if (value != d->retval) {
+ sudo_warnx_nodebug("FAIL: %s != %lld", d->str, d->retval);
+ errors++;
+ }
+ }
+
+ if (ntests != 0) {
+ printf("%s: %d tests run, %d errors, %d%% success rate\n",
+ getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
+ }
+
+ return errors;
+}
diff --git a/lib/util/str2sig.c b/lib/util/str2sig.c
index fd00523..61c4aab 100644
--- a/lib/util/str2sig.c
+++ b/lib/util/str2sig.c
@@ -41,6 +41,7 @@
#include <unistd.h>
#include "sudo_compat.h"
+#include "sudo_util.h"
#if defined(HAVE_DECL_SYS_SIGNAME) && HAVE_DECL_SYS_SIGNAME == 1
# define sudo_sys_signame sys_signame
@@ -96,7 +97,7 @@ sudo_str2sig(const char *signame, int *result)
/* Could be a signal number encoded as a string. */
if (isdigit((unsigned char)signame[0])) {
- signo = strtonum(signame, 0, NSIG - 1, &errstr);
+ signo = sudo_strtonum(signame, 0, NSIG - 1, &errstr);
if (errstr != NULL)
return -1;
*result = signo;
diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
index 6b3916b..1312aa6 100644
--- a/lib/util/strtoid.c
+++ b/lib/util/strtoid.c
@@ -48,6 +48,9 @@
#include "sudo_debug.h"
#include "sudo_util.h"
+/* strtoid.c (not exported) */
+long long sudo_strtonumx(const char *str, long long minval, long long maxval, char **ep, const char **errstrp);
+
/*
* Make sure that the ID ends with a valid separator char.
*/
@@ -55,7 +58,6 @@ static bool
valid_separator(const char *p, const char *ep, const char *sep)
{
bool valid = false;
- debug_decl(valid_separator, SUDO_DEBUG_UTIL)
if (ep != p) {
/* check for valid separator (including '\0') */
@@ -66,7 +68,7 @@ valid_separator(const char *p, const char *ep, const char *sep)
valid = true;
} while (*sep++ != '\0');
}
- debug_return_bool(valid);
+ return valid;
}
/*
@@ -76,109 +78,43 @@ valid_separator(const char *p, const char *ep, const char *sep)
* On success, returns the parsed ID and clears errstr.
* On error, returns 0 and sets errstr.
*/
-#if SIZEOF_ID_T == SIZEOF_LONG_LONG
id_t
-sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr)
+sudo_strtoidx_v1(const char *p, const char *sep, char **endp, const char **errstrp)
{
+ const char *errstr;
char *ep;
- id_t ret = 0;
- long long llval;
+ id_t ret;
debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
- /* skip leading space so we can pick up the sign, if any */
- while (isspace((unsigned char)*p))
- p++;
-
- /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
- errno = 0;
- llval = strtoll(p, &ep, 10);
- if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
- errno = ERANGE;
- if (errstr != NULL)
- *errstr = N_("value too large");
- goto done;
- }
- if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
- errno = ERANGE;
- if (errstr != NULL)
- *errstr = N_("value too small");
- goto done;
- }
-
- /* Disallow id -1, which means "no change". */
- if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
- if (errstr != NULL)
- *errstr = N_("invalid value");
- errno = EINVAL;
- goto done;
+ ret = sudo_strtonumx(p, INT_MIN, UINT_MAX, &ep, &errstr);
+ if (errstr == NULL) {
+ /*
+ * Disallow id -1 (UINT_MAX), which means "no change"
+ * and check for a valid separator (if specified).
+ */
+ if (ret == (id_t)-1 || ret == (id_t)UINT_MAX || !valid_separator(p, ep, sep)) {
+ errstr = N_("invalid value");
+ errno = EINVAL;
+ ret = 0;
+ }
}
- ret = (id_t)llval;
- if (errstr != NULL)
- *errstr = NULL;
+ if (errstrp != NULL)
+ *errstrp = errstr;
if (endp != NULL)
*endp = ep;
-done:
debug_return_id_t(ret);
}
-#else
+
+/* Backwards compatibility */
id_t
-sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr)
+sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstrp)
{
- char *ep;
- id_t ret = 0;
- debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
-
- /* skip leading space so we can pick up the sign, if any */
- while (isspace((unsigned char)*p))
- p++;
-
- errno = 0;
- if (*p == '-') {
- long lval = strtol(p, &ep, 10);
- if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
- errno = ERANGE;
- if (errstr != NULL)
- *errstr = N_("value too large");
- goto done;
- }
- if ((errno == ERANGE && lval == LONG_MIN) || lval < INT_MIN) {
- errno = ERANGE;
- if (errstr != NULL)
- *errstr = N_("value too small");
- goto done;
- }
-
- /* Disallow id -1, which means "no change". */
- if (!valid_separator(p, ep, sep) || lval == -1) {
- if (errstr != NULL)
- *errstr = N_("invalid value");
- errno = EINVAL;
- goto done;
- }
- ret = (id_t)lval;
- } else {
- unsigned long ulval = strtoul(p, &ep, 10);
- if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
- errno = ERANGE;
- if (errstr != NULL)
- *errstr = N_("value too large");
- goto done;
- }
+ return sudo_strtoidx_v1(p, sep, endp, errstrp);
+}
- /* Disallow id -1, which means "no change". */
- if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
- if (errstr != NULL)
- *errstr = N_("invalid value");
- errno = EINVAL;
- goto done;
- }
- ret = (id_t)ulval;
- }
- if (errstr != NULL)
- *errstr = NULL;
- if (endp != NULL)
- *endp = ep;
-done:
- debug_return_id_t(ret);
+/* Simplified interface */
+id_t
+sudo_strtoid_v2(const char *p, const char **errstrp)
+{
+ return sudo_strtoidx_v1(p, NULL, NULL, errstrp);
}
-#endif /* SIZEOF_ID_T == 8 */
diff --git a/lib/util/strtonum.c b/lib/util/strtonum.c
index 4bc9701..ad8b870 100644
--- a/lib/util/strtonum.c
+++ b/lib/util/strtonum.c
@@ -1,7 +1,7 @@
/*
* SPDX-License-Identifier: ISC
*
- * Copyright (c) 2013-2014 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2013-2015, 2019 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -41,41 +41,10 @@
#include "sudo_gettext.h" /* must be included before sudo_compat.h */
#include "sudo_compat.h"
-
-#ifdef HAVE_STRTONUM
-
-/*
- * The OpenBSD strtonum error string too short to be translated sensibly.
- * This wrapper just changes errstr as follows:
- * invalid -> invalid value
- * too large -> value too large
- * too small -> value too small
- */
-long long
-sudo_strtonum(const char *str, long long minval, long long maxval,
- const char **errstrp)
-{
- long long retval;
- const char *errstr;
-
-# undef strtonum
- retval = strtonum(str, minval, maxval, &errstr);
- if (errstr != NULL) {
- if (errno == EINVAL) {
- errstr = N_("invalid value");
- } else if (errno == ERANGE) {
- errstr = strcmp(errstr, "too large") == 0 ?
- N_("value too large") : N_("value too small");
- }
- }
- if (errstrp != NULL)
- *errstrp = errstr;
- return retval;
-}
-
-#else
+#include "sudo_util.h"
enum strtonum_err {
+ STN_INITIAL,
STN_VALID,
STN_INVALID,
STN_TOOSMALL,
@@ -84,16 +53,18 @@ enum strtonum_err {
/*
* Convert a string to a number in the range [minval, maxval]
+ * Unlike strtonum(), this returns the first non-digit in endp (if not NULL).
*/
long long
-sudo_strtonum(const char *str, long long minval, long long maxval,
+sudo_strtonumx(const char *str, long long minval, long long maxval, char **endp,
const char **errstrp)
{
- const unsigned char *ustr = (const unsigned char *)str;
- enum strtonum_err errval = STN_VALID;
+ enum strtonum_err errval = STN_INITIAL;
long long lastval, result = 0;
- unsigned char dig, sign;
+ const char *cp = str;
+ unsigned char ch;
int remainder;
+ char sign;
if (minval > maxval) {
errval = STN_INVALID;
@@ -101,16 +72,16 @@ sudo_strtonum(const char *str, long long minval, long long maxval,
}
/* Trim leading space and check sign, if any. */
- while (isspace(*ustr)) {
- ustr++;
- }
- switch (*ustr) {
+ do {
+ ch = *cp++;
+ } while (isspace(ch));
+ switch (ch) {
case '-':
sign = '-';
- ustr++;
+ ch = *cp++;
break;
case '+':
- ustr++;
+ ch = *cp++;
/* FALLTHROUGH */
default:
sign = '+';
@@ -133,18 +104,21 @@ sudo_strtonum(const char *str, long long minval, long long maxval,
lastval += 1;
remainder += 10;
}
- while ((dig = *ustr++) != '\0') {
- if (!isdigit(dig)) {
- errval = STN_INVALID;
+ for (;; ch = *cp++) {
+ if (!isdigit(ch))
break;
- }
- dig -= '0';
- if (result < lastval || (result == lastval && dig > remainder)) {
+ ch -= '0';
+ if (result < lastval || (result == lastval && ch > remainder)) {
+ /* Skip remaining digits. */
+ do {
+ ch = *cp++;
+ } while (isdigit(ch));
errval = STN_TOOSMALL;
break;
} else {
result *= 10;
- result -= dig;
+ result -= ch;
+ errval = STN_VALID;
}
}
if (result > maxval)
@@ -152,18 +126,21 @@ sudo_strtonum(const char *str, long long minval, long long maxval,
} else {
lastval = maxval / 10;
remainder = maxval % 10;
- while ((dig = *ustr++) != '\0') {
- if (!isdigit(dig)) {
- errval = STN_INVALID;
+ for (;; ch = *cp++) {
+ if (!isdigit(ch))
break;
- }
- dig -= '0';
- if (result > lastval || (result == lastval && dig > remainder)) {
+ ch -= '0';
+ if (result > lastval || (result == lastval && ch > remainder)) {
+ /* Skip remaining digits. */
+ do {
+ ch = *cp++;
+ } while (isdigit(ch));
errval = STN_TOOBIG;
break;
} else {
result *= 10;
- result += dig;
+ result += ch;
+ errval = STN_VALID;
}
}
if (result < minval)
@@ -172,6 +149,7 @@ sudo_strtonum(const char *str, long long minval, long long maxval,
done:
switch (errval) {
+ case STN_INITIAL:
case STN_VALID:
if (errstrp != NULL)
*errstrp = NULL;
@@ -195,6 +173,34 @@ done:
*errstrp = N_("value too large");
break;
}
+ if (endp != NULL) {
+ if (errval == STN_INITIAL || errval == STN_INVALID)
+ *endp = (char *)str;
+ else
+ *endp = (char *)(cp - 1);
+ }
return result;
}
-#endif /* HAVE_STRTONUM */
+
+/*
+ * Convert a string to a number in the range [minval, maxval]
+ */
+long long
+sudo_strtonum(const char *str, long long minval, long long maxval,
+ const char **errstrp)
+{
+ const char *errstr;
+ char *ep;
+ long long ret;
+
+ ret = sudo_strtonumx(str, minval, maxval, &ep, &errstr);
+ /* Check for empty string and terminating NUL. */
+ if (str == ep || *ep != '\0') {
+ errno = EINVAL;
+ errstr = N_("invalid value");
+ ret = 0;
+ }
+ if (errstrp != NULL)
+ *errstrp = errstr;
+ return ret;
+}
diff --git a/lib/util/sudo_conf.c b/lib/util/sudo_conf.c
index 152030a..ce1f5e5 100644
--- a/lib/util/sudo_conf.c
+++ b/lib/util/sudo_conf.c
@@ -410,7 +410,7 @@ set_var_max_groups(const char *strval, const char *conf_file,
int max_groups;
debug_decl(set_var_max_groups, SUDO_DEBUG_UTIL)
- max_groups = strtonum(strval, 1, INT_MAX, NULL);
+ max_groups = sudo_strtonum(strval, 1, INT_MAX, NULL);
if (max_groups <= 0) {
sudo_warnx(U_("invalid max groups \"%s\" in %s, line %u"), strval,
conf_file, lineno);
diff --git a/lib/util/ttysize.c b/lib/util/ttysize.c
index 6f4e2ec..a70793d 100644
--- a/lib/util/ttysize.c
+++ b/lib/util/ttysize.c
@@ -60,11 +60,11 @@ sudo_get_ttysize_v1(int *rowp, int *colp)
/* Fall back on $LINES and $COLUMNS. */
if ((p = getenv("LINES")) == NULL ||
- (*rowp = strtonum(p, 1, INT_MAX, NULL)) <= 0) {
+ (*rowp = sudo_strtonum(p, 1, INT_MAX, NULL)) <= 0) {
*rowp = 24;
}
if ((p = getenv("COLUMNS")) == NULL ||
- (*colp = strtonum(p, 1, INT_MAX, NULL)) <= 0) {
+ (*colp = sudo_strtonum(p, 1, INT_MAX, NULL)) <= 0) {
*colp = 80;
}
}
diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in
index 66b5a01..6dd3095 100644
--- a/lib/util/util.exp.in
+++ b/lib/util/util.exp.in
@@ -98,7 +98,10 @@ sudo_setgroups_v1
sudo_strsplit_v1
sudo_strtobool_v1
sudo_strtoid_v1
+sudo_strtoid_v2
+sudo_strtoidx_v1
sudo_strtomode_v1
+sudo_strtonum
sudo_term_cbreak_v1
sudo_term_copy_v1
sudo_term_eof
diff --git a/lib/zlib/Makefile.in b/lib/zlib/Makefile.in
index 6a12f3b..0d35ae5 100644
--- a/lib/zlib/Makefile.in
+++ b/lib/zlib/Makefile.in
@@ -95,6 +95,11 @@ LTOBJS = adler32.lo compress.lo crc32.lo deflate.lo gzclose.lo gzlib.lo \
all: libsudo_z.la
+depend:
+ $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \
+ --builddir=`pwd`/$(top_builddir) lib/zlib/Makefile.in
+ cd $(top_builddir) && ./config.status --file lib/zlib/Makefile
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file lib/zlib/Makefile
diff --git a/mkdep.pl b/mkdep.pl
index ca57056..bc17631 100755
--- a/mkdep.pl
+++ b/mkdep.pl
@@ -116,7 +116,7 @@ sub mkdep {
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
$makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:;
- $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo strtonum.lo utimens.lo vsyslog.lo pipe2.lo:;
+ $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo utimens.lo vsyslog.lo pipe2.lo:;
# Parse OBJS lines
my %objs;
diff --git a/plugins/group_file/Makefile.in b/plugins/group_file/Makefile.in
index 1b9cb6c..ff955b3 100644
--- a/plugins/group_file/Makefile.in
+++ b/plugins/group_file/Makefile.in
@@ -116,6 +116,11 @@ VERSION = @PACKAGE_VERSION@
all: group_file.la
+depend:
+ $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \
+ --builddir=`pwd`/$(top_builddir) plugins/group_file/Makefile.in
+ cd $(top_builddir) && ./config.status --file plugins/group_file/Makefile
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file plugins/group_file/Makefile
diff --git a/plugins/group_file/getgrent.c b/plugins/group_file/getgrent.c
index 7932fb8..59bf3ad 100644
--- a/plugins/group_file/getgrent.c
+++ b/plugins/group_file/getgrent.c
@@ -116,7 +116,7 @@ next_entry:
if ((colon = strchr(cp = colon, ':')) == NULL)
goto next_entry;
*colon++ = '\0';
- id = sudo_strtoid(cp, NULL, NULL, &errstr);
+ id = sudo_strtoid(cp, &errstr);
if (errstr != NULL)
goto next_entry;
gr.gr_gid = (gid_t)id;
diff --git a/plugins/sample/Makefile.in b/plugins/sample/Makefile.in
index e4409fc..f90043e 100644
--- a/plugins/sample/Makefile.in
+++ b/plugins/sample/Makefile.in
@@ -111,6 +111,11 @@ VERSION = @PACKAGE_VERSION@
all: sample_plugin.la
+depend:
+ $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \
+ --builddir=`pwd`/$(top_builddir) plugins/sample/Makefile.in
+ cd $(top_builddir) && ./config.status --file plugins/sample/Makefile
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file plugins/sample/Makefile
diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index b7daa0b..c1c1d65 100644
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -261,6 +261,11 @@ $(shlib_opt): $(shlib_exp)
.y.c:
@true
+depend:
+ $(top_srcdir)/mkdep.pl --srcdir=$(top_srcdir) \
+ --builddir=`pwd`/$(top_builddir) plugins/sudoers/Makefile.in
+ cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile
+
Makefile: $(srcdir)/Makefile.in
cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile
@@ -384,9 +389,9 @@ sudoers: $(srcdir)/sudoers.in
cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@
pre-install:
- @if test X"$(cross_compiling)" != X"yes" -a -r $(DESTDIR)$(sudoersdir)/sudoers; then \
+ @if test X"$(cross_compiling)" != X"yes" -a X"$(DESTDIR)" = X""; then \
echo "Checking existing sudoers file for syntax errors."; \
- ./visudo -c -f $(DESTDIR)$(sudoersdir)/sudoers; \
+ ./visudo -c -f $(sudoersdir)/sudoers; \
fi
install: install-plugin install-binaries install-sudoers install-doc
@@ -453,6 +458,8 @@ check: $(TEST_PROGS) visudo testsudoers cvtsudoers
@if test X"$(cross_compiling)" != X"yes"; then \
LC_ALL=C; export LC_ALL; \
unset LANG || LANG=; \
+ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \
+ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \
rval=0; \
mkdir -p regress/parser; \
./check_addr $(srcdir)/regress/parser/check_addr.in || rval=`expr $$rval + $$?`; \
@@ -566,11 +573,17 @@ check: $(TEST_PROGS) visudo testsudoers cvtsudoers
base=`basename $$t .sh`; \
out="regress/$$dir/$${base}.out"; \
err="regress/$$dir/$${base}.err"; \
+ status=0; \
TESTDIR=$(srcdir)/regress/$$dir \
- $(SHELL) $$t >$$out 2>$$err; \
+ $(SHELL) $$t >$$out 2>$$err || status=$$?; \
if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \
- passed=`expr $$passed + 1`; \
- echo "$$dir/$$base: OK"; \
+ if test $$status -ne 0; then \
+ failed=`expr $$failed + 1`; \
+ echo "$$dir/$$base (exit $$status): FAIL"; \
+ else \
+ passed=`expr $$passed + 1`; \
+ echo "$$dir/$$base: OK"; \
+ fi; \
else \
failed=`expr $$failed + 1`; \
echo "$$dir/$$base: FAIL"; \
diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c
index ec1aa0e..08d32e3 100644
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -45,6 +45,9 @@ audit_success(int argc, char *argv[])
int rc = 0;
debug_decl(audit_success, SUDOERS_DEBUG_AUDIT)
+ if (!def_log_allowed)
+ debug_return_int(0);
+
if (argv != NULL) {
#ifdef HAVE_BSM_AUDIT
if (bsm_audit_success(argv) == -1)
@@ -69,6 +72,9 @@ audit_failure(int argc, char *argv[], char const *const fmt, ...)
