diff options
Diffstat (limited to '')
-rw-r--r-- | ChangeLog | 78828 |
1 files changed, 78828 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..cf97cea --- /dev/null +++ b/ChangeLog @@ -0,0 +1,78828 @@ +2023-12-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_15p5 for changeset 4418cfdc5b2a + [c1df7aef0fa8] [tip] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.15p5 + [4418cfdc5b2a] [SUDO_1_9_15p5] <1.9> + +2023-12-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c: + Properly handle sysconf(_SC_LOGIN_NAME_MAX) returning -1 on failure. + + The cast to size_t needs to be outside the MAX() macro or the -1 + will get cast to unsigned. + [343b22c1fc59] <1.9> + +2023-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, plugins/sudoers/timestamp.c: + Automatically migrate lecture file path from name-based to uid- + based. + + GitHub issue #342. + [cfa82cf5ac29] <1.9> + +2023-12-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap_conf.c: + Disable netgroup_query when netgroup_base is not set. + + The logic was inverted when support for netgroup_query was added. + This supercedes PR #341. + [a575b106220e] <1.9> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + In the NOEXEC example make it clear that "shanty" is a host. Bug + #1064 + [18e3b6a981d4] <1.9> + +2023-12-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c: + Fix printing of warning when a Defaults setting is missing a value. + + This is a bug in parse_default_entry() introduced in sudo 1.8.19 + when support for using the default syslog facility was added at the + wrong place in a switch(). + [f9de87a2f501] <1.9> + +2023-12-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c: + Fix evaluation of a tuple used in "true" boolean context. + + Previously, a tuple in boolean context was always treated as a + negated entry, which doesn't match the documentation. We assume that + there are at least two tuple entries where the first maps to boolean + false and the second maps to boolean true. + [39a6e634c9d6] <1.9> + + * .hgtags: + Added tag SUDO_1_9_15p4 for changeset cc9d22d261de + [382e15393814] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.15p4 + [cc9d22d261de] [SUDO_1_9_15p4] <1.9> + + * plugins/sudoers/lookup.c: + sudoers_lookup_pseudo: init match to UNSPEC for + sudo_nss_can_continue(). + + Otherwise, processing will stop after the first sudoers nsswitch + service specification where [SUCCESS=return] is present. + [053be548771c] <1.9> + +2023-12-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_15p3 for changeset 20d368229c6a + [e01ee9945d11] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.15p3 + [20d368229c6a] [SUDO_1_9_15p3] <1.9> + +2023-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Pass back Solaris privs as "runas_privs" and "runas_limitprivs". + + The "runas_" prefix got inadvertantly removed in the big + sudoers_context refactor. + [25f183bdd61e] <1.9> + +2023-12-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_util.h, lib/util/term.c, lib/util/ttysize.c, + lib/util/util.exp.in, src/sudo.h, src/ttyname.c: + sudo_term_is_raw: only try to lock the fd if it is a tty + + This moves sudo_isatty() to libsudo_util so sudo_term_is_raw() can + use it. Fixes GitHub issue #335 + [5e7dd2580c9b] <1.9> + +2023-12-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoreplay.c: + setup_terminal: fix an editing error introduced in 1.9.15. + [690c82d4ebd4] <1.9> + +2023-12-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sethost.c: + Fall back to "localhost" if gethostname() fails. + + GitHub issue #332 + [c6993fd61aac] <1.9> + + * plugins/sudoers/match_command.c: + command_matches_glob: fix comparison of canonicalized parent + directories + + Bug #1062 + [78b789de1df8] <1.9> + +2023-11-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo.c: + Always disable core dumps when sudo sends itself a fatal signal. + + When a command exits due to a fatal signal, sudo will re-send that + signal to itself so the shell does not ignore keyboard-generated + signals. However, now that sudo disables core dumps by default for + the command, we cannot rely on WCOREDUMP() telling us whether or not + the signal will lead to a core dump. It is safest to always disable + core dumps before sending the signal to ourself. + [4ce4bedf84fe] <1.9> + + * .hgtags: + Added tag SUDO_1_9_15p2 for changeset 4d03c1608a23 + [b46c7b3c67b4] <1.9> + +2023-11-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac, lib/util/term.c: + Merge sudo 1.9.15p2 from tip. + [4d03c1608a23] [SUDO_1_9_15p2] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.15p2 + [7a5afe66a935] + + * scripts/pp: + Update PolyPkg from upstream. + [fef8f49977c3] + + * lib/util/term.c: + sudo_term_restore: don't check c_cflag on systems with TCSASOFT. + + If TCSASOFT is present, tcsetattr() will ignore c_cflag. Fixes a bug + where sudo_term_restore() would refuse to change the terminal + settings back if the PARENB control flag was set. GitHub issue #326. + [bcd3c9f5736a] + + * scripts/mkpkg: + Quote $osversion since it may include whitespace. + [fb4aac7003c6] + +2023-11-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.h: + Use C99 designated struct initializers. + + This is less error-prone and would have avoided GitHub issue #325. + [f7fad7f54d1b] + + * .hgtags: + Added tag SUDO_1_9_15p1 for changeset d23f72517e07 + [f67d129d3e36] <1.9> + + * NEWS, configure, configure.ac: + Merge sudo 1.9.15p1 from tip. + [d23f72517e07] [SUDO_1_9_15p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.15p1 + [9aae361b70ef] + + * plugins/sudoers/sudoers.h: + Correct the order of the strings in SUDOERS_CONTEXT_INITIALIZER. + + Fixes GitHub issue #325, a bug introduced in sudo 1.9.15. + [0266ed6c95f9] + +2023-11-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + In the sudo 1.9.14p3 section, "Python python" should be "Python + plugin". + [dee39187deda] + + * .hgtags: + Added tag SUDO_1_9_15 for changeset 277833c12efb + [3517bf78fcf5] <1.9> + + * MANIFEST, NEWS, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/hexchar.c, + lib/util/regress/hexchar/hexchar_test.c, lib/util/term.c, + logsrvd/iolog_writer.c, logsrvd/tls_init.c, + plugins/python/pyhelpers.c, plugins/python/python_convmessage.c, + plugins/python/python_loghandler.c, + plugins/python/python_plugin_common.c, + plugins/python/regress/testhelpers.c, + plugins/python/sudo_python_module.c, plugins/sudoers/Makefile.in, + plugins/sudoers/log_client.c, plugins/sudoers/logging.c, + plugins/sudoers/lookup.c, plugins/sudoers/match_command.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.sh, + plugins/sudoers/regress/cvtsudoers/test35.sh, + plugins/sudoers/regress/cvtsudoers/test36.sh, + plugins/sudoers/regress/cvtsudoers/test39.sh, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/testsudoers/test20.sh, + plugins/sudoers/regress/testsudoers/test21.sh, + plugins/sudoers/regress/testsudoers/test22.sh, + plugins/sudoers/regress/testsudoers/test23.sh, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_ptrace.c, + src/exec_pty.c: + Merge sudo 1.9.15 from tip. + [277833c12efb] [SUDO_1_9_15] <1.9> + + * NEWS: + Sudo now logs the submitenv in the JSON logs. + [c1a5e609352f] + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in: + Document special cases for AIX-style shared libraries. + + The shared object is a member of an archive file that is specified + in parentheses. + [bb9a50249072] + +2023-11-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in: + Add sudoers plugin Debug example and x-ref sudoers man page for + details. + [ef23f00ac8ad] + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in: + The HP-UX getgrouplist() code has been disabled due to bugs. + [0bc060c69389] + +2023-11-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_conf.c: + sudo_conf_debug_files: special handling of DSO members for AIX + + When matching debug files for AIX-style DSOs like + sudoers.a(sudoers.so) we want to match on the full name, the name + without the member and on the member itself. This makes it possible + to use the existing examples in the sudo.conf fiile on AIX. + [2ec138dbc507] + + * plugins/sudoers/pwutil.c: + sudo_set_grlist and sudo_set_gidlist: set auth registry based on + username + + Previously we used the global registry but since we have the user's + passwd info we should use that when storing the group and gid lists. + [71b6647d4cb0] + +2023-11-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse_ldif.c: + role_to_sudoers: only try to reuse a privilege if one is present + [91207af2554c] + + * plugins/sudoers/defaults.c: + store_plugin: avoid potential NULL deref in boolean context + + Coverity CID 330466 + [5c7ebbaf83c4] + + * plugins/sudoers/sudoreplay.c, src/conversation.c: + Avoid passing sudo_term_is_raw() -1 for the fd. + + Coverity CID 330472 Coverity CID 330468 + [b28a472152ab] + + * logsrvd/sendlog.c: + fmt_info_messages: bump info_msgs_size for submitenv + [e36bfd74abb9] + + * NEWS: + Better log message when rejecting a setid command in intercept mode. + [06d161998e22] + + * plugins/sudoers/logging.c, plugins/sudoers/lookup.c, + plugins/sudoers/match_command.c, plugins/sudoers/parse.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Move the check for running setid commands in intercept mode to + later. + + Checking for setid commands in intercept mode after command matching + allows us to log a proper error message. Previously, we simply + ignored setid commands when matching and the only indication of why + was in the debug logs. + [b07b8fcff911] + + * plugins/sudoers/timestamp.c: + timestamp_open: add some debugging + [dc7070cbadd9] + +2023-10-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/sia.c: + sudo_sia_begin_session: add missing struct sudoers_context * arg. + [4caf619af53b] + + * plugins/sudoers/auth/kerb5.c: + verify_krb_v5_tgt: auth name must be const to match struct + sudo_auth. + [e4d6a0b15003] + + * .circleci/config.yml: + Disable PAM before enabling Kerberos V. + [55523956e9ff] + + * .circleci/config.yml, docker/debian/latest/Dockerfile, + docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile, + docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile, + docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile: + Add Kerberos V build and test to CI. + [7cf8ab128064] + +2023-10-31 Renato Botelho <garga@FreeBSD.org> + + * plugins/sudoers/auth/kerb5.c: + Add missing sudoers_context to verify_krb_v5_tgt() + + Commit 244017495421 added ctx variable to log_warningx() call but + that variable was not declared in that context, breaking the build. + [7b89c1b61e19] + +2023-10-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po: + Updated translations from translationproject.org + [2a5a4f1350ee] + +2023-10-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Set the open file descriptor limit to the maximum allowed value. + + Each connection can require up to 9 descriptors. + [72b6593b631d] + +2023-10-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention new Indonesian translation and sudo_logsrvd fd limit change. + [753002967fc0] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo, + po/hr.po, po/ja.mo, po/ja.po, po/sr.mo, po/sr.po, po/zh_CN.mo, + po/zh_CN.po: + Updated translations from translationproject.org + [619098603afe] + + * docs/CONTRIBUTORS.md: + Add Andika Triwidada + [7e6293a4a00a] + + * MANIFEST, po/id.mo, po/id.po: + New Indonesian translation from translationproject.org + [568e33cb694c] + +2023-10-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention GitHub issue #318 + [4b4c1d8da478] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Avoid a double-free in fuzz_policy caused by the early + env_init(NULL). + + This adds an env_free() function to explicitly free both the old and + new copies of the environment. It is really only needed by + fuzz_policy, which calls the policy module multiple times. + [9cb4400fe76c] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c, + logsrvd/iolog_writer.c, logsrvd/sendlog.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Store submitenv in eventlog and pass it to sudo_logsrvd. + [3ef684a6f888] + +2023-10-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c, + lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c, + logsrvd/sendlog.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c: + struct eventlog: rename argv/env to runargv/runenv. + + This matches the JSON logs. + [df2ac695bcf7] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + struct sudoers_user_context: rename env_vars to env_add + [f57859bca061] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c: + Only log the run environment for commands that are allowed. + + It may not be available otherwise and unless the command is being + run it has no real meaning. + [98b79f16e06e] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Free the private copy of the environment in sudoers_check_cmnd(). + + This reverts 5118eb5797fb, which had the side-effect of the PAM + session code running with the run environment instead of the + invoking user's environment. Issue #318 + [6b4abada2e55] + +2023-10-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_swapids.c: + iolog_swapids: short circuit if effective ids match iolog ids. + [6871a2a50eae] + + * lib/iolog/iolog_mkdirs.c, logsrvd/iolog_writer.c: + logsrvd: display error string in message if iolog_mkpath() fails + [4a601c7e1248] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.15 + [39ac757a80c9] + +2023-10-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.in: + Add example for disabling intercept/log_subcmds for certain + commands. + [52d01bcd6e3a] + + * lib/util/mksiglist.c, lib/util/mksigname.c: + Use NSIG instead of nitems(array) for the loop bound. + + This matches the sudo_sys_siglist[] and sudo_sys_signame[] + declarations. + [d515abb232ae] + + * plugins/sudoers/tsdump.c: + tsdump: fix compiler warnings + [4e5d80f29845] + +2023-10-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/regress/logwrap/check_wrap.c, lib/util/mksiglist.c, + lib/util/mksigname.c, logsrvd/sendlog.c, + plugins/python/regress/iohelpers.c, plugins/sudoers/tsdump.c: + Avoid using %zu or %zd with printf() and fprintf(). + + This prevents problems on systems where the system printf(3) is not + C99-compliant. We use our own snprintf() on such systems so that is + safe. + [7ff250c66e05] + + * plugins/sudoers/sudo_printf.c, src/conversation.c: + Use vsnprintf() instead of vfprintf() for sudo_printf() to avoid + problems on systems where the system printf(3) is not C99-compliant. + We use our own snprintf() on such systems. + [053c94c3db03] + + * include/sudo_compat.h, lib/util/getdelim.c, lib/util/realpath.c, + lib/util/regress/getdelim/getdelim_test.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + strlcpy_expand_host, sudo_getdelim, sudo_realpath: add restrict + qualifier + [8669d4d9b4d9] + + * NEWS: + Fixed GitHub issue #312. + [b6e269e7eeaa] + +2023-10-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/term.c: + Better handling of multiple sudo processes modifying terminal + settings. 1. Lock the terminal before tcgetattr/tcsetattr 2. Don't + restore terminal settings if changed by another process 3. Don't set + terminal to raw mode if it is already raw GitHub issue #312 + [8d5664300c7e] + +2023-10-16 Rose <83477269+AtariDreams@users.noreply.github.com> + + * plugins/sudoers/prompt.c, plugins/sudoers/strlcpy_unesc.c, + plugins/sudoers/sudoers.h: + Add restrict to strlcpy and expand_prompt + [b26d50f82d2f] + +2023-10-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Add a little extra debugging info. + [b2533548f50b] + +2023-10-15 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/util/regress/hexchar/hexchar_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, lib/util/sudo_conf.c: + Swap calloc arguments to use them properly. + [1d4877da5233] + +2023-10-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + ptrace_intercept_execve: make flags unsigned to match + command_details + [97ee796e74ec] + +2023-10-13 Rose <83477269+AtariDreams@users.noreply.github.com> + + * include/sudo_util.h, src/exec_ptrace.h: + Specify 1U over 1 for bitmaps + [8eaecce2e3c6] + +2023-10-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/parse.h, + plugins/sudoers/sudoers.h: + Fix spelling: resistent -> resistant + [df6b986b8d31] + +2023-10-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * .gitignore, .hgignore: + Add plugins/sudoers/tsgetusershell.c to ignore files. + [5e9538b2aaae] + +2023-10-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/mkdefaults: + Fix compatibility with older versions of (new) awk. + + Do not rely on awk supporting "-f -" to read the program from stdin. + Avoid using POSIX character classes in regular expressions. + [0e67e9ba4ddf] + +2023-10-02 Alexander F. Rødseth <alexander.fet.rodseth@schibsted.com> + + * plugins/sudoers/visudo.c: + Add Orbiton ("o") to the list of editors that supports +lineno + [28e192d4be9b] + + * plugins/sudoers/visudo.c: + Sort the list of editors that supports +lineno + [6467309f5ac3] + +2023-09-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Mention potential problems with log_subcmds and intercept. + [9c93f9315924] + + * src/sudo.c: + Add more user info to the list of objects to be garbage-collected at + exit. + [caeb35967cd2] + +2023-09-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h: + Use long, not long long, when getting/setting numeric attributes. + + We use int or long, not long long, in the Python plugin. + [d1008ce69cf6] + + * plugins/sudoers/file.c: + sudo_file_open: initialize parser before calling open_sudoers(). + + Otherwise, the parser_conf settings in the context passed to + sudo_file_open() will not be honored by open_sudoers(). Affected + settings include ignore_perms, sudoers mode, uid and gid. + [21e56d49521a] + + * lib/eventlog/parse_json.c, lib/iolog/iolog_legacy.c, + lib/iolog/iolog_timing.c, logsrvd/iolog_writer.c, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/sendlog.c, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c: + Add casts when storing values in a struct timespec. + + Fixes -Wconversion warnings on some 32-bit systems where time_t is + still 32-bit. + [b090ed40a1d0] + +2023-09-27 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/util/roundup.c: + Use U, not UL, for 32-bit platforms + + size_t is an unsigned int on 32-bit platforms, not an unsigned long. + [9f4a9b73c954] + +2023-09-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match_digest.c: + digest_matches: actually use fd2 in place of fd as needed. + [9db51e4a8521] + + * plugins/sudoers/match_digest.c: + digest_matches: if fd argument is -1, try to open path before + failing + [5b323859cbd0] + + * plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.sh, + plugins/sudoers/regress/cvtsudoers/test35.sh, + plugins/sudoers/regress/cvtsudoers/test36.sh, + plugins/sudoers/regress/cvtsudoers/test39.sh, + plugins/sudoers/regress/testsudoers/test20.sh, + plugins/sudoers/regress/testsudoers/test21.sh, + plugins/sudoers/regress/testsudoers/test22.sh, + plugins/sudoers/regress/testsudoers/test23.sh, + plugins/sudoers/regress/testsudoers/test24.sh, + plugins/sudoers/regress/testsudoers/test25.sh, + plugins/sudoers/regress/testsudoers/test26.sh, + plugins/sudoers/regress/testsudoers/test27.sh, + plugins/sudoers/regress/testsudoers/test28.sh, + plugins/sudoers/regress/testsudoers/test29.sh, + plugins/sudoers/regress/testsudoers/test30.sh, + plugins/sudoers/regress/testsudoers/test31.sh: + Add missing execute bit on some test scripts. + [07af3341fc1a] + +2023-09-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.h: + max_groups in sudoers_plugin_settings is no longer used. + [99848d0ee951] + + * include/sudo_conf.h, include/sudo_debug.h, include/sudo_event.h, + include/sudo_eventlog.h, include/sudo_fatal.h, include/sudo_json.h, + include/sudo_util.h, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_conf.c, lib/eventlog/eventlog_free.c, + lib/eventlog/logwrap.c, lib/eventlog/parse_json.c, + lib/eventlog/parse_json.h, + lib/eventlog/regress/eventlog_store/store_json_test.c, + lib/eventlog/regress/eventlog_store/store_sudo_test.c, + lib/eventlog/regress/logwrap/check_wrap.c, + lib/eventlog/regress/parse_json/check_parse_json.c, + lib/fuzzstub/fuzzstub.c, lib/iolog/host_port.c, + lib/iolog/hostcheck.c, lib/iolog/iolog_clearerr.c, + lib/iolog/iolog_close.c, lib/iolog/iolog_conf.c, + lib/iolog/iolog_eof.c, lib/iolog/iolog_filter.c, + lib/iolog/iolog_flush.c, lib/iolog/iolog_gets.c, + lib/iolog/iolog_json.c, lib/iolog/iolog_legacy.c, + lib/iolog/iolog_loginfo.c, lib/iolog/iolog_mkdirs.c, + lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c, + lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c, + lib/iolog/iolog_openat.c, lib/iolog/iolog_path.c, + lib/iolog/iolog_read.c, lib/iolog/iolog_seek.c, + lib/iolog/iolog_swapids.c, lib/iolog/iolog_timing.c, + lib/iolog/iolog_util.c, lib/iolog/iolog_write.c, + lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/iolog/regress/host_port/host_port_test.c, + lib/iolog/regress/iolog_filter/check_iolog_filter.c, + lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_timing/check_iolog_timing.c, + lib/logsrv/log_server.pb-c.c, lib/protobuf-c/protobuf-c.c, + lib/ssl_compat/ssl_compat.c, lib/util/aix.c, lib/util/arc4random.c, + lib/util/arc4random_buf.c, lib/util/arc4random_uniform.c, + lib/util/basename.c, lib/util/cfmakeraw.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, + lib/util/explicit_bzero.c, lib/util/fatal.c, lib/util/fchmodat.c, + lib/util/fchownat.c, lib/util/fnmatch.c, lib/util/freezero.c, + lib/util/fstatat.c, lib/util/getaddrinfo.c, lib/util/getdelim.c, + lib/util/getentropy.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c, + lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c, + lib/util/gmtime_r.c, lib/util/hexchar.c, lib/util/inet_ntop.c, + lib/util/inet_pton.c, lib/util/isblank.c, lib/util/json.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/localtime_r.c, + lib/util/locking.c, lib/util/logfac.c, lib/util/logpri.c, + lib/util/memrchr.c, lib/util/mkdir_parents.c, lib/util/mkdirat.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, + lib/util/mmap_alloc.c, lib/util/multiarch.c, lib/util/nanosleep.c, + lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c, + lib/util/pread.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/pwrite.c, lib/util/rcstr.c, lib/util/reallocarray.c, + lib/util/regex.c, lib/util/regress/closefrom/closefrom_test.c, + lib/util/regress/digest/digest_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/getgrouplist/getgids.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/hexchar/hexchar_test.c, + lib/util/regress/json/json_test.c, + lib/util/regress/mktemp/mktemp_test.c, + lib/util/regress/multiarch/multiarch_test.c, + lib/util/regress/open_parent_dir/open_parent_dir_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/regex/regex_test.c, + lib/util/regress/strsig/strsig_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/uuid/uuid_test.c, lib/util/roundup.c, + lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c, + lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, + lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + lib/util/sudo_dso.c, lib/util/sys_siglist.h, lib/util/sys_signame.h, + lib/util/term.c, lib/util/timegm.c, lib/util/ttyname_dev.c, + lib/util/ttysize.c, lib/util/unlinkat.c, lib/util/utimens.c, + lib/util/uuid.c, logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_journal.c, logsrvd/logsrvd_local.c, + logsrvd/logsrvd_queue.c, logsrvd/logsrvd_relay.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, logsrvd/sendlog.c, + logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h, + logsrvd/tls_init.c, plugins/audit_json/audit_json.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/python/pyhelpers.c, + plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.h, + plugins/python/regress/testhelpers.h, + plugins/python/sudo_python_debug.c, + plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c, + plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/b64_decode.c, plugins/sudoers/b64_encode.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/canon_path.c, plugins/sudoers/check.c, + plugins/sudoers/check_aliases.c, plugins/sudoers/check_util.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, + plugins/sudoers/display.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/exptilde.c, plugins/sudoers/file.c, + plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/fmtsudoers_cvt.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/insults.h, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_innetgr.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/log_client.c, + plugins/sudoers/log_client.h, plugins/sudoers/logging.c, + plugins/sudoers/lookup.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c, + plugins/sudoers/match_digest.c, plugins/sudoers/parse.h, + plugins/sudoers/parse_ldif.c, plugins/sudoers/parser_warnx.c, + plugins/sudoers/pivot.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/serialize_list/check_serialize_list.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/resolve_cmnd.c, plugins/sudoers/serialize_list.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sethost.c, + plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c, + plugins/sudoers/starttime.c, plugins/sudoers/strlcpy_unesc.c, + plugins/sudoers/strlist.c, plugins/sudoers/strvec_join.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_cb.c, + plugins/sudoers/sudoers_ctx_free.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_hooks.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/testsudoers_pwutil.c, + plugins/sudoers/testsudoers_pwutil.h, plugins/sudoers/timeout.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/unesc_str.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_cb.c, + plugins/system_group/system_group.c, src/apparmor.c, + src/conversation.c, src/copy_file.c, src/edit_open.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_intercept.c, src/exec_iolog.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_preload.c, src/exec_ptrace.c, + src/exec_pty.c, src/get_pty.c, src/hooks.c, src/intercept.pb-c.c, + src/limits.c, src/load_plugins.c, src/openbsd.c, src/parse_args.c, + src/preload.c, src/preserve_fds.c, + src/regress/net_ifs/check_net_ifs.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/sudo_intercept.c, src/sudo_intercept_common.c, + src/sudo_noexec.c, src/suspend_parent.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Use #include <foo.h> instead of #include "foo.h" in most cases. + + We rely on the include path to find many of these headers. It + especially doesn't make sense to use #include "foo.h" for headers in + the top-level include directory. + [4a7d27e429e9] + + * .circleci/config.yml: + Bump xcode to 14.2.0 + [f4775577c9b0] + +2023-09-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/mkdefaults: + Add support for "plugin" defaults type. + [423dc640d220] + + * plugins/sudoers/mkdefaults: + Support multiple input files. + [1fff41f962f5] + +2023-09-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_monitor.c, src/exec_pty.c: + No need to loop reading from/writing to a blocking socketpair. + + This removes some infinite loops that can cause static analyzer + warnings. The fds are not in non-blocking mode and we use + restartable system calls so there is no need to loop. + [132aad609392] + + * plugins/sudoers/check.c: + check_user: fix return value for intercept mode + + Also use early return on error to quiet a PVS-Studio warning. + [ecd721208013] + +2023-09-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Set ec->term_raw to false even if sudo_term_restore() fails. + + Either the fd is not a terminal or we don't have the controlling + terminal. Either way, we can't know the current status of the + terminal and will need to set to raw mode again (if possible). Also + make sure to set ec->term_raw to false if sudo_term_raw() fails. + [6287218771a9] + +2023-09-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/sudoers.c: + Only define _PATH_ENVIRONMENT on systems where we use + /etc/environment. + [5a3752401dc9] + + * config.h.in, configure, configure.ac: + Sudo assumes that a uid_t can be cast to unsigned int without + problems. + + Add a configure check and error out if sizeof(uid_t) > 4. + [4b7657e4ce3d] + + * docs/UPGRADE.md: + Mention the time stamp and lecture file name changes in 1.9.15. + [8c23b36928ad] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Replace '/' with '_' in paths using the user, group or host name. + [2862df9bcab7] + +2023-09-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, m4/sudo.m4, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/policy.c, src/sudo.c, src/sudo_edit.c: + Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED. + [f2f1ee9c5a16] + + * include/sudo_util.h, lib/eventlog/eventlog.c, + lib/iolog/iolog_timing.c, lib/util/json.c, lib/util/lbuf.c, + lib/util/sudo_debug.c, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/display.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/logging.c, src/exec_preload.c, src/limits.c: + Add macros to determine the length of an integer type in string + form. + + Adapted from answer #6 in: + https://stackoverflow.com/questions/10536207/ansi-c-maximum-number- + of-characters-printing-a-decimal-int + [e62734abe89c] + +2023-09-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + visudo: use verbose and strict in parser_conf + + Where the sudoers_context is available we can use the values of + verbose and strict instead of passing around quiet and strict flags. + [bc7a60ce0e36] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/callbacks.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_cb.c: + Rename callbacks.c -> sudoers_cb.c. + [558d6896ebfa] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_cb.c: + Add a separate file for visudo callbacks. + [72e491607a4e] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/check_aliases.c, plugins/sudoers/defaults.c, + plugins/sudoers/parse.h, plugins/sudoers/parser_warnx.c: + Add parser_warnx() and parser_vwarnx() that displays file:line:col + + Used by defaults.c and check_aliases.c. + [1b4eff914e92] + + * plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Promote strict field in sudoers_parser_config from bool to int. + + This will be used by visudo to indicate when "visudo -s" is run. + [d0f6c8c37e4a] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/find_path.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/resolve_cmnd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add resolve_cmnd(), a wrapper around find_path(). + + This is a convenience function that sets PERM_RUNAS and calls + find_path(). If the command is not found it will retry with + PERM_USER instead. + [c7831c462fb9] + + * src/exec_monitor.c: + Wait on a socketpair for the parent to grant child the controlling + tty. + + This upgrades the error pipe to a bi-directional socketpair that the + parent will write to after it has granted the child process the + controlling terminal. That fixes an issue where the child could end + up in a tight CPU loop waiting on the parent which may not be + scheduled immediately. + [36e87999dae1] + +2023-09-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.h: + Undefine AUTH_{SUCCESS,FAILURE,ERROR} before defining them. + + Quiets a warning on AIX where usersec.h defines AUTH_SUCCESS and + AUTH_FAILURE. We avoided this problem in the past because the old + values for AUTH_SUCCESS and AUTH_FAILURE match what AIX defines. + [c37c51f861f1] + + * config.h.in, configure, configure.ac, lib/util/term.c, m4/sudo.m4, + src/exec_pty.c: + Only cast TIOCSWINSZ to int on systems that might require it (AIX). + + Otherwise we end up with a -Wconversion warning on systems where the + ioctl() request argument is unsigned long. + [a467e228981f] + + * plugins/sudoers/display.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Promote verbose flag to int for display_privs and display_cmnd. + + A negative verbosity will prevent non-error output from being + displayed. + [c7646497b580] + +2023-09-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/stubs.c: + No need to include cvtsudoers.h here. + [d838f2ed5483] + + * plugins/sudoers/match_command.c, plugins/sudoers/pivot.c, + plugins/sudoers/pivot.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c: + Remove pivot_get_root() and pivot_get_cwd(). + + They are unnecessary since struct sudoers_pivot is not opaque. The + implementation details are private to match_command.c. + [ca522bffdf37] + + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/parser/check_fill.c: + Quiet some -Wconversion warnings in the tests. + [ebe02fc397e7] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/editor.c, plugins/sudoers/find_path.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.h: + Make flag in union sudo_defs_val bool to match how it is used. + + Adjust find_path()'s ignore_dot function argument to match. + [52d5311ca360] + + * plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Parse euid and egid from sudo front-end. + + These are needed by bsm_audit.c. + [ca240f519b46] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Parse pid and ppid from sudo front-end. + + We can now use the stored ppid in ts_init_key(). + [4955c478f849] + + * plugins/sudoers/match_command.c, plugins/sudoers/pivot.c, + plugins/sudoers/pivot.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Use struct sudoers_pivot instead of defining sudoers_pivot_t. + + We want to pass around a pointer, not the struct itself. + [8c6806cee428] + +2023-09-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/pivot.h: + Don't expose the implementation of the pivot_root state. + [1d1696c7ad78] + + * plugins/sudoers/match_command.c, plugins/sudoers/pivot.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Don't expose the implementation of the pivot_root state. + [efaa8955cbf0] + + * src/exec_ptrace.c: + Only call ptrace_verify_post_exec() for intercept, not log_subcmds. + + This fixes a logic goof introduced in sudo 1.9.14. + [49df34bb0494] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in, + plugins/sudoers/check.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestamp.h: + Use the user-ID instead of user-name for the timestamp and lecture + file. + + This avoids problems if the user name itself contains a path + separator. + [c93459e59f30] + +2023-09-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in: + tsgetusershell.c: don't rely on GNU sed extensions. + [65e7d8099122] + + * plugins/sudoers/testsudoers.c: + testsudoers: add -S option to specify /etc/shells path. + [2efe9b01120a] + + * Makefile.in, lib/util/getusershell.c, plugins/sudoers/Makefile.in, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/tsgetgrpw.h: + Add testsudoers_setshellfile() and use it in testsudoers. + [4065e0f1c9ac] + + * plugins/sudoers/Makefile.in: + regen + [044181c21564] + + * lib/util/Makefile.in, lib/util/getusershell.c: + Remove unnecessary sudo_gettext.h include and add missing const. + [ca4266370ff6] + +2023-09-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.h: + Return AUTH_* flags from check_user() instead of 1/0/-1. + [824e8943fa47] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/testsudoers_pwutil.h: + Wrap valid_shell and add to sudo_pwutil_set_backend(). + + This will make it possible to support a different getusershell() + implementation for testsudoers in the future. + [03da23d61efe] + + * plugins/sudoers/check_util.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Move check_user_shell() to pwutil.c as user_shell_valid() + + This will make it possible to support a different backend which may + be used by testsudoers in the future. + [44a7540fb761] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/timestamp.h: + Merge check_user() and check_user_interactive(), move getpass + callbacks. + + The getpass callbacks are now defined in sudo_auth.c, which + implements auth_getpass(). As a result, struct getpass_closure is + now public and defined in timestamp.h. + [1babbb56de42] + + * plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/timestamp.h: + Make most sudo_auth functions return AUTH_{SUCCESS,FAILURE,FATAL}. + [54471c0a890d] + + * plugins/sudoers/ldap.c, plugins/sudoers/lookup.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c: + Make all match functions return ALLOW/DENY not true/false. + [d22f1dc85b40] + + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/lookup.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Try to make sudo less vulnerable to ROWHAMMER attacks. + + We now use ROWHAMMER-resistent values for ALLOW, DENY, AUTH_SUCCESS, + AUTH_FAILURE, AUTH_ERROR and AUTH_NONINTERACTIVE. In addition, we + explicitly test for expected values instead of using a negated test + against an error value. In the parser match functions this means + explicitly checking for ALLOW or DENY instead of accepting anything + that is not set to UNSPEC. + + Thanks to Andrew J. Adiletta, M. Caner Tol, Yarkin Doroz, and Berk + Sunar, all affiliated with the Vernam Applied Cryptography and + Cybersecurity Lab at Worcester Polytechnic Institute, for the + report. Paper preprint: https://arxiv.org/abs/2309.02545 + [df81a335db65] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Honor ignore_perms plugin argument for @include and @includedir. + [55307bdf721d] + +2023-09-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check.c: + Don't set on_suspend and on_resume twice. + [f1db05f66740] + +2023-09-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/policy.c, + plugins/sudoers/sethost.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + sudoers_sethost: refactor code to set host names in sudoers_context. + + The sudoers_sethost() function can be shared by the sudoers plugin, + visudo, cvtsudoers and testsudoers. + [6cece4f67add] + +2023-09-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + sudoers_trace_print: use debug_decl_vars instead of doing it by + hand. + [0baf94e3e380] + + * include/sudo_compat.h: + sudo_realpath() returns char *, not void *. + [96746a992f65] + +2023-08-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Only print "no valid sudoers sources found, quitting" for multiple + sources. + + If there is only a single source (usually the sudoers file), the + open function provide enough of an error message. Printing two error + messages is just confusing. + [99a282277084] + +2023-08-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/pwutil.c: + user_in_group: the user's group vector already includes the primary + group. + + There's no need to look up the name of user's primary group + (pw_gid), we always include the primary group ID in the group + vector. + [53f36984ebc8] + +2023-08-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.h: + Move sudoers_debug.c prototypes to sudoers_debug.h. + [3d4c971912a3] + + * plugins/sudoers/sudoers.h: + sudo_conv, sudo_printf and plugin_event_alloc live in policy.c. + [52bced1bff2a] + + * include/sudo_iolog.h, plugins/sudoers/defaults.c: + Move default value for "iolog_file" to sudo_iolog.h. + [489101c36995] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/callbacks.c, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/starttime.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h, + plugins/sudoers/tsdump.c: + Rename check.h -> timestamp.h and add remaining timestamp.c + prototypes. + [402c837776df] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h: + Restore AUTH_INTR support, it is still needed. + + We still need AUTH_INTR to know when to break out of the password + prompt loop. + [618807782033] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add ignore_perms plugin argument to skip the sudoers file security + checks. + + This is not intended to be used in a production environment. + [92ae0335ee5b] + +2023-08-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, m4/sudo.m4: + Fix test for unsetenv() returning void with clang 16. + + Clang has dropped support for K&R function definitions so rewrite + the test to require a unsetenv() prototype in stdlib.h. Fixes GitHub + issue #302. + [1a0ce3a79ee2] + + * plugins/sudoers/defaults.c: + Disable fast_glob and fdexec if SUDOERS_NAME_MATCH is defined. + + We use SUDOERS_NAME_MATCH for fuzzing when we want to avoid + searching the file system for commands. + [2e6bc1f8fb22] + +2023-08-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Rename AUTH_FATAL -> AUTH_ERROR. + [1da161db2f0f] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c: + Do not rely on the definition of ALLOW/DENY being true/false. + + We now explicitly check for ALLOW and DENY when checking return + values and negating values. + [1e4420b64b5d] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h: + Replace AUTH_INTR return with AUTH_FAILURE. + + The two were treated identically by the caller. + [e54b06561de1] + +2023-08-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Move tty_present() into policy.c as sudoers_tty_present(). + + This function is policy-dependent. For the modern sudo front-end it + will simply check tcpgid and/or ttypath. + [36a5ece4027a] + + * plugins/sudoers/callbacks.c: + Only set I/O logging callbacks if SESSID_MAX is defined. + [3cec54b1fe9a] + + * plugins/sudoers/defaults.c: + Don't set defaults values for features that are not present. + + This means that lecture_status_dir and timestampdir are only set if + _PATH_SUDO_LECTURE_DIR and _PATH_SUDO_TIMEDIR respectively are set. + Also, the log server defaults are only set when SUDOERS_LOG_CLIENT + is defined. + [bb328fffe142] + + * plugins/sudoers/audit.c: + Call log_allowed() even when "log_allowed" is disabled. + + Otherwise, sudo will not send mail if "mail_always" or + "mail_all_cmnds" is set. + [71d3f06fbee5] + +2023-08-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac: + sudo 1.9.15 + [9e7aa0238aca] + +2023-08-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/event_poll.c, lib/util/getentropy.c, + plugins/sudoers/ldap.c: + Silence a few remaining -Wconversion warnings. + [8f1180e72c0b] + + * plugins/sudoers/sudoers.c: + No need to inclue auth/sudo_auth.h + [61ec4a47c885] + + * configure, m4/sudo.m4: + --enable-pvs-studio: check for license file in the default location + [35e596d1fdb7] + +2023-08-23 ken <41325712+rtczza@users.noreply.github.com> + + * plugins/sudoers/timestamp.c: + modify ret type from int to bool (#298) + + * modify ret type from int to bool + + * change debug_return_int to debug_return_bool + + * modify ret type + [cf8c33ecdce0] + +2023-08-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/callbacks.c, plugins/sudoers/check.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: + Move timestampowner sudoers callback to timestamp.c. + [34520a083145] + + * plugins/sudoers/set_perms.c: + Quiet a PVS-Studio false positive about possible NULL dereference. + + set_perms() is only called with a NULL ctx for PERM_ROOT, + PERM_SUDOERS and PERM_TIMESTAMP. + [0ec4b81df902] + +2023-08-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/set_perms.c: + set_perms: ctx may be NULL for PERM_ROOT, PERM_SUDOERS, + PERM_TIMESTAMP. + [299c5cacb05a] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_ctx_free.c: + Move a few fields from sudoers_user_contect to sudoers_context. + + They are not really specific to the user or user-specified. + [0e166cff8c3b] + + * plugins/sudoers/policy.c: + Remove dead code dealing with unknown user and MODE_INVALIDATE. + + The timestamp unlink code does not need the user's struct passwd + pointer, just the user name (which we already have). Found by PVS- + Studio. + [dd41395692e5] + + * lib/iolog/iolog_read.c, lib/iolog/iolog_write.c, + lib/util/sudo_dso.c: + Suppress some other PVS-Studio false positives. + [36d0f8d41e6e] + + * plugins/sudoers/set_perms.c: + Quiet a PVS-Studio false positive about possible NULL dereference. + + set_perms() is only called with a NULL ctx for PERM_ROOT, + PERM_SUDOERS and PERM_TIMESTAMP. + [a6f38a82c80c] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + MODE_KILL is never set in the sudoers plugin, remove it. + [5a64ba098c4f] + + * plugins/sample/sample_plugin.c, plugins/sudoers/editor.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoreplay.c, src/exec_ptrace.c: + Cast int to size_t before adding instead of casting the result. + + Quiets PVS-Studio warning V1028. + [39b9d54ae277] + + * plugins/sudoers/audit.c: + Fix log_server_accept() definition for --disable-log-client builds. + [9ef55e556801] + + * src/exec_pty.c: + Use a global static struct exec_closure for the cleanup hook. + + This is safer than storing a pointer to a stack variable in the + cleanup function since we don't need to worry about it ever going + out of scope. Quiets a clang 15 analyzer warning. + [bfb06721d43f] + + * lib/eventlog/eventlog.c, plugins/sudoers/testsudoers.c: + Eliminate some clang analyzer false positives. + [ded09455af48] + + * plugins/sudoers/logging.c: + Plug memory leak if journal_parse_error() fails. + + Found by the clang 15 analyzer. + [0d7e0567187e] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Move sudoedit_nfiles into struct sudoers_context. + [0f67b3c5c5b2] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/lookup.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Move sudo_mode into struct sudoers_context. + [649e74125300] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_ctx_free.c: + Move NewArgv, NewArgc and saved_argv into struct sudoers_context. + [46db0662eaf7] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add struct sudoers_conf to struct sudoers_plugin_context. + + There's now no need to pass this directly to init_parser() since we + already pass in a pointer to a sudoers_context struct. + [4a60e7b19a1a] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/sudo_ldap_conf.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Store policy paths in struct sudoers_context. + + This removes the need for the getters in policy.c. + [8ff3016dc8ad] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_ctx_free.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add sudoers_ctx_free() and use it for freeing struct sudoers + context. + + This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free(). + [ba25344753c3] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/callbacks.c, + plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_pwutil.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/display.c, plugins/sudoers/env.c, + plugins/sudoers/file.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/ldap.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/lookup.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.h, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c: + Make struct sudoers_context private to sudoers.c. + + We now pass a pointer to the context where necessary. There are a + few cases where we need to request the context from sudoers via + sudoers_get_context() for the plugin API functions. If the plugin + API was able to pass around a closure pointer this would not be + necessary. + [534d55781084] + +2023-08-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/audit.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/callbacks.c, + plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/defaults.c, plugins/sudoers/display.c, + plugins/sudoers/env.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/lookup.c, + plugins/sudoers/match.c, plugins/sudoers/match_command.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c: + Add a sudoers_context struct that embeds the user and runas structs. + [7c72e0c26dc0] + +2023-08-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + free_parse_tree: clear the nss pointer when freeing. + [658fef1bd3c0] + + * plugins/sudoers/parse_ldif.c: + sudoers_parse_ldif: do not free parse_tree before using + + The user is expected to pass in an initialized and empty parse_tree + so there is no need to free it first. + [4d6371e98087] + + * lib/zlib/adler32.c, lib/zlib/compress.c, lib/zlib/crc32.c, + lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzclose.c, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inffast.h, lib/zlib/inflate.c, lib/zlib/inftrees.c, + lib/zlib/inftrees.h, lib/zlib/trees.c, lib/zlib/uncompr.c, + lib/zlib/zconf.h.in, lib/zlib/zlib.h, lib/zlib/zutil.c, + lib/zlib/zutil.h: + Update embedded copy of zlib to version 1.3. + [bfd6de199f8a] + +2023-08-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/pwutil_impl.c: + We still need to clamp ngids if getgrouplist2() returns -1. + + Otherwise, we end up with ngids set to the number of gids the user + belongs to which may be larger than what the front-end specified. + Fixes a regression introduced in the last commit here. + [4a2aeaf67236] + +2023-08-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + No need to clear errno when using sudo_strtonum(). + [f62f2580c6a5] + + * plugins/sudoers/policy.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: + Move max_groups out of sudoers_user_context and into pwutil.c. + + It is only used by the local password pwutil implementation. + [c33497cc3291] + + * plugins/sudoers/check_util.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Pass in directory to check_user_runchroot() and check_user_runcwd(). + + This way we do not rely on the runas_ctx global. + [f70888bdedf6] + + * plugins/sudoers/regress/exptilde/check_exptilde.c: + check_exptilde: don't need runas_ctx here + [520483cdb2ae] + + * plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct + sudoers_runas_context. + [2024629414ed] + +2023-08-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + Make path_plugin_dir private to policy.c and add getter. + [2bf12c839083] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/logging.c, plugins/sudoers/lookup.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Move list_pw global into struct runas_context. + [32faa515c324] + +2023-08-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/callbacks.c, + plugins/sudoers/check.c, plugins/sudoers/check_util.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/display.c, + plugins/sudoers/env.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/lookup.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Add struct sudoers_runas_context and move runas-specific bits into + it. + [d6a5f5b3c136] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/callbacks.c, plugins/sudoers/check.c, + plugins/sudoers/check_util.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/display.c, plugins/sudoers/env.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/lookup.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c: + Expand the user_* (and more) macros to user_ctx.foo. + [b62e24d53e3f] + + * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Pass explicit struct passwd * to create_admin_success_flag(). + [120bb08f53bb] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Make sudoers_user_ctx_free() private to sudoers.c + [ed512916a444] + + * plugins/sudoers/audit.c, plugins/sudoers/callbacks.c, + plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/defaults.c, plugins/sudoers/display.c, + plugins/sudoers/logging.c, plugins/sudoers/lookup.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c: + Rename struct sudo_user -> struct sudo_user_context. + + Also rename the sudo_user global to user_ctx. + [d4b68657a430] + + * src/exec.c: + fd_matches_tty: only zero out fd_sb if fstat(2) fails. + + We need to preserve the contents of the struct stat if the fd is + some other type so the check for piped output works correctly. Bug + #1057 + [ac80d75699d1] + +2023-08-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/callbacks.c: + Leave the I/O log callbacks in iolog.c + + Otherwise, check_iolog_plugin will not link. + [4e2304f22e89] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/callbacks.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Move sudoers parser callbacks to callbacks.c. + [396d1dcdb35a] + +2023-08-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/sendlog.c: + Bump info_msgs_size to make room for the source. + [627f659fc180] + + * .circleci/config.yml: + Update Xcode version from 13.2.1 to 13.4.1. + [6c32e86975be] + + * include/sudo_event.h, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/util.exp.in: + Use int, not short for events in the event API. + + This fixes some -Wconversion warnings and fixes an inconsistency + between the libsudo_util event API and the plugin event API. The + actual struct internals still use shorts to avoid changing the ABI. + [2d7fcd66f7e7] + + * plugins/sudoers/display.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Use const pointers where possible in the display code. + [87fd1def96b6] + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Document "sudo -ll command" output. + [3e837165e978] + + * plugins/sudoers/display.c, plugins/sudoers/lookup.c, + plugins/sudoers/parse.h, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Add verbose version of "sudo -l command" by using an extra -l. + + The output of "sudo -ll command" consists of the matching sudoers + rule (in long form) with the addition of a "Matched" entry that + shows the fully-qualfied path along with any arguments. + [038d8555e50c] + + * plugins/sudoers/display.c: + Move code to display a cmndspec in long form to + display_cmndspec_long(). + [a9887101de7c] + + * plugins/sudoers/display.c: + sudo -ll: display the sudoers file the rule came from. + [ca6d31966f5c] + +2023-08-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/ssl_compat/ssl_compat.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c: + Fix checking of SSL_{read,write}_ex() return value. + + These have a boolean-style return value. However, our emulated + versions can return -1 on error, which we need to preserve for older + versions of SSL_get_error() which expect it. + [4e812f2456f1] + + * plugins/sudoers/iolog.c, plugins/sudoers/log_client.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Store the source of the matching rule and store in the event log. + + The JSON logs will store the matching rule source. + [c7ee4ab87610] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c, + lib/eventlog/regress/eventlog_store/test1.json.in, + lib/eventlog/regress/eventlog_store/test1.json.out.ok, + lib/eventlog/regress/eventlog_store/test2.json.in, + lib/eventlog/regress/eventlog_store/test2.json.out.ok, + lib/eventlog/regress/eventlog_store/test3.json.in, + lib/eventlog/regress/eventlog_store/test3.json.out.ok, + lib/eventlog/regress/eventlog_store/test4.json.in, + lib/eventlog/regress/eventlog_store/test4.json.out.ok, + logsrvd/iolog_writer.c, logsrvd/sendlog.c: + Log source in JSON logs + + This makes it possible to tell which rule resulted in a match. + [a2573ce8ce3f] + +2023-08-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/lookup.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Use a single callback for sudoers_lookup() and add a closure + pointer. + + The single callback now receives all the match info (or UNSPEC if no + match was attempted). This makes it possible to use the callback for + more than just printing testsudoers output. + [547d0256f22a] + + * lib/util/regress/digest/digest_test.c: + Fix printf format string mismatch now that 'i' is size_t. + [366084860303] + + * include/sudo_digest.h, lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/getentropy.c, + lib/util/regress/digest/digest_test.c, lib/util/util.exp.in, + plugins/sudoers/filedigest.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + sudo_digest_getlen: return size_t, and 0 on error instead of -1 + + This is an API change, sudo_digest_getlen_v1 remains for binary + compatibility. + [5866df2f4aab] + + * logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c: + ERR_get_error() returns unsigned long, not int. + [94b2d963f279] + + * plugins/sudoers/log_client.c: + We now must pass "err" SSL_get_error(), not "nread". + [b4cc206a2cf8] + +2023-08-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/hostcheck.h, lib/iolog/hostcheck.c: + Move compat definition of ASN1_STRING_get0_data to hostcheck.c. It + is not used anywhere else. + [39984513eb00] + +2023-08-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/hostcheck.h, include/sudo_compat.h, + include/sudo_ssl_compat.h: + Move OpenSSL compat defines to sudo_ssl_compat.h + [ad6b8bc3f054] + + * MANIFEST, Makefile.in, configure, configure.ac, + include/sudo_ssl_compat.h, lib/ssl_compat/Makefile.in, + lib/ssl_compat/ssl_compat.c, logsrvd/Makefile.in, + logsrvd/tls_common.h, m4/openssl.m4, plugins/sudoers/Makefile.in, + plugins/sudoers/log_client.h, src/Makefile.in: + Add implementation of SSL_read_ex/SSL_write_ex for those without. + [9456c3c5c91c] + + * config.h.in, configure, logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, + logsrvd/sendlog.c, m4/openssl.m4, plugins/sudoers/log_client.c: + Use SSL_read_ex() and SSL_write_ex() instead of SSL_read() and + SSL_write(). + [5ac82bf78109] + +2023-08-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Don't use sudo when building AIX packages + + PolyPkg uses "sudo installp -l" to list the built package by default + but we may not have sudo privileges on the build host. + [e8ed6064193d] + + * scripts/mkpkg: + Add --configure-only option to quit after the configure run. + + This will be used to avoid building the entire package when we just + want the 32 or 64 bit sudo_intercept.so and sudo_noexec.so. + [22c7cec5a6a1] + + * scripts/mkpkg: + Parse --disable-python in mkpkg and don't override -m32 for Solaris. + + We want to be able to build without python and to specify the memory + model when building 32-bit .so's for Solaris. + [bf21f6e67ff5] + +2023-07-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md, Makefile.in, configure, configure.ac: + Add --enable-postinstall, an optional phase when building packages. + + This makes it possible to run an arbitrary script between "make + install" and the polypkg run. This will be used to copy different + word size versions of sudo_intercept.so and sudo_noexec.so. + [d4e84fa16ccf] + + * INSTALL.md, config.h.in, configure, configure.ac, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, src/exec_preload.c: + Add basic support for 32-bit and 64-bit LD_PRELOAD equivalents. + + The noexec and intercept DSO settings may now include both a 32-bit + DSO and a 64-bit DSO specified by a colon. For example: /usr/libexe + c/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so. + [9489d8625acb] + + * lib/util/term.c, src/exec_pty.c: + Cast TIOCSWINSZ to int to avoid overflow warning on 64-bit AIX. + [20919db351c1] + +2023-07-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_intercept_common.c: + Read path section of sudo.conf for sudo_conf_intercept_path(). + [d5748f68b9cb] + +2023-07-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/visudo.man.in, docs/visudo.mdoc.in: + visudo: document that a new file is only created if the editor + writes it. + + If visudo is used to create a new file, the file will only be + created if the user writes to the file via the editor. Simply + running visudo and exiting the editor will no longer cause the file + to be created. There is an exception for file created due to the + addition of a @include directive, which need to be present for the + sudoers file to parse properly. GitHub issue #294. + [21e4d5cc5f43] + + * plugins/sudoers/visudo.c: + visudo: do not create a new file if the user made no changes + + This prevents visudo from creating a new zero-length sudoers file if + the user exited the editor without making any changes. Files created + via a @include directive are preserved, even if empty, to avoid a + parse error. GitHub issue #294. + [4f086bb7ecdd] + + * README.md, docs/CONTRIBUTING.md: + Make the sections on bug reporting consistent with each other. + + GitHub issue #292 + [d02253b4533d] + +2023-07-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec.c: + Remove unused variable introduced in last commit. + [94e0708ad331] + + * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + Don't assume that if std{in,out,err} is a tty, it is the user's tty. + + Previously, sudo only checked that the fd was a terminal, not that + it matched sudo's idea of the user's terminal. This matters when + input or output is redirected to a different terminal. In that case + we want to interpose the fd with a pipe even if it refers to a + terminal. Bug #1056. + [42838100b526] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test29.out.ok, + plugins/sudoers/regress/testsudoers/test29.sh, + plugins/sudoers/regress/testsudoers/test30.out.ok, + plugins/sudoers/regress/testsudoers/test30.sh, + plugins/sudoers/regress/testsudoers/test31.out.ok, + plugins/sudoers/regress/testsudoers/test31.sh: + testsudoers: add -L, -l and -v tests + [250e9abba14e] + + * plugins/sudoers/regress/testsudoers/test1.out.ok, + plugins/sudoers/regress/testsudoers/test10.out.ok, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/regress/testsudoers/test15.out.ok, + plugins/sudoers/regress/testsudoers/test16.out.ok, + plugins/sudoers/regress/testsudoers/test17.out.ok, + plugins/sudoers/regress/testsudoers/test18.out.ok, + plugins/sudoers/regress/testsudoers/test19.out.ok, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test20.out.ok, + plugins/sudoers/regress/testsudoers/test21.out.ok, + plugins/sudoers/regress/testsudoers/test22.out.ok, + plugins/sudoers/regress/testsudoers/test23.out.ok, + plugins/sudoers/regress/testsudoers/test24.out.ok, + plugins/sudoers/regress/testsudoers/test25.out.ok, + plugins/sudoers/regress/testsudoers/test26.out.ok, + plugins/sudoers/regress/testsudoers/test27.out.ok, + plugins/sudoers/regress/testsudoers/test28.out.ok, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test4.out.ok, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test6.out.ok, + plugins/sudoers/regress/testsudoers/test7.out.ok, + plugins/sudoers/regress/testsudoers/test8.out.ok, + plugins/sudoers/regress/testsudoers/test9.out.ok, + plugins/sudoers/testsudoers.c: + testsudoers: display when a password is required + [bf540275b47d] + + * plugins/sudoers/testsudoers.c: + testsudoers: add -L, -l and -v options. + + This makes it possible to test "sudo -l" and "sudo -v" using + testsudoers. + [871563fd71f0] + +2023-07-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/lookup.c: + sudoers_lookup_pseudo: sync with sudoers_lookup_check + + This makes sudoers_lookup_pseudo(), which is used for pseudo-command + like "list" and "validate" a bit more like sudoers_lookup_check(). + Time of day checks are performed, and callbacks are supported. We + cannot use the same code for regular commands and pseudo-commands + due to the "pwcheck == all" case. + [534b5e02dc34] + + * plugins/sudoers/logging.c: + Fix user warning message for "sudo -l command" when not allowed. + Reported by the sudo-rs project. + + There was a missing space between "list" and the actual command. + This also changes the output to include the command as specified by + the user, not the path found in the path. Previously, if the command + did not exist it would not be included in the message. + [f509188ce041] + + * plugins/python/python_convmessage.c, + plugins/python/python_loghandler.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + Add free function for sudo Python module. + + This reduces the amount of memory leaked on unload. + [71e459d071be] + +2023-07-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_14p3 for changeset 6902151970b6 + [0083fdf4fc08] <1.9> + + * configure, configure.ac: + sudo 1.9.14p3 + [6902151970b6] [SUDO_1_9_14p3] <1.9> + + * NEWS: + Document bug fixes in 1.9.14p3. + [538b0d8db69d] <1.9> + + * NEWS: + Document bug fixes in 1.9.14p3. + [01b3a5943678] + + * plugins/python/python_loghandler.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + Merge sudo_module_register_loghandler and + sudo_module_set_default_loghandler. + + We now create the LogHandler class for each interpreter in + python_plugin_init() instead of just once in sudo_module_init(). + This fixes the crash seen in Py_EndInterpreter() with Python 3.12 + and significantly reduces the number of leaked objects tracked by + MemorySanitizer. + [92156e042c81] <1.9> + + * plugins/python/python_loghandler.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + Merge sudo_module_register_loghandler and + sudo_module_set_default_loghandler. + + We now create the LogHandler class for each interpreter in + python_plugin_init() instead of just once in sudo_module_init(). + This fixes the crash seen in Py_EndInterpreter() with Python 3.12 + and significantly reduces the number of leaked objects tracked by + MemorySanitizer. + [d257e01240c1] + + * plugins/python/python_convmessage.c: + sudo_module_register_conv_message: fix copy pasta in debug_decl + [de399cdf465c] + +2023-07-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/python_loghandler.c, + plugins/python/sudo_python_module.c: + sudo_module_register_loghandler: clear sudo_type_LogHandler on error + Also add comments about PyModule_AddObject stealing a ref on + success. + [8f500926c894] <1.9> + + * plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/python_loghandler.c, + plugins/python/sudo_python_module.c: + sudo_module_register_loghandler: clear sudo_type_LogHandler on error + Also add comments about PyModule_AddObject stealing a ref on + success. + [cd6ffb5ec1be] + + * plugins/python/pyhelpers.c: + Use Py_XDECREF instead of manual NULL check + Py_DECREF + [9dababbb90ab] + +2023-07-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/python_loghandler.c: + Work around a crash with Python 3.12. + + In sudo_module_set_default_loghandler() if we don't leak the + reference to py_loghandler we get a crash in Py_EndInterpreter() + with Python 3.12. This probably indicates a reference counting bug + elsewhere. + [77e8641b7b40] <1.9> + + * plugins/python/python_loghandler.c: + Work around a crash with Python 3.12. + + In sudo_module_set_default_loghandler() if we don't leak the + reference to py_loghandler we get a crash in Py_EndInterpreter() + with Python 3.12. This probably indicates a reference counting bug + elsewhere. + [89fb0311367c] + + * plugins/python/regress/check_python_examples.c: + Unbuffer stdout so we don't miss output during a crash. + [07222dfccfe2] + + * plugins/python/python_loghandler.c: + Use PyObject_CallNoArgs() where possible. + [abd4dcbee072] <1.9> + + * plugins/python/python_loghandler.c: + Use PyObject_CallNoArgs() where possible. + [5a1bef07358a] + + * plugins/python/python_convmessage.c, + plugins/python/python_loghandler.c, + plugins/python/sudo_python_module.h: + Make sudo_type_ConvMessage and sudo_type_LogHandler static. + + They are not used outside their respective compilation units. + [c8dfb695dba1] <1.9> + + * plugins/python/python_convmessage.c, + plugins/python/python_loghandler.c, + plugins/python/sudo_python_module.h: + Make sudo_type_ConvMessage and sudo_type_LogHandler static. + + They are not used outside their respective compilation units. + [9ec37d3a2f64] + +2023-07-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, plugins/python/Makefile.in, + plugins/sudoers/Makefile.in: + Pass TEST_VERBOSE to all test programs. + [39c17a66b02e] + + * lib/iolog/regress/host_port/host_port_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/serialize_list/check_serialize_list.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/regress/unescape/check_unesc.c: + All test programs should accept the -v option, even if it is + ignored. + [d4cb95054f73] + + * plugins/python/python_plugin_common.c: + Revert last change, wrong diff committed. + [d266c05853ce] + + * plugins/python/regress/testhelpers.c: + Adapt to changed formatting of a rejected result in Python 3.12 + [2f89b9e6a104] <1.9> + + * plugins/python/regress/testhelpers.c: + Adapt to changed formatting of a rejected result in Python 3.12 + [138957911238] + + * plugins/python/python_plugin_common.c: + _python_plugin_new_interpreter switches to the new interpreter + + No need to do PyThreadState_Swap in the caller. + [c848e20f3e93] + + * plugins/python/example_audit_plugin.py, plugins/python/pyhelpers.c, + p + lugins/python/regress/testdata/check_example_audit_plugin_receives_a + ccept.stdout, plugins/python/regress/testdata/check_example_audit_pl + ugin_receives_error.stdout, plugins/python/regress/testdata/check_ex + ample_audit_plugin_receives_reject.stdout, plugins/python/regress/te + stdata/check_example_audit_plugin_version_display.stdout, plugins/py + thon/regress/testdata/check_example_audit_plugin_workflow_multiple.s + tdout, plugins/python/regress/testdata/check_example_debugging_c_cal + ls@diag.log, plugins/python/regress/testdata/check_example_debugging + _c_calls@info.log, plugins/python/regress/testdata/check_example_gro + up_plugin_is_able_to_debug.log, plugins/python/regress/testdata/chec + k_example_policy_plugin_validate_invalidate.log: + Remove trailing whitespace from test output. + [11db46e923fc] <1.9> + + * plugins/python/example_audit_plugin.py, plugins/python/pyhelpers.c, + p + lugins/python/regress/testdata/check_example_audit_plugin_receives_a + ccept.stdout, plugins/python/regress/testdata/check_example_audit_pl + ugin_receives_error.stdout, plugins/python/regress/testdata/check_ex + ample_audit_plugin_receives_reject.stdout, plugins/python/regress/te + stdata/check_example_audit_plugin_version_display.stdout, plugins/py + thon/regress/testdata/check_example_audit_plugin_workflow_multiple.s + tdout, plugins/python/regress/testdata/check_example_debugging_c_cal + ls@diag.log, plugins/python/regress/testdata/check_example_debugging + _c_calls@info.log, plugins/python/regress/testdata/check_example_gro + up_plugin_is_able_to_debug.log, plugins/python/regress/testdata/chec + k_example_policy_plugin_validate_invalidate.log: + Remove trailing whitespace from test output. + [38f03683001d] + +2023-07-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/python_plugin_common.c: + We can rely on Py_FinalizeEx() to free sub-interpreters. + [0c84c411a6a0] + + * plugins/python/python_plugin_common.c: + Call PyImport_AppendInittab after pre-initialization. + + Also remove redundant PyConfig settings. + [e4f463e1094a] + +2023-07-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/python_plugin_common.c: + Use Py_InitializeFromConfig() not Py_InitializeEx() for Python >= + 3.8. + + Avoids deprecation warnings on Python 3.12. + [99dc5948416d] <1.9> + + * plugins/python/python_plugin_common.c: + Use Py_InitializeFromConfig() not Py_InitializeEx() for Python >= + 3.8. + + Avoids deprecation warnings on Python 3.12. + [56e4c7111744] + +2023-07-18 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/eventlog/regress/logwrap/check_wrap.c, lib/util/glob.c, + lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/regress/glob/globtest.c, logsrvd/sendlog.c, + plugins/group_file/plugin_test.c, + plugins/python/regress/check_python_examples.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/sudoreplay.c, plugins/sudoers/tsdump.c: + Prefer fputs over fprintf where possible + + fprintf does extra work and meant for formatting strings. + [c31cdbe6f23f] + +2023-07-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + The sudoers option is "use_pty", not "log_pty" + + GitHub issue #291 + [08b582beb2c9] <1.9> + + * NEWS: + The sudoers option is "use_pty", not "log_pty" + + GitHub issue #291 + [31cf599c73d5] + +2023-07-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/term.c: + Quiet a warning false positive with older versions of gcc. + [8556d6c1cd37] + + * plugins/sudoers/sudoers.c: + sudoers_check_common: MODE_PRESERVE_ENV is not valid with + MODE_CHECK. + + We should only check for MODE_PRESERVE_ENV when running a command. + [8fc6f392cc43] + +2023-07-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_14p2 for changeset 47c0bf9a7ebb + [6bbe51d30496] <1.9> + + * configure, configure.ac: + sudo 1.9.14p2 + [47c0bf9a7ebb] [SUDO_1_9_14p2] <1.9> + + * plugins/sudoers/match.c: + runas_userlist_matches: fix matching a Runas_Spec with an empty + runas user. + + We should only match a rule with an empty runas user if a group was + specified on the command line (sudo -g) without a user (no -u + option) or the user specified their own name on the command line. + GitHub issue #290 + [164428126ee6] <1.9> + + * MANIFEST, plugins/sudoers/match.c, + plugins/sudoers/regress/testsudoers/test28.out.ok, + plugins/sudoers/regress/testsudoers/test28.sh: + runas_userlist_matches: fix matching a Runas_Spec with an empty + runas user. + + We should only match a rule with an empty runas user if a group was + specified on the command line (sudo -g) without a user (no -u + option) or the user specified their own name on the command line. + GitHub issue #290 + [ba9da369370e] + +2023-07-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Document bug fixes in 1.9.14p2. + [e5cd975816b8] <1.9> + + * NEWS: + Document bug fixes in 1.9.14p2. + [cb5ece49ad53] + + * src/exec_pty.c: + Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped. + + This fixes a problem with "stair-stepped" output when the sudo-run + command's output is piped to another program and the command reads + input from the terminal. + [17009f9817b0] <1.9> + + * src/exec_pty.c: + Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped. + + This fixes a problem with "stair-stepped" output when the sudo-run + command's output is piped to another program and the command reads + input from the terminal. + [faa06b1e8913] + + * src/exec_monitor.c, src/exec_pty.c: + Simplify the exec_monitor() foreground flag. + + Add cmnd_foreground flag that is only true if sudo is the foreground + process and the CD_EXEC_BG flag is not set and pass it to + exec_monitor(). This means exec_monitor() no longer needs to check + for CD_EXEC_BG. + [6cc420fea368] <1.9> + + * src/exec_monitor.c, src/exec_pty.c: + Simplify the exec_monitor() foreground flag. + + Add cmnd_foreground flag that is only true if sudo is the foreground + process and the CD_EXEC_BG flag is not set and pass it to + exec_monitor(). This means exec_monitor() no longer needs to check + for CD_EXEC_BG. + [65ac52524254] + + * include/sudo_util.h, lib/util/term.c, plugins/sudoers/sudoreplay.c: + sudo_term_raw: change the isig argument into a flags field + + There are current two flags: SUDO_TERM_ISIG (enable terminal + signals) and SUDO_TERM_OFLAG (preserve output flags). + [15fdaae9fa3b] <1.9> + + * include/sudo_util.h, lib/util/term.c, plugins/sudoers/sudoreplay.c: + sudo_term_raw: change the isig argument into a flags field + + There are current two flags: SUDO_TERM_ISIG (enable terminal + signals) and SUDO_TERM_OFLAG (preserve output flags). + [09eced2fb202] + +2023-07-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + Fix a crash in intercept mode running a command with NULL argv[0]. + + Newer Linux kernels replace a NULL argv[0] with the empty string, we + should as well. + [74e81e6d373a] <1.9> + + * src/exec_ptrace.c: + Fix a crash in intercept mode running a command with NULL argv[0]. + + Newer Linux kernels replace a NULL argv[0] with the empty string, we + should as well. + [d1cb1882d7e8] + + * src/conversation.c: + sudo_conversation_printf: simplify \n -> \r\n handling + [de2ddc08f262] + + * src/conversation.c: + sudo_conversation: zero out reply even if no password is requested. + + This avoids a potential invalid free in the err label and provides + more predictable behavior when mixing message types in a + conversation. + [79cc9efe3dbf] + +2023-07-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_14p1 for changeset fc033946b1a9 + [ee6033290e91] <1.9> + + * configure, configure.ac: + sudo 1.9.14p1 + [fc033946b1a9] [SUDO_1_9_14p1] <1.9> + + * NEWS: + Docume bug fixes in 1.9.14p1. + [f526fda905de] <1.9> + + * NEWS: + Docume bug fixes in 1.9.14p1. + [7e4a4b7ed53b] + + * plugins/sudoers/log_client.c: + fmt_info_messages: don't include ttyname if it is NULL + + The NULL check was commented out for testing but should have been + restored. Fixes a potential protocol error message from + sudo_logsrvd. + [12cf2b87355a] <1.9> + + * plugins/sudoers/log_client.c: + fmt_info_messages: don't include ttyname if it is NULL + + The NULL check was commented out for testing but should have been + restored. Fixes a potential protocol error message from + sudo_logsrvd. + [c983428b3ad8] + + * logsrvd/iolog_writer.c: + evlog_new: store a new copy of peeraddr, not a pointer to a buffer. + + Starting in sudo 1.9.14, eventlog_free() will free the peeraddr + member too so it needs to be dynamically allocated. + [4c984e3e6aef] <1.9> + + * logsrvd/iolog_writer.c: + evlog_new: store a new copy of peeraddr, not a pointer to a buffer. + + Starting in sudo 1.9.14, eventlog_free() will free the peeraddr + member too so it needs to be dynamically allocated. + [846cf82b8eab] + +2023-07-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/realpath.c: + realpath.c: include limits.h and use sysconf(_SC_SYMLOOP_MAX) + + This is more portable and eliminates the need to check for + SYMLOOP_MAX (and provide it if missing) in configure. Also quiet + some -Wconversion warnings. + [beabc1e73e11] + + * plugins/sudoers/ldap_conf.c: + sudo_krb5_ccname_path: avoid gcc false positive for ccname being + NULL + + The callers all verify that they don't pass a NULL ccname so I'm not + sure how the compiler is getting confused (and why now?). + [93043879e7f2] + + * include/sudo_debug.h: + Work around unused variable warning when fuzzing in enabled. + [ac4bd3bfeb71] + + * plugins/sudoers/check_util.c, + plugins/sudoers/regress/testsudoers/test25.out.ok, + plugins/sudoers/regress/testsudoers/test25.sh, + plugins/sudoers/regress/testsudoers/test26.out.ok, + plugins/sudoers/regress/testsudoers/test26.sh: + Only allow the user to specify -D or -R for the special "*" value. + + The sudoers file must now explicitly allow the user to specify a + directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot to + "*". If a specific cwd or chroot value is set in sudoers, the user + may not use the -D or -R options, even if they match the value in + sudoers. + [790d60c6ed4b] + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in: + Add restrict keyword to sudo_printf_t in plugin docs. + [46c15d2647cc] + + * include/sudo_debug.h, lib/util/sudo_debug.c: + Convert sudo_debug_enter and sudo_debug_exit into macros. + + In most cases, these simply expand to a call to + sudo_debug_printf2(). We need to keep the function versions around + in libsudo_util for backwards compatibility. + [b76b35e12afa] + + * lib/util/sudo_debug.c: + Fix sudo_debug_exit_uint_v1 declaration for fuzzers. + [d4edc2fb3299] + + * lib/util/sudo_debug.c: + Add missing sudo_debug_exit_uint_v1 stub for fuzzers. + [71a4a37fbc90] + + * src/conversation.c, src/edit_open.c, src/exec_common.c, + src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_edit.h, src/sudo_exec.h, src/tgetpass.c: + sudo frontend: make more bit flags unsigned. + [f353bc889b26] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/lookup.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + sudoers plugin: make more bit flags unsigned. + [77a583ebe2e7] + + * include/sudo_debug.h, include/sudo_event.h, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, + lib/util/sudo_debug.c, lib/util/util.exp.in: + libsudo_util: make more bit flags unsigned. + [005d0be694f5] + +2023-07-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/timeout.c: + parse_timeout: move overflow check to the correct location + + It was not covering all cases in its original location. Fixes oss- + fuzz issue 60454 with fuzz_sudoers. + [e40119f18e83] + +2023-07-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #287 from AtariDreams/restrict + + Give every printf-like function restrict qualifiers + [4945ab27d6c4] + + * src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + struct exec_closure: make rows and cols int, not short + + There's no real space saved by using short and using int avoids a + few casts. + [8385add04ed2] + + * plugins/sudoers/testsudoers.c: + testsudoers: avoid extern definitions where possible + [ef4bed9a6a41] + + * include/sudo_json.h, include/sudo_lbuf.h, lib/util/closefrom.c, + lib/util/digest.c, lib/util/event_poll.c, lib/util/fatal.c, + lib/util/getentropy.c, lib/util/getgrouplist.c, lib/util/gidlist.c, + lib/util/json.c, lib/util/lbuf.c, lib/util/mkdir_parents.c, + lib/util/parseln.c, lib/util/regex.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + lib/util/regress/hexchar/hexchar_test.c, + lib/util/regress/mktemp/mktemp_test.c, + lib/util/regress/strtofoo/strtoid_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sig2str.c, lib/util/str2sig.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strtoid.c, + lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + lib/util/ttysize.c: + libsudo_util: silence most -Wconversion warnings. + [420705f9796a] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_conf.c, lib/eventlog/logwrap.c, + lib/eventlog/parse_json.c, + lib/eventlog/regress/eventlog_store/store_json_test.c, + lib/eventlog/regress/eventlog_store/store_sudo_test.c, + lib/eventlog/regress/logwrap/check_wrap.c, + lib/eventlog/regress/parse_json/check_parse_json.c: + libevent: silence -Wconversion warnings. + [f00cb5679a19] + + * lib/fuzzstub/fuzzstub.c: + libfuzzstub: silence -Wconversion warnings. + [164d2412d209] + + * include/sudo_iolog.h, lib/iolog/hostcheck.c, + lib/iolog/iolog_filter.c, lib/iolog/iolog_legacy.c, + lib/iolog/iolog_mkdirs.c, lib/iolog/iolog_mkdtemp.c, + lib/iolog/iolog_read.c, lib/iolog/iolog_timing.c, + lib/iolog/iolog_write.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_timing/check_iolog_timing.c: + libiolog: silence -Wconversion warnings. + [d8c1a0869ef4] + + * logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + logsrvd/sendlog.c: + sudo_logsrvd: silence most -Wconversion warnings. + [bf3f40ec4645] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/b64_encode.c, + plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/display.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/filedigest.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/ldap_innetgr.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/log_client.c, + plugins/sudoers/logging.c, plugins/sudoers/match_addr.c, + plugins/sudoers/match_command.c, plugins/sudoers/parse.h, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c: + sudoers plugin: silence most -Wconversion warnings. + [074179cbc3a8] + + * plugins/python/pyhelpers.c, plugins/python/python_convmessage.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/testhelpers.c, + plugins/python/sudo_python_module.c: + python plugin: silence -Wconversion warnings. + [a59d980f2793] + + * plugins/sample/sample_plugin.c, src/conversation.c, src/copy_file.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_intercept.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_preload.c, src/exec_ptrace.c, src/exec_pty.c, + src/net_ifs.c, src/parse_args.c, src/preserve_fds.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_intercept.c, + src/sudo_intercept_common.c, src/tgetpass.c, src/ttyname.c: + sudo frontend: silence most -Wconversion warnings. + [0dbece7ccb47] + + * config.h.in, configure, configure.ac: + Add configure check for restrict keyword. + [f02ab280d8df] + + * plugins/sudoers/sudoers.c: + sudoers_check_common: remove extraneous return statement. + [0df4297873b9] + +2023-07-07 Rose <83477269+AtariDreams@users.noreply.github.com> + + * include/sudo_compat.h, include/sudo_debug.h, include/sudo_fatal.h, + include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_util.h, + lib/eventlog/logwrap.c, lib/util/fatal.c, lib/util/inet_ntop.c, + lib/util/lbuf.c, lib/util/snprintf.c, lib/util/strlcat.c, + lib/util/strlcpy.c, lib/util/sudo_debug.c, lib/util/ttyname_dev.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd_journal.c, + plugins/audit_json/audit_json.c, plugins/group_file/plugin_test.c, + plugins/python/pyhelpers.c, plugins/python/regress/iohelpers.c, + plugins/python/regress/iohelpers.h, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h, plugins/sudoers/audit.c, + plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap_util.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.h, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_printf.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/conversation.c, src/exec_preload.c, src/parse_args.c, + src/sudo_plugin_int.h: + Give every printf-like function restrict qualifiers + + The format value has to be a string literal, every time. + + Otherwise, you are not using these functions correctly. To reinforce + this fact, I putrestrict over every non-contrib example of this I + could find. + [e0f8bc0d596a] + +2023-07-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_digest.h, lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/regress/digest/digest_test.c: + Make the remaining instances of digest_type unsigned. + [409adc30cce2] + +2023-07-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_path_escapes.c: + Copy, don't append group ID in fill_group() and fill_runas_group() + + This only affects the case where a group ID cannot be resolved. + [74cc29b9f7f0] + + * lib/iolog/Makefile.in: + Remove regress corpus directories correctly + [406b862a7f2f] + + * include/sudo_debug.h, include/sudo_util.h, lib/util/strtomode.c, + lib/util/sudo_debug.c, lib/util/util.exp.in: + Change sudo_strtomode() to return mode_t. + [5dc42fb5c2ad] + +2023-07-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/sudoreplay.c: + Rename print_usage() to display_usage() + [9e8390bb1ed0] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Move display of usage text into display_usage() so usage() always + exits. + [ded72aceb6f4] + + * lib/util/parseln.c, logsrvd/logsrvd_journal.c: + Fix some indentation. + [bb84e5596d9c] + + * plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/testsudoers.c: + Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes. + [8f494aca5cd9] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/testsudoers_pwutil.c, + plugins/sudoers/testsudoers_pwutil.h, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/tsgetgrpw.h: + Fix wrapping of libc getpwnam/getpwuid/getgrnam/getgrgid on NetBSD. + [be23d201add2] + + * MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, + lib/util/roundup.c, m4/ax_gcc_builtin.m4: + Add configure tests for __builtin_clz/__builtin_clzl + [d7b341700a0a] + + * lib/util/roundup.c: + Add fallback for compilers without __builtin_clz/__builtin_clzl + [d9f23c7a8fc0] + + * lib/util/roundup.c: + sudo_pow2_roundup: fix 64-bit version when shifting 31 or more + places + + Shift 1UL instead of 1 to avoid overflowing an int. + [4d45af829af0] + + * Merge pull request #286 from AtariDreams/one-more + + Optimize sudo_pow2_roundup_v1 + [5cff0594a45c] + +2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/util/roundup.c: + Optimize sudo_pow2_roundup_v1 + + No need to call sudo_pow2_roundup_v2. + [0bcd411174c0] + +2023-07-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/roundup.c: + Merge pull request #285 from AtariDreams/bug + + Remove comment about algorithm being from bit-twiddling hacks + [869552550451] + +2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/util/roundup.c: + Remove comment about algorithm being from bit-twiddling hacks + + Said comment no longer applies. + [e2fc0106c79f] + +2023-07-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #284 from AtariDreams/fix + + Fix fuzzing errors + [4abff6645036] + + * Merge pull request #283 from AtariDreams/bug + + Fixed even more signedness and conversion issues + [bbf1887a5132] + +2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/util/parseln.c, lib/util/roundup.c, logsrvd/logsrvd_journal.c: + Fix fuzzing errors + + We should be checking for integer overflow, rather than checking if + size is 0. + + Additionally, we should set errno to ENOMEM when this overflow + happens. + + Finally, the most efficient implementation of the round-up-to-2 + algorithm involves the clz intrinsic. + [db08a808004d] + +2023-07-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/lbuf.c: + sudo_lbuf_expand: limit allocation to UINT_MAX + [1cb5a458baaa] + + * lib/util/parseln.c: + sudo_parseln: use sudo_pow2_roundup() instead of hand-rolling it. + [0582d18df65a] + + * logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, logsrvd/logsrvd.c, + logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h: + Promote length/size/offset in struct connection_buffer to size_t. + [5e5a2a39c8e5] + + * include/sudo_util.h, lib/util/lbuf.c, lib/util/roundup.c, + lib/util/util.exp.in, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + plugins/sudoers/log_client.c: + Make sudo_pow2_roundup() operate on size_t. + [cbae7a651a94] + +2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/timestamp.c, plugins/sudoers/tsgetgrpw.c, + src/sudo.c: + Fixed even more signedness and conversion issues + + This should be the last of them. + [ccd65d72c6ac] + +2023-07-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_debug.h, lib/util/sudo_debug.c, + plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_loghandler.c, + plugins/python/sudo_python_debug.c, + plugins/python/sudo_python_debug.h: + Make the debug subsystem unsigned. + + It was already unsigned in sudoers but not in the front-end or the + python plugin. Making this consistent resolves a lot of -Wconversion + warnings. Also clean up some other -Wconversion warnings in + sudo_debug.c. + [c6d20404141c] + + * lib/eventlog/eventlog.c, + lib/eventlog/regress/eventlog_store/store_json_test.c, + lib/eventlog/regress/eventlog_store/store_sudo_test.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/exec_monitor.c, src/sudo.c: + Fix up indentation. + [d4ed4eaf46bd] + + * Merge pull request #280 from AtariDreams/bug + + Mark functions not returning as sudo_noreturn + [eaa69a6d85c6] + +2023-07-01 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/eventlog/eventlog.c, + lib/eventlog/regress/eventlog_store/store_json_test.c, + lib/eventlog/regress/eventlog_store/store_sudo_test.c, + lib/eventlog/regress/logwrap/check_wrap.c, + lib/eventlog/regress/parse_json/check_parse_json.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/regress/hexchar/hexchar_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, logsrvd/logsrvd.c, + logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, logsrvd/sendlog.c, + plugins/group_file/plugin_test.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/sesh.c, + src/sudo.c: + Mark functions not returning as sudo_noreturn + + We also put NOTREACHED where it applies. + [d688d55f3c4c] + +2023-07-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l, src/limits.c: + Avoid passing debug_return_size_t() a negative number. + [7876d918030c] + + * Merge pull request #279 from AtariDreams/bison + + Regenerate toke.c using updated flex + [3fc1517ec05d] + +2023-06-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/testsudoers.c: + Fix a few memory leaks in the tests. + [c76134b329b3] + + * MANIFEST, plugins/sudoers/regress/testsudoers/group, + plugins/sudoers/regress/testsudoers/passwd, + plugins/sudoers/regress/testsudoers/test27.out.ok, + plugins/sudoers/regress/testsudoers/test27.sh, + plugins/sudoers/testsudoers.c: + Add test for runas_check_shell and check_user_shell() + [8e220e34840d] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test25.out.ok, + plugins/sudoers/regress/testsudoers/test25.sh, + plugins/sudoers/regress/testsudoers/test26.out.ok, + plugins/sudoers/regress/testsudoers/test26.sh, + plugins/sudoers/testsudoers.c: + testsudoers: add -D and -R options to set cwd and chroot like sudo + [a34c5ca239ca] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/check_util.