int rc = 0;
debug_decl(audit_success, SUDOERS_DEBUG_AUDIT)
+ if (!def_log_denied)
+ debug_return_int(0);
+
#if defined(HAVE_BSM_AUDIT) || defined(HAVE_LINUX_AUDIT)
if (argv != NULL) {
va_list ap;
diff --git a/plugins/sudoers/boottime.c b/plugins/sudoers/boottime.c
index 8712ae0..a8b0ce6 100644
--- a/plugins/sudoers/boottime.c
+++ b/plugins/sudoers/boottime.c
@@ -78,7 +78,7 @@ get_boottime(struct timespec *ts)
if (strncmp(line, "btime ", 6) == 0) {
if (line[len - 1] == '\n')
line[len - 1] = '\0';
- llval = strtonum(line + 6, 1, LLONG_MAX, NULL);
+ llval = sudo_strtonum(line + 6, 1, LLONG_MAX, NULL);
if (llval > 0) {
ts->tv_sec = (time_t)llval;
ts->tv_nsec = 0;
diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
index 14de2d7..fe4fc38 100644
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -416,7 +416,7 @@ cvtsudoers_parse_keyword(const char *conf_file, const char *keyword,
case CONF_UINT:
{
unsigned int uval =
- strtonum(value, 0, UINT_MAX, &errstr);
+ sudo_strtonum(value, 0, UINT_MAX, &errstr);
if (errstr != NULL) {
sudo_warnx(U_("%s: %s: %s: %s"),
conf_file, keyword, value, U_(errstr));
@@ -707,7 +707,7 @@ userlist_matches_filter(struct sudoers_parse_tree *parse_tree,
if (s->str[0] == '#') {
const char *errstr;
- uid_t uid = sudo_strtoid(s->str + 1, NULL, NULL, &errstr);
+ uid_t uid = sudo_strtoid(s->str + 1, &errstr);
if (errstr == NULL)
pw = sudo_getpwuid(uid);
}
diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c
index ecc5a9d..cf1186d 100644
--- a/plugins/sudoers/cvtsudoers_json.c
+++ b/plugins/sudoers/cvtsudoers_json.c
@@ -372,9 +372,9 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
value.u.string++;
typestr = "nonunixgroup";
if (*value.u.string == '#') {
- id = sudo_strtoid(value.u.string + 1, NULL, NULL, &errstr);
+ id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) {
- sudo_warnx("internal error: non-Unix group ID %s: \"%s\"",
+ sudo_warnx("internal error: non-Unix group-ID %s: \"%s\"",
errstr, value.u.string + 1);
} else {
value.type = JSON_ID;
@@ -385,9 +385,9 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
} else {
typestr = "usergroup";
if (*value.u.string == '#') {
- id = sudo_strtoid(value.u.string + 1, NULL, NULL, &errstr);
+ id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) {
- sudo_warnx("internal error: group ID %s: \"%s\"",
+ sudo_warnx("internal error: group-ID %s: \"%s\"",
errstr, value.u.string + 1);
} else {
value.type = JSON_ID;
@@ -424,9 +424,9 @@ print_member_json_int(FILE *fp, struct sudoers_parse_tree *parse_tree,
case TYPE_USERNAME:
typestr = "username";
if (*value.u.string == '#') {
- id = sudo_strtoid(value.u.string + 1, NULL, NULL, &errstr);
+ id = sudo_strtoid(value.u.string + 1, &errstr);
if (errstr != NULL) {
- sudo_warnx("internal error: user ID %s: \"%s\"",
+ sudo_warnx("internal error: user-ID %s: \"%s\"",
errstr, name);
} else {
value.type = JSON_ID;
diff --git a/plugins/sudoers/cvtsudoers_pwutil.c b/plugins/sudoers/cvtsudoers_pwutil.c
index a8d9773..459ee6e 100644
--- a/plugins/sudoers/cvtsudoers_pwutil.c
+++ b/plugins/sudoers/cvtsudoers_pwutil.c
@@ -106,7 +106,7 @@ cvtsudoers_make_pwitem(uid_t uid, const char *name)
if (s->str[0] != '#')
continue;
- filter_uid = sudo_strtoid(s->str + 1, NULL, NULL, &errstr);
+ filter_uid = sudo_strtoid(s->str + 1, &errstr);
if (errstr == NULL) {
if (uid != filter_uid)
continue;
@@ -213,7 +213,7 @@ cvtsudoers_make_gritem(gid_t gid, const char *name)
if (s->str[0] != '#')
continue;
- filter_gid = sudo_strtoid(s->str + 1, NULL, NULL, &errstr);
+ filter_gid = sudo_strtoid(s->str + 1, &errstr);
if (errstr == NULL) {
if (gid != filter_gid)
continue;
@@ -335,7 +335,7 @@ cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1,
STAILQ_FOREACH(s, &filters->groups, entries) {
if (s->str[0] == '#') {
const char *errstr;
- gid_t gid = sudo_strtoid(s->str + 1, NULL, NULL, &errstr);
+ gid_t gid = sudo_strtoid(s->str + 1, &errstr);
if (errstr == NULL) {
/* Valid gid. */
gids[ngids++] = gid;
@@ -462,7 +462,7 @@ again:
STAILQ_FOREACH(s, &filters->groups, entries) {
if (s->str[0] == '#') {
const char *errstr;
- sudo_strtoid(s->str + 1, NULL, NULL, &errstr);
+ sudo_strtoid(s->str + 1, &errstr);
if (errstr == NULL) {
/* Group ID not name, ignore it. */
continue;
diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index ba5be8d..539cd30 100644
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -498,6 +498,14 @@ struct sudo_defs_types sudo_defs_table[] = {
N_("Ignore case when matching group names"),
NULL,
}, {
+ "log_allowed", T_FLAG,
+ N_("Log when a command is allowed by sudoers"),
+ NULL,
+ }, {
+ "log_denied", T_FLAG,
+ N_("Log when a command is denied by sudoers"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index b33ba6d..16cafc9 100644
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -228,6 +228,10 @@
#define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag)
#define I_CASE_INSENSITIVE_GROUP 114
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
+#define I_LOG_ALLOWED 115
+#define def_log_allowed (sudo_defs_table[I_LOG_ALLOWED].sd_un.flag)
+#define I_LOG_DENIED 116
+#define def_log_denied (sudo_defs_table[I_LOG_DENIED].sd_un.flag)
enum def_tuple {
never,
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index f9e9716..3c71e98 100644
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -360,3 +360,9 @@ case_insensitive_user
case_insensitive_group
T_FLAG
"Ignore case when matching group names"
+log_allowed
+ T_FLAG
+ "Log when a command is allowed by sudoers"
+log_denied
+ T_FLAG
+ "Log when a command is denied by sudoers"
diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
index ce48223..edf96bc 100644
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -576,6 +576,8 @@ init_defaults(void)
def_sudoedit_checkdir = true;
def_iolog_mode = S_IRUSR|S_IWUSR;
def_fdexec = digest_only;
+ def_log_allowed = true;
+ def_log_denied = true;
/* Syslog options need special care since they both strings and ints */
#if (LOGGING & SLOG_SYSLOG)
@@ -834,7 +836,7 @@ store_int(const char *str, union sudo_defs_val *sd_un)
if (str == NULL) {
sd_un->ival = 0;
} else {
- i = strtonum(str, INT_MIN, INT_MAX, &errstr);
+ i = sudo_strtonum(str, INT_MIN, INT_MAX, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: %s", str, errstr);
@@ -855,7 +857,7 @@ store_uint(const char *str, union sudo_defs_val *sd_un)
if (str == NULL) {
sd_un->uival = 0;
} else {
- u = strtonum(str, 0, UINT_MAX, &errstr);
+ u = sudo_strtonum(str, 0, UINT_MAX, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: %s", str, errstr);
diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index 53c8094..cae2538 100644
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -206,7 +206,7 @@ io_set_max_sessid(const char *maxval)
unsigned int value;
debug_decl(io_set_max_sessid, SUDOERS_DEBUG_UTIL)
- value = strtonum(maxval, 0, SESSID_MAX, &errstr);
+ value = sudo_strtonum(maxval, 0, SESSID_MAX, &errstr);
if (errstr != NULL) {
if (errno != ERANGE) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
@@ -234,7 +234,7 @@ cb_maxseq(const union sudo_defs_val *sd_un)
}
/*
- * Look up I/O log user ID from user name. Sets iolog_uid.
+ * Look up I/O log user-ID from user name. Sets iolog_uid.
* Also sets iolog_gid if iolog_group not specified.
*/
static bool
@@ -274,7 +274,7 @@ cb_iolog_user(const union sudo_defs_val *sd_un)
}
/*
- * Look up I/O log group ID from group name.
+ * Look up I/O log group-ID from group name.
* Sets iolog_gid.
*/
static bool
@@ -303,7 +303,7 @@ iolog_set_group(const char *name)
}
/*
- * Look up I/O log group ID from group name.
+ * Look up I/O log group-ID from group name.
*/
bool
cb_iolog_group(const union sudo_defs_val *sd_un)
@@ -611,7 +611,8 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
switch (**cur) {
case 'c':
if (strncmp(*cur, "cols=", sizeof("cols=") - 1) == 0) {
- int n = strtonum(*cur + sizeof("cols=") - 1, 1, INT_MAX, NULL);
+ int n = sudo_strtonum(*cur + sizeof("cols=") - 1, 1, INT_MAX,
+ NULL);
if (n > 0)
details->cols = n;
continue;
@@ -623,7 +624,8 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
break;
case 'l':
if (strncmp(*cur, "lines=", sizeof("lines=") - 1) == 0) {
- int n = strtonum(*cur + sizeof("lines=") - 1, 1, INT_MAX, NULL);
+ int n = sudo_strtonum(*cur + sizeof("lines=") - 1, 1, INT_MAX,
+ NULL);
if (n > 0)
details->lines = n;
continue;
@@ -740,7 +742,7 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
if (runas_euid_str != NULL)
runas_uid_str = runas_euid_str;
if (runas_uid_str != NULL) {
- id = sudo_strtoid(runas_uid_str, NULL, NULL, &errstr);
+ id = sudo_strtoid(runas_uid_str, &errstr);
if (errstr != NULL)
sudo_warnx("runas uid %s: %s", runas_uid_str, U_(errstr));
else
@@ -749,7 +751,7 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
if (runas_egid_str != NULL)
runas_gid_str = runas_egid_str;
if (runas_gid_str != NULL) {
- id = sudo_strtoid(runas_gid_str, NULL, NULL, &errstr);
+ id = sudo_strtoid(runas_gid_str, &errstr);
if (errstr != NULL)
sudo_warnx("runas gid %s: %s", runas_gid_str, U_(errstr));
else
diff --git a/plugins/sudoers/iolog_util.c b/plugins/sudoers/iolog_util.c
index d3f11ed..e50ea50 100644
--- a/plugins/sudoers/iolog_util.c
+++ b/plugins/sudoers/iolog_util.c
@@ -109,7 +109,7 @@ parse_logfile(const char *logfile)
goto bad;
}
*ep = '\0';
- li->tstamp = strtonum(cp, 0, TIME_T_MAX, &errstr);
+ li->tstamp = sudo_strtonum(cp, 0, TIME_T_MAX, &errstr);
if (errstr != NULL) {
sudo_warn(U_("%s: time stamp %s: %s"), logfile, cp, errstr);
goto bad;
@@ -155,18 +155,19 @@ parse_logfile(const char *logfile)
if ((li->tty = strndup(cp, (size_t)(ep - cp))) == NULL)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
cp = ep + 1;
- /* need to NULL out separator to use strtonum() */
+ /* need to NULL out separator to use sudo_strtonum() */
+ /* XXX - use sudo_strtonumx */
if ((ep = strchr(cp, ':')) != NULL) {
*ep = '\0';
}
- li->rows = strtonum(cp, 1, INT_MAX, &errstr);
+ li->rows = sudo_strtonum(cp, 1, INT_MAX, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: tty rows %s: %s", logfile, cp, errstr);
}
if (ep != NULL) {
cp = ep + 1;
- li->cols = strtonum(cp, 1, INT_MAX, &errstr);
+ li->cols = sudo_strtonum(cp, 1, INT_MAX, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: tty cols %s: %s", logfile, cp, errstr);
@@ -240,7 +241,7 @@ parse_delay(const char *cp, struct timespec *delay, const char *decimal_point)
}
memcpy(numbuf, cp, len);
numbuf[len] = '\0';
- delay->tv_sec = strtonum(numbuf, 0, TIME_T_MAX, &errstr);
+ delay->tv_sec = sudo_strtonum(numbuf, 0, TIME_T_MAX, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: number of seconds is %s", numbuf, errstr);
@@ -266,7 +267,7 @@ parse_delay(const char *cp, struct timespec *delay, const char *decimal_point)
}
memcpy(numbuf, cp, len);
numbuf[len] = '\0';
- llval = strtonum(numbuf, 0, LLONG_MAX, &errstr);
+ llval = sudo_strtonum(numbuf, 0, LLONG_MAX, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: number of nanoseconds is %s", numbuf, errstr);
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index a0c980b..583af5d 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -984,13 +984,13 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
CHECK_STRLCAT(buf, ")", sz);
- /* Append user ID */
+ /* Append user-ID */
(void) snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int)pw->pw_uid);
CHECK_STRLCAT(buf, "(sudoUser=#", sz);
CHECK_STRLCAT(buf, idbuf, sz);
CHECK_STRLCAT(buf, ")", sz);
- /* Append primary group and group ID */
+ /* Append primary group and group-ID */
if (grp != NULL) {
CHECK_STRLCAT(buf, "(sudoUser=%", sz);
CHECK_LDAP_VCAT(buf, grp->gr_name, sz);
@@ -1001,7 +1001,7 @@ sudo_ldap_build_pass1(LDAP *ld, struct passwd *pw)
CHECK_STRLCAT(buf, idbuf, sz);
CHECK_STRLCAT(buf, ")", sz);
- /* Append supplementary groups and group IDs */
+ /* Append supplementary groups and group-IDs */
if (grlist != NULL) {
for (i = 0; i < grlist->ngroups; i++) {
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c
index b6da4af..52da45d 100644
--- a/plugins/sudoers/ldap_conf.c
+++ b/plugins/sudoers/ldap_conf.c
@@ -430,7 +430,8 @@ sudo_ldap_parse_keyword(const char *keyword, const char *value,
*(int *)(cur->valp) = sudo_strtobool(value) == true;
break;
case CONF_INT:
- *(int *)(cur->valp) = strtonum(value, INT_MIN, INT_MAX, &errstr);
+ *(int *)(cur->valp) = sudo_strtonum(value, INT_MIN, INT_MAX,
+ &errstr);
if (errstr != NULL) {
sudo_warnx(U_("%s: %s: %s: %s"),
path_ldap_conf, keyword, value, U_(errstr));
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index dcb198e..7c1155e 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -240,6 +240,7 @@ log_denial(int status, bool inform_user)
char *logline;
int oldlocale;
bool uid_changed, ret = true;
+ bool mailit;
debug_decl(log_denial, SUDOERS_DEBUG_LOGGING)
/* Handle auditing first (audit_failure() handles the locale itself). */
@@ -248,44 +249,49 @@ log_denial(int status, bool inform_user)
else
audit_failure(NewArgc, NewArgv, N_("validation failure"));
- /* Log and mail messages should be in the sudoers locale. */
- sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+ /* Send mail based on status. */
+ mailit = should_mail(status);
- /* Set error message. */
- if (ISSET(status, FLAG_NO_USER))
- message = _("user NOT in sudoers");
- else if (ISSET(status, FLAG_NO_HOST))
- message = _("user NOT authorized on host");
- else
- message = _("command not allowed");
+ if (def_log_denied || mailit) {
+ /* Log and mail messages should be in the sudoers locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
- logline = new_logline(message, NULL);
- if (logline == NULL)
- debug_return_bool(false);
+ /* Set error message. */
+ if (ISSET(status, FLAG_NO_USER))
+ message = _("user NOT in sudoers");
+ else if (ISSET(status, FLAG_NO_HOST))
+ message = _("user NOT authorized on host");
+ else
+ message = _("command not allowed");
- /* Become root if we are not already. */
- uid_changed = set_perms(PERM_ROOT);
+ logline = new_logline(message, NULL);
+ if (logline == NULL)
+ debug_return_bool(false);
- if (should_mail(status))
- send_mail("%s", logline); /* send mail based on status */
+ /* Become root if we are not already. */
+ uid_changed = set_perms(PERM_ROOT);
- /*
- * Log via syslog and/or a file.
- */
- if (def_syslog)
- do_syslog(def_syslog_badpri, logline);
- if (def_logfile && !do_logfile(logline))
- ret = false;
+ if (mailit)
+ send_mail("%s", logline); /* XXX - return value */
- if (uid_changed) {
- if (!restore_perms())
- ret = false; /* XXX - return -1 instead? */
- }
+ /* Log via syslog and/or a file. */
+ if (def_log_denied) {
+ if (def_syslog)
+ do_syslog(def_syslog_badpri, logline);
+ if (def_logfile && !do_logfile(logline))
+ ret = false;
+ }
- free(logline);
+ if (uid_changed) {
+ if (!restore_perms())
+ ret = false; /* XXX - return -1 instead? */
+ }
- /* Restore locale. */
- sudoers_setlocale(oldlocale, NULL);
+ free(logline);
+
+ /* Restore locale. */
+ sudoers_setlocale(oldlocale, NULL);
+ }
/* Inform the user if they failed to authenticate (in their locale). */
if (inform_user) {
@@ -398,37 +404,44 @@ log_allowed(int status)
char *logline;
int oldlocale;
bool uid_changed, ret = true;
+ bool mailit;
debug_decl(log_allowed, SUDOERS_DEBUG_LOGGING)
- /* Log and mail messages should be in the sudoers locale. */
- sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+ /* Send mail based on status. */
+ mailit = should_mail(status);
- if ((logline = new_logline(NULL, NULL)) == NULL)
- debug_return_bool(false);
+ if (def_log_allowed || mailit) {
+ /* Log and mail messages should be in the sudoers locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
- /* Become root if we are not already. */
- uid_changed = set_perms(PERM_ROOT);
+ if ((logline = new_logline(NULL, NULL)) == NULL)
+ debug_return_bool(false);
- /* XXX - return value */
- if (should_mail(status))
- send_mail("%s", logline); /* send mail based on status */
+ /* Become root if we are not already. */
+ uid_changed = set_perms(PERM_ROOT);
- /*
- * Log via syslog and/or a file.
- */
- if (def_syslog)
- do_syslog(def_syslog_goodpri, logline);
- if (def_logfile && !do_logfile(logline))
- ret = false;
+ if (mailit)
+ send_mail("%s", logline); /* XXX - return value */
- if (uid_changed) {
- if (!restore_perms())
- ret = false; /* XXX - return -1 instead? */
- }
+ /*
+ * Log via syslog and/or a file.
+ */
+ if (def_log_allowed) {
+ if (def_syslog)
+ do_syslog(def_syslog_goodpri, logline);
+ if (def_logfile && !do_logfile(logline))
+ ret = false;
+ }
- free(logline);
+ if (uid_changed) {
+ if (!restore_perms())
+ ret = false; /* XXX - return -1 instead? */
+ }
- sudoers_setlocale(oldlocale, NULL);
+ free(logline);
+
+ sudoers_setlocale(oldlocale, NULL);
+ }
debug_return_bool(ret);
}
diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index 165a8f7..20f9082 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -453,7 +453,7 @@ userpw_matches(const char *sudoers_user, const char *user, const struct passwd *
debug_decl(userpw_matches, SUDOERS_DEBUG_MATCH)
if (pw != NULL && *sudoers_user == '#') {
- uid = (uid_t) sudo_strtoid(sudoers_user + 1, NULL, NULL, &errstr);
+ uid = (uid_t) sudo_strtoid(sudoers_user + 1, &errstr);
if (errstr == NULL && uid == pw->pw_uid) {
rc = true;
goto done;
@@ -483,7 +483,7 @@ group_matches(const char *sudoers_group, const struct group *gr)
debug_decl(group_matches, SUDOERS_DEBUG_MATCH)
if (*sudoers_group == '#') {
- gid = (gid_t) sudo_strtoid(sudoers_group + 1, NULL, NULL, &errstr);
+ gid = (gid_t) sudo_strtoid(sudoers_group + 1, &errstr);
if (errstr == NULL && gid == gr->gr_gid) {
rc = true;
goto done;
diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c
index 30a437e..8b97c68 100644
--- a/plugins/sudoers/match_addr.c
+++ b/plugins/sudoers/match_addr.c
@@ -132,7 +132,7 @@ addr_matches_if_netmask(const char *n, const char *m)
debug_return_bool(false);
}
} else {
- i = strtonum(m, 1, 32, &errstr);
+ i = sudo_strtonum(m, 1, 32, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"IPv4 netmask %s: %s", m, errstr);
@@ -145,7 +145,7 @@ addr_matches_if_netmask(const char *n, const char *m)
#ifdef HAVE_STRUCT_IN6_ADDR
else {
if (inet_pton(AF_INET6, m, &mask.ip6) != 1) {
- j = strtonum(m, 1, 128, &errstr);
+ j = sudo_strtonum(m, 1, 128, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"IPv6 netmask %s: %s", m, errstr);
diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c
index 4ac3c27..99dbbc5 100644
--- a/plugins/sudoers/parse_ldif.c
+++ b/plugins/sudoers/parse_ldif.c
@@ -1,7 +1,7 @@
/*
* SPDX-License-Identifier: ISC
*
- * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2018-2019 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,7 @@
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
+#include <ctype.h>
#include "sudoers.h"
#include "sudo_ldap.h"
@@ -101,58 +102,74 @@ sudo_role_alloc(void)
}
/*
- * Parse an LDIF attribute, including base64 support.
+ * Parse an LDIF line, filling in attribute name and value.
+ * Modifies line, decodes base64 attribute values if present.
* See http://www.faqs.org/rfcs/rfc2849.html
*/
-static char *
-ldif_parse_attribute(char *str)
+static bool
+ldif_parse_attribute(char *line, char **name, char **value)
{
bool encoded = false;
- char *attr, *ep;
+ char *attr, *cp, *ep, *colon;
size_t len;
debug_decl(ldif_parse_attribute, SUDOERS_DEBUG_UTIL)
+ /* Parse attribute name: [a-zA-Z][a-zA-Z0-9-]*: */
+ if (!isalpha((unsigned char)*line))
+ debug_return_bool(false);
+ for (cp = line + 1; *cp != ':' && *cp != '\0'; cp++) {
+ if (!isalnum((unsigned char)*cp) && *cp != '-')
+ debug_return_bool(false);
+ }
+ if (*cp != ':')
+ debug_return_bool(false);
+ colon = cp++;
+
/* Check for foo:: base64str. */
- if (*str == ':') {
+ if (*cp == ':') {
encoded = true;
- str++;
+ cp++;
}
/* Trim leading and trailing space. */
- while (*str == ' ')
- str++;
+ while (*cp == ' ')
+ cp++;
- ep = str + strlen(str);
- while (ep > str && ep[-1] == ' ') {
+ ep = cp + strlen(cp);
+ while (ep > cp && ep[-1] == ' ') {
ep--;
/* Don't trim escaped trailing space if not base64. */
- if (!encoded && ep != str && ep[-1] == '\\')
+ if (!encoded && ep != cp && ep[-1] == '\\')
break;
*ep = '\0';
}
- attr = str;
+ attr = cp;
if (encoded) {
/*
* Decode base64 inline and add NUL-terminator.
* The copy allows us to provide a useful message on error.
*/
- char *copy = strdup(str);
+ char *copy = strdup(attr);
if (copy == NULL) {
sudo_fatalx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
}
- len = base64_decode(copy, (unsigned char *)attr, strlen(attr));
+ len = base64_decode(attr, (unsigned char *)copy, strlen(copy));
if (len == (size_t)-1) {
- sudo_warnx(U_("ignoring invalid attribute value: %s"), copy);
free(copy);
- debug_return_str(NULL);
+ debug_return_bool(false);
}
+ memcpy(attr, copy, len);
attr[len] = '\0';
free(copy);
}
- debug_return_str(attr);
+ *colon = '\0';
+ *name = line;
+ *value = attr;
+
+ debug_return_bool(true);
}
/*
@@ -266,7 +283,7 @@ str_list_cmp(const void *aa, const void *bb)
int ret;
while (lsa != NULL && lsb != NULL) {
- if ((ret = strcmp(lsa->str, lsb->str)) != 0)
+ if ((ret = strcasecmp(lsa->str, lsb->str)) != 0)
return ret;
lsa = STAILQ_NEXT(lsa, entries);
lsb = STAILQ_NEXT(lsb, entries);
@@ -362,7 +379,7 @@ role_to_sudoers(struct sudoers_parse_tree *parse_tree, struct sudo_role *role,
if (reuse_userspec) {
/* Try to re-use comment too. */
STAILQ_FOREACH(comment, &us->comments, entries) {
- if (strncmp(comment->str, "sudoRole ", 9) == 0) {
+ if (strncasecmp(comment->str, "sudoRole ", 9) == 0) {
char *tmpstr;
if (asprintf(&tmpstr, "%s, %s", comment->str, role->cn) == -1) {
sudo_fatalx(U_("%s: %s"), __func__,
@@ -545,9 +562,10 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
unsigned numroles = 0;
bool in_role = false;
size_t linesize = 0;
- char *attr, *line = NULL, *savedline = NULL;
+ char *attr, *name, *line = NULL, *savedline = NULL;
ssize_t savedlen = 0;
bool mismatch = false;
+ int errors = 0;
debug_decl(sudoers_parse_ldif, SUDOERS_DEBUG_UTIL)
/* Free old contents of the parse tree (if any). */
@@ -577,7 +595,7 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
/* Blank line or EOF terminates an entry. */
if (len <= 0) {
if (in_role) {
- if (role->cn != NULL && strcmp(role->cn, "defaults") == 0) {
+ if (role->cn != NULL && strcasecmp(role->cn, "defaults") == 0) {
ldif_store_options(parse_tree, role->options);
sudo_role_free(role);
} else if (STAILQ_EMPTY(role->users) ||
@@ -624,10 +642,6 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
free(line);
line = tmp;
savedline = NULL;
- } else {
- /* Skip comment lines or records that don't match the base. */
- if (*line == '#' || mismatch)
- continue;
}
/* Check for folded line */
@@ -638,21 +652,24 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
line = NULL;
linesize = 0;
continue;
- } else {
- /* not folded, push back ch */
- ungetc(ch, fp);
+ }
+ ungetc(ch, fp); /* not folded, push back ch */
+
+ /* Skip comment lines or records that don't match the base. */
+ if (*line == '#' || mismatch)
+ continue;
+
+ /* Reject invalid LDIF. */
+ if (!ldif_parse_attribute(line, &name, &attr)) {
+ sudo_warnx(U_("invalid LDIF attribute: %s"), line);
+ errors++;
+ continue;
}
/* Parse dn and objectClass. */
- if (strncasecmp(line, "dn:", 3) == 0) {
+ if (strcasecmp(name, "dn") == 0) {
/* Compare dn to base, if specified. */
if (sudoers_base != NULL) {
- attr = ldif_parse_attribute(line + 3);
- if (attr == NULL) {
- /* invalid attribute */
- mismatch = true;
- continue;
- }
/* Skip over cn if present. */
if (strncasecmp(attr, "cn=", 3) == 0) {
for (attr += 3; *attr != '\0'; attr++) {
@@ -671,9 +688,8 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
continue;
}
}
- } else if (strncmp(line, "objectClass:", 12) == 0) {
- attr = ldif_parse_attribute(line + 12);
- if (attr != NULL && strcmp(attr, "sudoRole") == 0) {
+ } else if (strcasecmp(name, "objectClass") == 0) {
+ if (strcasecmp(attr, "sudoRole") == 0) {
/* Allocate new role as needed. */
if (role == NULL) {
if ((role = sudo_role_alloc()) == NULL) {
@@ -690,71 +706,47 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
continue;
/* Part of a sudoRole, parse it. */
- if (strncmp(line, "cn:", 3) == 0) {
- attr = ldif_parse_attribute(line + 3);
- if (attr != NULL) {
- free(role->cn);
- role->cn = unquote_cn(attr);
- if (role->cn == NULL) {
- sudo_fatalx(U_("%s: %s"), __func__,
- U_("unable to allocate memory"));
- }
+ if (strcasecmp(name, "cn") == 0) {
+ free(role->cn);
+ role->cn = unquote_cn(attr);
+ if (role->cn == NULL) {
+ sudo_fatalx(U_("%s: %s"), __func__,
+ U_("unable to allocate memory"));
}
- } else if (strncmp(line, "sudoUser:", 9) == 0) {
- attr = ldif_parse_attribute(line + 9);
- if (attr != NULL)
- ldif_store_string(attr, role->users, true);
- } else if (strncmp(line, "sudoHost:", 9) == 0) {
- attr = ldif_parse_attribute(line + 9);
- if (attr != NULL)
- ldif_store_string(attr, role->hosts, true);
- } else if (strncmp(line, "sudoRunAs:", 10) == 0) {
- attr = ldif_parse_attribute(line + 10);
- if (attr != NULL)
- ldif_store_string(attr, role->runasusers, true);
- } else if (strncmp(line, "sudoRunAsUser:", 14) == 0) {
- attr = ldif_parse_attribute(line + 14);
- if (attr != NULL)
- ldif_store_string(attr, role->runasusers, true);
- } else if (strncmp(line, "sudoRunAsGroup:", 15) == 0) {
- attr = ldif_parse_attribute(line + 15);
- if (attr != NULL)
- ldif_store_string(attr, role->runasgroups, true);
- } else if (strncmp(line, "sudoCommand:", 12) == 0) {
- attr = ldif_parse_attribute(line + 12);
- if (attr != NULL)
- ldif_store_string(attr, role->cmnds, false);
- } else if (strncmp(line, "sudoOption:", 11) == 0) {
- attr = ldif_parse_attribute(line + 11);
- if (attr != NULL)
- ldif_store_string(attr, role->options, false);
- } else if (strncmp(line, "sudoOrder:", 10) == 0) {
+ } else if (strcasecmp(name, "sudoUser") == 0) {
+ ldif_store_string(attr, role->users, true);
+ } else if (strcasecmp(name, "sudoHost") == 0) {
+ ldif_store_string(attr, role->hosts, true);
+ } else if (strcasecmp(name, "sudoRunAs") == 0) {
+ ldif_store_string(attr, role->runasusers, true);
+ } else if (strcasecmp(name, "sudoRunAsUser") == 0) {
+ ldif_store_string(attr, role->runasusers, true);
+ } else if (strcasecmp(name, "sudoRunAsGroup") == 0) {
+ ldif_store_string(attr, role->runasgroups, true);
+ } else if (strcasecmp(name, "sudoCommand") == 0) {
+ ldif_store_string(attr, role->cmnds, false);
+ } else if (strcasecmp(name, "sudoOption") == 0) {
+ ldif_store_string(attr, role->options, false);
+ } else if (strcasecmp(name, "sudoOrder") == 0) {
char *ep;
- attr = ldif_parse_attribute(line + 10);
- if (attr != NULL) {
- role->order = strtod(attr, &ep);
- if (ep == attr || *ep != '\0')
- sudo_warnx(U_("invalid sudoOrder attribute: %s"), attr);
+ role->order = strtod(attr, &ep);
+ if (ep == attr || *ep != '\0') {
+ sudo_warnx(U_("invalid sudoOrder attribute: %s"), attr);
+ errors++;
}
- } else if (strncmp(line, "sudoNotBefore:", 14) == 0) {
- attr = ldif_parse_attribute(line + 14);
- if (attr != NULL) {
- free(role->notbefore);
- role->notbefore = strdup(attr);
- if (role->notbefore == NULL) {
- sudo_fatalx(U_("%s: %s"), __func__,
- U_("unable to allocate memory"));
- }
+ } else if (strcasecmp(name, "sudoNotBefore") == 0) {
+ free(role->notbefore);
+ role->notbefore = strdup(attr);
+ if (role->notbefore == NULL) {
+ sudo_fatalx(U_("%s: %s"), __func__,
+ U_("unable to allocate memory"));
}
- } else if (strncmp(line, "sudoNotAfter:", 13) == 0) {
- attr = ldif_parse_attribute(line + 13);
- if (attr != NULL) {
- free(role->notafter);
- role->notafter = strdup(attr);
- if (role->notafter == NULL) {
- sudo_fatalx(U_("%s: %s"), __func__,
- U_("unable to allocate memory"));
- }
+ } else if (strcasecmp(name, "sudoNotAfter") == 0) {
+ free(role->notafter);
+ role->notafter = strdup(attr);
+ if (role->notafter == NULL) {
+ sudo_fatalx(U_("%s: %s"), __func__,
+ U_("unable to allocate memory"));
}
}
}
@@ -772,5 +764,5 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree,
if (fp != stdin)
fclose(fp);
- debug_return_bool(true);
+ debug_return_bool(errors == 0);
}
diff --git a/plugins/sudoers/po/eo.mo b/plugins/sudoers/po/eo.mo
index 2e4640d..ad2b2c2 100644
--- a/plugins/sudoers/po/eo.mo
+++ b/plugins/sudoers/po/eo.mo
Binary files differ
diff --git a/plugins/sudoers/po/eo.po b/plugins/sudoers/po/eo.po
index 9c5ce33..1eb964c 100644
--- a/plugins/sudoers/po/eo.po
+++ b/plugins/sudoers/po/eo.po
@@ -1,14 +1,15 @@
# Esperanto translations for sudo package.
-# This file is put in the public domain.
+# This file is distributed under the same license as the sudo package.
+# Keith Bowes <zooplah@gmail.com>, 2012, 2019.
# Felipe Castro <fefcas@gmail.com>, 2013, 2014, 2015, 2016, 2017, 2018, 2019.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.28b1\n"
+"Project-Id-Version: sudoers 1.8.29rc1\n"
"Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n"
-"POT-Creation-Date: 2019-07-19 10:39-0600\n"
-"PO-Revision-Date: 2019-07-23 10:06-0300\n"
-"Last-Translator: Felipe Castro <fefcas@gmail.com>\n"
+"POT-Creation-Date: 2019-10-21 19:55-0600\n"
+"PO-Revision-Date: 2019-10-26 17:40-0400\n"
+"Last-Translator: Keith Bowes <zooplah@gmail.com>\n"
"Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
"Language: eo\n"
"MIME-Version: 1.0\n"
@@ -42,16 +43,16 @@ msgstr "*** SEKURECO: informoj por %h ***"
msgid "Sorry, try again."
msgstr "Malĝuste, reprovu."
-#: gram.y:194 gram.y:242 gram.y:249 gram.y:256 gram.y:263 gram.y:270
-#: gram.y:286 gram.y:310 gram.y:317 gram.y:324 gram.y:331 gram.y:338
-#: gram.y:401 gram.y:409 gram.y:419 gram.y:452 gram.y:459 gram.y:466
-#: gram.y:473 gram.y:555 gram.y:562 gram.y:571 gram.y:580 gram.y:597
-#: gram.y:709 gram.y:716 gram.y:723 gram.y:731 gram.y:831 gram.y:838
-#: gram.y:845 gram.y:852 gram.y:859 gram.y:885 gram.y:892 gram.y:899
-#: gram.y:1022 gram.y:1296 plugins/sudoers/alias.c:132
+#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272
+#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340
+#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470
+#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601
+#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842
+#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903
+#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132
#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155
#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123
-#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:656
+#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670
#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64
#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165
#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193
@@ -65,64 +66,64 @@ msgstr "Malĝuste, reprovu."
#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389
#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414
#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570
-#: plugins/sudoers/defaults.c:664 plugins/sudoers/defaults.c:957
-#: plugins/sudoers/defaults.c:1128 plugins/sudoers/editor.c:72
+#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959
+#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72
#: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101
#: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66
#: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59
#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78
-#: plugins/sudoers/iolog.c:941 plugins/sudoers/iolog_path.c:174
-#: plugins/sudoers/iolog_util.c:85 plugins/sudoers/iolog_util.c:124
-#: plugins/sudoers/iolog_util.c:133 plugins/sudoers/iolog_util.c:143
-#: plugins/sudoers/iolog_util.c:151 plugins/sudoers/iolog_util.c:155
+#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174
+#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125
+#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144
+#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156
#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416
#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432
#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887
-#: plugins/sudoers/ldap.c:1235 plugins/sudoers/ldap.c:1662
-#: plugins/sudoers/ldap.c:1699 plugins/sudoers/ldap.c:1780
-#: plugins/sudoers/ldap.c:1915 plugins/sudoers/ldap.c:2016
-#: plugins/sudoers/ldap.c:2032 plugins/sudoers/ldap_conf.c:223
+#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668
+#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786
+#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022
+#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223
#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306
-#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:445
-#: plugins/sudoers/ldap_conf.c:460 plugins/sudoers/ldap_conf.c:557
-#: plugins/sudoers/ldap_conf.c:590 plugins/sudoers/ldap_conf.c:682
-#: plugins/sudoers/ldap_conf.c:764 plugins/sudoers/ldap_util.c:510
-#: plugins/sudoers/ldap_util.c:566 plugins/sudoers/linux_audit.c:83
-#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:519
-#: plugins/sudoers/logging.c:545 plugins/sudoers/logging.c:586
-#: plugins/sudoers/logging.c:727 plugins/sudoers/logging.c:1087
+#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446
+#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558
+#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683
+#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510
+#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83
+#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532
+#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100
#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367
-#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:482
-#: plugins/sudoers/match_digest.c:67 plugins/sudoers/parse.c:200
+#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485
+#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200
#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227
-#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:143
-#: plugins/sudoers/parse_ldif.c:170 plugins/sudoers/parse_ldif.c:239
-#: plugins/sudoers/parse_ldif.c:246 plugins/sudoers/parse_ldif.c:251
-#: plugins/sudoers/parse_ldif.c:327 plugins/sudoers/parse_ldif.c:338
-#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:369
-#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:385
-#: plugins/sudoers/parse_ldif.c:399 plugins/sudoers/parse_ldif.c:566
-#: plugins/sudoers/parse_ldif.c:596 plugins/sudoers/parse_ldif.c:621
-#: plugins/sudoers/parse_ldif.c:681 plugins/sudoers/parse_ldif.c:700
-#: plugins/sudoers/parse_ldif.c:746 plugins/sudoers/parse_ldif.c:756
-#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:746
+#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156
+#: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256
+#: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268
+#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355
+#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386
+#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402
+#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584
+#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639
+#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714
+#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749
+#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750
#: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199
-#: plugins/sudoers/pwutil.c:272 plugins/sudoers/pwutil.c:350
-#: plugins/sudoers/pwutil.c:524 plugins/sudoers/pwutil.c:590
-#: plugins/sudoers/pwutil.c:661 plugins/sudoers/pwutil.c:820
-#: plugins/sudoers/pwutil.c:878 plugins/sudoers/pwutil.c:923
-#: plugins/sudoers/pwutil.c:982 plugins/sudoers/sssd.c:154
+#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348
+#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586
+#: plugins/sudoers/pwutil.c:657 plugins/sudoers/pwutil.c:816
+#: plugins/sudoers/pwutil.c:873 plugins/sudoers/pwutil.c:917
+#: plugins/sudoers/pwutil.c:975 plugins/sudoers/sssd.c:154
#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463
#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554
-#: plugins/sudoers/sssd.c:745 plugins/sudoers/stubs.c:103
-#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:271
-#: plugins/sudoers/sudoers.c:281 plugins/sudoers/sudoers.c:290
-#: plugins/sudoers/sudoers.c:332 plugins/sudoers/sudoers.c:655
-#: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:825
-#: plugins/sudoers/sudoers.c:1119 plugins/sudoers/sudoers_debug.c:114
-#: plugins/sudoers/sudoreplay.c:581 plugins/sudoers/sudoreplay.c:584
-#: plugins/sudoers/sudoreplay.c:1261 plugins/sudoers/sudoreplay.c:1461
-#: plugins/sudoers/sudoreplay.c:1465 plugins/sudoers/testsudoers.c:136
+#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103
+#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273
+#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292
+#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657
+#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830
+#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114
+#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587
+#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465
+#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136
#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253
#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439
#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960
@@ -136,27 +137,27 @@ msgstr "Malĝuste, reprovu."