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Move check_user_* functions to check_util.c so testsudoers can use + them. + [109830a316ee] + +2023-06-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/testsudoers.c: + testsudoers: make lbuf private to dump_sudoers() + + It is no longer used directly in main. + [c2c5e7b3db6b] + + * plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/regress/testsudoers/test4.out.ok, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/testsudoers.c: + testsudoers: display "Parse error" if there was a parse error. + + Previously, we just printed "Command unmatched" which makes it + harder to see that an error occurred. + [099360b56cc6] + + * plugins/sudoers/regress/testsudoers/test1.out.ok, + plugins/sudoers/regress/testsudoers/test10.out.ok, + plugins/sudoers/regress/testsudoers/test15.out.ok, + plugins/sudoers/regress/testsudoers/test16.out.ok, + plugins/sudoers/regress/testsudoers/test17.out.ok, + plugins/sudoers/regress/testsudoers/test18.out.ok, + plugins/sudoers/regress/testsudoers/test19.out.ok, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test20.out.ok, + plugins/sudoers/regress/testsudoers/test21.out.ok, + plugins/sudoers/regress/testsudoers/test22.out.ok, + plugins/sudoers/regress/testsudoers/test23.out.ok, + plugins/sudoers/regress/testsudoers/test24.out.ok, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test6.out.ok, + plugins/sudoers/regress/testsudoers/test7.out.ok, + plugins/sudoers/regress/testsudoers/test8.out.ok, + plugins/sudoers/regress/testsudoers/test9.out.ok, + plugins/sudoers/testsudoers.c: + testsudoers: use allowed/denied/unmatched instead of just + matched/unmatched + + This makes it possible to tell whether an entry was rejected due to + a negative match (explicitly denied) as opposed to a non-match. Also + fixes a bug where the runas status was only printed for positive + matches. + [3e9fc5fd7bb9] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test20.out.ok, + plugins/sudoers/testsudoers.c: + testsudoers: use sudoers_lookup() instead of a custom loop. + [a0ca73d81fa4] + + * plugins/sudoers/lookup.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c: + Add callbacks to sudoers_lookup() so we can use it in testsudoers. + + Also pass in the time to be used for NOTBEFORE/NOTAFTER checks. + [bcd59528055a] + +2023-06-29 Rose <83477269+AtariDreams@users.noreply.github.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Regenerate toke.c using updated flex + + Use the current version of flex to generate toke.c + [118d001d189c] + +2023-06-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/testsudoers.c: + Merge pull request #278 from AtariDreams/types + + Avoid compiler casting warnings Part 2 + [894767f88afa] + + * plugins/sudoers/sudoers.c: + check_user_runcwd: only allow sudo's -D option if sudoers specifies + a runcwd. + + Previously, the user could specify the runas user's home dir for + "sudo -i" or the user's existing cwd when -i is not specified. This + behavior was never documented and is inconsistent with how the -R + option is handled. + [e79eddc35325] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test24.out.ok, + plugins/sudoers/regress/testsudoers/test24.sh, + plugins/sudoers/testsudoers.c: + testsudoers: add support for NOTBEFORE and NOTAFTER + + Also adds -T option to set the value of "now". + [b2d95b4a131d] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/lookup.c, + plugins/sudoers/parse.c: + Rename parse.c -> lookup.c now that it only contains sudoers_lookup. + [141000ce5f24] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/display.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h: + Split display_privs() and display_cmnd() out of parse.c into + display.c + [d654dd871e43] + + * lib/util/snprintf.c: + No need to round up to page size with sudo_mmap_alloc(). + [a57803434010] + + * logsrvd/logsrvd.c: + Merge pull request #265 from AtariDreams/types + + Avoid compiler casting warnings by assigning to variables of the + same type where possible + [16d8e7383e3e] + + * Merge pull request #277 from AtariDreams/debug_return_int(1); + + We should be returning 0, not 1, when logservd finishes without + errors + [19289d607981] + +2023-06-28 Rose <83477269+AtariDreams@users.noreply.github.com> + + * logsrvd/logsrvd.c: + We should be returning 0, not 1, when logservd finishes without + errors + + 1 is for failure, 0 is for no failure, and this does not look like a + failure. + [7a0d2f4bf5d3] + +2023-06-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, src/sudo_intercept.c, + src/sudo_intercept_common.c: + Fix undefined symbol on macOS for intercept mode and log_subcmds. + + macOS does not support direct access to the environ pointer from a + shared object. We need to redirect through _NSGetEnviron() instead. + Fixes GitHub issue #276. + [2cbebcb8082c] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + check_user_runcwd: allow -D option if it matches the cwd in sudoers + + Previously, check_user_runcwd() would return true if the runcwd + matched the user's cwd, even if sudoers specified a different one. + The user-specified runcwd was ignored but it is better to error out + in this case. It is now also possible to use "sudo -D" with the + directory specified in sudoers. + [d32e07966e0e] + +2023-06-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_14 for changeset 8010d7515347 + [ff70094a18c0] <1.9> + + * MANIFEST, NEWS, config.h.in, configure, configure.ac, + include/sudo_compat.h, plugins/sudoers/Makefile.in, + plugins/sudoers/logging.c, plugins/sudoers/match_command.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/exec_nopty.c: + Merge sudo 1.9.14 from tip. + [8010d7515347] [SUDO_1_9_14] <1.9> + +2023-06-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #275 from AtariDreams/emergency + + Set command_info to NULL once it is freed + [6d1e55f4e7b9] + +2023-06-26 Rose <83477269+AtariDreams@users.noreply.github.com> + + * plugins/sudoers/policy.c: + Set command_info to NULL once it is freed + + The lack of setting to NULL is a holdover from when command_info was + a local variable and not a global one. However, we given how other + global variables are set to NULL, it is best that we do the same + here to avoid potential issues should sudoers_policy_store_result be + called again after the first time failed, otherwise we could get a + double-free. + [a1a462a52a98] + +2023-06-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #274 from bin-ly/main + + Modify the is_script function for match_command.c + [05675d16bd52] + +2023-06-25 binlingyu <binlingyu@uniontech.com> + + * plugins/sudoers/match_command.c: + Modify the is_script function for match_command.c + [ce944a838c33] + +2023-06-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention C99 requirement. + [f12a7b68e0b2] + +2023-06-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Reference SETENV-related settings in the command environment + section. + + Based on GitHub PR #273 from Ilya Kulakov. + [f8b5ef533800] + + * INSTALL.md: + Sudo requires a C99 compiler due to the use of flexible array + members. + [bb80666c7382] + + * Merge pull request #266 from AtariDreams/c99 + + Do variable length arrays the C99 way + [690561b17683] + +2023-06-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #269 from trackers-lover/main + + correct the return value type of function alias_find_used + [30dc3eb4a59a] + +2023-06-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Clarify that use_pty is on by default starting with 1.9.14. + [984048215229] + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Sudo runs the command in a pty by default in 1.9.14 and above. + [92ec41fdf7c9] + + * plugins/sudoers/sudoers.in: + Add commented out example for disabling use_pty. + [9a59b831f363] + +2023-06-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * .circleci/config.yml: + Update Xcode version from 13.2.1 to 13.4.1. + [10bbb25b415e] + +2023-06-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST: + Add plugins/sudoers/regress/testsudoers/passwd to MANIFEST. + [016644afd8ae] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, po/eo.mo, + po/eo.po, po/pl.mo, po/pl.po: + Updated translations from translationproject.org + [97167b63ffbd] + + * NEWS: + Document recent bug fixes. + [34d8ffa919c6] + + * MANIFEST, plugins/sudoers/regress/testsudoers/group, + plugins/sudoers/regress/testsudoers/passwd, + plugins/sudoers/regress/testsudoers/test22.out.ok, + plugins/sudoers/regress/testsudoers/test22.sh, + plugins/sudoers/regress/testsudoers/test23.out.ok, + plugins/sudoers/regress/testsudoers/test23.sh: + Add tests to exercise recent runas user and group bug fixes. + [20f19831ed34] + + * MANIFEST, plugins/sudoers/regress/testsudoers/passwd, + plugins/sudoers/regress/testsudoers/test21.out.ok, + plugins/sudoers/regress/testsudoers/test21.sh: + Add test to exercise the bug that prevented the group specified via + "sudo -g" from matching when a Runas_Alias was used in the user or + group portion of a Runas_Spec. + [16c0668b5c4b] + +2023-06-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + runaslist_matches: split out user_list and group_list matching. + + This makes it possible to call the appropriate runas user or group + list match function when resolving aliases instead of calling + runaslist_matches() itself. Fixes a bug that prevented the group + specified via "sudo -g" from matching when a Runas_Alias was used in + the user or group portion of a Runas_Spec. + [3e0885e96418] + + * plugins/sudoers/match.c: + runaslist_matches: remove special case to handle "sudo -g group" + + Now that we are guaranteed to have a runas user list for all sudoers + rules that contain a runas list, we can remove support for the + special case where user_matched is set in the runas group matching + conditional. This fixes a bug where "sudo -u myuser -g mygroup" was + permitted by a rule like "myuser ALL = (root) ALL". + [d80e907efe77] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/sudoers/test27.json.ok, + plugins/sudoers/regress/sudoers/test27.ldif.ok, + plugins/sudoers/regress/sudoers/test27.out.ok: + Populate runasusers even when only a grouplist is specified. + + When a sudoers rule permits the user to run commands as a group, not + a user, we should set the runasusers to single member with the + special MYSELF token. This guarantees that the only time runasusers + will be NULL is when no runaslist is present. + [25c293ae5053] + + * plugins/sudoers/match.c: + runaslist_matches: fix bug when no runas list is specified in + sudoers. + + If a sudoers rule has no runas list, a user-specified runas group + should only be allowed if it matches a group that the default runas + user belongs to. Instead, a missing group check allowed the user run + commands as the default runas user with an arbitrary group. + + This means that a rule like "somebody host = ALL", which should be + equivalent to "somebody host = (root) ALL", had the same effect as + "somebody host = (root:ALL) ALL". + [eeb075b3b79c] + +2023-06-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.h: + Python may be built with 32-bit time_t support on 32-bit platforms. + We need to undef the SIZEOF_TIME_T from pyconfig.h so it does not + conflict with our own. + [c8bf985eb777] + +2023-06-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #272 from millert/main + + Avoid use of variable length arrays and add ctype(3) casts. + [806b2266f6ab] + + * lib/util/lbuf.c: + Avoid use of variable length arrays and add ctype(3) casts. + [d8c80d4905b3] + + * Merge pull request #270 from moehanabi/main + + Add %n$s support for sudo_lbuf_append_v1 + [53ad2cdaaabe] + +2023-06-09 Brilliant Hanabi <130747944+moehanabi@users.noreply.github.com> + + * lib/util/lbuf.c: + Add %n$s support for sudo_lbuf_append_v1 + [f48fa0250fdc] + +2023-06-09 bianguangze <bianguangze@uniontech.com> + + * plugins/sudoers/alias.c: + correct the return value type of function alias_find_used + [f689f55fef3f] + +2023-06-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, + po/fr.po, po/hr.mo, po/hr.po, po/ko.mo, po/ko.po, po/ro.mo, + po/ro.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po: + Updated translations from translationproject.org + [966147718ed3] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.14 + [b79b44520c46] + + * NEWS: + Mention Bug #1050 fix. + [c4af7e56a515] + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/sudo_ldap_conf.h: + Add NETGROUP_QUERY option for servers that can't match + nisNetgroupTriple. This can be used to support netgroup queries on + systems that lack the innetgr() function and where the LDAP server + cannot query the nisNetgroup by nisNetgroupTriple. + [98b293bee424] + +2023-06-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + sudo_ldap_check_non_unix_group: pass nss pointer to netgr_matches() + This allows us to use the LDAP-specific version of innetgr() when + possible. Also enable "use_netgroups" by default even on systems + without innetgr() since we can now query netgroups directly via + LDAP. + [a443919be48c] + +2023-06-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + Only call ptrace_verify_post_exec() for intercept, not log_subcmds. + [9f55dcdd66cd] + + * NEWS, configure, configure.ac: + sudo 1.9.14 + [73c25828ffc8] + +2023-06-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + run_command: back out changes to run editor in its own process + group. It unnecessarily complicates things to work around bugs in an + OS almost no one runs. + [8790d32a4f99] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/suspend_parent.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, src/Makefile.in, src/sudo_exec.h, + src/suspend_parent.c: + Make suspend_parent.c out of lib/util and into src. Nothing else + uses it now. + [69eda3d690e4] + +2023-06-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/digestname.c, plugins/sudoers/filedigest.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Initialize digest_type to SUDO_DIGEST_INVALID, not -1 and make it + unsigned. This makes the digest type consistently unsigned instead + of a mix of signed (for the -1 value in the tokenizer) and unsigned. + [49ef7c33450f] + +2023-05-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + etc/codespell.exclude, etc/codespell.ignore, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/pivot.c, plugins/sudoers/visudo.c: + Fix typos and update excluded/ignored codespell lists. + [bdb70620b4e4] + +2023-05-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + run_command: check that ttyfd is not -1 before using it + [990cbd169a37] + +2023-05-18 Rose <83477269+AtariDreams@users.noreply.github.com> + + * include/sudo_event.h, lib/util/event.c, lib/util/rcstr.c, + plugins/sudoers/canon_path.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/sudo_ldap_conf.h: + Do variable length arrays the C99 way + + Variable length arrays are supported by C99, but having it denoted + as "1" confused the compiler and is not defined. + + Note that because we don't get the inferred NULL terminator, we have + to increase the malloc size by one. + [4e33419e940e] + + * lib/eventlog/eventlog.c, lib/eventlog/eventlog_free.c, + lib/eventlog/parse_json.c, lib/iolog/hostcheck.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, lib/util/event.c, + lib/util/explicit_bzero.c, lib/util/fatal.c, lib/util/getaddrinfo.c, + lib/util/getentropy.c, lib/util/hexchar.c, lib/util/inet_ntop.c, + lib/util/json.c, lib/util/lbuf.c, lib/util/mksiglist.c, + lib/util/mksigname.c, lib/util/multiarch.c, lib/util/progname.c, + lib/util/sig2str.c, lib/util/snprintf.c, lib/util/sudo_conf.c, + lib/util/term.c, lib/util/uuid.c, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/editor.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/iolog.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/pwutil.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/sudoers/tsdump.c, + plugins/sudoers/visudo.c, src/conversation.c, src/exec_monitor.c, + src/limits.c, src/parse_args.c, src/sesh.c, src/sudo.c, src/sudo.h: + Avoid compiler casting warnings by assigning to the same type where + possible + + This saves instructions that are related to casting as well as + compiler warnings. + [d47033551fca] + + * lib/util/mktemp.c, lib/util/regress/tailq/hltq_test.c, + lib/util/sudo_debug.c, lib/util/ttyname_dev.c, + plugins/group_file/plugin_test.c, plugins/sudoers/editor.c, + plugins/sudoers/filedigest.c, plugins/sudoers/match_addr.c, + plugins/sudoers/match_digest.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, + src/exec_monitor.c, src/limits.c, src/sesh.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Avoid compiler casting warnings Part 2 + + This saves instructions that are related to casting as well as + compiler warnings. + [685a954b019f] + +2023-05-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + Work around a macOS a kernel bug where tcsetpgrp() does not restart. + + I reported this bug to Apple over 12 years ago. + [77871464e563] + + * plugins/sudoers/visudo.c: + run_command: run editor in foreground if visudo is the foreground + process + + The command is now always run in its own process group. If visudo is + run in the foreground, the command is run in the foreground too. + Otherwise, run the command in the background. There is a race + between the tcsetpgrp() call in the parent and the execve() in the + child. If we lose the race and the command needs the controlling + terminal, it will be stopped with SIGTTOU or SIGTTIN, which the + waitpid() loop will handle. + [e8e14e0024da] + + * plugins/sudoers/visudo.c: + Accept carriage return for EOL in addition to newline. + + Since visudo doesn't alter the terminal settings it is possible for + the terminal to have the ONLCR bit set in the output control flags. + In that case, we will get a CR, not a NL when the user presses + enter/return. One way this can happen is if visudo is run in the + background from a shell that supports line editing and the editor + restores the (cbreak-style) terminal mode when it finishes. + [14538e74fd02] + +2023-05-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/parser/check_fill.c: + check_fill: sudoers_strict() is now a function, not a global + variable + [8b8e72d283df] + + * plugins/sudoers/parse.h, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.h: + Move parser prototypes / externs from sudoers.h to parse.h or + toke.h. + [79a52390c46b] + + * plugins/sudoers/file.c, plugins/sudoers/sudoers.c: + parse.h is already included by sudoers.h. + [f6faa3f782a2] + + * plugins/sudoers/policy.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Rename parser_conf -> sudoers_conf in all but the parser itself. + [61614621341e] + +2023-05-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Move sudoers search path to struct sudoers_parser_config. + + That way we can avoid passing it to init_parser() directly. We still + need sudoers_search_path to be shared between the lexer and the + parser. + [5e6c6a08aded] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + Add struct sudoers_parser_config and pass it to init_parser(). + + This struct contains parser configuration such as the sudoers file + uid/gid/mode and parse flags such as verbose, strict and recovery. + [ed8042e7a49a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + push_include_int: Avoid passing close(2) a negative value on error. + Coverity CID 314108 + [bbbdfa87543e] + + * plugins/sudoers/ldap.c: + Eliminate dead store. Coverity CID 315032. + [6b48998e4db1] + +2023-05-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_iolog.h, lib/iolog/iolog_gets.c: + iolog_gets: change size parameter to int to match fgets/gzgets + + Return an error, setting errno to EINVAL, for negative sizes. + [27534bcb58a7] + +2023-05-05 Rose <83477269+AtariDreams@users.noreply.github.com> + + * plugins/sudoers/sudoers_hooks.c: + Redundant cast removal in sudoers_hooks + + def_sudoers_locale is already a char* + [2f79add9136d] + +2023-05-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Rename force_umask to override_umask and make it private to + sudoers.c. + + Add getter for policy.c. + [1c8a56c767f3] + + * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: + Make timestamp_uid and timestamp_gid private to timestamp.c. + + Add getter (for set_perms.c) and setter (for sudoers.c). + [ad49d0ee7e6f] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.h: + Make login_style private to bsdauth.c + + Add a setter for policy.c to handle auth_type from the front-end. + [962af1d3d0fd] + +2023-05-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_debug.c: + Back out last change, len must be int, not size_t, for %.*s. + [a82bbd86fa29] + + * src/exec_pty.c: + Use a "%s" format instead of using a translated string as the + format. + [1a73a1b4fa94] + + * Merge pull request #260 from AtariDreams/size_t + + Prefer size_t over int, as casting can take extra instructions + [c0fd1027e105] + +2023-05-03 Rose <83477269+AtariDreams@users.noreply.github.com> + + * lib/eventlog/parse_json.c, lib/util/sudo_debug.c, + plugins/sudoers/fmtsudoers.c: + Prefer size_t over int, as casting can take extra instructions + [96fc138b2009] + +2023-05-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Rename init_parser_ext() to init_parser() and remove old wrapper. + + There was only one consumer of the init_parser() wrapper now that + reset_parser() has been introduced. + [4be1b8965ce6] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c: + Add reset_parser() and use in place of init_parser(NULL). + [f85227ac1182] + + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Make path_ldap_conf and path_ldap_secret private to policy.c. + + Add getters for both so the ldap code can access them. + [90a2107d6ec7] + + * plugins/sudoers/file.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: + Make sudoers_file private to policy.c and visudo.c. + + We just need a way for the policy (and visudo) to override the + default sudoers path. This adds a getter to be used in file.c when + sudoers is first opened. + [657aa80f3af8] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c: + Support adminconfdir for relative include paths in sudoers. + [7ebdbd46b47b] + + * plugins/sudoers/visudo.c: + Track the destination sudoers path for each parsed file. + + When adminconfdir is enabled, the destination pathh may be different + from the path we opened. We always store an edited file in the + adminconfdir (if enabled). This makes it possible to use visudo when + /etc/sudoers is located on a read-only file system. + [de896a012d81] + + * INSTALL.md, Makefile.in, configure, configure.ac, docs/Makefile.in, + examples/Makefile.in, include/Makefile.in, lib/util/Makefile.in, + lib/zlib/Makefile.in, logsrvd/Makefile.in, m4/sudo.m4, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/python/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add adminconfdir and --enable-adminconf to set it. Configuration + paths in sudo are now a colon-separated list of files with the + adminconfdir instance first (if enabled), followed by a sysconfdir + instance. + [be1f672878ae] + + * configure, configure.ac, include/sudo_util.h, lib/util/Makefile.in, + lib/util/secure_path.c, lib/util/sudo_conf.c, lib/util/util.exp.in, + logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/sudoers.c, src/Makefile.in: + Convert config file paths to colon-separated path list. This means + that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and + _PATH_CVTSUDOERS_CONF can now specify multiple files. The first file + that exists is used. + [902d9da6a941] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: + Support sudoers_file being a colon-separated path of files. The + first file found is used. + [bebe005e2d32] + +2023-05-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure: + Regenerate with latest autoconf from git. + [0996570205bf] + +2023-04-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_conf.c: + No longer need to set AI_NUMERICSERV while fuzzing. + + Now that getaddrinfo() is stubbed out while fuzzing we can remove + the hack that set AI_NUMERICSERV. + [8e3deb584c1c] + +2023-04-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + getaddrinfo stub: set sin_port + [019eb2da9944] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Avoid NULL deref in stub getaddrinfo() when nodename is NULL. Also + add support for parsing servname. We only need to support a subset + of getaddrinfo() functionality in the fuzzer. + [a605cc43bbaf] + + * configure, m4/hardening.m4: + Add missing stdio.h include for the _FORTIFY_SOURCE=2 check. + Implementations of _FORTIFY_SOURCE require the header file to be + included. Also remove the useless test of an empty program with + _FORTIFY_SOURCE defined. Pointed out by Florian Weimer. + [511b9bdddbdc] + + * configure, m4/ldap.m4: + Use ldap_msgfree() instead of ldap_init() for the lber.h test. The + ldap_init() function is marked as deprecated and not defined by + default on some systems. This can cause an error for compilers that + do not support implicit function declarations. From Florian Weimer. + [1b1ce2072403] + +2023-04-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Include arpa/inet.h for inet_pton() prototype. + [50d3b09376f7] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Add netdb.h for struct addrinfo and EAI_* error codes. + [92d33c6f8a23] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Stub out getaddrinfo() and freeaddrinfo(). We may not be able have + access to DNS in the fuzzing environment. + [b3d2e6c04076] + + * lib/eventlog/regress/eventlog_store/store_sudo_test.c: + Plug memory leaks in store_sudo_test found by LSAN. + [5f1d68d01c0c] + +2023-04-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/limits.c: + disable_coredump: only change the soft limit, leave the hard limit + as-is This should avoid problems on Linux in cases where sudo does + not have CAP_SYS_RESOURCE which may be the case in an unprivileged + container. GitHub issue #42 + [4e65c3923119] + +2023-04-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/build_pkgs: + Add basic support for remote power on/off via net-snmp. + [ca021941fd58] + + * src/exec.c: + More accurate description of what happens for "sudo -b". + [a9158169fcac] + + * src/exec_pty.c: + Better support for "sudo -b" when running the command in a pty. + + When a command is run via "sudo -b" it has no access to terminal + input. In non-pty mode, the command runs in an orphaned process + group and reads from the controlling terminal fail with EIO. We + cannot do the same while running in a pty but if we set stdin to a + half-closed pipe, reads from it will get EOF. That is close enough. + [a284611a18fd] + +2023-04-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_nopty.c, src/exec_pty.c, src/selinux.c, src/sudo.h, + src/ttyname.c: + Avoid calling isatty()/ttyname() on std{in,out,err} if not a char + dev. + + The user controls these fds so we should avoid calling ioctl(2) on + them unless they correspond to actual character device files. + [745430b563db] + + * src/parse_args.c, src/sudo_usage.h.in: + Hard-code usage() and help() for an 80-column terminal. + + Trying to tailor the help and usage output to the terminal width is + simply not worth it and could be abused to mark a socket as + "trusted" on Linux if there are additional kernel bugs like + CVE-2023-2002. + [d06fa6322ffb] + + * config.h.in, configure, configure.ac, src/sudo.c, + src/sudo_usage.h.in: + Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. + [e3149b6f4392] + +2023-04-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/ttysize.c, src/sudo.c: + get_user_info: call sudo_get_ttysize() even if no /dev/tty We still + want to initialize rows and cols based on the environment if + possible. + [4f3801c2f264] + +2023-04-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/parse_args.c: + Get the tty size using stdout, not stderr, when printing help + output. While usage() prints to stderr, help() prints to stdout. + [0bdf411ebc7f] + + * src/sudo.c: + get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not + stderr. Both the plugin API and the main event loop expect + lines/cols to refer to the user's terminal, so using /dev/tty is + better here. + [2e7ba199f4c7] + + * include/sudo_util.h, lib/util/ttysize.c, lib/util/util.exp.in, + plugins/sudoers/sudoreplay.c, src/parse_args.c, src/sudo.c: + Add an fd argument to sudo_get_ttysize() instead of always using + stderr. + + For sudoreplay we open /dev/tty, so use that instead of stderr when + determining the terminal size. + [4afc292d3cf4] + + * lib/util/ttysize.c: + Check whether stderr is a tty before trying TIOCGWINSZ. + [4a0d367e49c6] + +2023-04-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Use -no-undefined on macOS to avoid "-undefined dynamic_lookup" + warnings. + + Starting with macOS 13, the linker warns when "-undefined + dynamic_lookup" is used. This is added by libtool by default on + macOS but we can suppress it by passing -no-undefined to libtool. + [afeb9acd894c] + +2023-04-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Add make to Dockerfile and sort packages. + [fa937cbf8a23] + +2023-04-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/UPGRADE.md, docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/defaults.c: + Enable the use_pty option by default for sudo 1.9.14. + + GitHub issue #258 + [86a1a6da1878] + +2023-04-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Split up the monolithic sudoers_policy_main() function. + + This splits the code to find the command, perform a sudoers lookup, + ask for a password as needed, and perform post-lokup checks out into + sudoers_check_common(). The old sudoers_policy_main() has been + replaced by sudoers_check_cmnd() (called by sudoers_policy_check()), + sudoers_validate_user() (called by sudoers_policy_validate()) and + sudoers_list() (called by sudoers_policy_list()). The list_user + lookup is now performed in sudoers_list(). + [59e0b245c776] + + * plugins/sudoers/sudoers.c: + Move the root_sudo check until after we apply per-command Defaults. + + It is possible, though unlikely, for "root_sudo" to be used in a + per-command Defaults statement. + [ca1903576e0d] + +2023-04-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + sudoers_policy_main: restore locale if sudoers_lookup() fails. + + Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers + locale would still be in effect instead of the original locale. + [24df4eebbfc8] + + * plugins/sudoers/parse.c: + sudoers_lookup_pseudo: remove validated function argument + + This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared + at the top of the fuction. Make validated a local variables, + initialized to 0, instead. No change in behavior. + [72e6207850fc] + +2023-03-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c: + The I/O log file name is not just the basename of the full + iolog_path. The audit plugin already has the correct value for + iolog_file, don't overwrite it with basename(iolog_path). In the + future we may wish to pass in iolog_file and iolog_dir in addition + to iolog_path. Fixes Bug #1046. + [f272de885273] + +2023-03-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Warn with "unknown user" not "unknown uid" if user cannot be + resolved. Prior to sudo 1.8 this was after a getpwuid() but now we + use getpwnam(). + [9a523881df41] + + * plugins/sudoers/sudoers.c: + Set timestamp_uid and timestamp_gid via a callback. This also makes + it possible to include the location of the line in the sudoers file + in the warning message (and mail). + [5588cf3cb55b] + +2023-03-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + Fix display of escape sequencees in ldapsearch example. + [08dc98162160] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + White space is not allowed between Defaults and '@', ':', '!', '>'. + The EBNF made it appear that this is allowed when it really is not. + [74bba755afaf] + +2023-03-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/edit_open.c, src/exec.c, src/exec_intercept.c, + src/exec_intercept.h, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/sudo_edit.h, src/sudo_exec.h, src/tgetpass.c: + Make struct {command,user}_details pointers const where possible. + [dcfa95a24789] + + * src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Make user_details private to main. + [43477263455b] + + * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/parse_args.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, + src/tgetpass.c: + Make user_details private to sudo.c. + [fec5df7605dc] + + * configure, scripts/config.sub: + Regenerate with the autoconf 2.72c snapshot. + [6dda0f9323b1] + +2023-03-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/parse_args.c: + Use sudo_get_ttysize() in help() and usage(). This eliminates a + dependency on the user_details global. + [ecbc8afc1630] + + * src/exec.c, src/sudo.c, src/sudo.h: + Store submitcwd (from user_details) in struct command_details. This + eliminates use of the user_details global from exec_setup(). + [ed37b2a451f8] + +2023-03-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/utmp.c: + utmp_fill: user is now always non-NULL, no need for user_details. + [76bdecaaad07] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Remove list_user global. + [fd397db04688] + + * src/conversation.c: + No need to declare tgetpass_flags, it is already in sudo.h. + [c7e1b8ef75c8] + + * src/sudo.c: + No need for sudo_mode to be global anymore. + [f746eba12bd9] + + * src/sudo.c: + Make command_details private to main(). + [311fd705cce4] + + * src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + Make iobufs private to exec_iolog.c. + [80861a209ddd] + + * src/sudo_exec.h: + Remove ttymode and its associated values. + [efb4e04097ab] + + * src/exec.c, src/exec_pty.c, src/get_pty.c, src/sudo.h, + src/sudo_exec.h: + Move ptyname to struct exec_closure + [d4080a4262bd] + + * src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h: + Move pty_make_controlling() to exec_monitor.c where it is called. We + can use details->tty to access the pty follower path. + [9875f0b136f4] + + * src/exec_pty.c, src/sudo.c: + Eliminate utmp_user global, just use the value in struct command + details. + [95b28adcb0f3] + + * src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + Replace tty_mode global with term_raw flag in struct exec_closure. + + The pty_cleanup hook needs access to the closure so add + pty_cleanup_init() to store a pointer to the closure for use by + pty_cleanup_hook(). + [cc01f0da46d9] + + * src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h: + Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). We + want it to execute in the main sudo process, not the monitor. + [279e370adc01] + + * src/exec_iolog.c: + Make ttyblock private to exec_iolog.c + [61243eba350d] + +2023-03-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c, src/sudo_exec.h: + exec_pty.c: move foreground flag to struct exec_closure. Also make + pipeline flag private to exec_pty() and remove the unneeded + check_foreground() prototype. + [dd25f1d91008] + + * src/exec_pty.c: + On resume, always sync the pty terminal settings with /dev/tty. + + Changes made to the terminal settings while the command is suspended + are now reflected in the pty when the command is resumed. This is + more consistent with the non-pty behavior and allows for the removal + of the "tty_initialized" global. One downside to this change is that + if a terminal-based program using the pty is stopped with SIGSTOP it + may have the wrong terminal settings on resume. However, this is no + different from the non-pty case. + [3e59765dea31] + + * lib/util/suspend_parent.c, lib/util/term.c: + Correct a comment. + [393a4d472507] + +2023-03-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * .github/FUNDING.yml: + GitHub sponsor settings. + [7bd778b9adef] + + * config.h.in, configure, configure.ac: + Use built-in tests for bit types instead of using AC_CHECK_TYPES. + This should be more portable as it handles the quirks of some older + systems. + [7e471f2a914d] + + * plugins/sudoers/visudo.c, src/regress/intercept/test_ptrace.c: + Quiet compiler warnings on systems where pid_t is not an int. + Historically, pid_t was a long on some 32-bit systems like Solaris. + [c31393da893d] + + * plugins/sudoers/visudo.c: + Silence "used uninitialized" false positives with older gcc + versions. + [40f0ee142249] + + * src/exec_pty.c: + exec_pty: always copy the terminal settings from /dev/tty the pty. + Previously, we only did this when running in the foreground but this + can cause problems when running a program that reads the terminal + settings or window size in the background. If sudo is running in the + background, the terminal settings will be updated if it transitions + to the foreground process. Based on a suggestion from From Duncan + Overbruck. + [51a70eadc7fc] + + * src/exec_pty.c: + check_foreground: use SFD_LEADER not SFD_FOLLOWER (which was + closed). Also use SFD_LEADER for sudo_term_copy() in exec_pty() for + consistency. From Duncan Overbruck. + [172962b90aa6] + + * src/exec_pty.c: + suspend_sudo_pty: fix cut & pasto in last commit to catch SIGCONT. + Also set sa.sa_handler to SIG_DFL instead of SIG_IGN. There is no + difference for SIGCONT but it means we can re-use sa as-is later. + [e07725c8c939] + +2023-03-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Catch SIGCONT and restore terminal settings on resume from SIGSTOP. + While we cannot catch SIGSTOP, we _can_ catch SIGCONT and set + /dev/tty to raw mode when running in the foreground. Ignore SIGCONT + in suspend_sudo_pty() so we don't call resume_terminal() twice. + [b5b2d739e44d] + + * src/exec_monitor.c, src/exec_pty.c: + Only convert a signal number to a name if we are going to use it. It + is mostly used for debug logging. + [225c3630ffff] + + * src/exec_monitor.c, src/exec_pty.c, src/sudo.h: + Move updating of the window size back to the main sudo process. We + can use the leader file descriptor with TIOCGWINSZ to set the window + size of the pty. Thanks to Duncan Overbruck for the hint. + [6e3f7622038a] + + * plugins/sudoers/visudo.c: + visudo: restore controlling terminal after running the editor. + Otherwise, visudo will get SIGTTOU if it tries to write to the + terminal after the editor finishes. Also avoid races by setting the + process group ID in both the parent and child, and grant the + controlling terminal in the parent, not the child. + [c0f339a84be8] + +2023-03-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/visudo.man.in, docs/visudo.mdoc.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Warn about ignored files in sudoers.d in visudo. + [61f8def2d666] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: + Replace sudoers_warnings with sudoers_verbose. This is now an int, + with values > 1 reserved for visudo. + [d1d7b559b904] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Split push_include() into push_include() and push_includedir(). This + moves the "isdir" function argument to the internal version. + [d454beb6eebf] + +2023-03-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h: + Pass around const struct sudo_nss pointers where possible. + [d13437078d19] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h: + Pass around const struct sudoers_parse_tree pointers where possible. + [1aa8b9069b39] + + * plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h: + Move non-config-related macros to from sudo_ldap_conf.h to + sudo_ldap.h. + [16e67a765a30] + +2023-03-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/getcwd.c, + scripts/mkdep.pl: + Remove portable getcwd.c, nothing uses it anymore. Any operating + system supported by sudo already includes getcwd(3). + [8f0584066f6f] + + * src/Makefile.in: + Use LIBPROTOBUF_C and LIBUTIL variables and use them. + [062142fa5ae8] + +2023-03-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_util.h: + Remove now-unused sudo_timeval* macros. + [3448dce21b9c] + + * lib/util/nanosleep.c: + nanosleep: clear remainder on successful completion Also switch to + doing everything in terms of struct timespec except for the actual + select(2) call. + [d67451eb618e] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in: + Add lib dependencies for fuzzer and test targets. + [60605bcc3905] + + * lib/eventlog/eventlog_free.c: + eventlog_free: free peeraddr + [42670e45e57f] + + * plugins/sudoers/ldap_innetgr.c: + sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. We + already check for a NULL value above so "str == NULL" is always + false. Found by PVS-Studio. + [c9cfdd013e92] + +2023-03-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/Makefile.in: + Fix static compilation. + [5a18337c03d3] + + * MANIFEST: + Replace eventlog_json.h with parse_json.h. + [cc68fe24ee0d] + + * lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c: + Add support for parsing all fields of struct eventlog. + [3828e55bdaff] + +2023-03-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, lib/eventlog/Makefile.in, + lib/eventlog/regress/eventlog_store/store_json_test.c, + lib/eventlog/regress/eventlog_store/store_sudo_test.c, + lib/eventlog/regress/eventlog_store/test1.json.in, + lib/eventlog/regress/eventlog_store/test1.json.out.ok, + lib/eventlog/regress/eventlog_store/test1.sudo.out.ok, + lib/eventlog/regress/eventlog_store/test2.json.in, + lib/eventlog/regress/eventlog_store/test2.json.out.ok, + lib/eventlog/regress/eventlog_store/test2.sudo.out.ok, + lib/eventlog/regress/eventlog_store/test3.json.in, + lib/eventlog/regress/eventlog_store/test3.json.out.ok, + lib/eventlog/regress/eventlog_store/test3.sudo.out.ok, + lib/eventlog/regress/eventlog_store/test4.json.in, + lib/eventlog/regress/eventlog_store/test4.json.out.ok, + lib/eventlog/regress/eventlog_store/test4.sudo.out.ok, + lib/eventlog/regress/parse_json/check_parse_json.c: + Add tests for JSON and sudo-style log output. + [3a923f86fff2] + + * plugins/sudoers/match.c: + Declare domain even if the system lacks innetgr(). Fixes a build + error on musl-based systems like Alpine. + [34cfa5ad4cdc] + + * lib/eventlog/Makefile.in: + Add missing definition of $(SED). + [9a614b90c852] + + * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in, + lib/eventlog/parse_json.c, lib/eventlog/parse_json.h, + lib/eventlog/regress/parse_json/check_parse_json.c, + lib/eventlog/regress/parse_json/test1.in, + lib/eventlog/regress/parse_json/test2.in, + lib/eventlog/regress/parse_json/test2.out.ok, + lib/eventlog/regress/parse_json/test3.in, + lib/eventlog/regress/parse_json/test3.out.ok, lib/iolog/Makefile.in, + lib/iolog/iolog_json.c, lib/iolog/iolog_json.h, + lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_json/test1.in, + lib/iolog/regress/iolog_json/test2.in, + lib/iolog/regress/iolog_json/test2.out.ok, + lib/iolog/regress/iolog_json/test3.in, + lib/iolog/regress/iolog_json/test3.out.ok: + Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la + It will be used in the upcoming log output tests. + [1a8dd741b666] + + * lib/eventlog/eventlog.c: + Add missing " ; " separator between environment variables and + command. This is a regression introduced in sudo 1.9.13. GitHub + issue #254. + [a3c09b724b7a] + +2023-03-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + Add example to verify support for searching by nisNetgroupTriple. + [090ffa785e56] + +2023-03-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gc.c: + Remove unused sudoers_gc_init() function. + [b2ee61f8f11d] + +2023-03-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + Sudo now does its own netgroup lookups if NETGROUP_BASE is set. + Previously, it only performed netgroup queries to determine the list + of netgroups a user was a member of. + [932613f6868a] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c: + sudoers_cleanup: free cached environment before running g/c. Avoids + a double free in fuzz_policy. + [e616d4a038b6] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + sudoers_cleanup: run the garbage collector at the end + [cbc28a012f8b] + + * plugins/sudoers/sudoers.c: + Plugin a memory leak in intercept mode. + [f63fb51ff972] + + * src/exec_intercept.c: + Sync non-intercept version of intercept_cleanup() declaration. + [712ff6c2f6bd] + + * plugins/sudoers/ldap_innetgr.c: + Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY. + [0be36e3e9473] + + * src/exec.c, src/exec_intercept.c, src/sudo_exec.h: + Plug a memory leak with ptrace-based intercept. + [3b411be9fe37] + + * src/exec_intercept.c: + Plug memory leak when log_subcmds is enabled. + [1d5b21665ced] + + * lib/util/suspend_parent.c: + Pass closure to callback, not the callback pointer itself. + [a4e433840f16] + + * MANIFEST, configure, m4/ldap.m4, plugins/sudoers/Makefile.in, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_innetgr.c, + plugins/sudoers/sudo_ldap.h, scripts/mkdep.pl: + Add LDAP-specific innetgr() implementation. Wheh netgroup_base is + set we now do out own netgroup lookups using LDAP. Previously, LDAP + was queried directly to get a list of the netgroups the user belongs + to but other netgroups queries went through innetgr(3). This makes + it possible to use netgroups in LDAP sudoers on systems that don't + have an innetgr() function. GitHub issue #251. + [aa7304a533e0] + + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/sudo_ldap.h: + Move some functions from ldap.c to ldap_util.c. These will be used + by the LDAP innetgr() implementation. + [70fd74041c5d] + +2023-03-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/Makefile.in: + fix typo in uninstall target + [e3c1b8427d01] + + * Merge pull request #252 from bin-ly/main + + fix typo in uninstall target + [4a1d3542345c] + +2023-03-09 bin-ly <binlingyu@uniontech.com> + + * lib/util/Makefile.in: + fix command error for lib/util/Makefile.in + [7dd4e9e6d976] + +2023-03-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h: + Add per-source innetgr function pointer and use it in + netgr_matches(). This will be used to implement LDAP-specific + netgroup lookups when netgroup_base is set in ldap.conf. + [f7c89d6e8d6b] + +2023-03-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/digest/digest_test.c: + Add tests for SHA2 digest support. This uses the NIST byte-oriented + short message test vectors. + [06e01abf7943] + +2023-03-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_13p3 for changeset 0bdd0b8469e3 + [fc4e872d6d89] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.13p3 + [0bdd0b8469e3] [SUDO_1_9_13p3] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.13p3 + [0c4b7112dde9] + +2023-03-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h: + A user with "list" privs for root may not list all users. A user + with "sudo ALL" for root _is_ allowed to list any user. + [a3f7301ba4d3] <1.9> + + * plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h: + A user with "list" privs for root may not list all users. A user + with "sudo ALL" for root _is_ allowed to list any user. + [fe758ae9d0bb] + + * plugins/sudoers/policy.c: + sudoers_policy_list: do not set runas_pw to list_pw when listing + This change introduced in sudo 1.9.13 is not actually needed. The + "list" pseudo-command checks are performed via runas_matches_pw() + which does not use runas_pw. GitHub issue #248 + [84effa5ffaa1] <1.9> + + * plugins/sudoers/policy.c: + sudoers_policy_list: do not set runas_pw to list_pw when listing + This change introduced in sudo 1.9.13 is not actually needed. The + "list" pseudo-command checks are performed via runas_matches_pw() + which does not use runas_pw. GitHub issue #248 + [94c1f6d9bc6d] + + * plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c: + Fix "sudo -l command args", broken in sudo 1.9.13. The value of + user_args should not contain the command to be run in "sudo -l + command args", only the arguments of the command being checked. This + restores the pre-1.9.13 behavior. GitHub issue #249 + [3e1225e7bf33] <1.9> + + * plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c: + Fix "sudo -l command args", broken in sudo 1.9.13. The value of + user_args should not contain the command to be run in "sudo -l + command args", only the arguments of the command being checked. This + restores the pre-1.9.13 behavior. GitHub issue #249 + [2773b6d91cf1] + +2023-03-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c, + logsrvd/sendlog.c, plugins/sudoers/log_client.c: + Check for sudo_pow2_roundup() overflow. Calling + sudo_pow2_roundup(INT_MAX+2) will return since there is no power of + 2 larger than INT_MAX+1 that fits in an unsigned int. This is not an + issue in practice since we restrict messages to 2Mib. + [d76de48704d0] + + * src/exec_nopty.c, src/exec_pty.c: + write_callback: only enable /dev/tty reader if the command is + running This fixes a hang when there is /dev/tty data in a buffer to + be flushed by the final call to del_io_events(). We do not want to + re-enable the reader when flushing the buffers as part of + pty_finish(). See PR #247 for analysis of the problem and how to + reproduce it. + [b7ea5b5e6a88] <1.9> + + * src/exec_nopty.c, src/exec_pty.c: + write_callback: only enable /dev/tty reader if the command is + running This fixes a hang when there is /dev/tty data in a buffer to + be flushed by the final call to del_io_events(). We do not want to + re-enable the reader when flushing the buffers as part of + pty_finish(). See PR #247 for analysis of the problem and how to + reproduce it. + [2cf041ccbd98] + +2023-02-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/testsudoers/test12.out.ok, + plugins/sudoers/regress/testsudoers/test12.sh: + Test non-fully qualified path name. + [0a9e6e83fe15] <1.9> + + * plugins/sudoers/regress/testsudoers/test12.out.ok, + plugins/sudoers/regress/testsudoers/test12.sh: + Test non-fully qualified path name. + [b653458b1758] + + * plugins/sudoers/Makefile.in: + Fix removal of y.tab.[ch] when generating gram.[ch]. + [f69c86ecae66] <1.9> + + * plugins/sudoers/Makefile.in: + Fix removal of y.tab.[ch] when generating gram.[ch]. + [9c5f5be26ad0] + + * MANIFEST, plugins/sudoers/regress/sudoers/test30.in, + plugins/sudoers/regress/sudoers/test30.json.ok, + plugins/sudoers/regress/sudoers/test30.ldif.ok, + plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test30.out.ok, + plugins/sudoers/regress/sudoers/test30.sudo.ok, + plugins/sudoers/regress/sudoers/test30.toke.ok: + Add test for using "list" as user, runas and host. + [ae2c84c73371] <1.9> + + * MANIFEST, plugins/sudoers/regress/sudoers/test30.in, + plugins/sudoers/regress/sudoers/test30.json.ok, + plugins/sudoers/regress/sudoers/test30.ldif.ok, + plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test30.out.ok, + plugins/sudoers/regress/sudoers/test30.sudo.ok, + plugins/sudoers/regress/sudoers/test30.toke.ok: + Add test for using "list" as user, runas and host. + [712c96af942d] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move handling of the "list" pseudo-command from lexer to parser. The + special handling of "list" in the lexer meant it could not be used + as a user, group or host, which was unintentional. GitHub issue + #246. + [efb3a4dea1da] <1.9> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move handling of the "list" pseudo-command from lexer to parser. The + special handling of "list" in the lexer meant it could not be used + as a user, group or host, which was unintentional. GitHub issue + #246. + [d36f1d686343] + +2023-02-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_compat.h: + Make the check for HAVE_DECL_NSIG consistent with other decl checks. + [616c42c4adce] <1.9> + + * include/sudo_compat.h: + Make the check for HAVE_DECL_NSIG consistent with other decl checks. + [4e6e627062af] + + * plugins/sudoers/match_command.c: + Plug memory leak with multiple matching CHROOT= entries. Found by + oss-fuzz. + [a4982b468985] + +2023-02-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_13p2 for changeset 2db7cee1cb77 + [b0af73801130] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.13p2. + [2db7cee1cb77] [SUDO_1_9_13p2] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.13p2. + [251788b2308b] + +2023-02-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + Include error string when formatting a SLOG_PARSE_ERROR message if + present. + [b4254bf84300] + + * lib/util/lbuf.c: + Add missing include of errno.h. + [65ddd70d0c18] <1.9> + + * lib/util/lbuf.c: + Add missing include of errno.h. + [669e4a4ab3ad] + + * lib/util/lbuf.c: + sudo_lbuf_expand: check for overflow when rounding to the nearest + power of 2. Problem deteced by oss-fuzz using the fuzz_sudoers + fuzzer. + [9357396fdaa0] <1.9> + + * lib/util/lbuf.c: + sudo_lbuf_expand: check for overflow when rounding to the nearest + power of 2. Problem deteced by oss-fuzz using the fuzz_sudoers + fuzzer. + [7d433e75c858] + + * src/load_plugins.c: + Fix --enable-static-sudoers, broken in sudo 1.9.13. + sudo_qualify_plugin() should not try to fully-qualify the path to a + statically-compiled plugin. GitHub issue #245 + [eca5f1f6555e] <1.9> + + * src/load_plugins.c: + Fix --enable-static-sudoers, broken in sudo 1.9.13. + sudo_qualify_plugin() should not try to fully-qualify the path to a + statically-compiled plugin. GitHub issue #245 + [f323e3f0a5c0] + +2023-02-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c: + Add sudoers open errors to the list of parse errors sent via mail. + Previously there would be one email for the open failure and a + separate one describing the parse error. Now a single email message + contains everything. + [b81299ccdad8] + + * plugins/sudoers/visudo.c: + visudo: quiet a compiler warning on Solaris 10. Also explicitly + close /dev/tty fd instead of relying on closefrom() in case the fd + ends up being a value 0-2. + [d839cc458245] + + * Merge pull request #244 from ffontaine/main + + configure.ac: fix openssl static build + [af40f67e9771] + + * configure, configure.ac, lib/util/Makefile.in: + Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary. We + can only have one of either -lmd, -lgcrypt or -lcrypto so there is + no need to have more than one variable. + [da65125af8c6] + +2023-02-22 Fabrice Fontaine <fontaine.fabrice@gmail.com> + + * m4/openssl.m4: + configure.ac: fix openssl static build + + Do not use AX_APPEND_FLAG as it will break static builds by removing + duplicates such as -lz or -latomic which are needed by -lssl and + -lcrypto. This will fix the following build failure with sparc which + needs -latomic: + + Checking for X509_STORE_CTX_get0_cert configure:21215: + /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot- + linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE + -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static + -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 + -DZLIB_CONST -static conftest.c + -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc- + buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic + -lcrypto >&5 + /home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc- + buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux- + uclibc/bin/ld: + /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc- + buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in + function `X509_CRL_up_ref': x509cset.c:(.text+0x108): undefined + reference to `__atomic_fetch_add_4' + + [...] + + In file included from ./hostcheck.c:38: + ../../include/sudo_compat.h:342:41: error: conflicting types for + 'ASN1_STRING_data' 342 | # define ASN1_STRING_get0_data(x) + ASN1_STRING_data(x) | ^~~~~~~~~~~~~~~~ + + Fixes: + - http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e3 + 6e62a28373b + + Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> + [487cfc17c742] + +2023-02-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/match_command.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/testsudoers/test20.out.ok, + plugins/sudoers/regress/testsudoers/test20.sh, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Fix potential double free for rules that include a CHROOT= option. + If a rule with a CHROOT= option matches the user, host and runas, + the user_cmnd variable could be freed twice. + [2c1477233f48] <1.9> + + * MANIFEST, plugins/sudoers/match_command.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/testsudoers/test20.out.ok, + plugins/sudoers/regress/testsudoers/test20.sh, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Fix potential double free for rules that include a CHROOT= option. + If a rule with a CHROOT= option matches the user, host and runas, + the user_cmnd variable could be freed twice. + [a988ae0045a2] + + * plugins/sudoers/visudo.c: + Check tcsetpgrp() return value. + [5d9bdb2fea15] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/suspend_parent.c, lib/util/util.exp.in, + plugins/sudoers/visudo.c, src/Makefile.in, src/exec_iolog.c, + src/exec_nopty.c, src/regress/intercept/test_ptrace.c, src/sudo.h, + src/sudo_exec.h, src/suspend_nopty.c, src/tcsetpgrp_nobg.c: + Run the editor in its own process group. This fixes suspending the + editor on GNU Hurd which doesn't seem to have proper process group + signal handling. + [210e058101af] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, plugins/sudoers/stubs.c, + plugins/sudoers/testsudoers.c: + Stub out pivot_root() and unpivot_root() for all but the sudoers + module. + [967f706e6bff] + + * plugins/sudoers/match_command.c: + Fix build when SUDOERS_NAME_MATCH is defined. + [79e4613fbd85] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pivot.c, + plugins/sudoers/sudoers.h: + Add pivot_root() and unpivot_root() to switch the root dir and + restore it. This will be used to more accurately handling command + resolution and path matching when a new root directory is specified. + [77300a0e1537] + + * plugins/sudoers/editor.c, plugins/sudoers/find_path.c, + plugins/sudoers/goodpath.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + set_cmnd_path: apply runchroot if set when finding the command path + Previously we would prepend runchroot to the path we were checking + but that does not properly handle symbolic links. + [3fb7ca4631c0] + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h: + match_command: apply runchroot if set when matching the command + Previously we would prepend runchroot to the path we were checking + but that does not properly handle symbolic links. + [41dc8f445f78] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/canon_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add canon_path(), a realpath() wrapper that performs caching. This + also adds a new user_cmnd_dir variable that stores the canonicalized + parent directory of the command to be run. + [6065f5e76387] + + * plugins/sudoers/match_command.c: + Match using canonicalized directories where possible. + [020d4ad53d07] + + * src/exec_ptrace.c: + ptrace_intercept_execve: preserve old argv[0] after policy check. We + have to replace argv[0] with the pathname for the policy check but + want to restore it afterwards if the policy has not changed the + command's path name to avoid a mismatch later on. + [5dcd96a5c369] + + * configure, configure.ac: + Move initial values into AC_SUBST() where possible. + [3db7feb16577] + + * configure, configure.ac: + No need to AC_SUBST() standard autoconf variables. + [48ce145c9e40] + +2023-02-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md: + Document --disable-largefile and --disable-year2038. + [424d17d1b83d] + + * configure, configure.ac: + Fix indentation of intercept file in summary output. + [3cf0104bd2e5] + + * plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/starttime.c: + get_starttime: add support for GNU Hurd using the mach task_info + call. This is currently Hurd-specific but could be made Mach-generic + as long as the equivalent of pid2task() is available. + [a81de7fb1f83] + +2023-02-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/starttime/check_starttime.c: + Only test get_starttime() on platforms where we support it. Fixes a + test failure on systems where we have no way to determine a + process's start time. + [bf8dbe59b2c6] + +2023-02-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_13p1 for changeset 49e64402924f + [97ae12488007] <1.9> + + * NEWS, configure, configure.ac: + Merge sudo 1.9.13p1 from tip. + [49e64402924f] [SUDO_1_9_13p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.13p1 + [0a9817096e03] + + * configure.ac: + Use m4_bmatch, m4_case does not support shell-style globbing. + [b7a743baf22e] + + * configure, configure.ac: + Allow configure.ac to be processed by autoconf 2.69. AC_PROG_CC_STDC + is deprecated in autoconf 2.70 and above but it is necessary for + autoconf 2.69. + [324ba83acd63] + + * configure.ac: + Only use AC_SYS_YEAR2038 if it is defined. Otherwise, use the method + from 1.9.12. GitHub issue #242 + [16fcec5264cc] + +2023-02-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Sudo-specific executables moved to /usr/libexec/sudo starting in + Debian 12 (Bookworm) and Ubuntu 22.04 (Jammy Jellyfish). Previously, + they were stored in /usr/lib/sudo. + [a2aa15b72312] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Handle "locale -a" returning both C.UTF-8 and C.utf8. It is possible + to have mutiple matches from the output of "locale + -a". Just take the first one. Fixes GitHub issue #241. + [aeba71610439] + + * lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Add some missing files to the clean and distclean targets. + [5dedbe519db1] + + * Merge pull request #240 from thesamesam/c23 + + sudo_fatal: Fix build where compiler recognises [[noreturn]] + attribut… + [22ae0d4402ac] + +2023-02-15 Sam James <sam@gentoo.org> + + * include/sudo_fatal.h: + sudo_fatal: Fix build where compiler recognises [[noreturn]] + attribute (C23) + + If the compiler supports [[noreturn]] as a attribute as in C23, then + we define sudo_noreturn to be it. When that's the case, we must + place it at the beginning of the declaration, before any other + *extension* attributes (__attribute(...)). + + A bug has been filed with GCC regarding rejecting/accepting mixed + attribute styles. + + sudo_dso_public is always an extension attribute, while + sudo_noreturn only might be, so put it first. + + This only shows up with GCC 13 so far (see the linked GCC bug for a + bit more exploration). Clang 16 does support the attribute but + doesn't let you use it for earlier language versions (need to pass + explicit -std=c2x, unlike with GCC here). + + This is essentially a followup to + e707ffe58b3ccfe5c72f54c38eac1d7069d5021e. + + Tested with GCC 13.0.1 20230212 (unreleased), GCC 12.2.1 20230211, + Clang 16.0.0_rc2, and Clang 15.0.7. + + Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796 Closes: + https://github.com/sudo-project/sudo/issues/239 Fixes: + e707ffe58b3ccfe5c72f54c38eac1d7069d5021e Fixes: + 16ae61dcd7d3cd8bf6eb10a22fa742d4505da4e9 + [806b5f3a6485] + +2023-02-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Add missing '[' to AS_IF() call. Fixes GitHub issue #238. + [48372d73d4bb] + + * .hgtags: + Added tag SUDO_1_9_13 for changeset 813f6addf7cf + [8df54fde3b7a] <1.9> + + * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/hexchar.c, lib/util/regress/hexchar/hexchar_test.c, + plugins/sudoers/parse.c, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: + Merge sudo 1.9.13 from tip. + [813f6addf7cf] [SUDO_1_9_13] <1.9> + + * MANIFEST, plugins/sudoers/po/ka.mo: + Add compiled version of the sudoers Georgian translation. + [35007cc1c867] + + * .gitignore, .hgignore: + Do not ignore .mo files. Otherwise we are likely to miss uncommitted + changes in them. + [d76a98baaf15] + + * plugins/sudoers/po/ru.mo, plugins/sudoers/po/zh_CN.mo, po/zh_CN.mo: + Regenerate .mo files. + [a7a708d8bf34] + +2023-02-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/realpath.c, + scripts/mkdep.pl: + Add checks for realpath(3) and a version from NetBSD for those + without it. + [121fb2ed88de] + +2023-02-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + No longer need to define sudoers_recovery here. + [11a365a8a218] + + * NEWS: + Mention that a missing include file is no longer fatal. + [ba0bd554435e] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/policy.c: + Recover from missing include file unless error_recovery is disabled. + It is still treated as an error from a logging perspective, and mail + is still sent. + [e1cac68917cc] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + plugins/sudoers/logging.c: + Add eventlog_mail() to send a log message via mail. This is used by + mail_parse_errors() to send multi-line messages. Previously, the + newlines would be escaped as control characters. + [97e516576212] + + * lib/eventlog/eventlog.c: + send_mail: pass a single string instead of using varargs These days + we only ever pass in a const string. + [700e72ca42c0] + +2023-02-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, m4/sudo.m4, pathnames.h.in, + plugins/sudoers/visudo.c: + Substitute for _PATH_SUDO* variables in pathnames.h. Previously + these were hard-coded with Makefile overrides. + [53c8be4b6af3] + +2023-02-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Use AS_IF instead of if; then where possible. + [56946f4ac23a] + +2023-02-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention the fix for GitHub #237. + [70aafdaced09] + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/fur.mo, + po/fur.po, po/ja.mo, po/ja.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [c3be19c34043] + + * src/exec_pty.c, src/tgetpass.c: + Display error in error message if we can't restore the terminal. + [aa2c60802b33] + +2023-02-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c, src/tgetpass.c: + Display an error message if unable to restore terminal settings. + [a1efb1dca169] + + * Makefile.in, etc/sudo.pp, plugins/sudoers/Makefile.in: + Get rid of sudoersdir and just use sysconfdir. There is no need for + sudoersdir when it is always just set to sysconfdir. + [690b44edcec2] + + * src/exec_pty.c: + pty_finish: only restore the terminal if sudo is the foreground + process + [357d90f11750] + + * src/exec_pty.c: + Better background job detection when running a command in a pty. If + sudo is not the process group leader and stdin is not a tty, we may + be running as a background job via a shell script. Start the command + in the background to avoid changing the terminal mode from a + background process. GitHub issue #237 + [6c74910ea869] + + * src/exec_pty.c: + suspend_sudo_pty: stop the process group even if sudo is not the + leader. When sudo is not the process group leader, we still need to + stop sudo's process group and not just the sudo process itself. If + we only send the signal to sudo itself, the shell will not notice if + it is not in monitor mode. This can happen when sudo is run from a + shell script, for example. In this case we need to signal the shell + itself. If the process group leader is no longer present, we must + kill the command since there will be no one to resume us. + [44bb3267a55e] + + * lib/util/term.c: + Add debug tracing to tcsetattr_nobg(). + [b7a17174f1cf] + +2023-01-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Avoid compilation errors if getaddrinfo() or freeaddrinfo() are + macros. If this is the case we probably can't stub out the functions + but at least the fuzzer will compile. + [2482db79d3b9] + + * src/net_ifs.c: + Initialize the integer result parameter passed to SIOCGIFANUM. It + appears that passing in a non-zero value causes the ioctl() to fail. + From Tim Rice. + [071633f9929c] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, + plugins/sudoers/log_client.c: + Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. From Tim + Rice. + [661c26064544] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure test for NSIG, _NSIG or __NSIG. This is better than + just defining NSIG in sudo_compat.h if it is not defined since + signal.h may not have been included. + [f1c94c5f825b] + + * logsrvd/logsrvd_conf.c: + Avoid DNS lookups when fuzzing. + [384ffdead655] + +2023-01-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/mkpkg, + scripts/pp: + No longer need to treat Rocky or Alma Linux specially. We now treat + them the same as RHEL. + [190afa102ca6] + +2023-01-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #230 from trackers-lover/main + + Return value does not match + [1dc4317beaf7] + +2023-01-29 bianguangze@uniontech.com <bianguangze@uniontech.com> + + * lib/util/sudo_conf.c: + Modify return value parameter + [eb1e78bb2f91] + +2023-01-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/build_pkgs: + Store conf hash in vm_servers instead of vmid. Add a shutdown + command fallback to the conf file. + [2f7eeb5c3f04] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, + plugins/sudoers/po/ru.po, plugins/sudoers/po/sv.mo, + plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, + po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, + po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo, po/ro.po, + po/sv.mo, po/sv.po, po/uk.mo, po/uk.po, po/zh_CN.po, po/zh_TW.po: + Updated translations from translationproject.org + [fa9569203e16] + + * configure, m4/hardening.m4: + Fix a typo. + [ebf4c16e0079] + + * config.h.in, configure, scripts/config.guess, scripts/config.sub: + Regen with latest autoconf git. + [9a0bbbb682fc] + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/mkpkg, + scripts/pp: + Recognize Alma Linux and Rocky Linux (Open Source RHEL clones) + [b1dbb7b75824] + + * NEWS: + Mention the recent intercept/log_subcmds fix. + [cbd60701de52] + + * scripts/mkpkg: + Fix determination of the number of CPU cores on Linux. + [6ac6a9b074bf] + +2023-01-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/po/ka.po: + New Georgian translation from translationproject.org + [17681b870666] + + * Merge pull request #235 from kernelmethod/apparmor_dependencies + + Replace the Debian libselinux1 dependency with libapparmor1 + [ca29638c5c34] + +2023-01-26 kernelmethod <17100608+kernelmethod@users.noreply.github.com> + + * etc/sudo.pp: + Replace the Debian libselinux1 dependency with libapparmor1 + + Debian >= 10 uses AppArmor by default instead of SELinux, so + SELinux-related sudo features are typically going to be unusable in + Debian installs. This changes the dependency on libselinux1 to be a + dependency on libapparmor1 for .deb packages built with `make + package`. + [5779ce23a161] + +2023-01-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + get_execve_info: defer setting pathname until argbuf is finalized If + we reallocate the buffer (via growbuf()) in ptrace_read_vec(), the + address of argbuf may change. If so, the value stored in pathname + will no longer be valid. GitHub issue #194. + [f75aa1eb5d95] + + * src/exec_intercept.c, src/exec_ptrace.c: + Correct error message when command doesn't exist in intercept mode. + Previously, we would always use EACCES, even when ENOENT was + appropriate. This also affected log_subcmds. + [5bc0ecd5d4e6] + +2023-01-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.13 + [c6a247e05a91] + +2023-01-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Update for 1.9.13. + [c9c5b6af5ea5] + + * src/exec_ptrace.h: + Include elf.h, not linux/elf.h but define NT_ARM_SYSTEM_CALL if + missing. Older kernel headers are missing the definition of EM_ARM + in linux/elf.h. GitHub issue #232 + [8bed5e7f8857] + + * lib/util/regress/regex/regex_test.c: + Add tests for escaped digits. + [7e5b7e5e2409] + + * lib/util/regex.c: + check_pattern: handle escaped digits since GNU libc accepts them. + [a20d5a047963] + +2023-01-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + plugins/sudoers/sudoreplay.c: + Add eventlog_store_sudo() and use it in sudoreplay. This replaces + the custom log formatting used by "sudoreplay -l". + [26dd2367fbdd] + +2023-01-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/build_pkgs, scripts/mkpkg: + Add --build-only flag to skip building packages. + [46c0213b2668] + +2023-01-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg, scripts/pp: + Suport building packages on DragonFly BSD. + [65920923add2] + + * configure, configure.ac, m4/visibility.m4: + Try to link a simple shared object with -Wl,--no-undefined. This + only works for gcc-style compilers, which should not be a problem. + The source uses environ (FreeBSD) and errno (OpenBSD). + [1c2d9f90bc6d] + + * scripts/build_pkgs: + Pass the name to the config.cache file to the build script. If + --cache-file is not specified, no config.cache file will be used. + Add an "omit_artifacts" setting for platforms where we don't publish + artifacts. + [c87221f36bf4] + +2023-01-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/regex.c: + check_pattern: accept a backslash before the numeric bound like + glibc. This helps avoid out-of-memory conditions when fuzzing on + Linux. + [07f14dba22ed] + + * configure, configure.ac: + Don't use -Wl,--no-undefined with the sanitizers/fuzzers. It breaks + linking when using -fsanitize with clang at least. + [a6331135bd73] + + * docs/SECURITY.md: + Add a link to the sudo security advisories archive. + [7137d1d214e5] + + * config.h.in, configure, configure.ac: + Eliminate usage of obsolete 2-argument AC_CHECK_TYPE macro. + [96b37c574fc2] + + * config.h.in, configure, configure.ac, plugins/sudoers/starttime.c, + src/regress/ttyname/check_ttyname.c, src/ttyname.c: + Add support for the struct kinfo_proc on Dragonfly BSD. + [4c1a7d223d66] + + * configure, configure.ac: + Need to link sudo and sudoers with -lutil on Dragonfly BSD. It is + safer to just search for setusercontext() in libc and libutil + instead of matching on the operating system. + [b91a288c9968] + + * configure, configure.ac: + Elminate the $OS variable, we can just use $host_os instead. + [0293bf9d4dd4] + + * plugins/sudoers/editor.c: + Restore the line that set errno to ENOENT when find_path() fails. + This was inadvertently removed when the "goto bad" was added. + [b957909a1a75] + + * configure, configure.ac, m4/ldap.m4: + Add -Wl,--no-undefined to LDFLAGS if it is supported. This will find + missing symbols at build-time instead of run-time. Don't use it on + FreeBSD where environ is filled in by the dynamic loader. We also + need to pull in -llber with -lldap where possible (instead of + relying on DT_NEEDED) to avoid undefined symbol errors when building + with LDAP support. + [c88bd9fd05c9] + + * plugins/sample/README: + The sample plugin is now built by default to avoid bit rot. GitHub + issue #234. + [aac2a29136e1] + + * plugins/sample/sample_plugin.c: + The change from sudo_printf -> sudo_plugin_printf was incomplete. + Fixes GitHub issue #234. + [4f8333e3f7b8] + +2023-01-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, m4/pie.m4: + Solaris: use lt_prog_compiler_pic instead of assuming -KPIC + [36b94699ad63] + + * configure, m4/hardening.m4, m4/pie.m4: + Solaris: the aslr, nxheap and nxstack link options are only for + executables. Move them back to PIE_LDFLAGS, which is only used when + linking a binary. + [970d533cd9b2] + + * configure, m4/hardening.m4, m4/pie.m4: + Solaris: move aslr linker option to hardening and try to build real + PIEs These flags are specific to the Solaris linker. + [c5439fec5cb3] + + * configure, m4/hardening.m4, m4/pie.m4: + Enable non-executable heap and stack options for Solaris ld. + [5be638b9bd79] + + * configure, configure.ac, m4/hardening.m4: + Limit some of the hardening tests to compilers that define __GNUC__. + This should avoid false positives on other compilers. + [1b3b36a2ff2b] + + * plugins/python/regress/testdata/check_multiple_approval_plugin_and_a + rguments.stdout: + Update expected plugin version. + [19b2963008a2] + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + include/sudo_plugin.h, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Pass back the number of files to edit when using sudoedit. The sudo + front-end can use this to determine where the list of files to edit + begins. + [c9c1e6e81438] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, include/sudo_lbuf.h, + lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c, + lib/util/util.exp.in, plugins/sudoers/sudoreplay.c: + Escape control characters in log messages and "sudoreplay -l" + output. The log message contains user-controlled strings that could + include things like terminal control characters. Space characters in + the command path are now also escaped. + + Command line arguments that contain spaces are surrounded with + single quotes and any literal single quote or backslash characters + are escaped with a backslash. This makes it possible to distinguish + multiple command line arguments from a single argument that contains + spaces. + + Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv + (https://synacktiv.com). + [1cd37144190c] + + * NEWS: + Merge in sudo 1.9.12p2 changes. + [d5a2cd780f27] + + * .hgtags: + Added tag SUDO_1_9_12p2 for changeset 05149e3ee7db + [8763a9e70ddd] <1.9> + +2023-01-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Add back the linker check for -fstack-clash-protection. This is + expected to fix GitHub issue #231. + [40bda374ae08] <1.9> + + * configure, m4/hardening.m4: + Add back the linker check for -fstack-clash-protection. This is + expected to fix GitHub issue #231. + [c08c0a7c8613] + +2023-01-17 trackers-love <bianguangze@uniontech.com> + + * lib/util/sudo_conf.c: + Return value does not match + [2c7c350c3d97] + +2023-01-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, + docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in, + docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in, + docs/visudo.mdoc.in: + Stop using 8n width in tagged lists. Use either 4n, when the body is + expected to wrap or the width of the longest tag when no wrapping is + expected. + [2b1bc5d31250] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrvd.man.in, + docs/sudo_logsrvd.mdoc.in, docs/sudo_sendlog.man.in, + docs/sudo_sendlog.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in: + Use -width Ds for the options list, not -width Fl. + [598dbf3d2fea] + + * docs/sudo.man.in, docs/sudo.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in: + Reduce the offset of bullet lists to 1n. + [893b6fd25564] + + * INSTALL.md: + Shorten --with-passprompt and --with-mailsubject arguments to a + single word. The script that generates the web version of this file + doesn't expect options to include whitespace. + [063dc2c168aa] + +2023-01-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md: + Shorten --with-badpass-message argument to a single word. The + fix_install script can't deal with whitespace in options. + [17761c19a4b8] + + * LICENSE.md: + Make numbered lists more markdown-friendly. Also add line breaks + when there are multiple authors. + [d22146e06e27] + + * INSTALL.md: + Make lists of directories more markdown-friendly. + [b3295e422b33] + +2023-01-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c: + Check for errors when removing the temp directory. If we cannot + remove the directory tree that may indicate a file or directory mode + problem. + [4a162644b61f] + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: fix pasto in last commit Set mode to iolog_dirmode, + not iolog_filemode + [9926f1c92729] <1.9> + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: fix pasto in last commit Set mode to iolog_dirmode, + not iolog_filemode + [713773e23472] + + * NEWS, configure, configure.ac: + Sudo 1.9.2p2 + [05149e3ee7db] [SUDO_1_9_12p2] <1.9> + + * plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, + plugins/sudoers/visudo.c: + sudoedit: do not permit editor arguments to include "--" + (CVE-2023-22809) We use "--" to separate the editor and arguments + from the files to edit. If the editor arguments include "--", sudo + can be tricked into allowing the user to edit a file not permitted + by the security policy. Thanks to Matthieu Barjole and Victor + Cutillas of Synacktiv (https://synacktiv.com) for finding this bug. + [eb7f573a4a92] <1.9> + + * plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, + plugins/sudoers/visudo.c: + sudoedit: do not permit editor arguments to include "--" + (CVE-2023-22809) We use "--" to separate the editor and arguments + from the files to edit. If the editor arguments include "--", sudo + can be tricked into allowing the user to edit a file not permitted + by the security policy. Thanks to Matthieu Barjole and Victor + Cutillas of Synacktiv (https://synacktiv.com) for finding this bug. + [2ca90805f471] + +2023-01-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sha2.c: + In SHA256Pad and SHA512Pad use 511 and 1023 respectively for bitwise + AND. Previously we were using 504 and 1016 which still produces the + correct result since padding is done in 8-bit bytes. However, using + size-1 for the bitwise AND makes the intent clearer and likely would + have prevented the previous bug in SHA512Pad. From Matthieu Barjole + and Victor Cutillas of Synacktiv (https://synacktiv.com) + [4b6a50800ecd] + + * plugins/sudoers/env.c: + env_file_next_local: change the order of the val_len check. It makes + more sense to verify that val_len > 1 before using it. This is not a + problem in practice because val[val_len - 1] is guaranteed not to + underflow but it can confuse reviewers and static analyzers. + [9d6bed4e3fd0] + + * plugins/sudoers/env.c: + Fix typo in check for environment variables that start with '='. + [6dc466c8bf82] + + * lib/util/lbuf.c: + sudo_lbuf_print: no longer need to check for lbuf->len > 0. Now that + lbuf length is unsigned the earlier check for len == 0 is + sufficient. + [bdfc863f5b5c] + + * lib/util/lbuf.c: + Increase minimum allocation size from 256 to 1024 bytes. + [0f49c8728151] + + * plugins/sudoers/sudoreplay.c: + Fix IS_IDLOG macro, it was testing the wrong byte for the NUL. This + causes the macro to evaluate to false even for valid TSIDs. + [77686e4508d3] + +2023-01-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + sudoers_trace_print: this is a no-op if not debugging + [df34de2e60f4] + + * lib/util/lbuf.c: + sudo_lbuf_expand: don't allocate less than 256 bytes at a time. + [a747682156e6] + +2023-01-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/lbuf.c: + sudo_lbuf_expand: round nearest power of two instead of multiple of + 256. + [840855b501de] + + * LICENSE.md: + Update copyright year. + [5ff97b5e6bcd] + + * include/sudo_lbuf.h, lib/util/lbuf.c: + sudo_lbuf_expand: check for possible integer overflow The numeric + fields in struct sudo_lbuf are now unsigned so that wraparound is + defined, this make the overflow checks simpler. Problem deteced by + oss-fuzz using the fuzz_sudoers fuzzer. + [6dc670d15276] + + * MANIFEST, lib/iolog/iolog_json.c, + lib/iolog/regress/iolog_json/test3.in, + lib/iolog/regress/iolog_json/test3.out.ok: + Decode \u00XX in a JSON string now that we escape control chars. We + don't write Unicode to the log.json file, only 8-bit ASCII. + [83dcacb35309] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/hexchar.c, lib/util/regress/hexchar/hexchar_test.c, + lib/util/util.exp.in, plugins/sudoers/Makefile.in, + plugins/sudoers/hexchar.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/toke_util.c: + Move hexchar() from the sudoers plugin to lib/util. + [4a6c57c1b66a] + + * lib/util/mkdir_parents.c: + sudo_open_parent_dir: adjust loop terminating condition Checking for + ep < pathend should be a bit clearer than ep != '\0' and has the + advantage of working when pathend doesn't point to a NUL byte. No + intended change in behavior. + [cee4e0c71070] + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: fix failure when the specified path contains + subdirectories. This fixes a bug introduced in sudo 1.9.12. + [ac86f3b0d94b] <1.9> + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: fix failure when the specified path contains + subdirectories. This fixes a bug introduced in sudo 1.9.12. + [3a1d5b01b446] + + * lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c: + check_iolog_mkpath: fix exit value + [9ac13d6657f6] + +2023-01-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #227 from sohomdatta1/integer_underflow + + Prevent integer underflow due to environment variable + [c6c716352077] + +2023-01-02 Sohom <sohomdatta1+git@gmail.com> + + * plugins/sudoers/env.c: + Prevent integer underflow due to environment variable + + Gaurd against replacing quotes when the environment variable val_len + is 1. + [1b926824dcf8] + +2023-01-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/regex.c: + glibc allows the ',' in {low,high} to be escaped with a backslash. + Adjust bound parsing to match this. + [b2bbac2bab6a] + +2022-12-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Fix logic goof in 05781ba6f1f3, disable replacements when fuzzing. + Not the other way around. + [abcf2deb9d0e] + +2022-12-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in: + Substitute python plugin file name in sudo_plugin_python + documentation. Also use prefix for group plugin fallback path + section in sudoers manual. + [e245808fbe74] + + * lib/iolog/Makefile.in, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.dict, + lib/iolog/regress/fuzz/fuzz_iolog_timing.dict: + Use correct dictionary file format. Also use the new dictionaries in + the Makefile fuzz target. + [c39e699cb9b6] + + * MANIFEST, lib/iolog/regress/corpus/seed/log_legacy/less.log, + lib/iolog/regress/corpus/seed/log_legacy/smtpctl.log, + lib/iolog/regress/corpus/seed/log_legacy/vi.log, + lib/iolog/regress/corpus/seed/timing/timing.5, + lib/iolog/regress/corpus/seed/timing/timing.6, + lib/iolog/regress/corpus/seed/timing/timing.7, + lib/iolog/regress/corpus/seed/timing/timing.8, + lib/iolog/regress/corpus/seed/timing/timing.9: + Add some addition entries for the I/O log fuzzer seed corpus. + [51d4bf5f014c] + + * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_legacy.dict, + lib/iolog/regress/fuzz/fuzz_iolog_timing.dict: + Add dictionaries for fuzz_iolog_legacy and fuzz_iolog_timing. + [84d1e53ea8eb] + + * include/sudo_fatal.h: + Don't send warn/fatal output to the debug file when fuzzing. + [968fedf79f23] + + * lib/util/getentropy.c: + Back out the genentropy.c portion of c648cfe9ff0f We don't need to + special-case FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION now that we + use the glibc arc4random() where available. + [7d69e44e3e9b] + +2022-12-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Use initprogname(), not setprogname() in the fuzzers. This results + in better coverage for progname.c. + [dede53f4b0db] + + * lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.out.ok, + lib/util/regress/sudo_conf/test2.out.ok, + lib/util/regress/sudo_conf/test3.out.ok, + lib/util/regress/sudo_conf/test4.out.ok, + lib/util/regress/sudo_conf/test5.out.ok, + lib/util/regress/sudo_conf/test6.out.ok, + lib/util/regress/sudo_conf/test7.out.ok: + Add probe_interfaces and intercept_path. + [f00ecf67a5e1] + + * lib/util/regress/fuzz/fuzz_sudo_conf.c: + Exercise getter functions. + [3208a9508724] + + * configure, configure.ac: + Avoid using our function replacements when fuzzing (where possible). + We don't want to fuzz the function replacements themselves as this + can skew the coverage reports. + [05781ba6f1f3] + + * plugins/python/regress/check_python_examples.c: + Disable sudo_debug tests when fuzzing. The debug code is disable + when fuzzing is enabled to avoid coverage issues. + [2c90549a0918] + + * lib/util/fatal.c, lib/util/getentropy.c, lib/util/sudo_conf.c: + Avoid compiling some code paths that are unreachable when fuzzing. + [c648cfe9ff0f] + + * plugins/sudoers/regress/serialize_list/check_serialize_list.c: + Plug memory leak. + [6189ff1db193] + +2022-12-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_policy.dict: + Update fuzz_policy keywords to match current policy settings. + [0db960f83cf1] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.dict: + Add example users and groups to the dictionary. + [6fd8ad758aed] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, src/parse_args.c: + parse_args: an environment variable may not start with '='. Also + check VAR=val format in validate_env_vars() and add an error message + if insert_env_vars() fails. + [b9b9acae1671] + + * plugins/sudoers/env.c: + rebuild_env: avoid a potential NULL dereference in fuzz_policy + [90f5d579dd69] + + * plugins/sudoers/sudoers.c: + sudoers_policy_main: plug memory leak of iolog_path on error. + [99cbe3d513e6] + + * plugins/sudoers/env.c: + rebuild_env: avoid a potential NULL dereference in fuzz_policy + [de05b4f00f35] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + The contents of the env_add array should not include the leading + "env=" prefix. The previous fix for this was incomplete. + [849fee26133a] + + * plugins/sudoers/env.c: + validate_env_vars: more efficient errbuf handling Also avoid + appending to errbuf if it is already full. + [1ffd174fa0ea] + +2022-12-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Document that -k does not interfere with sudo on other terminals. + This should help clarify the difference between "sudo -k" and "sudo + -K". + [589d750faf30] + + * lib/util/regex.c, lib/util/regress/regex/regex_test.c: + Check for bound values larger than 255 and reject them. This is to + prevent the fuzzers from running out of memory. + [f172a6d64a34] + + * scripts/pp: + Use the POSIX shell "command -v" instead of "which" to find + programs. Fix false detection of init.d/service status. + [aee53eddfc18] + + * etc/sudo.pp: + Fix example dir mode on RedHat/Fedora. + [f5fd86f35bc5] + + * etc/sudo.pp: + Use sed instead of ed to modify the packaged sudoers file. Some + Linux distros do not include /bin/ed by default. + [217ef1afaacb] + +2022-12-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in: + Use @intercept_file@ and @noexec_file@ like the example file. + [726e060da20e] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + There is a @pam_login_service@ substitution but no @pam_service@. + Just use sudo instead of @pam_service@. + [b16f28ccc847] + + * examples/sudo.conf.in: + Use @sudoers_plugin@ instead of @sudoers_module@. + [4c92b9ef93b5] + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in: + Use @sudoers_plugin@ instead of @sudoers_module@. + [3c50a97c1bbd] + + * INSTALL.md, NEWS, config.h.in, configure, configure.ac, + docs/UPGRADE.md, scripts/config.guess, scripts/config.sub: + sudo 1.9.13 Document the changes to AIX plugins in docs/UPGRADE.md + and regenerate configure using the latest autoconf from git. + [b897ca965a0f] + + * scripts/build_pkgs: + Remove anything after whitespace in MANIFEST when building tarball. + This is consistent with how sudo's Makefile builds the tarball. + [db48ecf91964] + + * MANIFEST: + Zap trailing whitespace. + [7be2d953e0ca] + + * configure, configure.ac, docs/sudo.conf.man.in, + docs/sudo.conf.mdoc.in, docs/sudoers.man.in, docs/sudoers.mdoc.in, + docs/visudo.man.in, docs/visudo.mdoc.in, examples/sudo.conf.in, + pathnames.h.in, src/load_plugins.c, src/preload.c: + Use AIX-style shared libraries on AIX by default instead of + SVR4-style. This removes the need to use the -brtl linker flag which + can cause problems when there are both a .so and .a version of the + same library but with different versions. This was particularly + problematic when using the AIX freeware version of OpenSSL. The + --with-aix-soname=svr4 option can be used to build SVR4-style shared + libs instead. + [268bd3bc7717] + + * lib/util/sudo_dso.c, src/load_plugins.c: + sudo_dso_load: add AIX fallback path from shlib.so to + shlib.a(shlib.so). If the .so file is missing but the .a file + exists, try to dlopen() the AIX .a file using the .so name as the + member. We need to avoid breaking existing configurations if the + type of AIX shared library changes when sudo is upgraded. + [f64cf05bb2c2] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Remove the owner and mode checks when loading a sudo plugin. The + sudo.conf file is considered a trusted source of information and + these checks suffer from TOCTOU issues anyway. The checks complicate + loading of shared objects since we need to perform fallback + processing twice. + [60a811d58138] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/python_importblocker.c, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testdata/sudo.conf.developer_mode, + plugins/python/regress/testdata/sudo.conf.normal_mode, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h, + plugins/python/sudo_python_module.h: + Remove the Python plugin import blocker code. The sudo.conf file is + considered a trusted source of information and these checks suffer + from TOCTOU issues anyway. + [1d261d802b82] + + * MANIFEST, docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + examples/sudo.conf.in, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3, + lib/util/regress/fuzz/fuzz_sudo_conf.dict, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_conf/test1.out.ok, + lib/util/regress/sudo_conf/test2.out.ok, + lib/util/regress/sudo_conf/test3.out.ok, + lib/util/regress/sudo_conf/test4.out.ok, + lib/util/regress/sudo_conf/test5.out.ok, + lib/util/regress/sudo_conf/test6.out.ok, + lib/util/regress/sudo_conf/test7.out.ok, + lib/util/regress/sudo_conf/test8.err.ok, + lib/util/regress/sudo_conf/test8.in, + lib/util/regress/sudo_conf/test8.out.ok, lib/util/sudo_conf.c: + Remove developer mode from sudo.conf, it is no longer used. + [2b350bfe4d7c] + + * plugins/sudoers/sudoers_version.h: + Bump SUDOERS_GRAMMAR_VERSION to 50 for the new list pseudo-command. + [60e6e3b59b1e] + +2022-12-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/Makefile.in, docs/sudo.man.in, docs/sudo.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in: + Use ".Sy root" instead of ".Em root" when talking about the root + user. Replace MANDOCPROG with "mandoc" now that MANDOCPROG has been + removed. + [a0b80a88eb7c] + +2022-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #226 from rtczza/main + + debug_return_int use error + [7743f67838ae] + +2022-12-23 wanglujun <wanglujun@uniontech.com> + + * src/exec_pty.c: + debug_return_int use error + [b69796b9b10b] + +2022-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_dso.c, src/load_plugins.c: + Fix support for AIX-style path(module) syntax in sudo.conf Plugin + lines. + [b8666283d2f2] + +2022-12-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Mention the "list" privilege in the description of the -U option. + [f5416004ef2e] + + * docs/sudo.man.in, docs/sudo.mdoc.in, src/parse_args.c, + src/sudo_usage.h.in: + Add [arg ...] after command in SYNOPSIS and usage output. Use Ar + markup when referring to the command and args. + [40fca0824680] + +2022-12-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_preload.c: + fmtstr: call va_arg() for %c when computing length. Even though we + don't need to read the actual char to know its length, we do need to + consume it to get the correct value for the next format. + [fadd0047868b] + + * configure, m4/sanitizer.m4: + SUDO_CHECK_SANITIZER: quote "$3" in awk script so m4 doesn't eat it. + [fcf1661bfebd] + + * lib/util/regress/json/json_test.c: + Add missing sudo_json_free(). + [fa5e5af55927] + + * MANIFEST, lib/util/Makefile.in, lib/util/regex.c, + lib/util/regress/regex/regex_test.c: + check_pattern: check bounds as a repetition operator too. Add regess + to verify check_pattern() via sudo_regex_compile(). + [48cbddf476a5] + + * lib/util/regex.c: + Instead of collapsing duplicate repetition characters, reject them. + This is implementation-specific behavior--some regcomp(3) will + reject duplicate repetition characters (BSD), others will try to + support them (Glibc) but may allocate excessive amounts of memory. + [a0cb75d9b5e5] + + * MANIFEST, docs/CONTRIBUTORS.md, po/sq.mo, po/sq.po: + New Albanian translation from translationproject.org + [4a8dedc6500d] + +2022-12-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, include/sudo_json.h, lib/eventlog/eventlog.c, + lib/iolog/iolog_loginfo.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/util/Makefile.in, lib/util/json.c, + lib/util/regress/json/json_test.c, lib/util/util.exp.in, + logsrvd/logsrvd_local.c, plugins/audit_json/audit_json.c, + plugins/sudoers/cvtsudoers_json.c: + Add basic regress for JSON functions. Fix a bug in escaped control + character handling. Roll back changes to buffer if + sudo_json_add_value() fails. + [8b61266511fe] + + * plugins/python/regress/iohelpers.c, + plugins/python/regress/testhelpers.c: + Add missing memory allocation failure checks. Inspired by GitHub PR + #221 + [9f09479191e9] + +2022-12-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/json.c: + Escape control characters in strings. + [9668cd68daee] + +2022-12-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Mention the audit plugin in the "Process model" section. Remove + extraneous information describing how sudo may exec the command + directly, this is already included in the non-pty section. + [9d01a9682ed2] + +2022-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c: + Plug a memory leak of list_cmnd in the fuzzers. + [b413becfb8db] + + * plugins/sudoers/cvtsudoers.c: + Suppress PVS Studio watning about reassigning a variable the same + value. Working around the warning would result in more fragile code. + [b4227e531fb7] + + * lib/util/regress/multiarch/multiarch_test.c: + Fix memory leak in multiarch_test to quiet leak sanitizer. + [1491ce67725c] + + * plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + Fix some dead stores noted by PVS Studio. Since rc is initialized to + SUDO_RC_ERROR there is no need to set it to SUDO_RC_ERROR again on + failure if rc has not been changed since initialization. + [f6c075dedfe3] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/logging.c, plugins/sudoers/match_command.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Add "list" pseudo-command to allow a user to list another user's + privs. Previously, only root or a user with the ability to run any + command as either root or the target user on the current host could + use the -U option. For "sudo -l [-U otheruser] command", NewArgv[0] + is now set to "list" (just like "sudo -l") and the actual command to + be checked starts with NewArgv[1]. + [225eac96d11f] + +2022-12-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/codespell.exclude: + Adjust a line to quiet codespell warning. + [f920076a902d] + +2022-12-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in: + Only build ChangeLog from a repo checkout, not a release tarball. + The CODEOWNERS file is not present in the release tarball so we can + use that when determining what is (or is not) a repo checkout. + [290ce43f0f66] + + * docs/CODEOWNERS: + Add CODEOWNERS file, currently all owned by @millert. + [3becb02b5cd6] + + * .gitignore, .hgignore, Makefile.in: + Only regenerate ChangeLog if there have been changes. Also check + that "hg --version" or "git --version" works before using hg or git. + Bug #1043. + [d9a28bb02621] + +2022-12-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c: + Fix potential crash introduced in the fix for GitHub issue #134. If + a user's sudoers entry did not have any RunAs user's set, running + "sudo -U otheruser -l" would dereference a NULL pointer. We need to + compare the default RunAs user if the sudoers entry does not specify + one explicitly. Problem reported by Andreas Mueller who also + suggested a different solution in PR #219. + [360e04f13024] <1.9> + + * plugins/sudoers/parse.c: + Fix potential crash introduced in the fix for GitHub issue #134. If + a user's sudoers entry did not have any RunAs user's set, running + "sudo -U otheruser -l" would dereference a NULL pointer. We need to + compare the default RunAs user if the sudoers entry does not specify + one explicitly. Problem reported by Andreas Mueller who also + suggested a different solution in PR #219. + [3d12dfeef26b] + + * scripts/build_pkgs: + Defer installing the SIGCHLD handler until after non-job commands + run. Lock the socket dir to avoid races in + open_persistent_connection(). Also avoid using "ssh -f" since that + may return before the socket is created. Strip carriage returns from + log when running in a pty. + [d0da1a261fbc] + +2022-12-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, m4/sudo.m4: + Fix a typo in SUDO_CHECK_NET_FUNC. + [08cb2ba84897] + + * lib/util/inet_ntop.c: + Fix -Wsign-compare warning. + [45e2716ece56] + + * configure, m4/sudo.m4: + Initialize "found" in SUDO_CHECK_NET_FUNC. + [a5daeb77e6bb] + + * configure, m4/sudo.m4: + Fix pasto introduced in last commit. + [7e1b09977be3] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Fix failure in check targets when there is no UTF-8 C locale. + [721c8bdff28f] + + * configure, configure.ac, m4/sudo.m4: + Add SUDO_CHECK_NET_FUNC to check functions in the network libraries. + If a function is not found, check again with "-lsocket", "-linet", + "-lsocket -lnsl", or "-lresolv". Also display network libs in final + summary as well as the different linker flags. + [a0ce3347cd8d] + + * configure, m4/sudo.m4: + Make sure HAVE_MAILLOCK_H is defined on Solaris 10. + [bb9f3a1beff5] + + * configure, configure.ac: + Remove extraneous "(cached)" line when the -C option is used. We do + not need to call AC_CACHE_VAL() to ensure that a variable is cached, + its name just needs to match the pattern *_cv_*. + [b8ffa09d0cd7] + + * configure, m4/sudo.m4: + Make path checks in sudo.m4 cachable. + [0bcfa73702d3] + + * configure, configure.ac: + Use AC_PATH_PROGS_FEATURE_CHECK to find mandoc/nroff. We don't use + the NROFFPROG or MANDOCPROG any longer so no need to set those. + [7d96680046a6] + + * configure, configure.ac: + Don't check for _sys_siglist if sys_siglist is found. + [2c70aba3935c] + + * configure, configure.ac: + Fix check for sys_sigabbrev. + [b8537a76815f] + +2022-12-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Skip test for __func__ on C99 and above, avoid extra _sys_signame + test. + [71f3497a6a3a] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/gettext.m4: + Move gettext checks to m4/gettext.m4 + [693029542e06] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/ldap.m4: + Move LDAP library checks to m4/ldap.m4 and make more tests + cacheable. + [85fa1f49298a] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/openssl.m4: + Move OpenSSL/wolfSSL checks to m4/openssl.m4 + [08b90f3cef52] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/pie.m4: + Move PIE executable checks to m4/pie.m4 + [6b5cac6cecd5] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/sanitizer.m4: + Move address sanitizer and fuzzer checks to m4/sanitizer.m4 + [a6372917d53b] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/visibility.m4: + Move symbol visibility checks to m4/visibility.m4 + [4684049c2d2c] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/hardening.m4: + Move hardening checks to m4/hardening.m4 + [c03abb3c9f55] + + * configure, configure.ac, m4/sudo.m4: + Make cpp variadic arguments check into a macro and move to sudo.m4. + Also move the PVS-Studio.cfg generation to sudo.m4. + [c1a8d3b46be1] + +2022-12-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/snprintf.c: + Sync with OpenBSD. + [157439118867] + + * Merge pull request #218 from sohomdatta1/snprintf + + [snprintf] Check for '\0' to prevent undef memory read + [050882923c98] + +2022-12-03 Sohom <sohomdatta1+git@gmail.com> + + * lib/util/snprintf.c: + [snprintf] Check for '\0' to prevent undef memory read + [aff60c479c10] + +2022-12-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, + src/parse_args.c, src/regress/noexec/check_noexec.c: + Place C23 attributes before keywords in function declarations. In + practice this means we must use "sudo_noreturn static foo(void)" + instead of "static sudo_noreturn foo(void)". + [6c1836dcb2d6] + +2022-11-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/build_pkgs: + Convert from using IPC::Open3 to IPC::Run. Run tests in a pty so + check_ttyname works as expected. Explicitly set short command line + options letters in GetOptions(). Add a debug flag to help see what + is going on internally. Add hook for die() to kill running jobs when + we are dying. SSH_AGENT_PID will not be present if the agent is + forwarded. In close_persistent_connections() only close active + connections. + [d49e1ac7e2f2] + +2022-11-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure.ac, include/sudo_compat.h: + Use C23 [[__fallthrough__]] and [[__noreturn__]] attributes if + supported. If the C23 attributes are not supported, use gcc-style + attributes where possible. + [57676068e9a9] + + * configure, configure.ac: + Move the check for the fallthrough attribute outside the warnings + block. Use AX_APPEND_FLAG instead of addind to CFLAGS directly. + [dc22d8238827] + +2022-11-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/build_pkgs: + The distributed package build script I use to build all sudo + packages. This is not included in the release tarball because it is + of limited use to other people. + [94c58cc272c8] + +2022-11-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in: + Pass the list of files to include in the tarball on stdin. This + avoids any limit on the size of argv. + [0af8578c89fe] + +2022-11-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #214 from BornThisWay/1124_repeated_invocation + + check_syntax(): Remove duplicate calls to init_defaults() + [3383fb0a6f5f] + +2022-11-24 modric <pioneerbtw7@163.com> + + * plugins/sudoers/visudo.c: + check_syntax(): Remove duplicate calls to init_defaults() + [048ccd968df9] + +2022-11-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sample/sample_plugin.c: + build_command_info: free command_info on failure. Once upon a time, + command_info was a stack variable, now it is dynamically allocated. + Coverity CID 299987. + [a80110e49952] + + * plugins/sample/sample_plugin.c: + Better handling of out-of-memory conditions. + [ee3e47c4d272] + + * plugins/group_file/group_file.c: + Keep group file open until the call to myendgrent(). This restores + the previous behavior. + [79751f7308d7] + + * lib/util/json.c, plugins/group_file/getgrent.c, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/log_client.c, + plugins/sudoers/match_command.c, plugins/sudoers/strvec_join.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/sudo.c: + Eliminate a few harmless dead stores. Quiets warnings from Infer. + [8bed7579b75d] + + * plugins/sudoers/ldap_util.c: + sudo_ldap_parse_option: add explicit NULL check for strchr(). This + should not be needed since we only use the returned pointer if it is + larger than the string passed to strchr(). Quiets a warning from + Infer. + [852aec3e0450] + + * logsrvd/logsrvd_journal.c: + journal_fdopen: free journal_path and close journal before setting + Fixes a potential resource leak that currently cannot happen. Quiets + a warning from Infer. + [bfe41e247c35] + + * plugins/sudoers/ldap.c: + sudo_ldap_result_add_entry: check sudo_ldap_get_values_len() return + value. Previously, we just compared the error code with + LDAP_NO_MEMORY when checking for sudoOrder since this is the only + error we care about. We now return NULL for LDAP_NO_MEMORY and + ignore other errors. Quiets a warning from Infer. + [6e5a490b735c] + + * plugins/group_file/getgrent.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/tsgetgrpw.h: + Refactor code to open passwd/group file and add + setpassent/setgroupent. This makes the "stayopen" semantics match + the system passwd/group functions. The getpwent/getgrent functions + now open the database if it is not already open. + [27bfa97ad47c] + + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.h: + gram.h: #line directives should reference gram.h not y.tab.h. + [7a2d4a24d839] + + * scripts/mkpkg: + Use clang, not /usr/bin/cc on FreeBSD and macOS. While /usr/bin/cc + _is_ clang on those platforms, some static analyzers get confused if + we don't run it as clang. + [d0c1f5940789] + +2022-11-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #212 from BornThisWay/1122_null_deref + + sudo_rcstr_dup: Fix potential NULL pointer deref + [58fcefa888fa] + +2022-11-22 modric <pioneerbtw7@163.com> + + * lib/util/rcstr.c: + sudo_rcstr_dup: Fix potential NULL pointer deref + [f45acaded1e5] + +2022-11-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check.c: + Add a reminder to the default lecture that the password will not + echo. This line is only displayed when the pwfeedback option is + disabled. GitHub issue #195. + [7bc25043c760] + + * Merge pull request #210 from BornThisWay/1121_typo + + Fix some typos + [9d1e9278effb] + +2022-11-21 modric <pioneerbtw7@163.com> + + * plugins/python/regress/testhelpers.h, plugins/sudoers/parse.c: + Fix some typos + [d7d1c3ade748] + +2022-11-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #208 from BornThisWay/1121_return + + intercept_read: Print and then return. + [615c2d5fca36] + +2022-11-21 modric <pioneerbtw7@163.com> + + * src/exec_intercept.c: + intercept_read: Print and then return. + [049547eb7ac0] + +2022-11-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #205 from BornThisWay/1119_access_null_pointer + + sudo_mmap_strdup_v1: Fix potential NULL pointer deref + [bad55afc72bb] + +2022-11-19 modric <pioneerbtw7@163.com> + + * lib/util/mmap_alloc.c: + sudo_mmap_strdup_v1: Fix potential NULL pointer deref + [f8da23aff2ec] + +2022-11-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_intercept.c: + copy_vector: plug memory leak in error path Only the array was being + freed, not the contents. GitHub issue #202. + [cd1407dbe65f] + +2022-11-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Better matching of macOS version to SDK path. + [db7f2cbdb023] + + * Merge pull request #200 from BornThisWay/fix_mem_leak_converse + + Fix memory leak of pass in converse(). + [b411801abdf7] + + * plugins/sudoers/auth/passwd.c: + sudo_passwd_cleanup: Set auth->data to NULL after freeing. GitHub + issue #201 + [e558188bd99d] + +2022-11-17 modric <pioneerbtw7@163.com> + + * plugins/sudoers/auth/pam.c: + Fix memory leak of pass in converse(). + [052c99eaad8f] + +2022-11-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac: + Use AC_SYS_YEAR2038 instead of setting _TIME_BITS by hand. + [049113d798e9] + + * configure, m4/ax_append_flag.m4, m4/ax_check_compile_flag.m4, + m4/ax_func_snprintf.m4, m4/ax_prog_cc_for_build.m4: + Update macros from autoconf-archive. + [48b960c883df] + + * plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif, + plugins/sudoers/regress/visudo/test3.sh: + Fix typo; excerise -> exercise + [42cdb396b72b] + + * config.h.in, configure, scripts/config.guess, scripts/config.sub: + Regenerate with the autoconf 2.72a pre-release. + [51d043878181] + + * configure.ac: + Fix insufficient quoting in AC_CHECK_LIB() calls. + [78d37b60a912] + + * autogen.sh: + If AUTOCONF_VERSION is unset, use version 2.71 not 2.69. + [108faf700aa7] + + * configure.ac, m4/ax_func_getaddrinfo.m4, m4/sudo.m4: + Replace `foo` in descriptions with 'foo' + [ba63cef7bbe8] + +2022-11-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Add -Wvla and -Walloca to --enable-warnings + [7b9b59e35905] + +2022-11-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/pwutil.c: + sudo_debug_group_list: short-circuit if groups is NULL + [0f8f11ef82b6] + + * configure, configure.ac: + configure: only check for getauxval() if getentropy() is missing. + [c056c2fc3898] + + * config.h.in, configure, configure.ac: + Remove checks for random() and lrand48(), they are no longer used. + Also remove duplicate checks for arc4random() and getentropy(). + [e3433874211d] + + * configure, configure.ac: + Skip check for cpp variadic macro support if the compiler supports + C99. + [42efc9934ef5] + + * configure, configure.ac: + HI-UX/MPP is based on OSF-1, not HP-UX Completely untested. + [c55ba59cd24d] + + * configure, configure.ac: + Only check for utmps.h on HP-UX. + [682bb16545cf] + + * configure, configure.ac: + Only check for sys/syscall.h on Linux. We only use it in the Linux- + specific getentropy() emulation code. + [eac313bfc142] + + * config.h.in, configure, configure.ac: + configure: avoid running unnecessary tests on modern systems. Remove + AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T. Add missing + checks for int16_t, uint16_t, int32_t, and int64_t. Only check for + intmax_t, uintmax_t and bit-width types if missing both inttypes.h + and stdint.h. Remove unused clockid_t replacement. + [9f1f9d365f60] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test40.out.ok, + plugins/sudoers/regress/cvtsudoers/test40.sh: + Add a regress check for the cvtsudoers filter crash. GitHub issue + #198. + [f0abea1f10d0] + + * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + The name of the C locale w/ UTF-8 support is not always C.UTF-8. Use + a pattern to find it (if present) and use that value instead of + hard-coding C.UTF-8. This works around a leak sanitizer crash on + certain inputs. + [99aeb5a875f7] + +2022-11-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse_ldif.c: + Fix a potential use-after-free bug with cvtsudoers filtering. In + role_to_sudoers() when merging a privilege to the previous one where + the runas lists are the same we need to re-use the runas lists of + the last command in the previous privilege, not the first. + Otherwise, the check in free_cmndspec() will not notice the re-used + runas lists. Reported/analyzed by Sohom Datta. GitHub issue #198. + [29d1380d2fe0] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif, + plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif, + plugins/sudoers/regress/corpus/seed/ldif/sample.ldif, + plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif, + plugins/sudoers/regress/cvtsudoers/test39.sh: + Copy some LDIF test data from the cvtsudoers tests to the seed + corpus. This includes a test to exercise the fix in PR #196. + [f74d65cf34d1] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Set LDAP base for sudoers_parse_ldif(). Without this set the fuzzer + will not exercise the dn parsing. + [c154b1a5d287] + + * src/exec_ptrace.h: + Include linux/elf.h, not elf.h to make sure we get + NT_ARM_SYSTEM_CALL. The NT_PRSTATUS define is present in both files. + [161f41f644ca] <1.9> + + * src/exec_ptrace.h: + Include linux/elf.h, not elf.h to make sure we get + NT_ARM_SYSTEM_CALL. The NT_PRSTATUS define is present in both files. + [4a4e3142381a] + +2022-11-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_compat.h: + Remove CMSG_* compatibility macros, they are no longer used. + [5914434ecb5c] + + * lib/util/multiarch.c, lib/util/sudo_dso.c: + Add missing include of sys/stat.h + [d3b0f701c75f] + + * include/sudo_util.h: + Move forward declaration of struct stat before its first use. + [f3cc645d197c] + + * plugins/sudoers/regress/cvtsudoers/test28.sh, + plugins/sudoers/regress/cvtsudoers/test29.sh, + plugins/sudoers/regress/cvtsudoers/test33.sh, + plugins/sudoers/regress/cvtsudoers/test39.sh: + Use a consistent base when testing cvtsudoers conversion from ldif. + [a22cb486b2a3] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/cvtsudoers/test39.out.ok, + plugins/sudoers/regress/cvtsudoers/test39.sh, + plugins/sudoers/regress/harness.in: + Test parsing LDIF when a backslash is the last char of the file. If + run with address sanitizer, this test will crash when the fix in + ceaf706ab74b is reverted. + [f50c78b7ed32] + + * Merge pull request #196 from sohomdatta1/main + + Prevent cvtsudoers from reading into undefined memory + [f21c417bbbb3] + +2022-11-09 Sohom <sohom.datta@learner.manipal.edu> + + * plugins/sudoers/parse_ldif.c: + [cvtsudoers]: Prevent sudo from reading into undefined memory + [ceaf706ab74b] + +2022-11-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/passwd.c: + sudo_passwd_verify: zero out des_pass before returning. + [c809232fdb7d] + +2022-11-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Don't kill the parent process group on suspend if it is not sudo's + pid. If sudo is not the process group leader we must only send the + suspend signal to sudo itself. When sudo is run via a shell script, + it usually has the same process group as the shell script + interpreter. We do not want to suspend the script itself when the + command run by sudo is suspended. + [e6715ec62335] + + * src/exec_nopty.c, src/regress/intercept/test_ptrace.c, + src/sudo_exec.h, src/suspend_nopty.c: + Pass sudo's process ID to suspend_sudo_nopty() since we already know + it. Saves an unnecessary getpid(2) call. + [1e12d9b0ce53] + + * src/exec_nopty.c: + Call terminate_command() with use_pgrp = false when not running in a + pty. When sudo runs a command in the user's existing terminal the + command is run in the same process group as sudo itself. The proper + way to terminate it is to use kill(2), not killpg(3) + [3d9862963e92] + + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo_exec.h: + Fix handling of signal forwarding when running commands in a script. + We need to forward signals from a process in the same pgrp if the + pgrp leader is not either sudo or the command itself. + [d1bf60eac57f] + + * src/regress/intercept/test_ptrace.c: + Make test_ptrace compile again after recent changes. + [e766db5aa9d4] + + * src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c: + Update the cwd for log_subcmds too. Fixes a problem for + intercept_method=trace when running a relative command from a + different directory than what sudo ws started from. GitHub issue + #194 + [b831f2397d9f] + +2022-11-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_12p1 for changeset 39cf4d8052ff + [28ed2d994f40] <1.9> + + * NEWS, configure, configure.ac: + Merge sudo 1.9.12p1 from tip. + [39cf4d8052ff] [SUDO_1_9_12p1] <1.9> + + * NEWS, aclocal.m4, configure, configure.ac: + sudo 1.9.12p1 + [6268fbabdb16] + +2022-11-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/host_port.c: + Include time.h for struct timespec used by sudo_iolog.h. + [369c8e799652] + + * src/sudo.c: + Display sudo_mode in hex in debug log. This makes it easier to match + against the MODE_ defines. + [971e8f88bc12] + +2022-11-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/bsdauth.c: + bsdauth_verify: do not write to prompt, it is now const + [1969a562cf14] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Store raw sudoers lines in the debug log. Also add a "sudoerslex" + prefix to the token debug info in sudoers_trace_print(). + [be03aef496cb] + +2022-10-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + The line numbers in sudoers_trace_print() were off by one. The line + counter is incremented when a newline is seen so the output actually + refers to the previous line. + [a97182a63419] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h: + Make the second arg to the sudo auth verify function const. This may + be either a plaintext password or a password prompt. Either way it + should not be modified by the verify function. + [11aefc2bc3da] + +2022-10-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + Move debugging info from hostname_matches() to host_matches(). + [2a53d2dcd1f5] + +2022-10-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/pwutil.c: + Add debugging to sudo_set_grlist() and sudo_set_gidlist(). + [620d6f7fb4f8] + + * plugins/sudoers/auth/passwd.c: + Fix CVE-2022-43995, potential heap overflow for passwords < 8 + characters. Starting with sudo 1.8.0 the plaintext password buffer + is dynamically sized so it is not safe to assume that it is at least + 9 bytes in size. Found by Hugo Lefeuvre (University of Manchester) + with ConfFuzz. + [a6229aa26fbf] + +2022-10-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + configure: better test for -fstack-clash-protection The gcc front- + end may accept -fstack-clash-protection even if the machine-specific + code does not support it. We use a test program with a large stack + allocation to try to cause the compiler to insert the stack clash + protection code, or fail if not supported. GitHub issue #191 + [bbfbe758258c] + + * configure, configure.ac: + Check that compiler accepts -fstack-clash-protection and -fcf- + protection. Previously, we only checked that linker accepted them. + GitHub issue #191 + [7d36b89b6e4d] + +2022-10-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + Fix compilation error on Linux/mips. + [ae4c28d8a050] + +2022-10-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_12 for changeset b53d725f7c88 + [dd962ed18037] <1.9> + + * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.12 from tip. + [b53d725f7c88] [SUDO_1_9_12] <1.9> + + * src/Makefile.in: + Regenerate dependencies for src/sesh.c. + [ada8f04afc6d] + + * plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in: + Sync clean target with other Makefile.in files. + [8048628a554e] + + * Makefile.in, plugins/sample/Makefile.in: + Build the sample plugin but do not install it by default. We no + longer install the sample approval plugin. + [a8644924b6a1] + + * plugins/sample/sample_plugin.c: + Adapt to current plugin API and fix warnings. + [d822f1a10361] + +2022-10-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Disable admin_flag by setting to NULL, not false. Found by cppcheck. + [6e32481e0555] + + * NEWS: + Bug #1042. + [85d508b6d5e5] + + * include/sudo_util.h, lib/util/fatal.c, lib/util/term.c, + lib/util/util.exp.in, src/conversation.c: + Only add trailing carriage return to messages if output is a raw + tty. If output is being written to a terminal in "raw" mode, we need + to add a carriage return after the newline to avoid "stair-step" + output. However, we should not write the carriage return if the + terminal is in "cooked" mode, output to a pipe, or output redirected + to a file. Bug #1042. + [14f5bf04245f] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Make it clear that runas_default sets the default user for + Runas_Spec. Also use mention runas_default in other parts of the + manual, use @runas_default@ instead of root and add markup around + user names. GitHub issue #186. + [73f0b82a2b22] + + * lib/util/multiarch.c, lib/util/sudo_dso.c: + Fix a typo, muti-arch -> multi-arch GitHub issue #185 + [d88270b9e98f] + +2022-10-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention log_servers eventlog fix. + [484b76589309] + + * plugins/sudoers/policy.c: + Don't NULL out the plugin close function when logging to a log + server. If sudo calls execve(2) directly the accept info will not be + sent. We also need the sudo front-end to wait until the command + finishes to send the exit status. + [11976aa84040] + +2022-10-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md: + Fix numbering in "Simple sudo installation" + [695bec2a6223] + +2022-10-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + zlib 1.2.13 update + [2119981787f0] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/ja.mo, + po/ja.po, po/ka.mo, po/ka.po, po/ko.mo, po/ko.po, po/pl.mo, + po/pl.po, po/ro.mo, po/ro.po, po/sr.mo, po/sr.po, po/sv.mo, + po/sv.po, po/uk.mo, po/uk.po: + Updated translations from translationproject.org + [b1f28405c58d] + + * lib/zlib/zconf.h.in: + Don't define _LARGEFILE64_SOURCE or _LFS64_LARGEFILE. We don't need + them and the missing prototype for crc32_combine_gen64() issue has + been fixed upstream. + [39eb41f1dba4] + +2022-10-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/deflate.c, + lib/zlib/deflate.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inflate.c, + lib/zlib/inftrees.c, lib/zlib/inftrees.h, lib/zlib/trees.c, + lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h, + lib/zlib/zutil.c, lib/zlib/zutil.h: + Update embedded copy of zlib to version 1.2.13. Fixes + CVE-2022-37434. + [737d6de5253c] + + * lib/util/fchownat.c: + Add fchownat() for systems without it. + [7c4aeda51522] + +2022-10-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Update NEWS for 1.9.12. + [a4b090f3f6c8] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.12 + [179fba83936d] + + * src/selinux.c, src/sesh.c, src/sudo_edit.c: + Use getopt() and getopt_long() for sesh command line options. + [fbaa6c75e2ef] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Update the description of intercept_verify + [63f80a7cd4a6] + +2022-10-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/load_plugins.c: + Silence a warning from the Solaris Studio compiler. + [49a3c72cb539] + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + include/sudo_eventlog.h, include/sudo_json.h, include/sudo_plugin.h, + lib/eventlog/eventlog.c, lib/iolog/iolog_loginfo.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, lib/util/json.c, + logsrvd/logsrvd_local.c, plugins/audit_json/audit_json.c, + plugins/sudoers/sudoers.h, src/env_hooks.c, src/exec_intercept.c, + src/net_ifs.c, src/sudo_intercept_common.c, src/sudo_plugin_int.h: + Avoid a -Wshadow warning on Solaris 9. + [e6bc419fa976] + + * lib/util/mmap_alloc.c: + Fix a build error on Solaris 9. + [679b60caf5a3] + +2022-10-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c: + Fix display of command tags and options in "sudo -l" when RunAs + changes. A new line is started when RunAs changes which means we + need to display the command tags and options again. GitHub issue + #184 + [3180777986de] + + * plugins/sudoers/fmtsudoers.c: + Fix printing of MYSELF when listing another user's privileges. We + need to use list_pw if it is set instead of user_name. GitHub issue + #183 + [268044635b44] + + * NEWS: + Update NEWS file with recent changes. + [200ac32d330b] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/multiarch.c, lib/util/regress/multiarch/multiarch_test.c, + lib/util/sudo_dso.c, lib/util/util.exp.in, src/load_plugins.c: + Apply multiarch rules when loading plugins too. + [f53fe06fce06] + +2022-10-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_dso.c: + sudo_dso_load: try multi-arch on Linux if we can't load the path. + For example, if loading /usr/lib/libsss_sudo.so fails, try again + with /usr/lib/x86_64-linux-gnu/libsss_sudo.so. + [4eabffa486b5] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/open_parent_dir/open_parent_dir_test.c: + Add test for sudo open_parent_dir() + [2d6b1be616c9] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test19.out.ok, + plugins/sudoers/regress/testsudoers/test19.sh: + Add test for matching a literal "" command line argument as "" in + sudoers. GitHub issue #182. + [ccb5dc8b23ee] + +2022-10-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/visudo.man.in, docs/visudo.mdoc.in, plugins/sudoers/visudo.c: + Add -I flag to disable editing include files unless there is an + error. This can be used when you only want to edit a single sudoers + file unless there is a pre-existing syntax error. + [18fbf720fdbf] + + * plugins/sudoers/match_command.c: + Do not match a literal "" command line argument as "" in sudoers. If + the empty string is specified in sudoers, no user args are allowed. + GitHub issue #182. + [5de0370eddcb] + + * lib/util/sudo_conf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c: + sudo_secure_open_{file,dir}: always check thatreturn value is not + -1. Avoids false positives from static analyzers that can't figure + out that the fd is always valid when error is SUDO_PATH_SECURE. + [f0ebb2b836b9] + + * lib/iolog/iolog_mkdtemp.c: + Correct return value when mkdtempat() fails. + [5a491fac8f49] + + * lib/util/mkdir_parents.c: + sudo_open_parent_dir: stop before creating the last path component + Fix a regression introduced in sudo 1.9.9 where the entire directory + path was created instead of just the parent directory. + [fdaa5aeb744b] + +2022-10-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, scripts/log2cl.pl: + Use "hg log --template" instead of "hg log --style". + [63f020404fbb] + +2022-09-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c, + src/parse_args.c: + Mark code that escapes/unescapes "sudo -s cmd args..." for removal. + A future version of the plugin API will defer any such escaping to + the policy plugin so it can be configurable. + [658d1bba4319] + + * NEWS: + Update with recent changes. + [4a739e30c77f] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in: + Improve the description of JSON output. + [258b57ce22ab] + +2022-09-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md, etc/codespell.ignore, lib/eventlog/eventlog.c, + plugins/group_file/getgrent.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, + src/exec_nopty.c: + Fix typos found by codespell 2.2.1. + [3beaf856c861] + + * logsrvd/iolog_writer.c: + Change max user-ID and group-ID from INT_MAX to UINT_MAX. + [0971e5f9f398] + + * logsrvd/logsrvd_local.c: + Add support for NumberList stored in an InfoMessage. + [a762fe45e5cc] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c, + plugins/sudoers/log_client.c: + Add missing NULL checks for mandatory fields in protobuf messages. + Also no longer reject an InfoMessage with an unknown value_case, + just log and ignore it. + [41c38e7f075b] + +2022-09-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/log_client.c: + Don't send ttyname to log server if it is NULL. Otherwise the log + server will reject the AcceptMessage because a NULL string is not + allowed. + [df7fea4bef26] + + * src/exec_nopty.c: + HP-UX has struct winsize in termios.h. + [5827a1f234fe] + + * plugins/python/Makefile.in, src/Makefile.in: + Regen dependencies + [817623addc62] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, src/exec.c, + src/exec_nopty.c, src/exec_pty.c, + src/regress/intercept/test_ptrace.c, src/sudo_exec.h, + src/suspend_nopty.c: + Add support for logging stdin/stdout/stderr in the non-pty exec + path. If we are logging I/O but not terminal input/output (either + because no terminal is present or because that is what the plugin + requested), the non-pty exec path is now taken. + [205c68d452df] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_iolog.c, + src/exec_nopty.c, src/exec_pty.c, src/regress/noexec/check_noexec.c, + src/sudo_exec.h, src/sudo_intercept_common.c: + Move exec code to call into I/O log plugin to exec_iolog.c. This + will be shared with exec_nopty.c in the future to log + stdin/stdout/stderr without running the command in a pty. Both + exec_pty.c and exec_nopty.c now use the same closure. + [45a19e8e3721] + + * plugins/python/python_importblocker.c: + Implement find_spec, not the deprecated find_module. Fixes a test + failure due to find_module having removed from setuptools. + [cc1e68c0ee1e] + +2022-09-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c: + copy_arg: fix copying an escaped backslash GitHub issue #179 + [d21d95ec5cb0] + +2022-09-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/mktemp.c: + Use mkdtempat_np() and mkostempsat_np() on macOS + [ad0cd430347e] + +2022-09-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_iolog.h, lib/iolog/iolog_mkdirs.c, + lib/iolog/iolog_mkdtemp.c, lib/util/mkdir_parents.c, + logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c: + Convert remaining uses of sudo_mkdir_parents() to + sudo_open_parent_dir(). + [62fd9644a605] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl: + Add fchownat() systems without it. + [d51316f1026d] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/mktemp.c, plugins/python/regress/iohelpers.h: + Add mkdtempat() and mkostempsat() for systems without them. + [099468742d16] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, include/sudo_util.h, + lib/util/secure_path.c, lib/util/sudo_conf.c, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c: + Use sudo_secure_open_file() instead of sudo_secure_file() where + possible. Both sudo_secure_open_file() and sudo_secure_open_dir() + are now passed a struct stat pointer like sudo_secure_file() and + sudo_secure_dir(). + [c4e4c3f74ea4] + + * include/sudo_util.h, lib/util/mkdir_parents.c, + lib/util/secure_path.c, lib/util/util.exp.in, + plugins/sudoers/timestamp.c: + Fix potential TOCTOU when creating time stamp directory and file. + [d36591f966c5] + + * lib/util/mkdir_parents.c: + sudo_mkdir_parents: just use memcpy() to copy the path component. + Using snprintf() for this is overkill, we need to do the same length + check either way. + [8ea754871a54] + + * lib/util/Makefile.in: + regen + [ab40def3376c] + +2022-09-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/digest_gcrypt.c: + Quiet libgcrypt run-time warning about not being initialized. Fixes + Debian bug #1019428 and Ubuntu bug #1397663. + [ebf9a6477d5d] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/audit.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.h, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Split log_{input,output} into log_{stdin,ttyin} and + log_{ttyout,stdout,stderr} If log_input is set, log_{stdin,ttyin} + will be set as well. If log_output is set, + log_{stdout,stderr,ttyout} will be set as well. This provides more + fine-grained control over I/O logging and makes it possible to + disable logging piped or redirected intput or output. + [5b7ea42ac63b] + + * LICENSE.md, include/protobuf-c/protobuf-c.h, + lib/protobuf-c/protobuf-c.c: + Update to protobuf-c 1.4.1 We already had all the relevant fixes so + this is just cosmetic. + [aa51e48afe49] + + * src/load_plugins.c: + new_container: no need to initialize container pointer in + declaration. From Li zeming. + [729a8a417d88] + +2022-09-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Use tcpgid if passed from sudo front-end and use it in + tty_present(). This can be used as another indicator that a terminal + is present without having to open /dev/tty. + [b804b8b7fc03] + +2022-09-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in, + docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in, + docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in, + docs/sudo_plugin.mdoc.in, docs/sudo_sendlog.man.in, + docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in, + docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in, + docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in: + Remove most uses of the deprecated Li macro which has no effect. + Also fix some other incorrect markup. + [8f94cc555092] + +2022-09-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Use $(GREP) and $(EGREP) variables in Makefile.in files. + [cf8d7fb45169] + + * Merge pull request #177 from a1346054/fixes + + Makefile.in: replace `egrep` and fix target name + [751aa03eb470] + +2022-09-12 a1346054 <36859588+a1346054@users.noreply.github.com> + + * Makefile.in: + Fix incorrect makefile target name + [318288fb712f] + + * Makefile.in: + Use `grep -E` instead of `egrep` + [4a2d9543643c] + +2022-09-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in: + Document apparmor_profile, intercept_verify, and update_ticket. + [d55caa1af788] + + * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in: + Fix some of the markup to be more consistent with + sudo_plugin.mdoc.in. Also reword a few awkward phrases. + [8682c067c38b] + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in: + Use correct markup of function arguments and struct members. Also + remove most uses of the deprecated Li macro which has no effect. + [59b01b9ff183] + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in: + Move the init_session() errstr description to where it belongs. + [8c1e7cb23d1f] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Fix a typo + [591b75013070] + +2022-09-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + log_parse_error: make errstr const to quiet a -Wwrite-strings + warning + [9827a2a01316] + + * config.h.in, configure.ac, include/sudo_compat.h, + include/sudo_debug.h, include/sudo_fatal.h, include/sudo_lbuf.h, + include/sudo_util.h, lib/eventlog/eventlog.c, + plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/defaults.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.h, + plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, + src/parse_args.c, src/regress/noexec/check_noexec.c, src/sudo.h: + Move gcc-style __attribute__ macros to config.h.in Renamed __malloc + -> sudo_malloclike, __printflike -> sudo_printflike, __printf0like + -> sudo_printf0like. Add sudo_noreturn instead of + __attribute__((__noreturn__)). We do not use stdnoreturn.h since it + has been deprecated in C23 in favor of the [[noreturn]] attribute. + [ad3c04a1bbb0] + + * plugins/sudoers/visudo.c: + Add __printf0like to visudo_track_error(). + [7a118c40d360] + +2022-09-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.y: + Back out unintended change in last commit. + [5d52c966212d] + + * plugins/sudoers/gram.y, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + It is possibble for sudoerserrorf() to be called with a NULL format. + So log_parse_error() needs to check fmt for NULL before using it. + [5b779a6888c9] + +2022-09-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/UPGRADE.md: + Mention how to restore the historic core resource limit behavior. + [bfd792bd9d07] + + * plugins/sudoers/audit.c: + Set MODE_POLICY_INTERCEPTED for log_subcmds too. This fixes a + problem where sub-commands were not being logged to the remote log + server, if configured. Since we don't go through + sudoers_policy_main() again for log_subcmds, we set the flag in + sudoers_audit_accept() instead. The reason this is complicated is + that when I/O logging is enabled the initial accept message gets + sent as part of the remote logging handshake. GitHub issue #174 + [297fa6bbd769] + +2022-09-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Update with latest changes. + [d7ca5db7adc7] + + * docs/cvtsudoers.mdoc.in: + Fix typo. + [7629516758e2] + + * plugins/sudoers/sudoers.c: + Only check the admin flag file once in intercept mode. + [c439914e08e1] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in: + Document cvtsudoers CSV output format + [c5164466cae2] + +2022-08-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in: + Document cvtsudoers JSON output format + [9fce227c2c61] + +2022-08-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + Zero out register struct before calling ptrace_getregs(). Quiets a + spurious valgrind warning. + [32f19e2e508f] + +2022-08-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + intercept_verify is fast, but the policy check is (relatively) slow. + [0a120a78bd37] + + * src/exec_ptrace.c: + Realloc the buffer used to store argv and envp as needed. We now + store the vector immediately after the string table. It is possible + for argv and its contents to be invalidated by realloc() when + reading envp so we store the pointers as offsets until we are done + allocating. + [7620f3dceac4] + +2022-08-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c, src/exec_ptrace.h: + ptrace_verify_post_exec: use /proc/PID/cmdline and /proc/PID/environ + There is no reason to read these directly from the tracee when we + rely on /proc being mounted to access /proc/PID/exe. + [5da938210647] + + * src/exec_ptrace.c: + Protect ptrace_readv_string() with #ifdef HAVE_PROCESS_VM_READV + [cc8e71c4c529] + +2022-08-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Rework the intercept section in "Preventing shell escapes". + [5e5b1ea90ce1] + + * .github/workflows/codeql-analysis.yml: + Update CodeQL Action to v2 using current example config. + [d0aa8b4dda28] + + * lib/util/arc4random.c: + Suppress PVS-Studio false positive. + [32fd02734378] + + * src/exec_intercept.c: + intercept_check_policy_req: an empty argv[] is now supported + [a668708cc0a9] + + * config.h.in, configure, configure.ac, src/exec_ptrace.c: + Use process_vm_readv(2) and process_vm_writev(2) if available. This + is faster than reading/writing from/to the remote process one word + at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA. + [d0c5ed82738c] + + * plugins/sudoers/check.c: + Skip all of check_user() for intercept unless intercept_authenticate + set. Previously we were calling the PAM approval modules even in + intercept mode which can take a lot of time. We may wish to make PAM + approval configurable in intercept mode in the future. + [e06fbc7e4ca6] + + * plugins/sudoers/sudoers.c: + Only set MODE_POLICY_INTERCEPTED on subsequent policy checks. This + fixes a bug where MODE_POLICY_INTERCEPTED was set too early if the + intercept option was set globally in sudoers. It should only be set + after the original command has executed. + [8f5d47c2635a] + +2022-08-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + intercept_verify also compares the environment. Also mention the + overhead involved in checking things. + [44da04558285] + +2022-08-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + ptrace_getregs: make compat check more generic No need to use + different checks for mips and non-mips, the compiler will optimize + away the superfluous check. + [0f2ff0f3f388] + + * src/preload.c: + Correct type of sudoers_audit. GitHub issue #61 + [17a7806ad3ba] + +2022-08-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sesh.c: + Fix shadowed variable warning. + [e200b6b5b4fd] + +2022-08-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.h: + Fix shadowed variable warning on aarch64. + [84169692bd1c] + + * src/regress/intercept/test_ptrace.c: + Quiet another -Wwrite-strings warning. + [ff2860056976] + + * src/exec_ptrace.c: + ptrace_getregs: try to determine compat mode if caller doesn't know. + In ptrace_verify_post_exec(), we don't know whether the executable + that is now running is a native or compat binary. In most cases + ptrace_getregs() will be able to figure it out for us. + [fb0fa29ff554] + + * src/exec_ptrace.c: + ptrace_intercept_execve: fail syscall rather than killing process on + error. If the execve(2) args are bogus pointers, we should just + return an error instead of killing the process. For consistency with + the kernel, convert EIO from ptrace(2) to EFAULT. Also convert some + ptrace(2) warnings to debug printfs so sudo is less chatty. + [3d30c6d28005] + +2022-08-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + Treat argv and closure->run_argv of different sizes as a mismatch. + If argv and closure->run_argv match up to the point where we hit a + NULL but one of them has additional entries, we still need to + rewrite argv. + [91d522d9c3b6] + + * src/exec_ptrace.c: + Handle the case where argc is 0 when allocating space for argv. We + need to pass the pathname to the policy plugin in argv[0] so we must + be sure to allocate space for it even if argc is 0. + [953f92c9e7a5] + + * src/sudo_intercept.c: + copy_vector: treat a NULL pointer as an empty vector. Linux + execve(2) allows argv to be NULL so we must allocate an empty vector + in this case and not return an error. + [cf30608ed6cb] + + * src/exec_preload.c: + Update debug_decl name for sudo_preload_dso -> + sudo_preload_dso_alloc change. + [b0db53a62c7a] + + * src/exec_intercept.c: + Handle the case where argc is 0 when rebuilding argv. We need to + pass the pathname to the policy plugin in argv[0] so we must be sure + to allocate space for it even if argc is 0. + [10358fc408a1] + + * src/exec_ptrace.c: + Handle sysconf(_SC_ARG_MAX) failure, Coverity CID 276504. + [ddb88da56bd7] + + * plugins/sudoers/match_digest.c: + Avoid a Coverity false positive. + [dd9fd747bd7f] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Remove cast from time_t to int to avoid a Coverity false positive. + The cast should not be required. + [a305b10eb17e] + +2022-08-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/group_plugin.c: + Use multilib rules to look for a 64-bit group plugin on failure. If + sudo_dso_load() fails on a 64-bit system, try to load a 64-bit + native version of the file using system-dependent multilib rules. If + we don't support multilib on the platform, check for a version of + the file that ends in "64" before the .so suffix. + [d36bcc89ee34] + + * docs/sudo_plugin.man.in: + regen + [c14c0882a07d] + +2022-08-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/env.c, src/env_hooks.c: + In putenv(3) replacement reject a string with no '=' or that starts + with one. + [59c6e6e5232b] + +2022-08-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * LICENSE.md: + Update copyright year for embedded zlib. + [2c52d016e583] + +2022-08-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Use our own arc4random() in preference to the glibc version. The + glibc arc4random() may fail in chroot on older kernels and exit. + [9b4a62c9f468] + + * lib/util/sudo_dso.c: + sudo_dso_load: restore original error for AIX on failure. For AIX, + if dlopen() fails we try again with RTLD_MEMBER set and a default + member (shr.o or shr_64.o). However, if that also fails, the user + will receive a useless error message that doesn't correspond to the + actual problem. We now retry the original dlopen() if the fallback + to RTLD_MEMBER fails, which has the effect of restoring the original + error message. + [ec539996a4aa] + +2022-08-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #165 from bdrung/xdg-current-desktop + + Add XDG_CURRENT_DESKTOP to initial_keepenv_table + [3d2e82e32ea8] + + * NEWS, configure, configure.ac: + Sudo 1.9.12. + [08c096ada8b2] + + * docs/sudo_plugin.mdoc.in, include/sudo_plugin.h, plugins/python/regr + ess/testdata/check_multiple_approval_plugin_and_arguments.stdout, + src/exec.c: + Bump the sudo plugin minor version. The "update_ticket" entry was + added to the settings list and the "intercept_verify" entry was + added to the command_info list. + [3259f3199798] + + * docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/check.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_usage.h.in: + Add a way to run a command without updating the cached credentials. + This can also be used to test for whether or not the user's + credentials are currently cached. + [f5825a6f881b] + + * Merge pull request #168 from likunyur/lky + + Remove unnecessary initialization and casts. + [fcb251c895ce] + + * Merge pull request #169 from kempstonjoystick/main + + Fix incorrect SHA384/512 digest calculation. + [f016c3a37255] + +2022-08-02 Tim Shearer <timtimminz@gmail.com> + + * lib/util/sha2.c: + Fix incorrect SHA384/512 digest calculation. + + Resolves an issue where certain message sizes result in an incorrect + checksum. Specifically, when: (n*8) mod 1024 == 896 where n is the + file size in bytes. + [e9f235a8d432] + +2022-08-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h: + Defer chdir(2) until sesh when running with SELinux. We need to be + running with the correct security context or the chdir(2) may fail. + GitHub issue #160. + [a8713dd21be9] + +2022-08-01 Li zeming <zeming@nfschina.com> + + * lib/util/arc4random.c: + util/arc4random: (void*) type pointer passing address could remove + cast + + Signed-off-by: Li zeming <zeming@nfschina.com> + [aa4e8c73f131] + + * lib/iolog/hostcheck.c: + iolog/hostcheck: These two parameters do not need to be initialized + and assigned, the following code is directly assigned + + Signed-off-by: Li zeming <zeming@nfschina.com> + [dd657435f277] + +2022-07-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #166 from c4rlo/patch-1 + + visudo.c: add nvim (Neovim) to lineno_editor list + [97e0a7b00daa] + +2022-07-31 Carlo Teubner <435950+c4rlo@users.noreply.github.com> + + * plugins/sudoers/visudo.c: + visudo.c: add nvim (Neovim) to lineno_editor list + + Neovim supports it: https://neovim.io/doc/user/starting.html#-+ + [020b59cf0f6b] + +2022-07-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Document the TOCTOU issue with intercept mode. Describe how + intercept_verify attempts to reduce the risk. + [b118de8d4c66] + + * etc/codespell.exclude, etc/codespell.ignore: + Update a codespell exclude pattern. + [3193ffb4c938] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/policy.c, src/exec_ptrace.c, src/sudo.c, src/sudo.h: + Add intercept_verify sudoers option to control execve(2) argument + checking. + [79131cfb0125] + + * src/exec_ptrace.c: + Use PTRACE_EVENT_EXEC to stop execution before return from + execve(2). We can now verify that the arguments match what we + accepted before the command actually runs. If there is a mismatch, + the process is killed. Shell scripts must be handled specially since + the path executed will be the interpreter, not the script name. + Linux allows interpreters to be nested up to 4 deep. + [5e7b1828dbb0] + + * plugins/sudoers/sudoers.c: + Only set MODE_POLICY_INTERCEPTED if we are running a command. Fixes + an error with "sudo -l" when intercept is enabled globally. + [7a1d0ff5a498] + +2022-07-29 Benjamin Drung <bdrung@ubuntu.com> + + * plugins/sudoers/env.c: + Add XDG_CURRENT_DESKTOP to initial_keepenv_table + + Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct + theme. + + Since `DISPLAY` and `XAUTHORITY` are already in the default table of + variables to preserve in the environment, just add + `XDG_CURRENT_DESKTOP` to it. + + Bug: https://launchpad.net/bugs/1958055 Signed-off-by: Benjamin + Drung <bdrung@ubuntu.com> + [aa5132684c89] + +2022-07-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + The length returned by ptrace_read_string() include the NUL. We were + wasting a extra byte in the string table for each entry. + [b1220aae7141] + +2022-07-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_compat.h, include/sudo_util.h: + Use gcc's malloc attribute for malloc-like allocation functions. + [bff3b0ab89c5] + + * lib/util/mmap_alloc.c: + Avoid a Coverity positive. + [81f526688296] + + * src/exec_preload.c: + fmtstr: add missing va_end() for the overflow case Coverity CID + 275335 + [42a4f4467ca5] + + * lib/util/sudo_debug.c: + Fix potential NULL pointer deference found by clang-analyzer. + [5b0a9c0f2e71] + + * src/sudo.c, src/sudo_intercept_common.c: + Quiet some harmless PVS-Studio warnings. + [9b9cc92f0585] + + * src/exec_intercept.c: + Reject relative command paths if runcwd is not set. This is now + treated as a policy rejection. + [bf35a6818c77] + + * src/exec_intercept.c: + intercept_check_policy: close saved_dir before returning + [04adba5e85fa] + + * src/exec_intercept.c: + Change to runcwd during the policy check where possible. Otherwise, + attempts to run "./command" from a shell with intercept set will + fail if the current working directory is different from the main + sudo process. + [cd218f081cf2] + +2022-07-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_util.h, lib/util/mmap_alloc.c, lib/util/util.exp.in, + src/sudo_intercept.c: + For preload DSO make copies of cmnd, argv, envp and map them read- + only. + [56a160c55e4c] + + * src/exec_preload.c, src/sudo_exec.h, src/sudo_intercept.c, + src/sudo_intercept_common.c: + Use sudo_mmap_alloc functions in DSO-based intercept code. + [806dacd141ad] + + * lib/util/snprintf.c: + Use sudo_mmap_alloc functions instead of private versions. We no + longer need to keep track of the allocation size. + [6f375ed7a927] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/mmap_alloc.c, lib/util/util.exp.in: + Add sudo_mmap_{alloc,allocarrary,strdup,free} functions. These + allocate memory via mmap anonymous regions and store the mapped size + immediately before the returned pointer as an unsigned long. They + are intended to be used in cases where malloc(3) and free(3) are + unsuitable due to concerns about corrupting global state in multi- + threaded programs or signal handlers. + [803b4a82bedd] + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + Sync with schema.OpenLDAP for user/group utf8 support. + [14705b52a4f9] + + * Merge pull request #163 from Firstyear/20220725-sudo-ldap-schema + + Update sudoUser to be utf8 in ldap schemas + [91354fc2ed23] + + * src/sudo_intercept.c: + resolve_path: skip non-regular files + [2ed5efdb48ea] + +2022-07-25 William Brown <wbrown@suse.de> + + * docs/schema.OpenLDAP, docs/schema.iPlanet, docs/schema.olcSudo: + Update sudoUser to be utf8 in ldap schemas + + In most unix-style LDAP servers, uid is a utf8 string defined by OID + 1.3.6.1.4.1.1466.115.121.1.15. However, sudoUser was defined as an + IA5 String (OID 1.3.6.1.4.1.1466.115.121.1.26) which meant that + sudoUser could only represent a subset of possible values. + + In some cases when using sudoers.ldap, the uid from the machine + which was utf8 was fed back into sudo which would then issue a + search for sudoUsers. If this uid contained utf8 characters, the + ldap server would refuse to match into sudoUsers because these were + limited to IA5. + + This is a safe-forward upgrade as IA5 is a subset of UTF8 meaning + that this change will not impact existing deployments and their + rules. + [7a47e711ca88] + +2022-07-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_intercept.c, src/sudo.c: + Make sure the plugin provides a command, argv and envp. + [7e4e93118622] + + * lib/util/sudo_debug.c, src/exec_intercept.c, src/exec_preload.c, + src/exec_ptrace.c, src/sudo_intercept.c, + src/sudo_intercept_common.c: + Linux execve(2) allows argv or envp to be NULL. Add checks to make + sure we don't deference a NULL pointer. + [be380b71df62] + +2022-07-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_intercept.c: + intercept_check_policy: add oom label and fix approval failure case. + If the approval plugin fails we need to set the state to + POLICY_REJECT just like we do if the policy rejected the command. + [e7ba37e32af7] + +2022-07-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, src/apparmor.c: + Fix a few whitespace issues. + [deb6391a3ba0] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Increase the realloc increment from 128 to 1024. The contents of the + env_add array should not include the leading "env=" prefix. + [d8c0067fc3fd] + + * plugins/sudoers/env.c: + sudo_putenv_nodebug: require that the environment string include a + '=' + [fb200f301070] + +2022-07-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + If update_defaults() fails, treat it as a parse error. + [d9860eb2257a] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add additional PVS-studio suppression comments for generated code. + [dfb89944dcce] + +2022-07-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match_command.c: + Fix compilation error when SUDOERS_NAME_MATCH is defined. + [3b76707bc5fa] + + * plugins/sudoers/match_command.c: + Fix a NOPASSWD issue with a non-existent command when fdexec=always + In command_matches_all(), if the command is fully-qualified and + open_cmnd() return false, only treat it as an error if we are able + to stat(2) the command. For "sudo ALL" a non-existent command is not + an error. + [e2d756137ce9] + + * plugins/sudoers/regress/testsudoers/test18.sh: + Quote ^foo$ on command line to protect it from the shell. + [0f1274e0be93] + +2022-07-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/regress/logwrap/check_wrap.c, + lib/util/regress/closefrom/closefrom_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsig/strsig_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/uuid/uuid_test.c, + logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, + plugins/python/regress/check_python_examples.c, src/exec_ptrace.c: + Add explicit include of unistd.h for getopt(3) and related + variables. + [e1c369cd5ae8] + +2022-07-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, src/sudo_intercept_common.c: + Merge pull request #161 from likunyur/lky + + sudoers/cvtsudoers: Remove the repeated ';' from code + [9b961a3b9c86] + +2022-07-04 Li kunyu <kunyu@nfschina.com> + + * src/sudo_intercept_common.c: + src/send: Remove the repeated ';' from code + + Signed-off-by: Li kunyu <kunyu@nfschina.com> + [6fc809eac0b1] + + * plugins/sudoers/cvtsudoers.c: + sudoers/cvtsudoers: Remove the repeated ';' from code + + Signed-off-by: Li kunyu <kunyu@nfschina.com> + [75582c880c30] + +2022-07-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/timegm.c: + In timegm() initialize tm_isdst to 0 like tzcode does. + [d3f2d10c3559] + +2022-06-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/intercept.pb-c.h, include/sudo_event.h, + src/exec_intercept.c, src/exec_intercept.h, src/intercept.pb-c.c, + src/intercept.proto, src/sudo_intercept_common.c: + Stop sending an InterceptResponse to a PolicyCheckRequest for + log_subcmds. There's no real reason for the command to wait for sudo + send back a response that will always be a PolicyAcceptMessage. + [d2fe28a652d0] + + * plugins/sudoers/sudoers.c: + sudoers_main: defer setting return value until the end when running + a command Otherwise, we could return success when there was an error + from a system call or memory allocation failure. + [bd993a2948ce] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Save the initial command run via sudo and use it when logging exit + status. Otherwise, if we are in intercept mode or logging sub- + commands the exit status will be logged with the wrong command. + [54e3494473ac] + +2022-06-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/zconf.h.in: + Define _LARGEFILE64_SOURCE if _FILE_OFFSET_BITS == 64. Fixes a + -Wwrite-strings warning on 32-bit systems. + [61eff691496f] + + * lib/util/strsignal.c: + Quiet another -Wwrite-strings warning. + [a03bb85d581d] + + * lib/protobuf-c/protobuf-c.c: + Fix a clang analyzer 14 warning about a possible NULL deref. + [4c0db4ac3e1d] + + * lib/iolog/Makefile.in, lib/logsrv/Makefile.in, + lib/protobuf-c/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Regenerate dependencies + [ff7de2b59097] + + * scripts/mkdep.pl: + Do not check files generated by protbuf-c with PVS-Studio + [86f56c21339f] + + * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_queue.c, logsrvd/sendlog.c, logsrvd/tls_client.c, + plugins/sudoers/log_client.c, src/sudo_intercept_common.c: + Quiet some harmless PVS Studio warnings. + [476fbef7a0c4] + + * logsrvd/logsrvd_conf.c, logsrvd/sendlog.c: + Use "unable to allocate memory" warning on malloc failure. This is + consistent with the rest of the sudo source code. + [5954fc067647] + + * lib/eventlog/Makefile.in, lib/fuzzstub/Makefile.in, + lib/iolog/Makefile.in, lib/iolog/host_port.c, + lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in, + lib/util/Makefile.in, lib/util/getentropy.c, lib/util/roundup.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c, + logsrvd/tls_init.c, plugins/sudoers/log_client.c, src/Makefile.in, + src/apparmor.c: + Add missing PVS Studio Open Source comments. Also avoid checking + protobuf-c source and protobuf-c generated files. + [e1277c1f6585] + + * lib/iolog/host_port.c, lib/iolog/hostcheck.c, lib/util/roundup.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_journal.c, logsrvd/logsrvd_local.c, + logsrvd/logsrvd_queue.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h, + logsrvd/tls_init.c, plugins/python/pyhelpers.h, + plugins/python/regress/iohelpers.h, plugins/sudoers/log_client.c: + Use #include <config.h> not #include "config.h" for consistency. + Otherwise, some compilers may do the wrong thing in a build dir if + there is a config.h file in the source dir too. + [79aaab18dc6d] + +2022-06-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/group_plugin.c: + Update group_plugin_load() stub to match its prototype. + [9ea7126e6d5c] + + * configure, configure.ac, include/sudo_iolog.h, + lib/eventlog/eventlog.c, lib/eventlog/logwrap.c, + lib/iolog/host_port.c, lib/iolog/regress/host_port/host_port_test.c, + lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c, lib/util/aix.c, + lib/util/getgrouplist.c, lib/util/getopt_long.c, lib/util/lbuf.c, + lib/util/logfac.c, lib/util/logpri.c, + lib/util/regress/progname/progname_test.c, lib/util/snprintf.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/audit_json/audit_json.c, + plugins/python/python_convmessage.c, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, + plugins/python/sudo_python_module.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_csv.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/exptilde.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/insults.h, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/log_client.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/serialize_list/check_serialize_list.c, + plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_hooks.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/edit_open.c, src/exec_common.c, src/parse_args.c, + src/regress/noexec/check_noexec.c, src/selinux.c, src/sudo.c, + src/sudo_edit.c, src/sudo_intercept.c: + Make sudo pass -Wwrite-strings + [7ac3dd7b1634] + + * configure, configure.ac: + A typo prevented -Wno-deprecated-declarations from being used on + macOS. + [4d6d4b9e7191] + +2022-06-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/preload.c: + Fix missing prototype warning. + [66e460d3c1d2] + + * lib/zlib/zconf.h.in: + Define _LFS64_LARGEFILE, _LARGEFILE64_SOURCE if 64-bit or + _LARGE_FILES set. autoconf does not define _LARGEFILE64_SOURCE by + default but zlib expects it (its own configure script will define + it). Fixes a missing prototype for crc32_combine_gen64() on AIX and + HP-UX. + [c5b314bebbcb] + + * configure, configure.ac, include/sudo_iolog.h, include/sudo_util.h, + lib/iolog/host_port.c, lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_timing/check_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/mktemp/mktemp_test.c, lib/util/strtoid.c, + logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, logsrvd/sendlog.c, + plugins/python/pyhelpers.c, plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_approval_multi.inc, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_audit_multi.inc, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_io_multi.inc, + plugins/python/python_plugin_policy.c, + plugins/python/regress/check_python_examples.c, + plugins/python/sudo_python_module.c, plugins/sudoers/audit.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/log_client.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/stubs.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.h, + plugins/sudoers/unesc_str.c, src/copy_file.c, src/exec_ptrace.c, + src/load_plugins.c, src/net_ifs.c, src/sudo.h, src/sudo_intercept.c, + src/sudo_intercept_common.c, src/sudo_noexec.c: + Make sudo pass -Wmissing-prototypes + [195b024b9f54] + + * src/exec_ptrace.c: + Include inttypes.h if stdint.h is not present. Bug #1035 + [da6185c4c418] + +2022-06-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + readlink(2) does NUL-terminate the buffer, do it manually. Fixes a + bug where the current working directory could include garbage in + intercept mode using ptrace(2). + [dc7c547f518f] + + * src/exec_preload.c, src/sudo_exec.h, src/sudo_intercept_common.c: + sudo_preload_dso: make the envp function argument const This lets us + fix an inappropriate cast in sudo_intercept_common.c. + [c2fa860b684e] + + * src/exec_intercept.c: + intercept_write: remove unused CD_USE_PTRACE code. It is not + possible to end up in intercept_write when CD_USE_PTRACE is set. + [f8bdc5e37294] + +2022-06-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_11p3 for changeset 6e671475b373 + [59e5766213e9] <1.9> + + * NEWS, configure, configure.ac: + Merge sudo 1.9.11p3 from tip. + [6e671475b373] [SUDO_1_9_11p3] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.11p3 + [c96ded63ae46] + + * src/exec_intercept.c, src/sudo_intercept_common.c: + Set TCP_NODELAY on the socket used for intercept IPC to reduce + latency. On some systems, Nagle's algorithm was delaying receipt of + the data, causing commands with intercept or log_subcmds to run + slowly. Related to Bug #1034. + [11b129850ac1] + + * src/sudo_intercept_common.c: + Use blocking I/O when talking to the sudo process. Also check for + EAGAIN/EINTR when reading the message size. Fixes a problem seen on + AIX where recv_intercept_response() could fail unexpectedly. Bug + #1034. + [8554618665a2] + + * src/exec_intercept.c: + Add debug printfs when send/recv return EAGAIN or EINTR. These are + not actually errors but can help gain insight into what is going on + and, in the case of EAGAIN, whether or not there may be a kernel + resource starvation problem. + [fd2dee906d2f] + +2022-06-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + log_exit_status: make local variables match struct evlog members. + [f93d5141e818] + +2022-06-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/getgrouplist.c: + Quiet a compiler warning on macOS. The getgrouplist() groups array + on macOS is int * instead of gid_t *. + [c64bf72a1416] + +2022-06-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_11p2 for changeset 9e4705cb1db5 + [2a4b6b814432] <1.9> + + * NEWS, configure, configure.ac, include/sudo_compat.h: + Merge sudo 1.9.11p2 from tip. + [9e4705cb1db5] [SUDO_1_9_11p2] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.11p2 + [9505276e5c97] + +2022-06-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.h: + Fix compilation on Linux/x32; GitHub issue #158 + [8cebfdd49205] + +2022-06-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Fix pasto in comment after HAVE_PRIV_SET #endif + [2275ab3b016d] + + * include/sudo_compat.h: + Fix typo, we should define SSIZE_MAX if it is not defined. + [51c68f801479] + +2022-06-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/env.c: + Change black list -> blocklist This was missed in the previous + conversion. + [da610ebb5cb1] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoers.h: + Save a pointer to the event_alloc parameter in the plugin open + function. That way we don't need to pass event_alloc around to the + log client functions. + [a8a47f3770b3] + + * lib/protobuf-c/protobuf-c.c: + Fix regression with zero-length messages introduced in protobuf-c PR + 500. + [42062b9f75d5] + +2022-06-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_11p1 for changeset 06b0f12fe91c + [feb8ae553833] <1.9> + + * NEWS, config.h.in, configure, configure.ac: + Merge sudo 1.9.11p1 from tip. + [06b0f12fe91c] [SUDO_1_9_11p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.11p1 + [7fcfdaacb15e] + +2022-06-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Make read and write events persistent and disable as needed. For the + read callback, disable reader when the buffer is full. For the write + callback, disable writer when the buffer is consumed. + [2b6953dc4224] + + * config.h.in, configure, configure.ac, src/sudo_exec.h, + src/sudo_noexec.c: + Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. This + matches the actual prctl() call we use. + [4222768293d1] + + * Merge pull request #157 from 0x2b3bfa0/improve-tag-spec-ebnf-docs + + Improve Tag_Spec EBNF documentation + [f528335aded5] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c: + Treat EINTR in a callback like we do EAGAIN. We shouldn't get EINTR + in practice since we set SA_RESTART when registering signal handlers + but it doesn't hurt to be consistent. + [acf3394e2df2] + + * Merge pull request #156 from delroth/aarch64-build + + exec_ptrace: fix missing sudo_pt_regs on aarch64 + [a7062c609a96] + +2022-06-07 Pierre Bourdon <delroth@gmail.com> + + * src/exec_ptrace.h: + exec_ptrace: fix missing sudo_pt_regs on aarch64 + + AArch64 already had an existing "user_pt_regs" struct and didn't + need a struct alias before the renaming to "sudo_pt_regs". Make the + code build again by adding the now missing alias. + + Fixes: 2eb8ff17 + [3b55f40e9b83] + +2022-06-07 Helio Machado <0x2b3bfa0+git@googlemail.com> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Improve Tag_Spec EBNF documentation + [7e23ec31d124] + +2022-06-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #154 from 0x2b3bfa0/fix-tag-spec-docs + + Add missing colon in Tag_Spec documentation + [ec8f4610b677] + + * Merge pull request #152 from particleflux/fix-sudoers-typo + + Fix typo in sudoers comment + [bbbcff4c14ba] + +2022-06-07 Helio Machado <0x2b3bfa0+git@googlemail.com> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Add missing colon in Tag_Spec documentation + [e6f4c612e22a] + +2022-06-07 Stefan Linke <particleflux@gmail.com> + + * plugins/sudoers/sudoers.in: + Fix typo in sudoers comment + + Fix a typo in the sudoers comment about `maxseq` param. + + Introduced by 906eb19ece47023c659b4b3db2e7a6bb57dff0d9 in 1.9.11. + [b38fae41b3eb] + +2022-06-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/protobuf-c/protobuf-c.c: + Only shift unsigned values to avoid implementation-specific + behavior. This converts the arithmetic shifts to logical shifts. + [e25aa8e9891a] + + * lib/protobuf-c/protobuf-c.c: + Fix issue protobuf-c#499: unsigned integer overflow Signed-off-by: + 10054172 <hui.zhang@thalesgroup.com> + [f3637be4df4f] + + * include/sudo_event.h, lib/util/event_select.c: + Fix building with select (not poll) when fd_set is not defined in + sys/types.h. We can use a void * for the fd_set arrays and just add + a cast when using the FD_SET macros. + [5c636cbc11f0] + + * src/exec_pty.c: + Reinstall the event handler if we get EAGAIN from read/write + callback. The read and write events do not set SUDO_EV_PERSIST so we + need to explicitly re-enable the event if there is still data to be + read. Bug #963. + [0006cb6531f4] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c: + If write(2) returns EAGAIN just re-enter the event loop. This is + consistent with how we handle EAGAIN for read(2). + [e6478d917a0f] + + * .hgtags: + Added tag SUDO_1_9_11 for changeset d495c99554f7 + [74c59bc5c323] <1.9> + + * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.11 from tip. + [d495c99554f7] [SUDO_1_9_11] <1.9> + + * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in: + Document how setting ModulePath affects the Python search path. Also + advise the user to use a unique prefix to avoid name space + collisions with installed Python modules. Bug #1031. + [68a9d50d7806] + + * configure, configure.ac, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in: + Add EXAMPLES variables for use in the man pages for the examples + directory. + [148272d9a6d3] + +2022-06-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po: + Updated translations from translationproject.org + [985902730e5b] + + * plugins/sudoers/po/hr.mo, po/hr.mo: + Rebuild Croatian message catalog. + [438136f65c13] + +2022-06-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * .gitignore, .hgignore: + Add new test binaries to the ignore files. + [ea9de2ded48d] + + * po/cs.mo, po/cs.po: + Updated translations from translationproject.org + [eac0aba546ed] + + * lib/protobuf-c/protobuf-c.c: + Define WORDS_BIGENDIAN on big endian systems. Instead of a configure + check, we use endian.h (or a fallback). + [4d5603a9528c] + + * include/intercept.pb-c.h, include/log_server.pb-c.h, + include/protobuf-c/protobuf-c.h, lib/protobuf-c/protobuf-c.c, + scripts/unanon: + Update to protobuf-c 1.4.0 + [47ff9b8bab21] + + * logsrvd/logsrvd.c, plugins/sudoers/cvtsudoers_csv.c: + Quiet two clang analyzer false positives. + [2c878f7853cc] + + * src/exec_intercept.c: + Move a comment to the correct location. + [caacb3fae078] + + * logsrvd/logsrvd.c: + union sockaddr_union: pass in sockaddr_union * instead of sockaddr + *. This eliminates the need for a few casts and is consistent with + how create_listener() is written. + [4def05f8d895] + + * src/exec_ptrace.c: + Eliminate some dead stores that clang-analyzer complains about. + [3aac29fe0101] + + * src/exec_ptrace.c: + ptrace_read_vec: don't try to free memory on the error path This is + leftover from when ptrace_read_string() allocated its own memory. + [7f5b5d21bce9] + + * config.h.in, configure, configure.ac, src/sudo_intercept.c: + Avoid using vfork(2) in the DSO system(3) wrapper. Traditional + vfork(2) semantics make it unsafe for use for more than just + vfork(2) + execve(2). + [9a8ce7aef55d] + +2022-06-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * po/vi.mo, po/vi.po: + Updated translations from translationproject.org + [e3197ef8a98d] + + * NEWS: + Mention sudo_logsrvd.conf "log_server" parsing fix. + [575a31b83bfd] + + * MANIFEST, logsrvd/Makefile.in, + logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in, + logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in, + logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.1.in, + logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.2.in: + For logsrvd_conf_test include both tls and non-tls configs. + [ec1815793aab] + + * MANIFEST, logsrvd/Makefile.in, + logsrvd/regress/logsrvd_conf/cacert.pem, + logsrvd/regress/logsrvd_conf/logsrvd_cert.pem, + logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, + logsrvd/regress/logsrvd_conf/logsrvd_dhparams.pem, + logsrvd/regress/logsrvd_conf/logsrvd_key.pem, + logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in, + logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in: + Add a simple regression test for logsrvd.conf parser. Unlike the + parser fuzzer, this includes sample certs and keys. This test would + have detected the BIO_new_file() bug in set_dhparams(). + [7ddabb9d022f] + + * logsrvd/logsrvd_conf.c: + Fix inverted logic when setting server_log. A value that starts with + a '/' should be treated as a path. + [8941fd924fbf] + + * plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in: + Use abs_top_builddir instead of `pwd`/$(top_builddir). + [0f4e20a7aeed] + +2022-06-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/regress/parse_gids/parse_gids_test.c: + Plug a memory leak. + [8a9eb498ed55] + + * plugins/sudoers/parse_ldif.c: + Fix bug in last commit, need to reinitialize role to NULL. + [1e454b967993] + + * plugins/sudoers/parse_ldif.c: + Simplify the check for when we can reuse the previous user and host + specs. This makes the code easier to read and quiets a cppcheck + false positive. + [037c4943f1ac] + + * docs/Makefile.in: + Install the plugin man pages in section 5 (or 4 for System V). The + manual had the correct section in the text but was installed in the + wrong directory. + [5df7d3f9a010] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/de.mo, + po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, + po/hr.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo, + po/ro.po, po/uk.mo, po/uk.po: + Updated translations from translationproject.org + [9ac84e5c9250] + + * NEWS: + Sudo now supports intercepting system(3). + [a46db96a3b03] + +2022-05-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/log_client.c: + Only display "unable to connect to log server" warning once. + Previously, in intercept mode, if the log server is unreachable the + message would be printed for each sub-command. + [df4c53518bb7] + + * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/sudo_exec.h: + When using ptrace(2), push the point where we suspend into + exec_cmnd(). This should reduce the amount of time the child has to + wait for the parent to use PTRACE_SEIZE to seize control and then + PTRACE_CONT to continue the child. + [f9caab4bf18b] + + * config.h.in, configure, configure.ac, src/sudo_intercept.c: + Add configure check for vfork(2) and fall back to fork(2) if + missing. + [ddfaba8d2a09] + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, src/intercept.exp.in, src/sudo_intercept.c: + Add support for intercepting the system(3) function. This also means + we can log system(3) with log_subcmds. + [aca241d96c0b] + + * include/compat/endian.h: + Newer compilers define __BYTE_ORDER__ and + __ORDER_{BIG,LITTLE}_ENDIAN__ Also add riscv the little endian list. + [55731e5517fc] + +2022-05-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + On AIX, fmemopen(3) has a bug where feof() returns false at EOF. See + https://www.ibm.com/support/pages/apar/IJ11845 + [a703278bceed] + +2022-05-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c: + Fix potential signed integer overflow on 32-bit CPUs. Converting + fractional minutes to nanoseconds could overflow a 32-bit integer, + use long long instead. + [b1d2afc0cc4d] + + * plugins/sudoers/Makefile.in: + Fix path to example sudoers file, it is now in the build dir. + [899850a04adf] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + init_options: initialize apparmor_profile to NULL + [ad0de9e0474f] + + * NEWS: + Update with latest 1.9.11 changes. + [12650d2b6184] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Fix typo + [ce83f628330c] + + * docs/CONTRIBUTORS.md: + Update contributors. + [5b69f27ea398] + + * logsrvd/tls_init.c: + Fix uninitialized use of ca_store when building with wolfSSL. + [e7cc6d8d9f7e] + + * docker/debian/testing/Dockerfile, docker/ubuntu/devel/Dockerfile, + docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile: + Newer Debian/Ubuntu uses libsepol-dev not libsepol1-dev. + [b2c1326bfb0d] + + * configure, configure.ac, plugins/sudoers/def_data.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/toke.c, src/Makefile.in: + Regenerate files after merging AppArmor integration. + [d24fcec2cb87] + + * Merge pull request #148 from kernelmethod/apparmor_support + + Add AppArmor support to sudo + [fcbfb2410afd] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/sudo.c, src/sudo.h: + Merge branch 'main' into apparmor_support + [7832ecc5eb7f] + +2022-05-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_intercept.c: + Pass envp, not environ, to real execve() from exec_wrapper() if + possible. The replacement execve() function was passing the global + environ to exec_wrapper() instead of the envp parameter. This caused + the command to be run with the wrong environment on AIX systems, and + possibly others, when intercept or log_subcmds was enabled. Bug + #1030. + [dc0187c68c1b] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.11 + [b4c8ec57842f] + + * src/exec_ptrace.c: + Consolidate some translatable strings. + [05dae7c3c8da] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c, src/exec_intercept.c: + Standardize protobuf "unable to unpack" warning messages. + [6f4e026c7a02] + + * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl + e_approval_plugin_and_arguments.stdout, src/exec.c: + Bump plugin minor version and document new intercept-related + settings. There should have been a minor version bump for sudo 1.9.8 + when intercept was originally implemented. + [2b7591704df4] + +2022-05-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Reset intercept_allow_setid if intercept_type changes from trace to + dso. But only reset intercept_allow_setid if the user didn't + explicitly set it. + [e398111d824e] + +2022-05-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + CentOS Stream only uses a major version number, no minor version. + This prevents the packages from being created as foo.el.arch.rpm + since we were assuming that the version number was two digits. + [a3caed91ea8c] + + * src/exec_ptrace.c, src/exec_ptrace.h: + Add support for running o32 and n32 binaries on mips64. + [887ab363f2a4] + + * src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h: + Enable ptrace support for MIPS but only for log_subcmds. It is not + possible to change the syscall return value on MIPS so we cannot + support full intercept mode. Another complication on MIPS is that if + a system call is invoked via syscall(__NR_###), v0 holds + __NR_O32_Linux and the real syscall is in the first arg (a0) and + other args are shifted by one. + [0345a4137047] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + src/exec_ptrace.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Add intercept_type sudoers option to set intercept/log_subcmds + mechanism. + [b97e461f7da1] + +2022-05-23 kernelmethod <wss2ec@virginia.edu> + + * MANIFEST, include/sudo_debug.h, src/Makefile.in, src/apparmor.c, + src/parse_args.c, src/sudo.c, src/sudo.h: + Add an apparmor_profile sudo setting + + Define a new sudo setting, `apparmor_profile`, that can be used to + pass in an AppArmor profile that should be used to confine commands. + If apparmor_profile is specified, sudo will execute the command + using the new `apparmor_execve` function, which confines the command + under the provided profile before exec'ing it. + [a54897efe031] + + * plugins/sudoers/check.c, plugins/sudoers/cvtsudoers_csv.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers.dict, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.l: + Add an APPARMOR_PROFILE user spec option to sudoers + + sudoers now supports an APPARMOR_PROFILE option, which can be + specified as e.g. + + alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo ALL + + The line above says "user alice can run any command as any + user/group, under confinement by the AppArmor profile 'foo'." + Profiles can be specified in any way that complies with the rules of + aa_change_profile(2). For instance, the sudoers configuration + + alice ALL=(ALL:ALL) APPARMOR_PROFILE=unconfined ALL + + allows alice to run any command unconfined (i.e., without an + AppArmor profile), while + + alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo//&bar ALL + + tells sudoers that alice can run any command under the stacked + AppArmor profiles 'foo' and 'bar'. + + The intention of this option is to give sysadmins on Linux distros + supporting AppArmor better options for fine-grained access control. + Among other things, this option can enforce mandatory access control + (MAC) over the operations that a privileged user is able to perform + to ensure that they cannot privesc past the boundaries of a + specified profile. It can also be used to limit which users are able + to get unconfined system access, by enforcing a default AppArmor + profile on all users and then specifying + 'APPARMOR_PROFILE=unconfined' for a privileged subset of users. + [2afe8c910959] + + * config.h.in, configure.ac, scripts/mkdep.pl, scripts/mkpkg: + Add a --with-apparmor build flag + + Add a new build flag, --with-apparmor, that builds sudo with + AppArmor support. Modify the build script for Debian and Ubuntu to + enable this flag by default. + [596b4e6dce4d] + + * INSTALL.md, docs/sudoers.man.in, docs/sudoers.mdoc.in: + Add documentation for AppArmor support + + - Document the AppArmor userspec option in the sudoers man pages. + - Add information about the --with-apparmor build configuration option + to INSTALL.md. + [524dde965b94] + +2022-05-22 kernelmethod <wss2ec@virginia.edu> + + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Add libapparmor-dev to the Debian and Ubuntu Dockerfiles + + Install libapparmor-dev on Debian- and Ubuntu-based Docker images so + that they can build sudo with AppArmor support. + [8491c8b6d240] + +2022-05-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_nopty.c, src/exec_pty.c: + Pass the WUNTRACED flag to waitpid() even if __WALL is present. + Otherwise, we won't get the wait status of a suspended command that + is not being traced. + [7c2b46ec73be] + + * configure, configure.ac, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Use explicit library dependencies instead of implicit. We now + include all the dependent libraries when linking. Fixes a linking + problem on CentOS Stream 9. + [6f06cdbb1552] + + * plugins/sudoers/logging.c: + mail_parse_errors: allocate the correct amount of space for mail + body. Use strlen(), not sizeof(), on "problem parsing sudoers" since + it is a tranlated string and not a constant. This was caught by the + existing overflow checks. + [5aa53136cd9d] + +2022-05-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, src/Makefile.in, src/exec_nopty.c, src/exec_pty.c, + src/regress/intercept/test_ptrace.c, src/sudo_exec.h, + src/suspend_nopty.c: + Move code to suspend sudo when no pty is in use to separate file. + Use this in test_ptrace.c to be able to suspend just like sudo does. + [ddef421918b7] + +2022-05-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c, + src/regress/intercept/test_ptrace.c, src/sudo_exec.h: + Fix suspending a sudo-run shell in ptrace intercept mode with no + pty. When ptracing a process, we receive the signal-delivery-stop + signal before the group-stop signal. If sudo is running the command + in the same terminal, we need to wait until the stop signal is + actually delivered to the command before we can suspend sudo itself. + If we suspend sudo before receiving the group-stop, the command will + be restarted with PTRACE_LISTEN too late and will miss the SIGCONT + from sudo. + [bf9a482ecddd] + + * docs/TROUBLESHOOTING.md, docs/sudo_logsrvd.man.in, + docs/sudo_logsrvd.mdoc.in: + OpenSSL 3.x requires the key usage extension be present in CA and + certs. Certificates generated with a CA that doesn't set the key + usage extension will fail to validate if "tls_verify" is enabled. + [3ae4ef1ecf57] + + * logsrvd/tls_init.c: + Include the cert or ca file in error messages where applicable. + [3e0558886a3d] + + * logsrvd/tls_init.c: + Add missing include of string.h for strerror(3). + [253a5634d441] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + logsrvd/tls_client.c, logsrvd/tls_init.c, + plugins/sudoers/log_client.c: + If ERR_reason_error_string() returns NULL, fall back on + strerror(errno). That way we get reasonable error messages for + missing files, etc. + [d2423ef0e284] + + * logsrvd/tls_init.c: + set_dhparams: pass BIO_new_file() "r" for the file mode, not + O_RDONLY. Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style + mode string. + [7a67aec88cb4] + + * src/exec_ptrace.c: + The set_sc_arg3, get_sc_arg3 and set_sc_arg4 functions are not used. + Use ifdef notyet to disable for now since they may be used in the + future. + [99d2f2a42da5] + +2022-05-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.h, src/sudo_exec.h: + Use __x86_64__ preprocessor symbol, not __amd64__ Also clarify a + comment about MIPS ptrace. + [b02ad513eb64] + + * src/exec_ptrace.h, src/sudo_exec.h: + ptrace support has been tested on Debian/s390x. It should also work + on s390 but this has not been tested. I have not added a compat mode + to trace 31-bit binaries on s390x due to the lack of a test system. + [3176433e7456] + + * src/exec_ptrace.h: + Define sudo_pt_regs instead of user_pt_regs and include the struct + keyword. On s390, the struct is typedef'd without a name. + [b2b74f378eef] + + * src/exec_ptrace.h, src/sudo_exec.h: + ptrace support has been tested on Debian/riscv64. + [e1011074d984] + +2022-05-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.in: + Add maxseq setting to log_output example. This should make it more + obvious that you need to adjust maxseq unless you have (virtually) + unlimited disk space. + [5203240a248b] + + * scripts/mkpkg: + Fix dependency check for libssl on Debian/Ubuntu with OpenSSL 3. + Also add check for python 3.10 and 3.11 and remove versions < 3.4. + Fixes building on Ubuntu 22.04. + [c9114582911c] + +2022-05-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.h: + Tracing 32-bit arm binaries from a 64-bit sudo works. + [c1e1602874ed] + + * src/exec_ptrace.c: + ptrace_write_string: the terminating NUL fix was reverted by + mistake. + [587dd11b2783] + + * src/exec_ptrace.h, src/sudo_exec.h: + ptrace-based intercept has now been tested on 32-bit arm + [493b17a89e63] + +2022-05-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.h: + Don't use PTRACE_SET_SYSCALL for 32-bit arm binaries running on + aarch64. Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just + like we would for a 64-bit binary. Newer Linux headers don't define + PTRACE_SET_SYSCALL for aarch64. + [5930846e9c9e] + + * src/regress/intercept/test_ptrace.c: + Replace verbose flag with debug flag. This is more accurate since it + actually uses the debug subsystem. + [dda8b8af8bd2] + + * src/exec_ptrace.h: + Initial cut at MIPS support, untested. Mips is a bit different in + that most Linux distros appear to use the n32 ABI on 64-bit CPUs. We + don't currently support tracing a 64-bit binary from a 32-bit sudo. + We could suport tracing o32 ABI binaries in compat mode, though. + [05e5e246463a] + +2022-05-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/regress/intercept/test_ptrace.c: + Add have_seccomp_action("trap") call to check for + SECCOMP_MODE_FILTER. + [250c6b72c4f4] + + * src/exec_ptrace.c, src/exec_ptrace.h: + Add arm-specific code to set the system call number. Fixes rejection + of commands due to policy on arm when in intercept mode. + [74c5bd26713b] + + * scripts/mkpkg: + Fix OS major version detection on CentOS Stream + [cd4d5aaf59a7] + + * src/exec_ptrace.c: + Repair ptrace_write_vec() for compat binaries. + [77ee302b0631] + + * src/regress/intercept/test_ptrace.c: + Fix a crash when not run in verbose mode. + [adf481623228] + + * src/exec_ptrace.c: + ptrace_intercept_execve: read back the updated syscall args in test + mode. This makes it easier to detect problems with the syscall + rewrite code when testing with test_ptrace. + [4eb9e09d90d9] + +2022-05-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h: + Enable ptrace intercept on powerpc. Tested on ppc64 and ppc64le. + [fbd12baa1a02] + + * src/exec_ptrace.c: + Fix tracing compat binaries on big endian systems. We need to swap + the order of the two 32-bit addresses for big-endian. + [375004a3ef09] + + * src/exec_ptrace.c: + Move code to write a string vector to ptrace_write_vec(). + [8401e0397f11] + + * src/exec_ptrace.c: + Fix compilation error on systems with no compat arch. Currently only + affects i386. + [b95c707298c5] + + * MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c, + src/regress/intercept/test_ptrace.c, src/sudo_exec.h: + Add test_ptrace program to test ptrace-based intercept support. + [5f7162bcdbfd] + + * src/exec_ptrace.c: + Use unsigned long for addresses so we don't have to worry about sign + extension. + [7a0d4ea2fa70] + +2022-05-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + ptrace_write_string: make sure we always write the terminating NUL. + We can't check *str for NUL since it may not have been written yet. + [9d95217981ac] + + * src/exec_ptrace.c: + Fix compilation error when SECCOMP_AUDIT_ARCH_COMPAT is not defined. + [3162054bac24] + +2022-05-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c, src/exec_ptrace.h: + It is now safe to make WORDALIGN use compat (not native) aligment. + We allocate space for an extra pointer between argv and the string + table for compat binaries so there is no need to align address to + sizeof(long). + [898626f1cdf6] + + * src/exec_ptrace.c, src/exec_ptrace.h: + Use the entire word in ptrace_get_vec_len() and ptrace_read_vec(). + For compat binaries, use the upper 32-bits as the next word instead + of calling ptrace(2) to get it. This reduces the number of ptrace(2) + calls when reading argv and envp for compat binaries. + [cf5d1ae47dbe] + +2022-05-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + We don't need to align strings in the string table. We align the + start of the string table to a word boundary to help prevent overlap + when writing the pointers. However, the actual strings themselves + don't need to be aligned. + [219a1a07fc2e] + +2022-05-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + Avoid potentially overwriting string table when writing argv. In + compat mode, if argc is odd, writing the last pointer of argv will + overlap with the address of argv[0], so leave an extra word in + between. Also remove incorrect comments about PTRACE_PEEKDATA + unaligned access. + [13f7e63a31bd] + + * src/exec_ptrace.c, src/exec_ptrace.h: + Use native word size for padding and when reading/writing strings. + If we try to use the compat word size we can end up in a situation + where a subsequent PTRACE_POKEDATA overwrites part of what we've + already written since it always writes in sizeof(long) units. + [e0d7fdc3f8e2] + +2022-05-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_ptrace.c: + ptrace_intercept_execve: rewrite path to exec if changed by the + policy + [089f0e32cf2a] + + * src/exec_ptrace.c: + ptrace_intercept_execve: plug memory leak of get_execve_info() + buffer + [5ce2cf252c80] + + * MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c, + src/exec_ptrace.h: + Move register definitions to exec_ptrace.h + [59cc9bec6925] + + * src/exec_ptrace.c: + Add support for intercepting 32-bit binaries on 64-bit systems. We + need to define the ptrace register struct ourselves for the 32-bit + system since there is no good way to get it from the system headers. + Currently only implemented for x86_64 and aarch64. + [a0407bb1fee0] + + * src/exec_ptrace.c: + Add setters and getters for ptrace(2) register access. This will be + used when running 32-bit binaries from a 64-bit sudo. + [f7da9453d9fa] + + * src/exec_ptrace.c: + exec_ptrace_handled: don't return early if ptrace_intercept_execve() + fails. We need to continue the traced process even if there is a + fatal error. Otherwise, sudo will appear to hang as the running + process is left in PTRACE_EVENT stop. + [5b3bd75c4486] + + * src/exec_ptrace.c: + Don't use PTRACE_GETREGS, it is too complicated when runing compat + binaries. Unlike PTRACE_GETREGSET, PTRACE_GETREGS requires that we + manually map registers from 64-bit to 32-bit layouts when running, + e.g. a 32-bit binary from a 64-bit sudo process. + [bb3476230373] + +2022-05-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/defaults.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/exec_nopty.c, src/exec_pty.c, + src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: + Initialize intercept_allow_setid to true if we use ptrace(2) and + seccomp(2). + [57e58c0ada44] + +2022-05-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c, + src/sudo_exec.h: + If the process is already being traced, just resume it and clear + flags. This makes it possible to run sudo in ptrace intercept mode + from within a shell (or other process) that is already being traced + by sudo. + [db4d7cd5f673] + + * src/exec_ptrace.c: + exec_ptrace_handled: fix delivery of non-stop signals. We need to + deliver signals to the tracee as long as it is not a group stop. + Fixes a hang while tracing another sudo process. + [4ede8b4cfbd9] + + * src/exec_nopty.c: + Make SIGCHLD handler more consistent with the pty version. No real + change other than a few debug statements. + [bd52284b1e2a] + + * plugins/sudoers/parse.c: + sudoers_lookup_check: preserve intercepted flag when reinitializing + cmnd_info Otherwise we may not reject an attempt to run a set-user- + ID command. + [43d72d1537b2] + + * src/exec_nopty.c, src/exec_pty.c: + Kill the command if intercept_setup() or ptrace_seize() fail. + [1037f81b327b] + +2022-05-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match_command.c: + Move intercept setid check out of do_stat() and into its own + function. For command_matches_all() we should only perform the setid + check if the file exists and intercept is enabled. Otherwise, we can + end up returning an error if the fully-qualified command does not + exist. Fixes a regression introduced in sudo 1.9.0 with the support + for digests in conjunction with "sudo ALL". + [1b5f9ed2160a] + + * src/exec_ptrace.c: + Add support for intercepting x32 binaries on Linux x64_64. + [c5fc89f38c43] + +2022-04-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac: + Sudo 1.9.11 + [d3e832f94348] + + * plugins/sudoers/auth/kerb5.c, src/exec_ptrace.c: + Fix typos + [8ef3e84fc62e] + + * MANIFEST, docs/CONTRIBUTORS.md, po/ka.mo, po/ka.po: + New Georgian translation from translationproject.org + [f6b9c7d2192c] + + * src/exec_ptrace.c: + Short-circuit the policy check if the command doesn't exist. + Otherwise, both sudo and the shell will report the error. + [f16f1b6705d9] + + * src/exec_ptrace.c: + Add support for replacing argv in ptrace intecept mode. The new argv + is written below the tracee's stack and the system call argument is + replaced with the new argv address. + [3974c784be8b] + + * src/exec_ptrace.c: + Check architecture in the seccomp filter. Currently only supports + the native architecture. + [13f88e436ae0] + + * src/exec_common.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_ptrace.c: + Suspend the child process and wait for SIGUSR when using ptrace. + This fixes a race condition in ptrace-based intercept mode when + running the command in a pty. It was possible for the monitor to + receive SIGCHLD when the command sent itself SIGSTOP before the main + sudo process did. + [cf1f0bea9931] + + * plugins/sudoers/parse.c, src/exec.c, src/selinux.c, src/sudo.h: + Enable intercept and log_subcmds for SELinux using ptrace and + seccomp. + [5d7a3df4457e] + + * src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c, + src/sudo.c, src/sudo.h: + For ptrace intercept mode, do not do a policy check for the initial + command. We can skip the policy check for the execve(2) of the + initial command since it has already been check. Otherwise, we would + log the command twice. When using fexecve(2) due to a digest check, + there should be no need to skip the initial command since it will be + executed via execveat(2) not execve(2). However, on older kernels + without execveat(2), glibc will emulate fexecve(2) using /proc which + will result in the extra log entry. + [e411d6bc3855] + + * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in: + Update intercept documentation. + [f44f1cb2a5d2] + + * src/exec_intercept.c, src/exec_ptrace.c: + In ptrace(2) intercept mode, add execveat to the seccomp(2) filter. + This allows us to avoid logging the initial command twice regardless + of whether the kernel supports execveat(2) or not. + [d39bd5adac13] + + * src/exec_ptrace.c: + Use PTRACE_GETREGS/PTRACE_SETREGS on platforms that support it. This + has a better chance of working on things like user-mode Linux. + [c53475bd4020] + + * MANIFEST, src/Makefile.in, src/exec_intercept.c, + src/exec_intercept.h, src/exec_nopty.c, src/exec_ptrace.c, + src/exec_pty.c, src/sudo_exec.h: + Check the policy for ptrace-based intercept mode. + [6eadd667ca6d] + + * src/exec_ptrace.c: + Add support for getting the execve(2) arguments via ptrace(2). This + will be used to perform a policy check in intercept mode. + [84b23ae53e2f] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/exec_intercept.c, src/exec_nopty.c, src/exec_ptrace.c, + src/exec_pty.c, src/sudo.h, src/sudo_exec.h: + Add scaffolding for ptrace-based intercept mode. + [34a6269ac4eb] + + * include/sudo_compat.h, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c: + Stop using the WCONTINUED flag with waitpid(2). We don't use it for + anything other than a debug message and it will cause problems when + intercept mode starts using ptrace(2). + [1f55993d68eb] + + * src/exec_nopty.c, src/exec_pty.c: + Handle multiple child processes in the SIGCHLD handler. This is + required by the uncoming ptrace intercept code. + [6dd72fb8f53f] + +2022-04-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/iolog_writer.c, logsrvd/logsrvd_journal.c, + plugins/sudoers/log_client.c: + sudo_logsrvd: update elapsed time for winsize and suspend in journal + mode Fixes a bug in store-first relay mode where the commit point + messages sent by the server were incorrect. + [5607e8c7b559] + +2022-04-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/visudo.man.in, docs/visudo.mdoc.in: + Fix typo; GitHub issue #144 + [fb1a539569b4] + +2022-04-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/TROUBLESHOOTING.md: + Expand section about expired accounts to include /etc/shadow info. + GitHub issue #143 + [78368dadddfb] + + * src/exec_monitor.c: + Add struct command details * to struct monitor_closure. This will be + used in the future by the ptrace intercept code. + [0603acf1ff96] + + * src/exec.c: + Translate "unable to set limit privileges" strings. + [a8426e224497] + + * ABOUT-NLS, MANIFEST, docs/CONTRIBUTING.md: + Remove ABOUT-NLS file, it is no longer maintained as part of GNU + gettext. Expand the Translations section in CONTRIBUTING.md. + [b4f0269a8f13] + + * src/exec.c, src/exec_intercept.c: + Don't require a pty for intercept or log_subcmmds. The code to take + back control of the tty before a policy check doesn't appear to be + needed. If the command is run in its own pty, sudo has control over + the user's tty. If the command is run in the user's tty, sudo should + be in the foreground process group. + [bddcc0d9fee6] + +2022-04-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac: + Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU + libc. This should be replaced by a specialized autoconf macro when + one becomes available. + [f63b7f9ea5c2] + +2022-04-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/regress/testdata/check_example_group_plugin_is_able_t + o_debug.log, plugins/python/regress/testhelpers.c: + clean_output: prune lines that consisting of '^' characters and + whitespace. Starting with Python 3.11, backtraces may contain a line + with '^' characters to bring attention to the important part of the + line. Also replace "REJECT" with "0" in backtrace output for Python + 3.11. + [f6a5d1c05b2b] + +2022-04-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private. + [4f3fd0d1fd34] + +2022-04-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in, + lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/python/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS + [92aa57606481] + + * INSTALL.md: + Mention other hardening compilation and linker options. + [7da9cf428e39] + +2022-03-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Fix check for EVP_MD_CTX_new using static libcrypto with + dependencies. + [c02d6b6e474c] + + * configure, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4, scripts/ltmain.sh: + Update to libtool 2.4.7. + [b8824f6b792c] + +2022-03-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + --enable-openssl: don't add non-existent directories to + PKG_CONFIG_LIBDIR + [daa9cab172da] + +2022-03-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Fix a typo in the AIX section. + [4d122a222632] + +2022-03-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/crc32.c, lib/zlib/crc32.h, lib/zlib/deflate.c, + lib/zlib/deflate.h, lib/zlib/gzguts.h, lib/zlib/gzlib.c, + lib/zlib/gzread.c, lib/zlib/gzwrite.c, lib/zlib/infback.c, + lib/zlib/inffast.c, lib/zlib/inflate.c, lib/zlib/inflate.h, + lib/zlib/inftrees.c, lib/zlib/trees.c, lib/zlib/zlib.exp, + lib/zlib/zlib.h, lib/zlib/zutil.c, lib/zlib/zutil.h: + Update embedded copy of zlib to version 1.2.12. Fixes CVE-2018-25032 + [3e2517079d86] + +2022-03-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/kerb5.c: + Minor style nit. + [9bdde2c81a3d] + + * Merge pull request #138 from dfskoll/main + + If we're using Kerberos, don't overwrite a custom prompt + [266b04c9ee0a] + +2022-03-16 Dianne Skoll <dianne@skoll.ca> + + * plugins/sudoers/auth/kerb5.c: + If we're using Kerberos, don't overwrite a custom prompt if one was + given with -p + + Thanks to @thend20 for testing this patch. + [e62136f88c3e] + +2022-03-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/conversation.c: + Write the \r\n pair to ttyfp if possible, falling back on fp. This + is consistent with the vfprintf() call and fixes a problem + introduced by the last commit where the newline could be written + before the message instead of after. + [3aaebbec4ee5] + + * include/sudo_util.h, + plugins/sudoers/regress/starttime/check_starttime.c: + Adjust starttime test when run under Debian faketime. Bug #1026 + [b8ac7dec6e11] + +2022-03-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/conversation.c: + sudo_conversation_printf: convert trailing nl to cr + nl combo. This + fixes output when the terminal is in raw mode and is consistent with + how sudo_conversation() behaves. + [e377f2a71021] + + * lib/eventlog/eventlog.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c, src/tgetpass.c: + Block SIGCHLD when forking the mailer. Otherwise, it may be picked + up by the signal handler instead of our waitpid(2) call. Don't warn + if waitpid() returns 0 in a SIGCHLD handler. + [e34a3f90de5b] + + * plugins/sudoers/sudoers.c: + Do not warn, log or send mail for errors when reinitializing + defaults. If there is a problem, we would have already warned, + logged or mailed it. The one exception is the initial defaults, + which should never fail. + [0d273f4d307d] + + * plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.c, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c: + If there are multiple parse errors, send them in a single mail + message. + [5de37ad1101f] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Unset LANGUAGE when running tests, otherwise it may override LC_ALL. + Bug #1025. + [87573102f25b] + +2022-03-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + Looser owner/permission checks for an uninstalled sudoers file. We + don't check the owner or permissions on a sudoers file that is + specified as an argument to visudo by default. However, the owner + and mode of files included via @includedir were still checked. This + commit makes the owner and permissions checks for filed included via + @includedir follow the same as for the original sudoers file. + [db78857306d4] + + * lib/util/regress/getdelim/getdelim_test.c: + getdelim_test: increase longstr to check end pointer after realloc + This would have caught the recent bug in our getdelim replacement + when run under address-sanitizer or valgrind. + [6559a42a3205] + + * plugins/sudoers/check_aliases.c: + Add missing va_start/va_end around call to sudoers_error_hook(). + Coverity CID 250885 + [49d026ba67b2] + + * lib/util/getdelim.c: + Correctly update the end pointer when we expand the buffer. From + Robert Manner. + [99617ae8332d] + +2022-03-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/secure_path.c: + sudo_secure_path: pass the struct stat * argument directly to + stat(2) Set the pointer to a struct stat on the stack if st is NULL. + Avoids a needless memcpy() at the end. + [11636745ce29] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Fix off-by-one when storing line number in userspec. We store the + line number *after* parsing the newline so we need to subtract one. + [40d6521a966e] + + * lib/eventlog/eventlog.c: + For alert messages, the command or runuser may not be set. This + fixes the logging of parse errors when JSON logging is enabled. + [cfde228ef422] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Pass file, line and column to sudoers defaults callbacks. + [04a26b1a224c] + + * plugins/sudoers/audit.c, plugins/sudoers/check_aliases.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.c, + plugins/sudoers/file.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/sudoers/test18.toke.ok, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/visudo.c: + Add a hook for sudoers parse errors (including defaults and + aliases). The hook can be used to log parser errors (sudoers module) + or keep track of which files have an error (visudo). Previously, we + only kept track of a single parse error. + [601915bb6265] + +2022-03-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/sudoers/test18.out.ok, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Add a source to struct sudo_nss and use it if getdefs() fails. Also + remove useless "Problem with defaults entries" warning in + testsudoers. + [f9ba65e975a0] + +2022-03-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/regress/getgrouplist/getgrouplist_test.c: + Plug a few test memory leaks now that they return from main(). + [dc4db97a1d57] + +2022-03-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/regress/logwrap/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c: + Remove extra newline in sudo_warnx() calls. + [3366401671fc] + + * plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/file.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Preserve the column and error message when there is a syntax error. + This information is now included in the error mail sent to root. + [a224b006bfb3] + + * plugins/python/python_plugin_common.c: + Deinit python subinterpreters in reverse order (last to first). This + appears to work around a crash on OpenBSD with Python 3.9.10. + [ad4d7b33da9b] + +2022-03-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_10 for changeset 3557db693da4 + [edcb9bf4d4c3] <1.9> + + * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.10 from tip. + [3557db693da4] [SUDO_1_9_10] <1.9> + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + For 'make check-verbose' run fuzzers with -verbose=1 This is the + default for libFuzzer but not for the stub fuzzer lib. + [7f2551a87c08] + +2022-03-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md: + INSTALL.md: Mention "make check" and "make check-verbose" + [17a30e329ba7] + + * scripts/generate_test_coverage.sh: + Repair generate_test_coverage.sh after move to scripts directory. + [ffef93da0436] + + * Makefile.in, docs/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in, + lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/python/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add check-verbose Makefile target that runs tests in verbose mode. + [929d079dbfc7] + + * lib/eventlog/regress/logwrap/check_wrap.c, + lib/iolog/regress/host_port/host_port_test.c, + lib/iolog/regress/iolog_filter/check_iolog_filter.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_timing/check_iolog_timing.c, + lib/util/regress/closefrom/closefrom_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/getgrouplist/getgids.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/mktemp/mktemp_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsig/strsig_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/uuid/uuid_test.c: + Add -v option parsing to regress tests, currently a no-op. This will + be used by a "check-verbose" target in the future. + [9cdcc23e6a70] + +2022-03-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.h: + Less verbose output unless the -v option is used. Also display a + test summary at the end. + [b18a8f6526e9] + + * src/regress/net_ifs/check_net_ifs.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c: + verbose flag is boolean, not int + [8663ac48be27] + + * configure.ac: + Update copyright year. + [461698b72a64] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Regenerate dependencies. + [f007ec225986] + + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/regress/closefrom/closefrom_test.c: + Add sudo_closefrom() regression test. + [14f4439a8437] + + * NEWS, config.h.in, configure, configure.ac, lib/util/closefrom.c: + Use close_range(2) in closefrom() emulation if available. On Linux, + prefer our own closefrom() emulation since the glibc version may + fail if /proc is not present and close_range() is not supported. On + FreeBSD, closefrom(3) will either call the closefrom or close_range + system call, depending on which is available. + [d84eff07783f] + + * configure, configure.ac: + Repair --enable-pvs-studio on Linux. + [add3c7fff7f5] + + * configure, configure.ac: + Mention apple radar 3710161 in the comment about broken macOS + poll(2). + [ffb6c8c070dc] + +2022-02-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/regress/net_ifs/check_net_ifs.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c: + Only display test totals unless run in verbose mode. + [f543b41f226e] + + * lib/util/regress/harness.in, plugins/sudoers/regress/harness.in: + Allow test harness to be run from any directory. Also add missing + copyright notice. + [5e60bc5beb52] + + * lib/util/regress/harness.in: + Adapt test harness for lib/util and move to regress directory. + [f415d958bca7] + + * .gitignore, .hgignore, MANIFEST, configure, configure.ac, + lib/util/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/harness.in, plugins/sudoers/regress/harness.in: + Adapt test harness for lib/util and move to regress directory. + [5f488712f797] + + * lib/fuzzstub/fuzzstub.c: + Make fuzzer stub main() quiet by default. LLVM LibFuzzer displays + the input and running time by default but we don't care about that + for the stub fuzzer library. + [728005c2de78] + + * .gitignore, .hgignore, MANIFEST, configure, configure.ac, + plugins/sudoers/Makefile.in, plugins/sudoers/harness.in: + Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script. + It is easier to maintain these tests in script form. The output now + more closely matches that of the other tests. The harness script can + be invoked directly and supports running specific tests. + [fbad6e93201e] + +2022-02-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po: + Updated translations from translationproject.org + [b2622a56fcbc] + +2022-02-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + sudo_regex_compile_v1 stub: set errstr on error + [2da61535e60d] + + * logsrvd/Makefile.in, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). We + want to fuzz our parser, not the libc regular expression code. + [2662a181acc8] + + * plugins/sudoers/regress/testsudoers/test18.out.ok, + plugins/sudoers/regress/testsudoers/test18.sh: + testsudoers/test18: don't rely on /usr/bin/w being present Fixes a + test failure on Alpine Linux. + [5b3915cef32b] + +2022-02-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Add configure check for gzclearerr() when using system zlib. + [388dd60cd577] + + * configure, configure.ac: + Fix PVS-Studio platform check for macOS. + [cc46ae5d60a3] + + * plugins/sudoers/ldap.c: + sudo_ldap_parse_options: fix memory leak of sudoRole cn string. + Coverity CID 249976 + [bcf86c362e05] + + * src/sudo_intercept_common.c: + command_allowed: plug memory leak on strdup() failure. Coverity CID + 249972 + [f15a58ed68d6] + +2022-02-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check.c: + display_lecture: just return if callback is NULL + [3e7352fbc28b] + + * lib/eventlog/eventlog.c: + For alert messages it is possible for evlog to be NULL. Coverity CID + 238641 + [3e89523699fd] + + * logsrvd/logsrv_util.c: + iolog_seekto: initialize struct timing_closure before using. + Coverity CID 249977 + [ea53680a2367] + + * logsrvd/iolog_writer.c: + iolog_rewrite: initialize struct timing_closure before using. + Coverity CID 249971 + [d214237f3ce8] + + * scripts/mkpkg: + Allow ARCH_FLAGS to be overridden and handle macOS 12. + [f04f3405fa50] + + * scripts/mkpkg: + Prefer if [ ... ]; then over if test ...; then. + [4ba3e6ed7280] + + * .circleci/config.yml: + Do not build with -Werror on macOS. Some macOS warnings are bogus, + for instance it has an incorrect getgrouplist(3) definition. + [7e5f469cb0ec] + + * .circleci/config.yml: + Build and test macos with circleci. + [fc62dc986646] + +2022-02-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention lecture behavior change. + [cc034a54eb11] + + * lib/iolog/regress/iolog_filter/check_iolog_filter.c: + Fix compilation on systems without a real openat(2). + [25067ad6772b] + + * plugins/sudoers/match_digest.c: + Better warning message when the digest in sudoers is the wrong + length. + [c2043906f356] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is + set. + [fd3d5706ffda] + +2022-02-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/timestamp.c: + Display the lecture immediately before prompting for a password. + This means we no longer display the lecture unless the user is going + to enter a password. Authentication methods that don't interact with + the user via the terminal don't trigger the lecture. + [17ef981664c3] + + * NEWS, plugins/sudoers/logging.c: + Add back warning when a user is not allowed to run a command. + Previously, the warning was displayed when a user was not in the + sudoers file, or was present but not listed for the local host. The + new behavior is to display the warning if a command is denied and + mail is sent to the administrator. Whether or not mail is sent is + controlled by the "mail_*" flags in sudoers. The warning text is now + "This incident has been reported to the administrator." which is + hopefully less confusing. The message will not be printed if either + the "mailto" or "mailerpath" sudoers settings are disabled. + [dcaeadb7e558] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Document that negating mailto or mailerpath disables sending mail. + [02d8aabd9af3] + + * TODO: + Remove obsolete TODO file. + [98e112abab92] + +2022-02-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + Don't try to send mail if mailto not set or the mailer is not + present. + [37166e692a9c] + +2022-02-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo, + po/ro.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/vi.mo, + po/vi.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [194b42011062] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/iolog_filter/check_iolog_filter.c, + lib/iolog/regress/iolog_filter/test1/log, + lib/iolog/regress/iolog_filter/test1/timing, + lib/iolog/regress/iolog_filter/test1/ttyin, + lib/iolog/regress/iolog_filter/test1/ttyin.filtered, + lib/iolog/regress/iolog_filter/test1/ttyout, + lib/iolog/regress/iolog_filter/test2/log, + lib/iolog/regress/iolog_filter/test2/timing, + lib/iolog/regress/iolog_filter/test2/ttyin, + lib/iolog/regress/iolog_filter/test2/ttyin.filtered, + lib/iolog/regress/iolog_filter/test2/ttyout, + lib/iolog/regress/iolog_filter/test3/log, + lib/iolog/regress/iolog_filter/test3/timing, + lib/iolog/regress/iolog_filter/test3/ttyin, + lib/iolog/regress/iolog_filter/test3/ttyin.filtered, + lib/iolog/regress/iolog_filter/test3/ttyout: + Add tests for iolog filtering. This is the functionality used by the + log_passwords and passprompt_regex options. + [07e587dfd765] + + * lib/iolog/iolog_filter.c: + iolog_pwfilt_run: apply regex on ttyout even if we disabled + filtering. The heuristic used to decide when to disable filtering is + when we see another ttyout buffer or find a cr or nl in the ttyin + buffer. However, we should also check the buffer that caused us to + disable filtering for a matching regex that would re-enable + filtering. Programs that prompt for a password twice might otherwise + not have the second password filtered. + [f34bf167c3b4] + +2022-02-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md, README.LDAP.md, docs/TROUBLESHOOTING.md, + docs/UPGRADE.md, docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, + docs/sudo.man.in, docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in, + docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in, + docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in, + docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in, + examples/sudo_logsrvd.conf.in: + Avoid using "note that" and "note: " in documentation. + [d75995c86fe0] + + * INSTALL.md, README.LDAP.md, README.md, docs/CONTRIBUTING.md, + docs/CONTRIBUTORS.md, docs/SECURITY.md, docs/TROUBLESHOOTING.md, + docs/UPGRADE.md, docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in, + docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in, + docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in, + docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in, + docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in, + docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in, + docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in: + Remove "please" from the documentation, it is considered bad style. + [9c4a7bc1b48c] + + * docs/UPGRADE.md: + Mention regular expressions and "sudo -l -U user" behavior change. + [9bf947ed3e30] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + Add security notes about regular expressions in sudoers rules. + [1748e3a05906] + + * NEWS: + Update NEWS for GitHub issue #134. + [c69636554901] + +2022-02-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + do_logfile_sudo: plug memory leak of full_line Coverity CID 249329 + [d1d2bc51077a] + + * plugins/sudoers/logging.c: + log_server_alert: plug potential memory leak Coverity CID 249328 + [4d01a8e7dffb] + + * plugins/sudoers/logging.c: + fmt_authfail_message: compute the exact amount of space needed. + Instead of truncating on overflow, warn and return NULL. + [96542ddc9674] + + * plugins/sudoers/parse.c: + Fix potential NULL deref if getpwuid(0) fails. Coverity CID 249326 + [23249273cd01] + +2022-02-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/parse.c, + plugins/sudoers/policy.c: + Restrict "sudo -U other -l" to users with sudo ALL for root or + "other". Having "sudo ALL" permissions in no longer sufficient to be + able to list another user's privileges. The invoking user must now + have "sudo ALL" for root or the target user. GitHub issue #134 + [e2b4f8400599] + +2022-02-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Reword some of the NEWS items for 1.9.10. + [b2d757e7889c] + +2022-02-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in, + docs/sudoers.man.in, docs/sudoers.mdoc.in, lib/util/regex.c, + po/sudo.pot: + Limit regular expressions to 1024 characters each. Avoids a problem + with the fuzzer creating large regular expressions that blow up the + glibc regcomp(). + [83b1cac11c79] + +2022-02-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * .gitignore, .hgignore, MANIFEST, configure, configure.ac, + examples/Makefile.in, examples/sudo.conf.in, examples/syslog.conf, + examples/syslog.conf.in: + Substitute values in the example syslog.conf too. Also update ignore + files for example changes + [b13a7e6a630c] + + * MANIFEST, configure, configure.ac, docs/sudo.conf.man.in, + docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in, + docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + docs/sudoers.man.in, docs/sudoers.mdoc.in, examples/Makefile.in, + examples/sudo_logsrvd.conf, examples/sudo_logsrvd.conf.in, + examples/sudoers, examples/sudoers.in: + Substitute paths set by configure in examples. Bug #1023 + [f528fe7a8f88] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update Project-Id-Version to 1.9.10. + [0ad7934baa9f] + + * plugins/sudoers/po/sudoers.pot: + Update .pot files for 1.9.10 + [c7a477455e2e] + + * NEWS, configure, configure.ac: + Sudo 1.9.10 + [b437c4c37971] + + * MANIFEST, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, include/sudo_util.h, lib/iolog/iolog_filter.c, + lib/util/Makefile.in, lib/util/regex.c, lib/util/util.exp.in, + plugins/sudoers/defaults.c, plugins/sudoers/match_command.c, + plugins/sudoers/regress/sudoers/test28.in, + plugins/sudoers/regress/sudoers/test28.json.ok, + plugins/sudoers/regress/sudoers/test28.ldif.ok, + plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test28.out.ok, + plugins/sudoers/regress/sudoers/test28.toke.ok, + plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Add helper function to compile a regex that supports (?i). + [d680d423d2df] + +2022-02-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, configure, configure.ac, docs/sudoers.man.in, + docs/sudoers.mdoc.in, examples/sudoers, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/match_command.c, + plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test28.in, + plugins/sudoers/regress/sudoers/test28.json.ok, + plugins/sudoers/regress/sudoers/test28.ldif.ok, + plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test28.out.ok, + plugins/sudoers/regress/sudoers/test28.toke.ok, + plugins/sudoers/regress/sudoers/test29.in, + plugins/sudoers/regress/sudoers/test29.json.ok, + plugins/sudoers/regress/sudoers/test29.ldif.ok, + plugins/sudoers/regress/sudoers/test29.out.ok, + plugins/sudoers/regress/sudoers/test29.toke.ok, + plugins/sudoers/regress/testsudoers/test18.out.ok, + plugins/sudoers/regress/testsudoers/test18.sh, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Add support for matching command and args using regular expressions. + Either the command, its arguments or both may be (separate) regular + expressions. + [bef0b1a14771] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Clear sudoers_errstr after it is used. This way we avoid printing + the same error message more than once if there are multiple ERROR + tokens returned from the lexer. + [8a7509cd1c46] + + * logsrvd/logsrvd_local.c: + store_iobuf_local: fix potential double free on the error path. + [f9a0e3cb3c7f] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in, + docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in, + docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in, + docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in, + docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in, + docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in, + docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in: + Update links to sudo web site and reference markdown docs. + [da9a9eb04f04] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrvd.man.in, + docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in: + Use a 4n indent for code blocks instead of the default 6n. + [7322dd26a3d4] + + * plugins/sudoers/testsudoers.c: + testsudoers: disable argument permutation in GNU getopt This makes + it easier to test commands with arguments. + [fb005b03a75e] + + * lib/iolog/iolog_filter.c: + iolog_pwfilt_run: fix types in error return + [663deea257d0] + + * lib/iolog/iolog_filter.c, plugins/sudoers/iolog.c: + Free potential leaks of passprompt_regex_handle. Coverity CID 249057 + [d562ea42ab66] + +2022-02-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #133 from Dzejrou/main + + Do not unset user timeout when no default timeout is set. + [58504381014e] + +2022-02-09 Jaroslav Jindrak <dzejrou@gmail.com> + + * plugins/sudoers/policy.c: + Do not unset user timeout when no default timeout is set. + [25f32be7d18d] + +2022-02-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/sudoers/test2.in, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test2.toke.ok: + Don't escape double quotes (") in a command when printing it. + Previously, cvtsudoers and "sudo -l" would escape double quotes in a + command or command line argument, which is not valid sudoers syntax. + [3bd0505b03e2] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in: + A few minor (mostly cosmetic) fixes. Add missing ALL to Runas_Member + and Host. Replace some tabs with spaces. Fix the syntax of a + sudoedit example. + [a943116eb35b] + +2022-02-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #132 from ninedotnine/patch-1 + + Sync example sudoers with default sudoers + [8c903452e624] + +2022-02-04 dan soucy <ninedotnine@users.noreply.github.com> + + * examples/sudoers: + Sync example sudoers with default sudoers + + `sudoers.in` was changed by 1d13533 + [f34657ff9345] + +2022-02-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * ABOUT-NLS, INSTALL.md, NEWS, README.LDAP.md, docs/CONTRIBUTING.md, + plugins/sudoers/po/README, po/README: + Upgrade http links to https where possible and fix some broken + links. + [e33d61fdafdb] + +2022-02-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + Remove "This incident will be reported." from user warnings. This + used to indicate that email had been sent to the administrator + telling them that someone tried to run sudo. Whether or not sudo + sends email is now configurable, so the warning may not be accurate. + It is also confusing to the user since they will not know who the + incident is being reported to. See also https://xkcd.com/838/ + [b2860bb51393] + + * plugins/sudoers/sssd.c: + Log fn_get_values() return code in the debug log on error. Also move + a nested switch() statement out of 'case 0' for improved + readability. + [ad609804a70c] + + * plugins/sudoers/sssd.c: + Do not return an error if we cannot connect to the SSSD connector. + This may simply mean that nsswitch.conf lists sss as a sudoers + source but SSSD is not configured for sudo. Otherwise, the user will + receive a useless "problem with defaults entries" when the sssd + backend tries to fetch the global defaults. Bug #1022. + [60bb147ed3e6] + + * plugins/sudoers/log_client.c, plugins/sudoers/logging.c: + Set client_closure to NULL after freeing it. + [20da8f0c9226] + + * plugins/sudoers/log_client.c: + client_closure_alloc: init write_bufs/free_bufs before other + allocations. We must initialize the tail queues before any possible + call to client_closure_free(), such as due to malloc() failure. + [5dd7d1ba2b76] + + * logsrvd/logsrvd_journal.c: + Add missing default return in last commit. + [e17820ba6ff8] + + * logsrvd/logsrvd_journal.c: + sudo_logsrvd: make sure journal exists before writing the alert + message. Fixes a potential NULL dereference when journaling an alert + message. + [19d109fb1420] + + * include/sudo_compat.h: + Fix compilation on Debian kFreeBSD. The configure script correctly + detects that utimensat() and futimens() are missing but the headers + define stub versions of the functions. Including sys/stat.h pulls in + the system definitions so we can override them safely. Bug #1021. + [10775e14164a] + +2022-02-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/ttyname.c: + Add fallback if /proc/self/stat or /proc/pid/psinfo is missing or + invalid. If the /proc file indicates no terminal is present there is + no fallback. Bug #1020 + [c32620c9f115] + +2022-02-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add sudoers option to perform authentication even in non-interative + mode. If noninteractive_auth is set, authentication methods that do + not require input from the user's terminal may proceed. It is off by + default, which restores the pre-1.9.9 behavior of "sudo -n". + [f06dcd0957d0] + + * MANIFEST, lib/iolog/iolog_filter.c, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7: + Work around a glibc regcomp() bug with repeated '+' operators. Glibc + regcomp() has a bug where it uses excessive memory for repeated '+' + ops. Collapse them to avoid running the fuzzer out of memory. + [db423326311f] + + * logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6: + Rebase seed corpus on updated sudo_logsrvd.conf example. + [1f30b95c6ce6] + + * logsrvd/logsrvd_conf.c: + Fix parsing of "retry_interval" in the relay section. The setting + was present but the callback was missing so it could not be parsed + in the conf file. + [09666425a392] + + * logsrvd/logsrvd_conf.c: + Use TIME_T_MAX as the upper limit when parsing timeouts. + [989eaa812d4e] + + * plugins/sudoers/auth/pam.c: + converse: don't set response pointer on error Linux pam_conv(3) says + not to set the pointer on PAM_CONV_ERR. + [79934c8631c0] + +2022-01-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/sudoers4: + Add missing sudoers4 test file for new cvtsudoers test. + [5b9f3084d9e9] + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test38.out.ok, + plugins/sudoers/regress/cvtsudoers/test38.sh: + defaults_check_conflict: it is only really a conflict if the binding + match If the Defaults name matched but the binding does not, we can + simply leave it be. Fixes a problem where given two sudoers sources + that have a host specified, if they contain conflicting Defaults + entries we would drop one of the Defaults instead of keeping both + after making them host-specific. + [9b8ad3d1e163] + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/sudoers1, + plugins/sudoers/regress/cvtsudoers/sudoers2, + plugins/sudoers/regress/cvtsudoers/sudoers3, + plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test34.sh, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test35.sh, + plugins/sudoers/regress/cvtsudoers/test36.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.sh, + plugins/sudoers/regress/cvtsudoers/test37.out.ok, + plugins/sudoers/regress/cvtsudoers/test37.sh: + Make it possible to merge a host-based Defaults with a global one. + We convert the global Defaults to a host-based one with a single + "ALL" member. Later, when we simplify the host list, we'll convert + this back to a global Defaults. + [152c16a608c1] + +2022-01-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_conf.c: + Check for garbage after [section] in sudo_logsrvd.conf. + [46a222b60747] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers.dict: + Sync fuzzing dictionary with current configuration keyword list. + [9af3929a2f6a] + +2022-01-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c: + Add new log_passwords and passprompt_regex settings. When logging + terminal input, if log_passwords is false and any of the regular + expressions in the passprompt_regex list are found in the terminal + output, terminal input will be replaced with '*' characters until a + newline or carriage return is found in the input or an output + character is received. + [1d07eaada99c] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/serialize_list/check_serialize_list.c, + plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/serialize_list.c, plugins/sudoers/sudoers.h, + plugins/sudoers/unesc_str.c: + Escape/unescape commas when serializing/deserializing a stringlist. + [17c422c0b236] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Pass the operator to the Defaults callback too. That way we can tell + what to do in callbacks for lists. + [d541809b62bf] + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_filter.c: + lib/iolog: add support for filtering password out of tty input If a + password regex is found in the tty output, tty input will be + replaced with '*' chars until a newline or another tty output + character is received. + [19c3a58dfe29] + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c: + Add a new sudoers settings log_passwords and passprompt_regex. When + logging terminal input, if log_passwords is disabled and any of the + regular expressions in the passprompt_regex list are found in the + terminal output, terminal input will be replaced with '*' characters + until a newline or carriage return is found in the input or an + output character is received. + [5fa969cfdef4] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Add a flag to avoid splitting list entries on white space. + [32ac4cd5eae7] + +2022-01-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_9 for changeset 296f4f986a7a + [cba838829505] <1.9> + + * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.9 from tip. + [296f4f986a7a] [SUDO_1_9_9] <1.9> + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + "plain text" -> "plaintext" for consistency. + [6cbefac27286] + +2022-01-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * po/ro.mo, po/ro.po: + Updated translations from translationproject.org + [c264de490846] + + * INSTALL.configure: + Sync with autoconf git. + [efd6e2df1b4f] + + * scripts/mkdep.pl: + Fix potential infinite loop when trying to format long lines. + [e17a3b7b657b] + +2022-01-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Document how commands are passed to the shell for the -i and -s + options. The concatenation of command and arguments and escaping of + special characters was not documented. Text adapted from GitHub + issue #121 from Kris Rinzwind + [852f803234af] + + * docs/TROUBLESHOOTING.md: + Also mention no_new_privs error in the troubleshooting guide. + [70cc0679098f] + + * INSTALL.md, docs/TROUBLESHOOTING.md, docs/sudo.conf.man.in, + docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in, + docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in, + docs/visudo.mdoc.in: + Replace uid and gid with user-ID and group-ID in more places. + [2b6bc95509fd] + +2022-01-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL.md: + PAM is enabled on NetBSD by default too. + [3bc31511f687] + + * INSTALL.md, README.LDAP.md, docs/HISTORY.md, + docs/TROUBLESHOOTING.md, docs/UPGRADE.md: + Use the Oxford comma consistently, it is helpful in technical + documents. + [3df4b26d035e] + + * docs/sudo.man.in, docs/sudo.mdoc.in: + Document the error message when no_new_privs is set. + [492a154dec10] + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: + Sudo now recovers from sudoers syntax errors. + [77d457c4e722] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in, + docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in, + docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in, + docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in, + docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in, + docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in, + docs/sudoers.mdoc.in, docs/sudoreplay.man.in, + docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in, + examples/sudo.conf.in, examples/sudo_logsrvd.conf: + Use the Oxford comma consistently, it is helpful in technical + documents. + [e8d29c772963] + + * INSTALL.md: + Mention docker configuration. + [8312350518cb] + + * plugins/sudoers/ldap_util.c: + Quiet a cppcheck false positive. + [023468af3269] + + * docs/CONTRIBUTING.md: + Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing + section. + [87767f7b89ad] + + * plugins/sudoers/sssd.c: + Fix logic inversion when setting negated flag. + [3e4051bc9f30] + + * src/sudo.c: + Quiet a PVS-Studio format string warning. + [77e953f3c46f] + +2022-01-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Regen .pot files. + [b999972bc90d] + + * NEWS: + Bug #1016, #1017 and negated sudoUser in LDAP. + [4ec54e728437] + + * plugins/sudoers/defaults.c: + Don't set/run early Defaults if a custom defaults_list is specified. + Defaults settings passed in by the front end are already "early" so + there is no need to treat any of them as special. + + Otherwise, we end up running the early defaults callbacks before + sudoers has been parsed. This means that, for instance, it is not + possible to disable the fqdn flag before its callback is run if sudo + is build with the --with-fqdn option. Bug #1016. + [8c6eaa503793] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Mark is_early_default(), run_early_defaults(), set_early_default() + static. They are not used outside of defaults.c. + [1045e8c7a92e] + + * plugins/sudoers/sssd.c: + Add support in SSSD for negated users. + [bca3d02cdd8b] + + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + plugins/sudoers/ldap.c: + Add support in the LDAP filter for negated users. Based on a diff + from Simon Lees + [e1d48d44229e] + +2022-01-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/mkdir_parents.c: + Use PATH_MAX, not NAME_MAX+1 for the directory entry length. On some + systems, such as Solaris, the max length of a directory entry is + filesystem-dependent. We could use fpathconf() and dynamically + allocate the name but it is simpler to just use PATH_MAX here. + [d1a097783717] + + * plugins/python/python_plugin_common.c: + Only emulate Py_FinalizeEx for Python 3.[0-5]. + [b314942c0f2f] + + * lib/util/getcwd.c, lib/util/mkdir_parents.c: + Use POSIX NAME_MAX, not the obsolete MAXNAMLEN define. Fixes + compilation with musl libc. + [a1609b2d968f] + +2022-01-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/limits.c: + When applying fallback limits, make sure we don't reduce rlim_max. + Fixes a problem where sudo could reduce the max stack size on some + systems if the original limit was higher than the fallback limit, + but not unlimited/infinity. + [1fef77204f17] + + * src/limits.c: + Don't modify the stack limit if it is >= SUDO_STACK_MIN. + [b9e473780083] + + * plugins/sudoers/Makefile.in: + The pre-install target requires visudo, add an explicit dependency. + [b5b073d2fc9b] + +2022-01-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo.c: + If sudo is not set-user-ID root, check for the no_new_privs flag on + Linux. This flag disables set-user-ID at execve(2) time and may be + set by default for some containers. GitHub issue #129. + [462249058274] + +2022-01-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/sudoers.man.in, docs/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + src/parse_args.c: + Add pam_askpass_service sudoers setting for "sudo -A". This makes it + possible to use a different PAM configuration for when "sudo -A" is + used. The main use case is to only use PAM modules that can interact + with the askpass program. GitHub issue #112. + [5f59bc3f9d81] + +2022-01-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_loginfo.c: + Improve debugging info when fdopen() fails. + [0d9711d8564a] + +2022-01-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sssd.c: + sss_sudo_free_values() checks for NULL, no need to do it manually. + [ccf012907a01] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a clang analyzer false positive. + [90b6791616b0] + +2022-01-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a clang analyzer false positive. + [3c66e9be5f24] + + * plugins/sudoers/auth/sudo_auth.c: + Fix return value for non-interactive mode for non-standalone auth + methods. AUTH_NONINTERACTIVE was being stored in the wrong variable. + [199a180e7fab] + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, po/fi.mo, + po/fi.po, po/ko.mo, po/ko.po, po/tr.mo, po/tr.po: + Updated translations from translationproject.org + [032877650fe6] + + * plugins/sudoers/cvtsudoers_merge.c: + defaults_var_matches() should return bool, not enum match_result. + Remove enum match_result as it is no longer used. + [6559769ddcd1] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c: + Quiet two PVS-studio warnings. + [3a7c89cff3d6] + + * plugins/sudoers/auth/pam.c: + Remove PAM_TTY workaround for old, buggy PAM modules. In the past, + some PAM modules assumed that PAM_TTY was set and would misbehave + (or crash) if not. This was primarily obsolete versions of Linux- + PAM, so it should now be safe to remove this. Setting PAM_TTY to an + empty string can cause its own set of issues. GitHub issue #74 + [491cb67ea43b] + +2022-01-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention fix for Bug #956 and GitHub issue #83. + [8692b9985381] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: + Push non-interactive mode checking down into the auth methods. For + "sudo -n" we only want to reject a command if user input is actually + required. In the case of PAM at least, we may not need to interact + with the user. Bug #956, GitHub issue #83 + [bc9653ffe82f] + +2022-01-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/sudoers1, + plugins/sudoers/regress/cvtsudoers/sudoers2, + plugins/sudoers/regress/cvtsudoers/sudoers3, + plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.out.ok: + userspec_overridden: fix checks when there is more than one userspec + [199996d29f50] + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.out.ok, + plugins/sudoers/regress/cvtsudoers/test36.sh: + Fix merging of global/ALL entries when each input file has a host. + If a host is specified for the input file, cvtsudoers will bind + global Defaults to that host and change host "ALL" in a userspec to + the host name. However, if all the input files have matching hosts + we can simplify the merged file by converting back to ALL after + resolving conflicts. + [bfdb2edfca71] + + * LICENSE.md: + Welcome to 2022. + [039e8c0efd7e] + + * docs/Makefile.in: + LICENSE.md moved to the top-level src dir. + [b1c2687eef9d] + +2021-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #127 from Tyler887/main + + Typo + [c4780c2a3056] + +2021-12-22 Tyler887 <tylermageeshields@gmail.com> + + * INSTALL.md: + Typo + [b650bec9f275] + +2021-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, docs/UPGRADE.md, plugins/sudoers/policy.c, src/selinux.c, + src/sudo.c: + Back out changes to enable SELinux by default. This may return in a + future release in a different form. + [73e46fbe5c27] + + * LICENSE.md, MANIFEST, README.md, docs/LICENSE.md: + Move LICENSE.md out of docs and back to the top-level. GitHub + expects it to be in the top-level directory. + [3c62dd396aff] + +2021-12-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test35.out.ok, + plugins/sudoers/regress/cvtsudoers/test35.sh: + cvtsudoers: fix a regression when merging matching Defaults. If a + host is specified with a sudoers file, we have to treat Defaults as + Defaults@host checking for duplicates. + [9db413953938] + +2021-12-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + add_defaults: add defs == NULL check to quiet coverity false + positive + [a534eee04069] + +2021-12-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test34.sh: + When merging Defaults, allow a subsequent global Defaults (no + binding) to override a prior Defaults setting with a binding. + [0be52fa6d4d8] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + add_defaults: defs can never be NULL + [9ba97823b757] + + * plugins/sudoers/cvtsudoers_merge.c: + Plug memory leak when making a default host-specific. We don't need + to allocate new space for the binding list, just the members of the + list. + [5667d09136f2] + +2021-12-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, examples/Makefile.in, examples/cvtsudoers.conf: + Add an example cvtsudoers.conf file. + [aa738148e712] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: + Add group_file, match_local, and passwd_file to cvtsudoers.conf. + Previously, these were only settable via command line options. + [a7a8b0af3c42] + +2021-12-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/TROUBLESHOOTING.md: + Remove question about running Solaris 11 binaries on Solaris 10. + Current versions of sudo use many APIs that are not present on + Solaris 10. If you want a sudo Solaris 10 binary, build it on + Solaris 10, not 11. + [0346a46cf595] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test34.out.ok, + plugins/sudoers/regress/cvtsudoers/test34.sh: + Add simple test for cvtsudoers merge functionality. + [fda86b17249a] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, + po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, po/ja.po, po/pl.mo, + po/pl.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [edfdaac9b1e7] + + * MANIFEST, plugins/sudoers/po/es.mo, plugins/sudoers/po/es.po: + Add sudoers Spanish translation from translationproject.org + [502d45c0af5f] + +2021-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Bugs #1013 and #1014 + [1a7b533c5829] + + * lib/util/mkdir_parents.c: + sudo_mkdir_parents: make sure the path we created is a directory For + extra paranoia, verify that the directory we created is still a + directory before we fchown() it. + [75c23aaa9fca] + + * docs/sudo.man.in, docs/sudo.mdoc.in: + In SECURITY NOTES, clarify that PATH may be overridden by the + policy. Bug #1014 + [4f7035d6b921] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/mkdir_parents.c, lib/util/mkdirat.c, logsrvd/logsrvd.c, + plugins/sudoers/timestamp.c, scripts/mkdep.pl: + Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). + This also allows us to make path const as it should be. + [46db77e4afb8] + + * plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap_conf.h: + Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set + the options. The switch() in the sudo_ldap_set_options_table() + function needed to be updated to treat CONF_DEREF_VAL and + CONF_REQCERT_VAL data types as int. Fix from Dennis Filder. Bug + #1013. + [5f5bdf9010d7] + +2021-12-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/SECURITY.md: + Minor formatting tweak so we can import into the sudo web site. + [220c647b6635] + + * plugins/sudoers/defaults.c, plugins/sudoers/pwutil_impl.c: + Fix CodeQL "Multiplication result converted to larger type" + warnings. + [a17db0b94018] + +2021-12-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/SECURITY.md: + Surround email addresses with angle brackets, not square backets. + [b9514c0165f2] + +2021-12-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/fa.mo, + po/fa.po, po/fi.mo, po/fi.po, po/ja.mo, po/ja.po, po/sr.mo, + po/sr.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [b2815226875b] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.9 + [e4e903808160] + +2021-12-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * README.LDAP.md, docs/CONTRIBUTING.md, docs/TROUBLESHOOTING.md, + docs/UPGRADE.md: + Minor formatting tweaks. + [eee91b1fc68c] + +2021-12-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, INSTALL.md, MANIFEST, README, README.LDAP, README.LDAP.md, + README.md, docs/CONTRIBUTING.md, docs/CONTRIBUTORS, + docs/CONTRIBUTORS.md, docs/HISTORY, docs/HISTORY.md, docs/LICENSE, + docs/LICENSE.md, docs/Makefile.in, docs/TROUBLESHOOTING, + docs/TROUBLESHOOTING.md, docs/UPGRADE, docs/UPGRADE.md, etc/sudo- + logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Convert README and docs files to markdown. This makes things look + better on GitHub and we can use the markdown version directly in the + new sudo web site. + [1cdcbce74a73] + +2021-12-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/SECURITY.md: + Policy -> Disclosure Policy + [13f278869e03] + + * Merge pull request #124 from juspence/main + + Allow sudo -g anyone and sudo -u anyone -g anytwo + [1a000f5aaba1] + +2021-12-04 juspence <87657842+juspence@users.noreply.github.com> + + * plugins/sudoers/sudoers.in: + Allow sudo -g anyone and sudo -u anyone -g anytwo + + When only the user (ALL) is specified explicitly, and the group is + implied, only sudo -u works. Specifying both the user and group, + like (ALL:ALL), is required to: + + 1) Use sudo -g by itself (with no -u user) 2) Use sudo -u and -g + together, with a -g group that is different from the -u user's + primary group + [ca31aaa0b074] + +2021-12-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/Makefile.in: + Add build dir to include search path for mksiglist.h and mksigname.h + Fixes out of tree builds on systems without sys_siglist[] or + sys_signame[]. GitHub issue #123. + [fccd76813052] + +2021-11-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/cvtsudoers_merge.c, + plugins/sudoers/regress/cvtsudoers/sudoers1, + plugins/sudoers/regress/cvtsudoers/sudoers2, + plugins/sudoers/regress/cvtsudoers/sudoers3: + cvtsudoers: better merging of lists that are not exact duplicates + When merging rules, if one list would be overridden by another, + remove the overridden rule and continue merging. + [19dc52bd9c6f] + +2021-11-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Update NEWS with latest changes. + [fafe74e0b20f] + +2021-11-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/edit_open.c: + dir_is_writable: don't treat EPERM from faccessat() as a fatal + error. We can get EPERM on Linux with SELinux. GitHub issue #122. + [25bbc56b2f6d] + +2021-11-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: add -l option to log merge actions The "-l logfile" + option can be used to store a log of what actions cvtsudoers took + when merging multiple files. For example, which aliases were + renamed, which entries were overriden or removed as duplicated. + [fa96976882aa] + + * NEWS, configure, configure.ac: + Sudo 1.9.9 + [dad415a982bc] + +2021-11-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, docs/CONTRIBUTORS, po/fa.mo, po/fa.po: + New Persian (Farsi) translation from translationproject.org + [3665533a7219] + +2021-11-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_csv.c: + Quiet a PVS Studio warning. The warning that need_comma is always + false is correct but in this case it is better to use a consistent + construct so that if the code is re-ordered no bugs are introduced. + [5109a34444f5] + + * lib/util/getentropy.c: + Pass correct size to free_zero(). Coverity CID 241233 + [2ba51f57deb5] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/defaults.c, + plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c: + Add reference counting to Defaults bindings. Previously, we checked + that the previous entry's binding pointer was not the same while + freeing. However, to be able to merge Defaults records we cannot + rely on Defaults entries with the same binding being immediately + adjacent. This removes the prev_binding checks in favor of a + reference count which allows us to plug the memory leak in + cvtsudoers when merging Defaults. + [0a789516622b] + +2021-11-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/parse.h: + cvtsudoers: merge aliases when multiple sudoers files are specified + Duplicate aliases are remove. If there are conflicting alias names, + the conflicts are renamed by appending a numerical suffix. For + example, if there are two SERVERS Host_Aliases, the second one will + be renamed to SERVERS_1. + [d9b602626b8c] + + * plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: merge Defaults when multiple sudoers files are specified + If a hostname is specified with the sudoers file, it will be used to + make the Defaults setting host-specific, if possible. Duplicate + Defaults settings are removed and conflicts are warned about. It is + not possible to resolve all conflicts automatically. + [756b05304ccb] + + * plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: merge userspecs when multiple sudoers files are + specified If a hostname is specified with the sudoers file, it will + be used to make the userspec host-specific, if possible. Duplicate + userspecs are removed but conflicting entries are not currently + pruned. + [643b533bb4f4] + + * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in: + Document how to merge sudoers files with cvtsudoers. + [241c3786f5a8] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c: + init_parse_tree() now takes ownership of lhost and shost, if any. + This means that lhost and shost in struct sudoers_parse_tree are no + longer const and that free_parse_tree() will free lhost/shost. The + only consumer that passed in lho.st/shost was the SSSD back-end + which has been updated to avoid a double-free. + [650bb75666fb] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_merge.c: + cvtsudoers: use init_parse_tree() to initialize a parse tree. Also + free the parse tree before exit. + [9d8f8bb88192] + + * MANIFEST, Makefile.in, etc/macos-background.png, etc/sudo- + logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Add a background image for the macOS installer. + [39889307b278] + + * scripts/pp: + Update PolyPkg + [44b1d08be1b0] + +2021-11-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + mkpkg: handle a macOS SDK that just uses the major version. For + example, MacOSX11.sdk instead of MacOSX11.3.sdk. + [ce41fc5aa672] + + * lib/util/Makefile.in: + Add missing dependencies for timegm. + [b20c4936504b] + +2021-11-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c: + Add support for specifying the hostname as a prefix to the sudoers + file. If present, the host name is copied into the struct + sudoers_parse_tree. + [e87e11cccb6e] + +2021-11-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c: + cvtsudoers: parse multiple sudoers files and store them in a tail + queue In the future the parsed files will be merged before they are + output. + [89c77b3f4157] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Add sudoers_parse_tree_list, a tail queue of struct + sudoers_parse_tree. This will be used to store multiple parse trees + and merge them into a single sudoers_parse_tree. + [073ada18f18b] + + * docs/CONTRIBUTING.md: + Fix formatting of links. + [df50208b3f70] + + * MANIFEST, docs/CONTRIBUTING.md: + Add contributing guide. + [a99f3a0757f6] + + * .github/workflows/codeql-analysis.yml: + Create codeql-analysis.yml + [efab25dab29c] + +2021-11-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, docs/SECURITY.md: + Add security doc, inspired by the Microsoft template. + [0a8012f8ee35] + + * .gitignore, .hgignore, INSTALL, MANIFEST, Makefile.in, README, + configure, configure.ac, doc/CONTRIBUTORS, doc/HISTORY, doc/LICENSE, + doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE, + doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/fixman.sh, + doc/fixmdoc.sed, doc/schema.ActiveDirectory, doc/schema.OpenLDAP, + doc/schema.iPlanet, doc/schema.olcSudo, doc/sudo.conf.man.in, + doc/sudo.conf.man.in.sed, doc/sudo.conf.mdoc.in, doc/sudo.man.in, + doc/sudo.man.in.sed, doc/sudo.mdoc.in, doc/sudo_logsrv.proto.man.in, + doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in, + doc/sudo_logsrvd.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudo_plugin_python.man.in, + doc/sudo_plugin_python.mdoc.in, doc/sudo_sendlog.man.in, + doc/sudo_sendlog.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, + doc/sudoers.man.in.sed, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in, docs/CONTRIBUTORS, docs/HISTORY, docs/LICENSE, + docs/Makefile.in, docs/TROUBLESHOOTING, docs/UPGRADE, + docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/fixman.sh, + docs/fixmdoc.sed, docs/schema.ActiveDirectory, docs/schema.OpenLDAP, + docs/schema.iPlanet, docs/schema.olcSudo, docs/sudo.conf.man.in, + docs/sudo.conf.man.in.sed, docs/sudo.conf.mdoc.in, docs/sudo.man.in, + docs/sudo.man.in.sed, docs/sudo.mdoc.in, + docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in, + docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in, + docs/sudo_logsrvd.man.in, docs/sudo_logsrvd.mdoc.in, + docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in, + docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, + docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in, + docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, + docs/sudoers.man.in, docs/sudoers.man.in.sed, docs/sudoers.mdoc.in, + docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in, + docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in, docs/visudo.man.in, + docs/visudo.mdoc.in, etc/codespell.skip: + Rename "doc" directory to "docs" for better GitHub compatibility. + [1268c3ae0916] + + * lib/util/Makefile.in: + Use $(SED), not sed, when generating mksiglist.h/mksigname.h + [7a7b636a3f32] + + * configure, configure.ac, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Add configure check for sha1sum and use "openssh dgst -sha1" if + missing. Only needed when building the seed corpus zip files. + [3c74ceba0446] + + * include/sudo_compat.h: + sudo_compat.h: include unistd.h regardless of OS type This helps to + avoid issues with mismatched headers and libraries. + [4a22435a2832] + +2021-11-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + install_sudoers: fix return value when there is no temp file to + install This can happen when no changes were made. Also preserve the + edited temp file on error if we are unable to move it into place. + [01c1052ac874] + + * plugins/python/regress/testdata/check_multiple_approval_plugin_and_a + rguments.stdout: + Bump plugin version in test data to 1.18. + [138b9f6a6143] + + * plugins/sudoers/defaults.c: + free_defs_val: free rlimits like strings (which they are). + [ade32de829cb] + + * plugins/sudoers/visudo.c: + Rename {check,set}_perms variable to {check,set}_mode. Avoids a name + clash with the set_perms() function. + [a2dfa0d36690] + + * src/edit_open.c: + Avoid symbol name clash with is_writable() function variable. Rename + "is_writable" variable to "writable". + [a52bd106933b] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document new resource limit settings. + [022e51bff860] + + * doc/UPGRADE: + Mention that the core dump size resource limit now defaults to 0. + [22997e8008c9] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, src/exec.c: + Document resource limit support in command_info[] and Bump plugin + API minor. This is supported beginning with sudo 1.9.9 and plugin + API 1.17. + [2004a71a11b3] + +2021-11-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c, + src/limits.c: + Use strtoul() on systems without strtoull(). We can assume that + systems without strtoull() have 32-bit resource limits. + [59c1be5a0387] + + * src/exec.c, src/limits.c, src/sudo.c, src/sudo.h: + Add front-end support for setting resouce limits. The special value + "user" means preserve the invoking user's limit. The value "default" + means don't override the default limit for the user as assigned by + the system (PAM, loging.conf, userdb, etc). + [7ad6961d5d72] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults, + plugins/sudoers/policy.c: + Add basic support for setting resource limits in sudoers. The + default for rlimit_core is "0,0" Resource limits are passed back to + the front-end in command_info[] when set. + [298d5e228635] + + * src/edit_open.c: + switch_user_nonfatal: only define if using faccessat() + [1a6b2c0240f5] + +2021-11-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c: + visudo: add -O and -P options to check/set owner and permissions. + This can be used in conjunction with the -c option to check that the + sudoers file ownership and permissions are correct. Bug #1007 + [1f20721148b0] + +2021-11-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/UPGRADE: + UPGRADE: mention SELinux behavior change. + [0b8cef633225] + + * src/selinux.c, src/sudo.h, src/sudo_edit.c: + Rename selinux_setcon -> selinux_setexeccon + [50bde2e4d922] + + * src/selinux.c: + In the SELinux role is "unconfined_r", disable SELinux support. We + only want to apply SELinux to confined users. This is a bit of a + hack as unconfined_r is specific to the targeted policy. + [aaa8ee97f31e] + + * src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Separate out the code to compute the context from selinux_setup(). + This makes it possible to determine whether we really need to + execute the command via the sesh helper. What was left of + selinux_setup() is now selinux_relabel_tty() and + selinux_audit_role_change(). + [687a81e59fdd] + + * plugins/sudoers/policy.c, src/selinux.c, src/sudo.c: + Pass status of selinux sudoers setting to front-end as selinux-rbac. + The front-end uses this to decide whether or not to enable SELinux. + If selinux-rbac is true _or_ if it is not present and selinux_role + or selinux_type are set, SELinux support is enabled. Previously, + SELinux support was only enabled if a role was specified. + [2f21ae08ebbd] + + * src/edit_open.c: + dir_is_writable: add fallback if changing UIDs fails The SELinux + policy may not allow uid/gid changes which will break the + writability checks and cause sudoedit to fail. + [5c5928a0c314] + +2021-11-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Build python package on Fedora + [7261434fc60c] + +2021-11-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/selinux.c: + Make get_exec_context static, it is unused outside selinux.c. + [be59f91e53dd] + + * doc/sudo.conf.mdoc.in: + Fix lint warning: skipping paragraph macro: Pp before Bd + [f84297a652d8] + +2021-10-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + Escape some minus signs ('-') as required by newer groff. + [4a1a2d6d5c19] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/timegm.c, + plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/parse.h, scripts/mkdep.pl: + parse_gentime: use timegm() to generate time since the epoch The + timegm() function is non-standard but widely available. Provide an + implementation for those systems that lack it. Bug #1006 + [3ca20dfdb44c] + + * include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl: + Fix pasto in gmtime_r and localtime_r macros. Also add missing + Makefile targets for them. + [2310e188fdd4] + + * plugins/sudoers/gmtoff.c: + Take daylight saving time into consideration when computing offset. + Otherwise, the resulting time may be off by and hour, depending on + whether DST is currently active compared to the target time. + [20c60fe8e8fc] + +2021-10-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Back out f2d82771e7dd, arm64e on macOS is still in preview state. + Until arm64e on macOS is finalized, continue to build arm64 + packages. + [6c3bbd6ffc3a] + +2021-10-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Build arm64e ABI binaries on macOS 11 and above. We originally used + arm64 here but the correct ABI is arm64e. The arm64 arch will be + removed in a future release. + [f2d82771e7dd] + + * logsrvd/logsrvd_local.c: + Use iolog_openat() when opening the log.json file in the I/O log + dir. + [9041b20b8d01] + +2021-10-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/tls_init.c: + Use BIO_new_file() not BIO_new_fd() to read dhparams file. Older + versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly + include openssl/bio.h and openssl/dh.h for wolfSSL. + [8338f58d5ba0] + + * INSTALL, config.h.in, configure, configure.ac: + wolfSSL not WolfSSL + [4ee7f96ef87c] + + * .circleci/config.yml: + Add wolfSSL variant to continuous integration tests. + [dbbab23e069c] + + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Add libwolfssl-dev to Debian and Ubuntu Dockerfiles Fedora does not + appear to have an official wolfssl package. + [12c0feaa0ebb] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + White space in an include file path supported by sudo 1.9.1 or + higher. + [9a22034de181] + +2021-10-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/iolog/hostcheck.c, + lib/util/digest_openssl.c, lib/util/getentropy.c, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h, + logsrvd/tls_init.c, plugins/sudoers/log_client.c, + plugins/sudoers/log_client.h: + Add support for WolfSSL's OpenSSL compatibility layer. Based on + changes from Hayden Roche + [568557ecb77b] + + * lib/util/Makefile.in, plugins/sudoers/Makefile.in: + regenerate dependencies + [d36bf7724e49] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Move include of log_server.pb-c.h into logsrvd.h and sendlog.h This + way there is no include file order issue with the + PROTOBUF_C_VERSION_NUMBER check. + [23678487ffaf] + + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Add pkg-config to all Dockerfile + [63457bb84c4d] + +2021-10-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/tls_init.c: + Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not + X509_FILETYPE_PEM While they are defined to the same value in + OpenSSL one should not rely on this. + [1a1557931dbf] + +2021-10-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Fix setting _PATH_ASAN_LIB, need to double up the square brackets. + [98143164620a] + + * logsrvd/sendlog.c: + sudo_sendlog: send runenv, rungid and runuid from log.json too With + this change, sudo_sendlog can now round-trip sudo-style I/O logs + that use the newer log.json format without losing any information. + [d9d3dad6cca3] + +2021-10-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, lib/util/arc4random.c: + arc4random: need to include sys/random.h on Solaris too. This was + removed when Linux genentropy() was disabled. + [18ea9b386950] + +2021-10-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/hostcheck.c, lib/util/inet_ntop.c, logsrvd/logsrv_util.h, + plugins/sudoers/log_client.h: + Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. + [e347465e0a05] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h: + Only include log_client.h if SUDOERS_LOG_CLIENT is defined. + [c318f74cf2a8] + + * Merge pull request #118 from larb0b/main + + Define MAP_FAILED where relevant if undefined + [74f3e9f1a1f4] + +2021-10-21 Larkin Nickle <me@larbob.org> + + * lib/util/getentropy.c, lib/util/regress/mktemp/mktemp_test.c, + lib/util/snprintf.c: + Define MAP_FAILED where relevant if undefined + + On systems such as HP-UX 10.20, MAP_FAILED is not defined. + [9f4976caa567] + +2021-10-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, m4/libtool.m4: + Improve macOS version detection to support macOS 11 and simplify + legacy logic From Jeremy Huddleston Sequoia + [f09b45ab460a] + + * logsrvd/sendlog.c: + sudo_sendlog: send multiple I/O log records together if possible Try + to fill the write buffer and then send to the server instead of + sending records one at a time. + [0b084cd75d64] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + sudo_sendlog: support multiple write buffers like sudo_logsrvd + [a46b88eff200] + + * configure, configure.ac, lib/util/Makefile.in: + Always link libsudo_util.so with libcrypto.so if using OpenSSL. We + may need to use RAND_bytes() in the getentropy() emulation. + [9c805a008d76] + + * config.h.in, configure, configure.ac, lib/util/getentropy.c, + plugins/sudoers/boottime.c: + Add an explicit check for sys/sysctl.h. This test needs to be done + after AC_LANG_WERROR to avoid including sys/sysctl.h on systems + where it is marked as deprecated via a #warning directive. + [d9f1f97b0f37] + + * config.h.in, configure, configure.ac, lib/util/arc4random.c: + Use our own getentropy() by default on Linux. The glibc getentropy() + emulation will fail on older kernels that don't support getrandom(). + Also use sudo_fatal() instead of sending SIGKILL on getentropy() + failure. GitHub issue #117. + [1ca9d10ff780] + + * lib/util/getentropy.c: + Use the OpenSSL RAND_bytes() function if getrandom() fails. + [5f82f6d2ea36] + + * lib/util/Makefile.in, lib/util/arc4random_buf.c, scripts/mkdep.pl: + Fix compilation of standalone arc4random_buf(). Apparently this code + was never compiled anywhere. + [a66c68c3a976] + + * lib/util/uuid.c: + sudo_uuid_create: no longer need a union for the uuid. + [a9277bf0078c] + +2021-10-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog_free.c: + eventlog_free: free signal_name too + [1da686483f2a] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.dict: + Add new log.json keywords + [f4a30fc6c4ed] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c: + fuzz_iolog_json: initialize exit_value to -1 + [bac9826b95a1] + + * logsrvd/logsrvd.c: + Fix potential use-after-free when calling iolog_flush_all(). We need + to call iolog_flush_all() _before_ scheduling the commit point. If + we fail to schedule to commit point, the closure will be freed. + Coverity CID 220557 + [364736f15a06] + + * logsrvd/sendlog.c: + sendlog: use runargv from log.json if available + [88a0f4d7bb94] + + * logsrvd/sendlog.c: + sudo_sendlog: send exit data in eventlog if present + [fdacc0f68c56] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_local.c, plugins/sudoers/logging.c: + No longer need to pass exit params to eventlog_exit(), use struct + eventlog. Now that struct eventlog includes the exit parameters we + can simplify how eventlog_exit() is called. + [8580c0e8334d] + + * include/sudo_eventlog.h, lib/iolog/iolog_json.c, + lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c: + Read command run_time, signal and exit_value from I/O log log.json + file. + [05223c4cca0c] + + * logsrvd/logsrvd_local.c: + Log the command run-time and exit status in the I/O log. + [8b02b373f79b] + + * lib/eventlog/eventlog.c: + format_json: fix pasto when setting dumped_core boolean + [ca11285c088a] + +2021-10-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c, logsrvd/logsrvd_local.c: + Handle a missing run_time in an ExitMessage. It is now possible to + pass a NULL run_time to eventlog_exit(). + [f3e989682931] + +2021-10-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd.c: + No need to flush logs before commit point if we flush after each + write. Also document that logs are flushed before sending a commit + point even when flushing is disabled. + [50323241569d] + +2021-10-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_conf.c, lib/iolog/iolog_flush.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Flush I/O logs before we send a commit point. The commit point + message means we have written the data to disk so we should not be + buffering it any longer. We do not currently fsync(2) the data after + flushing, perhaps we should. + [5233172b7531] + + * logsrvd/logsrv_util.c: + Do not treat a resume point of [0, 0] as an error. If the connecton + is interrupted before sudo sends back a commit_point message, + resuming at [0, 0] is correct. Also add a warning on unexpected EOF + parsing the timing file. + [105f29878ad7] + +2021-10-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Display a more helpful message if the user tries to run "sudo cd". + Since "cd" is a shell built-in command it cannot be run directly via + sudo. The user either needs to spawn a shell via "sudo -s" or use + the -D option to run a command in a specific directory. + [4d45797dfb11] + + * configure, configure.ac: + Don't install sudoers.a when configured with --enable-static- + sudoers. We already avoid installing it when --disable-shared-util + is specified. + [0d2022bc07cb] + +2021-10-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + mkpkg: preserve make exit value on exit Fixes a problem where the + exit value from mkpkg was 0 even on error. + [0d0f15bf10cf] + + * plugins/sudoers/cvtsudoers_csv.c: + Fix typos in SELinux and Solaris priv support. + [16b9a1459f1d] + + * MANIFEST, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c: + cvtsudoers: initial support for CSV output For CSV output we double + quotes strings that contain commas. For each literal double quote + character present inside the string, two double quotes are output. + [8f7763b74563] + + * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + regenerate dependencies + [09d11b5c7d41] + + * docker/README, etc/codespell.ignore: + Fix typo and avoid a codespell false positive. + [81a365b29c3c] + +2021-10-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * .circleci/config.yml: + Add build-nointercept and test-nointercept + [d39877327ccc] + +2021-10-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * .circleci/config.yml: + circleci: test multiple build options We now do separate builds with + LDAP/SSSD enabled, logsrv client/server disabled, and static-sudoers + enabled. + [4d8a9b45156c] + + * configure, configure.ac, plugins/sudoers/Makefile.in: + Fix fuzzer build with when --enable-static-sudoers is used. This + introduces a sudoers-specific version of LT_STATIC instead of + appending the --tag=disable-shared to SUDOERS_LDFLAGS. I've also + removed the -static flag as it should not be needed. + [864a2fd4e3f7] + +2021-10-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * docker/README: + Mention --security-opt=seccomp=unconfined workaround for bleeding + edge. May be needed for Fedora rawhide and Ubuntu testing, among + others. + [a465fdb0a7de] + + * configure, configure.ac: + Try to handle the case where libasan.so is a linker script. Fixes + check_noexec with ASAN on Fedora where libasan.so just includes the + actual library file. + [f96d1d0cea53] + + * .circleci/config.yml, docker/README, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile: + Enable address and undefined behavior sanitizers in CI builds. We + need to disable leak sanitizer during "make check" because it uses + ptrace which is not allowed for unprivileged containers. + [9378e3856a60] + +2021-10-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * .circleci/config.yml: + Switch to Ubuntu latest for circleci build. + [1270ca1ba47d] + + * .circleci/config.yml, docker/debian/latest/Dockerfile, + docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile, + docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile, + docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile: + Add build user for circleci instead of running as root. + [27dcb5218cb2] + + * .circleci/config.yml, MANIFEST, docker/README, + docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile, + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, + docker/ubuntu/rolling/Dockerfile: + Use circleci for continuous integegration. Build container + descriptions are in the new docker directory. + [d5b5b16b0624] + +2021-10-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * .gitignore, .hgignore: + Update ignore file. + [7fe8afa88e96] + +2021-10-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoreplay.c: + Sync "sudo -l" output with normal sudo log format. It now prints + runchroot and runcwd (falling back on cwd). As a result, submithost + is now printed first, matching sudo. Also avoid printing NULL + pointers and skip entries that don't have at least command, + submituser and runuser set. + [0d6b96ec88a1] + + * lib/iolog/iolog_json.c: + iolog_parse_json_object: optimize for large argv + [5fa1929189a3] + +2021-09-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. + Can be disabled via --disable-hardening. + [589507ecadf4] + + * configure, configure.ac: + Add "-z now" to hardened link options if supported. Can be disabled + via --disable-hardening. + [11ff1d86440b] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/visudo.c: + find_editor: remove the env_error argument There is no case where we + should fail to find an editor just because the values of EDITOR, + VISUAL and SUDO_EDITOR are unavailable. Both sudoedit and the + "env_editor" sudoers setting are documented as falling back on the + hard-coded list of editors in the "editors" sudoers setting. Bug + #1000 + [caa529a0cab6] + + * plugins/sudoers/check_aliases.c: + Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr). + Avoids extraneous output in the fuzzer. + [981d3abd96c7] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Stub out sudo_printf() and avoid other use of stderr in fuzzers. + This makes it possible to parse sudoers without using quiet mode, + resulting in better coverage. + [3215cad4174f] + +2021-09-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Use a consistent version of fuzz_conversation() with all fuzzers. + Also undo a change to fuzz_sudoers.c that snuck in to the last + commit. + [8a94b06302b7] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Fuzzers should not produce output. Excessive output makes the fuzzer + runs much less efficient. + [b9c485009c0f] + + * logsrvd/logsrv_util.c: + expand_buf: fix conditional for when we need to preserve existing + data It is possible for the buffer offset to be zero when the length + is non-zero. The proper value to use is the same as is used for the + memcpy/memmove size. Fixes buffer corruption caused by a very long + command line that usually results in a dropped connection. + [59a4319b3463] + +2021-09-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, lib/util/closefrom.c: + Emulate closefrom() on macOS using proc_pidinfo(). This avoids + relying on /dev/fd which may not exist in a chroot jail. Adapted + from a change in OpenSSH by likan_999.student AT sina.com + [2e86d4150ce5] + +2021-09-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/edit_open.c: + Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure. + FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP. + This is only used to present the user with a more appropriate error + message. + [ca5499c8c40f] + +2021-09-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c: + Fix typo in last commit, use boolean AND not bitwise. + [685bd5d9ce6f] + + * doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Add the ability to filter/match by command via the -m option. For + example "cvtsudoers -m cmd=/bin/ls" would only display entries that + would allow /bin/ls to be allowed or denied. + [3534a0170c59] + +2021-09-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/pwutil.c: + Add --group-file and --passwd-file options to cvtsudoers. These are + based on the code in testsudoers. + [3286dd5dd0bf] + +2021-09-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/mkdir_parents.c: + Move cppcheck suppression annotation to where it needs to be. + [17d601bc91f3] + + * lib/util/mksigname.c: + format string fix: print signal number as unsigned. Quiets a + cppcheck warning; mksiglist.c already has this fixed. + [a28b72dceec4] + + * plugins/sudoers/ldap_util.c: + Fix memory leak on error path if snprintf() overflows. Coverity CID + 188804 + [73872d2e2cd0] + +2021-09-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c: + Avoid reinitializing other auth methods. + [af0495460943] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + expand_include: add bounds checking when expanding %h escape. + [3c0ca1f0d4e5] + + * plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Check snprintf() return values even if we preallocated the correct + amount. There are no remaining unchecked snprintf() that can + actually overflow. + [0eaf1d4daa84] + + * include/sudo_iolog.h, lib/iolog/iolog_nextid.c: + iolog_nextid(): make iolog_dir argument const. We make a copy of the + directory so there's no real reason that parameter can't be const. + [f278847ca9aa] + + * plugins/sudoers/ldap_util.c: + Amend truncation fix, the real problem was the size passed to + snprintf(). sudo_rcstr_alloc() takes a length (not a size) parameter + so when calling snprintf() we need to add one to the length. + [92f8a8b86d20] + + * plugins/sudoers/ldap_util.c: + Fix truncation of the last char of the sudoRole cn passed to + append_default(). This string is primarily used for warning + messages. Also check the snprintf() return value to avoid silent + truncation. GitHub issue #115 + [22b8d7bc62f8] + +2021-09-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_8p2 for changeset 9edebc604c58 + [67357c8687d3] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.8p2 + [9edebc604c58] [SUDO_1_9_8p2] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.8p2 + [f29fdeb8ae5b] + + * etc/codespell.exclude: + Standardize on "front-end" not "front end" in the man pages. + [b0ad634852e7] + + * configure, configure.ac: + fix typo + [4d8738449daa] + + * logsrvd/logsrvd_journal.c: + Reuse existing journal file for an accepted/rejected sub-command. + Otherwise we end up with zero-length files in the incoming queue dir + and may end up relaying one of those instead of the actual journal + file. + [4789371a43f3] <1.9> + + * logsrvd/logsrvd_journal.c: + Reuse existing journal file for an accepted/rejected sub-command. + Otherwise we end up with zero-length files in the incoming queue dir + and may end up relaying one of those instead of the actual journal + file. + [545897a2761c] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Re-enable error output for the sudoers parser. It is only the alias + and defaults warnings we need to suppress. + [114bd7756a7c] + + * src/exec_intercept.c: + Add intercept_cleanup() stub for when building w/o intercept + support. + [bd6f32a90787] + + * src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo_exec.h: + Add intercept_cleanup() to free the closure used by + intercept_accept_cb(). + [55f6aea8b517] + + * plugins/sudoers/auth/pam.c: + Don't re-initialize PAM for sub-commands. + [41d7d61e4ac5] <1.9> + + * plugins/sudoers/auth/pam.c: + Don't re-initialize PAM for sub-commands. + [faa7aec4d145] + + * logsrvd/logsrvd_local.c: + sudo_logsrvd: only send log ID for first command of a session There + is no need to send the log ID for each sub-command. + [e21b40af74f2] <1.9> + + * logsrvd/logsrvd_local.c: + sudo_logsrvd: only send log ID for first command of a session There + is no need to send the log ID for each sub-command. + [625b18c5f821] + + * plugins/sudoers/log_client.c: + Only store the first log id received from the server. Plugs a small + memory leak in intercept mode if the log server sends the log ID + again for sub-commands. + [e20563f3e152] <1.9> + + * plugins/sudoers/log_client.c: + Only store the first log id received from the server. Plugs a small + memory leak in intercept mode if the log server sends the log ID + again for sub-commands. + [ca2ad5b219cd] + +2021-09-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + fuzz_sudoers: don't warn about unknown defaults entries Some fuzzing + inputs cause a huge number of warnings and displaying them all can + result in the fuzz run timing out. If we disable the warnings we can + avoid the timeout. + [4823ee305937] + + * plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/policy.c: + Limit paths for command, cwd and chroot to PATH_MAX bytes. This + helps prevent the fuzzer from going off the rails. + [9550fa76a645] + + * plugins/sudoers/sudoers.c: + sudo -i: missing NULL terminator when moving argv to make room for + --login Fixes a potential crash for "sudo -i" when the target user + has bash as the shell (which needs the --login option). Bug #998. + [32644aae1eab] <1.9> + + * plugins/sudoers/sudoers.c: + sudo -i: missing NULL terminator when moving argv to make room for + --login Fixes a potential crash for "sudo -i" when the target user + has bash as the shell (which needs the --login option). Bug #998. + [4b297f2ead15] + + * lib/eventlog/eventlog.c: + Only append argv[] to the log line if argv[0] is not NULL. It should + not be possible to reach this point with a command defined but + argv[] empty but it doesn't hurt to check. + [61f9cf744673] + +2021-09-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check_aliases.c: + Only warn about an undefined alias or a cycle a single time. There's + no point in warning about the same problem multiple times. This + implementation assumes a small number of warnings and so just uses a + simple listed link. + [4461f65d1bad] + + * configure, configure.ac: + Remove now-unused CHECK_INTERCEPT variable. + [447dbf8bea48] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet pvs-studio false positive: V557 Array overrun is possible. + Make the zero length check explicit so as not to confuse static (or + human) analyzers. + [512ab29a9f28] + +2021-09-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/regress/testsudoers/test17.out.ok, + plugins/sudoers/regress/testsudoers/test17.sh: + Test that digest matching works with LDAP sudoCommand: ALL + [f7ec49401d4f] + + * plugins/sudoers/ldap_util.c: + Allow a digest to be specified with the "ALL" command for ldap/sssd + back-ends. This has been possible with sudoers file entries since + sudo 1.9.0 but no corresponding change was made for ldap/sssd. + [89a30bbd7dac] + + * lib/eventlog/eventlog.c: + Use localtime_r() not gmtime_r() when formatting the local time. + This is consistent with how sudo formatted time stamps prior to the + logging code being split off into libeventlog. We only need to use + gmtime_r() for ISO 8601 time. + [aee6e29ba9d6] + + * lib/eventlog/eventlog.