msgid "unable to allocate memory"
msgstr "ne eblas rezervi memoron"
-#: gram.y:484
+#: gram.y:488
msgid "a digest requires a path name"
msgstr "resumo postulas vojnomon"
-#: gram.y:610
+#: gram.y:614
msgid "invalid notbefore value"
msgstr "malvalida valoro notafter"
-#: gram.y:618
+#: gram.y:622
msgid "invalid notafter value"
msgstr "validiga valoro notafter"
-#: gram.y:627 plugins/sudoers/policy.c:320
+#: gram.y:631 plugins/sudoers/policy.c:320
msgid "timeout value too large"
msgstr "eksvalidiĝo-valoro tro grandas"
-#: gram.y:629 plugins/sudoers/policy.c:322
+#: gram.y:633 plugins/sudoers/policy.c:322
msgid "invalid timeout value"
msgstr "malvalida eksvalidiĝo-valoro"
-#: gram.y:1296 plugins/sudoers/auth/pam.c:468 plugins/sudoers/auth/pam.c:656
+#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670
#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124
#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181
#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304
@@ -169,46 +170,46 @@ msgstr "malvalida eksvalidiĝo-valoro"
#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333
#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396
#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422
-#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:664
-#: plugins/sudoers/defaults.c:957 plugins/sudoers/defaults.c:1128
+#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666
+#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130
#: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90
#: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268
#: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82
#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138
-#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:941
-#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:85
-#: plugins/sudoers/iolog_util.c:124 plugins/sudoers/iolog_util.c:133
-#: plugins/sudoers/iolog_util.c:143 plugins/sudoers/iolog_util.c:151
-#: plugins/sudoers/iolog_util.c:155 plugins/sudoers/ldap.c:185
+#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943
+#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86
+#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134
+#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152
+#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185
#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420
#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723
-#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1235
-#: plugins/sudoers/ldap.c:1662 plugins/sudoers/ldap.c:1699
-#: plugins/sudoers/ldap.c:1780 plugins/sudoers/ldap.c:1915
-#: plugins/sudoers/ldap.c:2016 plugins/sudoers/ldap.c:2032
+#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241
+#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705
+#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921
+#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038
#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254
#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342
-#: plugins/sudoers/ldap_conf.c:445 plugins/sudoers/ldap_conf.c:460
-#: plugins/sudoers/ldap_conf.c:557 plugins/sudoers/ldap_conf.c:590
-#: plugins/sudoers/ldap_conf.c:681 plugins/sudoers/ldap_conf.c:764
-#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:566
+#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461
+#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591
+#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765
+#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567
#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202
-#: plugins/sudoers/logging.c:519 plugins/sudoers/logging.c:545
-#: plugins/sudoers/logging.c:585 plugins/sudoers/logging.c:1087
+#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558
+#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100
#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366
-#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:482
-#: plugins/sudoers/match_digest.c:67 plugins/sudoers/parse.c:199
+#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485
+#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199
#: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226
-#: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:142
-#: plugins/sudoers/parse_ldif.c:169 plugins/sudoers/parse_ldif.c:238
-#: plugins/sudoers/parse_ldif.c:245 plugins/sudoers/parse_ldif.c:250
-#: plugins/sudoers/parse_ldif.c:326 plugins/sudoers/parse_ldif.c:337
-#: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:368
-#: plugins/sudoers/parse_ldif.c:380 plugins/sudoers/parse_ldif.c:384
-#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:566
-#: plugins/sudoers/parse_ldif.c:595 plugins/sudoers/parse_ldif.c:620
-#: plugins/sudoers/parse_ldif.c:680 plugins/sudoers/parse_ldif.c:699
-#: plugins/sudoers/parse_ldif.c:745 plugins/sudoers/parse_ldif.c:755
+#: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155
+#: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255
+#: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267
+#: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354
+#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385
+#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401
+#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584
+#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638
+#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713
+#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748
#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143
#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178
#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320
@@ -216,26 +217,26 @@ msgstr "malvalida eksvalidiĝo-valoro"
#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402
#: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421
#: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504
-#: plugins/sudoers/policy.c:746 plugins/sudoers/prompt.c:100
-#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:272
-#: plugins/sudoers/pwutil.c:350 plugins/sudoers/pwutil.c:524
-#: plugins/sudoers/pwutil.c:590 plugins/sudoers/pwutil.c:661
-#: plugins/sudoers/pwutil.c:820 plugins/sudoers/pwutil.c:878
-#: plugins/sudoers/pwutil.c:923 plugins/sudoers/pwutil.c:982
+#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100
+#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270
+#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522
+#: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657
+#: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873
+#: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975
#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775
#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493
#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153
#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463
#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554
-#: plugins/sudoers/sssd.c:745 plugins/sudoers/stubs.c:103
-#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:271
-#: plugins/sudoers/sudoers.c:281 plugins/sudoers/sudoers.c:290
-#: plugins/sudoers/sudoers.c:332 plugins/sudoers/sudoers.c:655
-#: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:825
-#: plugins/sudoers/sudoers.c:1119 plugins/sudoers/sudoers_debug.c:113
-#: plugins/sudoers/sudoreplay.c:581 plugins/sudoers/sudoreplay.c:584
-#: plugins/sudoers/sudoreplay.c:1261 plugins/sudoers/sudoreplay.c:1461
-#: plugins/sudoers/sudoreplay.c:1465 plugins/sudoers/testsudoers.c:136
+#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103
+#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273
+#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292
+#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657
+#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830
+#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113
+#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587
+#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465
+#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136
#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253
#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439
#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960
@@ -255,11 +256,11 @@ msgstr "%s: %s"
msgid "Alias \"%s\" already defined"
msgstr "Kromnomo \"%s\" jam ekzistas"
-#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:788
+#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801
msgid "unable to fork"
msgstr "ne eblas forki"
-#: plugins/sudoers/auth/aix_auth.c:281
+#: plugins/sudoers/auth/aix_auth.c:283
#, c-format
msgid "unable to change password for %s"
msgstr "ne eblas ŝanĝi pasvorton por %s"
@@ -356,37 +357,38 @@ msgstr "%s: ne eblas atingi gastiganton ĉefan: %s"
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: Ne eblas kontroli TGT! Ebla atako!: %s"
-#: plugins/sudoers/auth/pam.c:200
-msgid "unable to initialize PAM"
-msgstr "ne eblas ekigi PAM"
+#: plugins/sudoers/auth/pam.c:223
+#, c-format
+msgid "unable to initialize PAM: %s"
+msgstr "ne eblas ekigi PAM: %s"
-#: plugins/sudoers/auth/pam.c:299
+#: plugins/sudoers/auth/pam.c:319
#, c-format
msgid "PAM authentication error: %s"
msgstr "Eraro de aŭtentikiga servilo: %s"
-#: plugins/sudoers/auth/pam.c:318
+#: plugins/sudoers/auth/pam.c:338
msgid "account validation failure, is your account locked?"
msgstr "malsukceso ĉe konta validigo, ĉu via konto estas ŝlosita?"
-#: plugins/sudoers/auth/pam.c:329
+#: plugins/sudoers/auth/pam.c:349
msgid "Account or password is expired, reset your password and try again"
msgstr "Konto aŭ pasvorto eksvalidiĝis, restarigu vian pasvorton kaj reprovu"
-#: plugins/sudoers/auth/pam.c:337
+#: plugins/sudoers/auth/pam.c:355
#, c-format
msgid "unable to change expired password: %s"
msgstr "ne eblas ŝanĝi eksvalidan pasvorton: %s"
-#: plugins/sudoers/auth/pam.c:348
+#: plugins/sudoers/auth/pam.c:366
msgid "Password expired, contact your system administrator"
msgstr "Pasvorto eksvalidiĝis, kontaktu vian sistemestron"
-#: plugins/sudoers/auth/pam.c:353
+#: plugins/sudoers/auth/pam.c:371
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Konto eksvalidiĝis aŭ PAM-agordon malhavas sekcion \"account\" por sudo, kontaktu vian sistemestron"
-#: plugins/sudoers/auth/pam.c:361 plugins/sudoers/auth/pam.c:367
+#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384
#, c-format
msgid "PAM account management error: %s"
msgstr "Eraro de administro de konto PAM: %s"
@@ -485,14 +487,14 @@ msgstr ""
"\n"
#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322
-#: plugins/sudoers/sudoers.c:698 plugins/sudoers/sudoers.c:743
+#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748
#: plugins/sudoers/tsdump.c:126
#, c-format
msgid "unknown uid: %u"
msgstr "nekonata uid: %u"
#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255
-#: plugins/sudoers/policy.c:917 plugins/sudoers/sudoers.c:1158
+#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163
#: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400
#, c-format
msgid "unknown user: %s"
@@ -539,13 +541,13 @@ msgstr "nesubtenata elig-formo %s"
msgid "%s: input and output files must be different"
msgstr "%s: eliga kaj eniga dosieroj devas esti malsamaj"
-#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:174
+#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176
#: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254
#: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933
msgid "unable to initialize sudoers default values"
msgstr "ne eblas ekigi aŭtomatajn valorojn de sudoers"
-#: plugins/sudoers/cvtsudoers.c:421 plugins/sudoers/ldap_conf.c:435
+#: plugins/sudoers/cvtsudoers.c:421 plugins/sudoers/ldap_conf.c:436
#, c-format
msgid "%s: %s: %s: %s"
msgstr "%s: %s: %s: %s"
@@ -573,8 +575,8 @@ msgstr "malvalida filtro: %s"
#: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639
#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130
#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413
-#: plugins/sudoers/iolog_util.c:74 plugins/sudoers/sudoers.c:909
-#: plugins/sudoers/sudoreplay.c:335 plugins/sudoers/sudoreplay.c:1427
+#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914
+#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431
#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135
#: plugins/sudoers/visudo.c:929
#, c-format
@@ -597,7 +599,7 @@ msgid "parse error in %s\n"
msgstr "analiza eraro en %s\n"
#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500
-#: plugins/sudoers/sudoreplay.c:1131 plugins/sudoers/timestamp.c:332
+#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332
#: plugins/sudoers/timestamp.c:335
#, c-format
msgid "unable to write to %s"
@@ -673,11 +675,11 @@ msgstr "ne eblas aranĝi tempo-indikilon"
#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330
#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442
#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727
-#: plugins/sudoers/ldap.c:1054 plugins/sudoers/ldap_conf.c:227
+#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227
#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89
-#: plugins/sudoers/logging.c:1092 plugins/sudoers/policy.c:625
+#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625
#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168
-#: plugins/sudoers/sudoers.c:847 plugins/sudoers/testsudoers.c:257
+#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257
#: plugins/sudoers/toke_util.c:161
#, c-format
msgid "internal error, %s overflow"
@@ -1200,6 +1202,14 @@ msgstr "Preteratenti usklecon dum kongruo al uzantnomoj"
msgid "Ignore case when matching group names"
msgstr "Preteratenti usklecon dum kongruo al grupnomoj"
+#: plugins/sudoers/def_data.c:502
+msgid "Log when a command is allowed by sudoers"
+msgstr "Protokoli kiam komando estas permesata de sudoers"
+
+#: plugins/sudoers/def_data.c:506
+msgid "Log when a command is denied by sudoers"
+msgstr "Protokoli kiam komando estas malpermesata de sudoers"
+
#: plugins/sudoers/defaults.c:231
#, c-format
msgid "%s:%d unknown defaults entry \"%s\""
@@ -1303,7 +1313,7 @@ msgstr "%s devas esti estrata de uid %d"
msgid "%s must only be writable by owner"
msgstr "%s devas esti skribebla nur de estro"
-#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:563
+#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562
#, c-format
msgid "unable to load %s: %s"
msgstr "ne eblas ŝarĝi je %s: %s"
@@ -1349,67 +1359,67 @@ msgstr "ne eblas mkdir-i: %s"
msgid "unable to change mode of %s to 0%o"
msgstr "ne eblas ŝanĝi reĝimon de %s al 0%o"
-#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1189
+#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194
#: plugins/sudoers/testsudoers.c:424
#, c-format
msgid "unknown group: %s"
msgstr "nekonata grupo: %s"
-#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:913
-#: plugins/sudoers/sudoreplay.c:842 plugins/sudoers/sudoreplay.c:1538
+#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918
+#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542
#: plugins/sudoers/tsdump.c:145
#, c-format
msgid "unable to read %s"
msgstr "ne eblas legi %s"
-#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:799
+#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801
#, c-format
msgid "unable to create %s"
msgstr "ne eblas krei: %s"
-#: plugins/sudoers/iolog.c:822 plugins/sudoers/iolog.c:1037
-#: plugins/sudoers/iolog.c:1113 plugins/sudoers/iolog.c:1207
-#: plugins/sudoers/iolog.c:1267
+#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039
+#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209
+#: plugins/sudoers/iolog.c:1270
#, c-format
msgid "unable to write to I/O log file: %s"
msgstr "ne eblas skribi al eneliga protokoldosiero: %s"
-#: plugins/sudoers/iolog.c:1071
+#: plugins/sudoers/iolog.c:1073
#, c-format
msgid "%s: internal error, I/O log file for event %d not open"
msgstr "%s: interna eraro, protokola dosiero de en/eligo por evento %d ne estas malferma"
-#: plugins/sudoers/iolog.c:1230
+#: plugins/sudoers/iolog.c:1233
#, c-format
msgid "%s: internal error, invalid signal %d"
msgstr "%s: interna eraro, malvalida signalo %d"
-#: plugins/sudoers/iolog_util.c:89
+#: plugins/sudoers/iolog_util.c:90
#, c-format
msgid "%s: invalid log file"
msgstr "%s: malvalida protokolo-dosiero"
-#: plugins/sudoers/iolog_util.c:107
+#: plugins/sudoers/iolog_util.c:108
#, c-format
msgid "%s: time stamp field is missing"
msgstr "%s: mankas temp-indikila kampo"
-#: plugins/sudoers/iolog_util.c:113
+#: plugins/sudoers/iolog_util.c:114
#, c-format
msgid "%s: time stamp %s: %s"
msgstr "%s: temp-indikilo %s: %s"
-#: plugins/sudoers/iolog_util.c:120
+#: plugins/sudoers/iolog_util.c:121
#, c-format
msgid "%s: user field is missing"
msgstr "%s: mankas kampo de uzanto"
-#: plugins/sudoers/iolog_util.c:129
+#: plugins/sudoers/iolog_util.c:130
#, c-format
msgid "%s: runas user field is missing"
msgstr "%s: mankas kampo de runa uzanto"
-#: plugins/sudoers/iolog_util.c:138
+#: plugins/sudoers/iolog_util.c:139
#, c-format
msgid "%s: runas group field is missing"
msgstr "%s: mankas kampo de runa grupo"
@@ -1428,16 +1438,16 @@ msgstr "ne eblas ekigi SSL-asertilon kaj ŝlosilan datumbazon: %s"
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "por uzi SSL, TLS_CERT devas havi valoron en %s"
-#: plugins/sudoers/ldap.c:1614
+#: plugins/sudoers/ldap.c:1620
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "ne eblas ekigi LDAP-on: %s"
-#: plugins/sudoers/ldap.c:1650
+#: plugins/sudoers/ldap.c:1656
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls specifita sed LDAP-bibliotekoj ne havas la funkciojn ldap_start_tls_s() kaj ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:1787 plugins/sudoers/parse_ldif.c:737
+#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "malvalida atributo de sudoOrder: %s"
@@ -1493,55 +1503,55 @@ msgstr "ne eblas ŝlosi protokolon: %s"
msgid "unable to write log file: %s"
msgstr "ne eblas skribi al protokolo: %s"
-#: plugins/sudoers/logging.c:247
+#: plugins/sudoers/logging.c:248
msgid "No user or host"
msgstr "Neniu uzanto aŭ gastiganto"
-#: plugins/sudoers/logging.c:249
+#: plugins/sudoers/logging.c:250
msgid "validation failure"
msgstr "validiga malsukceso"
-#: plugins/sudoers/logging.c:256
+#: plugins/sudoers/logging.c:261
msgid "user NOT in sudoers"
msgstr "uzanto NE estas en sudoers"
-#: plugins/sudoers/logging.c:258
+#: plugins/sudoers/logging.c:263
msgid "user NOT authorized on host"
msgstr "uzanto NE permesata en gastiganto"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:265
msgid "command not allowed"
msgstr "komando ne permesata"
-#: plugins/sudoers/logging.c:295
+#: plugins/sudoers/logging.c:301
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s ne estas en la dosiero sudoers. Ĉi tiu estos raportita.\n"
-#: plugins/sudoers/logging.c:298
+#: plugins/sudoers/logging.c:304
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s ne estas permesata plenumigi sudo-on en %s. Ĉi tio estos raportita.\n"
-#: plugins/sudoers/logging.c:302
+#: plugins/sudoers/logging.c:308
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Bedaŭre uzanto %s ne rajtas plenumigi sudo en %s.\n"
-#: plugins/sudoers/logging.c:305
+#: plugins/sudoers/logging.c:311
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Bedaŭre uzanto %s ne rajtas plenumigi '%s%s%s' kiel %s%s%s en %s.\n"
-#: plugins/sudoers/logging.c:342 plugins/sudoers/sudoers.c:440
-#: plugins/sudoers/sudoers.c:442 plugins/sudoers/sudoers.c:444
-#: plugins/sudoers/sudoers.c:446 plugins/sudoers/sudoers.c:601
-#: plugins/sudoers/sudoers.c:603
+#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442
+#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446
+#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603
+#: plugins/sudoers/sudoers.c:605
#, c-format
msgid "%s: command not found"
msgstr "%s: komando ne trovita"
-#: plugins/sudoers/logging.c:344 plugins/sudoers/sudoers.c:436
+#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438
#, c-format
msgid ""
"ignoring \"%s\" found in '.'\n"
@@ -1550,47 +1560,47 @@ msgstr ""
"ni malatentas \"%s\" trovita en '.'\n"
"Uzu \"sudo ./%s\" se tio estas la \"%s\" , kiun vi volas plenumigi."