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/sudo_debug.c, plugins/audit_json/audit_json.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/timestr.c: + Check strftime(3) return value in all cases. Old versions of + strftime(3) didn't guarantee to NUL-terminate the buffer so we + explicitly clear the last byte of the buffer and check it. + [bc402e4bd4d2] + + * config.h.in, configure, configure.ac, logsrvd/tls_init.c: + tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. Fixes a warning + on OpenSSL 3.0 and plugs a memory leak of dhparams on config reload. + [02027ea86d3b] + + * configure, configure.ac, lib/util/digest_openssl.c: + Use the EVP digest routines instead of calling SHA2 functions + directly. Avoids compiler warnings with OpenSSL 3.0. + EVP_MD_CTX_new() is only available for OpenSSL 1.1 and higher--we + will fall back to sudo's SHA2 code if necessary. + [6fbac28175f9] + + * configure, configure.ac: + When using pkg-config, don't assume the names of the ssl and crypto + libs. On the HP-UX build machines these are named libssl_pic.a and + libcrypto_pic.a to avoid conflicting with the system libs. + [a8eb772b3a4d] + + * lib/util/sudo_debug.c: + Store milliseconds in the debug file timestamp. Sometime second + granularity is not enough. + [1df3e75f1133] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/gmtime_r.c, lib/util/localtime_r.c: + Add gmtime_r and localtime_r tests and compat if missing. + [709671c493a3] + + * lib/eventlog/eventlog.c, lib/iolog/iolog_path.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/sudo_debug.c, plugins/audit_json/audit_json.c, + plugins/sample_approval/sample_approval.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gmtoff.c, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/timestr.c: + Use gmtime_r() and localtime_r() instead of gmtime() and + localtime(). + [5758514b25cb] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Plugin lines are for approval and audit plugins too. + [67bb7c0687f2] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in: + Standardize on "front-end" not "front end" in the man pages. + [68748f8cc8a6] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test16.out.ok, + plugins/sudoers/regress/testsudoers/test16.sh: + Add a test to exercise Bug #994 + [eef2ece0e8d4] + + * scripts/mkpkg: + mkpkg: limit the number of cores used to 16 + [5b8f2aa834b8] + +2021-09-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + fix typo + [120b1e7d2aca] + + * .hgtags: + Added tag SUDO_1_9_8p1 for changeset feb396a0d60d + [e5f560a935fc] <1.9> + + * configure, configure.ac: + Merge sudo 1.9.8p1 from tip + [feb396a0d60d] [SUDO_1_9_8p1] <1.9> + + * NEWS: + Bug #994. + [14ea3a741b25] + + * plugins/sudoers/ldap_util.c: + Always allocate a struct sudo_command for the command, even for ALL. + This was missed in the previous set of changes, resulting in a crash + for LDAP and SSSD rules that give sudo "ALL" privileges. Bug #994. + [91d0379b068a] + + * plugins/sudoers/Makefile.in: + Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS Fixes a fuzzer link error when + building with ldap if the ldap libs are not in the default library + search path. + [a450881f9763] + + * configure, configure.ac: + Fix the OpenSSL link order for the non-pkg-config case. Since -lssl + depends on -lcrypto, -lcrypto must be listed after -lssl. Fixes + linking of non-dynamic OpenSSL libs. + [787724ab6e87] + +2021-09-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac: + Sudo 1.9.8p1 + [fc8c69d55348] + + * src/sudo_intercept_common.c: + sudo_interposer_init: verify message type from sudo We should only + get a HelloResponse from sudo at this point. + [a021319260b3] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + Avoid symbol name clash to fix --enable-static-sudoers linking. + [5cc5e415844f] + +2021-09-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c, plugins/sudoers/policy.c: + append_defaults() should not be passed a value for boolean flags. + The operation should simply be set to true/false. Also treat a NULL + file as coming from the front-end. Bug #993. + [86e69d358916] + +2021-09-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, plugins/python/Makefile.in, + scripts/mkdep.pl, src/Makefile.in: + Teach mkdep.pl about --tag=disable-static in LTFLAGS. If static objs + are disabled we need to add explicit dependencies for .o files. The + OpenBSD libtool doesn't use a pic object file when linking + executables so we need to build the non-pic objects too. + [cdefeeb41a64] + + * configure, configure.ac: + Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. The + OpenSSL pkgconfig files only include -L paths, not -R paths. Using + SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the + binaries will run (not just link). + [29d051972287] + + * INSTALL, configure, configure.ac: + Add --enable-openssl-pkgconfig-template option. This can be used to + find the correct openssl pkg-config file if it is not named + "openssl" (also libcrypto). + [77cd3463cefa] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Some POSIX yacc fixes for bison 3.8 yyerror() must be extern void + declare tokens with type instead of using separate %type lines + [c4e57f9e7df5] + +2021-09-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_8 for changeset e25cff5d148b + [4067d7a889fa] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: + Merge sudo 1.9.8 from tip + [e25cff5d148b] [SUDO_1_9_8] <1.9> + + * .gitignore, .hgignore: + Add src/intercept.exp to ignore files. + [4eaa182a8808] + +2021-09-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo: + regen + [8c168099301b] + + * NEWS: + Mention --enable-static-sudoers fix. + [c93a42253fd0] + + * configure, configure.ac: + Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to + SUDOERS_LDFLAGS. Copy pasta is not always the best kind of pasta. + [08188442f77b] + + * MANIFEST, configure, configure.ac, m4/sudo.m4, src/Makefile.in, + src/intercept.exp, src/intercept.exp.in, src/sudo_intercept.c: + sudo_intercept.so: only replace execvpe() if it is present. + execvpe() is a GNU extension also found on *BSD (but not macOS). + [26153ad9c6ca] + + * NEWS: + We now intercept more than just execve(). + [33e453f035f8] + +2021-09-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_intercept.c: + Implement simple PATH resolution for execvp(). We want to use PATH + from the current value of the environment, not the initial value of + PATH when the policy was opened. This is a little different from how + real execvp() works since we use stat() instead of just execve(). + [fae58e1962cc] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c: + Add support for execl, execle, execlp, execvp, and execvpe. + Currently, PATH traversal is handled by sudoers which uses the + original PATH, not the one updated by the shell. + [59dfbbd39bf6] + +2021-09-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y: + Remove conditional include of alloca.h, we don't define + HAVE_ALLOCA_H. The configure check for alloca() was removed long ago + but this got missed. + [4c64529df149] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Define RBAC and mention incompatibility with intercept/log_subcmds. + [a44d8f96cad6] + +2021-09-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_intercept.c: + Fix computation of the token address when handling a partial read. + We want to treat it as an array of bytes, not an array of tokens. + Coverity CID 240011 + [0bb3fb3315ce] + + * plugins/sudoers/parse.c: + Quiet a PVS-Studio format string warning. + [4e445c646dc8] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Regen .pot files. + [4cec17bc24da] + + * plugins/sudoers/po/cs.po: + Updated translations from translationproject.org + [62fdbab57411] + +2021-09-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/Makefile.in: + regen + [a2f37ca5473b] + + * configure, configure.ac, lib/util/sudo_conf.c, scripts/mkdep.pl, + src/Makefile.in, src/exec_common.c, src/exec_intercept.c: + Do not compile intercept code if --disable-intercept is specified. + [9d31e2822c24] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + We now intercept execv() too. + [f0eac891cb5c] + + * INSTALL: + INSTALL: --disable-intercept will also disable "log_subcmds" + [55ddfdae455d] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/parse.c: + Can't use intercept or log_subcmds with SELinux RBAC. SELinux policy + will prevent the inherited socket from sudo from being used and may + also restrict the ability to connect back to the sudo process. + [b73409172859] + + * m4/ax_prog_cc_for_build.m4: + Fix typo in comment. + [3259f09e6952] + + * po/cs.mo, po/cs.po: + Updated translations from translationproject.org + [7543d0d50ee2] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h, + src/sudo_intercept_common.c: + Switch to a 128-bit token instead of a 64-bit secret. Protobuf + doesn't have a 128-bit type so use two u64s. We now support partial + reads of the token. + [e39ece25fb3b] + +2021-08-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, lib/util/Makefile.in, lib/util/regress/uuid/uuid_test.c, + lib/util/uuid.c: + Fix random uuid generation, no need to convert between byte order. + Also add regression test. + [fd2940acffc2] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + sudo_intercept.so: send the secret immediately after connecting. + Sending the secret out of band, before the message size is read, + should make it harder to mount a DoS attack. + [4c8b6577bd8c] + + * src/sudo_intercept_common.c: + Handle reading large messages that don't fit in a single recv(). We + know the length of what we are receiving so just loop until we have + it all, get EOF or an error. + [1b8aa927ea83] + + * configure, configure.ac: + Add checks for -fstack-clash-protection and -Wl,-z,noexecstack We + use -Wc,-fstack-clash-protection as the linker flag to prevent + libtool from removing it from the link line. + [7cd701b5039e] + + * src/exec_intercept.c: + Make the sudo side of the intercept socket non-blocking. + [3fe7129ea1f2] + + * src/exec_intercept.c: + Handle partial read/write by dropping back into the event loop. + [fa216d963e18] + + * src/exec_intercept.c: + intercept_check_policy: Fix double free introduced in last commit If + the command is not accepted we don't rebuild command_info[] and must + not free it. It will be freed by the policy instead. + [8bbd2af0924b] + +2021-08-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + Update runcwd in command_info[] before passing it to the audit + plugin. Since sudoers does rejected commands itself the runcwd will + still not be correct for those. + [5462a5e1d760] + + * src/exec_preload.c: + Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var. + [04d8d7750ff6] + +2021-08-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_intercept.c: + intercept_check_policy: fix potential NUL dereference on the error + path. + [4d1b3f39ccb1] + + * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/policy.c, src/exec.c, + src/exec_common.c, src/exec_nopty.c, src/exec_pty.c, src/sudo.c, + src/sudo.h: + Rename log_children -> log_subcmds + [abd73fc939c3] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo, + po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ko.mo, + po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, + po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [f948528780fb] + + * lib/util/sudo_debug.c: + Add sudo_debug_register_v2() stub for fuzzing build. + [ba522c0c2075] + + * src/exec_intercept.c: + Fix use-after-free on error. Also remove useless free of a ptr that + is always NULL on the error path. + [75200535be80] + + * src/exec_common.c: + No longer need to remap intercept fd but we do need to remap debug + fd. The intercept fd is closed in the ctor but the debug fd will + still be open. + [b48125b884f3] + + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in, + logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c, + plugins/sample_approval/sample_approval.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + src/sesh.c, src/sudo.c, src/sudo_intercept_common.c: + sudo_debug_register: add minfd argument to specify lowest fd number + Use this in sudo_intercept.so to avoid allocating a low-numbered fd + which the shell reserves for use by scripts. + [50b23c4d0531] + + * src/exec_intercept.c: + Fix command name of sub-command in logs when log_children is set. + [c1b35686d8b4] + +2021-08-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + log_allowed: pass struct eventlog * instead of argv[] and envp[]. + This lets us log based on the command_info[] list passed in from the + front-end. Previously, much of the struct eventlog was constructed + from internal sudoers state instead. + [4c4a7ddfeba3] + + * include/sudo_compat.h: + sudo_compat.h: include unistd.h on HP-UX to safely redefine + pread/pwrite HP-UX 11.31 defines static functions for pread() and + pwrite() which will conflict with our macros. + [2dd64cdc261f] + + * config.h.in, configure, configure.ac, include/intercept.pb-c.h, + src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c, + src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h, + src/sudo_intercept_common.c: + Change intercept IPC to use a localhost socket instead of inherited + fd. This allows intercept mode to work with shells that close all + open fds upon startup. The ctor in sudo_intercept.so requests the + port number and secret over the socket inherited from the parent + then closes it. For each policy request, a TCP connection is made to + the sudo parent process to perform the policy check. Child processes + re-use the TCP socket to request the port number and secret just + like the initial process started by sudo does. + [7e7e4a389f11] + + * src/exec_intercept.c: + Add a state variable to intercept_closure, replaces policy_result. + [60fae103a4cd] + + * plugins/sudoers/match_command.c: + command_matches: avoid printf("%s") of NULL in debug for sudo ALL. + [5c81c2c32b4c] + + * Merge pull request #111 from commodo/fix-cflags + + lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for + mksig{name,list} + [ee86d28da792] + +2021-08-25 Alexandru Ardelean <ardeleanalex@gmail.com> + + * lib/util/Makefile.in: + lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for + mksig{name,list} + + When cross-build support was added for mkig{name,list} was added, + the CFLAGS and CPPFLAGS should have been updated to the + HOSTCFLAGS/HOSTCPPFLAGS vars. + + In a cross-build scenario, some of these flags don't match what the + compiler can understand (because they may be architecture specific) + and may fail the build. + + Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully. + Also the output binary works on the target. + + This is in continuation of + - https://github.com/sudo-project/sudo/pull/104 + - https://github.com/sudo-project/sudo/pull/109 + + Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> + [f76870e1a6c5] + +2021-08-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_intercept.c: + Fold intercept_closure_reset() into intercept_close(). + [ff00ab240672] + + * src/exec_preload.c: + Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD. + [e4cd1043c7bb] + + * src/exec_preload.c: + Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD + vars. + [9044d0dff708] + + * src/sudo_intercept.c: + Fix typo in macOS execv change. + [1c637d909382] + +2021-08-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c: + Add execv(3) support to sudo_intercept.so. This allows intercept to + work with csh which uses execv(3) not execve(2). + [690ebf72b6f8] + +2021-08-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Sync the list of functions trapped by sudo_noexec.so. + [b1f7799209ff] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Add a Debug example for sudo_intercept.so Don't try to enumerate all + the sudo programs that support debugging since all of them do. + [9c1201eaaca2] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Update sudoers Debug example to match the debug changes from sudo + 1.8.12. + [7c831aa9b6d5] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + sudo_intercept.so only intercepts execve(2) for now. + [7314abc72fb9] + + * plugins/sudoers/parse.c: + Fix formatting for bound defaults with multiple entries in the + binding. The entries in the binding were separated with " ," instead + of ", ". + [14442701f793] + + * MANIFEST, src/Makefile.in, src/intercept.exp: + Add exports file for sudo_intercept.so that only exports execve() + [ac97417435ab] + + * src/Makefile.in, src/sudo_intercept.c, src/sudo_intercept_common.c: + Add some debugging to the sudo_intercept.so. + [2dee003b5cc7] + + * config.h.in, configure, configure.ac: + Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). This + will define _LARGEFILE_SOURCE, if needed, to make the prototype + visible on older systems. + [3f4314f6a795] + +2021-08-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + We still need the pread/pwrite hack for HP-UX 11.11 at least. This + time around, avoid defining _LARGEFILE64_SOURCE and just declare + pread64/pwrite64 ourselves. + [66e01b14a10f] + + * include/sudo_compat.h: + Fix prototypes for sudo_pread() and sudo_pwrite(). + [15acfc576a71] + + * src/exec_intercept.c: + intercept_fd_cb: store the passed fd in newfd, not fd only affects + the old BSD-style fd passing code, not POSIX-style. + [4b13aa4593ba] + + * lib/util/Makefile.in: + Fix mksiglist and mksigname dependencies. + [31519cc5ec2b] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + set-user-ID and set-group-ID not set user-ID and set group-ID. + [0ddf5fedc896] + + * NEWS: + The fix for bug #989 will make sudo 1.9.8. Also mention + intercept_authenticate and intercept_allow_setid. + [fa8b7444486b] + + * plugins/sudoers/po/sudoers.pot: + regen + [c8993c070218] + + * .gitignore, .hgignore, MANIFEST, aclocal.m4, configure, + configure.ac, lib/util/Makefile.in, lib/util/mksiglist.c, + lib/util/mksiglist.h, lib/util/mksigname.c, lib/util/mksigname.h, + lib/util/sys_siglist.h, lib/util/sys_signame.h, + m4/ax_prog_cc_for_build.m4: + Cross-build support for mksigname and mksiglist We must build these + with the host C compiler but use the target preprocessor to generate + the output. + [bf2919b63fb9] + +2021-08-19 a1346054 <36859588+a1346054@users.noreply.github.com> + + * .clang-format, INSTALL, MANIFEST, autogen.sh, doc/LICENSE, + etc/sudo.pp, examples/Makefile.in: + Minor cleanup (#110) + + * fix trivial shell script issues + * remove trailing whitespace + [f9d4de3dee50] + +2021-08-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_conf.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/exptilde.c, + plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/mkdefaults, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsdump.c: + Replace messages like "unknown foo: %s" with "unknown foo %s". The + colon really doesn't belong there; we generally use a colon to + separate a message from the warning detail. + [a1b99c8821ae] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + log_server_peer_cert and log_server_peer_key are not required by + default. They are only required if sudo_logsrvd has tls_checkpeer + enabled. + [0d9099ce5d74] + + * logsrvd/logsrvd_conf.c: + Sync warning messages with sudoers/logging.c Avoids 3 translation + strings that were effectively duplicated. + [eb058a820998] + +2021-08-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/protobuf-c/Makefile.in, src/Makefile.in: + regen + [ab9d4b22d7cb] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/match_command.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Add intercept_allow_setid sudoers option, disabled by default. With + this change, a shell in intercept mode cannot run a setuid or setgid + binary by default. On most systems, the dynamic loader will ignore + LD_PRELOAD for setuid/setgid binaries such as sudo which would + effectively disable intercept mode. + [cdb876f62882] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/match.c: + Always allocate a struct sudo_command for the command, even for ALL. + Previously we special-cased handling of ALL but this complicates + some upcoming changes. + [d552109d739c] + +2021-08-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/codespell.exclude: + Update TAGS_CHANGED macro based on parse.h + [261e4bad3f55] + + * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Better document the limitations of intercept mode. Also mention + log_children under "Preventing shell escapes" + [0dfca8d0672d] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.8. + [ed2582c37765] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to clarify log_server_peer_key and log_server_peer_cert. These + are client-side not server-side. + [ffa4ee3e2557] + + * logsrvd/logsrvd_conf.c: + Print the section when warning about an illegal key in the conf + file. This should make it easier to tell when a setting is present + in the wrong section. + [8150a7775155] + +2021-08-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + new_logline: limit offset to two significant digits after the + decimal Now instead of TSID=0001L3@5.168230749 we would log + TSID=0001L3@5.16. + [089f7a1285cb] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_journal.c: + Set umask to be less restrictive before creating parent directories. + Otherwise we could end up creating them with a more restrictive mode + than indended. Coverity CID 221592 + [1bbb3621106a] + + * lib/eventlog/eventlog.c: + new_logline: handle case where evlog is NULL + [e14ded2179e8] + + * logsrvd/logsrvd_local.c: + store_alert_local: fix memory leak on error path Coverity CID 238642 + [2a3c7fb50c38] + + * plugins/sudoers/audit.c: + log_server_accept: fix memory leak of evlog when logging a sub- + command. Coverity CID 238643 + [36a7325b3dc2] + + * src/exec_intercept.c: + Fix memory leak when client requests secret. Move closure allocation + closer to where it is used. + [773ffe0cb216] + + * logsrvd/logsrvd_local.c: + store_accept_local: fix return value on error + [de0d06a1ade2] + +2021-08-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + Cast iolog_offset.tv_sec to long long for %lld printf format. Quiets + a compiler warning on systems where tv_sec in struct timeval is not + long long. + [54d757357a00] + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + lib/iolog/iolog_timing.c, plugins/sudoers/sudoreplay.c: + Add support for an optional offset when parsing the ID to replay. + The offset is a suffix in the form of @sec[.nanosec] + [f8cda41ea0ae] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_local.c, plugins/sudoers/logging.c: + For intercepted commands, log an offset into the current I/O log. + This can be used with sudoreplay to jump to when a specific command + was executed within a session log. + [fd9431d7c878] + + * logsrvd/logsrvd_local.c: + Don't overwrite closure->evlog for sub-commands. + [925c97582b1d] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Older Solaris has getusershell() et al but does not declare it. + [df4cd6a5e07f] + + * src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo_intercept_common.c: + Add missing stdint.h and sudo_rand.h includes. Needed for + arc4random() and uin64_t. + [47fd965524fe] + + * include/intercept.pb-c.h, src/exec_intercept.c, src/exec_nopty.c, + src/exec_pty.c, src/intercept.pb-c.c, src/intercept.proto, + src/sudo_exec.h, src/sudo_intercept_common.c: + Pass a secret value to sudo_intercept.so and verify after policy + check. The goal is to make it harder for someone to have a fake + policy checker. This will not stop a determined adversary since the + secret is present in the address space of the running process. + [7938c63384df] + +2021-08-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_intercept.c: + Split off intercept code into exec_intercept.c. + [2c05715c4885] + + * scripts/mkpkg: + Add trivial support for FreeBSD packages. The actual FreeBSD port + supports multiple options but this is sufficient for testing + purposes. + [6bb8a1cdf26c] + + * scripts/pp: + FreeBSD: Set default directory and file mode if not specified in + %files Otherwise, a mode of 0 will be used, potentially rendering + the system unusable. + [a3be86a5f85f] + + * plugins/sudoers/logging.c: + Use same check for intercepted commands as log_server_accept(). + Previously, log_server_reject() and log_server_alert() just checked + whether client_closure has been set. + [41177f7c32f4] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c: + Call shutdown() on sockets before closing() if they are connected. + This should ensure that the other side sees any queued data before + the connection is dropped. + [beaafc6c17cf] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, + plugins/sudoers/log_client.c: + If SSL_shutdown() returns 0 it needs to be called one more time. + [52bb0acfb659] + + * plugins/sudoers/editor.c: + resolve_editor: sudoers_gc_remove(editor) before freeing it. + [534cc939264f] + +2021-08-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/mksigname.h, lib/util/siglist.in: + Sync siglist.in with the generated files. The change to prefer + SIGSYS over SIGUNUSED wasn't made to siglist.in. Also, mksigname.c + doesn't need to explicitly set sudo_sys_signame[0]. + [c331b05f8fc5] + + * plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/gc.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add garbage collection to resolve_editor(). Fixes a leak when + evaluating the policy multiple times if sudoedit is set. + [ab011d864e87] + +2021-08-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_common.c: + Fix compilation when configure option --disable-shared is specified. + [98687e01c8e4] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add intercept_authenticate sudoers option, defaults to false. By + default, sudoers will not require authentication of commands run via + an intercepted session. To require authenticaton of subsequent + commands, enable intercept_authenticate in sudoers. + [b428c75da1ad] + + * config.h.in, configure, configure.ac, src/exec.c, + src/sudo_intercept_common.c: + If msg_control is not present in struct msghdr use msg_accrights + instead. Fixes building on Solaris and probably others. It is + possible to expose msg_control on Solaris but this requires a + specific set of feature flag defines which can cause other + complications. + [6ee77b869a8c] + + * configure, configure.ac, src/exec_preload.c: + Require that our dso be first in the list to make sure it takes + effect. Otherwise, another dso could take precedence and ours would + not be run. + [58ba4086357c] + + * configure, configure.ac, pathnames.h.in, src/Makefile.in, + src/exec_preload.c: + If building with address sanitizer make sure its DSO is first. + Address sanitizer requires that it be preloaded before any other DSO + in LD_PRELOAD. This should not be required for clang, which links in + asan statically by default. + [a812062f42a8] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Plug some memory leaks when sudoers_policy_main is called multiple + times. These would get cleaned up a policy close time but we don't + want to bloat sudo's memory footprint when running a shell with + multiple commands. + [7fee001ffeae] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h, + plugins/sudoers/logging.c: + Fix logging intercepted commands to a log server in sudoers. Only + available when the server supports the subcommands capability. + [5975770561de] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Use a separate uuid for intercepted commands. We use the uuid to + match the command with its exit status. + [467f0db6e2c6] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Avoid some double frees in the fuzzer Now that sudoers free old + values of NewArgv and command_info the fuzzer needs to reset those + values. Otherwise we end up with stashed values that have already + been garbage collected. + [2a1b5808d272] + + * NEWS, configure, configure.ac: + Sudo 1.9.8 + [bc96c8f95abf] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Add "intercept" Defaults setting to allow interception of sub- + commands. This causes "intercept" to be set to true in + command_info[] which the sudo front-end will use to determine + whether or not to intercept attempts to run further commands, such + as from a shell. Also add "log_children" which will use the same + mechanism but only log (audit) further commands. + [f42e11c0fde9] + + * INSTALL, configure, configure.ac, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, examples/sudo.conf.in, include/sudo_conf.h, + lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in, + src/Makefile.in, src/exec.c, src/exec_common.c, src/selinux.c, + src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: + Add support for loading the sudo_intercept.so DSO. + [47d84cc8a8ed] + + * include/sudo_compat.h, src/exec.c, src/exec_common.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/selinux.c, + src/sesh.c, src/sudo_exec.h: + Allocate a socketpair to communicate with sudo_intercept.so over. + This is used for the intercept and log_children options. + [b40091760952] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make it possible to call the sudoers policy check function multiple + times. We need to reset the Defaults values to their original state. + [3187e87d7fb6] + + * plugins/sudoers/set_perms.c: + Allow set_perms(PERM_INITIAL) to be called more than once. If the + perm stack depth is non-zero when set_perms(PERM_INITIAL) is called, + rewind it first and re-initialize the stack depth to 0. Fixes a + user-after-free bug if set_perms(PERM_INITIAL) is called multiple + times. + [fdf9a2e07eb1] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Use run_argv and run_envp passed into the audit plugin for event + logging. Previously we used NewArgv[] and env_get() but now that + logging is performed via an audit plugin we should use the values + passed in. + [d8e031fc2389] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c: + Allow multiple accept/reject messages during a logsrv conversation. + The log server now advertises a subcommands flag if it supports + logging subcommands (e.g. commands run from a sudo-spawned program + like a shell). The client should only log additional commands during + a session if this flag is set in the ServerHello message. + [5b88982604e8] + + * MANIFEST, Makefile.in, configure, configure.ac, + lib/logsrv/Makefile.in, lib/logsrv/protobuf-c.c, + lib/protobuf-c/Makefile.in, lib/protobuf-c/protobuf-c.c: + Add separate convenience lib for protobuf-c We need to use it for + sudo <-> sudo_intercept.so communication. + [9529d7f9db18] + + * MANIFEST, include/intercept.pb-c.h, src/Makefile.in, + src/intercept.pb-c.c, src/intercept.proto: + Define protocol for sudo <-> sudo_intercept.so communication. Uses + google protocol buffers. + [139ba292e226] + + * src/exec.c, src/sudo.c, src/sudo.h: + Implement the sudo side of the sudo_intercept.so communication. + [4a7face9ed17] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c: + Implement sudo_intercept.so. Uses protobuf to talk to main sudo + process over a socketpair. + [fc21ae0f663e] + + * src/sudo.c, src/sudo.h: + Add return values for most of the plugin function wrappers that + returned void. Previously, they would just exit if there was an + error. Now the error is passed back up the stack so we can use them + in sudo_intercept.so. + [87cb4b0e7dff] + + * src/sudo.c: + Reduce the number of function args passed to plugin wrappers. This + makes sudo_settings, user_info, submit_argv, submit_envp and + submit_optind global. This will be required for calling the wrapper + from outside of sudo.c where we may not have access to those + variables. + [525bffcf911c] + + * src/exec.c, src/sudo.c, src/sudo.h: + Call the approval plugin after the policy plugin accepts a command. + Previously, for intercepted commands we only called the policy + plugin. + [4df18aaa8708] + + * src/exec.c: + Take control of the tty and save its settings before doing a policy + check. Otherwise the policy plugin won't be able to read the + password. + [6a422974d472] + + * MANIFEST, src/Makefile.in, src/exec_common.c, src/exec_preload.c, + src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c: + Move preload_dso() to its own file and rename to sudo_preload_dso(). + It now takes an intercept fd as an optional argument instead of a + list of extra variables to add. This lets us check whether it is + already set to the expected value (and add it if not). + sudo_intercept.so now uses sudo_preload_dso() to make sure that + LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing. + [447e96378d01] + + * src/exec_preload.c, src/sudo_intercept_common.c: + Add debug support to sudo_intercept.so + [586ea125cebb] + + * src/exec.c, src/exec_nopty.c, src/exec_pty.c: + Make the log_children option only log and not check policy. + [0524c7e87174] + + * plugins/sudoers/prompt.c: + expand_prompt: use correct strlcpy() size parameter The available + size passed to strlcpy() was computed incorrectly. Switch to + updating the length after writing to the new prompt instead of + computing it each time. The actual buffer size is computed and + allocated correctly so there is no real consequence to this bug. + Found by Qualys. + [c03f1c2f8f35] + +2021-08-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf: + The tls_verify setting only affects server behavior, not the client. + Originally, there was a flag in the ServerHello message to indicate + that the client should verify the server cert, but this was removed + TLS was moved to a separate port. Client validation of the server + certificate is now configured in the sudoers file instead. + [344b51f3eee3] + +2021-08-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + On macOS, don't disable tty tickets and set password timeout to 0. + This more closely matches the options used by the macOS version of + sudo. + [bd21c492921c] + + * plugins/sudoers/find_path.c: + Add some debugging info to find_path() + [dd7aebb432d6] + +2021-07-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_mkdtemp.c: + iolog_mkdtemp: umask must not be more restrictive than the file + modes. We need this even though we will be calling mkdtemp() since + the umask affects the mode of any parent directories. + [c545b3369eae] + +2021-07-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/visudo.c: + Plug memory leak in error path when sudoers cannot be opened. + [3df6b32149b8] + + * plugins/sudoers/defaults.c: + Trying to use "+=" or "-=" operators on a non-list is an error. + Previously, they were simply treated as "=" for non-lists. + [3e0d47d0b4ea] + + * src/regress/net_ifs/check_net_ifs.c: + Plug a memory leak in check_net_ifs found by address sanitizer. + [bff1ad993476] + + * configure, configure.ac: + Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS. + Otherwise libtool may ignore the options when linking. + [ed1120f3813d] + +2021-07-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/tls_init.c: + Display the correct error message if X509_verify_cert() fails. We + must use X509_STORE_CTX_get_error() and + X509_verify_cert_error_string() instead of the generic OpenSSL error + functions. + [778bbbe68e28] + + * lib/eventlog/eventlog.c: + In new_logline check for NULL args->reason for EVLOG_RAW. This can't + happen in practice since we never set EVLOG_RAW without passing in a + reason. Coverity CID 237142 237143 + [83f9038151db] + + * lib/eventlog/eventlog.c: + format_json: don't dereference evlog if it is NULL. Also silence a + PVS Studio false positive. + [150039f65d26] + +2021-07-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_7p2 for changeset 590e06825ec4 + [cf3865846c94] <1.9> + + * configure, configure.ac: + Bump version to 1.9.7p2 + [590e06825ec4] [SUDO_1_9_7p2] <1.9> + + * configure, configure.ac: + Bump version to 1.9.7p2 + [388bf6af8434] + + * NEWS: + Sudo 1.9.7p2 + [c3bd2eb0d779] <1.9> + + * NEWS: + Sudo 1.9.7p2 + [153a6c96a8ec] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_client.c, logsrvd/tls_init.c, + plugins/sudoers/log_client.c: + Use TLS_method() instead of TLS_client_method() throughout. OpenSSL + returns an error for SSL_accept() if TLS_client_method() was used to + generate the context (LibreSSL doesn't care). + + Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method() + were used in the TLS client and server initialization code + respectively. This was refactored in sudo 1.9.7 to allow the code to + be shared. Bug #988 + [f2bf4aca30d4] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_client.c, logsrvd/tls_init.c, + plugins/sudoers/log_client.c: + Use TLS_method() instead of TLS_client_method() throughout. OpenSSL + returns an error for SSL_accept() if TLS_client_method() was used to + generate the context (LibreSSL doesn't care). + + Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method() + were used in the TLS client and server initialization code + respectively. This was refactored in sudo 1.9.7 to allow the code to + be shared. Bug #988 + [1ca00726b4d6] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Only replace getaddrinfo for + FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue + on SCO which uses inline functions in the header files which call + the actual, versioned, library function. + [f010d83f0168] <1.9> + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Only replace getaddrinfo for + FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue + on SCO which uses inline functions in the header files which call + the actual, versioned, library function. + [64cbf884b7f9] + +2021-07-26 MertsA <andrewmerts@gmail.com> + + * src/utmp.c: + Rewind utmp file pointer after searching for entry (#108) + + getutline() advances the file pointer until it matches or reaches + EOF. pututline() starts from the current position in utmp. This + rewinds the file pointer to the beginning to avoid allocating + additional spurious utmp entries. + [af1463026fd1] <1.9> + + * src/utmp.c: + Rewind utmp file pointer after searching for entry (#108) + + getutline() advances the file pointer until it matches or reaches + EOF. pututline() starts from the current position in utmp. This + rewinds the file pointer to the beginning to avoid allocating + additional spurious utmp entries. + [142555f7a47e] + +2021-07-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, m4/sudo.m4: + Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where + possible. + [7b0fb8de8276] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for va_copy instead of using #ifdef This + prevents the va_copy compat #define from being used if sudo_compat.h + is somehow included before stdarg.h. + [6d283753e47b] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for va_copy instead of using #ifdef This + prevents the va_copy compat #define from being used if sudo_compat.h + is somehow included before stdarg.h. + [fcfd53b859ac] + +2021-07-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/limits.c: + Avoid using RLIM_INFINITY for the nofile soft limit to prevent + closefrom_fallback() from closing too many file descriptors. + [edbcd5c82d4d] <1.9> + + * src/limits.c: + Avoid using RLIM_INFINITY for the nofile soft limit to prevent + closefrom_fallback() from closing too many file descriptors. + [e807ca9bfb6a] + + * plugins/sudoers/logging.c: + Include signal.h for SIG2STR_MAX and sig2str(). + [ad17a1be07e2] + +2021-07-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/iolog_writer.c, plugins/sudoers/logging.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Create a UUID and log it in the JSON version of the event log. + [8a1ad98fac51] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_local.c, plugins/sudoers/logging.c: + Remove unused info_cb and info arguments from eventlog_exit() + [c614ef1afa12] + +2021-07-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c: + Add support for logging exit status events. For sudo-formatted logs, + this is a record with "EXIT=number" and potentially "SIGNAL=name" + after the command. For JSON-format logs, a new "exit" record is + logged which contains an "exit_value" and potentially "signal" and + "core_dumped". JSON-format logs now incude a UUID to associate the + "exit" record with the "accept" record. + [52e40ae4b79a] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add log_exit_status sudoers option to log when a command exits. This + option defaults to off. + [cac3ca7ad193] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c: + Add log_exit setting in the sudo_logsrvd.conf eventlog stanza This + causes sudo_logsrvd to log a record with the exit status or + terminating signal in response to an ExitMessage. + [1a15f676974a] + +2021-07-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/python_plugin_common.c: + Check that the python module we actually loaded is what we intended. + This is intended to provide a more useful error message if the user + defines a module which conflicts with a system python module. For + example, a module called test.py would conflicts with the system + python test module. + [345523b6e87d] <1.9> + + * plugins/python/python_plugin_common.c: + Check that the python module we actually loaded is what we intended. + This is intended to provide a more useful error message if the user + defines a module which conflicts with a system python module. For + example, a module called test.py would conflicts with the system + python test module. + [0676191e4741] + +2021-07-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/CONTRIBUTORS: + Mention that xkcd inspired the sandwich logo. + [c7839328e21f] + + * doc/HISTORY: + Mention log server and fuzzers under Quest contributions. + [f4a081f75cd0] + +2021-06-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sesh.c, src/sudo.c, src/sudo_edit.c: + Don't assume that the number of groups returned by getgroups() is + static. On systems where getgroups() returns results based on more + than just the per-process group vector in the kernel it is possible + for the number of groups to change in between invocations. Based on + GitHub PR #106 from Pierre-Olivier Martel. + [832fa2480024] <1.9> + + * src/sesh.c, src/sudo.c, src/sudo_edit.c: + Don't assume that the number of groups returned by getgroups() is + static. On systems where getgroups() returns results based on more + than just the per-process group vector in the kernel it is possible + for the number of groups to change in between invocations. Based on + GitHub PR #106 from Pierre-Olivier Martel. + [dbc7a173a7b8] + + * doc/Makefile.in: + Use "mandoc -Tlint -Wwarning" instead of -Wstyle. The style checks + now include "referenced manual not found" warnings which is not + helpful. + [251757f22498] + +2021-06-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/Makefile.in, src/Makefile.in: + regen + [c6a21b385d57] + +2021-06-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/fuzzstub/fuzzstub.c: + Change ms from size_t to long. Avoids a spurious test failure on + Solaris 9 + [5e204b959000] <1.9> + + * lib/fuzzstub/fuzzstub.c: + Change ms from size_t to long. Avoids a spurious test failure on + Solaris 9 + [c26f8d233ea9] + + * plugins/sudoers/interfaces.c, src/net_ifs.c: + Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes + compilation on Solaris 9. + [d05bca21f145] <1.9> + + * plugins/sudoers/interfaces.c, src/net_ifs.c: + Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes + compilation on Solaris 9. + [9da2276cf944] + +2021-06-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Fix dead store found by clang analyzer. + [5c85aeef651e] + + * logsrvd/logsrvd_conf.c: + Fix prefix skipping when the prefix is embedded and not separate. + This doesn't currently matter since the progname and the ": " are + stored in separate messages. Found by clang analyzer. + [321e90e1b347] + + * logsrvd/logsrvd_relay.c: + Remove dead store found by clang analyzer. + [5fd56f26e1ba] + +2021-06-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/audit_json/audit_json.c: + Make sure we store an octal number (like umask) as a string. JSON + doesn't (portably) support octal numbers with a leading zero. + [a0c8392f2f7a] <1.9> + + * plugins/audit_json/audit_json.c: + Make sure we store an octal number (like umask) as a string. JSON + doesn't (portably) support octal numbers with a leading zero. + [3ac37bb42f1e] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Replace logsrvd_is_early() with logsrvd_warn_stderr(). This is now + defined in logsrvd_conf.c which removes a dependency on another + compilation unit for the fuzzer. + [3594cf3ec397] + +2021-06-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_local.c: + Silence a compiler warning on Solaris. + [fd9ba461b601] + + * logsrvd/logsrvd.c: + Reduce scope of errstr variable so it is only declared for OpenSSL. + [eebe09a17f4b] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [05b8391c6d13] + + * logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_init.c: + Use sudo_warnx?() instead of sudo_debug_printf for errors. We now + hook the warn functions so the messages are logged. The messages + still show up in the debug log too. + [9e25dc71b4cc] + +2021-06-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/vsyslog.c, + scripts/mkdep.pl: + Remove vsyslog(3) emulation, it is no longer used. + [7d1b78c2037a] + +2021-06-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_conf.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + If logsrvd_config not set fall back to using stderr for warnings. + Also fix fuzz_logsrvd_conf link error. + [eeaafe1b3e09] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Add support for logging server warning/error messages. We can use + sudo_warn_set_conversation() to set a conversation function that + either writes to a log file or calls syslog(). + [5d8e13f053d0] + +2021-06-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_7p1 for changeset d936a99e842d + [9bc246c519f3] <1.9> + + * Merge sudo 1.9.7p1 from tip + [d936a99e842d] [SUDO_1_9_7p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.7p1 + [29f478993ef3] + +2021-06-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/audit_json/audit_json.c: + Check arrays that are passed in for NULL before using them. + [925ba5b0f2cb] + + * configure, configure.ac: + Disable nss_search()-based group lookups on HP-UX for now. There is + a crash when "group: compat" is used in /etc/nsswitch.conf that I + haven't been able to debug. Since HP-UX doesn't ship the appropriate + headers it is likely that there is a mismatch between + include/compat/nss_dbdefs.h and what HP actually uses. + [28b00005c785] + +2021-06-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Remove logsrvd closure ERROR state and use a boolean flag instead. + Fixes a bug where we would not insert a journal file that failed to + relay into the queue because its state was changed from CONNECTING + to ERROR after failing to connect. + [638285a4bedb] + + * include/compat/nss_dbdefs.h, lib/util/getgrouplist.c: + Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. Add + some function argument names. Also use struct nss_db_state * instead + of void * in nss_db_root_t. We don't define struct nss_db_state but + since it is a pointer all we need is a forward declaration. + [bc848fb97671] + +2021-06-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/fuzzstub/fuzzstub.c, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in: + Make sure we link with libsudo_util *after* libfuzzstub. This only + affects builds with a static libsudo_util. Also fix a warning on HP- + UX about main not being public. + [18ff1f108c4e] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/getgrouplist/getgids.c: + Add getgids utility to simular "id -G" using sudo_getgrouplist2() + [aed11065818d] + + * lib/util/getgrouplist.c: + Make sure we don't read or write past the end of the group buffer. + We need to leave room for the terminating NULL in gr_mem. It is + possible for gbm->numgids > gbm->maxgids if we ran out of room. + [25a3ee849fd4] + +2021-06-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/getgrouplist.c: + Add some debugging to sudo_getgrouplist2(). + [4d79e92c8ee8] + +2021-06-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/load_plugins.c: + Fix some debug_decl typos and remove an unneeded cast. + [fafa91ac3def] + + * plugins/sudoers/defaults.h: + T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. + [66019af6d642] + +2021-05-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/load_plugins.c: + sudo_stat_plugin(): set errno but do not warn if plugin path too + long. The caller will display the warning (using errno) so there is + no need to do it twice. + [c8614b374a35] + +2021-05-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + sudoreplay does not parse sudoers to find the value of iolog_dir. + The default value for the I/O log directory is set at build time. + [3cf72612e992] + + * plugins/sudoers/policy.c: + Fix group list ref leak in sudoers_policy_store_result() on error + path. + [34785448a275] + +2021-05-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Update comment to match reality. + [ec3e0a40d1ec] + +2021-05-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, scripts/ltmain.sh, src/Makefile.in: + Build sudo_noexec.so as a module on systems other then Darwin. On + Darwin, shared modules and shared libraries are not interchangable + and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it + must be a library, not a module. We must relax the requirement that + libraries begin with a "lib" prefix to work around this difference. + This does mean you must use sudo's libtool on Darwin (macOS) but + that is already a requirement on other systems (notably HP-UX and + SCO) due to a number of libtool patches we require that haven't be + accepted upstream. This is a different fix for PR #102. + [2e5454c56d3c] + + * configure, configure.ac: + Use -Wno-deprecated-declarations on macOS This quiets warnings about + LDAP and audit libraries being deprecated. We will use them until + they are removed in a future version of macOS. + [6fbdf644865c] + +2021-05-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Use /usr/bin/cc on FreeBSD and macOS. + [7d6bcea0e544] + + * plugins/sudoers/log_client.c: + Don't include errno in "unable to connect to log server" message. + There should be a more specific message, usually with an error + string, displayed earlier. + [e599f9b0fd1c] + + * src/ttyname.c: + Fix compiler warning on FreeBSD. + [2c6fc866fb5b] + + * lib/iolog/hostcheck.c: + Explicitly include netinet/in.h for struct sockaddr_in and + sockaddr+_in6. Fixes a compilation problem on FreeBSD. + [2277c8f37c34] + +2021-05-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_7 for changeset f0ce54d4288c + [58968ec7a457] <1.9> + + * Merge sudo 1.9.7 from tip + [f0ce54d4288c] [SUDO_1_9_7] <1.9> + +2021-05-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po: + Updated translations from translationproject.org + [3d6d49097b98] + + * plugins/sudoers/log_client.c: + Better warning when close function is passed a non-terminal signal. + [8b8628249e4d] + + * logsrvd/logsrvd_local.c: + Remove line causing store_suspend_local() to return false on + success. This is something that should have been removed as part of + the local I/O logging refactor. + [e8ae1e61b8b2] + + * src/exec_pty.c: + Don't set the command status in the closure when the command is + suspended. This should only be set for signals that terminate the + process. Fixes a bug where the sudo front-end could call the plugin + close function with a non-terminal signal argument. + [a95024bfb6e8] + +2021-05-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c: + Quiet -Wshadow warnings from gcc. + [7ff2985ba650] + + * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The -g option may also be used with any group the target user + belongs to. The description in the Runas_Spec section incorrectly + stated that the -g option could not be used if no runas group was + set. Bug #975. + [67d1948d1aa8] + + * configure, configure.ac: + Remove redundant "configuring Sudo version X.YY" line. We now + display this along with the summary info at the end. + [0d7c908f8d4c] + + * configure, configure.ac: + Don't check for -Wl,-z,relro twice. + [a30dce71fb26] + +2021-05-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Updated translations from translationproject.org + [9303a20fe480] + + * scripts/mkpkg: + Build python plugin for RHEL 6 as well. + [edaa6ec0e255] + + * configure, configure.ac: + Remove shell-style quotes in configure warning/error/notice + messages. Square bracket quotes are used, no need for shell-style + double quotes. + [e6de284df511] + + * NEWS, configure, configure.ac: + Summarize configure settings after all tests have run. This makes it + a lot easier to see what features have been enabled. + [12ea96affed5] + +2021-05-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, configure, configure.ac: + Remove --with-efence option, there are better options available. + [78fd5ceb2c52] + + * NEWS: + Move misplaced changes into the 1.9.7 section where they belong. + [1519f7a4669b] + + * lib/util/regress/sudo_conf/conf_test.c: + Awful hack to pass on macOS where group_source=dynamic by default. + [b038bfab8c34] + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/ca.mo, + po/ca.po, po/it.mo, po/it.po, po/sr.mo, po/sr.po: + Updated translations from translationproject.org + [7b156da85d13] + + * NEWS: + Document late stage 1.9.7 changes. + [28756df7dcb4] + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + logsrvd/sendlog.c, logsrvd/sendlog.h: + sudo_sendlog: rename -m (max-time) to -s (stop-after). + [4f016111b242] + + * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c: + Update closure->elapsed_time in journal_seek(). Otherwise the commit + point messages won't be accurate when restarting. + [6cd4db44b8ee] + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Add "-m elapsed" option to specify the max elapsed time of records + to send. Useful for testing the ability of the server to handle + restarted log transfers. + [cd9c9235e320] + +2021-05-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c: + Disable reading from client or relay when sending error to client. + We treat an error from the relay as fatal and must stop processing + data from both client and relay to make sure we don't get out of + sync. + [258f9691b3d9] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c: + Fix I/O log restart of locally-store logs. This got broken a while + ago when evlog in struct connection_closure was changed to a + pointer. + [8b59122891f9] + + * scripts/pp: + Fix detection of the volatile flag when other flags are present. + Otherwise flags fields like "volatile,ignore-other" will be ignored + by the Debian and BSD back ends. + [0d120b9eab71] + + * src/limits.c: + Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) fails. + GitHub issue #101 + [7d266c174457] + + * logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c, + logsrvd/tls_common.h, plugins/sudoers/log_client.c: + Don't hard-code the TLS connect timeout, use normal connect timeout. + For sudo_logsrvd, this is the relay connect_timeout setting. For + sudoers, this is the log_server_timeout setting. + [49e29f187f5a] + +2021-05-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_queue.c: + Add missing closedir(3) in logsrvd_queue_scan(). Coverity CID 221591 + [e9745c64a721] + + * NEWS: + Mention "log_server_verify" bug fix. + [a70060c34e7a] + + * configure, configure.ac, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf, + m4/sudo.m4, pathnames.h.in: + Rename logsrvd log dir to /var/log/sudo_logsrvd. + [fb979be9927e] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_queue.c: + Make the failed relay retry interval configurable. This is the + amount of time to wait before trying to resend a journal to the + relay server after a connection error. + [cbc04201a63e] + +2021-05-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_journal.c, logsrvd/logsrvd_queue.c, + logsrvd/logsrvd_relay.c: + Send outgoing messages to the relay server on startup. Also attempt + to retry messages that could not be relayed periodically. + [7ed12983af85] + + * lib/util/fatal.c: + Avoid clobbering errno in warning(). + [3282a7db7f51] + + * logsrvd/logsrvd_relay.c: + Set relay name string to NULL after dropping the reference. + Otherwise it is possible to decrement the reference more than once. + [245d4e60ea21] + +2021-04-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog.c: + Fix cut & pasto that prevented the verify_server option from being + set. The "log_server_verify" setting passed from the policy plugin + was applied to the "keepalive" option instead of "verify_server". + From Krisztian Kovacs. + [06f716981ad0] + +2021-04-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + logsrvd/logsrvd.c: + Write client and server information to debug file on SIGUSR1 This + can be used to debug client problems such as a connection not being + closed as expected. + [e6e3a4ba02f4] + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in: + Document journal file directories in store_first mode. + [a08de0c20127] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c: + Create journal files in an incoming directory, move to outgoing when + complete. This will make it possible to process completed journal + files periodically if the relay server is down. + [5ced00c6eb7e] + + * logsrvd/logsrvd_relay.c: + Add missing connection_close() call for relay-only connections. For + an immediate relay we will close the connection when the client + disconnects (or there is a timeout). However, for store-and-forward + mode the client has already disconnected at the time we are + relaying. + [e51e98489c6d] + +2021-04-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + regen + [4aa3f848b223] + + * logsrvd/logsrvd_conf.c: + Replace non-ascii characters in warning string. + [5e99ac170a15] + + * lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/tailq/hltq_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/editor/check_editor.c, + plugins/sudoers/regress/exptilde/check_exptilde.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/regress/unescape/check_unesc.c: + Quiet clang analyzer false positive in regress tests. + [190ad1f287d8] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_local.c: + Move local iolog log functions to logsrvd_local.c + [e16e2a1d8209] + + * logsrvd/logsrvd_relay.c: + Better client error reporting on relay server connection error. More + detailed error messages may be found in the debug log. + [d0807790327d] + + * logsrvd/logsrvd.c: + Update debug pid string when sudo_logsrvd becomes a daemon. + [33069e2da7d5] + +2021-04-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Must call SSL_shutdown() before closing the underlying socket. This + got broken by some code rearrangement when relay mode was added. + [a3a8c4d10565] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c: + Recover if the client or relay server closes the TLS connection + uncleanly. The other end of the connection should perform a proper + TLS shutdown but as long as we are in the correct state there is no + need to treat this as a user-visible error. + [90887bc2235f] + + * NEWS, aclocal.m4, configure, configure.ac: + Sudo 1.9.7 + [c1ea457eca11] + + * MANIFEST, plugins/python/Makefile.in, plugins/python/lsan_suppr.txt: + Add a suppression file for the libpython leaks. This is a big hammer + but it seems like the best we can do for now. Allows "make check" to + succeed when address sanitizer is used. + [4500cd1e835e] + +2021-04-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c: + When spliting EDITOR check for escaped quote characters. Also add + check_editor to sudoers "make check". + [0d8001299358] + +2021-04-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/regress/editor/check_editor.c: + Treat a lone backslash at the end of a string as a literal + backslash. GitHub issue #99 + [40a53e523003] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in: + Fix typo. + [614379733a17] + +2021-04-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.c: + Avoid a potential NULL dereference when mutating args_str. Coverit + CID 221401 + [69f3c7f8e524] + + * logsrvd/logsrvd_journal.c: + Avoid calling fread() with a NUL buffer if msg_len is 0. Coverity + CID 221399 + [ed605b7a3186] + + * logsrvd/logsrvd.c: + Set a restrictive umask so new files are only read/write by owner. + Coverity CID 221402 + [595465e4baa2] + + * logsrvd/logsrvd.c: + In connection_closure_free() only close sock if it is not -1. When + relaying from a journal there will be no socket. Coverity CID 221403 + [fd4f27067c3f] + + * logsrvd/logsrvd.c: + Avoid potential NULL dereference in get_free_buf(). Coverity CID + 221400 + [6cb5491bf812] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c: + Remove some now-dead code in the error path. Coverity CID 221397 and + 221398 + [edc860f72f98] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_relay.c: + Use function pointers for each client message type instead of + conditionals. This separats out the message handler from the + functions that store or relay the message contents. + [f596480880fa] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Add enqueue_error_message() helper function. Formats and enqueues an + error message and enables the write event. + [122bd89fe5e3] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c, + logsrvd/logsrvd_relay.c: + Forward the journaled entry after it has been stored locally. + [a187d5a7ea28] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c: + Stash the value of the store_first config setting in + connection_closure. If the configuration changes it should not + affect a connection that is already in progress. + [6617c2b7ece5] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_journal.c, logsrvd/logsrvd_relay.c: + Journal messages to disk when store_first is set in the relay + section. Instead of forwarding messages immediately, they are + journaled locally in wire format. This will be used to implement + relay store-and-forward mode. + [aa0c537258e7] + + * INSTALL, configure, configure.ac, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.mdoc.in, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, m4/sudo.m4, + pathnames.h.in: + Add configuration for sudo_logsrvd store-and-forward mode. Adds + "relay_dir" and "store_first" settings to sudo_logsrvd.conf in the + [relay] section. Also adds a --with-relaydir configure argument to + change the default value (usually /var/log/logsrvd-relay. + [6f064ed6d20e] + + * src/signal.c: + Make sure SIGCHLD is not ignored when sudo is executed. If SIGCHLD + is ignored there is a race condition between when the process is + executed and when the SIGCHLD handler is installed. This fixes the + bug described by GitHub PR #98 + [b4c91a0f72e7] + +2021-04-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac: + Remove the HP-UX 11.0 pread64() hack, it causes problems on modern + HP-UX. + [fea8ebd0b88d] + + * src/limits.c: + Add minimum value to consider when overriding resource limits. + Currently only used for RLIMIT_DATA and RLIMIT_AS. + + This works around a problem on HP-UX where setting RLIMIT_DATA + changes the resource limits for both 32-bit and 64-bit processes. + HP-UX processes start out with RLIMIT_DATA set based on the values + of the maxdsiz and maxdsiz_64bit kernel tunables, depending on + whether they are 32-bit or 64-bit. By default this limit is 1GB for + 32-bit processes and 4GB for 64-bit. However, once RLIMIT_DATA is + changed, it does not appear to be possible to restore the old + values. This can result in a 64-bit process that is executed by a + 32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit + one. Bug #973 + [8778a27abfaf] + +2021-04-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd_relay.c: + Don't use msg_len as a length after converting it to network byte + order. + [3f2496be1130] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Use the packed message buffer when relaying if possible. There's no + need to rebuild the message buffer for anything but RestartMessage + and ClientHello. + [903fa50f48c9] + +2021-04-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Allocate the data buffer in get_free_buf() too. We always know the + size of the data buffer we need at allocation time. + [c02dc245aa40] + +2021-04-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c: + Relay ChangeWindowSize and CommandSuspend events too. + [cb20a1de47e3] + +2021-04-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.c, plugins/python/regress/testdata/check_ex + ample_debugging_c_calls@diag.log, plugins/python/regress/testdata/ch + eck_example_debugging_c_calls@info.log, plugins/python/regress/testd + ata/check_example_group_plugin_is_able_to_debug.log: + Regenerate test output with python 3.10a7 Also adjust debug tests so + they pass on older python versions + [03aeda971872] + + * configure, m4/python.m4: + determine Python (3.10) version number correctly. from upstream + automake + [1f4136509aca] + + * MANIFEST, aclocal.m4, m4/python.m4, m4/runlog.m4: + Move python.m4 and runlog.m4 to the m4 directory. Previously they + were inline in aclocal.m4. + [6ec4c92539a7] + +2021-04-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Add hiuxmpp where we have hpux for special cases. Also move the HP- + UX 11.00 pread(2) workaround into the section where pread(2) is + tested for, not before it. + [f6cc1820e0fb] + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp: + Only replace the last instance of "sudo" in example and doc dir. + Otherwise we end up with weird paths for a prefix like /opt/sudo. + [113bdf79f00f] + +2021-04-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.mdoc.in: + Fix lint warning. + [aa4a4f0b0da1] + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in: + Mention relay mode and update TLS example. + [a50a23542c05] + + * etc/sudo-logsrvd.pp, etc/sudo.pp: + If libssl_dep was not passed in, use ldd to determine its value. + Normally, mkpkg will figure this out, but if the user does "make + package" outside of the mkpkg script, libssl_dep will not be set. + [87329797daca] + +2021-04-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, configure, configure.ac, doc/UPGRADE: + Enable the use of OpenSSL if log client/server not disabled. This + adds a dependency on OpenSSL unless it is explicitly disabled + (--disable-openssl) or the sudo log client and server are disabled + (--disable-log-client and --disable-log-server). + [618f504240d2] + +2021-04-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/codespell.skip: + configure aux scripts moved to the scripts directory + [1cfcbfd128ed] + + * logsrvd/Makefile.in, logsrvd/logsrvd_conf.c: + Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing + it. Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd + itself). Also fix linking fuzz_logsrvd_conf with OpenSSL. + [ad78729467d4] + + * logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict: + Update sudo_logsrvd.conf fuzzer to match configuration changes. + [85ae32ce6f44] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf: + Document relay configuration changes. + [d66eb842a6ef] + +2021-04-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + Move relay configuration into its own section and add TLS options. + TLS options in the relay section will be used if specified, + otherwise the TLS options from the server section are used. + [0695e9b9b067] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + Add "server" and "relay" to getters/callbacks specific to server and + relay. + [618b4fa5325c] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + Remove struct logsrvd_tls_config. Now that the SSL context is + initialized in logsrvd_conf.c there's no need to export TLS + configuration other than tls_check_peer. + [4fb0fdc417e1] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/logsrvd_relay.c: + No longer need struct logsrvd_tls_runtime, use SSL_CTX instead. + [61e0bdf1499d] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + Move allocation of the TLS context to logsrvd_conf_apply(). This way + we get certificate errors at configuration time, not after. It also + means that a change to the config file that renders the TLS settings + invalid will no longer cause the server to exit. The new config will + just be ignored as if there was a syntax error. + [352ecb58618f] + + * logsrvd/tls_init.c: + Only initialize the SSL library once. + [e17215eec1d6] + +2021-04-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/timestamp.c: + Sanity check struct timespec in timestamp file. Coverity CID 220564 + [68dfceeb105e] + + * plugins/sudoers/timestamp.c: + Check lseek(fd, 0, SEEK_CUR) for -1 return value. Not actually + possible in practice. Coverity CID 220568. + [27105922d3be] + + * src/net_ifs.c: + Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops. + [373961966099] + +2021-04-07 Radovan Sroka <rsroka@redhat.com> + + * src/sudo_edit.c: + Fixed bad condition for sesh args + + In selinux_edit_copy_tfiles() when there is only one file and the + open() fails then number of arguments is lower than expected. Sudo + should return error with or without "Defaults !sudoedit_checkdir" + set. + + This was found with regression testing of CVE-2021-23240. + + Signed-off-by: Radovan Sroka <rsroka@redhat.com> + [947ce862c0bf] + +2021-04-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + Plug memory leak on overflow; Coverity CID 220556 + [86b71e5dec5c] + + * logsrvd/logsrvd.c: + In schedule_commit_point() do not free the closure on error. It is + the caller's responsibility to free resources on error. Coverity CID + 220557 + [e6629496ab03] + + * plugins/sudoers/pwutil.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Cast NULL terminator argument to char * when calling sudo_mkgrent(). + Avoids a portability issue on systems where NULL is not a pointer. + [cdb9cf0ad2ea] + + * logsrvd/tls_init.c: + Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13 + [a5d7da05cf09] + + * logsrvd/tls_client.c: + Include string.h for strerror(3) prototype. + [57f5cfe43a89] + + * logsrvd/logsrvd_relay.c: + Move connect_relay_tls() so we don't need a prototype for it. Fixes + a warning when sudo is not configured to use OpenSSL. + [0c73cfebf32b] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf: + Document relay and connect_timeout server settings. + [a101d54b451e] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrv_util.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_client.c, + logsrvd/tls_common.h: + Move common TLS client code to tls_client.c and use it in sendlog.c. + [5334b6c4bef8] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Rename listen_address -> server_address and add reference counting. + This will be used by the upcoming relay mode. + [f8ef9c83c3c8] + + * logsrvd/logsrvd.c: + Try to send an error message to client for some client_msg_cb() + failures. + [0805636e8114] + + * logsrvd/logsrvd.c: + Split most of server_commit_cb() out into schedule_commit_point(). + This allows it to be used by the relay code too. + [c985c2f9e5d5] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c: + Add a relay mode to sudo_logsrvd where it forwards instead of + stores. Relay hosts are be specified in the server section of + sudo_logsrvd.conf. + [071c231e76a9] + + * logsrvd/Makefile.in, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, + logsrvd/sendlog.c, logsrvd/tls_common.h: + Add support for relaying to another sudo_logsrvd via TLS. + [c47397ce4098] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/rcstr.c, lib/util/util.exp.in, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/check_aliases.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/rcstr.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c: + Move reference-counted string code from sudoers to libsudo_util. It + will be used by sudo_logsrvd too. + [d228aaf9b6fa] + + * logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c: + Add sa_host to struct server_address as a ref counted string. Also + convert sa_str to ref counted string. + [4e8abb84c11d] + + * logsrvd/logsrvd_conf.c: + Don't allow a wildcard address for the relay parameter. + [4a80d18d025b] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Add logsrvd_conf_cleanup() to free the conf data structures on exit. + There is no longer a need to do anything in shutdown_cb() other than + break out of the event loop. + [9e4d7456fb7a] + + * src/tgetpass.c: + Set user group list when executing the askpass helper. Under normal + circumstances the existing group list will match the list fetched by + sudo. However, if sudo is executed by a process that has changed the + group list via setgroups(2) and "group_source" in sudo.conf is set + to "dynamic" it is possible for them to be different. + + If group_source in sudo.conf is set to "dynamic" it is possible for + the group list + [2b1d4ffb9cf6] + + * logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Use a tailq of write buffers instead of a single one per connection. + This allows us to queue up multiple messages for writing like the + sudoers client supports. Currently, each connection has its own free + list. In the future we may want a single free list with low and high + water marks. + [b5df1b4d79c7] + + * configure.ac: + Increase autoconf minimum version to 2.70. Some of the macros + deprecated in 2.70 are required by older versions. For example, + AC_PROG_CC now does the work of AC_PROG_CC_STDC. Bug #972 + [223a584b6241] + + * MANIFEST, Makefile.in, config.guess, config.sub, configure, + configure.ac, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, install-sh, lib/util/Makefile.in, + lib/zlib/Makefile.in, logsrvd/Makefile.in, ltmain.sh, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/python/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, scripts/config.guess, + scripts/config.sub, scripts/install-sh, scripts/ltmain.sh, + src/Makefile.in: + Move autoconf auxiliary files to the scripts directory. + [5ea8182c11d9] + +2021-04-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: + Document SUCCESS=return support in sudoers nsswitch.conf entries. + Based on a patch from Dennis Filder. Bug #971. + [1d631d1b6244] + +2021-04-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/audit.c: + Move log_server_accept() out from under the #ifdef + SUDOERS_LOG_CLIENT Fixes a link error when sudo is configured with + --disable-log-client. + [1bb7efdbddd5] + +2021-04-01 Radovan Sroka <rsroka@redhat.com> + + * src/selinux.c: + Removed depricated security_context_t + + Signed-off-by: Radovan Sroka <rsroka@redhat.com> + [14aba55909fc] + +2021-03-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/sendlog.c: + Return NULL if init_tls_client_context() fails. Otherwise, we will + call SSL_new with a freed SSL context. Bug #970 + [5fbadce88524] + +2021-03-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/parse_args.c: + Use separate getopt config for sudoedit. Avoids a problem where the + user gets an exclusive usage error message when using a sudo- + specific option. GitHub issue #95 + [b6207568e50a] + + * src/parse_args.c, src/sudo_usage.h.in: + Add -h and -V to sudoedit usage and customize help output for + sudoedit. Also add missing -B option to usage strings. + [0d8fa214f8c3] + + * src/parse_args.c: + Don't report a usage error for "sudo -V". GitHub issue #95 + [a18573251751] + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp: + Do not include parent directories in rpm and deb files. Fixes a + directory conflict with the AIX sudo rpm package. Other deb/rpm + packages were not affected because parent dirs are omitted for a + prefix of /usr. + [f7d8db9670bb] + +2021-03-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. On OpenServer, + SIOCGIFNUM is the number of network interfaces, not the number of + ifreq structs. + [a992ea37b071] + +2021-03-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. We need + to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF only + returns IPv6 addresses. + [7a53304872b9] + +2021-03-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN + def. + [15bb7bc0ecb8] + + * src/net_ifs.c: + No longer need ifr_tmp variable, just reuse ifr. Now that we store + the string version of the address before fetching the netmask we can + just re-use ifr. This simplifies things and is safer since if there + is space for the address there must also be space for the mask. + [89ade84d0a6d] + + * src/net_ifs.c: + SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. Gleaned from + sendmail. + [0616f2103f0b] + + * src/net_ifs.c: + Use SIOCGSIZIFCONF or SIOCGIFNUM where available. Still falls back + to a loop if not but now maxes out at 2048 interfaces instead of + potentially looping forever. + [f19cd2f827d5] + + * configure, configure.ac, src/net_ifs.c: + Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. They + were getting in the way of net_its.c simplification. + [4e2b7ce2fb7b] + +2021-03-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + Use SIOCGLIFCONF to get interface list where supported (Solaris). + HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only + return IPv6 addresses). Also add IPv6 support using SIOCGIFCONF + (probably AIX only) and make sure ifr_tmpbuf[] is properly aligned. + [d2eebba41618] + + * MANIFEST, src/Makefile.in, src/regress/net_ifs/check_net_ifs.c: + Add simple regress check to display the network interfaces found. + [6c1a5a50056e] + +2021-03-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL: + Suggest clang 11 or higher, some fuzzers may hang when used with + clang 10. + [abcf94949ca2] + +2021-03-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, logsrvd/Makefile.in, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict: + Add dictionary file for fuzz_logsrvd_conf. + [f9e154751a5f] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add a new "fuzz" target that executes the fuzzers for 8192 runs + each. To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 + fuzz" + [5fd3d7e9430f] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/corpus/log_json/id.json, + lib/iolog/regress/corpus/log_json/ls.json, + lib/iolog/regress/corpus/log_json/mailq.json, + lib/iolog/regress/corpus/log_json/make.json, + lib/iolog/regress/corpus/log_json/pkg_add.json, + lib/iolog/regress/corpus/log_json/pkg_delete.json, + lib/iolog/regress/corpus/log_json/printenv.json, + lib/iolog/regress/corpus/log_legacy/id.log, + lib/iolog/regress/corpus/log_legacy/ls.log, + lib/iolog/regress/corpus/log_legacy/mailq.log, + lib/iolog/regress/corpus/log_legacy/make.log, + lib/iolog/regress/corpus/log_legacy/pkg_add.log, + lib/iolog/regress/corpus/log_legacy/pkg_delete.log, + lib/iolog/regress/corpus/log_legacy/printenv.log, + lib/iolog/regress/corpus/seed/log_json/id.json, + lib/iolog/regress/corpus/seed/log_json/ls.json, + lib/iolog/regress/corpus/seed/log_json/mailq.json, + lib/iolog/regress/corpus/seed/log_json/make.json, + lib/iolog/regress/corpus/seed/log_json/pkg_add.json, + lib/iolog/regress/corpus/seed/log_json/pkg_delete.json, + lib/iolog/regress/corpus/seed/log_json/printenv.json, + lib/iolog/regress/corpus/seed/log_legacy/id.log, + lib/iolog/regress/corpus/seed/log_legacy/ls.log, + lib/iolog/regress/corpus/seed/log_legacy/mailq.log, + lib/iolog/regress/corpus/seed/log_legacy/make.log, + lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log, + lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log, + lib/iolog/regress/corpus/seed/log_legacy/printenv.log, + lib/iolog/regress/corpus/seed/timing/timing.1, + lib/iolog/regress/corpus/seed/timing/timing.2, + lib/iolog/regress/corpus/seed/timing/timing.3, + lib/iolog/regress/corpus/seed/timing/timing.4, + lib/iolog/regress/corpus/timing/timing.1, + lib/iolog/regress/corpus/timing/timing.2, + lib/iolog/regress/corpus/timing/timing.3, + lib/iolog/regress/corpus/timing/timing.4, lib/util/Makefile.in, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3, + lib/util/regress/corpus/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/sudo_conf/sudo.conf.3, logsrvd/Makefile.in, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/corpus/policy/policy.1, + plugins/sudoers/regress/corpus/policy/policy.2, + plugins/sudoers/regress/corpus/policy/policy.3, + plugins/sudoers/regress/corpus/policy/policy.4, + plugins/sudoers/regress/corpus/policy/policy.5, + plugins/sudoers/regress/corpus/seed/policy/policy.1, + plugins/sudoers/regress/corpus/seed/policy/policy.2, + plugins/sudoers/regress/corpus/seed/policy/policy.3, + plugins/sudoers/regress/corpus/seed/policy/policy.4, + plugins/sudoers/regress/corpus/seed/policy/policy.5: + Move corpus files to a seed subdirectory. + [ba6dd7f30d22] + + * lib/fuzzstub/fuzzstub.c: + We can now rely on LLVMFuzzerTestOneInput to flush stdout. + [f20f353eeb87] + + * plugins/sudoers/Makefile.in: + Fix fuzz_sudoers output comparison when fuzzing is enabled. + libFuzzer outputs additional info to stderr that our stub doesn't. + [49434e4eceaa] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Flush stdout before successful return from LLVMFuzzerTestOneInput(). + Fixes a problem with diag lines from libFuzzer being interspersed + with test output. + [f0b701120128] + + * configure, configure.ac: + Use --allow-multiple-definition to work around an issue with ld.lld. + For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around + a DNS timeout problem with name resolution and CIfuzz. However, this + causes a link failure when sanitizers are enabled on systems that + use ld.lld as their linker. Use a big hammer to avoid the link + error. + [2b9df5329c0e] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: + Do not redefine system group and passwd functions for testsudoers. + Instead, prefix the replacements with "testsudoers_" and use a + custom pwutil backend so they get used. + [6bfd2f8d01c0] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Rename "fuzz" makefile target to "check-fuzzer". It's purpose is to + run the fuzzers are part of a normal "make check" to avoid bit rot, + not to perform a fuzzer run. The fuzz_logsrvd_conf fuzzer was not + wired up to "make check" previously. + [01c03ccfd3f0] + +2021-03-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_6p1 for changeset 055f2a618604 + [5376bc9e3b85] <1.9> + + * Merge sudo 1.9.6p1 from tip + [055f2a618604] [SUDO_1_9_6p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.6p1 + [93d95d3f23b1] + +2021-03-15 Alexandru Ardelean <aardelean@deviqon.com> + + * plugins/sudoers/policy.c: + plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS + + Since this flag isn't set, the sudo_mode variable gets invalidated + and running the 'sudo' command seems to error out with message + 'sudoers_policy_check: invalid mode flags from sudo front end: + 0x80001"' + [b98b418f1997] + +2021-03-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_6 for changeset e3e96490e48f + [2e377fa2b87c] <1.9> + + * config.guess, config.sub: + Merge sudo 1.9.6 from tip + [e3e96490e48f] [SUDO_1_9_6] <1.9> + + * NEWS: + fix typo + [c7367647bd7c] + +2021-03-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Bug #968 + [e08853fca88e] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_common.h, + logsrvd/tls_init.c: + Move common TLS initialization code to tls_init.c. + [118c7d41ad48] + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/tr.mo, + po/tr.po: + Updated translations from translationproject.org + [cbc05710d6ba] + + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c: + Use HAVE_STDINT_H instead of trying to guess based on + __STDC_VERSION__. Fixes compilation with pre-C99 headers when the + compiler supports C99. + [05ebf79d02c7] + + * include/sudo_compat.h, lib/util/secure_path.c: + Remove compatibility defines for POSIX sys/stat.h macros. Modern + systems have them and we no longer support pre-POSIX systems. This + fixes potential redefinition of the macros if sys/stat.h is included + after sudo_compat.h. Bug #968. + [d10d0b9b60e1] + + * lib/eventlog/logwrap.c, + plugins/python/python_plugin_approval_multi.inc, + plugins/python/python_plugin_audit_multi.inc, + plugins/python/python_plugin_io_multi.inc, src/get_pty.c: + Quiet a few Solaris Studio compiler warnings. + [1d82509f2e44] + + * configure, configure.ac: + Add -Wno-unknown-pragmas along with -Wall. We don't want warnings + about unknown pragmas in system headers. + [ac15fa0e3d95] + + * scripts/pp: + Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead. + [97d8bb91cf02] + +2021-03-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Compare OS name against freebsd* and netbsd* not freebsd and netbsd. + Fixes an issue on NetBSD where host_os starts with netbsdelf. + [2e813d52a7d6] + + * plugins/sudoers/Makefile.in: + Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD + [38a7b3a9eb90] + + * lib/util/Makefile.in, plugins/python/Makefile.in, src/Makefile.in: + Set locale for all "make check" targets. + [1a80048486d4] + +2021-03-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + AIX 6.1 may have a broken fmemopen(). We only use it for the fuzzers + so ignore it for AIX < 7.1. + [ad909c1479ff] + +2021-03-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/pp: + Only put specific directories in the ROOT section of the AIX + package. Previously, /usr and /opt were placed in USR and everything + else went in ROOT. Now, only /dev, /etc, /sbin and /var go in ROOT. + [6f1fbe8fea31] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, + po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [53c17c8d56e9] + +2021-03-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + Remove unused tls parameter, we now use a per-address tls flag. + [2be727a37b9c] + +2021-03-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document double escaping of backslashes. Bug #961. + [ae51e4899555] + + * NEWS, configure, configure.ac: + No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. We + now define _DARWIN_C_SOURCE which accomplishes the same thing. + [c233df4c1ae4] + + * plugins/sudoers/auth/pam.c: + Fix a potential use-after-free in conversation function. The prompt + passed in to sudo_pam_verify() will be freed later by + check_user_interactive() so we need to reset the stashed value. From + Pavel Heimlich. Bug #967. + [86bc6ee3c493] + + * plugins/sudoers/pwutil.c: + No need to update cp after storing gr->gr_name, it is not used, + Coverity CID 219314 + [27bace364dc9] + +2021-03-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention GitHub issue #56. + [47b8b9fac52b] + + * plugins/sudoers/po/sudoers.pot: + regen + [923899bcc63d] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Log peer address in sudo_logsrvd JSON-format logs. The peer that + connected to us might not be the same host where the log entry + originated. + [4e2488efaf97] + + * NEWS, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + lib/util/sudo_conf.c: + Make "group_source=dynamic" the default on macOS. Recent versions of + macOS do not reliably return all of a user's non-local groups via + getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug + #946. + [491720b06a68] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on + C. Works around a crash in leak sanitizer when the locale is set to + C and TLS support is enabled. + [4345912b9bd8] + +2021-03-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Initialize the lbuf used by sudoers_trace_print() in init_lexer(). + Free the old buffer if there is one, otherwise it would never be + freed. + [1893ecc06718] + + * lib/util/lbuf.c: + In sudo_lbuf_destroy(), reset error, len and size. + [7a6f980c2215] + + * NEWS: + Mention the integer overflow check in store_timespec(). + [f41519e1dae9] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + In find_path() stub only make a copy in outfile if returning FOUND. + Fixed a recently-introduced memory leak in the fuzzer. + [2045b1afc0b5] + +2021-02-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_debug.c: + Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION It + will not be used and just confuses the coverage stats. + [3307c855b77d] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Expand stub getaddrinfo() to resolve "localhost". + [e1035616ad99] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Improve fuzz_policy coverage and set defaults in setdefs not parse. + Now exercises session open/close and set additional defaults to + exercise more code paths. + [2843a0b930fd] + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c: + Improve SUDOERS_NAME_MATCH support. Now supports digests and + performs better directory matching. + [2f2d63596256] + + * plugins/sudoers/policy.c: + Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command". + [eff4cbe95d75] + +2021-02-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_clearerr.c, lib/iolog/iolog_close.c, + lib/iolog/iolog_eof.c, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_gets.c, lib/iolog/iolog_mkdirs.c, + lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c, + lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c, + lib/iolog/iolog_openat.c, lib/iolog/iolog_read.c, + lib/iolog/iolog_seek.c, lib/iolog/iolog_swapids.c, + lib/iolog/iolog_util.c, lib/iolog/iolog_write.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, logsrvd/iolog_writer.c, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Split iolog_fileio.c into multiple files. + [9b7c4f1b781f] + + * plugins/sudoers/defaults.c: + Correct the integer overflow check in store_timespec(). Fixes oss- + fuzz issue #31463 + [3765d5c4ecd3] + + * plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok: + Update file that was missed in test27 changes. + [5824f54afa88] + + * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_conf.c, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_loginfo.c: + Break out I/O log config handling into iolog_conf.c. + [546f503f9bb4] + + * lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + logsrvd/Makefile.in, plugins/sudoers/Makefile.in: + regen Makefile.in + [43c54f94e9c8] + + * examples/Makefile.in, lib/eventlog/Makefile.in, + plugins/sudoers/Makefile.in: + Add some missing files to the clean target + [20754fec5ff1] + + * plugins/sudoers/regress/sudoers/test27.in, + plugins/sudoers/regress/sudoers/test27.json.ok, + plugins/sudoers/regress/sudoers/test27.ldif.ok, + plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test27.out.ok, + plugins/sudoers/regress/sudoers/test27.toke.ok: + Add netgroup check to sudoers test27 + [1b45a6794b2d] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Sync with fuzz_sudoers changes. + [1481cef048ad] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Fuzz with runuser and rungroup specified too. + [2d8ceb465cea] + + * MANIFEST, plugins/sudoers/regress/sudoers/test27.in, + plugins/sudoers/regress/sudoers/test27.json.ok, + plugins/sudoers/regress/sudoers/test27.ldif.ok, + plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test27.out.ok, + plugins/sudoers/regress/sudoers/test27.toke.ok: + Add test to exercise RunasSpec without a RunasUser. + [ee22ac488aca] + + * MANIFEST, plugins/sudoers/regress/sudoers/test22.sudo.ok, + plugins/sudoers/regress/sudoers/test23.sudo.ok, + plugins/sudoers/regress/sudoers/test24.sudo.ok, + plugins/sudoers/regress/sudoers/test26.sudo.ok: + Remove unused regress files. + [71d943734bb8] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Don't try to run getters if we failed to parse the config file. + [734bb56c24ed] + +2021-02-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. + [5f725de1e3ad] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Fix runchroot, runcwd, tty_tickets. Add timestampowner. + [d8a945bea98d] + + * plugins/sudoers/policy.c: + Only add command_info to garbage collector on successful return. + Otherwise it will be freed on failure. + [c3d0461efaa1] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Add user millert to group sudo, which is often the exempt group. + [fac833a2cf3b] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add some defaults settings in sudo_file_parse(). We don't have a + real policy file but we still want to exercise callbacks in + sudoers.c. + [9f3d3f668973] + + * plugins/sudoers/sudoers.c: + Do not free sudo_user.iolog_{file,path} in sudo_user_free(). They + are not dynamically allocated. + [59c102ba67cf] + + * lib/iolog/regress/fuzz/fuzz_iolog_timing.c: + Remove unnecessary warnings, we want to fail silently. + [4b1ee5dd2cb4] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + No longer need to stub out eventlog config functions. + [08c40b6a63c9] + + * MANIFEST, logsrvd/Makefile.in, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Call public getters in logsrvd.conf fuzzer and add to corpus. Now + exercises the syslog config erorr path. + [0b314e4e0696] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Add more passes to policy fuzzer Now execises list, list other user + and show_version. + [21a1cc9665ec] + + * plugins/sudoers/defaults.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Implement sudoers_policy_deregister_hooks() Register/deregister + hooks in fuzz_policy and also call show_version(). + [8849644a75de] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add sudoers debug register/deregister. + [5fba9b19c6fa] + + * plugins/sudoers/defaults.c: + Remove unnecessary break statement. + [aa18c2957f82] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok, + plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok: + Include a sha384 digest in the test corpus. + [6c405febff10] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Parse sudoers file in the C locale. + [82d6afbe499b] + + * MANIFEST, plugins/sudoers/regress/sudoers/test26.in, + plugins/sudoers/regress/sudoers/test26.json.ok, + plugins/sudoers/regress/sudoers/test26.ldif.ok, + plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test26.out.ok, + plugins/sudoers/regress/sudoers/test26.sudo.ok, + plugins/sudoers/regress/sudoers/test26.toke.ok: + Add regress test with all current Defaults settings. Currently skips + SELinux and Solaris privilege settings. + [79e82a58ccde] + +2021-02-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_hooks.c: + Move env hooks into sudoers_hooks.c. + [7296d05b9206] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + No need to call check_defaults() and check_aliases() in quiet mode. + [0d0f93849388] + + * plugins/sudoers/gc.c: + sudoers_gc_init() is not currently used + [e74d2870ae25] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/fmtsudoers_cvt.c: + Split fmtsudoers.c into the parts used by sudoers plugin and + cvtsudoers. Only testsudoers and cvtsudoers use the full set of + formatting functions. + [8c57e80ae655] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Check defaults settings too. + [7dc7d66f47e7] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_stubs.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add fuzzer-specific stubs source file. + [815c28958d42] + + * Makefile.in: + Do not overwrite existing ChangeLog file if there is no hg/git dir. + We don't want "make install" from a source tarball to nuke the + ChangeLog. + [f7aba6a01d85] + + * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Remove fuzzer targets in "make clean" + [25b068bc254b] + + * .gitignore, .hgignore: + Ignore fuzzer targets + [d920254ce731] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + lib/util/regress/fuzz/fuzz_sudo_conf.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Set program name in fuzzers so we get consisten warnings. + [1ee4b5478d1c] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Use real eventlog config fuctions instead of stubs. + [eed6fc4df1f6] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_loginfo.c: + Move iolog info log writing to iolog_loginfo.c + [292915dae440] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_loginfo.c, + lib/iolog/iolog_timing.c, lib/iolog/iolog_util.c, + lib/iolog/regress/iolog_timing/check_iolog_timing.c, + lib/iolog/regress/iolog_util/check_iolog_util.c: + Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. Also + rename check_iolog_util -> check_iolog_timing. + [5b5249e4aa96] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_legacy.c, + lib/iolog/iolog_util.c: + Move legacy I/O log info file parsing to iolog_legacy.c + [94b767bb56c7] + + * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in, + lib/eventlog/eventlog.c, lib/eventlog/eventlog_conf.c: + Move eventlog config code into eventlog_conf.c + [656d65215e50] + + * MANIFEST, lib/eventlog/Makefile.in, lib/eventlog/eventlog.c, + lib/eventlog/eventlog_free.c: + Move eventlog_free() into its own file. + [a5ff36ac0ebb] + + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Stub out eventlog and iolog configuration setters. + [cc32ba7436cd] + + * MANIFEST, plugins/sudoers/defaults.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Update Defaults settings after parsing sudoers. Also stub out + dump_defaults when fuzzing as it is not used. + [fa1e7c7b42c2] + + * plugins/sudoers/Makefile.in, plugins/sudoers/b64_decode.c, + plugins/sudoers/b64_encode.c, plugins/sudoers/base64.c: + Split base64 encode/decode functions into separate source files. + They are independent functions. + [ab0904c5122c] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + fuzz_printf and fuzz_conversation can be stubs. + [9b11c9a3f3c3] + +2021-02-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Exercise tilde expansion if used in runcwd or runchroot. + [a6f0995c6a55] + + * plugins/sudoers/check_aliases.c: + Move alias checking code out of visudo.c and into check_aliases.c. + [5c0a91978441] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Check aliases in fuzz_sudoers if the policy parsed correctly. + [b272e634f204] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/parse.h, + plugins/sudoers/visudo.c: + Move alias checking code out of visudo.c and into check_aliases.c. + [b9c23c958935] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + We don't need to link fuzz_sudoers with file.c. + [4fcd15e8cdcf] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.dict, + lib/util/regress/fuzz/fuzz_sudo_conf.dict, + plugins/sudoers/regress/fuzz/fuzz_policy.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict: + Strings in dictionary files need to be quoted. + [8a95ea335d2d] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/fuzz/fuzz_iolog_json.dict, lib/util/Makefile.in, + lib/util/regress/fuzz/fuzz_sudo_conf.dict, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_policy.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers.dict, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict: + Add dictionary files for fuzzers where possible. + [4d9147fd50fd] + +2021-02-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Also free safe_cmnd so it doesn't leak. + [5071a1ffa5d0] + + * plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c: + Return NOT_FOUND from the set_cmnd_path() stub since we don't set + user_cmnd. The purpose of set_cmnd_path() is to reset user_cmnd + based on a new runchroot. For the stub version we don't modify + user_cmnd and so must not return a status of FOUND. Fixes oss-fuzz + issue #31250 which only affected the fuzzer and not sudo. + [36fe416668df] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Fix fuzz_sudoers output matching. + [6cec1e5aa799] + + * lib/fuzzstub/fuzzstub.c: + Print "running" and "executed" lines to stderr like libfuzzer does. + [b76b7a4a6ff3] + + * plugins/sudoers/pwutil_impl.c: + Support passing sudo_make_gidlist_item() an array of gids. The gids + are formatted as strings, not gid_t. + [d1608f63ae91] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok: + Prime user/group cached and set the interface list. Also match + parsed policy against multiple users. + [ec19b5658a2a] + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h: + Add sudo_mkgrent(), to be used to prime the group cache in + tests/fuzzers. + [333f0887abbc] + +2021-02-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Perform matching in fuzz_sudoers for inputs that parse correctly. + The fuzzer now exercised the normal match code as well as the + pseudo-command (list, validate, etc) match code. Privileges are also + listed for well-formed sudoers file. + [8caf505d7341] + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h: + Add back SUDOERS_NAME_MATCH and enable it when fuzzing. This avoids + the test environment from influencing sudoers matching. + [496b3a7184a8] + + * plugins/sudoers/match_command.c: + Add missing globfree(3) in command_matches_glob() when matching a + directory. + [1d6d28d6eb61] + +2021-02-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_dso.c: + Add support on AIX for loading plugins that are .a (not .so) files. + It is possible to specify the member name in parens after the path, + e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit. + If no member is specified in the path and dlopen() fails with + ENOEXEC, try again with an explicit member, either shr.o or + shr_64.o. + [90d975989148] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add clean rules to .PHONY target. + [dea3468f3f7b] + +2021-02-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add install-fuzz Makefile target to install the fuzzers and seed + corpus. The FUZZ_DESTDIR make variable needs to be set in the + environment or on the command line. + [89c4dc1e8cb0] + + * plugins/sudoers/Makefile.in: + Only display fuzz_policy output if the fuzzer exits with an error. + [c6927227be4a] + + * plugins/sudoers/regress/corpus/policy/policy.1, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Call list, validate and invalidate entry points too. We need a + separate open/close for each one. + [fbbc5bdb4541] + + * INSTALL, configure, configure.ac: + Add --disable-ssp configure option. This allows for disabling + -fstack-protector without turning off the other hardening options. + [1d9ca18e4fa9] + + * lib/util/regress/getdelim/getdelim_test.c: + Test the error case by closing the underlying fd. Note that we don't + use ferror() here since our getdelim() has no way to set the error + flag if there is a memory allocation error. + [df0464968e2c] + + * lib/util/regress/getdelim/getdelim_test.c: + Test the case where getdelim() must reallocate the buffer. + Reproduces Bug #960. + [df4dbc0830be] + + * lib/eventlog/eventlog.c: + When logging JSON to syslog, wrap the contents in a "sudo" object. + This makes it easier for log parsers to identify what is a sudo log + entry. + [2c96aeaabc8e] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Restore the check for sudoers_policy.close == NULL. The fuzzers run + as part of "make check" too in which case NO_LEAKS won't be defined + and the close function will be set to NULL. + [8418ff5f6dfb] + + * lib/iolog/iolog_json.c: + Use %td when printing the difference of two pointers. + [608de9ab3902] + + * plugins/sudoers/parse.c: + Don't print a NULL as a string if role/type/privs/limitprivs is not + set. We can't rely on printf("%s", NULL) not crashing. + [4a04efbcbff9] + + * plugins/sudoers/sudoers.c: + Fix compilation error on Solaris introduced with sudo_user_free(). + [0ce4e0ac807e] + +2021-02-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Bug #960. + [82303f217d8b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Distinguish between EOF and error using feof(3), not ferror(3). Our + getdelim(3) emulation won't set the error flag if the error is due + to an allocation failure. This explains the premature EOF without + error seen in Bug #960. + [5a70875f92fa] + + * lib/util/getdelim.c: + Reset end pointer when reallocing the line buffer in getdelim(). + Fixes excessive memory allocations for long lines. Bug #960. + [d6dd6893b38a] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + plugins/sudoers/Makefile.in: + Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables. + [2f7695aadad9] + + * lib/iolog/iolog_json.c: + On parse error, display line and column instead of the offending + line. + [bbda04a5b05d] + + * logsrvd/Makefile.in, plugins/sudoers/Makefile.in: + regen + [20e093fd76f0] + + * NEWS, configure, configure.ac: + Sudo 1.9.6 + [1c76fe52426f] + +2021-02-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_json.c, lib/iolog/iolog_util.c: + Pass I/O log memory allocation errors up to the caller. + [4777add71679] + + * INSTALL, config.h.in, configure, configure.ac, doc/sudoers.man.in, + doc/sudoers.mdoc.in, pathnames.h.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c: + Add admin_flag sudoers option and make --enable-admin-flag take a + path. It is now possible to disable the Ubuntu admin flag in sudoers + or change its location. GitHub issue #56 + [d77c3876fa95] + + * plugins/sudoers/exptilde.c, + plugins/sudoers/regress/exptilde/check_exptilde.c: + Fix tilde expansion of paths with no user like ~/foo. The '/' + separator was missing in the resulting path. + [dbba61f76d6c] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, lib/util/sudo_conf.c, + plugins/sudoers/policy.c: + Limit max_groups in sudo.conf to 1024. The max_groups setting should + no longer be needed anyway. + [aee7843e0c7d] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + In sudoers_policy_close() call sudoers_cleanup() instead of + sudo_user_free(). If we didn't call sudoers_policy_main() due to an + early error there may be more things to clean up. + [683d69d84aa6] + + * plugins/sudoers/policy.c: + Check for invalid flag combinations from front-end for all cases. + The checks are now performed in the check_policy, list, validate and + invalidate functions instead of as part of the open function. We + can't perform the checks in open because we don't yet know what + operation is going to be performed. + [b09105b3bb42] + + * plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c: + Always dynamically allocate user_cmnd, it is freed in + sudo_user_free(). Instead of setting user_cmnd in the policy + functions, always set argv. Calling sudoers_policy_main() with argc + of 0 is no longer allowed. + [820f1f4e5c44] + + * plugins/sudoers/policy.c: + No need for sudoers_cleanup() in sudoers_policy_invalidate(). The + sudoers close() function is now called even for "sudo -k". Also no + need to set user_cmnd, it is not used in this code path. + [c2c9832c32f4] + +2021-02-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd_conf.c, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2, + logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3, + logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: + Add simple fuzzer for sudo_logsrvd.conf parser. + [8b5cd9e24656] + + * lib/iolog/regress/fuzz/fuzz_iolog_timing.c: + Fix unlinking of timing temp file. + [8b0ce6d777c8] + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + plugins/python/Makefile.in, plugins/sudoers/Makefile.in: + Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. + [47e8b85d1d9a] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/corpus/sudo_conf/sudo.conf.1, + lib/util/regress/corpus/sudo_conf/sudo.conf.2, + lib/util/regress/corpus/sudo_conf/sudo.conf.3, + lib/util/regress/fuzz/fuzz_sudo_conf.c: + Add simple fuzzer for sudo.conf parser. + [8a530402f936] + + * plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Free struct sudo_user in sudoers_policy_close() and + sudoers_cleanup(). Also, do not NULL out the close function if + NO_LEAKS is defined. + [f3fbf78e6e41] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/corpus/log_legacy/id, + lib/iolog/regress/corpus/log_legacy/id.log, + lib/iolog/regress/corpus/log_legacy/ls, + lib/iolog/regress/corpus/log_legacy/ls.log, + lib/iolog/regress/corpus/log_legacy/mailq, + lib/iolog/regress/corpus/log_legacy/mailq.log, + lib/iolog/regress/corpus/log_legacy/make, + lib/iolog/regress/corpus/log_legacy/make.log, + lib/iolog/regress/corpus/log_legacy/pkg_add, + lib/iolog/regress/corpus/log_legacy/pkg_add.log, + lib/iolog/regress/corpus/log_legacy/pkg_delete, + lib/iolog/regress/corpus/log_legacy/pkg_delete.log, + lib/iolog/regress/corpus/log_legacy/printenv, + lib/iolog/regress/corpus/log_legacy/printenv.log, + plugins/sudoers/Makefile.in: + For "make fuzz" only fuzz the seed corpus. This way we avoid files + generated by the fuzzer itself. + [42ace1dec313] + +2021-02-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/env.c, plugins/sudoers/gc.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Fix sudoers garbage collection and run it in policy fuzzer. + [c0d572fd9921] + + * .github/workflows/main.yml: + Rename master -> main + [57000edd1aff] + + * plugins/sudoers/policy.c: + Do not include errno string for invalid params from front-end. + [2d0b55b3041f] + + * plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/fuzz/fuzz_policy.c: + Always dynamically allocate user_role, user_type, user_privs, + user_limitprivs + [f5992824219d] + + * plugins/sudoers/policy.c: + Remove dead code, front-end does not set runas_privs or + runas_limitprivs + [6ce3da323452] + + * plugins/sudoers/iolog.c: + Plug memory leak if there are duplicate user_info or command_info + entries. + [21865246a4dc] + +2021-02-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * .github/workflows/main.yml: + Add CIFuzz workflow to run fuzzers on push or PR. + https://google.github.io/oss-fuzz/getting-started/continuous- + integration/ + [47f1c8015ec5] + + * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Move create_admin_success_flag() to timestamp.c. + [0675f230288c] + + * configure, configure.ac: + Error out if fuzzer/sanitizer enabled but not supported by the + compiler. + [289afba93f79] + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + The push() function was not updating the size after reallocating. + [e089aaeee3b2] + + * plugins/sudoers/pwutil_impl.c, src/sudo.c: + If sudo_getgrouplist2() returns -1, clamp ngroups based on + max_groups. The ngroups parameter is an out parameter that is filled + in with the actual number of groups, which may be less than the + static number allocated when max_groups is set in sudo.conf. Fixes a + potential out of bounds read found by LLVM libFuzzer. + [a26461ccf891] + +2021-02-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Reset sudoers path, owner and mode before parsing plugin arguments. + This is only needed when calling sudoers_policy_deserialize_info() + more than once, which is true for the policy fuzzer. + [a25a6210f48c] + + * plugins/sudoers/sudoers.c: + Cleanup sudoers sources on denial and error too. + [454b7adcfa21] + + * plugins/sudoers/pwutil.c: + Fix sudo_getgrgid reference count bug when gid doesn't exist. This + one was missed when the other user/group lookup functions were + fixed. + [20e3fad6768b] + + * plugins/sudoers/policy.c: + Plug memory leak if there are duplicate user_info entries. + [b8ddcfa0a051] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/corpus/policy/policy.1, + plugins/sudoers/regress/corpus/policy/policy.2, + plugins/sudoers/regress/corpus/policy/policy.3, + plugins/sudoers/regress/corpus/policy/policy.4, + plugins/sudoers/regress/corpus/policy/policy.5, + plugins/sudoers/regress/fuzz/fuzz_policy.c, + plugins/sudoers/sudoers.c: + Fuzz sudoers policy module API. Includes a test case to reproduce + CVE-2021-3156. + [576d065759cf] + + * lib/iolog/Makefile.in, plugins/sudoers/Makefile.in: + Make fuzz targets depend on fuzzer stub library. We really want a + dependency on $(LIB_FUZZING_ENGINE) but that could be a flag like + "-fsanitize=fuzzer" instead of a path. + [0963418f1cf9] + + * lib/util/Makefile.in: + regen + [dd872eceb19e] + + * MANIFEST, plugins/sudoers/Makefile.in: + Move audit.c from libparsesudoers to the sudoers module itself. Now + that audit.c contains the audit module it doesn't belong in + libparsesudoers. + [3df4f6e10f54] + + * configure, configure.ac: + Do not pass AX_APPEND_FLAG more than a single flag. GitHub issue #92 + [ed9ccdd41231] + +2021-02-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + logsrvd/Makefile.in, plugins/sudoers/Makefile.in: + Fix up some .la file library dependencies. libsudo_iolog.la already + depends on libsudo_util.la and libsudo_eventlog.la so we don't need + to list those explicitly when libsudo_iolog.la is listed. + [d8b55cf698b5] + + * lib/eventlog/eventlog.c, lib/util/Makefile.in, lib/util/progname.c, + lib/util/regress/progname/progname_test.c, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/audit.c, + plugins/sudoers/find_path.c, plugins/sudoers/iolog.c, + plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/sudo_edit.c, src/sudo_noexec.c: + Use sudo_basename() instead of doing the equivalent manually. + [67e2b5d68a73] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/basename.c, lib/util/util.exp.in: + Add a GNU-compatible version of basename(3). Unlike POSIX + basename(3), the GNU variant does not modify its argument. Note that + basename of a path ending in "/" returns an empty string. + [693e1d39718a] + +2021-02-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_fileio.c: + feof(3) returns non-zero at EOF, not necessarily 1. On Illumos at + least it returns a value other than 1. + [fc2242fe7c6e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Portable workaround for getdelim(3) implementations modify buf on + EOF. We should assume that the contents of buf are undefined when + getdelim(3) returns -1. We now peek ahead one char and skip the + getdelim(3) call if EOF is detected. This will preserve the original + value of the last line. + [1e353f05a0fa] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Some getdelim(3) implementations write a NUL to the buffer on EOF. + AIX and Illumos appear to have this behavior. We now preserve the + first character of the buffer on EOF to work around this. Fixes + reporting of syntax errors on the last line of a file. + [22611c14c1d1] + + * plugins/sudoers/Makefile.in: + Fuzz the example sudoers file, not the default one. The default + sudoers uses @includedir which can result in different output, + depending on the permissions of /etc/sudoers.d. + [1b325a1d0e0a] + + * configure, configure.ac: + illumos has a broken fmemopen(3), don't use it. + [d297ee0339e6] + +2021-02-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for SSIZE_MAX + [ca7699154705] + + * lib/iolog/iolog_json.c: + Suppress PVS Studio false positives. + [6d8fcec047e5] + + * src/sesh.c: + Silence a clang analyzer false positive. + [8bc3e89f6fbb] + + * plugins/sudoers/toke_util.c: + Silence a clang analyzer false positive. + [2489166fc372] + + * lib/fuzzstub/fuzzstub.c: + Fix CID 217123, size check always false on 64-bit systems. + [3c018b5d43a8] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Make open_sudoers() always return NULL like fuzz_sudoers.c + [042de90307ae] + + * plugins/sudoers/regress/sudoers/test4.toke.ok, + plugins/sudoers/regress/sudoers/test5.toke.ok, + plugins/sudoers/regress/sudoers/test7.toke.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok: + Update *.toke.ok now that lexer doesn't call sudoerserror() itself. + [d60c0d33b5b4] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l: + The lexer now sets an error string before returning ERROR. The + parser will use that when reporting on an ERROR state. This prevents + the lexer from reporting errors about tokens that are not actually + consumed by the parser and we don't have to worry about both the + lexer and the parser reporting errors. It also means we only get one + error per sudoers line. + [7ffb0d28862f] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Go back to storing the last error file/line in sudoerserrorf(). This + is still the best way to avoid displaying more than one error per + line. + [21da59d69c5f] + + * configure, configure.ac: + Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just + ASAN_CFLAGS. + [d3c719c72d79] + + * MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/eventlog/Makefile.in, + lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + logsrvd/Makefile.in, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok, + plugins/system_group/Makefile.in, src/Makefile.in: + Add fuzz Makefile target and run fuzzer corpus in make check. + [a66085f05dea] + +2021-02-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, Makefile.in, configure, configure.ac, + lib/fuzzstub/Makefile.in, lib/fuzzstub/fuzzstub.c, + lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add stub library that just feeds files to the fuzzing target. This + will allow the fuzzers to be run as part of "make check". + [aa8fda20c3f8] + + * scripts/mkpkg: + Append to CFLAGS and LDFLAGS instead of overriding them when adding + -m64. + [d02cf3c28198] + + * config.h.in, configure, configure.ac, + lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Fall back to a temp file if fmemopen() is not available(). + [87f804b98c18] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Add missing return statement when NO_LEAKS is not defined. + [25b8e1041b62] + + * lib/eventlog/Makefile.in: + Remove remnants of liblogsrv. + [5030114bb12f] + + * INSTALL, configure, configure.ac, lib/iolog/Makefile.in, + plugins/sudoers/Makefile.in: + Add --enable-fuzzer-linker and --enable-fuzzer-engine options. These + will allow the fuzzers to be built as part of oss-fuzz. + [c3176bd8b95b] + +2021-02-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * .gitignore, .hgignore: + Sync ignore files. + [ddf136d412f7] + + * plugins/sudoers/Makefile.in: + Fix linking of sudoers fuzzers with static libsudo_util. + [86d07a5a671d] + + * INSTALL, configure, configure.ac, lib/iolog/Makefile.in, + plugins/sudoers/Makefile.in: + Add --enable-fuzzer option to use when building fuzzers + [01e31362c2b0] + + * INSTALL, configure, configure.ac: + Replace --enable-asan with --enable-sanitizer It is not possible to + set the sanitizer flags at configure time. + [115d869e1d55] + +2021-02-06 Anton Bershanskiy <45960703+bershanskiy@users.noreply.github.com> + + * src/copy_file.c: + Fix comment typo in src/copy_file.c + [60dbf6da4712] + +2021-02-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/Makefile.in, lib/iolog/regress/fuzz/fuzz_iolog_json.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c, + lib/iolog/regress/fuzz/fuzz_iolog_timing.c, + plugins/sudoers/Makefile.in, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Build (but don't run) fuzzers as part of "make check". Uses a stub + to make it possible to link w/o libfuzzer. The goal is to ensure the + fuzzers are always buildable and avoid bit rot. + [9186e252b8bf] + + * lib/iolog/Makefile.in, plugins/sudoers/Makefile.in: + Add libsudo_eventlog.la as a dependency of libsudo_iolog.la No + longer need to link against libsudo_eventlog.la in sudoers. + [508097f86035] + +2021-02-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, lib/iolog/regress/corpus/log_json/id.json, + lib/iolog/regress/corpus/log_json/ls.json, + lib/iolog/regress/corpus/log_json/mailq.json, + lib/iolog/regress/corpus/log_json/make.json, + lib/iolog/regress/corpus/log_json/pkg_add.json, + lib/iolog/regress/corpus/log_json/pkg_delete.json, + lib/iolog/regress/corpus/log_json/printenv.json, + lib/iolog/regress/corpus/log_legacy/id, + lib/iolog/regress/corpus/log_legacy/ls, + lib/iolog/regress/corpus/log_legacy/mailq, + lib/iolog/regress/corpus/log_legacy/make, + lib/iolog/regress/corpus/log_legacy/pkg_add, + lib/iolog/regress/corpus/log_legacy/pkg_delete, + lib/iolog/regress/corpus/log_legacy/printenv, + lib/iolog/regress/corpus/timing/timing.1, + lib/iolog/regress/corpus/timing/timing.2, + lib/iolog/regress/corpus/timing/timing.3, + lib/iolog/regress/corpus/timing/timing.4: + Add more test files for fuzzers. + [22256acfbe23] + +2021-02-05 Daniel Milnes <thebeanogamer@gmail.com> + + * doc/sudo.mdoc.in: + Fix the typo in the mdoc + [e0ad7f93e678] + + * doc/sudo.man.in: + Fix a tiny typo in the Sudo manpage + [d52c308677bf] + +2021-02-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_timing.c: + fuzzer for I/O log timing files + [7b32f8eecfd6] + + * lib/iolog/iolog_json.c: + In JSON, name/value pairs must be separated by a comma. Previously + we didn't require the comma to be there. + [bb70cecf6360] + + * lib/iolog/iolog_json.c: + Detect integer overflow when converting JSON_ARRAY to string vector. + Extremely unlikely to happen but better safe than sorry. + [60a7a4d3a1d8] + +2021-02-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Only strip double quotes from an include path if len >= 2. Found + locally using libfuzzer/oss-fuzz. + [274d0a05081b] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Don't allow the sudoers fuzzer to open include files. If we allow + the fuzzer to choose include paths it will include random files in + the file system. This leads to bug reports that cannot be + reproduced. + [b8ffce94f30a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If getdelim() returns a string with embedded NULs, truncate on first + one. This should avoid some issues with the fuzzer. + [e90e61d4bb0e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Reallocate the buffer correctly when appending a newline. Fixes a + potential buffer overflow introduced in the last commit. + [50b0f77aed5f] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Don't free the alias name in alias_add() if the alias already + exists. We need to be able to display it using alias_error(). Only + free what we actually allocated in alias_add() on error and let the + caller handle cleanup. Note that we cannot completely fill in the + alias until it is inserted. Otherwise, we will have modified the + file and members parameters even if there was an error. As a result, + we have to remove those from the leak list after alias_add(), not + before. + [6a920646d7d1] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix NUL termination when parsing a sudoers file with no ending + newline. oss-fuzz issue #30252 + [5c75d8e15966] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + sudoersrestart() does not reset state to INITIAL, do it in + init_lexer(). Fixes spurious errors from fuzz_sudoers, which calls + the parser multiple times. + [bf2c1c3b82e6] + + * plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Push lexer leak tracking down into check_fill.c. This lets us track + things correctly when buffers are realloc()d. Rewrote fill() and + append() to be more readable. + [a1e61a4a7aad] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Use sudoersrestart() in fuzz_sudoers.c Since we run the parser + multiple times we need to restart it each time. + [64792d363f62] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Parser needs user_shost for the %h escape in @include expansion. + Fixes oss-fuzz issue #30238 + [b043e413be31] + + * INSTALL: + The --disable-leaks option is not recommended for production use. + [cb37a56f4e99] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Remove options from the leak list before freeing them. Should fix + oss-fuzz issue #30236 + [1ee6dac8c027] + + * MANIFEST, include/sudo_iolog.h, lib/iolog/iolog_util.c, + lib/iolog/regress/fuzz/fuzz_iolog_legacy.c: + Add fuzzer for legacy I/O log info file. + [3f4ed83660ca] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Fix uninstall target; there were missing line continuation chars. + GitHub issue #87 + [02cffb51c15c] + +2021-02-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse_ldif.c: + Don't close fp in sudoers_parse_ldif() The caller should be the one + to handle this. + [e8d830851379] + + * .gitignore, .hgignore: + Update ignore files. + [0c8245d8097c] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Got back to calling alias_free() on alias_add() failure. We now need + to remove the name and members from the leak list + *before* calling alias_add() since alias_add() will consume them for + both success and failure. + [65c95a84f8ca] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + close sudoersin, not fp, and reset it to be safe + [f616d1c7c09a] + + * lib/iolog/regress/fuzz/fuzz_iolog_json.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add missing fclose(3) of fmemopen(3) stream; it does not modify the + data. + [9207901dcccd] + + * lib/iolog/iolog_json.c: + Check for unexpected value after checking the name, not before. + [6f973cc4378d] + + * lib/util/progname.c: + Allow getprogname() to succeed as long as __progname is present. + Also simplify the progname code so we only need a single + implementation. + [300a29bd117e] + + * lib/iolog/iolog_json.c: + Fix potential leak of evlog->runuser. Also warn if we find an + unexpected JSON type. + [0ec615b3d4e0] + +2021-02-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Parse into a local parse_tree and add missing cleanup. Since + parsed_policy is for the sudoers parser we should declare our own. + [c418d65e7bb4] + + * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: + Call init_parser() after parsing to clean up completely. + [2063d26ab401] + + * MANIFEST, plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/sudoers/test25.in, + plugins/sudoers/regress/sudoers/test25.json.ok, + plugins/sudoers/regress/sudoers/test25.ldif.ok, + plugins/sudoers/regress/sudoers/test25.out.ok, + plugins/sudoers/regress/sudoers/test25.toke.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Plug a few more parser leaks. + [c9478efdd65d] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Make parser_leak_remove(type, NULL) a no-op. + [7699e99a028a] + + * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_json.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c: + Add initial fuzzers to be used by oss-fuzz. These are not yet hooked + up to the sudo build. + [5593a755f359] + + * plugins/sudoers/gc.c, plugins/sudoers/sudoers.h: + Garbage collect unused gc_remove() function. + [ff561edd846e] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test11.sh, + plugins/sudoers/regress/testsudoers/test12.sh, + plugins/sudoers/regress/testsudoers/test13.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + The parser should be leak free, re-enable leak detection in ASAN. + [a89599540a5a] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Add garbage collection to the sudoers parser to clean up on error. + This makes it possible to avoid memory leaks when there is a parse + error. + [ef739da324bb] + +2021-01-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_ldap.h: + Move new_member_all to ldap_util.c, it is only used by ldap/sssd. + [9df2efb6956a] + +2021-01-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_json.c: + Fix crashes trying to parse invalid JSON. Found locally using + libfuzzer/oss-fuzz. + [b74c8c260d60] + + * lib/iolog/iolog_json.c: + Plug memory leak if a key is listed more than once in the log.json + file. + [764ef247f13e] + + * lib/iolog/regress/iolog_json/check_iolog_json.c: + Fix crash when file does not exist. + [55a46b75e6ed] + + * plugins/sudoers/gentime.c: + Strict tz offset parsing. Fixes an out of bounds read found locally + using libfuzzer/oss-fuzz. + [72266f1af75d] + + * plugins/sudoers/ldap_util.c: + Don't leak memory for duplicate command options. The last option + wins but we also now warn about the duplicate. Found locally using + libfuzzer/oss-fuzz. + [f1cd342e62f7] + + * plugins/sudoers/ldap_util.c: + Copy command options when converting a sudoRole with multiple + sudoCommands. A sudoRole with multiple sudoCommands is converted to + a privilege with multiple cmndspecs. However, we were not copying + some of the command options to subsequent cmndspecs in the list. + [d8309574a756] + + * plugins/sudoers/parse_ldif.c: + Fix memory leak if the last line is folded. Fixes issue 30080 by + ClusterFuzz-External + [404f38aa19a6] + + * INSTALL, configure, configure.ac: + Add --disable-leaks configure option. This enables the extra freeing + of memory before exit also enabled by --enable-asan. To be used by + oss-fuzz. + [faddd42273a4] + + * plugins/sudoers/gentime.c: + Stricter parsing of generalized time. Fixes potential out of bounds + read found by libfuzzer/oss-fuzz. + [4548e29ea5e0] + +2021-01-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse_ldif.c: + Don't bother calling ldif_to_sudoers() if there are no roles to + convert. + [242394d46fb1] + + * lib/iolog/iolog_json.c: + In json_stack_push() treat stack exhaustion like memory allocation + failure. Return NULL instead of treating as a fatal error. This + should make life a little easier for oss-fuzz. + [84c7c3b7971a] + + * plugins/sudoers/sudoers.c: + Update comment about return values for resolve_host(). + [0e92fe582db1] + + * plugins/sudoers/logging.c, plugins/sudoers/policy.c: + Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. + init_eventlog_config() is called immediately after initializing the + Defaults settings, which is before struct sudo_user is setup. This + adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined + after the invoking user is determined. Reported by Roman Fiedler. + [e0d4f196ba02] + +2021-01-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST: + Add plugins/sudoers/strvec_join.c + [1dfeb8ab9fdb] + + * plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.c: + Fix compilation on systems without a native strlcpy() function. + [7b28feb4350a] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Break up the long help string into multiple printf() statements. AIX + xlc compiler doesn't like cpp directives in between strings. Also + fixes a complaint from cppcheck and makes translation easier. + [e55b4061f598] + + * plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.h: + strvec_join: free result on error and actually use separator char + [801546807a8a] + +2021-01-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/unescape/check_unesc.c: + Test strvec_join() using strlcpy_unesc(). Emulates an overflow like: + sudoedit -s '\' `perl -e 'print "A" x 65536'` + [8d9a063adde5] + + * plugins/sudoers/Makefile.in, plugins/sudoers/strvec_join.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Refactor code to flatten an argument vector into a string. This is + used when building up the user_args string. + [a6ae655d91a1] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/unescape/check_unesc.c, + plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add strlcpy_unescape() function to undo escaping from front-end. + Includes unit test. + [abfaa390d275] + + * plugins/sudoers/parse_ldif.c: + Add missing check for reallocarray() failure. Found by OSS-Fuzz. + [fcda06966ed7] + +2021-01-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_convmessage.c, + plugins/python/sudo_python_module.c: + Remove Py_SSIZE2SIZE to quiet cppcheck warnings. Tuple size cannot + be negative and we already handle the case where it is zero. + [d6ec5e558a0e] + + * src/parse_args.c: + The program name may now only be "sudo" or "sudoedit". We no longer + need to check for any string that ends in "edit". + [caed524c6ba0] + +2021-01-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_5p2 for changeset 83685ffbc4df + [74a2ddc3e4a4] <1.9> + + * Merge sudo 1.9.5p2 from tip + [83685ffbc4df] [SUDO_1_9_5p2] <1.9> + + * plugins/sudoers/timestamp.c: + Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL. + We want to zero the struct starting at flags, not type (which was + just set). Found by Qualys. + [09f98816fc89] + + * src/parse_args.c: + Don't assume that argv is allocated as a single flat buffer. While + this is how the kernel behaves it is not a portable assumption. The + assumption may also be violated if getopt_long(3) permutes + arguments. Found by Qualys. + [c125fbe68783] + + * NEWS, configure, configure.ac: + Sudo 1.9.5p2 + [89a357d8da4e] + + * src/parse_args.c: + Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. This is + consistent with how the -e option is handled. Also reject -H and -P + flags for sudoedit as was done in sudo 1.7. Found by Qualys, this is + part of the fix for CVE-2021-3156. + [9b97f1787804] + + * plugins/sudoers/policy.c: + Add sudoedit flag checks in plugin that are consistent with front- + end. Don't assume the sudo front-end is sending reasonable mode + flags. These checks need to be kept consistent between the sudo + front-end and the sudoers plugin. + [a97dc92eae6b] + + * plugins/sudoers/sudoers.c: + Fix potential buffer overflow when unescaping backslashes in + user_args. Also, do not try to unescaping backslashes unless in run + mode *and* we are running the command via a shell. Found by Qualys, + this fixes CVE-2021-3156. + [049ad90590be] + +2021-01-22 Fabrice Fontaine <fontaine.fabrice@gmail.com> + + * lib/eventlog/Makefile.in: + lib/eventlog/Makefile.in: fix static build without closefrom + + Since version 1.9.4 and https://github.com/sudo- + project/sudo/commit/bd1ca79cca827a92e904f022e49df121931d4ff5, when + closefrom is not available, libsudo_eventlog.a depends on + libsudo_util.a. So reflect this dependency in the libtool file to + avoid the following static build failure of logsrvd: + + /bin/bash ../libtool --tag=disable-static --mode=link + /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc- + linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o + logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro + ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la + ../lib/logsrv/liblogsrv.la /bin/bash ../libtool --tag=disable-static + --mode=link + /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc- + linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,-- + enable-new-dtags -Wl,-z,relro ../lib/iolog/libsudo_iolog.la + ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la + libtool: link: + /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc- + linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o + logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro + ../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instanc + e-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a + -lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a + ../lib/logsrv/.libs/liblogsrv.a + /home/buildroot/autobuild/instance-1/output-1/host/opt/ext- + toolchain/bin/../lib/gcc/powerpc-buildroot-linux- + uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: + ../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function + `send_mail.constprop.1': eventlog.c:(.text+0x149c): undefined + reference to `sudo_closefrom' collect2: error: ld returned 1 exit + status + + Fixes: + - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f + 4dc10eb3b54 + + Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> + [4e42d276c336] + +2021-01-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/log_client.c: + Do not add an unfinished write buffer to the queue if it is already + present. In client_msg_cb() we only remove a buffer from the queue + when it is finished. Inserting the buf again can cause a cycle in + the queue. + [b398dcc0933d] + +2021-01-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/log_client.c: + Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can + happen when the socket cannot be written to immediately. We need to + set the read_instead_of_write flag in that case, _not_ + write_instead_of_read. Also sync comments with sendlog.c. Bug #954 + [e4239bb932aa] + +2021-01-18 Pavel Březina <pbrezina@redhat.com> + + * plugins/sudoers/auth/pam.c: + pam: pass KRB5CCNAME to pam_authenticate environment if available + + If a PAM module wants to authenticate user using GSSAPI, the + authentication is broken if non-default ccache name is used in + KRB5CCNAME environment variable. + + One way to mitigate this would be to add this to env_keep, but this + also makes the variable available in the executed command which may + not be always desirable. + + This patch sets KRB5CCNAME for pam_authenticate only, if it is + available and not yet set. + [90aba6ba6e03] + +2021-01-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/progname.c: + Fix setprogname() emulation on systems without it. For fully- + qualified paths, store the string starting after the last slash, not + at the slash itself. + [111fde52d116] + +2021-01-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_5p1 for changeset 3a873a732416 + [e837c76279bc] <1.9> + + * Merge sudo 1.9.5p1 from tip + [3a873a732416] [SUDO_1_9_5p1] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.5p1 + [2dbbab94d4b6] + + * src/sudo_edit.c: + Run the editor with the user's real and effective uid and gid. Fixes + a bug introduced in sudo 1.9.5 where the editor was run setuid root + unless SELinux RBAC was in use. + [30fe53c07aa7] + + * NEWS: + fix typo + [52e7767881ba] + + * src/copy_file.c, src/edit_open.c: + Add casts to quiet two warnings on Solaris. + [f76126f6d68d] + +2021-01-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_5 for changeset 4059f5520d9d + [ee76c8a938de] <1.9> + + * Merge sudo 1.9.5 from tip + [4059f5520d9d] [SUDO_1_9_5] <1.9> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.5. + [49dae07bda23] + +2021-01-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac, doc/LICENSE, etc/sudo-logsrvd.pp, + etc/sudo-python.pp, etc/sudo.pp: + Sudo 1.9.5 + [3a0e500981a8] + + * doc/sudoers.man.in, doc/sudoers.man.in.sed, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/policy.c: + Allow SELinux support to be disabled via the sudoers file. Defaults + to true if sudo is built with SELinux support and SELinux is not + disabled on the system. + [c457eaae8692] + +2021-01-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/python_importblocker.c: + Add a comment to verify_import() to clarify its purpose. + [30ef680f4104] + + * lib/eventlog/eventlog.c, lib/util/arc4random.c, + lib/util/sudo_debug.c, plugins/audit_json/audit_json.c, + plugins/python/python_convmessage.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + src/exec_common.c, src/sesh.c, src/sudo.c, src/sudo_edit.c: + Suppress PVS Studio false positives. + [077f46549351] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Plug a memory leak in sudoerserrorf(). + [a3c14cf0283e] + + * plugins/sudoers/editor.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap_util.c, plugins/sudoers/parse.h, + plugins/sudoers/starttime.c, plugins/sudoers/tsgetgrpw.c, + src/ttyname.c: + Quiet a few harmless cppcheck warnings. + [ab123790b3fd] + + * src/copy_file.c, src/sudo_edit.c: + In sudoedit, use sudo_check_temp_file() for non-SELinux too. + [b5d5bd506487] + + * MANIFEST, src/Makefile.in, src/edit_open.c, src/sesh.c, + src/sudo_edit.c, src/sudo_edit.h, src/sudo_exec.h: + Move safe open code out of sudo_edit.c and into edit_open.c. + [108fcca05798] + + * src/Makefile.in, src/edit_open.c, src/sesh.c, src/sudo_edit.c, + src/sudo_edit.h: + Add directory writability checks for SELinux RBAC sudoedit. These + were never added to the SELinux RBAC path. + [0d4f28b5a8e2] + + * src/edit_open.c, src/exec.c, src/exec_pty.c, src/sesh.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_edit.h, src/tgetpass.c: + Add struct sudo_cred to hold the invoking or runas user credentials. + We can use this when we need to pass around credential info instead + of the user_details and command_details structs. + [20594f3f00c1] + + * src/edit_open.c, src/sesh.c, src/sudo_edit.c, src/sudo_edit.h: + Rename run_cred -> cur_cred and stash existing creds in + set_tmpdir(). For sudo_edit_open() et al what we need is a copy of + the current cred to restore after dir_is_writable() changes to the + user cred. + [dcfce8a11282] + + * configure, configure.ac, include/sudo_compat.h, lib/util/progname.c: + Add setprogname(3) for those without it. + [e2f1d1ecedb0] + + * src/sesh.c, src/sudo_edit.c: + Split up sesh_sudoedit() so it is organized more like sudo_edit.c. + The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles() + functions are analogous to sudo_edit_create_tfiles() and + sudo_edit_copy_tfiles(). Also use "sudoedit" in the warning/error + messages from sesh_sudoedit(). Otherwise, the user gets a mix of + messages from sudoedit and sesh. + [5510be4b2129] + + * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/python/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Remove the --force option from the cppcheck args, it causes errors. + [57f2ad72e874] + + * include/sudo_util.h, lib/util/progname.c, lib/util/util.exp.in, + src/sudo.c: + For sudo, only allow "sudo" or "sudoedit" as the program name. The + program name is also used when matching Debug lines in sudo.conf. We + don't want the user to be able to influence sudo.conf Debug + matching. The string "sudoedit" is treated the same as "sudo" in + sudo.conf. Problem reported by Matthias Gerstner of SUSE. + [1d32c53859f9] + + * lib/iolog/iolog_fileio.c, lib/util/sudo_debug.c, + plugins/group_file/getgrent.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/tsgetgrpw.c: + Check the return value of fcntl() when setting FD_CLOEXEC. This + should never fail unless the fd is invalid. Problem reported by + Matthias Gerstner of SUSE. + [f1ca39a0d870] + + * src/sudo_edit.c: + Fix potential directory existing info leak in sudoedit. When + creating a new file, sudoedit checks to make sure the parent + directory exists so it can provide the user with a sensible error + message. However, this could be used to test for the existence of + directories not normally accessible to the user by pointing to them + with a symbolic link when the parent directory is controlled by the + user. Problem reported by Matthias Gerstner of SUSE. + [ea19d0073c02] + + * src/copy_file.c, src/sesh.c, src/sudo_edit.c, src/sudo_exec.h: + Add security checks before using temp files for SELinux RBAC + sudoedit. Otherwise, it may be possible for the user running + sudoedit to replace the newly-created temporary files with a + symbolic link and have sudoedit set the owner of an arbitrary file. + Problem reported by Matthias Gerstner of SUSE. + [8fcb36ef422a] + + * plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ko.mo, + po/ko.po, po/sr.mo, po/sr.po, po/sv.mo, po/sv.po: + Updated translations from translationproject.org + [e68c92c767f1] + +2021-01-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Use debug_return_int() not debug_return_bool() to return -1. Found + by PVS Studio. + [f1f67ca51aeb] + + * plugins/sudoers/logging.c: + Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown + user. + [d1a3f0f4d0f9] + +2021-01-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check.c: + Make sure lecture file is a regular file before reading it. + [c9c68eff1e45] + +2021-01-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in, + lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, + plugins/group_file/plugin_test.c, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/sudoers/parse.h, + plugins/system_group/Makefile.in, src/Makefile.in: + Minor fixes pointed out by cppcheck. Also add + compareBoolExpressionWithInt to suppression list. + [52316819700e] + + * logsrvd/logsrvd.c: + Avoid potential use after free with eventlog-only connections. + Coverity CID 215884. + [cca5cffabe42] + + * src/exec.c: + Cannot do direct exec of a command when SELinux RBAC is enabled. + [2706b0fc1451] + + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/pread.c, lib/util/pwrite.c, + scripts/mkdep.pl: + Add emulation of pread(3) and pwrite(3) for systems without them. + This makes it possible to remove some ugly #ifdefs and only affects + very old systems. + [1c2a31bda598] + + * lib/iolog/iolog_fileio.c, plugins/sudoers/match_command.c, + plugins/sudoers/timestamp.c: + Remove #ifdefs around code using pread(3) and pwrite(3). + [3830fdf650df] + + * plugins/sudoers/Makefile.in: + Regen now that ldap.c and sssd.c no longer need gram.h + [5cc4e107f301] + +2020-12-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/fatal.c: + Fix deregistration of a callback that is not at the head of the + list. The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought + it did. Just store our own prev pointer and use that instead. + [04c290fe1fcb] + +2020-12-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + Fix the buffer size parameter when serializing the interface list. + Problem reported by Matthias Gerstner of SUSE. + [b0cae3ac8e46] + +2020-12-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_4p2 for changeset 8aed5221ede9 + [a74faf363dbb] <1.9> + + * merge sudo 1.9.4p2 from tip + [8aed5221ede9] [SUDO_1_9_4p2] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.4p2 + [8bb8ec358990] + + * plugins/sudoers/sudoers.c: + The runas user must be set before applying runas-based Defaults. + This effectively backs out changeset f738f5ac5350, which made it + possible to log the command when an invalid user was specified. The + policy plugin API doesn't supply the command until the check + function, at which point we've already denied the command due to the + invalid user. Bug #951. + [8a415f555cf9] + +2020-12-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/uncrustify-small.cfg, etc/uncrustify.cfg: + Don't enable mod_remove_empty_return We like to use an empty return + for stub functions. + [018ef129dc24] + +2020-12-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_4p1 for changeset 8f65fd9f0f57 + [e27e424f9f56] <1.9> + + * merge sudo 1.9.4p1 from tip + [8f65fd9f0f57] [SUDO_1_9_4p1] <1.9> + + * plugins/sudoers/policy.c: + The lower bounds for the "closefrom" option is 3, not 4. This is a + regression introduced in sudo 1.8.9 with the strtonum() conversion. + Bug #950. + [fb06603b9a12] + +2020-12-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac: + Sudo 1.9.4p1 + [59c37ec1a128] + +2020-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Direct execution of a command is incompatible with using a log + server. + [91afbbde217a] + + * plugins/sudoers/audit.c: + Set sudoers_audit.close to NULL if not using a log server. + [231abb92a3b2] + +2020-12-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.guess, config.h.in, config.sub, configure, configure.ac: + Regenerate configure script with autoconf 2.71. Also fix some + warnings from the new version. + [cd1c7615e861] + +2020-12-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, src/sudo.c: + Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups. + On macOS 10.6 and above, getgroups(2) can return more than + NGROUPS_MAX if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is + defined. Bug #946 + [2e7d3c3cf18b] + +2020-12-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in: + Comment out the default plugin lines in the example sudo.conf. Fixes + a problem when there are multiple versions of sudo installed and not + all suport the audit plugin, such as on macOS. GitHub issue #75 + [aaed5d7a3471] + + * plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Store the user-provided runas user and group name in struct + sudo_user. This makes it available for event logging in case the + name doesn't resolve. + [98d70ba8a2a6] + + * plugins/sudoers/logging.c: + Log submit group to event log. + [3e7ace99f7f8] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Store iolog_path in struct sudo_user for use in the event log. + [35bc39ec8ad5] + +2020-12-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + Defer lookup of runas user until sudoers_main() for better logging. + The log message now includes user info and the command attempted. + [f738f5ac5350] + + * lib/eventlog/eventlog.c: + Don't assume that just because command is non-NULL, argv is non- + NULL. + [4fac4ae88e4e] + + * plugins/sudoers/logging.c: + Fix a crash introduced in 1.9.4 when running command as an unknown + user. Bug #948 + [8b24c140ec7c] + +2020-12-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + When shutting down the server, close non-I/O log connections + immediately. Avoids a timeout during server shutdown while the + server waits for active connections to close. + [26bfda2c8f67] + + * src/sudo.c: + Audit errors from policy_init_session(), audit_accept(), and + audit_reject(). + [638e583754ac] + + * src/sudo.c: + Do not run the command if the audit accept function fails. Also add + warnings if the audit reject or error functions fail. + [ca94ef438961] + + * plugins/sudoers/log_client.c: + Reduce the number of error messages when we can't connect to the + audit server. Add the error string to "unable to connect to log + server" instead of using an extra error message for the connect(2) + failure. + [25ac7ac5bfdf] + + * plugins/sudoers/log_client.c: + Use correct error message when the TLS connection is dropped. Was: + "recv: Unknown error 0", now: "lost connection to log server". + [5c3f319b1f75] + +2020-12-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Change alias_add() to return bool and set errno on failure. This + fixes a localization problem where the error message could have been + reported in the wrong locale. + [1859fe3da40c] + +2020-11-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + Fix build when configured using --without-sendmail Bug #947 + [41db1aad85bb] + +2020-11-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_4 for changeset 74705fb3b956 + [45a5e742496e] <1.9> + + * merge sudo 1.9.4 from tip + [74705fb3b956] [SUDO_1_9_4] <1.9> + + * plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/hr.mo, + po/hr.po: + Updated translations from translationproject.org + [96a5cfe3c66b] + +2020-11-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + sudo_logsrvd.conf pid_file change. + [fdc0276c7e0e] + + * logsrvd/logsrvd.c: + Don't try to unlink a NULL pointer. + [95babad9636a] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + If pid_file is set to an empty value, disable the use of a pid file. + [d4462105ab4b] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd.c: + Don't overwrite sudo_logsrvd.pid if it is a symbolic link. + [d79f97a0a533] + + * INSTALL, configure, configure.ac, etc/codespell.exclude, + plugins/sudoers/env.c: + Fix typo detected by codespell 2.0.0 Also avoid some new false + positives + [d973f44e2396] + +2020-11-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/uncrustify-small.cfg, etc/uncrustify.cfg, + plugins/python/regress/testhelpers.h, plugins/sudoers/env.c, + plugins/sudoers/sudo_ldap_conf.h: + Set pp_ignore_define_body=false in uncrustify config. Need to work + around a bug that produces closed brace errors, see + https://github.com/uncrustify/uncrustify/issues/2569 + [5e4692fca707] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo, + po/hr.po, po/it.mo, po/it.po: + Updated translations from translationproject.org + [156162e6e07e] + +2020-11-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_conf.c: + Fix calling sudo_conf_read() multiple times with different + conf_types. The change to reinitialize the configuration data when + sudo_conf_read() is called again didn't take into account that sudo + calls sudo_conf_read() twice--once for the debug info and once for + everything else. + [b6869b7da3c2] + +2020-11-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Don't free the private copy of the environment until the close + function. We may need to use it when logging from the audit reject + function. + [5118eb5797fb] + + * plugins/sudoers/log_client.c: + It is possible for evlog->argv or evlog->envp to be NULL. + [798ff96301bf] + + * src/exec_pty.c, src/sudo.c, src/sudo.h: + Pass command_info[] to audit plugin on I/O log plugin reject or + error. The audit plugin should cope with a NULL command_info but + there's no reason not to pass the info when we have it. + [e361897d0192] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + plugins/sudoers/audit.c: + For the audit plugin, command_info may be NULL. Fixes a NULL + dereference in sudoers_audit when an I/O logging plugin rejects + input/output or returns an error. + [9abee774e7e1] + + * plugins/sudoers/defaults.c: + Add missing initialization of def_log_format to sudo. + [8c824f6dcfdd] + +2020-11-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac: + Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled. + Add a check for the function declaration in openssl/ssl.h. + [d6d0665572ec] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Event log data is sent to sudo_logsrvd even when not I/O logging. + [d720f4ad3d40] + +2020-11-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + Regenerate sudoers.pot for 1.9.4 + [127283726e97] + + * NEWS, configure, configure.ac: + Update for sudo 1.9.4. + [2cb747911aef] + + * plugins/sudoers/audit.c: + Update struct eventlog based on command_info[] from front-end. The + I/O log path is not known until the I/O log plugins have run and + other plugins may alter the execution environment. + [3ad14a88052e] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/logging.h, + plugins/sudoers/regress/testsudoers/test13.out.ok, + plugins/sudoers/toke.h: + Add sudoerserrorf(), a printf-style yyerror() function. Use this to + display a better error message when using a reserved work in an + alias definition. + [1bb3915f61b6] + +2020-11-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Build universal binaries on macOS 11.0 and higher. The resulting + package should work on Macs based on Apple Silicon. + [91cdeda79e66] + +2020-11-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/editor.c: + Support EDITOR environment variable that includes quotes. Quote + support is limited to the beginning of a word. Also handles + characters escaped with a backslash. + [ebb7f3c6240c] + +2020-11-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/Makefile.in, plugins/python/pyhelpers.c, + plugins/python/python_plugin_common.c, + plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_debugging_c_calls@diag.log, plugins/python/regress/tes + tdata/check_example_debugging_c_calls@info.log, plugins/python/regre + ss/testdata/check_example_debugging_plugin@info.log, plugins/python/ + regress/testdata/check_example_debugging_py_calls@diag.log, plugins/ + python/regress/testdata/check_example_debugging_py_calls@info.log, p + lugins/python/regress/testdata/check_example_group_plugin_is_able_to + _debug.log, plugins/python/regress/testdata/check_example_io_plugin_ + command_log.stored, plugins/python/regress/testdata/check_example_io + _plugin_command_log_multiple1.stored, plugins/python/regress/testdat + a/check_example_io_plugin_command_log_multiple2.stored, plugins/pyth + on/regress/testdata/check_example_io_plugin_failed_to_start_command. + stored, plugins/python/regress/testdata/check_example_io_plugin_fail + s_with_python_backtrace.stderr, plugins/python/regress/testdata/chec + k_example_policy_plugin_validate_invalidate.log, plugins/python/regr + ess/testdata/check_loading_fails_not_owned_by_root.stderr, plugins/p + ython/regress/testdata/check_loading_fails_wrong_classname.stderr, p + lugins/python/regress/testdata/check_loading_fails_wrong_path.stderr + , plugins/python/regress/testdata/check_multiple_approval_plugin_and + _arguments.stdout, plugins/python/regress/testdata/check_python_plug + ins_do_not_affect_each_other.stdout, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + Back out regex use in python tests, filter the output instead. This + makes it possible to regenerate the test output again. Also adds an + update_test_data target to the Makefile. + [3837f51a8072] + + * plugins/sudoers/ldap.c: + Ignore sudoNotBefore and sudoNotAfter unless ldap.conf contains + SUDOERS_TIMED This is consistent with the pre-1.8.24 behavior. Bug + #945 + [d1e1bb5a6cc1] + + * src/sudo.c: + Stay setuid until just before executing the command. Fixes a problem + with pam_xauth which checks effective and real uids to get the real + identity of the user. + [2c6fef0107c8] + +2020-11-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Introduce new_member_all() for code that doesn't include gram.h. The + ldap and sssd back-ends no longer require gram.h which fixes a + compilation issue with IBM LDAP. + [1729532cda27] + + * lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c: + On SIGHUP, deregister the old debug instance before registering a + new one. Otherwise, if debugging is enabled we will get an extra log + instance each time sudo_logsrvd reeives SIGHUP which results in + duplicate lines in the debug log. + [538633994d8a] + +2020-11-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/log_client.c, plugins/sudoers/log_client.h: + Refactor code to format the client message after the hello. + [12d29d129166] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + include/log_server.pb-c.h, lib/eventlog/eventlog.c, + lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, + plugins/sudoers/log_client.c: + Add info_msgs to AlertMessage and populate it. This lets us log + eventlog info along with the alert if it is available. + [493a047a4463] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Use sudoers_to_eventlog() and init_log_details() in + sudoers_audit_accept(). log_deserialize_info() can be private to + iolog.c again. + [0b4e03904f3d] + + * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/iolog.c, plugins/sudoers/log_client.c, + plugins/sudoers/log_client.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Log reject and alert messages to the log server if one is defined. + [087cf87d10af] + + * plugins/sudoers/logging.c: + Treat an authentication failure as a reject, not an alert. This + matters when logging via sudo_logsrvd. It also lets us remove a + special case in vlog_warning(). + [ae489d3f20a8] + + * MANIFEST, config.h.in, configure, configure.ac, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, plugins/sudoers/log_client.c, + plugins/sudoers/sudoers.c: + Rename iolog_client -> log_client. The logsrvd client code is now + used for more than just I/O logging. + [ea47ce43bbee] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_plugin.h, + plugins/sudoers/log_client.c, plugins/sudoers/log_client.h: + Rename iolog_plugin.h to log_client.h. It is no longer I/O log + specific and is used by sudoers_audit too. + [cde784a59490] + + * configure, configure.ac: + Remove hack to define YYTOKENTYPE, it breaks newer bison. + [8b919ef33db7] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h: + Regenerate with bison 3.7.3 + [9fb81b933c43] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c: + Use struct eventlog *evlog, not struct eventlog *details. + [a9b5f3c2902f] + +2020-11-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + For logsrvd AlertMessages, evlog will be NULL. + [d048f7b429d5] + + * lib/eventlog/eventlog.c: + Append errstr to reason for alert and reject events if specified. + Previously, we logged the error string separately but this is not + consistent with how it is logged in other formats. + [68c76e530248] + + * plugins/sudoers/logging.c: + Fix cut & pasto in debug subsystem. + [c39dd60b6d2d] + +2020-11-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Refactor code to format InfoMesage array into fmt_info_messages(). + Add free_info_messages() to free the array. + [e6223d325c77] + + * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Log accept messages in sudoers_audit if not I/O logging. + [cdb5c443c97d] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Refactor sudoers_io_open_remote() into log_server_open(). Also + rename client_close() to log_server_close(). This keeps more of the + client code details out of iolog.c and will be used when logging + accept messages from the audit plugin. + [e3f6ba6768b8] + + * plugins/sudoers/iolog.c: + Move argv and envp setting into iolog_deserialize_info(). + [613b97f1d7bc] + + * logsrvd/logsrvd.c: + Avoid early return in handle_accept() if expect_iobufs not set. + [918adc8234f0] + +2020-11-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl + e_approval_plugin_and_arguments.stdout, src/exec.c, + src/load_plugins.c: + Add event_alloc to the audit plugin API. The sudoers audit plugin + will use this to communicate with sudo_logsrvd. + [c2fc2911476b] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + Set server_name before initiating TLS connection so verify function + works. Fixes a crash in the SSL_VERIFY_PEER callback. Also call + inet_ntop(3) with addr pointer, not sockaddr pointer so we get the + correct IP address. + [7a7dcebbe889] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/sudoers/test18.toke.ok, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/visudo.c: + Store column number for aliases, defaults and userspecs too. This is + used to provided the column number along with the line number in + error messages. For aliases we store the column of the alias name, + not the value since that is what visudo generally needs. + [1c9d86b88517] + +2020-11-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/regress/testsudoers/test12.out.ok, + plugins/sudoers/regress/testsudoers/test13.out.ok: + Display column number in parse error messages too. Bug #841 + [0aea28dec8f2] + + * plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + Move tls initialized flag into client_closure. We may call + tls_init() from multiple places in the future so a static + initialized flag will cause problems. + [00b2b02c24c5] + + * plugins/sudoers/cvtsudoers_json.c: + Fix -Wshadow warnings caused by json enum member. + [ea336980bb6a] + +2020-10-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * ABOUT-NLS, INSTALL, NEWS, configure.ac, doc/UPGRADE, + doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/visudo.man.in, doc/visudo.mdoc.in, examples/sudo.conf.in, + include/compat/getaddrinfo.h, install-sh, lib/util/getaddrinfo.c, + lib/util/getentropy.c, lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_parseln/test1.in, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/strtoid.c, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, + m4/sudo.m4, plugins/group_file/group_file.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/load_plugins.c, src/sudo.c, + src/sudo_noexec.c, src/tgetpass.c: + Apply Google inclusive language guidelines. Also replace backwards + with backward. + [678fbce6054f] + +2020-10-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: + Refernce IBM LDAP libs, not Tivoli since that is how it is packaged. + We still use Tivoli when talking about the server itself but refer + to it as the "IBM Tivoli Directory Server". + [9f97a7e6b67a] + + * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in: + Add a newline before "This option is ..." + [853f819f0241] + + * doc/sudoers.man.in: + regen + [8b29097f2cd1] + +2020-10-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/regress/logwrap/check_wrap.c, + lib/eventlog/regress/logwrap/check_wrap.in, + lib/eventlog/regress/logwrap/check_wrap.out.ok: + Test eventlog_writeln() when word wrap is disabled. + [73acb7fbef59] + + * configure, configure.ac: + Bison generates an extra enum containing the parser tokens. This + conflicts with the IBM ldap.h at least. Prevent it from being + exposed by defining YYTOKENTYPE. + [f3445ad76687] + + * configure, configure.ac: + IBM LDAP packages use a lib64 directory for 64-bit libraries. We + need to add this to LDFLAGS so the linker is able to find the + correct libs when building 64-bit binaries. + [701b83f6cd13] + + * config.h.in, configure, configure.ac, plugins/sudoers/ldap.c: + Use ssl_err2string() in message on ldap_ssl_client_init() failure. + Displaying SSL reason code directly is not user-friendly. + [aaf272403f3e] + +2020-10-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + For JSON logs, write the most important log elements first. This is + important for syslog where the record could be truncated. + [58fc957c41bb] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + Add log_format sudoers setting to select sudo or json format logs. + Defaults to sudo-format logs. + [2936d2750af0] + + * include/sudo_json.h, lib/eventlog/eventlog.c, lib/util/json.c: + Support "minimal" JSON which skips all non-essention whitespace. + This replaces the old "compact" mode which is only used for syslog. + [be07bca67019] + + * plugins/sudoers/logging.c: + Don't warn about log failure more than once. + [b4dc59a58d1d] + +2020-10-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/eventlog/eventlog.c: + Check for fdopen(3) failure in send_mail(). + [e08b17bf26ce] + + * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in, + lib/eventlog/eventlog.c, lib/eventlog/logwrap.c, + lib/eventlog/regress/logwrap/check_wrap.c, + lib/eventlog/regress/logwrap/check_wrap.in, + lib/eventlog/regress/logwrap/check_wrap.out.ok, + plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/logwrap.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/logging/check_wrap.in, + plugins/sudoers/regress/logging/check_wrap.out.ok, + plugins/sudoers/sudoers.c: + Add support for file log line wrapping in libeventlog. + [935c30cf7633] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Use real setters for the eventlog config. This makes it possible to + have a base config that the callers can modify instead of replacing + the config wholesale. + [2ca1e7d376c2] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/defaults.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + Use libeventlog in sudoers instead of doing our own logging. + [d8306755201a] + + * lib/eventlog/eventlog.c, plugins/sudoers/logging.c: + Log the short version of the tty in sudoers-format logs. This is + consistent with historical practice. + [69440e4659a8] + + * lib/eventlog/eventlog.c: + Add default values in eventlog_setconf(). + [582d359a8ec0] + + * include/sudo_eventlog.h, lib/eventlog/Makefile.in, + lib/eventlog/eventlog.c, logsrvd/logsrvd.c, + plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c, + plugins/sudoers/logging.h: + Add support for mailing eventlog entries and for logging raw + messages. These will be used by the sudoers plugin. + [acab8209ddd0] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, + lib/iolog/iolog_fileio.c: + If no JSON callback is provided, store the contents of struct + eventlog. This moves the JSON formatting of struct eventlog out of + libsudo_iolog and into libsudo_eventlog where it belongs. + [260a7ec65485] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c: + struct eventlog contains submit_time, no need to pass it in + directly. + [a3ac404e6a59] + + * include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c: + Add an errstr argument to eventlog_alert(). + [e2afd2f1c092] + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + Make a copy of the strings stored in iolog_details and struct + eventlog. Previously, we just made the strings const and relied on + the front-end not changing them. Now the sudoers I/O log plugin + behavior is consistent with the policy plugin. + [406632298bd5] + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + Use struct eventlog in iolog_details. + [c22e05f420fe] + + * include/sudo_eventlog.h, include/sudo_iolog.h, + lib/eventlog/eventlog.c, lib/iolog/Makefile.in, + lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c, + lib/iolog/iolog_util.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Use struct eventlog in place of struct iolog_info. + [9fef7a5f077b] + + * logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + No longer need eventlog-related getters in logsrvd.c + [e3ab80a9a892] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Use libeventlog in sudo_logsrvd. + [3dd22be50c30] + + * MANIFEST, Makefile.in, configure, configure.ac, + include/sudo_eventlog.h, lib/eventlog/Makefile.in, + lib/eventlog/eventlog.c, logsrvd/logsrvd.h: + Refactor eventlog code into a library + [2e02c25be009] + +2020-10-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in, + logsrvd/Makefile.in, plugins/python/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + regen Makefiles + [d9064a0c53ae] + + * scripts/mkpkg: + Build 64-bit binaries on HP-UX ia64 + [3f8b599e7d7f] + +2020-10-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in: + Explicitly set umask when running tests. Some tests create files + that must not be world-writable. + [9186ea1d2696] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + sudoers_policy_store() -> sudoers_policy_store_result() + [3dad5322916b] + +2020-10-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). It is + called even when there is no command to execute. Also pass in status + of whether or not the command was accepted. + [a0ded23e81c4] + +2020-10-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/cvtsudoers/test1.sh, + plugins/sudoers/regress/cvtsudoers/test10.sh, + plugins/sudoers/regress/cvtsudoers/test11.sh, + plugins/sudoers/regress/cvtsudoers/test12.sh, + plugins/sudoers/regress/cvtsudoers/test13.sh, + plugins/sudoers/regress/cvtsudoers/test14.sh, + plugins/sudoers/regress/cvtsudoers/test15.sh, + plugins/sudoers/regress/cvtsudoers/test16.sh, + plugins/sudoers/regress/cvtsudoers/test17.sh, + plugins/sudoers/regress/cvtsudoers/test18.sh, + plugins/sudoers/regress/cvtsudoers/test19.sh, + plugins/sudoers/regress/cvtsudoers/test2.sh, + plugins/sudoers/regress/cvtsudoers/test20.sh, + plugins/sudoers/regress/cvtsudoers/test21.sh, + plugins/sudoers/regress/cvtsudoers/test22.sh, + plugins/sudoers/regress/cvtsudoers/test23.sh, + plugins/sudoers/regress/cvtsudoers/test24.sh, + plugins/sudoers/regress/cvtsudoers/test25.sh, + plugins/sudoers/regress/cvtsudoers/test26.sh, + plugins/sudoers/regress/cvtsudoers/test27.sh, + plugins/sudoers/regress/cvtsudoers/test28.sh, + plugins/sudoers/regress/cvtsudoers/test29.sh, + plugins/sudoers/regress/cvtsudoers/test3.sh, + plugins/sudoers/regress/cvtsudoers/test30.sh, + plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.sh, + plugins/sudoers/regress/cvtsudoers/test33.sh, + plugins/sudoers/regress/cvtsudoers/test4.sh, + plugins/sudoers/regress/cvtsudoers/test5.sh, + plugins/sudoers/regress/cvtsudoers/test6.sh, + plugins/sudoers/regress/cvtsudoers/test7.sh, + plugins/sudoers/regress/cvtsudoers/test8.sh, + plugins/sudoers/regress/cvtsudoers/test9.sh, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test10.sh, + plugins/sudoers/regress/testsudoers/test11.sh, + plugins/sudoers/regress/testsudoers/test12.sh, + plugins/sudoers/regress/testsudoers/test13.sh, + plugins/sudoers/regress/testsudoers/test14.sh, + plugins/sudoers/regress/testsudoers/test15.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/regress/testsudoers/test6.sh, + plugins/sudoers/regress/testsudoers/test7.sh, + plugins/sudoers/regress/testsudoers/test8.sh, + plugins/sudoers/regress/testsudoers/test9.sh, + plugins/sudoers/regress/visudo/test1.sh, + plugins/sudoers/regress/visudo/test10.sh, + plugins/sudoers/regress/visudo/test2.sh, + plugins/sudoers/regress/visudo/test3.sh, + plugins/sudoers/regress/visudo/test4.sh, + plugins/sudoers/regress/visudo/test5.sh, + plugins/sudoers/regress/visudo/test6.sh, + plugins/sudoers/regress/visudo/test7.sh, + plugins/sudoers/regress/visudo/test8.sh, + plugins/sudoers/regress/visudo/test9.sh: + Pass path to testsudoers, visudo or cvtsudoers in the environment. + Falls back on the unqualified command if the environment variable is + not set. + [a7b8c413b66d] + +2020-10-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sssd.c: + Init cmnds to NULL in rule_to_priv() so we don't free a bogus + pointer. In the sssd backend, the rule_to_priv() cleanup code + assumes cmnds can be passed to fn_free_values(), which was not the + case if we receive an error getting values for "sudoCommand". This + is a regression introduced in sudo 1.9.1. Fix from Ron Bowes. GitHub + issue #67. + [a3fe4615f039] + +2020-10-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h: + Pass runchroot to match_digest() too. We use the open fd for the + actual I/O but having runchroot makes it possible to report the + correct file name in error messages. + [2e1d142e2fe5] + +2020-10-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + GitHub issue #61 was fixed in sudo 1.9.3. + [55e54b3111f0] + +2020-09-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults: + Fix indentation of enum def_tuple. + [237db08cc1a3] + +2020-09-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Remove special case EOF handling; lines now always end in a newline. + Previously we needed to emulate some of the state transitions that + happen at end-of-line at end-of-file as well. Those are no longer + needed now that we are guaranteed to always have a newline at the + end. + [4c0c21b081f7] + +2020-09-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Increment sudolinebuf.size after realloc(). + [b871905c3442] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, + plugins/sudoers/regress/sudoers/test13.toke.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add a newline at end of line if one is missing. This is simpler than + having to support entries that end at EOF too. + [cb335acb1064] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test14.out.ok, + plugins/sudoers/regress/testsudoers/test14.sh, + plugins/sudoers/regress/testsudoers/test15.out.ok, + plugins/sudoers/regress/testsudoers/test15.sh: + Add tests for entries without a newline. + [98a50d8301a8] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix handling of a command spec without a newline at the end. For + include files, we may need to inject a newline token now that the + grammar requires lines to end with a newline or EOF. There is no END + (EOF) token processed after popping off an include file since + everything is just treated as one big file. + [3e6c62ea7237] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Mark sudoerserror() messages for translation. + [d6a173cea48b] + + * plugins/sudoers/regress/sudoers/test8.toke.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix line number accounting when a string contains a newline. Strings + are not allowed to span multiple lines without a continuation + character. Also provide a better error message if we are in the + middle of a string and hit EOF. + [cf34b0a3beba] + +2020-09-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Use sudoerschar (yychar) instead of last_token. The parser already + provides a way to examing the last token processed, we don't need to + add our own. + [ba35fe36bd56] + +2020-09-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/closefrom.c, lib/util/getentropy.c, lib/util/pipe2.c, + lib/util/term.c, lib/util/ttyname_dev.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/env.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gmtoff.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/policy.c, + plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h, src/tgetpass.c, src/ttyname.c: + Fix -Wshadow warnings. + [5480e97a1160] + + * configure, configure.ac: + Add -Wshadow to warning flags if the compiler supports it. + [6f29b5ebc2b8] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test13.out.ok, + plugins/sudoers/regress/testsudoers/test13.sh: + Add test for syntax error when defining an alias using a reserved + word. + [4c90b3952ed1] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix pasto, TIMEOUT not CMND_TIMEOUT. + [842ad3a578f2] + + * NEWS, doc/UPGRADE, doc/sudoers.man.in, doc/sudoers.man.in.sed, + doc/sudoers.mdoc.in: + Document reserved words that cannot be used as alias names. Bug #941 + [4b37a2174cd2] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers_version.h: + Detect when a reserved word is used when declaring an alias. Now + instead of "syntax error, unexpected CHROOT, expecting ALIAS" the + message is "syntax error, reserved word used as an alias name" Bug + #941 + [dfc55de5526c] + +2020-09-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_3p1 for changeset 02c47b39359e + [23bf4d95356d] <1.9> + + * merge sudo 1.9.3p1 from tip + [02c47b39359e] [SUDO_1_9_3p1] <1.9> + + * plugins/sudoers/sudoers.c: + Fix potential NULL deref in debug code. + [c6b8910ac7dc] + + * plugins/sudoers/getspwuid.c: + Close the passwd db before calling getpwnam_shadow(3). Otherwise, we + will get the non-shadow passwd entry ("*") since we called + setpassent(3) earlier to keep the passwd db open. + [71ee5e16e4c5] + + * configure, configure.ac: + Fix configure test for crypt(3) when it is present in libc. Fixes a + regression introduced in sudo 1.9.3. + [0d77733de667] + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Add SLOG_AUDIT flag for log_warningx() to also audit the message. + This lets us combine audit_failure() and log_warningx() calls with + the same message. + [23a8a5eab2ff] + + * plugins/sudoers/sudoers.c: + Log when user-specified command line options are rejected by + sudoers. We already audit those but in some cases they were not + logged as well. + [30d991993763] + + * NEWS, configure, configure.ac: + Update for sudo 1.9.3p1 + [0cbbb7608c3f] + +2020-09-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_3 for changeset bdd40c087bec + [eca7e986d20f] <1.9> + + * merge sudo 1.9.3 from tip + [bdd40c087bec] [SUDO_1_9_3] <1.9> + +2020-09-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Move warning about plaintext password to the end of configure. It is + unlikely to be noticed at the beginning of the output. + [b3b5abcedc73] + +2020-09-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo, + po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po: + Updated translations from translationproject.org + [54b5484b2756] + +2020-09-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c: + Use a simple string compare on systems without crypt(3). This is + only used on systems without PAM, BSD authentication or AIX + authentication. Bug #940. + [aed39197f364] + + * src/utmp.c: + Fix typo in last commit. + [30a77a50f7b2] + +2020-09-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_edit.c: + Only use faccessat(3) if AT_EACCESS is defined. Apparently Android + (bionic) has faccessat() but not AT_EACCESS. Bug #940. + [18604919a023] + + * src/utmp.c: + Guard use of ttyslot() with HAVE_TTYSLOT, fix guard for + utmp_setid(). This should make it easier to compile sudo on Android + which doesn't provide a way to write to the utmp file. Bug #940. + [69fe5b8426cd] + +2020-09-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * po/zh_CN.mo, po/zh_CN.po: + Updated translations from translationproject.org + [ef72535d71a5] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo, + po/it.po, po/ja.mo, po/ja.po, po/pl.mo, po/pl.po, po/pt.mo, + po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, po/sr.po, po/tr.mo, + po/tr.po, po/uk.mo, po/uk.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [48fdb293a803] + + * configure, configure.ac, plugins/sudoers/po/sudoers.pot: + Back out sudo 1.9.3b1 version change. + [70cee88da8b1] + +2020-09-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac, plugins/sudoers/defaults.c, + plugins/sudoers/po/sudoers.pot: + Fix typo in warning for T_CHPATH, list '~' not '*' twice. Bug #938 + [d516bebe9644] + +2020-09-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update .pot files for 1.9.3. + [47cedd231dd6] + +2020-09-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Add missing check for strdup() failure. Coverity CID 214243 + [86cf4da0cd81] + + * examples/sudoers: + Sync example sudoers with manual page. + [1ccf32907f11] + +2020-09-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add simple runchroot and runcwd examples. Also document the + limitation of command-based Defaults settings. + [6a610884670c] + + * plugins/sudoers/sudoers.c: + Add callback for runchroot Defaults and require password -D/-R + checks. Using a command-based Default for runchroot will still only + work for paths that exist both in and outside the chroot. + [a50148e16b89] + + * plugins/sudoers/defaults.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Pass a struct to the match functions to track the resolved command. + This makes it possible to update user_cmnd and cmnd_status modified + by per-rule CHROOT settings. + [c71faa1f5ea1] + + * plugins/sudoers/defaults.c, plugins/sudoers/editor.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/match.c, plugins/sudoers/match_command.