-#: plugins/sudoers/logging.c:361
+#: plugins/sudoers/logging.c:367
msgid "authentication failure"
msgstr "aŭtentiga malsukceso"
-#: plugins/sudoers/logging.c:387
+#: plugins/sudoers/logging.c:393
msgid "a password is required"
msgstr "pasvorto estas bezonata"
-#: plugins/sudoers/logging.c:450
+#: plugins/sudoers/logging.c:463
#, c-format
msgid "%u incorrect password attempt"
msgid_plural "%u incorrect password attempts"
msgstr[0] "%u malĝusta pasvorta provo"
msgstr[1] "%u malĝustaj pasvortaj provoj"
-#: plugins/sudoers/logging.c:715
+#: plugins/sudoers/logging.c:728
#, c-format
msgid "unable to dup stdin: %m"
msgstr "ne eblas kopii enigon: %m"
-#: plugins/sudoers/logging.c:755
+#: plugins/sudoers/logging.c:768
#, c-format
msgid "unable to execute %s: %m"
msgstr "ne eblas plenumigi %s-on: %m"
-#: plugins/sudoers/logging.c:796 plugins/sudoers/logging.c:852
+#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865
#, c-format
msgid "unable to fork: %m"
msgstr "ne eblas forki: %m"
-#: plugins/sudoers/logging.c:842
+#: plugins/sudoers/logging.c:855
#, c-format
msgid "unable to open pipe: %m"
msgstr "ne eblas malfermi tubon: %m"
-#: plugins/sudoers/match_digest.c:100
+#: plugins/sudoers/match_digest.c:103
#, c-format
msgid "digest for %s (%s) is not in %s form"
msgstr "resumo por %s (%s) ne estas laŭ la formo %s"
-#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:938
+#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943
#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733
#, c-format
msgid "unable to stat %s"
@@ -1629,41 +1639,41 @@ msgstr " RunAsGroups: "
msgid " Options: "
msgstr " Modifiloj: "
-#: plugins/sudoers/parse.c:535
+#: plugins/sudoers/parse.c:529
#, c-format
msgid " Commands:\n"
msgstr " Komandoj:\n"
-#: plugins/sudoers/parse.c:726
+#: plugins/sudoers/parse.c:720
#, c-format
msgid "Matching Defaults entries for %s on %s:\n"
msgstr "Kongruantaj eroj de Defaults: %s en %s:\n"
-#: plugins/sudoers/parse.c:744
+#: plugins/sudoers/parse.c:738
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Plenumigkiela komando-specifaj aŭtomataĵoj por %s:\n"
-#: plugins/sudoers/parse.c:762
+#: plugins/sudoers/parse.c:756
#, c-format
msgid "User %s may run the following commands on %s:\n"
msgstr "Uzanto %s rajtas plenumigi la jenajn komandojn en %s:\n"
-#: plugins/sudoers/parse.c:777
+#: plugins/sudoers/parse.c:771
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Uzanto %s ne rajtas plenumigi sudo-on en %s.\n"
-#: plugins/sudoers/parse_ldif.c:147
-#, c-format
-msgid "ignoring invalid attribute value: %s"
-msgstr "ni preteratentas malvalidan atribut-valoron: %s"
-
-#: plugins/sudoers/parse_ldif.c:586
+#: plugins/sudoers/parse_ldif.c:604
#, c-format
msgid "ignoring incomplete sudoRole: cn: %s"
msgstr "ni preteratentas malkompletan sudoRole: cn: %s"
+#: plugins/sudoers/parse_ldif.c:664
+#, c-format
+msgid "invalid LDIF attribute: %s"
+msgstr "malvalida LDIF-atributo: %s"
+
#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116
#, c-format
msgid "invalid %.*s set by sudo front-end"
@@ -1678,34 +1688,34 @@ msgid "user name not set by sudo front-end"
msgstr "uzantnomo ne difinita de sudo-fasado"
#: plugins/sudoers/policy.c:443
-msgid "user ID not set by sudo front-end"
+msgid "user-ID not set by sudo front-end"
msgstr "uzanto-ID ne difinita de sudo-fasado"
#: plugins/sudoers/policy.c:447
-msgid "group ID not set by sudo front-end"
+msgid "group-ID not set by sudo front-end"
msgstr "grupo-ID ne difinita de sudo-fasado"
#: plugins/sudoers/policy.c:451
msgid "host name not set by sudo front-end"
msgstr "gastiganta nomo ne difinita de sudo-fasado"
-#: plugins/sudoers/policy.c:804 plugins/sudoers/visudo.c:236
+#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236
#: plugins/sudoers/visudo.c:867
#, c-format
msgid "unable to execute %s"
msgstr "ne eblas plenumigi: %s"
-#: plugins/sudoers/policy.c:935
+#: plugins/sudoers/policy.c:939
#, c-format
msgid "Sudoers policy plugin version %s\n"
msgstr "Eldono %s de la konduta kromprogramo\n"
-#: plugins/sudoers/policy.c:937
+#: plugins/sudoers/policy.c:941
#, c-format
msgid "Sudoers file grammar version %d\n"
msgstr "Eldono %d de la gramatikilo de sudoers\n"
-#: plugins/sudoers/policy.c:941
+#: plugins/sudoers/policy.c:945
#, c-format
msgid ""
"\n"
@@ -1714,86 +1724,86 @@ msgstr ""
"\n"
"Vojo de sudoers: %s\n"
-#: plugins/sudoers/policy.c:944
+#: plugins/sudoers/policy.c:948
#, c-format
msgid "nsswitch path: %s\n"
msgstr "vojo de nsswitch: %s\n"
-#: plugins/sudoers/policy.c:946
+#: plugins/sudoers/policy.c:950
#, c-format
msgid "ldap.conf path: %s\n"
msgstr "vojo de ldap.conf: %s\n"
-#: plugins/sudoers/policy.c:947
+#: plugins/sudoers/policy.c:951
#, c-format
msgid "ldap.secret path: %s\n"
msgstr "vojo de ldap.secret: %s\n"
-#: plugins/sudoers/policy.c:980
+#: plugins/sudoers/policy.c:984
#, c-format
msgid "unable to register hook of type %d (version %d.%d)"
msgstr "ne eblas registri hokon el tipo %d (versio %d.%d)"
-#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:241
+#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240
#, c-format
-msgid "unable to cache uid %u, out of memory"
-msgstr "ne eblas konservi uid-on %u, memoro plenplena"
+msgid "unable to cache uid %u"
+msgstr "ne eblas konservi uid-on %u"
-#: plugins/sudoers/pwutil.c:235
+#: plugins/sudoers/pwutil.c:234
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "ne eblas konservi uid-on %u, jam ekzistas"
-#: plugins/sudoers/pwutil.c:296 plugins/sudoers/pwutil.c:314
-#: plugins/sudoers/pwutil.c:377 plugins/sudoers/pwutil.c:422
+#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312
+#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420
#, c-format
-msgid "unable to cache user %s, out of memory"
-msgstr "ne eblas konservi uzanton %s, memoro plenplena"
+msgid "unable to cache user %s"
+msgstr "ne eblas krei tenejan uzanton: %s"
-#: plugins/sudoers/pwutil.c:309
+#: plugins/sudoers/pwutil.c:307
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "ne eblas konservi uzanton %s, jam ekzistas"
-#: plugins/sudoers/pwutil.c:541 plugins/sudoers/pwutil.c:560
+#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557
#, c-format
-msgid "unable to cache gid %u, out of memory"
-msgstr "ne eblas konservi gid-on %u, memoro plenplena"
+msgid "unable to cache gid %u"
+msgstr "ne eblas konservi gid-on %u"
-#: plugins/sudoers/pwutil.c:554
+#: plugins/sudoers/pwutil.c:551
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "ne eblas konservi gid-on %u, jam ekzistas"
-#: plugins/sudoers/pwutil.c:608 plugins/sudoers/pwutil.c:626
-#: plugins/sudoers/pwutil.c:674 plugins/sudoers/pwutil.c:716
+#: plugins/sudoers/pwutil.c:604 plugins/sudoers/pwutil.c:622
+#: plugins/sudoers/pwutil.c:670 plugins/sudoers/pwutil.c:712
#, c-format
-msgid "unable to cache group %s, out of memory"
-msgstr "ne eblas konservi grupon %s, memoro plenplena"
+msgid "unable to cache group %s"
+msgstr "ne eblas konservi grupon %s"
-#: plugins/sudoers/pwutil.c:621
+#: plugins/sudoers/pwutil.c:617
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "ne eblas konservi grupon %s, jam ekzistas"
-#: plugins/sudoers/pwutil.c:843 plugins/sudoers/pwutil.c:896
-#: plugins/sudoers/pwutil.c:947 plugins/sudoers/pwutil.c:1001
+#: plugins/sudoers/pwutil.c:839 plugins/sudoers/pwutil.c:891
+#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:994
#, c-format
msgid "unable to cache group list for %s, already exists"
msgstr "ne eblas konservi grupan liston por %s, jam ekzistas"
-#: plugins/sudoers/pwutil.c:849 plugins/sudoers/pwutil.c:901
-#: plugins/sudoers/pwutil.c:953 plugins/sudoers/pwutil.c:1006
+#: plugins/sudoers/pwutil.c:845 plugins/sudoers/pwutil.c:896
+#: plugins/sudoers/pwutil.c:947 plugins/sudoers/pwutil.c:999
#, c-format
-msgid "unable to cache group list for %s, out of memory"
-msgstr "ne eblas konservi grupan liston por %s, memoro plenplena"
+msgid "unable to cache group list for %s"
+msgstr "ne eblas konservi grupliston por %s"
-#: plugins/sudoers/pwutil.c:890
+#: plugins/sudoers/pwutil.c:885
#, c-format
msgid "unable to parse groups for %s"
msgstr "ne eblas trakti grupon en %s"
-#: plugins/sudoers/pwutil.c:995
+#: plugins/sudoers/pwutil.c:988
#, c-format
msgid "unable to parse gids for %s"
msgstr "ne eblas trakti gids por %s"
@@ -1861,93 +1871,93 @@ msgstr "tranĉita ekzamen-vojo argv[0]: %s"
msgid "audit_failure message too long"
msgstr "mesaĝo audit_failure tro longas"
-#: plugins/sudoers/sssd.c:565
+#: plugins/sudoers/sssd.c:564
msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr "ne eblas ekigi SSS-fonton. Ĉu SSSD estas instalita en via maŝino?"
-#: plugins/sudoers/sssd.c:573 plugins/sudoers/sssd.c:582
-#: plugins/sudoers/sssd.c:591 plugins/sudoers/sssd.c:600
-#: plugins/sudoers/sssd.c:609
+#: plugins/sudoers/sssd.c:572 plugins/sudoers/sssd.c:581
+#: plugins/sudoers/sssd.c:590 plugins/sudoers/sssd.c:599
+#: plugins/sudoers/sssd.c:608
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "ne eblas trovi simbolon \"%s\" en %s"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:866
+#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871
msgid "problem with defaults entries"
msgstr "problemoj kun aŭtomataj eroj"
-#: plugins/sudoers/sudoers.c:214
+#: plugins/sudoers/sudoers.c:216
msgid "no valid sudoers sources found, quitting"
msgstr "ne validaj fontotekstoj de sudoers trovita, ĉesiganta"
-#: plugins/sudoers/sudoers.c:252
+#: plugins/sudoers/sudoers.c:254
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers specifas, ke ĉefuzanto ne rajtas sudo-i"
-#: plugins/sudoers/sudoers.c:310
+#: plugins/sudoers/sudoers.c:312
msgid "you are not permitted to use the -C option"
msgstr "vi ne rajtas uzi la parametron -C"
-#: plugins/sudoers/sudoers.c:357
+#: plugins/sudoers/sudoers.c:359
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "tempo-indikila posedanto (%s): Nenia uzanto"
-#: plugins/sudoers/sudoers.c:372
+#: plugins/sudoers/sudoers.c:374
msgid "no tty"
msgstr "neniu tty"
-#: plugins/sudoers/sudoers.c:373
+#: plugins/sudoers/sudoers.c:375
msgid "sorry, you must have a tty to run sudo"
msgstr "bedaŭre vi devas havi tty-on por plenumigi sudo-on"
-#: plugins/sudoers/sudoers.c:435
+#: plugins/sudoers/sudoers.c:437
msgid "command in current directory"
msgstr "komando en nuna dosierujo"
-#: plugins/sudoers/sudoers.c:454
+#: plugins/sudoers/sudoers.c:456
msgid "sorry, you are not allowed set a command timeout"
msgstr "bedaŭre vi ne rajtas elekti komando-eksvalidiĝo"
-#: plugins/sudoers/sudoers.c:462
+#: plugins/sudoers/sudoers.c:464
msgid "sorry, you are not allowed to preserve the environment"
msgstr "bedaŭre vi ne rajtas konservi la medion"
-#: plugins/sudoers/sudoers.c:810
+#: plugins/sudoers/sudoers.c:815
msgid "command too long"
msgstr "komando tro longas"
-#: plugins/sudoers/sudoers.c:942
+#: plugins/sudoers/sudoers.c:947
#, c-format
msgid "%s is not a regular file"
msgstr "%s ne estas normala dosiero"
-#: plugins/sudoers/sudoers.c:946 plugins/sudoers/timestamp.c:259 toke.l:967
+#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s estas estrita de uid %u, devas esti %u"
-#: plugins/sudoers/sudoers.c:950 toke.l:972
+#: plugins/sudoers/sudoers.c:955 toke.l:972
#, c-format
msgid "%s is world writable"
msgstr "%s estas skribebla de ĉiuj"
-#: plugins/sudoers/sudoers.c:954 toke.l:975
+#: plugins/sudoers/sudoers.c:959 toke.l:975
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s estas estrita de gid %u, devas esti %u"
-#: plugins/sudoers/sudoers.c:987
+#: plugins/sudoers/sudoers.c:992
#, c-format
msgid "only root can use \"-c %s\""
msgstr "nur ĉefuzanto rajtas uzi \"-c %s\""
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:1011
#, c-format
msgid "unknown login class: %s"
msgstr "nekonata ensaluta klaso: %s"
-#: plugins/sudoers/sudoers.c:1091 plugins/sudoers/sudoers.c:1105
+#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110
#, c-format
msgid "unable to resolve host %s"
msgstr "ne eblas trovi gastiganton %s"
@@ -1972,105 +1982,109 @@ msgstr "malvalida rapida faktoro: %s"
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s tempo-registrado: %s"
-#: plugins/sudoers/sudoreplay.c:327
+#: plugins/sudoers/sudoreplay.c:326
+#, c-format
+msgid "%s/timing: %s"
+msgstr "%s/tempo-registrado: %s"
+
+#: plugins/sudoers/sudoreplay.c:330
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/tempo-registrado: %s"
-#: plugins/sudoers/sudoreplay.c:343
+#: plugins/sudoers/sudoreplay.c:346
#, c-format
msgid "Replaying sudo session: %s"
msgstr "Refaranta sudo-seancon: %s"
-#: plugins/sudoers/sudoreplay.c:541 plugins/sudoers/sudoreplay.c:588
-#: plugins/sudoers/sudoreplay.c:785 plugins/sudoers/sudoreplay.c:894
-#: plugins/sudoers/sudoreplay.c:979 plugins/sudoers/sudoreplay.c:994
-#: plugins/sudoers/sudoreplay.c:1001 plugins/sudoers/sudoreplay.c:1008
-#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022
-#: plugins/sudoers/sudoreplay.c:1170
+#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591
+#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898
+#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998
+#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012
+#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026
+#: plugins/sudoers/sudoreplay.c:1174
msgid "unable to add event to queue"
msgstr "ne eblas aldoni eventon al atendovico"
-#: plugins/sudoers/sudoreplay.c:656
+#: plugins/sudoers/sudoreplay.c:659
msgid "unable to set tty to raw mode"
msgstr "ne eblas elekti tty-on en nudan reĝimon"
-#: plugins/sudoers/sudoreplay.c:707
-#, c-format
+#: plugins/sudoers/sudoreplay.c:710
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Averto: via terminalo estas tro malgranda por konvene reskribi la protokolon.\n"
-#: plugins/sudoers/sudoreplay.c:708
+#: plugins/sudoers/sudoreplay.c:711
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Protokola grando estas %dx%d, sed via terminala grando estas %dx%d."
-#: plugins/sudoers/sudoreplay.c:736
+#: plugins/sudoers/sudoreplay.c:739
msgid "Replay finished, press any key to restore the terminal."
msgstr "Refarado finita, premu iu ajn klavon por restarigi la terminalon."
-#: plugins/sudoers/sudoreplay.c:768
+#: plugins/sudoers/sudoreplay.c:772
#, c-format
msgid "invalid timing file line: %s"
msgstr "malvalida linio en la tempo-registran dosieron: %s"
-#: plugins/sudoers/sudoreplay.c:1204 plugins/sudoers/sudoreplay.c:1229
+#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "ambigua esprimo \"%s\""
-#: plugins/sudoers/sudoreplay.c:1251
+#: plugins/sudoers/sudoreplay.c:1255
msgid "unmatched ')' in expression"
msgstr "mankas krampo kongruanta al ')' en esprimo"
-#: plugins/sudoers/sudoreplay.c:1255
+#: plugins/sudoers/sudoreplay.c:1259
#, c-format
msgid "unknown search term \"%s\""
msgstr "nekonata serĉaĵo \"%s\""
-#: plugins/sudoers/sudoreplay.c:1270
+#: plugins/sudoers/sudoreplay.c:1274
#, c-format
msgid "%s requires an argument"
msgstr "%s bezonas parametron"
-#: plugins/sudoers/sudoreplay.c:1273 plugins/sudoers/sudoreplay.c:1514
+#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518
#, c-format
msgid "invalid regular expression: %s"
msgstr "malvalida regulesprimo: %s"
-#: plugins/sudoers/sudoreplay.c:1277
+#: plugins/sudoers/sudoreplay.c:1281
#, c-format
msgid "could not parse date \"%s\""
msgstr "ne eblis analizi daton \"%s\""
-#: plugins/sudoers/sudoreplay.c:1286
+#: plugins/sudoers/sudoreplay.c:1290
msgid "unmatched '(' in expression"
msgstr "mankas krampo kongruanta al '(' en esprimo"
-#: plugins/sudoers/sudoreplay.c:1288
+#: plugins/sudoers/sudoreplay.c:1292
msgid "illegal trailing \"or\""
msgstr "malvalida posta \"or\""
-#: plugins/sudoers/sudoreplay.c:1290
+#: plugins/sudoers/sudoreplay.c:1294
msgid "illegal trailing \"!\""
msgstr "malvalida posta \"!\""
-#: plugins/sudoers/sudoreplay.c:1340
+#: plugins/sudoers/sudoreplay.c:1344
#, c-format
msgid "unknown search type %d"
msgstr "nekonata serĉtipo %d"
-#: plugins/sudoers/sudoreplay.c:1607
+#: plugins/sudoers/sudoreplay.c:1611
#, c-format
msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n"
msgstr "uzado: %s [-hnRS] [-d ujo] [-m num] [-s num] ID\n"
-#: plugins/sudoers/sudoreplay.c:1610
+#: plugins/sudoers/sudoreplay.c:1614
#, c-format
msgid "usage: %s [-h] [-d dir] -l [search expression]\n"
msgstr "uzado: %s [-h] [-d ujo] -l [serĉaĵo]\n"
-#: plugins/sudoers/sudoreplay.c:1619
+#: plugins/sudoers/sudoreplay.c:1623
#, c-format
msgid ""
"%s - replay sudo session logs\n"
@@ -2079,7 +2093,7 @@ msgstr ""
"%s - refari sudo-seancajn protokolojn\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1621
+#: plugins/sudoers/sudoreplay.c:1625
msgid ""
"\n"
"Options:\n"
@@ -2359,6 +2373,18 @@ msgstr ""
msgid "too many levels of includes"
msgstr "tro da niveloj de inkluzivaĵoj"
+#~ msgid "ignoring invalid attribute value: %s"
+#~ msgstr "ni preteratentas malvalidan atribut-valoron: %s"
+
+#~ msgid "unable to cache user %s, out of memory"
+#~ msgstr "ne eblas konservi uzanton %s, memoro plenplena"
+
+#~ msgid "unable to cache group %s, out of memory"
+#~ msgstr "ne eblas konservi grupon %s, memoro plenplena"
+
+#~ msgid "unable to cache group list for %s, out of memory"
+#~ msgstr "ne eblas konservi grupan liston por %s, memoro plenplena"
+
#~ msgid ""
#~ "\n"
#~ "LDAP Role: UNKNOWN\n"
diff --git a/plugins/sudoers/po/fr.mo b/plugins/sudoers/po/fr.mo
index 174a738..1cb66b9 100644
--- a/plugins/sudoers/po/fr.mo
+++ b/plugins/sudoers/po/fr.mo
Binary files differ
diff --git a/plugins/sudoers/po/fr.po b/plugins/sudoers/po/fr.po
index ae7b57e..cdbde9a 100644
--- a/plugins/sudoers/po/fr.po
+++ b/plugins/sudoers/po/fr.po
@@ -5,10 +5,10 @@
# Frédéric Marchal <fmarchal@perso.be>, 2019
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.28b1\n"
+"Project-Id-Version: sudoers 1.8.29rc1\n"
"Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n"
-"POT-Creation-Date: 2019-07-19 10:39-0600\n"
-"PO-Revision-Date: 2019-07-22 12:25+0200\n"
+"POT-Creation-Date: 2019-10-21 19:55-0600\n"
+"PO-Revision-Date: 2019-10-24 17:50+0200\n"
"Last-Translator: Frédéric Marchal <fmarchal@perso.be>\n"
"Language-Team: French <traduc@traduc.org>\n"
"Language: fr\n"
@@ -42,16 +42,16 @@ msgstr "*** Informations de sécurité pour %h ***"
msgid "Sorry, try again."
msgstr "Désolé, essayez de nouveau."
-#: gram.y:194 gram.y:242 gram.y:249 gram.y:256 gram.y:263 gram.y:270
-#: gram.y:286 gram.y:310 gram.y:317 gram.y:324 gram.y:331 gram.y:338
-#: gram.y:401 gram.y:409 gram.y:419 gram.y:452 gram.y:459 gram.y:466
-#: gram.y:473 gram.y:555 gram.y:562 gram.y:571 gram.y:580 gram.y:597
-#: gram.y:709 gram.y:716 gram.y:723 gram.y:731 gram.y:831 gram.y:838
-#: gram.y:845 gram.y:852 gram.y:859 gram.y:885 gram.y:892 gram.y:899
-#: gram.y:1022 gram.y:1296 plugins/sudoers/alias.c:132
+#: gram.y:196 gram.y:244 gram.y:251 gram.y:258 gram.y:265 gram.y:272
+#: gram.y:288 gram.y:312 gram.y:319 gram.y:326 gram.y:333 gram.y:340
+#: gram.y:403 gram.y:412 gram.y:423 gram.y:456 gram.y:463 gram.y:470
+#: gram.y:477 gram.y:559 gram.y:566 gram.y:575 gram.y:584 gram.y:601
+#: gram.y:713 gram.y:720 gram.y:727 gram.y:735 gram.y:835 gram.y:842
+#: gram.y:849 gram.y:856 gram.y:863 gram.y:889 gram.y:896 gram.y:903
+#: gram.y:1026 gram.y:1303 plugins/sudoers/alias.c:132
#: plugins/sudoers/alias.c:139 plugins/sudoers/alias.c:155
#: plugins/sudoers/auth/bsdauth.c:148 plugins/sudoers/auth/kerb5.c:123
-#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:656
+#: plugins/sudoers/auth/kerb5.c:149 plugins/sudoers/auth/pam.c:670
#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/auth/sia.c:64
#: plugins/sudoers/cvtsudoers.c:124 plugins/sudoers/cvtsudoers.c:165
#: plugins/sudoers/cvtsudoers.c:182 plugins/sudoers/cvtsudoers.c:193
@@ -65,64 +65,64 @@ msgstr "Désolé, essayez de nouveau."