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + Take the chroot into account when search for the command. This could + a a user-specific chroot via the -R option, a runchroot Defaults + value, or a per-command CHROOT spec in the sudoers rule. + [d8765611b48c] + +2020-09-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Remove closefrom_fallback() from lib/util/util.exp. It is a static + function and should not be exported. + [dc09dc563197] + +2020-09-06 Evan Anderson <evan@eaanderson.com> + + * configure, m4/sudo.m4: + configure: Fix runstatedir handling for distros that do not support + it + + runstatedir was added in yet-to-be released autoconf 2.70. Some + distros are shipping this addition in their autoconf packages, but + others, such as Fedora, are not. This causes the rundir variable to + be set incorrectly if the configure script is regenerated with an + unpatched autoconf since the runstatedir variable set is deleted + after regeneration. This change works around that problem by + checking that runstatedir is non-empty before potentially using it + to set the rundir variable + [35c1eb25dd9d] + +2020-09-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/Makefile.in: + We need to link with NET_LIBS for gai_strerror() on some systems. + From Tim Rice + [b10aeb7ec2ed] + + * ltmain.sh: + Fix sco library versioning; fallout from frebsd-elf reorg. From Tim + Rice + [072a37c2d3cb] + + * configure, configure.ac: + SVR4/5 fixes and long password support for OpenServer 6 & 5. From + Tim Rice + [8622970c77c3] + + * lib/logsrv/protobuf-c.c: + Use config.h to handle systems without inline function support. + [1ba5301de713] + + * configure, configure.ac: + Prefer dlopen() over shl_load() on HP-UX 11.11 and higher. + [065316970f79] + + * include/sudo_fatal.h, lib/util/fatal.c: + Define sudo_warn_setlocale_t and use sudo_conv_t in sudo_fatal.h. + Works around a bug in older versions of the HP ANSI C compiler and + results in more readable code. + [0e53ec783100] + + * configure, configure.ac: + HP-UX cc may not allow __declspec(dllexport) to be used in + conjunction with "#pragma HP_DEFINED_EXTERNAL" when redefining + standard libc functions. + [7190082c3a09] + +2020-09-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Fix check for hiding unexported symbols on HP-UX. We need to pass + the -b option to the compiler, not just the linker, so it will + choose the PIC C runtime. + [bc1b9351cbce] + + * src/regress/ttyname/check_ttyname.c: + Check that the files are character devices before comparing st_rdev. + [d9f8b730d131] + + * src/regress/ttyname/check_ttyname.c: + Fix regress when ttyname(3) returns the same device under a + different name. On systems that have both new and old pty names we + can end up with a name mismatch even though the underlying device is + the same. + [3760f44d81d4] + + * plugins/sudoers/regress/testsudoers/test3.sh: + Use the same pattern of redefining TESTDIR as test10.sh. Adapted + from a diff from Tim Rice. + [378590625bfd] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Rename sa_len -> sa_size to avoid a conflict on UnixWare and others. + On some systems, sa_len is a #define for 4.4BSD compatibility. + [a369d15175dd] + + * plugins/sudoers/pwutil.c: + Include strings.h for strcasecmp(3). From Tim Rice + [27be3ee47426] + + * lib/util/getentropy.c: + Add missing #ifdef HAVE_CLOCK_GETTIME in getentropy_fallback() From + Tim Rice + [4bdcf1048196] + + * plugins/sudoers/Makefile.in: + Regen for check_exptilde.o + [b3e2a87b5144] + + * lib/util/Makefile.in, scripts/mkdep.pl: + Add missing dependency info for cfmakeraw.lo in lib/util/Makefile.in + From Tim Rice + [18d953844745] + + * plugins/sudoers/auth/pam.c: + Be consistent and use __hpux not __hpux__ like the rest of sudo. + [dd5ef59dc980] + + * lib/logsrv/protobuf-c.c: + Replace "static inline" with "static __inline" for older compilers. + [a09412277d0f] + + * MANIFEST, include/log_server.pb-c.h, lib/logsrv/Makefile.in, + lib/logsrv/log_server.pb-c.c, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c, scripts/unanon: + Post-process protoc-c files to avoid depending on anonymous unions. + Based on a patch from Michael Osipov. GitHub issue #60 + [13ab1ec22477] + + * src/preload.c: + Add sudoers_audit to sudo_sudoers_plugin_symbols[] array. Fixes + loading of sudoers_audit when configured with --enable-static- + sudoers. GitHub issue #61 + [f0bd4b5cd7b3] + +2020-09-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Fix copy and paste error; Coverity CID 214191 + [49044d66dffc] + + * plugins/sudoers/visudo.c: + Fix memory leak on error found by the clang 10.01 analyzer. + [12de4dd014eb] + + * src/limits.c: + Use correct size for curlim and maxlim. + [1fc6aea5ece0] + + * configure, configure.ac, doc/Makefile.in: + Only install man pages for logsrvd and python plugin if we build + them. GitHub issue #58 + [e92799dd4886] + + * Makefile.in, configure, configure.ac, doc/Makefile.in: + Remove obsolete mansrcdir variable, add _SRC suffix to LOGSRV and + LOGSRVD + [aa9c0f8cb227] + +2020-09-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/eventlog.c, plugins/sudoers/logging.c: + If the command was run in a chroot, add it to the log. + [0cda78f7ed40] + + * MANIFEST, plugins/sudoers/regress/testsudoers/test12.out.ok, + plugins/sudoers/regress/testsudoers/test12.sh: + Add test of multiple syntax errors. Where possible, the portion of + the line before the error should be still be interpreted. + [3af61a54586f] + + * logsrvd/eventlog.c, logsrvd/iolog_writer.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Log the runcwd not submitcwd in the sudo-style log file. The log + entry should reflect the working directory the command actually ran + in. + [a477dee74683] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Fix error recovery in a privilege after a ':' separator. + [02c4b5872a38] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Initialize runchroot and runcwd in init_options() + [13bebf71955d] + + * MANIFEST: + Fix path to check_exptilde.c + [7dc831cbd59d] + + * include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h, + lib/logsrv/protobuf-c.c: + Update to protobuf-c 1.3.3 + [22a88bccb611] + +2020-09-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h: + Regenerate the parser with "bison -y" for verbose syntax error + messages. + [e1530c5b8960] + + * NEWS: + Add chroot/chdir changes. + [9367855da7d1] + + * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in: + Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. + Adds two new command line options, -D (--chdir) and -R (--chroot) + that can only be used when sudoers sets runcwd or runchroot to "*". + [afeb73867b66] + + * MANIFEST, lib/util/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/exptilde.c, + plugins/sudoers/regress/exptilde/check_exptilde.c: + Unit test for exptilde + [f0d7b0031fea] + + * MANIFEST, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c, + plugins/sudoers/regress/sudoers/test24.in, + plugins/sudoers/regress/sudoers/test24.json.ok, + plugins/sudoers/regress/sudoers/test24.ldif.ok, + plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test24.out.ok, + plugins/sudoers/regress/sudoers/test24.sudo.ok, + plugins/sudoers/regress/sudoers/test24.toke.ok: + Add support for runchroot and runcwd to "sudo -l" and cvtsudoers. + [9f5ecd22d822] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_json.c, lib/iolog/iolog_util.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.h, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + Read/write runchroot and runcwd entries in the JSON event log. + [3edb8305abe9] + + * MANIFEST, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/exptilde.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/sudoers/test1.toke.ok, + plugins/sudoers/regress/sudoers/test11.toke.ok, + plugins/sudoers/regress/sudoers/test12.toke.ok, + plugins/sudoers/regress/sudoers/test13.toke.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/regress/sudoers/test15.toke.ok, + plugins/sudoers/regress/sudoers/test16.toke.ok, + plugins/sudoers/regress/sudoers/test17.toke.ok, + plugins/sudoers/regress/sudoers/test18.toke.ok, + plugins/sudoers/regress/sudoers/test19.toke.ok, + plugins/sudoers/regress/sudoers/test22.toke.ok, + plugins/sudoers/regress/sudoers/test3.toke.ok, + plugins/sudoers/regress/sudoers/test4.toke.ok, + plugins/sudoers/regress/sudoers/test6.toke.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add CHROOT and CWD sudoers options. Also matching runchroot and + runcwd Defaults settings. + [2f0aca92c360] + +2020-08-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl + e_approval_plugin_and_arguments.stdout, src/exec.c, src/limits.c, + src/sudo.c, src/sudo.h: + Pass resource limits values to the plugin in user_info[] Sudo resets + the resource limits early in its execution so the plugin cannot tell + what the original limits were itself. + [64957c5875f3] + + * doc/Makefile.in, doc/sudo_logsrvd.man.in, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + lib/logsrv/Makefile.in, lib/util/cfmakeraw.c, lib/util/fchmodat.c, + lib/util/fstatat.c, lib/util/getdelim.c, lib/util/getusershell.c, + lib/util/openat.c, lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/strsig/strsig_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c, + lib/util/strtoid.c, lib/util/strtonum.c, lib/util/term.c, + lib/util/unlinkat.c, logsrvd/Makefile.in, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, + plugins/python/Makefile.in, plugins/python/pyhelpers.c, + plugins/python/pyhelpers.h, plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/python_importblocker.c, + plugins/python/python_loghandler.c, + plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c, + plugins/python/sudo_python_debug.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c, + plugins/sudoers/set_perms.c, plugins/sudoers/starttime.c, + plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c, + src/limits.c, src/ttyname.c: + Update copyright year on some files where it was out of date. + [2086262cd012] + +2020-08-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in: + Refer to "syntax error" instead of "parse error". This is the term + the parser uses when there is an actual error. + [7134b6869432] + + * plugins/sudoers/visudo.c: + Remove superfluous "parse error in sudoers near line N" message. The + sudoers parser now produces better syntax error messages so we don't + need visudo to print its own. + [9c32131fb6ac] + + * plugins/sudoers/visudo.c: + Don't override errorfile and errorlineno set by check_aliases(). Now + that alias parsing stores the file and line number, visudo can use + that information to go to the line with an error when re-editing. + [896d1f73ca02] + +2020-08-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, lib/util/sig2str.c, + lib/util/str2sig.c: + Use sigabbrev_np(3) to access signal abbreviations if supported. + glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) + instead. + [e30482f26924] + +2020-08-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Briefly describe how to restore historical parse error behavior. + [1ede927d99b3] + + * NEWS, doc/UPGRADE: + Mention eof-of-line terminator and plugin argument changes. + [96cd7a3477fa] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, src/load_plugins.c: + Fix sudoers_policy plugin options when sudoers_audit is not listed. + As of sudo 1.9.1 the sudoers file is opened by the audit plugin, not + the policy plugin. As a result, plugin options set for + sudoers_policy have no effect. If sudoers_policy has plugin options + in sudo.conf and sudoers_audit is not listed, move the options to + sudoers_audit so they will have an effect. + [839a9a9c0cc3] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/file.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + sudoers error recovery can be configured via an "error_recovery" + setting. This setting is an argument to the sudoers plugin, similar + to how sudoers_file, sudoers_mode, sudoers_uid, etc. are + implemented. The default value is true. + [86f7059f9e45] + + * plugins/sudoers/regress/testsudoers/test11.sh: + Make this test pass with bison's verbose error messages. + [a2a8e4ca3f63] + +2020-08-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Recover from a syntax error after the ':' in a privilege spec. For + compound privilege specs, don't throw away the entire thing if we + have a syntax error, only the part after the error is encountered. + [d6ef4e6ca624] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/sudoers/test5.toke.ok: + Add explicit end-of-line matching in the parser for better error + messages. A valid line in sudoers must end in a newline or EOF. + Previously, it was possible (though not documented) to have multiple + user specs on a single line. Now, each must be on its own line. + [9f513e9b10ee] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Add NOMATCH token and use it in the lexer for an unmatched pattern. + The ERROR token is now only used for errors detected by the lexer + and for which we've already printed an error. This lets us remove + the hack in sudoerserror() and just check last_token to determine + whether or not to display the error. + [0ca11ad5b7f3] + +2020-08-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Enable error recovery for syntax erorrs that don't end with a + newline. A syntax error on the last line of a sudoers file with no + trailing newline is now recoverable. + [020f76d7f369] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/testsudoers/test11.out.ok: + Add error recovery for unexpected tokens after include/includedir. + [1aedd819916d] + + * NEWS: + Sudo 1.9.3 changes so far. + [bc6c6321a065] + + * configure, configure.ac: + sudo 1.9.3 + [432950d9f778] + +2020-08-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/pp: + Format the macOS minor version number with two digits. This way we + get consistent 4-digit version numbers even for macOS verions like + 10.3 or 11.0 where the minor number is a single digit. For example. + 10.3 will be formatted as 1003 and 11.0 will be 1100. + [7f48e10be9ae] + +2020-08-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/infback.c, lib/zlib/inflate.c: + Add missing ZFALLTHROUGH and use spaces not tabs. + [4b1c71cfb8a9] + + * scripts/pp: + Fix probe for macOS Big Sur "sw_vers -productName" now returns + "macOS", not "Mac OS X" + [4caad8ca5b0c] + +2020-08-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/pyhelpers.c, plugins/python/python_plugin_common.h, + plugins/python/sudo_python_module.c, src/parse_args.c, + src/selinux.c: + Fix some warnings from pvs-studio + [fa83bb619209] + + * Makefile.in, lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c, + lib/util/aix.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c, + logsrvd/sendlog.c, plugins/audit_json/audit_json.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/copy_file.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/load_plugins.c, + src/parse_args.c, src/selinux.c, src/sesh.c, src/solaris.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c: + Fix some warnings from pvs-studio + [164a51c446da] + + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sssd.c: + Use angle quotes when including gram.h and def_data.c. Otherwise, we + can include the wrong file when doing an out-of-source build when + configured using --with-devel. + [105e52a86e22] + + * lib/util/fatal.c, lib/util/regress/fnmatch/fnm_test.c, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/parse_args.c: + Move inclusion of compat headers up with the system headers. Now + that sudo_dso_public is defined in config.h we don't need + sudo_compat.h before including the compat headers. + [da2103ee7ba8] + + * config.h.in, configure.ac, include/compat/fnmatch.h, + include/compat/getaddrinfo.h, include/compat/getopt.h, + include/compat/glob.h, include/compat/sha2.h, include/sudo_compat.h, + include/sudo_conf.h, include/sudo_debug.h, include/sudo_digest.h, + include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h, + include/sudo_json.h, include/sudo_lbuf.h, include/sudo_rand.h, + include/sudo_util.h, lib/iolog/regress/host_port/host_port_test.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_util/check_iolog_util.c, + lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/mktemp/mktemp_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsig/strsig_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/term.c, + logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/audit_json/audit_json.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, + plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c, + plugins/sample/sample_plugin.c, + plugins/sample_approval/sample_approval.c, plugins/sudoers/audit.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/tsdump.c, + plugins/sudoers/visudo.c, plugins/system_group/system_group.c, + src/env_hooks.c, src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.c, + src/sudo_noexec.c: + Rename __dso_public -> sudo_dso_public and move to config.h. + [12550ec04e3a] + + * lib/iolog/host_port.c, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_json.c, lib/iolog/iolog_path.c, + lib/iolog/iolog_util.c, lib/util/ttyname_dev.c, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, + plugins/audit_json/audit_json.c, plugins/sample/sample_plugin.c, + plugins/sample_approval/sample_approval.c, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/net_ifs.c, src/sesh.c, src/sudo.h: + We no longer need to include sudo_gettext.h before sudo_compat.h + [660770ab7e7b] + + * .gitignore, .hgignore: + Add *.map to the ignore file. + [e96b46d418db] + +2020-08-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/uncrustify.cfg: + Update to uncrustify 0.71.0 + [dabd7b24c0d9] + + * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Mention visudo in sudo(8) and document sudoers error recovery. + [44acd34811fb] + +2020-08-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/freezero.c, + lib/util/getentropy.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + scripts/mkdep.pl, src/conversation.c: + Use OpenBSD-compatible freezero() in place of explicit_bzero() + + free() + [af0a9ed1e259] + + * MANIFEST, config.h.in, configure, configure.ac, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_compat.h, include/sudo_plugin.h, lib/util/Makefile.in, + lib/util/arc4random.c, lib/util/explicit_bzero.c, + lib/util/getentropy.c, lib/util/memset_s.c, lib/util/sha2.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, scripts/mkdep.pl, + src/conversation.c: + Switch from memset_s() -> explicit_bzero(). memset_s() (and all of + Annex K) is likely to be removed from the a future version of the + standard. + [c0f81ef1ee3c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' This + results in better error messages when there is a parse error + [7ba896f285a9] + + * plugins/sudoers/mkdefaults: + Some minor cleanup. Use ntuples instead of tuple_last Strip leading + and trailing double quotes using a single gsub() ntuples will never + be zero so don't bother checking No need to explicitly close files + in END + [b841147900df] + +2020-08-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/event.c, plugins/sudoers/cvtsudoers_pwutil.c, + plugins/sudoers/defaults.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, src/selinux.c: + Quiet some clang 10 analyzer warnings. + [4147311f6278] + + * logsrvd/sendlog.c: + Refactor freeing of InfoMessage list into free_info_messages(). Also + fixes a false positive from the clang analyzer. + [25a6f0035a33] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/regress/testsudoers/test11.sh: + Require that a @include line end with a newline or EOF. We now parse + the entire line before reading the include file. This is less + surprising behavior and results in better error messages. + [ad6a2c991db6] + + * plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.c, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test10.out.ok, + plugins/sudoers/regress/sudoers/test11.out.ok, + plugins/sudoers/regress/sudoers/test12.out.ok, + plugins/sudoers/regress/sudoers/test13.out.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test15.out.ok, + plugins/sudoers/regress/sudoers/test16.out.ok, + plugins/sudoers/regress/sudoers/test17.out.ok, + plugins/sudoers/regress/sudoers/test18.out.ok, + plugins/sudoers/regress/sudoers/test18.toke.ok, + plugins/sudoers/regress/sudoers/test19.out.ok, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test20.out.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test22.out.ok, + plugins/sudoers/regress/sudoers/test23.out.ok, + plugins/sudoers/regress/sudoers/test3.out.ok, + plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test4.toke.ok, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test5.toke.ok, + plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test7.toke.ok, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok, + plugins/sudoers/regress/sudoers/test9.out.ok, + plugins/sudoers/regress/testsudoers/test1.out.ok, + plugins/sudoers/regress/testsudoers/test10.out.ok, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test4.out.ok, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test6.out.ok, + plugins/sudoers/regress/testsudoers/test7.out.ok, + plugins/sudoers/regress/testsudoers/test8.out.ok, + plugins/sudoers/regress/testsudoers/test9.out.ok, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test8.err.ok, + plugins/sudoers/regress/visudo/test8.sh, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: + Display more specific parser error messages when possible. + [91dd5d67bb83] + + * plugins/sudoers/file.c: + Let the sudoers parser recover after a parse error. We currently + just discard the line with the error. + [712537665215] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Keep track of the position of the current token for error messages. + [a5f6bd38267e] + +2020-08-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in: + regen + [28026a042255] + + * plugins/sample_approval/sample_approval.exp: + Sync sample_approval.exp with sample_approval.c + [e810da8a6772] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Store the current line in our own buffer for better error messages. + [33b2042e0028] + +2020-08-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, etc/sudo.pp, scripts/mkpkg: + Fix libssl dependency on Debian-based systems. Older systems may + still have libssl1.0.0, not libssl1.1. + [0de802ec595a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add workaround for yyless() not resetting yy_at_bol. + [5defcd893f6a] + +2020-08-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Always use a linker script to hide symbols if it is supported. We + use this even if the compiler has symbol visibility support so we + will notice mismatches between the exports file and __dso_public + annotations in the source code. + [1679ac3124b1] + + * MANIFEST, configure, configure.ac, plugins/python/python_plugin.exp, + plugins/python/python_plugin.exp.in: + Rename python_plugin.exp.in -> python_plugin.exp There is nothing + dynamic in this file. + [f34cc08c026c] + + * MANIFEST, configure, configure.ac, + plugins/python/python_plugin.exp.in, + plugins/python/python_plugin_approval_multi.inc, + plugins/python/python_plugin_audit_multi.inc: + Add missing python_plugin.exp.in file and remove unneeded + __dso_public This fixes building the python plugin on systems where + the compiler doesn't support symbol hiding (but wherethe linker + does). + [e0305faf8282] + +2020-08-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/mkdefaults: + Use "foo in bar" syntax for testing existence of a key. + [0807ae0db0a7] + + * plugins/sudoers/Makefile.in, plugins/sudoers/toke.c: + Replace /*FALLTHROUGH*/ in generated code. + [a7590ec10b16] + +2020-08-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/infback.c, lib/zlib/inflate.c, lib/zlib/zconf.h.in: + Add ZFALLTHROUGH macro to use instead of /* FALLTHROUGH */ comments. + [92ec8a466095] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/arc4random_buf.c, lib/util/glob.c, lib/util/snprintf.c, + lib/util/strtonum.c, logsrvd/sendlog.c, plugins/python/pyhelpers.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/match.c, plugins/sudoers/parse_ldif.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/conversation.c, src/exec_monitor.c, + src/exec_pty.c, src/parse_args.c, src/regress/noexec/check_noexec.c, + src/tgetpass.c: + Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. + [ce33e87ddfd6] + +2020-07-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults: + Rewrite mkdefaults in awk. + [f069ca4eae59] + +2020-07-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/CONTRIBUTORS: + Update translators. + [5252e2d1a61a] + + * doc/sudo.man.in, doc/sudo.mdoc.in, src/copy_file.c: + Prompt user before truncating a file to zero bytes. Bug #922. + [8bfaa57d5bd4] + +2020-07-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_2 for changeset a411d532a5f4 + [84e81d1fe48f] <1.9> + + * merge sudo 1.9.2 from tip + [a411d532a5f4] [SUDO_1_9_2] <1.9> + +2020-07-21 kuberlog <collinalexbell@gmail.com> + + * config.h.in, configure.ac: + configure.ac: fix documentation about lecture + [382c2809eda1] + +2020-07-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/ja.mo, + po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, + po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/ro.mo, po/ro.po, po/tr.mo, + po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, + po/zh_TW.po: + Updated translations from translationproject.org + [74fbf2ca39e1] + +2020-07-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Handle openssl where there is no separate libcrypto pkgconfig file. + In this case, just use the full openssl libs to get the sha2 + functions. + [f724510bb416] + + * INSTALL, configure, configure.ac: + Ignore --enable-gcrypt if --enable-openssl is also specified. + [39d493d7e549] + +2020-07-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac: + Sudo 1.9.2 + [9af764b239c2] + + * config.h.in, configure, configure.ac: + Fix some warnings displayed by autoconf 2.69b This fixes the missing + HAVE_GSSAPI_GSSAPI_H define in config.h.in. TODO: replace + shadow_funcs variable in function checks with literals + [9d8f67e1f8fe] + +2020-07-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/audit.c: + Initialize sudo_conv and sudo_printf in sudoers_audit_open(). We + will need them if there is an error parsing sudoers and leaving them + unset can result in NULL deref. Also set the text domain to + "sudoers" like we do for the policy and I/O logging open functions. + Bug #934. + [e88919ff4900] + +2020-07-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, po/it.mo, + po/it.po, po/ko.mo, po/ko.po, po/ro.mo, po/ro.po: + Updated translations from translationproject.org + [2488a1479208] + +2020-07-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.exp: + Export sudoers_audit symbol for compilers without symbol visibility. + [081f6729cb38] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the contents of the log.json file. + [b1ea749fffc2] + + * lib/iolog/iolog_fileio.c: + Fix typo, runas_uid should be runas_gid. + [7b2c0fd84a60] + + * examples/sudo.conf.in: + Add sudoers_audit line for completeness, matching the documentation. + When sudoers is loaded as a policy plugin, it will be loaded + automatically as an audit plugin. Listing it explicitly in the + default sudo.conf file helps bring attention to the fact that + sudoers now supports the audit plugin type. + [7145a02ed280] + + * plugins/sudoers/defaults.c: + Add some debugging statements around Defaults lookup. + [b95e2a9b6555] + + * plugins/sudoers/sudoers.in: + Replace #includedir with @includedir in default sudoers file. + [d18945ec728e] + +2020-06-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, m4/libtool.m4: + Allow HP-UX share libs and modules to link against static libs. + hppa64 and ia64 use PIC by default + [0553c60b922a] + +2020-06-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Use pkg-config to find the openssl cflags and libs if possible. We + support linking against static openssl libs too. + [55442f4fea5e] + +2020-06-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/pp: + Fix parsing of /etc/redhat-release on RHEL 8. RedHat dropped the + word "server" from the release name in redhat-release which results + in the awk script printing the wrong field. Instead of using awk, + just use sed to pull out the version number immediately following + the word "release". + [a283acb4622a] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen without `scare quotes' + [31f021892137] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, + src/parse_args.c, src/sudo.c: + Replace or remove use of `scare quotes' These don't translate well + and look odd in many fonts. + [3c7fa8f93543] + +2020-06-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/zlib/infback.c, lib/zlib/inflate.c: + Add FALLTHROUGH comments to quiet -Wimplicit-fallthrough + [f724957b7cae] + + * src/solaris.c: + Fix implicit fallthrough warning and add break to default cases. + [74d8c68eb160] + + * configure, configure.ac, m4/ax_func_snprintf.m4, m4/sudo.m4: + Fix some warnings from configure test programs. + [6cff0cdb066a] + + * configure, configure.ac: + Add -Wimplicit-fallthrough to --enable-warnings if available. Note + that clang 10 has support for -Wimplicit-fallthrough in C code but + doesn't recognize lint-style FALLTHROUGH comments like gcc does so + we can't use it. + [cf70a1ab3ea9] + + * configure, configure.ac: + Drop old test for -lcposix for ISC Unix. + [1bfd474c8819] + +2020-06-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * README: + Mention sudo-blog announce list. + [526dc0cc1e83] + + * NEWS: + Bugs #860 and #917 were fixed in 1.9.0. + [51a347785dbf] + +2020-06-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_1 for changeset 06b47089122a + [94c1c10ddbbd] <1.9> + + * merge sudo 1.9.1 from tip + [06b47089122a] [SUDO_1_9_1] <1.9> + + * plugins/sudoers/po/sudoers.pot: + regen to fix a typo + [9755e76fcd8b] + + * MANIFEST, lib/iolog/Makefile.in, + lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c: + Add regress test to catch swapids() bug when called by + iolog_mkdtemp() + [deff1dc2f144] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, po/ro.mo, + po/ro.po: + Updated translations from translationproject.org + [9007c89029ea] + +2020-06-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Document the order in which the plugin open/close functions are + called. + [48ec66882e1a] + + * NEWS, lib/iolog/iolog_fileio.c: + Fix a typo that prevented swapids() from restoring the original gid. + This led to a regression when the iolog_file setting ends in six or + more X's or when the I/O logs are stored on NFS. + [522d8ec470cb] + +2020-06-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_monitor.c, src/exec_pty.c, src/get_pty.c, src/sudo.h, + src/sudo_exec.h: + Replace master/slave in code with leader/follower. + [230f5343d961] + + * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudoers, + plugins/sudoers/regress/cvtsudoers/sudoers, + plugins/sudoers/regress/cvtsudoers/sudoers.defs, + plugins/sudoers/regress/cvtsudoers/test13.out.ok, + plugins/sudoers/regress/cvtsudoers/test19.out.ok, + plugins/sudoers/regress/visudo/test6.sh: + Replace terms master and blacklist in docs and examples. + [2908ac6c0fe0] + + * NEWS: + Bug #929 + [c1f5a01d1af6] + +2020-06-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_edit.c: + Clean up temporary sudoedit files on success; Bug #929 This is a + regression introduced in sudo 1.9.0. + [2bc4822b7382] + +2020-06-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + New Romanian translation + [fd753dfa0a84] + +2020-06-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/pl.mo, + po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo, + po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [570aacc81015] + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ro.mo, + plugins/sudoers/po/ro.po, po/ro.mo, po/ro.po: + Romanian translation from translationproject.org. + [1e277907378e] + + * NEWS: + Add missing entry for the LDAP/SSSD sudoHost regression. Also add + new Romanian translation + [624eb5e8e612] + +2020-06-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Fix a typo in the audit string when "sudo -E" is not allowed. + [85bcb3b1f7d8] + +2020-06-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/regress/testhelpers.c: + Check asprintf() return value. + [456bb2d7c37f] + + * scripts/mkpkg: + Prefer the python3 in /usr/bin on Solaris. The /opt/csw version, if + it exists, may be a 32-bit version which we can't link with. Also + handle the case where the /usr/bin/python3 link is missing. + [2ed7715e6b2e] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Declare getdelim(3) if it exists in libc but is not prototyped in + stdio.h. This can happen on systems with a gcc packages that was + built on and older versions of the OS where getdelim(3) was not + present. + [e78803280641] + + * aclocal.m4, configure, configure.ac: + For python3-config, only use -I and -L/-l from --cflags and + --ldflags output. Otherwise we may get other flags used to build + python that conflict with what sudo uses. + [7a8d3c5fd2ae] + + * scripts/mkpkg: + Build 64-bit binaries and the python package on Solaris 11 and + above. No longer prefer the Solaris Studio C compiler over gcc, it + causes issues with the Python plugin. + [a92f9641bd07] + + * logsrvd/sendlog.c: + Fix memory leak on error in fmt_info_messages(). + [511ac9ba6819] + + * NEWS: + Update for 1.9.1b1 + [562b0add8e04] + +2020-06-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen for sudo 1.9.1 + [8960aceb2519] + +2020-06-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Add basic support for reject and error audit events to sudoers. This + is only used when logging events from plugins other than sudoers, + such as an approval plugin. With this change, if an approval plugin + rejects the command the denial will be logged in the sudoers log + file using the message from the approval plugin. + [c7abc39b0e37] + + * plugins/sudoers/bsm_audit.c, plugins/sudoers/solaris_audit.c, + scripts/mkpkg: + Fix Solaris and BSM audit warnings. Use BSM audit on Illumos, which + lacks Solaris audit. + [3844e8a24f59] + + * plugins/sudoers/policy.c: + Track whether the session was opened in sudoers. In + sudoers_policy_close() only warn about being unable to run the + command if we actually opened the session (and thus passed all + approval plugins). + [f99b434d121b] + + * src/sudo.c: + Only display an error in the built-in policy close if command is + set. If a policy or approval plugin denies the command, + command_details will not have been filled out. + [245024004df2] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c: + Avoid passing NULL to printf in match debug code for LDAP/SSSD. The + file name in struct userspec was not set for the LDAP and SSSD + backends. There is no actual file in this case so set the name to + LDAP/SSSD. Also add a guard to make sure we don't try to print NULL + in sudoers_lookup_check() if name is left unset. + [240efcda496e] + +2020-06-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h: + Add missing const to linux_audit_command()'s argv function argument. + [cb219f1ccb6e] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When converting LDAP to sudoers, ignore entries with no sudoHost + attribute. Otherwise, sudo_ldap_role_to_priv() will treat a NULL + host list as as the "ALL" wildcard. This regression was introduced + in sudo 1.8.23, which was the first version to convert LDAP sudoRole + objects to sudoers internal data structures. Thanks to Andreas + Mueller for reporting and debugging this problem. + [484d0d3b892e] + +2020-06-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, src/load_plugins.c: + Load the sudoers module as an audit plugin if loaded as a policy + plugin. Now that logging of successful commands is performed by + sudoers as an audit plugin we need to load sudoers_audit if + sudoers_policy is also loaded. Otherwise, accpted commands will not + be logged. + [f20bee20f4c7] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/solaris_audit.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Defer logging of the successful command until approval plugins have + run. This adds audit plugin support to the sudoers module, currently + only used for accept events. As a result, the sudoers file is now + initially parsed as an audit plugin. + [552c13bd0287] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + include/sudo_plugin.h, plugins/audit_json/audit_json.c, + plugins/python/sudo_python_module.c, src/sudo.c: + Add support for "accept" audit events sent by the sudo front-end. + With this change, the sudo front-end will send an "accept" audit + event to the audit plugins after all the I/O logging plugins have + been initialized. This can be used by an audit plugin that does not + care about the result of the individual policy and approval plugins + and only wants to receive a single "accept" event if all policy and + approval plugins have succeeded. The plugin_type argument for events + sent by the front-end is SUDO_FRONT_END (0). + [6b3cb94fedb9] + + * src/exec_pty.c: + If event loop fails due to ENXIO, remove /dev/tty events and + recover. This fixes an issue on Solaris 11.4 (and probably others) + with "sudo reboot" when I/O logging is enabled. Previously, sudo + would kill the command if it was still running after the event loop + terminated, leaving the system in a half-dead state. + [e12e3040b067] + +2020-06-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Don't try to suspend sudo if the user's tty has gone away. Fixes a + problem on Solaris 11.4 (and possibly others) where sudo continually + tries to put itself in the background after the user's terminal has + been revoked. + [92f172b46b9c] + + * src/exec_pty.c: + Back out WIP code that was mistakenly committed. + [41f57239b2c4] + + * scripts/mkpkg: + Don't enable BSM audit on Solaris 10, it is missing AUE_sudo + [3b32087b1ed3] + + * src/exec_pty.c, src/get_pty.c: + On Solaris 11.4 the openpty(3) prototype lives in termios.h. + [d6e353e8b9df] + + * plugins/sudoers/solaris_audit.c: + Add missing stdlib.h include and fix solaris_audit_failure() error + return. + [5748d8fd24c4] + + * scripts/mkpkg: + Use Solaris audit for Solaris 11, not BSM audit. BSM audit is no + longer supported in Solaris 11.4. + [01f2189f439d] + +2020-05-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec.c: + Check audit plugins for a close function too before execing command + directly. We cannot exec the command directly if any of the policy + or audit plugins use a close function. + [5aa6db56ce32] + +2020-05-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention Bug #927. + [0fd9e757d80b] + +2020-05-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, m4/sudo.m4: + Add basic support for --runstatedir If the user specifies + --runstatedir but not --with-rundir, use runstatdir as the parent + directory of the sudo rundir. + + In the future we may deprecate --with-rundir in favor of + --runstatedir but that will require changes for systems with no + /var/run directory. + [14879831fe6e] + + * MANIFEST, NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, + plugins/sudoers/regress/testsudoers/test10.out.ok, + plugins/sudoers/regress/testsudoers/test10.sh, + plugins/sudoers/regress/testsudoers/test11.out.ok, + plugins/sudoers/regress/testsudoers/test11.sh, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/regress/testsudoers/test8.out.ok, + plugins/sudoers/regress/testsudoers/test8.sh, + plugins/sudoers/regress/testsudoers/test9.out.ok, + plugins/sudoers/regress/testsudoers/test9.sh, + plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Add support for @include and @includedir These are less confusing + than #include and #includedir when the hash character is also the + comment character. + + This commit also adds real parsing of include directives as opposed + to the pure lexer approach used previously. As a result, it is now + possible to include files with spaces by either using a double- + quoted string or escaping the space characters with a backslash. + [c422a5c8ea5d] + +2020-05-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/iolog_fileio.c: + In iolog_openat() enable the write bit on pre-existing files if + needed. This prevents problems caused by the change to strip the + write bit from the timing file when it is finished. + [a6b0da3f7b94] + + * plugins/sudoers/visudo.c: + In visudo check that an include file is regular file before using + it. Avoids a generic "input in flex scanner failed" error message. + [287d90d359a6] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix a memory leak on error when including a file or directory. + [02db03f7b565] + +2020-05-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac: + Sudo 1.9.1 + [57a1a5f05500] + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Add a follow option (-F) to support replaying a live session. By + default, sudoreplay will exit when it reaches the end of the timing + file. With the -F option, it will keep going until the timing file + is finished and its write bit is cleared. + [12ab27768cad] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c: + Add iolog_clearerr() that acts like clearerr(3). Works for both + compressed and uncompressed I/O logs. + [c83b88285c2c] + + * plugins/sudoers/iolog.c: + Clear the write bit from the I/O log timing file when it is + complete. This matches the behavior of sudo_logsrvd. + [0bc8a012db26] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Use PACKAGE_VERSION instead of 0.1 as the client and server version. + [d1e3ac049cf7] + + * lib/util/Makefile.in, lib/util/aix.c, lib/util/fatal.c, + lib/util/getusershell.c, lib/util/gidlist.c, lib/util/json.c, + lib/util/mkdir_parents.c, lib/util/strsignal.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c: + Set DEFAULT_TEXT_DOMAIN in lib/util's Makefile not individual .c + files. We no longer need to include sudo_gettext.h before + sudo_compat.h + [ead9b6a434b8] + + * lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c, + lib/iolog/iolog_path.c, lib/iolog/iolog_util.c, + lib/iolog/regress/host_port/host_port_test.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_util/check_iolog_util.c, + lib/util/digest_gcrypt.c, lib/util/event.c, lib/util/event_select.c, + lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getdelim.c, lib/util/getgrouplist.c, + lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/json.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/mkdir_parents.c, lib/util/mktemp.c, + lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/mktemp/mktemp_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/str2sig.c, lib/util/strndup.c, lib/util/strtobool.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttyname_dev.c, lib/util/vsyslog.c, + plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/python/sudo_python_debug.c, + plugins/sample/sample_plugin.c, + plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gentime.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c, + plugins/sudoers/match_digest.c, plugins/sudoers/parse.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/starttime.c, plugins/sudoers/strlist.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/signal.c, src/sudo.c, + src/sudo_edit.c, src/sudo_noexec.c, src/tcsetpgrp_nobg.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + Include string.h unconditionally and only use strings.h for + strn?casecmp() In the pre-POSIX days BSD had strings.h, not + string.h. Now strings.h is only used for non-ANSI string functions. + [f7f633de570a] + + * lib/iolog/host_port.c, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_json.c, lib/iolog/iolog_path.c, + lib/iolog/iolog_util.c, + lib/iolog/regress/host_port/host_port_test.c, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_util/check_iolog_util.c, lib/util/aix.c, + lib/util/arc4random.c, lib/util/arc4random_buf.c, + lib/util/arc4random_uniform.c, lib/util/cfmakeraw.c, + lib/util/closefrom.c, lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fchmodat.c, + lib/util/fnmatch.c, lib/util/fstatat.c, lib/util/getaddrinfo.c, + lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c, + lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c, + lib/util/isblank.c, lib/util/json.c, lib/util/key_val.c, + lib/util/lbuf.c, lib/util/locking.c, lib/util/logfac.c, + lib/util/logpri.c, lib/util/memset_s.c, lib/util/mkdir_parents.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, + lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c, + lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/mktemp/mktemp_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsig/strsig_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c, + lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c, + lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, + lib/util/strsignal.c, lib/util/strsplit.c, lib/util/strtobool.c, + lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, lib/util/unlinkat.c, + lib/util/utimens.c, lib/util/uuid.c, + plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/python/regress/testhelpers.h, + plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c, + plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_command.c, + plugins/sudoers/match_digest.c, plugins/sudoers/parse.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/strlist.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, + src/copy_file.c, src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_nopty.c, src/get_pty.c, src/hooks.c, src/limits.c, + src/load_plugins.c, src/openbsd.c, src/parse_args.c, src/preload.c, + src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c, + src/solaris.c, src/sudo_edit.c, src/tcsetpgrp_nobg.c, + src/tgetpass.c, src/utmp.c: + We no longer need to include headers we don't use for sudo*.h files. + Previously we needed to include headers required by the various + sudo*h files. Now those files are more self-sufficient and we should + only include headers needed by code in the various .c files. + [72cbeae218e7] + + * include/sudo_compat.h, include/sudo_conf.h, include/sudo_debug.h, + include/sudo_iolog.h, include/sudo_json.h, include/sudo_util.h, + plugins/sudoers/sudoers.h: + Add dependent system includes to make sudo_*.h more standalone. In + the past we've relied on the various .c files to include the system + headers that define types that the sudo_*.h headers require. This is + fragile and can cause issues when includes get re-ordered. + [a9fb765c0fba] + + * plugins/sudoers/env.c: + Fix typo in PERLIO_DEBUG (trailing whitespace). This has no effect + unless env_reset is disabled. From Allan Wirth + [bdf9c9e7f455] + +2020-05-17 Sebastian Rasmussen <sebras@gmail.com> + + * plugins/sudoers/visudo.c: + Fix typo in warning message. + [01b8fab9fdf5] + +2020-05-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/mksiglist.h, lib/util/mksigname.h: + Prefer SIGSYS if SIGUNUSED is defined to the same value. Fixes a + regress failure on musl libc where SIGSYS and SIGUNUSED share the + same value. + [e030acf8a670] + + * plugins/python/regress/testhelpers.h: + Add missing sys/wait.h include; fixes a compilation problem on musl + libc. + [9a6a09e74a14] + + * lib/iolog/hostcheck.c: + Add missing sys/types.h include; fixes a compilation problem on musl + libc. + [7c8ea831203b] + + * include/sudo_compat.h: + Only define WCONTINUED and WIFCONTINUED if neither are already + defined. Fixes a warning on musl libc where WIFCONTINUED is defined + in stdlib.h for some reason. + [9f55ae24b479] + +2020-05-16 Dan Robertson <dan@dlrobertson.com> + + * include/sudo_debug.h: + Fix includes when building with musl + + Include sys/types.h for mode_t and id_t in sudo_debug.h + [15abb56a1edf] + +2020-05-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Enable OpenSSL on RHEL 6 too. The version of OpenSSL in RHEL 6 is + new enough for the log server to use. + [853fd8a74207] + + * logsrvd/logsrvd_conf.c: + Don't print errno for the "TLS not supported" message. + [c94540d3d632] + +2020-05-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, etc/sudo-python.pp: + Fix macOS bundle IDs for sudo-logsrvd and sudo-python packages + [a9f6aea56e40] + +2020-05-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/eventlog.c: + Add iolog_path to the JSON-format event log + [924d8836ead0] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Rename FLUSHED state to FINISHED This makes more sense when + receiving event-only logs. + [9e2736246e0d] + +2020-05-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Fix handling of connections without associated I/O logs. This fixes + reject events as well as accept events without the expect_iobufs + flag set. + [3ddb52ae0af4] + + * logsrvd/sendlog.c: + Fix handling of accept and reject messages without an I/O log. Only + set expect_iobufs in AcceptMessage if sending I/O logs. Set state to + FINISHED immediately after sending a RejectMessage. + [767e75944d4f] + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Add -A and -R options to test logging of accept and reject events. + If -A is specified, no I/O will be sent, only the accept event. For + -R, a reject event with the specified reason is sent. + [90db0e6f9b68] + + * configure, configure.ac: + cfmakeraw(3) is broken on AIX, don't use it there The cfmakeraw(3) + function exists but does not set VMIN to 1 or VTIME to 0 in c_cc[] + in struct termios, which makes it useless. The AIX version also + doesn't clear the CSIZE and PARENB flags from c_cflag. + [bbdcae2c5fb5] + + * NEWS: + fix pastos + [cbf517081e74] + +2020-05-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgtags: + Added tag SUDO_1_9_0 for changeset 706d726a2f8e + [d1f2b4ee59d5] <1.9> + + * MANIFEST, include/sudo_iolog.h, include/sudo_util.h, + lib/iolog/Makefile.in, lib/iolog/host_port.c, + lib/iolog/regress/host_port/host_port_test.c, lib/util/Makefile.in, + lib/util/host_port.c, lib/util/regress/host_port/host_port_test.c, + lib/util/util.exp.in, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + Rename sudo_parse_host_port -> iolog_parse_host_port and mv to + lib/iolog It is not used outside of the I/O log client and server + and the host:port syntax may change in the future. + [706d726a2f8e] [SUDO_1_9_0] + + * plugins/sudoers/sudoreplay.c: + Remove duplicate inclusion of time.h + [f560858325d5] + +2020-05-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + Only enable TLS listener by default if we have a cert for it. We + want the log server to work with the default configuration. If the + default certificate path exists, it will be used with the default + listener. If the user explicitly enabled a TLS listener we always + attempt to use it. If TLS was specified but no cert file was set, + the default location will be used (and an error will occur if the + cert cannot be loaded). + [16ade34c38ee] + +2020-05-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen for 1.9.0 final + [99e507035253] + + * logsrvd/Makefile.in: + regen + [555d817825b0] + + * doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c: + The --preserve-env=list option may be specified more than once. + [8066a9d1b04b] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Quiet some warnings from igor. + [4df4fd274023] + + * MANIFEST, Makefile.in, etc/codespell.exclude, etc/codespell.ignore, + etc/codespell.skip: + Plumb in codespell with a "make spell" target. + [4b1de7ee8648] + + * configure, configure.ac, install-sh: + Fix a few more typos. + [d22a8c46c743] + +2020-05-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c: + Don't allow duplicate values for command line options that take an + argument. Previously, if multiple instances of the same command line + option were specified, the last one would be used. This meant that, + for example, "sudo -u someuser -u otheruser id" would run the + command as "otheruser". This has the potential to cause problems for + programs that run sudo with a user-specified command that do not use + the "--" option to indicate that no more options should be + processed. While this is a bug in the calling program, there is + little downside to erroring out when multiple options of the same + type are specified on the command line. Bug #924 + [66e2612e7672] + + * NEWS: + Debian bug #734752 + [d3285c45ac4b] + + * src/sudo.c, src/sudo.h: + Look up runas user by name, not euid, where possible. Fixes a + problem when there are multiple users with the same user-ID where + the PAM session modules could be called with the wrong user name. + Debian bug #734752 + [b45608f29a02] + + * src/sesh.c: + Fix ironic typo in spelling fixes. Bug #925 + [73de90df6ff9] + + * scripts/pp: + Sync PolyPkg from upstream. + [ac5e4b830177] + + * NEWS, TODO, config.h.in, configure.ac, + doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + etc/sudo.pp, include/compat/getaddrinfo.h, include/sudo_event.h, + include/sudo_util.h, lib/util/fnmatch.c, lib/util/getaddrinfo.c, + lib/util/regress/vsyslog/vsyslog_test.c, logsrvd/logsrvd.c, + plugins/audit_json/audit_json.c, + plugins/python/example_debugging.py, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/parse.h, + plugins/sudoers/pwutil.h, + plugins/sudoers/regress/cvtsudoers/test30.sh, scripts/mkdep.pl, + src/exec.c, src/exec_monitor.c, src/exec_pty.c, src/sesh.c: + Apply spelling fixes. Fixes from PR #30 (ka7) and Bug #925 + (fossies.org codespell) + [1fb13dc3991b] + +2020-05-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, etc/sudo-python.pp: + Use the proper python version in the libpython dependency on Debian. + The configure script already detects the python version, we just + need to use it. + [4e49c53f206f] + + * plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ja.mo, + po/ja.po, po/sv.mo, po/sv.po: + Updated translations from translationproject.org + [abdb2d6fe7cb] + + * NEWS: + Bug #922 and Bug #923 + [7a77f74c436f] + +2020-05-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo.pp: + Fix Debian ldap dependency broken in last commit. + [4980b1b653ef] + + * etc/sudo.pp: + Fix "make package" on Debian when linux_audit is not set. + [a00d7dec5821] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Add a ClientHello message that client sends to the server. This + makes it easier to detect a plaintext client sending to a TLS port. + Without this, the TLS server will be silent as it waits for the + client to initiate the TLS connection. + [22c033bcf456] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + Better error messages when there is a problem with the TLS + connection. If SSL_read, SSL_write or SSL_connect fails we can use + the reason string to let the user know what the problem is. + [92f603e37e40] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + logsrvd/logsrvd_conf.c: + Make the default certificate and key paths match the example file. + [f642836bfcf0] + + * logsrvd/logsrvd.c, plugins/sudoers/iolog_client.c: + Warn about tls errors during startup so the user has a clue. We + write messages to stderr until we become a daemon. + [25ad61aa7dab] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/log_server.pb-c.h, + lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto, + logsrvd/logsrvd.c, logsrvd/sendlog.c: + Remove the tls parameter from the ServerHello message. The TLS + connection is now initiated before ServerHello is received. + [9d8b76f14cda] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h, + plugins/sudoers/policy.c: + Adapt sudoers iolog client to log server dual port changes. The TLS + handshake now occurs before the ServerHello message is read. This + fixes potential man-in-the-middle attacks and works better with TLS + 1.3. + [8137b029a3fe] + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in, + doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/logsrv_util.h, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/sendlog.c: + Use port 30343 for plaintext and port 30344 for TLS. For TLS + connections we now do the TLS handshake immediately before the + ServerHello message. This lets the client recieve an alert from the + server is there is a handshake error after the TLS connect has + succeeded. It also means that the contents of the ServerHello are + protected from a man-in-the-middle attack. + [bb4d8b57b3dd] + + * include/sudo_util.h, lib/util/host_port.c, + lib/util/regress/host_port/host_port_test.c, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + Add support for a tls flag in sudo_parse_host_port(). If the string + "(tls)" appears at the end, the tls flag is set to true and the + default tls port is used if necessary. + [f0d9a225cd75] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + Plug memory leaks in sudo_sendlog + [886254bcae6a] + + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + Handle EAGAIN like we do ENOMEM from poll() and select(). On some + systems, poll() and select() can return EAGAIN instead of ENOMEM if + there is a kernel resource shortage. In this case we just re-enter + the event loop and retry. + [048df2548dcc] + +2020-05-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Use the --embed when running "python3-config --ldflags" if + supported. Newer versions of python3-config only include libpython + in the output when the --embed is used. Otherwise, "python3-config + --libs" and "python3-config --ldflags" only list the libraries + python is dependent on and not the python library itself. + [d90dc892c726] + +2020-04-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c: + On error, remove the connection with an error without freeing the + closure. Fixes the final message at the end when there is a network + error. + [0e1952eb707b] + + * lib/util/event_poll.c: + Do not call poll(2) or ppoll(2) with nfds > RLIMIT_NOFILE. Both + poll(2) and ppoll(2) will return EINVAL if the nfds function + argument is larger than the max files per process resource limit. + Prevent this by limiting the max number entries in the pfds[] array + to the RLIMIT_NOFILE soft limit. + [ab0f798bb024] + +2020-04-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_event.h, lib/util/event.c: + The timeout parameter of sudo_ev_add() should be const. + [de85c8897aad] + +2020-04-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Don't free TLS on error in tls_init(), it is freed in + client_closure_free(). Fixes a double free on error introduced with + the TLS state cleanup in client_closure_free(). + [f1b478f2ec13] + + * logsrvd/logsrvd.c: + Check for tls_config->dhparams_path being non-NULL before using it. + [09348a25bfd2] + +2020-04-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in: + Document the TLS and test options. + [e5f6b6c46c25] + + * logsrvd/sendlog.c: + Allow -t option even without OpenSSL Also add -t to the usage + message + [d874c9a67ed6] + + * logsrvd/sendlog.c: + Use sudo_strtonum() instead of relying on strtoll(). Older, pre-C99, + systems may not include strtoll() in their C library. + [a1a610bbe022] + + * include/protobuf-c/protobuf-c.h: + Allow this to build on systems without stdint.h by using config.h. + Old, pre-C99, systems may have inttypes.h but not stdint.h. + [72e603875b82] + +2020-04-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, scripts/pp: + Fix support for pp_systemd_disabled and check for systemd existence. + On our build schroots we don't have systemctl installed but do have + the /etc/systemd and /lib/systemd (or /usr/lib/systemd) directories. + [93917f4130b0] + + * etc/sudo-logsrvd.pp: + Set pp_macos_service_id instead of + pp_macos_default_service_id_prefix. It is only effective to set + pp_macos_default_service_id_prefix in the indivisual %service + sections (and not %set) so we may was well use pp_macos_service_id + which includes the service name. + [84ccf13e7076] + + * etc/sudo-logsrvd.pp: + Set launchd service id prefix to "ws.sudo." The default value in + PolyPkg is "com.quest.rc." + [eb581d74573e] + + * scripts/pp: + Fix macOS package creation. + [556c0051c0fc] + +2020-04-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Shut down the TLS connection cleanly in client_closure_free(). Also + free the SSL data which is part of the client closure. + [258ec8832cbd] + + * src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_exec.h: + Fix sudoedit when running with SELinux RBAC mode. We can't use + run_command() to run sesh, that will use the sudo event loop (and + might run it in a pty!). There's no need to relabel the tty when + copying files. Get the path to sesh from sudo.conf. + + Currently, for SELinux RBAC, the editor runs with the target user's + security context. This defeats the purpose of sudoedit. Fixing that + requires passing file descriptors between the main sudo process + (running with the invoking user's security context) and sesh + (runnning with the target user's security context). + [81c9ec600894] + + * MANIFEST, src/Makefile.in, src/copy_file.c, src/sesh.c, + src/sudo_edit.c, src/sudo_exec.h: + Refactor the sudoedit code to copy files so it can be shared. The + SELinux sudoedit code now extends the destination file the same way + the non-SELinux version does. + [82c44299309e] + + * src/sudo_edit.c: + Do not remove sudoedit temporary files if we cannot overwrite the + real file. The warning message says the files were preserved but + they actually got removed. + [685f2de6bb2e] + + * include/compat/glob.h, lib/util/glob.c: + Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match + POSIX. + [c3586082d3ea] + + * scripts/pp: + Only remove the systemd unit service file if we copied it manually. + If the service file was installed as part of the package it will be + removed automatically when the package is uninstalled. + [e98e1493c5bf] + +2020-04-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in: + Document TLS settings in ServerHello + [22ae16f41585] + +2020-04-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_edit.c: + Extend the original file before to the new size before updating it. + Instead of opening the original file for writing w/ tuncation, we + first extend the file with zeroes (by writing, not seeking), then + overwrite it. This should allow sudo to fail early if the disk is + out of space before it overwrites the original file. + [aef4db03e9e1] + + * src/sudo.c: + I/O log plugins should be closed *before* the policy plugin, not + after. + [dec6fccf63d4] + + * plugins/sudoers/set_perms.c: + Fix typo + [82b0efbb6c26] + + * plugins/sudoers/iolog.c: + Only display error string once on I/O error. We already include the + error string in the format so no need to use errno too. + [59795855d6a2] + + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + Free passwd and group caches in I/O plugin after log_warning(), not + before. The logging functions may try to use the cache via + set_perms(PERM_ROOT). + [652b925b9658] + +2020-04-17 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + add missing shudown of TLS connection + [14b25a0f4f6b] + +2020-04-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp, scripts/pp: + Disable systemd support on Linux systems that don't use it. + [3c01c91dbfb2] + +2020-04-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + 1.9.0 final + [acf3b4592384] + + * etc/sudo-logsrvd.pp, scripts/pp: + Update PolyPkg from my branch with systemd support. + [a7a487496209] + +2020-04-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/example_conversation.py, + plugins/python/example_io_plugin.py, plugins/python/regress/testdata + /check_example_io_plugin_fails_with_python_backtrace.stdout: + If the signal.Signals enum is not present, search the dictionary. + The Signals enum was added in Python 3.5. If it is not present we + need to iterate over the dictionary items, looking for signal name + to number mappings. Fixes the signal tests with Python 3.4. + [22811794ed46] + + * plugins/python/regress/check_python_examples.c, + plugins/python/sudo_python_module.c: + Python dictionaries are sparse so we cannot use pos as an index. + When converting sudo options from a dictionary to a tuple we need to + track the current index into the tuple separately from the position + of the dictionary entry. + [07cb8a0c7f21] + +2020-04-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo-logsrvd.pp: + Fix handling of /etc/sudo_logsrvd.conf in the sudo-logsrvd package. + For rpm and deb we include the file directly and mark it volatile. + For all others we copy it in the postinstall script from the example + dir if the file doesn't already exist. + [83264a96b923] + + * scripts/mkpkg: + Check for the Sun Studio C compiler on Solaris under /opt. Also + intialize with_python to false. + [52e28d55f9a6] + + * po/sudo.pot: + regen + [faaacb7777d4] + + * lib/util/parseln.c: + Explicitly include stdio.h for getdelim(3) + [3b0bff3ef388] + + * logsrvd/logsrvd.c: + Reload sudo.conf upon SIGUP This makes it possible to update the + Debug settings in sudo.conf and have them take effect on reload. + [9fb7baf9a3ad] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Store the result of ERR_get_error() so we can use it for both warn + and debug. Otherwise, only the debug framework gets the actual error + and the user won't see the problem. + [039565f16d13] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Disable IPv4-mapped IPv6 addresses in the listener. Also store the + host + port string and use it in error messages. + [3fbac477ef6b] + + * configure, configure.ac, examples/Makefile.in: + Install the example sudo_logsrvd.conf unless one already exists + [89c41b936c44] + +2020-04-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * examples/sudo_logsrvd.conf: + Make the path to logsrvd_cert.pem match the documentation. + [b2a45e7c9cdb] + + * etc/sudo-logsrvd.pp, logsrvd/logsrvd.c: + Create the pid file parent directory if it doesn't already exist. + Also package the run directory in the sudo_logsrvd PolyPkg file. + [ac8b573e8545] + + * configure, configure.ac: + Sudo 1.9.0rc1 + [7d437646afc2] + + * MANIFEST: + Include all python plugin files in MANIFEST, not the directory + itself. + [4aa09dd70b9e] + + * plugins/python/example_approval_plugin.py, + plugins/python/example_audit_plugin.py, + plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/regress/test + data/check_example_io_plugin_fails_with_python_backtrace.stdout: + Avoid using typing annotations so tests run with Python 3.4. + [88b7048bc4a6] + + * plugins/python/python_plugin_common.c, plugins/python/regress/testda + ta/check_loading_fails_missing_classname.stderr: + Sort the list of possible plugins before printing it. This gives + more reproducible error messages for the tests. + [ea33f4970268] + + * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_group_plugin_is_able_to_debug.log, plugins/python/regr + ess/testdata/check_example_io_plugin_command_log.stored, plugins/pyt + hon/regress/testdata/check_example_io_plugin_command_log_multiple1.s + tored, plugins/python/regress/testdata/check_example_io_plugin_comma + nd_log_multiple2.stored, plugins/python/regress/testdata/check_examp + le_io_plugin_failed_to_start_command.stored, plugins/python/regress/ + testdata/check_example_io_plugin_fails_with_python_backtrace.stderr, + plugins/python/regress/testdata/check_loading_fails_wrong_path.stder + r, plugins/python/regress/testdata/check_multiple_approval_plugin_an + d_arguments.stdout, plugins/python/regress/testdata/check_python_plu + gins_do_not_affect_each_other.stdout, + plugins/python/regress/testhelpers.h: + Use regular expressions when matching expected and actual text. + [f2562728481a] + + * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_debugging_c_calls@info.log, plugins/python/regress/tes + tdata/check_example_debugging_plugin@info.log, + plugins/python/regress/testhelpers.c: + Use regex to match __init__.py instead of hacking it in + verify_log_lines() + [8bf71289e585] + + * plugins/python/pyhelpers.c, plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/plugin_approval_test.py, plugins/python/regre + ss/testdata/check_example_debugging_c_calls@diag.log, plugins/python + /regress/testdata/check_example_debugging_c_calls@info.log, plugins/ + python/regress/testdata/check_example_debugging_py_calls@diag.log, p + lugins/python/regress/testdata/check_example_debugging_py_calls@info + .log, plugins/python/regress/testdata/check_example_policy_plugin_va + lidate_invalidate.log, plugins/python/regress/testdata/check_loading + _fails_wrong_classname.stderr, plugins/python/regress/testdata/check + _multiple_approval_plugin_and_arguments.stdout, + plugins/python/regress/testhelpers.h: + Make most python tests pass with Python 3.4 Dictionary order is not + stable in Python < 3.6 so we need to sort by key to have consistent + results. The LogHandler output is also different on older Python + versions. Also, don't stop running python tests after the first + error. + [aaa06cb5fac1] + + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Increase the maximum delay again for slower systems. Otherwise we + may get a spurious test failure. + [6660908aa93d] + + * plugins/python/Makefile.in, plugins/sudoers/Makefile.in, + scripts/mkdep.pl: + Handle dependencies for .h files in the same directory as the + source. Fixes missing header dependencies for the sudoers and python + plugins. + [3109dd5cf61e] + + * etc/sudo.pp: + Remove bits for Tru64 kit-style packages + [0e9a9580d76c] + + * MANIFEST, Makefile.in, configure, configure.ac, etc/sudo-logsrvd.pp, + etc/sudo-python.pp, etc/sudo.pp: + Split sudo_logsrvd and the python plugin into their own packages. + [9aee8247f0ba] + + * scripts/mkpkg: + Build python packages where possible. + [7a2b993bb8ac] + +2020-04-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Don't pass a NULL submitcwd or ttyname value to the server. It is + possible for the cwd and/or tty to be missing. If we send a NULL + pointer to the server where it expects a string the AcceptMessage + will fail to parse. + [4f96d1c6e41c] + + * include/sudo_plugin.h: + Disable -Wstrict-prototypes for sudo_hook_fn_t typedef. + [15d2a1332865] + + * plugins/python/python_plugin_common.c: + Fall back to using Py_Finalize() for Python version < 3.6 + [e7ad63e57c79] + +2020-04-06 Robert Manner <robert.manner@balabit.com> + + * logsrvd/eventlog.c: + logsrvd/eventlog.c: add a newline after each log message for logfile + output + [457f77b8f3be] + + * lib/iolog/iolog_fileio.c: + lib/iolog/iolog_fileio.c: do not call fchown on invalid fd + + Fixes the warning in the log: iolog_write_info_file_json: unable to + fchown 0:0 /var/log/...: Bad file descriptor + [bccdaf007db8] + + * logsrvd/iolog_writer.c: + logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually + ==root) + [5a7c447e9619] + +2020-04-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * po/eo.mo, po/eo.po, po/sr.mo, po/sr.po: + Updated translations from translationproject.org + [6e47dbfdba2c] + +2020-04-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * examples/Makefile.in: + Install example sudo_logsrvd.conf file + [c1c6f4c8119d] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make it clear in the sudoers grammar that sudoedit needs file args. + Debian bug #571621 + [b6358b602623] + +2020-04-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Fixed Debian bugs #571621, #596631 and #669687 + [6058c1c46739] + + * doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/env.c: + Truncate the command args at 4096 chars when formatting + SUDO_COMMAND. We have to limit the length of SUDO_COMMAND to avoid + getting E2BIG from execve(2) for very long argument vectors. The + command's environment also counts against the ARG_MAX limit. Debian + bug #596631 + [ff1fa8e3377f] + + * plugins/sudoers/auth/pam.c: + Do not try to delete creds we did not set. If pam_setcred() fails + when opening the PAM session, we don't want to call it with + PAM_DELETE_CRED when closing the session. + [c31039431c46] + +2020-04-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + Add a force flag to sudo_auth_cleanup() to force immediate cleanup. + This is used for PAM authentication to make sure pam_end() is called + via sudo_auth_cleanup() when the user authenticates successfully but + sudoers denies the command. Debian bug #669687 + [98cb9d98f547] + + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Increase the maximum delay for slower systems. Otherwise we may get + a spurious test failure. + [e4c1fffd427c] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Document when cwd_optional was added. + [165447e1d7fa] + +2020-03-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + plugins/sudoers/policy.c, src/exec.c, src/sudo.c, src/sudo.h: + Add cwd_optional to command details and enable it in the sudoers + plugin. If cwd_optional is set to true, a failure to set the cwd + will be a warning, not an error, and the command will still run. + Debian bug #598519 + [a6694704d92f] + + * doc/sudo.man.in, doc/sudo.mdoc.in: + The policy close function is responsible for closing the PAM + session. + [db4af211ff75] + + * .clang-format: + Config file for clang-format 8.x and higher based on webkit style. + This approximates what I want the sudo coding style to look like. + Only deviations from webkit style are included. + [d3ec3a8401cf] + + * src/exec_pty.c: + Don't kill the command just because the loop exited unexpectedly. We + currently have no good way to distinguish between an error executing + the command and an error while the command is running. + + In the future, we should have additional status codes so we can tell + what type of condition caused the loop to exit. + + For now, only kill the command if cstat is left uninitialized. + [9492d60783fe] + +2020-03-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Write process ID as an unsigned int (with a cast). On Solaris, pid_t + may be typedef'd as a long but the actual range is 32 bits at most. + [b9a818d77142] + + * doc/LICENSE: + Add license info for a few other files. These are all ISC licensed + but it is still best to have them all listed in one place. + [dd37dc484ea5] + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/ca.mo, + po/ca.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, + po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, + po/ko.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt.mo, + po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, + po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [58d62352abff] + + * lib/util/getusershell.c, lib/util/host_port.c, lib/util/roundup.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, + logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, logsrvd/sendlog.h, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + Some new source files got created with my old email address. + [ede435f55f5c] + + * .gitignore, .hgignore: + Ignore __pycache__ directories. + [5901cfb35a74] + + * include/sudo_iolog.h, lib/iolog/iolog_util.c, logsrvd/sendlog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + iolog_parse_loginfo() now opens the log file itself. + [bf03f505fc94] + + * include/sudo_iolog.h, lib/iolog/Makefile.in, + lib/iolog/iolog_fileio.c, lib/iolog/iolog_util.c, + logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Write an extended I/O info log in JSON format. This will be used by + sudoreplay if it exists to get more information about the command + being replayed. + [5fc89148c214] + + * MANIFEST, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + include/sudo_iolog.h, lib/iolog/Makefile.in, lib/iolog/iolog_json.c, + lib/iolog/iolog_util.c, plugins/sudoers/sudoreplay.c: + Parse I/O JSON info file in JSON if present. The JSON version + includes more information than the original "log" file in the I/O + log dir. + [269ae210ea34] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.h: + Store runenv in the I/O log info file too. + [15f90fb3748f] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Create files for check_iolog_plugin in the build dir, not src dir. + [bdaea95b47fc] + + * include/sudo_json.h, lib/iolog/iolog_fileio.c, lib/util/json.c, + logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + plugins/audit_json/audit_json.c: + Do not use JSON_ARRAY with sudo_json_add_value() + [c74b75adb90f] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_json.c, + lib/iolog/iolog_json.h, + lib/iolog/regress/iolog_json/check_iolog_json.c, + lib/iolog/regress/iolog_json/test1.in, + lib/iolog/regress/iolog_json/test2.in, + lib/iolog/regress/iolog_json/test2.out.ok, + lib/iolog/regress/iolog_json/test3.in, lib/util/json.c: + Add tests for the simple json parser. + [9ede5000f4c7] + + * lib/iolog/iolog_json.c: + Simply the JSON parsing code a bit. We can use a single stack for + nested objects and arrays. There is also no need to track the + current object and array separately. This allows us to remove the + array special case when assigning a value. + [4a34e528d9f0] + + * NEWS: + Update NEWS for 1.9.0b5 changes + [bf8db62788d3] + + * logsrvd/logsrvd.c: + sudo_logsrvd now exits with an error if it cannot open any listen + sockets. + [47a22f71e286] + + * configure, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in, + doc/sudo_logsrvd.mdoc.in, examples/sudo_logsrvd.conf, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + m4/sudo.m4, pathnames.h.in: + Create a pidfile for sudo_logsrvd when not run with the -n flag. + [9f1b8edff6cc] + + * etc/sudo.pp: + Add sudo_logsrvd as a service so it gets started at boot. + [d2ac9eb87dbf] + + * plugins/sudoers/po/sudoers.pot: + Update sudoers.pot with json parser warnings. + [2b277f799d2e] + +2020-03-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * scripts/mkpkg: + Enable OpenSSL on systems that can support it. + [976370b9d9db] + +2020-03-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, logsrvd/logsrvd.c: + Add configure check for SSL_CTX_get0_certificate(). Dummy out + verify_server_cert() if it is not present to allow building on older + OpenSSL versions. Rewriting this to work with old OpenSSL is not + worth the trouble. + [61349d2533fe] + + * lib/iolog/hostcheck.c: + Include stdlib.h for malloc(3) prototype. We shouldn't rely on it to + be implicitly included via OpenSSL headers. + [9f4f7d3d3662] + +2020-03-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Only set errstr for plugin API version 1.15 and above. + [780722091e9f] + +2020-03-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Sudo 1.8.31p1 + [40629e6fd692] + + * src/limits.c: + Ignore a failure to restore the RLIMIT_CORE resource limit. Linux + containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY + if we set the limit to zero, even for root. This is not a problem + outside the container. + [1064b906ca68] + +2020-03-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [72ca06a294b4] + + * include/sudo_event.h, lib/util/event.c: + Add SUDO_EV_MASK to mask off invalid event values. Now used by + sudo_ev_init() to avoid bogus events. + [10a5d1afa1c9] + +2020-03-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/python/regress/iohelpers.c, + plugins/python/regress/testhelpers.c: + Avoid using sprintf(), vsprintf(), strcat(), and strncat(). It is + less error-prone to use functions with a return value that indicates + when truncation ocurred. + [21938a3b1548] + + * plugins/sudoers/match_digest.c: + Work around two Coverity false positives; CID 208813 208815 + [389bf3749ed2] + + * logsrvd/logsrvd.c: + Fix potential use-after-free; Coverity CID 208814 + [e575532efe35] + + * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/ + check_example_debugging_c_calls@info.log, plugins/python/regress/tes + tdata/check_example_debugging_plugin@info.log, + plugins/python/regress/testhelpers.c: + Don't hard-code path to logging/__init__.py or line numbers. Allows + python plugin tests to success on versions other than 3.7. + [659d3d3fcb8b] + + * doc/LICENSE: + Add copyright for the Python bindings. + [cc64df1f85f2] + + * plugins/sudoers/match_command.c: + Fix typo introduced on systems with O_PATH or O_EXEC + [e8fea3eabf99] + + * NEWS: + Update for sudo 1.9.0 + [39158cb4af26] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/match.c, plugins/sudoers/match_command.c, + plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/sudoers_version.h: + Allow the ALL keyword to be specified with a digest list. + [9856ed3cde7f] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/sudo_ldap.h: + Allow a list of digests to be specified for a command. + [e0e9ecee870b] + + * plugins/sudoers/ldap_util.c, plugins/sudoers/parse_ldif.c: + A struct member of type ALL should have its name field set to NULL. + [484b9af004af] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Allow Cmd_Alias in addition to Cmnd_Alias. Some people find using + Cmd_Alias more natural. + [55edb5057091] + +2020-03-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_ruser and pam_rhost sudoers flags. + [b1d494440004] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h: + Store the event base in the client closure. Explicitly passing the + event base removes the need to set a default base. + [0e4ae8d810f8] + + * plugins/sudoers/iolog.c: + Revert change to initialize io_operations earlier. Instead, check + io_operations.open for NULL which is the case for "sudo -V". Also + move the early return in sudoers_io_open() for "sudo -V" until after + we have initialized debugging. + [0e9e7a99725d] + +2020-02-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog.c: + Initialize io_operations earlier. + [ab235d88f8ae] + +2020-02-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Mark up some remaining TODOs + [847c9328a7b5] + + * src/conversation.c: + Sudo's -S option should override the SUDO_CONV_PREFER_TTY flag. + [f5737b68c0bf] + + * plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c, + plugins/python/sudo_python_module.c: + Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__ + [db4f5d7c200e] + +2020-02-27 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_debugging.py, plugins/python/regress/testdata + /check_example_debugging_c_calls@diag.log, plugins/python/regress/te + stdata/check_example_debugging_c_calls@info.log, plugins/python/regr + ess/testdata/check_example_debugging_plugin@err.log, plugins/python/ + regress/testdata/check_example_debugging_plugin@info.log: + plugins/python/regress: add a test and example of using the python + logger + [ed23b3ba375f] + + * MANIFEST, doc/sudo_plugin_python.man.in, + doc/sudo_plugin_python.mdoc.in, plugins/python/Makefile.in, + plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/python_importblocker.c, + plugins/python/python_loghandler.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python/sudo_module: add sudo.LogHandler + + so python log system can be used with sudo logsystem. Loggers use it + by default (the handler is set on the root logger). If that is not + the intent, it can be overridden explicitly. + [45b8902ce188] + +2020-02-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, Makefile.in, config.h.in, configure, configure.ac, + lib/iolog/iolog_fileio.c, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, plugins/sudoers/sudoers.c: + Add --disable-log-server and --disable-log-client configure options. + These can be used to optionally disable building sudo_logsrvd and + support for remote I/O logging in the sudoers plugin respectively. + [bc802e022f22] + +2020-02-26 Robert Manner <robert.manner@balabit.com> + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_loading_fails_missing_classname.stderr, plugins/py + thon/regress/testdata/check_loading_succeeds_with_missing_classname. + stdout: + plugins/python: autodetect ClassName field + + If "ClassName" is not specified, load the one and only sudo.Plugin + from the module (if so), otherwise display which plugins are + available from which the system admin can choose. + [b9dbbf1b6e97] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in, + plugins/python/Makefile.in, plugins/python/python_plugin_common.c: + plugins/python/plugin_common: add a default search path for python + plugins + + If the ModulePath is relative, assume it is under + "/usr/local/libexec/sudo/python" or wherever the sudo plugins are in + a "python" subdirectory. + [5f75db882754] + + * plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_audit_plugin_version_display.stdout, plugi + ns/python/regress/testdata/check_example_debugging_py_calls@info.log + , plugins/python/regress/testdata/check_example_io_plugin_version_di + splay_full.stdout, plugins/python/regress/testdata/check_example_pol + icy_plugin_version_display_full.stdout, plugins/python/regress/testd + ata/check_multiple_approval_plugin_and_arguments.stdout: + plugins/python/regress: update tests for show_version changes + + - plugin->show_version is not marked NULL any more. + - if verbose, it also displays which python class was loaded from + which file + [e30a1e43e3c2] + + * plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: make show_version display the plugin in verbose mode + + Before it only displayed the plugin version, now it also displays + which python plugin is loaded to be more useful. + [8c94175ead70] + + * plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_common.c: + plugins/python/approval: fix show_version crash when it is not + implemented + + For approval plugins show_version is not optional. + [61f6b4679d6b] + +2020-02-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Avoid calling sudoers_policy_exec_setup() on error. We only want to + pass the execution environment back for commands that are accepted + or rejected. Also avoid potentially freeing the wrong pointer when + garbage collection is enabled. + [a3a202e89951] + +2020-02-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/eventlog.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Open event log at config time instead of open/close for each entry. + If logging via syslog, do the openlog() at config time instead. We + still lock the log file prior to writing to it but unlock + immediately after. + [3236bd001160] + + * lib/util/locking.c: + Fix unlocking of an entire file with lockf(). Since lockf() uses the + files's current offset, we need to seek to the start of the file to + unlock the entire file. + [e415af1de6ca] + +2020-02-21 Robert Manner <robert.manner@balabit.com> + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: add approval plugin to supported plugins + [5034917e6902] + +2020-02-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/util.exp.in: + Add sudo_json_free_v1 to symbol exports file too. + [0a91a2986952] + + * lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/sudoers/Makefile.in: + Regenerate dependencies to match the recent JSON changes. + [5da86c77629c] + + * plugins/python/python_convmessage.c: + Add missing check for calloc(3) failure. + [589c32ff2cf1] + +2020-02-19 Robert Manner <robert.manner@balabit.com> + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: document approval plugin and PluginReject + [9e61203dcb8d] + + * plugins/python/sudo_python_module.c: + plugins/python/sudo_python_module.c: remove unused declaration + + We do not use structsequence any more. + [a5570ba5ad8b] + +2020-02-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Re-register listeners on SIGHUP. Previously, a config reload would + refresh the listener address list but the changes had no effect on + the actual addresses being listened on. + [c1c0ada6c594] + + * logsrvd/logsrvd.c: + Fix compilation error when not built with OpenSSL support. Adds a + missing #ifdef HAVE_OPENSSL and reorders code to avoid the need for + a static init_tls_server_context() prototype. + [976c469eeb57] + +2020-02-18 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_common.c: + plugins/python: restore the original python inittab after + interpreter deinit + [b78a5d995de9] + +2020-02-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + include/sudo_json.h, lib/util/json.c, logsrvd/eventlog.c: + Add support for JSON structured logging using syslog. Note that + depending on the system, the default syslog buffer may not be large + enough to store all the logging data. + [15a6667b1198] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + examples/sudo_logsrvd.conf, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Add support for JSON logging in sudo_logsrvd. + [8b013b899e3b] + + * include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in, + plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/regress/sudoers/test10.json.ok, + plugins/sudoers/regress/sudoers/test9.json.ok: + Rework the JSON API to write to a memory buffer, not a stdio stream. + [ec4e4053e95e] + + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + Fix support for reloading the config in sudo_logsrvd. We need to re- + initialize the TLS server context. Also fix a memory leak of the TLS + parameters on reload. + [c4ca45502f3e] + +2020-02-17 Robert Manner <robert.manner@balabit.com> + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_debugging_load@diag.log, + plugins/python/regress/testhelpers.c: + plugins/python: only deinit interpreters when sudo unlinks the + plugin + + This only happens when sudo unloads the last python plugin. The + reason doing so is because there are some python modules which does + not support importing them again after destroying the interpreter + which has imported them previously. + + Another solution would be to just leak the interpreters (let the + kernel free up), but then there might be some python resources like + open files would not get cleaned up correctly if the plugin is badly + written. + + Tests are meant to test the scenario sudo does, so I have modified + them to generally do not unlink but only a few times (~per plugin + type) so it does not use 48 interpreters (one gets started on every + plugin->open) and it is visible at least which type of plugin fails + deinit if there is an error. + [13cdead652aa] + + * plugins/python/python_plugin_common.c, + plugins/python/sudo_python_debug.c: + plugins/python/debug: adapt debug refcount solution of sudoers + plugin + [dc815e383c39] + +2020-02-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + The environment in the accept message is runenv not submitenv. The + I/O logging plugin is passed the environment the command will run + with, not the user's original environment. + [b3e1ee513001] + +2020-02-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_compat.h, lib/iolog/iolog_fileio.c, + plugins/audit_json/audit_json.c, src/utmp.c: + Add compatibility define for fseeko(3). This is better than + cluttering up the code with #ifdefs for obsolete systems. + [a9123f768fe0] + +2020-02-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/regress/testsudoers/test8.out.ok, + plugins/sudoers/regress/testsudoers/test8.sh: + Add test for #include directive without a trailing newline. + [dfcfad5c7c41] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Don't require a newline at the end of include or includedir + directives. + [3d6aa5531609] + +2020-02-14 Robert Manner <robert.manner@balabit.com> + + * plugins/python/regress/testhelpers.c: + plugins/python/regress/testhelpers.c: replace fromisoformat + + fromisoformat is only supported from python >=3.7 + [86bf6de82376] + +2020-02-13 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_common.h, + plugins/python/sudo_python_module.c: + plugins/python: add missing annotations to help cpychecker + [fd66659bd681] + + * plugins/python/python_plugin_common.c: + plugins/python/python_plugin_common.c: release py_args in close + + even if the arguments are not used (eg. when there is no "close" + call in the plugin). + + It was not really a memleak, because interpreter is deinitialized + anyway, which frees the object. + [5de8c111d40d] + + * plugins/python/python_plugin_approval.c: + plugins/python/python_plugin_approval: fix negative ref count + + The python_plugin_api_rc_call function already decrements the + refcount of py_args. Python avoids the double free, but the error + gets shown if using python debug build. + [4370af5b9092] + +2020-02-12 Robert Manner <robert.manner@balabit.com> + + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: still some memleak fix + [c60050b79a5e] + + * plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: make storing errstr more explicit + + The error is always stored in plugin_ctx, but it is only set into + errstr if the API version is enough. (Previously it worked the + opposite: we only stored the error if API level was enough.) + [5b4fa733c876] + + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: strengthen errstr verification + + Tests did not catch the issue where errstr was not set correctly, + but its pointer contained the expected data, because the memory + allocator reused the same space for storing the string. + + Now it is either verified to be NULL, or reset to NULL. + [973e52ed3f68] + + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: simplify plugin option creation + [628142f39c63] + +2020-02-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in, + plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c, + plugins/sample_approval/sample_approval.c, + plugins/sudoers/sudoers_debug.c: + Move duplicated code to parse plugin debug flags to libsudo_util. + There's no need for four copies of sudo_debug_parse_flags(). + [cfd9d624d8b1] + +2020-02-11 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_common.