#: plugins/sudoers/cvtsudoers_ldif.c:334 plugins/sudoers/cvtsudoers_ldif.c:389
#: plugins/sudoers/cvtsudoers_ldif.c:397 plugins/sudoers/cvtsudoers_ldif.c:414
#: plugins/sudoers/cvtsudoers_ldif.c:423 plugins/sudoers/cvtsudoers_ldif.c:570
-#: plugins/sudoers/defaults.c:664 plugins/sudoers/defaults.c:957
-#: plugins/sudoers/defaults.c:1128 plugins/sudoers/editor.c:72
+#: plugins/sudoers/defaults.c:666 plugins/sudoers/defaults.c:959
+#: plugins/sudoers/defaults.c:1130 plugins/sudoers/editor.c:72
#: plugins/sudoers/editor.c:90 plugins/sudoers/editor.c:101
#: plugins/sudoers/env.c:268 plugins/sudoers/filedigest.c:66
#: plugins/sudoers/filedigest.c:82 plugins/sudoers/gc.c:59
#: plugins/sudoers/group_plugin.c:138 plugins/sudoers/interfaces.c:78
-#: plugins/sudoers/iolog.c:941 plugins/sudoers/iolog_path.c:174
-#: plugins/sudoers/iolog_util.c:85 plugins/sudoers/iolog_util.c:124
-#: plugins/sudoers/iolog_util.c:133 plugins/sudoers/iolog_util.c:143
-#: plugins/sudoers/iolog_util.c:151 plugins/sudoers/iolog_util.c:155
+#: plugins/sudoers/iolog.c:943 plugins/sudoers/iolog_path.c:174
+#: plugins/sudoers/iolog_util.c:86 plugins/sudoers/iolog_util.c:125
+#: plugins/sudoers/iolog_util.c:134 plugins/sudoers/iolog_util.c:144
+#: plugins/sudoers/iolog_util.c:152 plugins/sudoers/iolog_util.c:156
#: plugins/sudoers/ldap.c:185 plugins/sudoers/ldap.c:416
#: plugins/sudoers/ldap.c:420 plugins/sudoers/ldap.c:432
#: plugins/sudoers/ldap.c:723 plugins/sudoers/ldap.c:887
-#: plugins/sudoers/ldap.c:1235 plugins/sudoers/ldap.c:1662
-#: plugins/sudoers/ldap.c:1699 plugins/sudoers/ldap.c:1780
-#: plugins/sudoers/ldap.c:1915 plugins/sudoers/ldap.c:2016
-#: plugins/sudoers/ldap.c:2032 plugins/sudoers/ldap_conf.c:223
+#: plugins/sudoers/ldap.c:1241 plugins/sudoers/ldap.c:1668
+#: plugins/sudoers/ldap.c:1705 plugins/sudoers/ldap.c:1786
+#: plugins/sudoers/ldap.c:1921 plugins/sudoers/ldap.c:2022
+#: plugins/sudoers/ldap.c:2038 plugins/sudoers/ldap_conf.c:223
#: plugins/sudoers/ldap_conf.c:254 plugins/sudoers/ldap_conf.c:306
-#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:445
-#: plugins/sudoers/ldap_conf.c:460 plugins/sudoers/ldap_conf.c:557
-#: plugins/sudoers/ldap_conf.c:590 plugins/sudoers/ldap_conf.c:682
-#: plugins/sudoers/ldap_conf.c:764 plugins/sudoers/ldap_util.c:510
-#: plugins/sudoers/ldap_util.c:566 plugins/sudoers/linux_audit.c:83
-#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:519
-#: plugins/sudoers/logging.c:545 plugins/sudoers/logging.c:586
-#: plugins/sudoers/logging.c:727 plugins/sudoers/logging.c:1087
+#: plugins/sudoers/ldap_conf.c:342 plugins/sudoers/ldap_conf.c:446
+#: plugins/sudoers/ldap_conf.c:461 plugins/sudoers/ldap_conf.c:558
+#: plugins/sudoers/ldap_conf.c:591 plugins/sudoers/ldap_conf.c:683
+#: plugins/sudoers/ldap_conf.c:765 plugins/sudoers/ldap_util.c:510
+#: plugins/sudoers/ldap_util.c:567 plugins/sudoers/linux_audit.c:83
+#: plugins/sudoers/logging.c:202 plugins/sudoers/logging.c:532
+#: plugins/sudoers/logging.c:558 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:740 plugins/sudoers/logging.c:1100
#: plugins/sudoers/match_command.c:249 plugins/sudoers/match_command.c:367
-#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:482
-#: plugins/sudoers/match_digest.c:67 plugins/sudoers/parse.c:200
+#: plugins/sudoers/match_command.c:414 plugins/sudoers/match_command.c:485
+#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:200
#: plugins/sudoers/parse.c:212 plugins/sudoers/parse.c:227
-#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:143
-#: plugins/sudoers/parse_ldif.c:170 plugins/sudoers/parse_ldif.c:239
-#: plugins/sudoers/parse_ldif.c:246 plugins/sudoers/parse_ldif.c:251
-#: plugins/sudoers/parse_ldif.c:327 plugins/sudoers/parse_ldif.c:338
-#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:369
-#: plugins/sudoers/parse_ldif.c:381 plugins/sudoers/parse_ldif.c:385
-#: plugins/sudoers/parse_ldif.c:399 plugins/sudoers/parse_ldif.c:566
-#: plugins/sudoers/parse_ldif.c:596 plugins/sudoers/parse_ldif.c:621
-#: plugins/sudoers/parse_ldif.c:681 plugins/sudoers/parse_ldif.c:700
-#: plugins/sudoers/parse_ldif.c:746 plugins/sudoers/parse_ldif.c:756
-#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:746
+#: plugins/sudoers/parse.c:239 plugins/sudoers/parse_ldif.c:156
+#: plugins/sudoers/parse_ldif.c:187 plugins/sudoers/parse_ldif.c:256
+#: plugins/sudoers/parse_ldif.c:263 plugins/sudoers/parse_ldif.c:268
+#: plugins/sudoers/parse_ldif.c:344 plugins/sudoers/parse_ldif.c:355
+#: plugins/sudoers/parse_ldif.c:361 plugins/sudoers/parse_ldif.c:386
+#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:402
+#: plugins/sudoers/parse_ldif.c:416 plugins/sudoers/parse_ldif.c:584
+#: plugins/sudoers/parse_ldif.c:614 plugins/sudoers/parse_ldif.c:639
+#: plugins/sudoers/parse_ldif.c:697 plugins/sudoers/parse_ldif.c:714
+#: plugins/sudoers/parse_ldif.c:742 plugins/sudoers/parse_ldif.c:749
+#: plugins/sudoers/policy.c:504 plugins/sudoers/policy.c:750
#: plugins/sudoers/prompt.c:100 plugins/sudoers/pwutil.c:199
-#: plugins/sudoers/pwutil.c:272 plugins/sudoers/pwutil.c:350
-#: plugins/sudoers/pwutil.c:524 plugins/sudoers/pwutil.c:590
-#: plugins/sudoers/pwutil.c:661 plugins/sudoers/pwutil.c:820
-#: plugins/sudoers/pwutil.c:878 plugins/sudoers/pwutil.c:923
-#: plugins/sudoers/pwutil.c:982 plugins/sudoers/sssd.c:154
+#: plugins/sudoers/pwutil.c:270 plugins/sudoers/pwutil.c:348
+#: plugins/sudoers/pwutil.c:522 plugins/sudoers/pwutil.c:586
+#: plugins/sudoers/pwutil.c:657 plugins/sudoers/pwutil.c:816
+#: plugins/sudoers/pwutil.c:873 plugins/sudoers/pwutil.c:917
+#: plugins/sudoers/pwutil.c:975 plugins/sudoers/sssd.c:154
#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463
#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554
-#: plugins/sudoers/sssd.c:745 plugins/sudoers/stubs.c:103
-#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:271
-#: plugins/sudoers/sudoers.c:281 plugins/sudoers/sudoers.c:290
-#: plugins/sudoers/sudoers.c:332 plugins/sudoers/sudoers.c:655
-#: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:825
-#: plugins/sudoers/sudoers.c:1119 plugins/sudoers/sudoers_debug.c:114
-#: plugins/sudoers/sudoreplay.c:581 plugins/sudoers/sudoreplay.c:584
-#: plugins/sudoers/sudoreplay.c:1261 plugins/sudoers/sudoreplay.c:1461
-#: plugins/sudoers/sudoreplay.c:1465 plugins/sudoers/testsudoers.c:136
+#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103
+#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273
+#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292
+#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657
+#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830
+#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:114
+#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587
+#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465
+#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136
#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253
#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439
#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960
@@ -136,27 +136,27 @@ msgstr "Désolé, essayez de nouveau."
msgid "unable to allocate memory"
msgstr "impossible d'allouer la mémoire"
-#: gram.y:484
+#: gram.y:488
msgid "a digest requires a path name"
msgstr "un résumé (digest) nécessite un chemin d'accès"
-#: gram.y:610
+#: gram.y:614
msgid "invalid notbefore value"
msgstr "valeur « notbefore » (pas avant) invalide"
-#: gram.y:618
+#: gram.y:622
msgid "invalid notafter value"
msgstr "valeur « notafter » (pas après) invalide"
-#: gram.y:627 plugins/sudoers/policy.c:320
+#: gram.y:631 plugins/sudoers/policy.c:320
msgid "timeout value too large"
msgstr "valeur trop grande pour le délai d'expiration"
-#: gram.y:629 plugins/sudoers/policy.c:322
+#: gram.y:633 plugins/sudoers/policy.c:322
msgid "invalid timeout value"
msgstr "valeur invalide pour le délai d'expiration"
-#: gram.y:1296 plugins/sudoers/auth/pam.c:468 plugins/sudoers/auth/pam.c:656
+#: gram.y:1303 plugins/sudoers/auth/pam.c:483 plugins/sudoers/auth/pam.c:670
#: plugins/sudoers/auth/rfc1938.c:116 plugins/sudoers/cvtsudoers.c:124
#: plugins/sudoers/cvtsudoers.c:164 plugins/sudoers/cvtsudoers.c:181
#: plugins/sudoers/cvtsudoers.c:192 plugins/sudoers/cvtsudoers.c:304
@@ -169,46 +169,46 @@ msgstr "valeur invalide pour le délai d'expiration"
#: plugins/sudoers/cvtsudoers_ldif.c:262 plugins/sudoers/cvtsudoers_ldif.c:333
#: plugins/sudoers/cvtsudoers_ldif.c:388 plugins/sudoers/cvtsudoers_ldif.c:396
#: plugins/sudoers/cvtsudoers_ldif.c:413 plugins/sudoers/cvtsudoers_ldif.c:422
-#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:664
-#: plugins/sudoers/defaults.c:957 plugins/sudoers/defaults.c:1128
+#: plugins/sudoers/cvtsudoers_ldif.c:569 plugins/sudoers/defaults.c:666
+#: plugins/sudoers/defaults.c:959 plugins/sudoers/defaults.c:1130
#: plugins/sudoers/editor.c:72 plugins/sudoers/editor.c:90
#: plugins/sudoers/editor.c:101 plugins/sudoers/env.c:268
#: plugins/sudoers/filedigest.c:66 plugins/sudoers/filedigest.c:82
#: plugins/sudoers/gc.c:59 plugins/sudoers/group_plugin.c:138
-#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:941
-#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:85
-#: plugins/sudoers/iolog_util.c:124 plugins/sudoers/iolog_util.c:133
-#: plugins/sudoers/iolog_util.c:143 plugins/sudoers/iolog_util.c:151
-#: plugins/sudoers/iolog_util.c:155 plugins/sudoers/ldap.c:185
+#: plugins/sudoers/interfaces.c:78 plugins/sudoers/iolog.c:943
+#: plugins/sudoers/iolog_path.c:174 plugins/sudoers/iolog_util.c:86
+#: plugins/sudoers/iolog_util.c:125 plugins/sudoers/iolog_util.c:134
+#: plugins/sudoers/iolog_util.c:144 plugins/sudoers/iolog_util.c:152
+#: plugins/sudoers/iolog_util.c:156 plugins/sudoers/ldap.c:185
#: plugins/sudoers/ldap.c:416 plugins/sudoers/ldap.c:420
#: plugins/sudoers/ldap.c:432 plugins/sudoers/ldap.c:723
-#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1235
-#: plugins/sudoers/ldap.c:1662 plugins/sudoers/ldap.c:1699
-#: plugins/sudoers/ldap.c:1780 plugins/sudoers/ldap.c:1915
-#: plugins/sudoers/ldap.c:2016 plugins/sudoers/ldap.c:2032
+#: plugins/sudoers/ldap.c:887 plugins/sudoers/ldap.c:1241
+#: plugins/sudoers/ldap.c:1668 plugins/sudoers/ldap.c:1705
+#: plugins/sudoers/ldap.c:1786 plugins/sudoers/ldap.c:1921
+#: plugins/sudoers/ldap.c:2022 plugins/sudoers/ldap.c:2038
#: plugins/sudoers/ldap_conf.c:223 plugins/sudoers/ldap_conf.c:254
#: plugins/sudoers/ldap_conf.c:306 plugins/sudoers/ldap_conf.c:342
-#: plugins/sudoers/ldap_conf.c:445 plugins/sudoers/ldap_conf.c:460
-#: plugins/sudoers/ldap_conf.c:557 plugins/sudoers/ldap_conf.c:590
-#: plugins/sudoers/ldap_conf.c:681 plugins/sudoers/ldap_conf.c:764
-#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:566
+#: plugins/sudoers/ldap_conf.c:446 plugins/sudoers/ldap_conf.c:461
+#: plugins/sudoers/ldap_conf.c:558 plugins/sudoers/ldap_conf.c:591
+#: plugins/sudoers/ldap_conf.c:682 plugins/sudoers/ldap_conf.c:765
+#: plugins/sudoers/ldap_util.c:510 plugins/sudoers/ldap_util.c:567
#: plugins/sudoers/linux_audit.c:83 plugins/sudoers/logging.c:202
-#: plugins/sudoers/logging.c:519 plugins/sudoers/logging.c:545
-#: plugins/sudoers/logging.c:585 plugins/sudoers/logging.c:1087
+#: plugins/sudoers/logging.c:532 plugins/sudoers/logging.c:558
+#: plugins/sudoers/logging.c:598 plugins/sudoers/logging.c:1100
#: plugins/sudoers/match_command.c:248 plugins/sudoers/match_command.c:366
-#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:482
-#: plugins/sudoers/match_digest.c:67 plugins/sudoers/parse.c:199
+#: plugins/sudoers/match_command.c:413 plugins/sudoers/match_command.c:485
+#: plugins/sudoers/match_digest.c:70 plugins/sudoers/parse.c:199
#: plugins/sudoers/parse.c:211 plugins/sudoers/parse.c:226
-#: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:142
-#: plugins/sudoers/parse_ldif.c:169 plugins/sudoers/parse_ldif.c:238
-#: plugins/sudoers/parse_ldif.c:245 plugins/sudoers/parse_ldif.c:250
-#: plugins/sudoers/parse_ldif.c:326 plugins/sudoers/parse_ldif.c:337
-#: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:368
-#: plugins/sudoers/parse_ldif.c:380 plugins/sudoers/parse_ldif.c:384
-#: plugins/sudoers/parse_ldif.c:398 plugins/sudoers/parse_ldif.c:566
-#: plugins/sudoers/parse_ldif.c:595 plugins/sudoers/parse_ldif.c:620
-#: plugins/sudoers/parse_ldif.c:680 plugins/sudoers/parse_ldif.c:699
-#: plugins/sudoers/parse_ldif.c:745 plugins/sudoers/parse_ldif.c:755
+#: plugins/sudoers/parse.c:238 plugins/sudoers/parse_ldif.c:155
+#: plugins/sudoers/parse_ldif.c:186 plugins/sudoers/parse_ldif.c:255
+#: plugins/sudoers/parse_ldif.c:262 plugins/sudoers/parse_ldif.c:267
+#: plugins/sudoers/parse_ldif.c:343 plugins/sudoers/parse_ldif.c:354
+#: plugins/sudoers/parse_ldif.c:360 plugins/sudoers/parse_ldif.c:385
+#: plugins/sudoers/parse_ldif.c:397 plugins/sudoers/parse_ldif.c:401
+#: plugins/sudoers/parse_ldif.c:415 plugins/sudoers/parse_ldif.c:584
+#: plugins/sudoers/parse_ldif.c:613 plugins/sudoers/parse_ldif.c:638
+#: plugins/sudoers/parse_ldif.c:696 plugins/sudoers/parse_ldif.c:713
+#: plugins/sudoers/parse_ldif.c:741 plugins/sudoers/parse_ldif.c:748
#: plugins/sudoers/policy.c:134 plugins/sudoers/policy.c:143
#: plugins/sudoers/policy.c:152 plugins/sudoers/policy.c:178
#: plugins/sudoers/policy.c:305 plugins/sudoers/policy.c:320
@@ -216,26 +216,26 @@ msgstr "valeur invalide pour le délai d'expiration"
#: plugins/sudoers/policy.c:358 plugins/sudoers/policy.c:402
#: plugins/sudoers/policy.c:412 plugins/sudoers/policy.c:421
#: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:504
-#: plugins/sudoers/policy.c:746 plugins/sudoers/prompt.c:100
-#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:272
-#: plugins/sudoers/pwutil.c:350 plugins/sudoers/pwutil.c:524
-#: plugins/sudoers/pwutil.c:590 plugins/sudoers/pwutil.c:661
-#: plugins/sudoers/pwutil.c:820 plugins/sudoers/pwutil.c:878
-#: plugins/sudoers/pwutil.c:923 plugins/sudoers/pwutil.c:982
+#: plugins/sudoers/policy.c:750 plugins/sudoers/prompt.c:100
+#: plugins/sudoers/pwutil.c:199 plugins/sudoers/pwutil.c:270
+#: plugins/sudoers/pwutil.c:348 plugins/sudoers/pwutil.c:522
+#: plugins/sudoers/pwutil.c:586 plugins/sudoers/pwutil.c:657
+#: plugins/sudoers/pwutil.c:816 plugins/sudoers/pwutil.c:873
+#: plugins/sudoers/pwutil.c:917 plugins/sudoers/pwutil.c:975
#: plugins/sudoers/set_perms.c:396 plugins/sudoers/set_perms.c:775
#: plugins/sudoers/set_perms.c:1165 plugins/sudoers/set_perms.c:1493
#: plugins/sudoers/set_perms.c:1659 plugins/sudoers/sssd.c:153
#: plugins/sudoers/sssd.c:400 plugins/sudoers/sssd.c:463
#: plugins/sudoers/sssd.c:507 plugins/sudoers/sssd.c:554
-#: plugins/sudoers/sssd.c:745 plugins/sudoers/stubs.c:103
-#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:271
-#: plugins/sudoers/sudoers.c:281 plugins/sudoers/sudoers.c:290
-#: plugins/sudoers/sudoers.c:332 plugins/sudoers/sudoers.c:655
-#: plugins/sudoers/sudoers.c:781 plugins/sudoers/sudoers.c:825
-#: plugins/sudoers/sudoers.c:1119 plugins/sudoers/sudoers_debug.c:113
-#: plugins/sudoers/sudoreplay.c:581 plugins/sudoers/sudoreplay.c:584
-#: plugins/sudoers/sudoreplay.c:1261 plugins/sudoers/sudoreplay.c:1461
-#: plugins/sudoers/sudoreplay.c:1465 plugins/sudoers/testsudoers.c:136
+#: plugins/sudoers/sssd.c:746 plugins/sudoers/stubs.c:103
+#: plugins/sudoers/stubs.c:111 plugins/sudoers/sudoers.c:273
+#: plugins/sudoers/sudoers.c:283 plugins/sudoers/sudoers.c:292
+#: plugins/sudoers/sudoers.c:334 plugins/sudoers/sudoers.c:657
+#: plugins/sudoers/sudoers.c:786 plugins/sudoers/sudoers.c:830
+#: plugins/sudoers/sudoers.c:1124 plugins/sudoers/sudoers_debug.c:113
+#: plugins/sudoers/sudoreplay.c:584 plugins/sudoers/sudoreplay.c:587
+#: plugins/sudoers/sudoreplay.c:1265 plugins/sudoers/sudoreplay.c:1465
+#: plugins/sudoers/sudoreplay.c:1469 plugins/sudoers/testsudoers.c:136
#: plugins/sudoers/testsudoers.c:236 plugins/sudoers/testsudoers.c:253
#: plugins/sudoers/testsudoers.c:587 plugins/sudoers/timestamp.c:439
#: plugins/sudoers/timestamp.c:483 plugins/sudoers/timestamp.c:960
@@ -255,11 +255,11 @@ msgstr "%s : %s"
msgid "Alias \"%s\" already defined"
msgstr "L'alias « %s » est déjà défini"
-#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:788
+#: plugins/sudoers/auth/aix_auth.c:203 plugins/sudoers/logging.c:801
msgid "unable to fork"
msgstr "création du processus fils impossible"
-#: plugins/sudoers/auth/aix_auth.c:281
+#: plugins/sudoers/auth/aix_auth.c:283
#, c-format
msgid "unable to change password for %s"
msgstr "changement du mot de passe impossible pour %s"
@@ -356,37 +356,38 @@ msgstr "%s : récupération de l'identité kerberos de l'hôte (« host princi
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s : vérification du ticket TGT impossible ! Il s'agit peut-être d'une attaque ! : %s"
-#: plugins/sudoers/auth/pam.c:200
-msgid "unable to initialize PAM"
-msgstr "initialisation du module PAM impossible"
+#: plugins/sudoers/auth/pam.c:223
+#, c-format
+msgid "unable to initialize PAM: %s"
+msgstr "initialisation du module PAM impossible : %s"
-#: plugins/sudoers/auth/pam.c:299
+#: plugins/sudoers/auth/pam.c:319
#, c-format
msgid "PAM authentication error: %s"
msgstr "Erreur du serveur d'authentification PAM : %s"
-#: plugins/sudoers/auth/pam.c:318
+#: plugins/sudoers/auth/pam.c:338
msgid "account validation failure, is your account locked?"
msgstr "la validation du compte a échoué, votre compte serait-il verrouillé ?"
-#: plugins/sudoers/auth/pam.c:329
+#: plugins/sudoers/auth/pam.c:349
msgid "Account or password is expired, reset your password and try again"
msgstr "Le compte ou le mot de passe a expiré, réinitialisez votre mot de passe puis réessayez de vous connecter"
-#: plugins/sudoers/auth/pam.c:337
+#: plugins/sudoers/auth/pam.c:355
#, c-format
msgid "unable to change expired password: %s"
msgstr "changement du mot de passe expiré impossible : %s"
-#: plugins/sudoers/auth/pam.c:348
+#: plugins/sudoers/auth/pam.c:366
msgid "Password expired, contact your system administrator"
msgstr "Le mot de passe a expiré, contactez votre administrateur système"
-#: plugins/sudoers/auth/pam.c:353
+#: plugins/sudoers/auth/pam.c:371
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Le compte a expiré, ou la section « account » du module PAM n'est pas renseignée pour sudo, contactez votre administrateur système"
-#: plugins/sudoers/auth/pam.c:361 plugins/sudoers/auth/pam.c:367
+#: plugins/sudoers/auth/pam.c:379 plugins/sudoers/auth/pam.c:384
#, c-format
msgid "PAM account management error: %s"
msgstr "Erreur de gestion du compte PAM : %s"
@@ -485,14 +486,14 @@ msgstr ""
"\n"
#: plugins/sudoers/check.c:312 plugins/sudoers/check.c:322
-#: plugins/sudoers/sudoers.c:698 plugins/sudoers/sudoers.c:743
+#: plugins/sudoers/sudoers.c:700 plugins/sudoers/sudoers.c:748
#: plugins/sudoers/tsdump.c:126
#, c-format
msgid "unknown uid: %u"
msgstr "identifiant utilisateur inconnu : %u"
#: plugins/sudoers/check.c:317 plugins/sudoers/iolog.c:255
-#: plugins/sudoers/policy.c:917 plugins/sudoers/sudoers.c:1158
+#: plugins/sudoers/policy.c:921 plugins/sudoers/sudoers.c:1163
#: plugins/sudoers/testsudoers.c:227 plugins/sudoers/testsudoers.c:400
#, c-format
msgid "unknown user: %s"
@@ -539,13 +540,13 @@ msgstr "format de sortie %s non supporté"
msgid "%s: input and output files must be different"
msgstr "%s : les fichiers d'entrée et de sortie doivent être différents"
-#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:174
+#: plugins/sudoers/cvtsudoers.c:335 plugins/sudoers/sudoers.c:176
#: plugins/sudoers/testsudoers.c:266 plugins/sudoers/visudo.c:254
#: plugins/sudoers/visudo.c:610 plugins/sudoers/visudo.c:933
msgid "unable to initialize sudoers default values"
msgstr "initialisation des valeurs par défaut de sudoers impossible"
-#: plugins/sudoers/cvtsudoers.c:421 plugins/sudoers/ldap_conf.c:435
+#: plugins/sudoers/cvtsudoers.c:421 plugins/sudoers/ldap_conf.c:436
#, c-format
msgid "%s: %s: %s: %s"
msgstr "%s : %s : %s : %s"
@@ -573,8 +574,8 @@ msgstr "filtre invalide : %s"
#: plugins/sudoers/cvtsudoers.c:622 plugins/sudoers/cvtsudoers.c:639
#: plugins/sudoers/cvtsudoers.c:1245 plugins/sudoers/cvtsudoers_json.c:1130
#: plugins/sudoers/cvtsudoers_ldif.c:643 plugins/sudoers/iolog.c:413
-#: plugins/sudoers/iolog_util.c:74 plugins/sudoers/sudoers.c:909
-#: plugins/sudoers/sudoreplay.c:335 plugins/sudoers/sudoreplay.c:1427
+#: plugins/sudoers/iolog_util.c:75 plugins/sudoers/sudoers.c:914
+#: plugins/sudoers/sudoreplay.c:338 plugins/sudoers/sudoreplay.c:1431
#: plugins/sudoers/timestamp.c:448 plugins/sudoers/tsdump.c:135
#: plugins/sudoers/visudo.c:929
#, c-format
@@ -597,7 +598,7 @@ msgid "parse error in %s\n"
msgstr "erreur lors de l'analyse grammaticale de %s\n"
#: plugins/sudoers/cvtsudoers.c:1292 plugins/sudoers/iolog.c:500
-#: plugins/sudoers/sudoreplay.c:1131 plugins/sudoers/timestamp.c:332
+#: plugins/sudoers/sudoreplay.c:1135 plugins/sudoers/timestamp.c:332
#: plugins/sudoers/timestamp.c:335
#, c-format
msgid "unable to write to %s"
@@ -675,11 +676,11 @@ msgstr "impossible de formater l'horodatage"
#: plugins/sudoers/cvtsudoers_ldif.c:526 plugins/sudoers/env.c:330
#: plugins/sudoers/env.c:337 plugins/sudoers/env.c:442
#: plugins/sudoers/ldap.c:496 plugins/sudoers/ldap.c:727
-#: plugins/sudoers/ldap.c:1054 plugins/sudoers/ldap_conf.c:227
+#: plugins/sudoers/ldap.c:1060 plugins/sudoers/ldap_conf.c:227
#: plugins/sudoers/ldap_conf.c:317 plugins/sudoers/linux_audit.c:89
-#: plugins/sudoers/logging.c:1092 plugins/sudoers/policy.c:625
+#: plugins/sudoers/logging.c:1105 plugins/sudoers/policy.c:625
#: plugins/sudoers/policy.c:635 plugins/sudoers/prompt.c:168
-#: plugins/sudoers/sudoers.c:847 plugins/sudoers/testsudoers.c:257
+#: plugins/sudoers/sudoers.c:852 plugins/sudoers/testsudoers.c:257
#: plugins/sudoers/toke_util.c:161
#, c-format
msgid "internal error, %s overflow"
@@ -1202,6 +1203,14 @@ msgstr "Ignorer la casse lors de la correspondance des noms d'utilisateurs"
msgid "Ignore case when matching group names"
msgstr "Ignorer la casse lors de la correspondance des noms de groupes"
+#: plugins/sudoers/def_data.c:502
+msgid "Log when a command is allowed by sudoers"
+msgstr "Écrire dans le journal lorsqu'une commande est autorisée par sudoers"
+
+#: plugins/sudoers/def_data.c:506
+msgid "Log when a command is denied by sudoers"
+msgstr "Écrire dans le journal lorsqu'une commande est interdite par sudoers"
+
#: plugins/sudoers/defaults.c:231
#, c-format
msgid "%s:%d unknown defaults entry \"%s\""
@@ -1305,7 +1314,7 @@ msgstr "%s doit appartenir à l'utilisateur (uid) %d"
msgid "%s must only be writable by owner"
msgstr "seul le propriétaire doit avoir le droit en écriture sur %s"
-#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:563
+#: plugins/sudoers/group_plugin.c:102 plugins/sudoers/sssd.c:562
#, c-format
msgid "unable to load %s: %s"
msgstr "chargement de %s impossible : %s"
@@ -1351,67 +1360,67 @@ msgstr "création du répertoire (mkdir) %s impossible"
msgid "unable to change mode of %s to 0%o"
msgstr "impossible de changer le mode de %s pour lui affecter 0%o"
-#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1189
+#: plugins/sudoers/iolog.c:294 plugins/sudoers/sudoers.c:1194
#: plugins/sudoers/testsudoers.c:424
#, c-format
msgid "unknown group: %s"
msgstr "groupe inconnu : %s"
-#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:913
-#: plugins/sudoers/sudoreplay.c:842 plugins/sudoers/sudoreplay.c:1538
+#: plugins/sudoers/iolog.c:464 plugins/sudoers/sudoers.c:918
+#: plugins/sudoers/sudoreplay.c:846 plugins/sudoers/sudoreplay.c:1542
#: plugins/sudoers/tsdump.c:145
#, c-format
msgid "unable to read %s"
msgstr "lecture de %s impossible"
-#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:799
+#: plugins/sudoers/iolog.c:579 plugins/sudoers/iolog.c:801
#, c-format
msgid "unable to create %s"
msgstr "création de %s impossible"
-#: plugins/sudoers/iolog.c:822 plugins/sudoers/iolog.c:1037
-#: plugins/sudoers/iolog.c:1113 plugins/sudoers/iolog.c:1207
-#: plugins/sudoers/iolog.c:1267
+#: plugins/sudoers/iolog.c:824 plugins/sudoers/iolog.c:1039
+#: plugins/sudoers/iolog.c:1115 plugins/sudoers/iolog.c:1209
+#: plugins/sudoers/iolog.c:1270
#, c-format
msgid "unable to write to I/O log file: %s"
msgstr "impossible d'écrire dans le journal des E/S : %s"
-#: plugins/sudoers/iolog.c:1071
+#: plugins/sudoers/iolog.c:1073
#, c-format
msgid "%s: internal error, I/O log file for event %d not open"
msgstr "%s: erreur interne, le fichier journal des E/S pour l'événement %d n'est pas ouvert"
-#: plugins/sudoers/iolog.c:1230
+#: plugins/sudoers/iolog.c:1233
#, c-format
msgid "%s: internal error, invalid signal %d"
msgstr "%s: erreur interne, signal %d invalide"
-#: plugins/sudoers/iolog_util.c:89
+#: plugins/sudoers/iolog_util.c:90
#, c-format
msgid "%s: invalid log file"
msgstr "%s: fichier de journalisation incorrect"
-#: plugins/sudoers/iolog_util.c:107
+#: plugins/sudoers/iolog_util.c:108
#, c-format
msgid "%s: time stamp field is missing"
msgstr "%s: il manque le champ d'horodatage"
-#: plugins/sudoers/iolog_util.c:113
+#: plugins/sudoers/iolog_util.c:114
#, c-format
msgid "%s: time stamp %s: %s"
msgstr "%s: horodatage %s : %s"
-#: plugins/sudoers/iolog_util.c:120
+#: plugins/sudoers/iolog_util.c:121
#, c-format
msgid "%s: user field is missing"
msgstr "%s: il manque le champ utilisateur"
-#: plugins/sudoers/iolog_util.c:129
+#: plugins/sudoers/iolog_util.c:130
#, c-format
msgid "%s: runas user field is missing"
msgstr "%s: il manque le champ précisant l'utilisateur effectif (runas)"
-#: plugins/sudoers/iolog_util.c:138
+#: plugins/sudoers/iolog_util.c:139
#, c-format
msgid "%s: runas group field is missing"
msgstr "%s: il manque le champ précisant le groupe effectif (runas)"
@@ -1430,16 +1439,16 @@ msgstr "impossible d'initialiser le certificat SSL et la base de clés : %s"
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "TLS_CERT doit être défini dans %s pour pouvoir utiliser SSL"
-#: plugins/sudoers/ldap.c:1614
+#: plugins/sudoers/ldap.c:1620
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "initialisation de LDAP impossible : %s"
-#: plugins/sudoers/ldap.c:1650
+#: plugins/sudoers/ldap.c:1656
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls est spécifié mais les bibliothèques LDAP ne gèrent pas ldap_start_tls_s() ou ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:1787 plugins/sudoers/parse_ldif.c:737
+#: plugins/sudoers/ldap.c:1793 plugins/sudoers/parse_ldif.c:734
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "attribut sudoOrder invalide : %s"
@@ -1495,55 +1504,55 @@ msgstr "verrouillage du fichier de journalisation impossible : %s"
msgid "unable to write log file: %s"
msgstr "impossible d'écrire le fichier journal : %s"
-#: plugins/sudoers/logging.c:247
+#: plugins/sudoers/logging.c:248
msgid "No user or host"
msgstr "Pas d'utilisateur ou d'hôte"
-#: plugins/sudoers/logging.c:249
+#: plugins/sudoers/logging.c:250
msgid "validation failure"
msgstr "échec de la validation"
-#: plugins/sudoers/logging.c:256
+#: plugins/sudoers/logging.c:261
msgid "user NOT in sudoers"
msgstr "l'utilisateur n'apparaît PAS dans sudoers"
-#: plugins/sudoers/logging.c:258
+#: plugins/sudoers/logging.c:263
msgid "user NOT authorized on host"
msgstr "l'utilisateur n'est PAS autorisé sur cet hôte"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:265
msgid "command not allowed"
msgstr "commande non autorisée"
-#: plugins/sudoers/logging.c:295
+#: plugins/sudoers/logging.c:301
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s n'apparaît pas dans le fichier sudoers. Cet incident sera signalé.\n"
-#: plugins/sudoers/logging.c:298
+#: plugins/sudoers/logging.c:304
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s n'est pas autorisé à exécuter sudo sur %s. Cet incident sera signalé.\n"
-#: plugins/sudoers/logging.c:302
+#: plugins/sudoers/logging.c:308
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Désolé, l'utilisateur %s ne peut pas utiliser sudo sur %s.\n"
-#: plugins/sudoers/logging.c:305
+#: plugins/sudoers/logging.c:311
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Désolé, l'utilisateur %s n'est pas autorisé à exécuter « %s%s%s » en tant que %s%s%s sur %s.\n"
-#: plugins/sudoers/logging.c:342 plugins/sudoers/sudoers.c:440
-#: plugins/sudoers/sudoers.c:442 plugins/sudoers/sudoers.c:444
-#: plugins/sudoers/sudoers.c:446 plugins/sudoers/sudoers.c:601
-#: plugins/sudoers/sudoers.c:603
+#: plugins/sudoers/logging.c:348 plugins/sudoers/sudoers.c:442
+#: plugins/sudoers/sudoers.c:444 plugins/sudoers/sudoers.c:446
+#: plugins/sudoers/sudoers.c:448 plugins/sudoers/sudoers.c:603
+#: plugins/sudoers/sudoers.c:605
#, c-format
msgid "%s: command not found"
msgstr "%s : commande introuvable"
-#: plugins/sudoers/logging.c:344 plugins/sudoers/sudoers.c:436
+#: plugins/sudoers/logging.c:350 plugins/sudoers/sudoers.c:438
#, c-format
msgid ""
"ignoring \"%s\" found in '.'\n"
@@ -1552,47 +1561,47 @@ msgstr ""
"« %s » trouvé dans « . » n'a pas été exécuté\n"
"Utilisez « sudo ./%s » si c'est bien la version de « %s » que vous souhaitez exécuter."
-#: plugins/sudoers/logging.c:361
+#: plugins/sudoers/logging.c:367
msgid "authentication failure"
msgstr "échec de l'authentification"
-#: plugins/sudoers/logging.c:387
+#: plugins/sudoers/logging.c:393
msgid "a password is required"
msgstr "il est nécessaire de saisir un mot de passe"
-#: plugins/sudoers/logging.c:450
+#: plugins/sudoers/logging.c:463
#, c-format
msgid "%u incorrect password attempt"
msgid_plural "%u incorrect password attempts"
msgstr[0] "%u saisie de mot de passe incorrecte"
msgstr[1] "%u saisies de mots de passe incorrectes"
-#: plugins/sudoers/logging.c:715
+#: plugins/sudoers/logging.c:728
#, c-format
msgid "unable to dup stdin: %m"
msgstr "duplication (dup) de stdin impossible : %m"
-#: plugins/sudoers/logging.c:755
+#: plugins/sudoers/logging.c:768
#, c-format
msgid "unable to execute %s: %m"
msgstr "exécution de %s impossible : %m"
-#: plugins/sudoers/logging.c:796 plugins/sudoers/logging.c:852
+#: plugins/sudoers/logging.c:809 plugins/sudoers/logging.c:865
#, c-format
msgid "unable to fork: %m"
msgstr "création du processus fils impossible : %m"
-#: plugins/sudoers/logging.c:842
+#: plugins/sudoers/logging.c:855
#, c-format
msgid "unable to open pipe: %m"
msgstr "ouverture du tube impossible : %m"
-#: plugins/sudoers/match_digest.c:100
+#: plugins/sudoers/match_digest.c:103
#, c-format
msgid "digest for %s (%s) is not in %s form"
msgstr "le résume (digest) de %s (%s) n'est pas dans le forme %s"
-#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:938
+#: plugins/sudoers/mkdir_parents.c:77 plugins/sudoers/sudoers.c:943
#: plugins/sudoers/visudo.c:437 plugins/sudoers/visudo.c:733
#, c-format
msgid "unable to stat %s"
@@ -1631,41 +1640,41 @@ msgstr " RunAsGroups : "
msgid " Options: "
msgstr " Options : "
-#: plugins/sudoers/parse.c:535
+#: plugins/sudoers/parse.c:529
#, c-format
msgid " Commands:\n"
msgstr " Commandes :\n"
-#: plugins/sudoers/parse.c:726
+#: plugins/sudoers/parse.c:720
#, c-format
msgid "Matching Defaults entries for %s on %s:\n"
msgstr "Entrées Defaults correspondant pour %s sur %s :\n"
-#: plugins/sudoers/parse.c:744
+#: plugins/sudoers/parse.c:738
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Paramètres par défaut de runas ou spécifiques aux commandes pour %s :\n"
-#: plugins/sudoers/parse.c:762
+#: plugins/sudoers/parse.c:756
#, c-format
msgid "User %s may run the following commands on %s:\n"
msgstr "L'utilisateur %s peut utiliser les commandes suivantes sur %s :\n"
-#: plugins/sudoers/parse.c:777
+#: plugins/sudoers/parse.c:771
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "L'utilisateur %s n'est pas autorisé à exécuter sudo sur %s.\n"
-#: plugins/sudoers/parse_ldif.c:147
-#, c-format
-msgid "ignoring invalid attribute value: %s"
-msgstr "la valeur d'attribut invalide est ignorée : %s"
-
-#: plugins/sudoers/parse_ldif.c:586
+#: plugins/sudoers/parse_ldif.c:604
#, c-format
msgid "ignoring incomplete sudoRole: cn: %s"
msgstr "le sudoRole incomplet est ignoré : cn : %s"
+#: plugins/sudoers/parse_ldif.c:664
+#, c-format
+msgid "invalid LDIF attribute: %s"
+msgstr "attribut LDIF invalide : %s"
+
#: plugins/sudoers/policy.c:90 plugins/sudoers/policy.c:116
#, c-format
msgid "invalid %.*s set by sudo front-end"
@@ -1680,34 +1689,34 @@ msgid "user name not set by sudo front-end"
msgstr "nom d'utilisateur pas défini par l'interface utilisateur de sudo"
#: plugins/sudoers/policy.c:443
-msgid "user ID not set by sudo front-end"
+msgid "user-ID not set by sudo front-end"
msgstr "ID utilisateur pas défini par l'interface utilisateur de sudo"
#: plugins/sudoers/policy.c:447
-msgid "group ID not set by sudo front-end"
+msgid "group-ID not set by sudo front-end"
msgstr "ID de groupe pas défini par l'interface utilisateur de sudo"
#: plugins/sudoers/policy.c:451
msgid "host name not set by sudo front-end"
msgstr "nom d'hôte pas défini par l'interface utilisateur de sudo"
-#: plugins/sudoers/policy.c:804 plugins/sudoers/visudo.c:236
+#: plugins/sudoers/policy.c:808 plugins/sudoers/visudo.c:236
#: plugins/sudoers/visudo.c:867
#, c-format
msgid "unable to execute %s"
msgstr "exécution de %s impossible"
-#: plugins/sudoers/policy.c:935
+#: plugins/sudoers/policy.c:939
#, c-format
msgid "Sudoers policy plugin version %s\n"
msgstr "La version du greffon de politique de sudoers est %s\n"
-#: plugins/sudoers/policy.c:937
+#: plugins/sudoers/policy.c:941
#, c-format
msgid "Sudoers file grammar version %d\n"
msgstr "La version de la grammaire du fichier sudoers est %d\n"
-#: plugins/sudoers/policy.c:941
+#: plugins/sudoers/policy.c:945
#, c-format
msgid ""
"\n"
@@ -1716,86 +1725,86 @@ msgstr ""
"\n"
"Chemin d'accès à sudoers : %s\n"
-#: plugins/sudoers/policy.c:944
+#: plugins/sudoers/policy.c:948
#, c-format
msgid "nsswitch path: %s\n"
msgstr "chemin d'accès à nsswitch : %s\n"
-#: plugins/sudoers/policy.c:946
+#: plugins/sudoers/policy.c:950
#, c-format
msgid "ldap.conf path: %s\n"
msgstr "chemin d'accès à ldap.conf : %s\n"
-#: plugins/sudoers/policy.c:947
+#: plugins/sudoers/policy.c:951
#, c-format
msgid "ldap.secret path: %s\n"
msgstr "chemin d'accès à ldap.secret : %s\n"
-#: plugins/sudoers/policy.c:980
+#: plugins/sudoers/policy.c:984
#, c-format
msgid "unable to register hook of type %d (version %d.%d)"
msgstr "activation d'un point d'ancrage de type %d (version %d.%d) impossible"
-#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:241
+#: plugins/sudoers/pwutil.c:222 plugins/sudoers/pwutil.c:240
#, c-format
-msgid "unable to cache uid %u, out of memory"
-msgstr "enregistrement de l'uid %u dans le cache impossible, mémoire insuffisante"
+msgid "unable to cache uid %u"
+msgstr "enregistrement de l'uid %u dans le cache impossible"
-#: plugins/sudoers/pwutil.c:235
+#: plugins/sudoers/pwutil.c:234
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "enregistrement de l'uid %u dans le cache impossible, l'entrée existe déjà"
-#: plugins/sudoers/pwutil.c:296 plugins/sudoers/pwutil.c:314
-#: plugins/sudoers/pwutil.c:377 plugins/sudoers/pwutil.c:422
+#: plugins/sudoers/pwutil.c:294 plugins/sudoers/pwutil.c:312
+#: plugins/sudoers/pwutil.c:375 plugins/sudoers/pwutil.c:420
#, c-format
-msgid "unable to cache user %s, out of memory"
-msgstr "enregistrement des informations de l'utilisateur %s dans le cache impossible, mémoire insuffisante"
+msgid "unable to cache user %s"
+msgstr "impossible d'écrire l'utilisateur %s dans la cache"
-#: plugins/sudoers/pwutil.c:309
+#: plugins/sudoers/pwutil.c:307
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "enregistrement des informations de l'utilisateur %s dans le cache impossible, l'entrée existe déjà"
-#: plugins/sudoers/pwutil.c:541 plugins/sudoers/pwutil.c:560
+#: plugins/sudoers/pwutil.c:539 plugins/sudoers/pwutil.c:557
#, c-format
-msgid "unable to cache gid %u, out of memory"
-msgstr "enregistrement du gid %u dans le cache impossible, mémoire insuffisante"
+msgid "unable to cache gid %u"
+msgstr "enregistrement du gid %u dans le cache impossible"
-#: plugins/sudoers/pwutil.c:554
+#: plugins/sudoers/pwutil.c:551
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "enregistrement du gid %u dans le cache impossible, l'entrée existe déjà"
-#: plugins/sudoers/pwutil.c:608 plugins/sudoers/pwutil.c:626
-#: plugins/sudoers/pwutil.c:674 plugins/sudoers/pwutil.c:716
+#: plugins/sudoers/pwutil.c:604 plugins/sudoers/pwutil.c:622
+#: plugins/sudoers/pwutil.c:670 plugins/sudoers/pwutil.c:712
#, c-format
-msgid "unable to cache group %s, out of memory"
-msgstr "enregistrement du groupe %s dans le cache impossible, mémoire insuffisante"
+msgid "unable to cache group %s"
+msgstr "impossible d'écrire le groupe %s dans la cache"
-#: plugins/sudoers/pwutil.c:621
+#: plugins/sudoers/pwutil.c:617
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "enregistrement du groupe %s dans le cache impossible, l'entrée existe déjà"
-#: plugins/sudoers/pwutil.c:843 plugins/sudoers/pwutil.c:896
-#: plugins/sudoers/pwutil.c:947 plugins/sudoers/pwutil.c:1001
+#: plugins/sudoers/pwutil.c:839 plugins/sudoers/pwutil.c:891
+#: plugins/sudoers/pwutil.c:941 plugins/sudoers/pwutil.c:994
#, c-format
msgid "unable to cache group list for %s, already exists"
msgstr "enregistrement de la liste de groupe %s dans le cache impossible, l'entrée existe déjà"
-#: plugins/sudoers/pwutil.c:849 plugins/sudoers/pwutil.c:901
-#: plugins/sudoers/pwutil.c:953 plugins/sudoers/pwutil.c:1006
+#: plugins/sudoers/pwutil.c:845 plugins/sudoers/pwutil.c:896
+#: plugins/sudoers/pwutil.c:947 plugins/sudoers/pwutil.c:999
#, c-format
-msgid "unable to cache group list for %s, out of memory"
-msgstr "enregistrement de la liste de groupe %s dans le cache impossible, mémoire insuffisante"
+msgid "unable to cache group list for %s"
+msgstr "impossible d'écrire la liste de groupes dans la cache pour %s"
-#: plugins/sudoers/pwutil.c:890
+#: plugins/sudoers/pwutil.c:885
#, c-format
msgid "unable to parse groups for %s"
msgstr "impossible d'analyser les groupes pour %s"
-#: plugins/sudoers/pwutil.c:995
+#: plugins/sudoers/pwutil.c:988
#, c-format
msgid "unable to parse gids for %s"
msgstr "impossible d'analyser les gids pour %s"
@@ -1863,93 +1872,93 @@ msgstr "le chemin d'accès à l'audit argv[0] a été tronqué : %s"
msgid "audit_failure message too long"
msgstr "le message audit_failure est trop long"
-#: plugins/sudoers/sssd.c:565
+#: plugins/sudoers/sssd.c:564
msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr "initialisation de la source SSS impossible. SSSD est-il installé sur cette machine ?"
-#: plugins/sudoers/sssd.c:573 plugins/sudoers/sssd.c:582
-#: plugins/sudoers/sssd.c:591 plugins/sudoers/sssd.c:600
-#: plugins/sudoers/sssd.c:609
+#: plugins/sudoers/sssd.c:572 plugins/sudoers/sssd.c:581
+#: plugins/sudoers/sssd.c:590 plugins/sudoers/sssd.c:599
+#: plugins/sudoers/sssd.c:608
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "Le symbole « %s » est introuvable dans %s"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:866
+#: plugins/sudoers/sudoers.c:212 plugins/sudoers/sudoers.c:871
msgid "problem with defaults entries"
msgstr "les entrées par défaut posent un problème"
-#: plugins/sudoers/sudoers.c:214
+#: plugins/sudoers/sudoers.c:216
msgid "no valid sudoers sources found, quitting"
msgstr "aucune source sudoers valide n'a été trouvée, fin d'exécution"
-#: plugins/sudoers/sudoers.c:252
+#: plugins/sudoers/sudoers.c:254
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "il est précisé dans sudoers que root n'est pas autorisé à utiliser sudo"
-#: plugins/sudoers/sudoers.c:310
+#: plugins/sudoers/sudoers.c:312
msgid "you are not permitted to use the -C option"
msgstr "vous n'êtes pas autorisé à utiliser l'option -C"
-#: plugins/sudoers/sudoers.c:357
+#: plugins/sudoers/sudoers.c:359
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "propriétaire du fichier d'horodatage (%s) : utilisateur inconnu"
-#: plugins/sudoers/sudoers.c:372
+#: plugins/sudoers/sudoers.c:374
msgid "no tty"
msgstr "pas de terminal tty"
-#: plugins/sudoers/sudoers.c:373
+#: plugins/sudoers/sudoers.c:375
msgid "sorry, you must have a tty to run sudo"
msgstr "désolé, vous devez avoir un terminal tty pour exécuter sudo"
-#: plugins/sudoers/sudoers.c:435
+#: plugins/sudoers/sudoers.c:437
msgid "command in current directory"
msgstr "commande dans le répertoire courant"
-#: plugins/sudoers/sudoers.c:454
+#: plugins/sudoers/sudoers.c:456
msgid "sorry, you are not allowed set a command timeout"
msgstr "désolé, vous n'êtes pas autorisé à définir un délai d'expiration de la commande"
-#: plugins/sudoers/sudoers.c:462
+#: plugins/sudoers/sudoers.c:464
msgid "sorry, you are not allowed to preserve the environment"
msgstr "désolé, vous n'êtes pas autorisé à conserver l'environnement"
-#: plugins/sudoers/sudoers.c:810
+#: plugins/sudoers/sudoers.c:815
msgid "command too long"
msgstr "commande trop longue"
-#: plugins/sudoers/sudoers.c:942
+#: plugins/sudoers/sudoers.c:947
#, c-format
msgid "%s is not a regular file"
msgstr "%s n'est pas un fichier ordinaire"
-#: plugins/sudoers/sudoers.c:946 plugins/sudoers/timestamp.c:259 toke.l:967
+#: plugins/sudoers/sudoers.c:951 plugins/sudoers/timestamp.c:259 toke.l:967
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "Le fichier %s est la propriété de l'utilisateur (uid) %u, alors qu'il devrait appartenir à %u"
-#: plugins/sudoers/sudoers.c:950 toke.l:972
+#: plugins/sudoers/sudoers.c:955 toke.l:972
#, c-format
msgid "%s is world writable"
msgstr "Le fichier %s est ouvert en écriture pour tous"
-#: plugins/sudoers/sudoers.c:954 toke.l:975
+#: plugins/sudoers/sudoers.c:959 toke.l:975
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "Le fichier %s a pour groupe (gid) %u, alors qu'il devrait appartenir au groupe %u"
-#: plugins/sudoers/sudoers.c:987
+#: plugins/sudoers/sudoers.c:992
#, c-format
msgid "only root can use \"-c %s\""
msgstr "« -c %s » est réservé à l'utilisateur root"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:1011
#, c-format
msgid "unknown login class: %s"
msgstr "classe de connexion inconnue : %s"
-#: plugins/sudoers/sudoers.c:1091 plugins/sudoers/sudoers.c:1105
+#: plugins/sudoers/sudoers.c:1096 plugins/sudoers/sudoers.c:1110
#, c-format
msgid "unable to resolve host %s"
msgstr "impossible de résoudre l'hôte %s"
@@ -1974,105 +1983,109 @@ msgstr "facteur de vitesse invalide : %s"
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/timing : %s"
-#: plugins/sudoers/sudoreplay.c:327
+#: plugins/sudoers/sudoreplay.c:326
+#, c-format
+msgid "%s/timing: %s"
+msgstr "%s/timing : %s"
+
+#: plugins/sudoers/sudoreplay.c:330
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/timing : %s"
-#: plugins/sudoers/sudoreplay.c:343
+#: plugins/sudoers/sudoreplay.c:346
#, c-format
msgid "Replaying sudo session: %s"
msgstr "Rejeu de la session sudo : %s"
-#: plugins/sudoers/sudoreplay.c:541 plugins/sudoers/sudoreplay.c:588
-#: plugins/sudoers/sudoreplay.c:785 plugins/sudoers/sudoreplay.c:894
-#: plugins/sudoers/sudoreplay.c:979 plugins/sudoers/sudoreplay.c:994
-#: plugins/sudoers/sudoreplay.c:1001 plugins/sudoers/sudoreplay.c:1008
-#: plugins/sudoers/sudoreplay.c:1015 plugins/sudoers/sudoreplay.c:1022
-#: plugins/sudoers/sudoreplay.c:1170
+#: plugins/sudoers/sudoreplay.c:544 plugins/sudoers/sudoreplay.c:591
+#: plugins/sudoers/sudoreplay.c:789 plugins/sudoers/sudoreplay.c:898
+#: plugins/sudoers/sudoreplay.c:983 plugins/sudoers/sudoreplay.c:998
+#: plugins/sudoers/sudoreplay.c:1005 plugins/sudoers/sudoreplay.c:1012
+#: plugins/sudoers/sudoreplay.c:1019 plugins/sudoers/sudoreplay.c:1026
+#: plugins/sudoers/sudoreplay.c:1174
msgid "unable to add event to queue"
msgstr "impossible d'ajouter l'événement à la queue"
-#: plugins/sudoers/sudoreplay.c:656
+#: plugins/sudoers/sudoreplay.c:659
msgid "unable to set tty to raw mode"
msgstr "impossible d'initialiser le terminal tty en mode direct"
-#: plugins/sudoers/sudoreplay.c:707
-#, c-format
+#: plugins/sudoers/sudoreplay.c:710
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Attention : la taille du terminal n'est pas suffisante pour pouvoir rejouer correctement la séquence.\n"
-#: plugins/sudoers/sudoreplay.c:708
+#: plugins/sudoers/sudoreplay.c:711
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "La taille du journal est %d × %d, la taille de votre terminal est %d × %d."
-#: plugins/sudoers/sudoreplay.c:736
+#: plugins/sudoers/sudoreplay.c:739
msgid "Replay finished, press any key to restore the terminal."
msgstr "Rejeu terminé, appuyez sur n'importe quelle touche pour rétablir le terminal."
-#: plugins/sudoers/sudoreplay.c:768
+#: plugins/sudoers/sudoreplay.c:772
#, c-format
msgid "invalid timing file line: %s"
msgstr "ligne invalide dans le fichier de timing : %s"
-#: plugins/sudoers/sudoreplay.c:1204 plugins/sudoers/sudoreplay.c:1229
+#: plugins/sudoers/sudoreplay.c:1208 plugins/sudoers/sudoreplay.c:1233
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "expression ambiguë « %s »"
-#: plugins/sudoers/sudoreplay.c:1251
+#: plugins/sudoers/sudoreplay.c:1255
msgid "unmatched ')' in expression"
msgstr "« ) » sans parenthèse ouvrante dans l'expression"
-#: plugins/sudoers/sudoreplay.c:1255
+#: plugins/sudoers/sudoreplay.c:1259
#, c-format
msgid "unknown search term \"%s\""
msgstr "terme de recherche « %s » inconnu"
-#: plugins/sudoers/sudoreplay.c:1270
+#: plugins/sudoers/sudoreplay.c:1274
#, c-format
msgid "%s requires an argument"
msgstr "%s requiert un argument"
-#: plugins/sudoers/sudoreplay.c:1273 plugins/sudoers/sudoreplay.c:1514
+#: plugins/sudoers/sudoreplay.c:1277 plugins/sudoers/sudoreplay.c:1518
#, c-format
msgid "invalid regular expression: %s"
msgstr "expression rationnelle invalide : %s"
-#: plugins/sudoers/sudoreplay.c:1277
+#: plugins/sudoers/sudoreplay.c:1281
#, c-format
msgid "could not parse date \"%s\""
msgstr "analyse de la date « %s » impossible"
-#: plugins/sudoers/sudoreplay.c:1286
+#: plugins/sudoers/sudoreplay.c:1290
msgid "unmatched '(' in expression"
msgstr "« ( » sans parenthèse fermante dans l'expression"
-#: plugins/sudoers/sudoreplay.c:1288
+#: plugins/sudoers/sudoreplay.c:1292
msgid "illegal trailing \"or\""
msgstr "« or » n'est pas autorisé en fin d'expression"
-#: plugins/sudoers/sudoreplay.c:1290
+#: plugins/sudoers/sudoreplay.c:1294
msgid "illegal trailing \"!\""
msgstr "« ! » n'est pas autorisé en fin d'expression"
-#: plugins/sudoers/sudoreplay.c:1340
+#: plugins/sudoers/sudoreplay.c:1344
#, c-format
msgid "unknown search type %d"
msgstr "type de recherche %d inconnu"
-#: plugins/sudoers/sudoreplay.c:1607
+#: plugins/sudoers/sudoreplay.c:1611
#, c-format
msgid "usage: %s [-hnRS] [-d dir] [-m num] [-s num] ID\n"
msgstr "utilisation : %s [-hnRS] [-d répertoire] [-m nombre] [-s nombre] ID\n"
-#: plugins/sudoers/sudoreplay.c:1610
+#: plugins/sudoers/sudoreplay.c:1614
#, c-format
msgid "usage: %s [-h] [-d dir] -l [search expression]\n"
msgstr "utilisation : %s [-h] [-d répertoire] -l [expression recherchée]\n"
-#: plugins/sudoers/sudoreplay.c:1619
+#: plugins/sudoers/sudoreplay.c:1623
#, c-format
msgid ""
"%s - replay sudo session logs\n"
@@ -2081,7 +2094,7 @@ msgstr ""
"%s - rejeu du journal de la session sudo\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1621
+#: plugins/sudoers/sudoreplay.c:1625
msgid ""
"\n"
"Options:\n"
@@ -2362,6 +2375,18 @@ msgstr ""
msgid "too many levels of includes"
msgstr "nombre de niveaux d'inclusions trop élevé"
+#~ msgid "ignoring invalid attribute value: %s"
+#~ msgstr "la valeur d'attribut invalide est ignorée : %s"
+
+#~ msgid "unable to cache user %s, out of memory"
+#~ msgstr "enregistrement des informations de l'utilisateur %s dans le cache impossible, mémoire insuffisante"
+
+#~ msgid "unable to cache group %s, out of memory"
+#~ msgstr "enregistrement du groupe %s dans le cache impossible, mémoire insuffisante"
+
+#~ msgid "unable to cache group list for %s, out of memory"
+#~ msgstr "enregistrement de la liste de groupe %s dans le cache impossible, mémoire insuffisante"
+
#~ msgid ""
#~ "\n"
#~ "LDAP Role: UNKNOWN\n"
diff --git a/plugins/sudoers/po/hr.mo b/plugins/sudoers/po/hr.mo
index cea6299..25c507a 100644
--- a/plugins/sudoers/po/hr.mo
+++ b/plugins/sudoers/po/hr.mo
Binary files differ
diff --git a/plugins/sudoers/po/hr.po b/plugins/sudoers/po/hr.po
index 2ce609e..94e99f6 100644
--- a/plugins/sudoers/po/hr.po
+++ b/plugins/sudoers/po/hr.po
@@ -1,13 +1,13 @@
# Translation of sudoers to Croatian.
# This file is put in the public domain.
#
-# Božidar Putanec <bozidarp@yahoo.com>, 2016, 2017, 2018.
+# Božidar Putanec <bozidarp@yahoo.com>, 2016, 2017, 2018, 2019.
msgid ""
msgstr ""
-"Project-Id-Version: sudoers-1.8.26b1\n"
+"Project-Id-Version: sudoers-1.8.29rc1\n"
"Report-Msgid-Bugs-To: https://bugzilla.sudo.ws\n"
-"POT-Creation-Date: 2018-10-29 08:31-0600\n"
-"PO-Revision-Date: 2018-10-30 13:22-0700\n"
+"POT-Creation-Date: 2019-10-21 19:55-0600\n"
+"PO-Revision-Date: 2019-10-24 12:58-0700\n"
"Last-Translator: Božidar Putanec <bozidarp@yahoo.com>\n"
"Language-Team: Croatian <lokalizacija@linux.hr>\n"
"Language: hr\n"
@@ -16,7 +16,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Poedit 2.2\n"
+"X-Generator: Poedit 2.2.4\n"
"X-Poedit-Basepath: ../packages/sudo-1.8.23b2\n"
"X-Poedit-SearchPath-0: .\n"
@@ -44,258 +44,267 @@ msgstr "*** SIGURNOSNE informacije za %h ***"
msgid "Sorry, try again."
msgstr "Pokušajte ponovo."
-#: gram.y:192 gram.y:240 gram.y:247 gram.y:254 gram.y:2