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python/sudo_module: let a reject also supply error message + + Same as sudo.PluginError exception, have a sudo.PluginReject + exception as well. Added common base exception as well. + [e2e36f4778d4] + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/plugin_approval_test.py, plugins/python/regre + ss/testdata/check_multiple_approval_plugin_and_arguments.stderr, plu + gins/python/regress/testdata/check_multiple_approval_plugin_and_argu + ments.stdout, plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: add tests for approval plugin + [31bd830a36fa] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/python_plugin_approval.c, + plugins/python/python_plugin_approval_multi.inc, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/sudo_python_module.c: + plugins/python: add python approval plugin wrapper + [489ef35ac957] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/example_approval_plugin.py: + plugins/python: add python approval plugin example + [4ed865e04c0a] + +2020-02-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/regress/sudoers/test23.in, + plugins/sudoers/regress/sudoers/test23.json.ok, + plugins/sudoers/regress/sudoers/test23.ldif.ok, + plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test23.out.ok, + plugins/sudoers/regress/sudoers/test23.sudo.ok, + plugins/sudoers/regress/sudoers/test23.toke.ok: + Add regress test for parsing Defaults lists. Currently only + env_check, env_delete, env_keep and log_servers are lists. + [dfda2dec37d3] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Clarify that approval close happens after auditing. Also fix a few + typos. + [8f9fb2f0b5a7] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, plugins/sample_approval/sample_approval.c, + src/sudo.c: + Add open and close functions to the approval plugin API. We need a + close function to be able to to free memory allocated for errstr. + Unlike the other plugins, the close function is called immediately + after the plugin's check or show_version function. The plugin does + not remain open until the command completes. + [6611bafc8ace] + + * plugins/audit_json/audit_json.c: + Use unique function names to avoid confusion with front-end + functions. Also add a missing sudo_debug_enter() after debug + registration. + [b127b0997ecb] + + * scripts/log2cl.pl: + Use Text::Wrap instead of perl's built-in format function. This + still breaks log filename incorrectly but is a step in the right + direction. + [2184fe794ecb] + + * Makefile.in, scripts/log2cl.pl: + Avoid changing directory when generating the ChangeLog file. + Instead, pass the repo path to either hg or log2cl.pl + [736e90c9fe6d] + +2020-02-10 Robert Manner <robert.manner@balabit.com> + + * src/sudo.c: + src/sudo.c: call audit plugin close when result is a wait status + [0bfe6bc588a3] + + * Makefile.in: + Makefile.in: fix install target for out of source build + + The scriptdir contained a path relative to where the target was + started. The scripts are called like "$scriptdir/script_name" which + is fine with relative path as well, until the current directory is + not changed. But things like cd $srcdir && $scriptdir/script_name + fails (if building in separate build directory). + [7c0958b47925] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: document python audit plugin support + [2a2f6227bae0] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: document returning error string + [cf32faa3805f] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: update python manual for constant -> enum + changes + [e2cd8737978c] + +2020-02-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, logsrvd/logsrvd.c, + logsrvd/sendlog.c, plugins/group_file/plugin_test.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/logging.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/parse_args.c, src/regress/noexec/check_noexec.c: + Use EXIT_SUCCESS and EXIT_FAILURE more consistently. + [1b78154a35f3] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Mark main sudo usage() function __noreturn__. This splits the usage + printing out into display_usage(). + [400d23c2a6f1] + + * include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in, + plugins/sudoers/cvtsudoers_json.c: + Use json functions from libsudo_util in cvtsudoers. + [c4316ce76fe6] + +2020-02-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sample_approval/sample_approval.c: + Check localtime() return value; coverity CID 208156 + [e2697b46f7e2] + + * plugins/audit_json/audit_json.c: + Check fseeko() return value; coverity CID 207993 + [3abd610ae63b] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + Make restart and elapsed members of the closure structs not + pointers. Fixes coverity CID 207992 + [2dbace19cb6a] + + * lib/iolog/iolog_fileio.c: + Check return value of sudo_lock_file(); coverity CID 207991 + [e2862d70dea8] + + * logsrvd/logsrvd.c: + Only keepalive if accept() succeeded; coverity CID 207990 + [0c35e46495a2] + +2020-02-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in, + generate_test_coverage.sh, include/Makefile.in, + lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in, + lib/zlib/Makefile.in, log2cl.pl, logsrvd/Makefile.in, mkdep.pl, + mkinstalldirs, mkpkg, plugins/audit_json/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, pp, + scripts/generate_test_coverage.sh, scripts/log2cl.pl, + scripts/mkdep.pl, scripts/mkinstalldirs, scripts/mkpkg, scripts/pp, + src/Makefile.in: + Move some scripts from the top level src dir to a scripts dir. + [0be8e958cbc2] + + * MANIFEST, plugins/sample_approval/Makefile.in, + plugins/sample_approval/sample_approval.c, + plugins/sample_approval/sample_approval.exp: + Add sample approval plugin that simply tests for "business hours" + [8005b14fd0c7] + + * Makefile.in, configure, configure.ac: + Add sample approval plugin that simply tests for "business hours" + [9d7370fea2c3] + + * src/load_plugins.c: + Refactor code to alloc and insert a new plugin_container. The only + outlier is the policy plugin which is not part of a list since there + can only be a single policy plugin. + [610c6e01eb0b] + + * plugins/audit_json/audit_json.c: + Tech audit_json about approval plugin accept/reject + [b1e568bacd87] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Add an approval plugin type that runs after the policy plugin. The + basic idea is that the approval plugin adds an additional layer of + policy. There can be multiple approval plugins. + [2b57fac1ad0b] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + plugin documentation fixes: o whitespace cleanup o show_version + doesn't have an errstr argument o document runas_user and + runas_group in command_info[] o add missing .El at before start of + audit section + [73cb9ca71ef7] + +2020-02-06 Robert Manner <robert.manner@balabit.com> + + * plugins/python/sudo_python_module.c: + plugins/python/sudo_python_module.c: fix options_as_dict if no equal + sign + + The intented behaviour was that those get skipped, but the + PyList_GetItem sets the interpreter into error state, so python has + raised exception. + [4f99dd186eb9] + + * plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_audit_plugin_receives_accept.stdout, plugi + ns/python/regress/testdata/check_example_audit_plugin_receives_error + .stdout, plugins/python/regress/testdata/check_example_audit_plugin_ + receives_reject.stdout, plugins/python/regress/testdata/check_exampl + e_audit_plugin_version_display.stdout, plugins/python/regress/testda + ta/check_example_audit_plugin_workflow_multiple.stderr, plugins/pyth + on/regress/testdata/check_example_audit_plugin_workflow_multiple.std + out: + plugins/python/regress/check_python_examples: add audit_plugin tests + [fcc483a569ff] + + * plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python/python_plugin_common: close can get custom arguments + + For the audit plugin. Ensure we do not fail if + plugin_ctx->py_instance is NULL (because plugin init has failed). + [dd1c0be3d8e7] + + * plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/regress/test + data/check_example_io_plugin_fails_with_python_backtrace.stdout: + plugins/python/example_*.py: document returning error string + [ee55ef4a3cb6] + + * plugins/python/example_conversation.py, + plugins/python/example_debugging.py, + plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/regress/test + data/check_example_debugging_c_calls@info.log, plugins/python/regres + s/testdata/check_example_debugging_plugin@info.log, plugins/python/r + egress/testdata/check_example_io_plugin_fails_with_python_backtrace. + stdout: + plugins/python/example*.py: pep8 fixes (mainly line too long) + [56b15859cc9a] + +2020-02-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/audit_json/audit_json.exp: + Exported symbol is audit_json + [a39e9cc1047b] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + Silence lint warning. + [fbba7f8dc3ef] + + * plugins/sudoers/policy.c: + Add runas_user and runas_group (if set) to command_info for audit + plugin. Otherwise, the audit plugin has to look up the runas name + and group by user or group ID. + [711731384693] + + * src/tgetpass.c: + Only enable pwfeedback when reading password from /dev/tty. This + effectively disables pwfeedback when the -S or -A options are used. + [71da469aab20] + +2020-02-05 Robert Manner <robert.manner@balabit.com> + + * plugins/python/regress/check_python_examples.c: + plugins/python/regress: load/unload module for each testcase + + so they can start from clean state. (My problem was optional + argument tests has destroyed the callbacks.) + [ab90adbb9328] + + * plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python: add support for callback errstr arguments + + Plugins can raise a sudo.PluginError exception to add context + message for the failure. + + The callback's errstr gets filled up with the specified message. + But, as sudo expects a string constant (will not free the string), + we store it in the plugin context at least until next callback + invocation. + [240bf4c627f0] + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/plugin_errorstr.py: + plugins/python/regress: add test for callback error msg return + [44a71a20f94c] + + * plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python_plugin_io,policy: fix version display in verbose mode + + Unfortunately the test did not catch this mistake, because it only + searches that "Python policy plugin API version" string is present + and does not check the version. + [7da28d01063f] + +2020-02-04 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_conversation.py, + plugins/python/example_debugging.py, + plugins/python/example_group_plugin.py, + plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, plugins/python/pyhelpers.c, + plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c, p + lugins/python/regress/testdata/check_example_debugging_c_calls@diag. + log, plugins/python/regress/testdata/check_example_debugging_c_calls + @info.log, plugins/python/regress/testdata/check_example_group_plugi + n_is_able_to_debug.log, plugins/python/sudo_python_module.c: + plugins/python/sudo_python_module.c: use IntEnums instead of + constants + + It is a bit more code, but it is more "pythonic" and easier to debug + as the enum values also know their names. + + It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as + sudo.RC will be the "type" of the enum, but I guess that is + acceptable before the initial release. + [2a0845428e2b] + +2020-02-03 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_policy.c: + plugins/python/python_plugin_policy: add missing debug return + [2bf4cc35de9c] + +2020-02-03 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/sendlog.c: + fixed compiler error when sudo is configured without --enable- + openssl + [fb19fb96c41d] + +2020-02-03 Robert Manner <robert.manner@balabit.com> + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/python_plugin_audit.c, + plugins/python/python_plugin_audit_multi.inc, + plugins/python/sudo_python_module.c: + plugins/python: add python audit plugin wrapper + [92bf3ccbd35d] + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/example_audit_plugin.py: + plugins/python: add example python audit plugin + [15abd19f6fdb] + +2020-02-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_plugin.man.in: + Regenerate .man.in files from .mdoc.in + [6d04628b3bbb] + + * doc/sudo_plugin.mdoc.in: + Update documentation for setbase when the given base is NULL. + [03054c46d322] + + * plugins/sudoers/iolog_client.c, src/sudo.c: + For plugin events, set the sudo event base for setbase(NULL). This + makes it possible for a plugin to change the event base to a local + one and then reset it back to its original value. + [f95ab1a5fd5a] + +2020-02-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Don't display "error in event loop" on loop break reading + ServerHello. We should already have displayed a more useful error + message. Otherwise, we can get two "error in event loop" warnings if + the TLS handshake fails (in addition to other error messages). + [c42b8158ab36] + +2020-01-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Read ServerHello message synchronously before the command is + executed. Otherwise, the command could be run before the TLS + handshake completes. + [4dab1676ae41] + +2020-01-31 Robert Manner <robert.manner@balabit.com> + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_convmessage.c: + plugins/python/pyhelpers: add helpers for attribute handling + + to simplify code a bit. + [c3eb52c88a04] + +2020-01-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.mdoc.in: + Document audit plugin in the sudo_plugin manual. + [e2aab376bae1] + + * include/sudo_plugin.h, plugins/audit_json/audit_json.c, src/sudo.c: + Change audit close arguments to a type and value. That way we can + distinguish between different error types. + [37abbe9f39b5] + + * MANIFEST, Makefile.in, configure, configure.ac, m4/sudo.m4, + pathnames.h.in, plugins/audit_json/Makefile.in, + plugins/audit_json/audit_json.c, plugins/audit_json/audit_json.exp: + Example audit plugin that writes JSON output to a log file. + [295d9d1a1209] + + * plugins/python/python_plugin_io.c, + plugins/python/python_plugin_io_multi.inc, + plugins/python/python_plugin_policy.c, + plugins/python/regress/check_python_examples.c: + Adapt python plugin to new plugin API changes + [974e76db3a3a] + + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Pass back a failure or error string to the front end. The + audit_failure() function now stores the failure string. This will + allow an audit plugin to log the reason if the user's request is a + rejected. + [5bb4e000a7ec] + + * doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Define a new plugin type that receives accept and reject messages. + This can be used to implement logging-only plugins. The plugin + functions now take an errstr argument that can be used to return an + error string to be logged on failure or error. + [361aab49325f] + + * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h, + lib/util/arc4random.c, lib/util/arc4random_buf.c: + Add tests for arc4random_buf() and an implementation for those + without. + [e89dabfd5a41] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/util.exp.in, lib/util/uuid.c: + Add code to generate universally unique identifiers. We create type + 4, variant 1 uuids (random). + [22aff362662e] + + * MANIFEST, include/sudo_json.h, lib/util/Makefile.in, + lib/util/json.c, lib/util/util.exp.in: + Add a simple API for writing JSON records. To be used by the + upcoming JSON audit module. + [734b29194a82] + +2020-01-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Sudo 1.8.31 changes. + [3d12f4cb4d9f] + + * src/tgetpass.c: + Fix a buffer overflow when pwfeedback is enabled and input is a not + a tty. In getln() if the user enters ^U (erase line) and the + write(2) fails, the remaining buffer size is reset but the current + pointer is not. While here, fix an incorrect break for erase when + write(2) fails. Also disable pwfeedback when input is not a tty as + it cannot work. CVE-2019-18634 Credit: Joe Vennix from Apple + Information Security. + [4830bdf1a683] + +2020-01-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Fix warning about unresolved host name with "sudo -l -h hostname". + The resolve_host() function returns 0 on success, not bool. + [9af5bb6e4036] + + * configure, configure.ac: + Check for presence of fseeko() regardless of utmp type. + [d0c254ba8311] + + * plugins/python/regress/check_python_examples.c: + Fix typo in a test: python_policy->close not python_io->close + [34d8631cc501] + + * lib/util/getentropy.c: + Allow getentropy.c to compile when MAP_ANON is unavailable. + [d707e07f1a9c] + + * MANIFEST, lib/util/Makefile.in, lib/util/arc4random.c, + lib/util/arc4random.h: + Remove multi-thread support from arc4random. Sudo is not multi- + threaded so we don't need the added complexity. + [77c1795e0aaa] + +2020-01-28 Robert Manner <robert.manner@balabit.com> + + * plugins/python/sudo_python_module.c: + plugins/sudo_python_module: Fix double free in sudo.options_as_dict + function + + PyArg_ParseTuple sets the py_config_tuple pointer, but it does not + increment the reference count, so by decrementing, we end up freeing + the argument passed in. + [511aeb75a905] + + * plugins/python/example_io_plugin.py, plugins/python/regress/testdata + /check_example_io_plugin_fails_with_python_backtrace.stdout: + plugins/python/example_io_plugin: close the file at destroy + + to avoid warning of debug python build. + [6730352ab2d8] + +2020-01-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/arc4random.h, lib/util/getentropy.c: + Backed out changeset 9dce3ebb2c37 MAP_SGI_ANYADDR cannot be used in + place of MAP_ANON + [b261d200435a] + +2020-01-28 Robert Manner <robert.manner@balabit.com> + + * plugins/python/Makefile.in, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python: memleak fixes in test + + The main problem was that string array objects were constructed + differently: + - if constructed by the test, then the elements were constant + - if constructed by the plugin, then the elements were allocated + + Modified it so that now each array contains allocated strings so + they can be handled similarly. For freeing, I have used the + str_array_free function from the plugin, so I have linked its object + into the test runner. + + Happy path is now free of "definitely lost" memleaks, so the test + can be used for valgrind. + [657ffd948be5] + +2020-01-28 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + Refactor sudo_sendlog in order to be able to send one I/O log + multiple times in parallel (for testing purposes) + [c9afea455ab6] + +2020-01-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/arc4random.h, lib/util/getentropy.c: + Fix compilation on IRIX; Bug #915 IRIX lacks MAP_ANON (and + MAP_ANONYMOUS) but we can use the IRIX-specific flag MAP_SGI_ANYADDR + instead. From Kazuo Kuroi + [9dce3ebb2c37] + +2020-01-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check.c: + Fix crash in sudo 1.8.30 when suspending sudo at the password + prompt. The closure pointer in sudo_conv_callback was being filled + in with a struct getpass_closure ** instead of a struct + getpass_closure *. The bug was introduced in the fix for Bug #910; + previously the closure variable was a struct getpass_closure, not a + pointer. Fix from Michael Norton; Bug #914. + [011b6a7663ef] + +2020-01-24 Robert Manner <robert.manner@balabit.com> + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: use separate python interpreter for each plugin + + On each plugin initialization we create a separate python + interpreter which gets stored in the plugin_ctx. The main + interpreter is stored in py_ctx and is used for creating more + interpreters (if more plugins get loaded) and final python + deinitialization. + + The "traceback" module import and the ImportBlocker initialization + was moved, because it has to happen inside the plugin specific + interpreters. + [eb9308e5eacb] + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/plugin_conflict.py, plugins/python/regress/te + stdata/check_python_plugins_do_not_affect_each_other.stdout: + plugins/python/regress: add a failing textcase about python plugins + affect each other + + Since python plugins are run inside the same interpreter, they + affect each other's state, which would be better to avoid. + [1628425d608c] + +2020-01-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in: + Document new tls_verify setting. + [3e4bc6e4d301] + + * config.h.in, configure, configure.ac: + Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version + Also use AC_CHECK_FUNCS to check for the other OpenSSL functions + [f3e36090a31e] + +2020-01-23 Robert Manner <robert.manner@balabit.com> + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: update doc about the multiple I/O plugin + loading + [08e7c479954b] + + * plugins/python/Makefile.in: + plugins/python/Makefile.in: update autogenerated header dependencies + [54c0c7f11046] + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/python_plugin_common.c, + plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_io_plugin_command_log_multiple.stderr, + plugins/python/sudo_python_module.c: + plugins/python/pyhelpers: have a default sudo_printf function + + Adapted the default sudo_printf from sudoers plugin to be able to + print errors before plugin open() gets called. (This is used by the + multiple io plugin loading to display error for too much plugin + load.) + + Since this makes us always have a sudo_log, I have removed the logic + about whether it is available or not. + [fdd4842b3ba2] + + * src/load_plugins.c: + src/load_plugins.c: plugins can supply a clone function + + if they want to support getting loaded multiple times. + [33ff0027f686] + +2020-01-23 Laszlo Orban <laszlo.orban@quest.com> + + * examples/sudo_logsrvd.conf, include/log_server.pb-c.h, + lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_client.c: + logserver option to disable certificate verification on server side + and server authentication on client side + [9b171f3af727] + +2020-01-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/load_plugins.c: + Refactor code to allocate and fill struct plugin_container. This + will help avoid duplicate code in the audit and approval plugins. + [8ad9ba987131] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudo_logsrvd.conf: + Document TCP keepalive options in the manual pages. + [7afe9293b503] + + * doc/CONTRIBUTORS: + Add proper diacritical to Róbert's name. + [9ca9ea59cdd4] + +2020-01-22 Robert Manner <robert.manner@balabit.com> + + * plugins/python/regress/check_python_examples.c, plugins/python/regre + ss/testdata/check_example_io_plugin_command_log_multiple.stderr, plu + gins/python/regress/testdata/check_example_io_plugin_command_log_mul + tiple.stdout, plugins/python/regress/testdata/check_example_io_plugi + n_command_log_multiple1.stored, plugins/python/regress/testdata/chec + k_example_io_plugin_command_log_multiple2.stored, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: add a testcase for multiple io plugin + loading + + to verify 2 python plugins can work next to each other. + [916dd4f44bcf] + +2020-01-22 Laszlo Orban <laszlo.orban@quest.com> + + * include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Rename tls_checkpeer to tls_reqcert in ServerHello message + [b69630f1f5b4] + +2020-01-22 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c: + plugins/python: fix return value typo for the error case + [a7088391d8fb] + +2020-01-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * etc/sudo.pp, examples/Makefile.in, examples/sudo.conf.in: + Install a default sudo.conf file. + [e2b4613cced9] + + * aclocal.m4, autogen.sh, config.h.in, configure, configure.ac, + include/sudo_compat.h, logsrvd/logsrvd.c, logsrvd/sendlog.c, + plugins/sudoers/iolog_client.c: + Add support for building on OpenSSL 1.0.2. This adds compatibility + defines for some OpenSSL 1.1.x functions. + [17e50378c8ee] + +2020-01-21 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_io.c, + plugins/python/python_plugin_io_multi.inc: + plugins/python/plugin_io: enable loading of multiple io plugins + + Separate sudo io plugin symbols are created which stores wrapper + functions adding the context of which python plugin the callback is + about. + + These sudo io plugin "slots" get generated with macros by the + preprocessor. + + This makes sudo support loading multiple python IO plugins like + this: (note the differences in the symbol names) + + Plugin python_io python_plugin.so ModulePath=... + ClassName=SudoIOPlugin1 Plugin python_io1 python_plugin.so + ModulePath=... ClassName=SudoIOPlugin2 Plugin python_io2 + python_plugin.so ModulePath=... ClassName=SudoIOPlugin3 + [cb45052d227a] + +2020-01-21 Laszlo Orban <laszlo.orban@quest.com> + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, plugins/sudoers/policy.c: + sudoers: disable SO_KEEPALIVE socket option based on + log_server_disable_keepalive flag in sudoers + [ad48ee6fbcb7] + + * examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + logserver: enable/disable SO_KEEPALIVE socket option based on + tcp_keepalive configuration option in sudo_logsrvd.conf + [c0d919468e95] + +2020-01-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/hostcheck.h: + No need to export the validate_hostname() symbol. We don't export + symbols in convenience libraries, only installed DSOs. + [f26897793700] + + * lib/iolog/hostcheck.c: + Fix a few pointer signedness warnings on Linux. + [6a4f68430e69] + + * include/sudo_compat.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h, src/net_ifs.c: + Store the server host name and IP in client_closure_fill(). Also + check for getpeername() and inet_ntop() failure. + [22df6ff5fcaf] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. If we + get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume the + SSL_read(), not call SSL_write() as we were doing. Likewise for + SSL_ERROR_WANT_READ received from SSL_write(). This introduces a + flag so we call the proper callback even when the I/O direction + doesn't match the read/write calls. + [7162125ad7b7] + + * lib/util/Makefile.in: + Add siglist.c and signame.c as dependencies for depend target. Fixes + running "make depend" in lib/util dir when siglist.c or signame.c + are not already present. + [9d7aa4107136] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/iolog/Makefile.in, lib/logsrv/Makefile.in, + lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add abs_top_srcdir and abs_top_builddir and use them. Configure + provides absolution versions of srcdir, builddir, top_srcdir and + top_builddir. We can use these instead of calling pwd. + [597ba26af997] + +2020-01-20 Robert Manner <robert.manner@balabit.com> + + * plugins/python/Makefile.in: + plugins/python/Makefile.in: remove path prefix from examples to make + install target work + [ba31bde08e17] + +2020-01-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/iolog/Makefile.in: + Rebuild dependencies after hostcheck.c include changes. + [3a4e808e5038] + +2020-01-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/hostcheck.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c, + plugins/sudoers/iolog_client.c: + Add debugging statements to certificate checks. + [81f813c8c1f1] + + * MANIFEST, lib/iolog/Makefile.in, lib/iolog/hostcheck.c, + plugins/sudoers/iolog.c: + Portability fixes and correct path to hostcheck.h in MANIFEST. + Include sys/socket.h for getpeername(). Link with -lnsl on Solaris + to get inet_pton(). + [060371a21669] + + * lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in, + lib/zlib/Makefile.in, logsrvd/Makefile.in, + plugins/group_file/Makefile.in, plugins/python/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Using "libtool --clean" to remove regular files is slow. We only + need to use libtool's clean mode to remove files created by libtool. + [510af2b052c6] + +2020-01-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * .gitignore, .hgignore: + Add examples/sudo.conf to ignore files. + [9eb86d1b8661] + + * doc/sudo.conf.mdoc.in, examples/sudo.conf.in: + Remove whitespace at the end of the line in example sudo.conf + [88b0ae1f8a18] + + * doc/sudo_plugin_python.mdoc.in: + Fix mdoc lint warnings by removing .Pp before and after .Ss. + [e59218682d7f] + +2020-01-17 Robert Manner <robert.manner@balabit.com> + + * plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/iohelpers.h, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: add missing license texts + [b0e4b41b2834] + +2020-01-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Fix TLS accept when SSL_accept() returns SSL_ERROR_WANT_WRITE. We + need to switch from SUDO_EV_READ to SUDO_EV_WRITE for this case. + [71ada9bfa056] + + * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. We + need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case. + Also make the tls connect events private to tls_timed_connect() with + their own closure. There is no need to store them in the client + closure. + [afda37d1dd26] + + * logsrvd/iolog_writer.c: + Store submit time in struct iolog_info. Fixes missing time stamp in + remote I/O log info file. + [dcd1dfa00646] + + * src/sudo_edit.c: + Treat EROFS (like EACCES) as a non-fatal error in dir_is_writable(). + Fixes sudoedit on macOS 10.15 and above where the root file system + is mounted read-only. See https://support.apple.com/en-us/HT210650. + From Dan Villiom Podlaski Christiansen. Bug #913 + [cc636a1af1b6] + +2020-01-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/event.c, plugins/sudoers/iolog_client.c: + Really fix flushing of data in client_close(). Now that we call + fmt_exit_message() from client_close() we do not need to try to + determine whether the read or write events were pending in the old + base. + + We can't tell anyway because the active flag in the event was + cleared when the old sudo event base was destroyed. It is correct to + enable both the read and write events after formatting the + ExitMessage. + [c59e77060c37] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_path_escapes.c: + Use SUDOERS_DEBUG_* not SUDO_DEBUG_* in debug_decl() for the sudoers + plugin. + [2d0c049e689e] + + * src/sudo.c, src/sudo_plugin_int.h: + Wrap calls to plugin event callbacks to use the plugin's debug + instance. Otherwise, the debug output in a plugin's event callback + will go to the sudo debug file, not sudoers. + [02e227cfc715] + + * lib/util/regress/strsig/strsig_test.c: + FreeBSD is missing SIGLWP (aka SIGTHR) in sys_signame[]. Don't test + SIGLWP on FreeBSD where it is reserved for the thread library and is + not listed in sys_signame[]. + [95cbafc79b4d] + + * configure, configure.ac: + We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. + Otherwise, LD_LIBRARY_PATH does not work when running the tests. The + GNU linker's --enable-new-dtags can be used to do this. We don't do + this on NetBSD where RPATH already supports LD_LIBRARY_PATH. + [2c6c9a348d81] + +2020-01-15 Laszlo Orban <laszlo.orban@quest.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog_client.c: + do server identity validation in iolog plugin + [b1bec55bbed6] + + * logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + do client identity validation in logserver + [e415409dfe0b] + + * MANIFEST, include/hostcheck.h, lib/iolog/Makefile.in, + lib/iolog/hostcheck.c: + implement host validation for the audit server SSL certificates + [7f48e57bece2] + +2020-01-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers_debug.c: + Fix reference counting when both sudoers policy and I/O log are + loaded. If both sudoers policy and I/O log plugins are loaded, + debug_files will be empty when the I/O plugin is initialized. This + changes the logic to always increase the reference count if the + instance is valid. + [18adfeb3727b] + + * src/load_plugins.c: + Fix handling of duplicate policy and I/O plugins. The warning + message said the later I/O plugin was ignored but it actually + overwrote the existing one instead. The first registered plugin of + the same name now is used, as was intended. Specifying more than one + policy plugin is no longer a fatal error; this allows the admin to + fix the situation. + [dde476072346] + +2020-01-14 Robert Manner <robert.manner@balabit.com> + + * aclocal.m4, configure, configure.ac, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h, + plugins/python/sudo_python_debug.h: + plugins/python: various portability improvements + [d6aa5e2585ef] + + * plugins/python/example_conversation.py, + plugins/python/example_io_plugin.py, plugins/python/regress/testdata + /check_example_conversation_plugin_reason_log_with_suspend.stdout, p + lugins/python/regress/testdata/check_example_io_plugin_command_log.s + tored, plugins/python/regress/testdata/check_example_io_plugin_fails + _with_python_backtrace.stdout: + plugins/python/example_{io,conversation}: avoid printing signal + number + + They are platform dependant, so their test would fail on some + platforms. While we could create separate plugin for the tests, I + like the idea that the examples are ensured to be working. + + I believe this is a good compromise for being able to auto update + the test cases. + [7b46d305e7d9] + + * plugins/python/Makefile.in, + plugins/python/regress/check_python_examples.c: + plugins/python/regress: load the python plugin dynamically + + instead of linking with it. + [084c61e7d565] + +2020-01-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_edit.c: + For sudoedit_checkdir consider a user-owner directory to be + writable. The non-faccessat() code already did this so this just + brings the faccessat() path into alignment. Bug #912 + [91a1a9c0ba40] + +2020-01-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/CONTRIBUTORS: + Add newline before list of artwork authors. + [1be0fe5f7d7a] + + * doc/LICENSE: + Update copyright year. + [f4ef4c1990af] + +2020-01-10 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_policy_plugin.py: + plugins/python/example_policy_plugin.py: extend user env changing + example + + Make the demonstration extend the environment with a new variable. + Easier to read, and makes the testing able to check for that it is + working. + [77c09cc38298] + + * generate_test_coverage.sh: + generate_test_coverage.sh: example script to ease test coverage + generation + + Uses lcov and genhtml to generate test coverage. It is meant to be + run in a clean directory. Extra configure options can be added as + script arguments. + + Example execution: + + mkdir build cd build ../generate_test_coverage.sh --enable-python + [a52c480639aa] + +2020-01-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + Remove MAXSYSLOGTRIES, it is no longer used. + [dbd274fd8330] + +2020-01-09 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_common.c, + plugins/python/python_plugin_policy.c: + plugins/python/python_plugin_policy: fix validate() call + + When calling validate() python function, TypeError exception was + thrown ("argument list must be a tuple"), because the call does not + have arguments, and python does not accept empty tuple for + execution. NULL must be used instead, which was handled as argument + construction failure previously. + [5ac3c2acee9b] + + * plugins/python/example_policy_plugin.py: + plugins/python/example_policy_plugin.py: make allowed_commands + ordered + + Storing them as "tuple" instead of "set", so they have a fix order. + This makes the output of the list() example stable. ("set" is + printed out in random order) + [470ccf46a088] + + * plugins/python/example_io_plugin.py, + plugins/python/example_policy_plugin.py, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: fix confusing version display + + IO/Group/Policy Python API version is displayed instead of sudo + version, because that is not very meaningful in this context. + + They are only displayed in verbose mode. + + Example plugins express it more concrete that they are displaying + their version, not the API version. + [af9d969231a9] + +2020-01-08 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_conversation.py: + plugins/python/example_conversation.py: make log path configurable + + Similarly to IO plugin example. (It is easier to test it this way.) + [6526a842ee21] + +2020-01-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo.c: + Iterate over io_plugins list in the iolog_* wrappers. Moving the + iteration into the wrapper functions simplifies the calling code. + [1e803fb8fd1f] + + * src/sudo.c: + policy_plugin is global, no need to pass it to policy_* functions. + [676c85f87b3c] + + * configure, configure.ac: + If --enable-openssl or --enable-gcrypt is given a path, append to + LDFLAGS. Previously we appended the path to SUDOERS_LDFLAGS but now + that we use OpenSSL in the log server, LDFLAGS is the correct one to + use. + [8b30cffe500f] + + * doc/CONTRIBUTORS: + Add Robert Manner + [fe8bb27dcff3] + +2020-01-07 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_io_plugin.py: + plugins/python/example_io_plugin.py: fix backtrace during destructor + + If the plugin fails to open the file for writing, constructor will + raise an exception and exit before creating the "_log" member + variable. So the destructor will also raise a backtrace. (Which + python ignores, but dumps out to stderr.) + [09cfa2edb38c] + + * plugins/python/python_plugin_common.c: + plugins/python/python_plugin_common: raise debug level for module + import + [b261d22e3c2e] + + * plugins/python/regress/testdata/check_example_conversation_plugin_re + ason_log_with_suspend.conversation, plugins/python/regress/testdata/ + check_example_conversation_plugin_reason_log_with_suspend.stderr, pl + ugins/python/regress/testdata/check_example_conversation_plugin_reas + on_log_with_suspend.stdout, plugins/python/regress/testdata/check_ex + ample_conversation_plugin_reason_log_with_suspend.stored, plugins/py + thon/regress/testdata/check_example_conversation_plugin_reason_log_w + ithout_suspend.conversation, plugins/python/regress/testdata/check_e + xample_conversation_plugin_reason_log_without_suspend.stderr, plugin + s/python/regress/testdata/check_example_conversation_plugin_reason_l + og_without_suspend.stdout, plugins/python/regress/testdata/check_exa + mple_conversation_plugin_reason_log_without_suspend.stored, plugins/ + python/regress/testdata/check_example_conversation_plugin_user_inter + rupts.conv, plugins/python/regress/testdata/check_example_conversati + on_plugin_user_interrupts.conversation, plugins/python/regress/testd + ata/check_example_conversation_plugin_user_interrupts.stderr, plugin + s/python/regress/testdata/check_example_conversation_plugin_user_int + errupts.stdout, plugins/python/regress/testdata/check_example_debugg + ing_c_calls@diag.log, plugins/python/regress/testdata/check_example_ + debugging_c_calls@info.log, plugins/python/regress/testdata/check_ex + ample_debugging_load@diag.log, plugins/python/regress/testdata/check + _example_debugging_plugin@err.log, plugins/python/regress/testdata/c + heck_example_debugging_plugin@info.log, plugins/python/regress/testd + ata/check_example_debugging_py_calls@diag.log, plugins/python/regres + s/testdata/check_example_debugging_py_calls@info.log, plugins/python + /regress/testdata/check_example_debugging_sudo_cb@info.log, plugins/ + python/regress/testdata/check_example_group_plugin_is_able_to_debug. + log, plugins/python/regress/testdata/check_example_io_plugin_command + _log.stderr, plugins/python/regress/testdata/check_example_io_plugin + _command_log.stdout, plugins/python/regress/testdata/check_example_i + o_plugin_command_log.stored, plugins/python/regress/testdata/check_e + xample_io_plugin_failed_to_start_command.stderr, plugins/python/regr + ess/testdata/check_example_io_plugin_failed_to_start_command.stdout, + plugins/python/regress/testdata/check_example_io_plugin_failed_to_st + art_command.stored, plugins/python/regress/testdata/check_example_io + _plugin_fails_with_python_backtrace.stderr, plugins/python/regress/t + estdata/check_example_io_plugin_fails_with_python_backtrace.stdout, + p + lugins/python/regress/testdata/check_example_io_plugin_version_displ + ay.stderr, plugins/python/regress/testdata/check_example_io_plugin_v + ersion_display.stdout, plugins/python/regress/testdata/check_example + _io_plugin_version_display.stored, plugins/python/regress/testdata/c + heck_example_policy_plugin_accepted_execution.stderr, plugins/python + /regress/testdata/check_example_policy_plugin_accepted_execution.std + out, plugins/python/regress/testdata/check_example_policy_plugin_den + ied_execution.stderr, plugins/python/regress/testdata/check_example_ + policy_plugin_denied_execution.stdout, plugins/python/regress/testda + ta/check_example_policy_plugin_failed_execution.stderr, plugins/pyth + on/regress/testdata/check_example_policy_plugin_failed_execution.std + out, plugins/python/regress/testdata/check_example_policy_plugin_lis + t.stderr, plugins/python/regress/testdata/check_example_policy_plugi + n_list.stdout, plugins/python/regress/testdata/check_example_policy_ + plugin_validate_invalidate.log, plugins/python/regress/testdata/chec + k_example_policy_plugin_version_display.stderr, plugins/python/regre + ss/testdata/check_example_policy_plugin_version_display.stdout, plug + ins/python/regress/testdata/check_loading_fails_missing_classname.st + derr, plugins/python/regress/testdata/check_loading_fails_missing_cl + assname.stdout, plugins/python/regress/testdata/check_loading_fails_ + missing_path.stderr, plugins/python/regress/testdata/check_loading_f + ails_missing_path.stdout, plugins/python/regress/testdata/check_load + ing_fails_not_owned_by_root.stderr, plugins/python/regress/testdata/ + check_loading_fails_not_owned_by_root.stdout, plugins/python/regress + /testdata/check_loading_fails_wrong_classname.stderr, plugins/python + /regress/testdata/check_loading_fails_wrong_classname.stdout, plugin + s/python/regress/testdata/check_loading_fails_wrong_path.stderr, plu + gins/python/regress/testdata/check_loading_fails_wrong_path.stdout: + plugins/python/regress/testdata: generated data for the pyplugin + tests + [cec6c9036644] + + * plugins/python/example_debugging.py: + plugins/python/example_debugging: fix typo in comment + [38de8ea0b0e9] + +2020-01-06 Laszlo Orban <laszlo.orban@quest.com> + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + save a pointer to the currently connected audit server in the + closure object + [f1c14c43ab40] + +2020-01-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/timestamp.c: + Sanity check size when converting the first record to TS_LOCKEXCL + Coverity CID 206591 + [5b94873c4051] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c: + Fix coverity CID 206586. Potential use after free calling + gzstrerror() after gzclose(). + [4bcba58004c8] + + * plugins/sudoers/cvtsudoers.c: + Use canonical pattern when freeing a tail queue. Avoids some + coverity false positives when using TAILQ_FOREACH_SAFE to free the + tail queue. + [9019d7ad9958] + +2020-01-03 Robert Manner <robert.manner@balabit.com> + + * MANIFEST, plugins/python/Makefile.in, + plugins/python/regress/check_python_examples.c, + plugins/python/regress/iohelpers.c, + plugins/python/regress/iohelpers.h, + plugins/python/regress/testdata/sudo.conf.developer_mode, + plugins/python/regress/testdata/sudo.conf.normal_mode, + plugins/python/regress/testhelpers.c, + plugins/python/regress/testhelpers.h: + plugins/python/regress: adds tests for python plugin feature and + examples + [7ab4daed9558] + +2020-01-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Avoid potential NULL deref in tls_timed_connect() error path. + Coverity CID 206396 + [730687307b24] + + * logsrvd/sendlog.c: + Check for sudo_ev_add() failure; Coverity CID 206395 206397 + [7008560eac95] + +2020-01-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in: + Update sample sudo.conf with all supported settings. The deprecated + "max_groups" setting is not documented. + [e17f7bf95578] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_parseln/test1.in: + Remove POD-style C<> markup (typewriter font) from sudo.conf + [b69d4743c860] + + * MANIFEST, configure, configure.ac, examples/Makefile.in, + examples/sudo.conf, examples/sudo.conf.in: + Substitute plugin dir into examples/sudo.conf + [8c481a21c098] + +2020-01-02 Robert Manner <robert.manner@balabit.com> + + * plugins/sudoers/sudoers_debug.c: + plugins/sudoers/sudoers_debug.c: fix harmless debug deregistration + warning + + If the debug sudoers subsystem is not registered, because it does + not get any file names to deal with (TAILQ_EMPTY(debug_files)), + deregistration of the subsystem outputs a warning: + + sudo: sudo_debug_deregister_v1: invalid instance ID -1, max -1 + + This patch prevents that by only increasing the refcount if the + debug_instance was registered successfully. + [939042599498] + + * plugins/python/Makefile.in: + plugins/python/Makefile.in: fix the install path of examples + + Examples are installed by default to "docdir", which refers to + PACKAGE_TARNAME variable which was empty for the python plugin + Makefile.in + + So the examples were installed to '.../share/doc/examples' instead + of '.../share/doc/sudo/examples'. This also made them be skipped + from the package. + + Also the install target now depends on install-doc so the examples + gets installed also (similarly as other examples). + [e4c07404a3fc] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + doc/sudo_plugin_python: indent code examples for easier readability + [c91ee22bfc83] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + doc/sudo.conf: document developer_mode option + [127215dca183] + +2019-12-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/UPGRADE: + fix typo in previous + [3031418fba2b] + + * Makefile.in: + In update-pot match *.c not *c. + [77a1139fef99] + + * NEWS, doc/UPGRADE: + Changes in sudo 1.8.30 + [dfaac62074f4] + +2019-12-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in: + Add check for up to date def_data.[ch] in check-dist target. + [ffaf150e76a5] + +2019-12-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/limits.c: + Use 64-bit resource limits on AIX. + [b8b76c47c8a7] + + * src/limits.c: + When restoring old resource limits, try to recover if we receive + EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft + limit is lower than the current resource usage. This can be a + problem when restoring the old stack limit if sudo has raised it. + [50bdbdbea1b7] + + * src/limits.c: + Sudo doesn't require such a large stack. + [f93eb9e0c105] + + * plugins/sudoers/Makefile.in: + Restore check for readable /etc/sudoers in pre-install target. If + there is no installed sudoers there is nothing to check... + [99e65bc54052] + + * config.h.in, configure, configure.ac: + Enable OpenBSD extensions on NetBSD to get reallocarray(3) + prototype. + [e303dca0c1cb] + + * include/sudo_event.h: + Add forward declaration of struct timeval for deprecated APIs. + [e41bdbbbc067] + + * lib/util/sig2str.c, lib/util/str2sig.c: + Fix compilation on systems with SIGRTMIN/SIGRTMAX but not + _SC_RTSIG_MAX. + [8e40c62e00f8] + + * include/sudo_compat.h: + Older systems may not support WCONTINUED. + [730bede52ff0] + + * plugins/sudoers/logging.c: + Support systems that have nl_langinfo(3) but not the CODESET define. + Fixes compilation on old NetBSD versions. + [03e7cff93172] + + * plugins/sudoers/starttime.c: + Fix a typo; HAVE_KINFO_PROC2_NETBSD not HAVE_KINFO_PROC2_NETBSD2 + [0c46a062f888] + +2019-12-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, Makefile.in, configure, configure.ac, + etc/init.d/aix.sh.in, etc/init.d/hpux.sh.in, + etc/init.d/sudo.conf.in, etc/sudo.pp, init.d/aix.sh.in, + init.d/hpux.sh.in, init.d/sudo.conf.in, src/Makefile.in, sudo.pp: + Move init.d and sudo.pp to the etc dir. + [81c9cbbc8ea9] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/cfmakeraw.c: + Add cfmakeraw() for systems without it. + [48f48eaf2a68] + + * MANIFEST: + Remove indent.pro from MANIFEST + [2b6a24282b8c] + + * .gitignore, .hgignore: + Add uncrustify.files to ignore file. + [056b0df738a9] + + * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in: + Substitute @prefix@ in for the example paths. We can't use + @exampledir@ here since it contains Makefile variables. + [1744e2bcc813] + +2019-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_debug.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_path.c, lib/iolog/iolog_util.c, lib/util/aix.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/gettime.c, + lib/util/getusershell.c, lib/util/gidlist.c, lib/util/host_port.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/logfac.c, lib/util/logpri.c, lib/util/mkdir_parents.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/term.c, + lib/util/ttyname_dev.c, lib/util/ttysize.c, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c, + logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, + plugins/python/python_plugin_common.c, + plugins/python/sudo_python_debug.c, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/starttime.c, plugins/sudoers/strlist.c, + plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + debug_decl and debug_decl_vars now require a semicolon at the end. + [c05890653007] + +2019-12-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, doc/Makefile.in, doc/sudo_plugin_python.man.in, + doc/sudo_plugin_python.mdoc.in: + Add sudo_plugin_python manual page. Based on markdown docs from + Robert Manner. + [65f2af21832d] + +2019-12-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c, src/limits.c: + Output the name of the limit when warning about setrlimit or + getrlimit. From Kimmo Suominen. + [92ed66b5cc1f] + +2019-12-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * aclocal.m4, config.h.in, configure: + regen + [81961af46679] + + * MANIFEST: + Add python module files to MANIFEST + [f223a19117bb] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Update SUDO_CONV_REPL_MAX in docs. + [120970879b36] + + * Makefile.in: + Remove uncrustify.files in clean target + [ba843b8f2e80] + +2019-12-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, etc/uncrustify-small.cfg, etc/uncrustify.cfg, + indent.pro: + Add uncrustify config file for new sudo code style. + [7c3b3f733134] + + * include/sudo_plugin.h: + Bump SUDO_CONV_REPL_MAX from 255 to 1023 + [9127fb27eb55] + + * lib/util/digest_gcrypt.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c: + Minor style cleanups. Remove extraneous break after return + statement. Convert two old K&R function declarations. + [19f8b7a3d2d1] + +2019-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/selinux.c: + Save/restore the raw form of the file context in case mctrans is not + available. + [786a04ba33ab] + +2019-12-10 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_plugin_common.c: + plugins/python: make group plugin able to debug + + It does not get the debug settings, so it looks them up through + sudo_conf. + [fe4dbf8345b6] + + * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_conf/test1.out.ok, + lib/util/regress/sudo_conf/test2.out.ok, + lib/util/regress/sudo_conf/test3.out.ok, + lib/util/regress/sudo_conf/test4.out.ok, + lib/util/regress/sudo_conf/test5.out.ok, + lib/util/regress/sudo_conf/test6.out.ok, + lib/util/regress/sudo_conf/test7.out.ok, + lib/util/regress/sudo_conf/test8.err.ok, + lib/util/regress/sudo_conf/test8.in, + lib/util/regress/sudo_conf/test8.out.ok, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/group_plugin.c, + src/load_plugins.c: + src/load_plugins, plugins/sudoers: added developer_mode sudo.conf + option + + It can be used to disable the enforcement that a plugin (shared + object or an imported python module) must be owned by root and not + modifiable by others. This can make plugin development easier. + [a9f86943d30c] + +2019-12-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in, + lib/util/getusershell.c, mkdep.pl, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add runas_check_shell flag to require a runas user to have a valid + shell. Not enabled by default. + [9e7936e0ccfe] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Add a new flag "allow_unknown_runas_id" to control matching of + unknown IDs. Previous, sudo would always allow unknown user or group + IDs if the sudoers entry permitted it. This included the "ALL" + alias. With this change, the admin must explicitly enable support + for unknown IDs. + [ebdbb5c7f60b] + +2019-12-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/term.c: + Use cfmakeraw() in sudo_term_raw() instead of doing it manually. + [b8ff5f81399f] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Fix event loop called via I/O log close function. We need to set + events that were pending in the old base in the new one. Fixes + sending the final I/O log data and the ExitMessage to the server. + [dcba4ce2196c] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_plugin.h, src/sudo.c: + Replace timeleft with pending in sudo plugin event API. + [5f49af23af38] + + * plugins/sudoers/sudoreplay.c: + Use sudo_ev_pending() instead of the deprecated sudo_ev_timeleft(). + [c6cce5275f1e] + + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in: + Add sudo_ev_pending(), used to check whether an event is pending. + [edcea66bda32] + + * plugins/sudoers/Makefile.in: + Add TLS libs when linking check_iolog_plugin + [d84a5f5c6bc1] + +2019-12-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Remove extraneous newlines in some sudo_warnx() calls. + [d3dbf0f93372] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document log_server_cabundle, log_server_peer_cert and + log_server_peer_key + [edea4d048221] + + * Merge pull request #16 from laczau/master + + Proper handling of certificate chain file + [44939e511321] + +2019-12-06 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + cert files can contain the full chain of trust, so load all certs in + every case for verification + [ca26bb970ef5] + +2019-12-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Sync init_session() prototype with sudo_plugin.h and fix a typo. + [1501cdfa8e76] + +2019-12-05 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_conversation.py, + plugins/python/example_debugging.py: + plugins/python: example plugin demonstrating conversation and debug + API + [e487d2240607] + + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in: + lib/util/sudo_debug.c: add a function for querying if debugging is + needed + + for a level. Rationale: this way we can avoid computing details for + the log which will not happen at all if the computation is slow. + [d636c26d192d] + +2019-12-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/check.c: + Only update the time stamp entry after the approval function has + succeeded. Bug #910 + [9b2022e6f11d] + +2019-12-04 Robert Manner <robert.manner@balabit.com> + + * plugins/python/sudo_python_debug.c, + plugins/python/sudo_python_debug.h: + plugins/python: add sudo debug helpers + [1d48021e86ad] + +2019-12-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * Merge pull request #14 from sudo-project/tls-config-default-values + + Audit Server - add default values for cert paths + [f30a48f8b5d5] + +2019-12-04 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c: + add default values for cert paths + [a76ca8a3ca9f] + +2019-12-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_debug.c: + Add reference counting to debug register/deregister. Fixes a + potential problem when an instance is re-registered. + [270e739fd0b3] + + * plugins/sudoers/sudoers_debug.c: + Only deregister the sudoers debug instance on last close. Reference + count calls to sudoers_debug_register and only deregister + sudoers_debug_instance when refcnt reaches 0. Fixes a problem where + the debug system was deregistered when the sudoers policy is closed + even though the iolog plugin is active. + [2b73f3e9fc32] + +2019-12-02 Robert Manner <robert.manner@balabit.com> + + * plugins/python/python_importblocker.c: + plugins/python: add ImportBlocker which forbids loading unsafe + python modules + + If non root can alter any imported python modules, he is able to run + anything he would like to as root user. This class is a helper to + avoid such situation. + + This feature can be disabled with 'DeveloperMode=1' plugin option. + [26be6228724f] + +2019-11-28 Laszlo Orban <laszlo.orban@quest.com> + + * plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h: + implement tls layer in iolog plugin + [c25837909952] + + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + process tls config options + [510fdfd39d71] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in: + add audit server tls related configuration options to sudoers + [f4135025ff1d] + + * plugins/sudoers/Makefile.in: + optionally link sudoers with openssl libs + [750f87200eab] + +2019-11-27 Laszlo Orban <43516882+laczau@users.noreply.github.com> + + * logsrvd/logsrvd.c: + Merge pull request #11 from sudo-project/audit-server-tls-async + + Sudo audit Server - TLS protocol update + [923f6d914ec5] + +2019-11-26 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + disable timeout for the reader after ServerHello message + [e579450aafa1] + +2019-11-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Exit if the first call to logsrvd_conf_read() fails. It is not fatal + if subsequent calls fail (due to SIGHUP) since we keep a copy of the + old config before installing the new one. + [c20866ea9d03] + + * Makefile.in, plugins/sudoers/Makefile.in: + Add some missing files to "make clean" and "make distclean" + [d1b559e9e1ab] + + * .gitignore, .hgignore: + Update .hgignore and convert to .gitignore + [c8b92b55e74a] + +2019-11-22 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + use event timeout instead of socket timeout + [5c72d1d18aec] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + adapt sudo sendlog (async communication, unencrypted ServerHello + message) + [0269d852f6c6] + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + ServerHello message is now unencrypted, TLS communication has been + refactored to full async + [d138cbe2253e] + + * include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, logsrvd/logsrvd.c: + extend ServerHello message with two fields (tls, tls_checkpeer) + [6d7965d29cd4] + +2019-11-21 Robert Manner <robert.manner@balabit.com> + + * Makefile.in: + Makefile.in: fix calling log2cl when doing out of source build + + If doing build out of source and not calling configure by absolute + path, $(top_srcdir) variable will contain a path relative to the + directory we stand in. So, after changing the current directory "cd + $(srcdir)", this path will point to somewhere else making the + install step fail. + [58a22fce613f] + + * plugins/python/python_baseplugin.c, + plugins/python/python_convmessage.c, + plugins/python/sudo_python_module.c, + plugins/python/sudo_python_module.h: + plugins/python: add a sudo python module + [c512c48170ae] + +2019-11-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + plugins/sudoers/policy.c, src/sudo.c: + For plugin API 1.15 and up, always call the plugin close function. + Previously, it was only called when a command was run (including + sudoedit). Now, plugin operations list, validate, invalidate, and + show_version are also closed. + [6cdcb5624908] + +2019-11-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_client.c: + Avoid NULL deref on an error path if calloc() fails. Coverity CID + 205873 + [bad732813149] + + * src/conversation.c: + Fix potential fd leak when converting trailing newline to cr + nl. + Coverity CID 205872 + [4597abb8ee1f] + + * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + examples/sudo_logsrvd.conf: + Document the process of creating self-signed certificates for + sudo_logsrvd. Based on a document from Laszlo Orban. + [0be730e58f17] + + * plugins/group_file/plugin_test.c: + Sync with argument handling in group_plugin.c + [937475aa2c3f] + + * plugins/sudoers/group_plugin.c: + If a group plugin has optional arguments, NULL terminate the vector. + Otherwise, the plugin cannot determine the end of arguments. The + behavior now matches the plugin documentation. + [51e02f75a447] + +2019-11-19 Robert Manner <robert.manner@balabit.com> + + * plugins/python/example_group_plugin.py: + plugins/python: add example python group plugin + [9f9d7cc2d5db] + + * plugins/python/example_policy_plugin.py: + plugins/python: add example python policy plugin + [6cc0d47edae0] + + * plugins/python/example_io_plugin.py: + plugins/python: add example io python plugin + [d22532c34748] + +2019-11-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/sudo.c: + If there is no session or terminal group ID, pass the plugin a value + of 0. This behavior already matches what is documented in the + sudo_plugin manual for "sid" but the "tcpgid" entry needed to be + updated. + [2d720153c4cf] + + * plugins/sudoers/sudoers.c: + Don't touch the local iolog sequence file if we are logging remotely + [3c5dc60a9d11] + + * plugins/sudoers/iolog_client.c: + Plug a memory leak found by leak sanitizer + [13aac57d0506] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c, + plugins/sudoers/iolog_plugin.h: + Make a shallow copy of user_env in I/O plugin in case it is + reallocated. The policy plugin's session init function may + reallocate the user environment pointer. Fixes a use after free when + PAM is used. + [3eb35dac2743] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c: + Rename "log_server" in sudoers to "log_servers" to match I/O plugin. + [1dbe79c18760] + +2019-11-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/logsrvd.c: + Check closure->ssl for non-NULL instead of + logsrvd_conf_get_tls_opt(). It's a little more obvious this way and + ssl is only non-NULL when the tls option is enabled anyway. + [3436430c064b] + + * logsrvd/logsrvd.c: + Init iolog_dir_fd and sock in connection_closure before adding to + list. Otherwise we could close the wrong fds in the error path. + [1643211f8b46] + + * doc/CONTRIBUTORS: + Add Laszlo Orban + [2836214cd4b8] + +2019-11-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_logsrvd.conf.man.in: + regen + [4a44bfc42b4b] + + * doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf: + Change TLS example file locations to be under /etc/ssl/sudo. + [f4c302a3bcb9] + + * doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf: + Document sudo_logsrvd TLS configuration. + [97260e6acfaf] + +2019-11-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_event.h: + Include time.h for struct timespec. + [8bd80773d0fa] + + * lib/util/util.exp.in: + Add sudo_ev_set_v1 to the exports file. + [fd6b66378e5d] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the log_server and log_server_timeout options + [7d7429b73d25] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h, + plugins/sudoers/policy.c, src/exec_nopty.c, src/exec_pty.c, + src/sudo.c: + Add support for logging to the log server + [158a8e80faab] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_event.h, include/sudo_plugin.h, lib/util/event.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/Makefile.in, + src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/load_plugins.c, src/preload.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Add a plugin interface to sudo main event loop. + [123662f454da] + + * MANIFEST, Makefile.in, configure, configure.ac, + include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h, + lib/logsrv/Makefile.in, lib/logsrv/log_server.pb-c.c, + lib/logsrv/log_server.proto, lib/logsrv/protobuf-c.c, + logsrvd/Makefile.in, logsrvd/log_server.pb-c.c, + logsrvd/log_server.pb-c.h, logsrvd/log_server.proto, + logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h: + Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to + lib/logsrv + [6772a775471f] + + * lib/util/event.c: + When freeing an event base, reset ev->base to NULL for associated + events. + [7199d3967059] + + * logsrvd/logsrvd_conf.c: + Move cb_timeout() out from under the HAVE_OPENSSL ifdef. + [c7fc294ce21a] + + * INSTALL, config.h.in, configure, configure.ac, logsrvd/Makefile.in, + logsrvd/logsrvd.c: + LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). + Add a configure test and skip TLS 1.3 setup if it is missing. We + still accept the tls_ciphers13 config setting but it will be + ignored. + [06d478442971] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Minor style nits that I missed during review. + [7209ccc5a3cf] + + * logsrvd/sendlog.c: + Avoid calling SSL_CTX_free() on an uninitialized pointer in an error + path. + [2df423e30773] + + * Merge pull request #9 from sudo-project/audit-server-tls-support + + Audit server tls support + [0aded6c1deec] + +2019-11-13 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/Makefile.in, logsrvd/sendlog.c: + update sudo_sendlog to support openssl tls + [ab4be8367862] + +2019-11-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/limits.c: + Simplify resource limit fallback logic a bit. + [cdab60b50079] + +2019-11-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/CONTRIBUTORS: + Add sudo logo designers + [94c841c8bc28] + + * src/limits.c: + Don't set the RLIMIT_STACK soft/hard limits to unlimited. Use 8Mb + for soft and 64Mb for hard. Works around issues on macOS and docker. + See also Bug #908 + [1d7f52c32360] + + * src/tgetpass.c: + Restore resource limits before executing the askpass program. Linux + with docker seems to have issues executing a program when the stack + size is unlimited. Bug #908 + [28cb58a5ac94] + + * src/conversation.c: + Check for replies pointer being NULL just in case. + [7c0c4c6b001e] + +2019-11-11 Laszlo Orban <laszlo.orban@quest.com> + + * examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + set timeout value for the socket + [e884292ab6c9] + +2019-11-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/conversation.c: + Convert trailing newline to carriage return + newline for tty. Does + not currently handle embedded newlines. + [ad195e045150] + +2019-11-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/fatal.c: + Only write a carriage return if output is to a tty. + [f605335649ea] + + * lib/util/fatal.c: + Include a carriage return when printing warning messages. Otherwise, + if the command is running in a pty the output is stair-stepped. + [f23d4f0ed902] + +2019-11-08 Laszlo Orban <laszlo.orban@quest.com> + + * configure, logsrvd/Makefile.in, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + make audit server openssl dependency optional; tls layer is compiled + only if sudo is built with --enable-openssl feature switch + [c360a34c89c0] + +2019-11-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/util.exp.in: + Add sudo_parse_host_port_v1 and sudo_pow2_roundup_v1 to exports + file. + [e8b529115871] + +2019-11-07 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + fixed segfault when connection_closure_free() tries to remove a non- + existent connection object from the list + [4d6dd38d59f6] + +2019-11-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/closefrom.c: + Fix typo in closefrom emulation. + [b23a6c512d4a] + + * plugins/sudoers/env.c: + Do not warn about a missing /etc/environment file on Linux without + PAM. Bug #907 + [f85ff5ee2caf] + +2019-11-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Transparently handle the "sudo sudoedit" problem. Some admin are + confused about how to give users sudoedit permission and many users + try to run sudoedit via sudo instead of directly. If the user runs + "sudo sudoedit" sudo will now treat it as plain "sudoedit" after + issuing a warning. If the admin has specified a fully-qualified path + for sudoedit in sudoers, sudo will treat it as just "sudoedit" and + match accordingly. In visudo (but not sudo), a fully-qualified path + for sudoedit is now treated as an error. + [5cdcfd9a6c33] + + * logsrvd/iolog_writer.c, logsrvd/sendlog.c: + Rename cwd -> submitcwd to match man page. + [bc9ea396055a] + +2019-11-05 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + verify server/client certs with CA certificate chain file + [a177af7d7bbf] + +2019-11-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, lib/util/Makefile.in, lib/util/host_port.c, + lib/util/regress/host_port/host_port_test.c: + Add unit test for parse_host_port and make an empty port an error. + [b6b895cdc010] + +2019-11-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/host_port.c: + Fill in host and port pointers on success. + [794368ebd367] + +2019-11-04 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + fix copy-paste mistake + [2fe897c77485] + +2019-11-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/host_port.c, logsrvd/logsrvd_conf.c: + Split out code to parse host:port into a utility function. + [d8331e72394d] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/roundup.c, logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, + logsrvd/logsrvd.c, logsrvd/sendlog.c: + Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util. + [791f5c353ef1] + + * lib/iolog/Makefile.in, logsrvd/Makefile.in: + Add missing depend target + [75107bcfff3d] + + * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + We haven't needed -I$(top_srcdir) for a long time. + [6974ea4a6c8c] + + * lib/util/closefrom.c: + In closefrom_fallback() use the interval [OPEN_MAX, INT_MAX]. We + want to try closing at least OPEN_MAX fds but no more than INT_MAX. + On 64-bit systems it is possible for sysconf(_SC_OPEN_MAX) to return + a value larger than INT_MAX when the number of open files is + unlimited. + [08d6fea1c894] + + * plugins/sudoers/logging.c, src/exec_monitor.c, src/selinux.c, + src/tgetpass.c: + Use dup3() instead of dup2(). This is less error prone since dup3() + returns an error if old == new. Sudo guarantees that fds 0-2 are + already open. + [a9ffaa8a8a55] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/dup3.c, + mkdep.pl: + Add dup3() emulation. + [7bd8864dee7e] + + * plugins/sudoers/logging.c, src/exec_monitor.c, src/exec_pty.c, + src/tgetpass.c: + Open all pipes using pipe2() with O_CLOEXEC. We no longer depend on + calling closefrom() before exec. + [176ae5cf1d94] + + * src/exec.c, src/tgetpass.c: + Call closefrom() before we change to a non-root UID. This prevents + another process from changing the NOFILE resource limit of the child + process and defeating the closefrom() call. Reported by Joe Vennix + from Apple Information Security. + [f93d52b24976] + + * MANIFEST, logsrvd/Makefile.in: + Regenerate Makefile and sort MANIFEST + [24664d6c9d47] + +2019-11-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.man.in, doc/sudo.mdoc.in: + Reference timestamp_type and timestamp_timeout in sudoers. This + should help users find details on how time stamp files work. + [d5aa7c0b404c] + +2019-10-31 Laszlo Orban <laszlo.orban@quest.com> + + * logsrvd/logsrvd.c: + process tls config params in the audit server and establish TLS + connection accordingly + [33ce32c140af] + +2019-10-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/limits.c: + macOS does not allow rlim_cur to be set to RLIM_INFINITY for + RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS + setrlimit manual. Bug #904 + [2a00e62eaeb0] + +2019-10-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in: + Fix ChangeLog generation on a branch. + [69409e5b1179] + +2019-10-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * logsrvd/sendlog.c: + Remove unused copy of iolog_seekto(). + [1d730d414cd9] + +2019-10-25 Laszlo Orban <laszlo.orban@quest.com> + + * examples/sudo_logsrvd.conf, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + add configuration options for TLS + [291a9986d6e9] + +2019-10-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, doc/Makefile.in, doc/sudo_logsrv.proto.man.in, + doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in, + doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf, + logsrvd/iolog_writer.c: + Document the sudo log server protocol + [46de0934987c] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c: + Read logsrvd.conf in two steps: first read, then apply if OK. This + fixes a problem where when logsrvd.conf was reloaded while running + (due to SIGHUP) and there was an error we could end up with a + partial config. + [d3244c318c5b] + + * include/sudo_iolog.h, lib/iolog/iolog_util.c, + lib/iolog/regress/iolog_util/check_iolog_util.c, + logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/sendlog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Add iolog_ prefix to exported functions in iolog_util.c + [62027c8e1abd] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Simplify iolog_set_user and iolog_set_group + [e82c5078b02c] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/fchmodat.c, + lib/util/fstatat.c, mkdep.pl: + Add fchmodat() and fstatat() emulation. Note that fchmodat() + emulation does not support AT_SYMLINK_NOFOLLOW + [8232c22e71c7] + + * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c: + Clear the write bit on the timing file for completed logs. This + allows us to tell whether or not a log can be restarted. + [b2180b6ef53b] + + * logsrvd/logsrvd.c: + Redirect std{in,out,err} to /dev/null even when given the -n option. + [376186a8d9cc] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_path.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_path/data, logsrvd/iolog_writer.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/sudoers.c: + Simplify expand_iolog_path() + [4f0f85f659d1] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [e268d56da49c] + + * examples/sudo_logsrvd.conf, include/sudo_iolog.h, + lib/iolog/iolog_fileio.c, logsrvd/Makefile.in, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c: + Make the logsrvd port and list address configurable. + [69d73358888d] + + * Makefile.in, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c: + Mark logsrvd and sendlog strings for translation in the sudoers + domain + [24b1fd6250fb] + + * logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/sendlog.c: + Add long option support to logsrvd and sendlog. + [ecb2fae83abb] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Return an error to the client on error instead of dropping the + connection. + [2e40ca902100] + + * examples/sudo_logsrvd.conf, logsrvd/logsrvd_conf.c: + Convert sudo_logsrvd.conf to ini file format + [91dff03d0795] + + * MANIFEST, examples/sudo_logsrvd.conf, include/sudo_util.h, + lib/util/Makefile.in, lib/util/logfac.c, lib/util/logpri.c, + lib/util/util.exp.in, logsrvd/Makefile.in, logsrvd/eventlog.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c: + Add basic support for event logging using a sudo-style log format. + [eb6aa3672e6f] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Add OpenBSD malloc options. + [a0d79af0c430] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/buffer.c, logsrvd/buffer.h, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Allow messages up to 2Mb in size. + [af79754aaf53] + + * MANIFEST, configure, configure.ac, doc/Makefile.in, + doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in, + doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in, + doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in, + examples/sudo_logsrvd.conf, m4/sudo.m4: + Add manual pages for logsrvd and sendlog. + [f437259d81ae] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c: + Add restart support for compresses I/O logs. + [1191fac5ff52] + + * logsrvd/sendlog.c, logsrvd/sendlog.h: + Fix client side of restart. Seek to the target point there too so we + start sending from the right place. + [403bf22a6dad] + + * include/sudo_iolog.h, lib/iolog/iolog_util.c, + logsrvd/iolog_writer.c, logsrvd/sendlog.c, + plugins/sudoers/sudoreplay.c: + Move read_timing_record() into libsudo_iolog + [65a984f7fa7a] + + * MANIFEST, lib/iolog/iolog_fileio.c, logsrvd/Makefile.in, + logsrvd/buffer.c, logsrvd/buffer.h, logsrvd/iolog_writer.c, + logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h: + Rename buffer.c -> logsrv_util.c and add iolog_seekto() + [0ff1a6fdaecd] + + * logsrvd/logsrvd.c, logsrvd/sendlog.c: + Fix some warnings from the clang static analyzer. + [95de486cfb65] + + * logsrvd/sendlog.c: + Fix Coverity CID 204353, fd leak on error path. + [3519d910c777] + + * logsrvd/logsrvd_conf.c: + Fix Coverity CID 204355, resource leak on error path. + [c5c50c6bae16] + + * lib/iolog/iolog_fileio.c: + Avoid TOCTOU in iolog_mkdirs; Coverity CID 204356 + [0c8679a731f5] + + * lib/util/mkdir_parents.c: + Avoid TOCTOU in sudo_mkdir_parents; Coverity CID 204357 + [e9eeae60dff2] + + * logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h, + logsrvd/log_server.proto: + Add NumberList to InfoMessage. Also make comments fit in 80 columns + when formatted as a man page. + [fd7af0bb2477] + + * configure, configure.ac, include/sudo_rand.h, logsrvd/Makefile.in, + logsrvd/logsrvd.c: + Command line option processing for logsrvd + [0f2248532960] + + * MANIFEST, examples/sudo_logsrvd.conf, logsrvd/Makefile.in, + logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/logsrvd_conf.c, pathnames.h.in: + Add config file support for logsrvd + [4e643a95c88b] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/mkdir_parents.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/sudoers.h: + Move mkdir_parents to libsudo_util. + [3f540eb94282] + + * MANIFEST, Makefile.in, configure, configure.ac, + include/sudo_iolog.h, include/sudo_util.h, lib/iolog/Makefile.in, + lib/iolog/iolog_fileio.c, lib/iolog/iolog_path.c, + lib/iolog/iolog_util.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + lib/iolog/regress/iolog_path/data, + lib/iolog/regress/iolog_util/check_iolog_util.c, + lib/util/sudo_conf.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + logsrvd/sendlog.c, logsrvd/sendlog.h, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, + plugins/sudoers/iolog.h, plugins/sudoers/iolog_files.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_path_escapes.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, + plugins/sudoers/policy.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_path/data, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, src/sudo.h: + Refactor code in sudoers that creates I/O log files to share with + logsrvd. + [3aa1fa95650d] + + * Makefile.in, include/sudo_iolog.h, lib/iolog/iolog_path.c, + lib/iolog/regress/iolog_path/check_iolog_path.c, + logsrvd/iolog_writer.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, + plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/sudoers.c: + Enable sudo_logsrvd.conf settings. + [8e7b37d1d2a9] + + * include/sudo_iolog.h, lib/iolog/iolog_fileio.c, + lib/iolog/iolog_util.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, plugins/sudoers/iolog.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Use openat(2) when opening files in the I/O log directory. + [1ab2e278e1d9] + + * logsrvd/Makefile.in, sudo.pp: + Add sudo_ prefix to logsrvd and sendlog. + [acbaed157ae5] + + * logsrvd/iolog_writer.c, logsrvd/log_server.pb-c.c, + logsrvd/log_server.pb-c.h, logsrvd/log_server.proto, + logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c, + logsrvd/sendlog.h: + Rename ExecMessage -> AcceptMessage and add RejectMessage + [a080c4eb7c4b] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/openat.c, lib/util/unlinkat.c, + src/sudo_edit.c: + Move openat() emulation to lib/util and at unlinkat() emulation. + [756ace7fdf38] + + * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c: + Add debugging for logsrvd and sendlog + [4c86dbceb611] + + * MANIFEST, doc/LICENSE, logsrvd/Makefile.in, + logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h: + Import protobuf-c source since to avoid an external dependency. The + files generated with protoc-c are not standalone. We need to include + protobuf-c.c and protobuf-c.h from the protobuf-c distribution too. + Building protoc-c requires a relative recent version of gcc which + limits its portability. + [0ea50a59cab7] + + * logsrvd/Makefile.in, logsrvd/iolog_writer.c, logsrvd/logsrvd.c, + logsrvd/logsrvd.h, logsrvd/sendlog.c, logsrvd/sendlog.h: + Add support for restarting I/O log transfers. + [748e8f4f7fec] + + * MANIFEST, Makefile.in, configure, configure.ac, logsrvd/Makefile.in, + logsrvd/iolog.h, logsrvd/iolog_reader.c, logsrvd/iolog_writer.c, + logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h, + logsrvd/log_server.proto, logsrvd/logsrvd.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, sudo.pp: + Import proof of concept sudo log server. + [a0687ba66feb] + + * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog.h, + logsrvd/iolog_reader.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h, + logsrvd/sendlog.c, logsrvd/sendlog.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/sudoreplay.c: + Refactor I/O log code so it can be shared between sudoers and + logsrvd + [b6608769ba8a] + + * lib/util/strtonum.c: + Avoid invalid read when minval > maxval + [7f1a6f992e4f] + +2019-10-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, plugins/sudoers/policy.c, src/sudo.c: + Don't pass an invalid session or process group ID to the plugin. + Fixes a regression in 1.8.28 when there is no terminal session + leader. + [d9c626167b3c] + +2019-10-22 Robert Manner <robert.manner@balabit.com> + + * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h, + plugins/python/pyhelpers_cpychecker.h, + plugins/python/python_plugin_common.c, + plugins/python/python_plugin_common.h, + plugins/python/python_plugin_group.c, + plugins/python/python_plugin_io.c, + plugins/python/python_plugin_policy.c: + plugins/python: a plugin which can load policy/io plugin written in + python + [2c7620c8052f] + + * Makefile.in, configure.ac, plugins/python/Makefile.in: + Makefile.in, configure.ac: add python plugin build + [09b305e2cd54] + +2019-10-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [70f4543f177c] + + * src/limits.c: + Not all systems support RLIMIT_NPROC and RLIMIT_RSS + [26b8e2afe755] + + * doc/Makefile.in, examples/Makefile.in, include/Makefile.in, + lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Add depend target to all Makefile.in files. + [0a22d80ef716] + + * NEWS, configure, configure.ac, doc/UPGRADE: + Sudo 1.8.29 + [736c9a5c3720] + + * MANIFEST, lib/util/Makefile.in, src/Makefile.in, src/exec.c, + src/limits.c, src/sudo.c, src/sudo.h: + Set resource limits in the sudo process to unlimited. We don't want + sudo to be limited by the caller's resource limits. The original + resource limits are restore before session setup. + [6c3bf214caf0] + +2019-10-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/starttime.c, src/ttyname.c: + Older FreeBSD needs sys/param.h included before sys/user.h. From + Darren Tucker + [88c060df0439] + + * include/sudo_util.h, lib/util/getgrouplist.c, lib/util/gidlist.c, + lib/util/regress/strtofoo/strtoid_test.c, lib/util/strtoid.c, + lib/util/util.exp.in, plugins/group_file/getgrent.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/iolog.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/sudo.c: + Rename sudo_strtoid() to sudo_strtoidx() and add simplified + sudo_strtoid() + [94a418cdbae6] + +2019-10-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/UPGRADE, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c, + plugins/sudoers/testsudoers.c, src/exec.c: + Refer to user-ID and group-ID instead of "user ID" and "group ID" + [36d7bd4ab52d] + +2019-10-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + sudoedit doesn't create a new PAM session so PAM umask does not + apply. + [8ae167d0ae7c] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_plugin.h, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/exec.c, src/sudo.c, src/sudo.h: + Change how the umask is handled with PAM and login.conf. If the + umask is explicitly set in sudoers, use that value regardless of + what is in PAM or login.conf. If using the default umask from + sudoers, allow PAM or login.conf to override it. Bug #900 + [7c0a835ac512] + +2019-10-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/audit.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c: + Add log_allowed and log_denied sudoers flags, defaulting to true. + [fb1e188a3d05] + + * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + Enable security auditing malloc options for "make check". + [333632dd3134] + +2019-10-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Be more consistent with how we talk about sudoers Defaults settings. + Use "flag" not "option" when referring to boolean flags. Use + "setting" in place of "Defaults setting" in most places. Use "the + foo option" instead of "sudo's foo option" for command line options. + [8058378c4b35] + + * plugins/sudoers/Makefile.in: + No need to check existing sudoers file when installing to DESTDIR + This check can cause problems on systems where /etc/sudoers.d is not + readable. + [2ec01e9fe408] + + * lib/util/str2sig.c: + Inclue sudo_util.h to get sudo_strtonum() prototype. + [8b0b4ee28d5f] + + * lib/util/str2sig.c: + strtonum -> sudo_strtonum + [4d2363678583] + + * MANIFEST: + Add split out strtofoo tests. + [0cc598502faf] + + * lib/util/strtonum.c: + Make sure we don't go past the end of the string when out of range. + [2b89961c524a] + + * lib/util/regress/strtofoo/strtonum_test.c, lib/util/strtonum.c: + Fix stronum() regress test and the errno value for out of range + numbers. + [3547d022bead] + + * lib/util/Makefile.in, lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/strtofoo/strtobool_test.c, + lib/util/regress/strtofoo/strtoid_test.c, + lib/util/regress/strtofoo/strtomode_test.c, + lib/util/regress/strtofoo/strtonum_test.c: + Split atofoo.c regress into multiple tests. + [75b7547e33bd] + + * NEWS, configure, configure.ac: + Sudo 1.8.28p1 + [09ceaddc94f9] + +2019-10-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c: + The fix for bug #869 broke "sudo -v" when verifypw=all (the default) + [aac35bcd8584] + +2019-10-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/closefrom.c, lib/util/getaddrinfo.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/ttysize.c, + plugins/sudoers/boottime.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/starttime/check_starttime.c, + src/parse_args.c, src/sesh.c, src/sudo.c, src/ttyname.c: + Use sudo_strtonum() explicitly instead of via a macro. + [f75f786eddd5] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/strtoid.c, lib/util/strtonum.c, + lib/util/util.exp.in, mkdep.pl: + Always use our own strtonum and implement sudo_strtoid in terms of + it. + [94b1114ef79d] + + * plugins/sudoers/pwutil.c: + Use errno in warning when sudo_make_*_item() fails. Previously we + always said "out of memory" if not ENOENT. + [68e5a208c242] + + * plugins/sudoers/Makefile.in, plugins/sudoers/parse_ldif.c, + plugins/sudoers/regress/cvtsudoers/test26.err.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh: + Reject non-LDIF input when converting from LDIF to sudoers or JSON. + [2d08d4aa0e01] + +2019-10-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/da.mo, + plugins/sudoers/po/el.mo, plugins/sudoers/po/eu.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fur.mo, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hu.mo, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/lt.mo, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/ru.mo, + plugins/sudoers/po/sk.mo, plugins/sudoers/po/sl.mo, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/tr.mo, + plugins/sudoers/po/zh_CN.mo, po/ast.mo, po/ca.mo, po/es.mo, + po/eu.mo, po/fi.mo, po/fur.mo, po/gl.mo, po/hr.mo, po/hu.mo, + po/ko.mo, po/nl.mo, po/nn.mo, po/ru.mo, po/sk.mo, po/sl.mo, + po/sr.mo, po/sudo.pot, po/vi.mo, po/zh_CN.mo: + regen + [362645d256b7] + + * NEWS, lib/util/strtoid.c: + Treat an ID of -1 as invalid since that means "no change". Fixes + CVE-2019-14287. Found by Joe Vennix from Apple Information Security. + [83db8dba09e7] + + * lib/util/regress/atofoo/atofoo_test.c, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh: + Add sudo_strtoid() tests for -1 and range errors. Also adjust + testsudoers/test5 which relied upon gid -1 parsing. + [db06a8336c09] + +2019-10-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, configure, configure.ac: + Back out compiler override for now. + [f03f7fd7ff8b] + + * configure, configure.ac: + Only prefer clang over gcc on BSD systems. + [2309baa23a00] + +2019-10-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in: + Fix "make pvs-studio" run in a build dir + [a49635de3777] + +2019-09-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [430d45f3b461] + + * NEWS: + Bug #898 + [3d07895888e8] + + * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/selinux.c, src/sudo.c, src/sudo.h: + Fix restoring the file context of the user's tty with SELinux. Also + fix broken tty labeling when running a command in a pty. Includes a + fix for a typo introduced in the last change set. + [eb3f547b08f8] + + * lib/util/arc4random.c: + _rs_random_buf is currently unused + [e384fc3625e8] + + * src/selinux.c: + Add some debugging around context setting and tty labeling Also be + more extact with error return values + [ed66480282c7] + +2019-09-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sudo_debug.c: + Better error message when debug log file cannot be opened. + [09e0cdff0c49] + +2019-09-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgignore: + Ignore in-tree build directory. + [66577c63f097] + + * configure, configure.ac: + Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred + compiler. + [6a318eeffb30] + +2019-09-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * pp: + Update Polypkg to the latest version from git. + [68bbecc25007] + + * configure, configure.ac: + If no mandoc or nroff is present, install mdoc format manuals. If + there is no installed nroff/mandoc they will need to install groff + or heirloom doctools to format the manual pages. + [6dd386c1a378] + +2019-09-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h: + Refer to number of terminal lines, not rows, for consistency. + [566e3e38058f] + +2019-09-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * INSTALL, configure, configure.ac: + Prefer clang over gcc. We want to use clang on systems where clang + is the system compiler. It is less common to have clang installed on + systems where gcc is the system compiler. + [d29d764a4938] + + * INSTALL: + No longer need bypass_last_login on HP-UX, warnings work with clang. + Also add deb package names for pam and ldap devel on Linux. + [6aff480b1f4b] + + * src/parse_args.c: + Silence a warning from clang about string concatenation. + [cadba1a4d86d] + +2019-09-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, doc/UPGRADE: + sudoedit umask fix + [4bfc0e393e2a] + +2019-09-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/event.c: + Fix sorting of the time-based event queue. + [f12e5a877c8a] + + * lib/util/event.c: + Support default base in got_exit, got_break, loopexit, loopbreak, + loopcontinue + [da02194b5ba9] + +2019-09-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_edit.c: + Create new files with the umask specified in sudoers. + [4d0b6152834b] + +2019-09-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse_ldif.c: + More case-insensitive compare for LDAP attributes and string lists. + Only the ALL keyword should be compared case-sensitive. + [87cd688b2648] + +2019-08-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo.h: + Enable asserts for Coverity too. + [b830f200a8bd] + + * src/parse_args.c, src/sudo.h: + Add asserts() to avoid static analyzer false positives. + [860aca50028d] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Plug memory leak on malloc failure. + [1b35743703d4] + + * plugins/sudoers/ldap_util.c: + Plug memory leak on malloc failure. + [c2257637d659] + +2019-08-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/pam.c: + Add sudo_pam_strerror(), like pam_strerror() but never returns NULL. + It also uses strerror(errno) for PAM_SYSTEM_ERR. + [b070d1702112] + + * plugins/sudoers/auth/pam.c: + If pam_start() fails, display the PAM error using pam_strerror(). It + is legal to pass pam_strerror() a NULL handle. + [6403fa1479d8] + +2019-08-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + If the sudoreplay ID option is a fully-qualified path, use it + directly. Previously, one had to use the -d option to override the + I/O log directory. + [9fddb3ffc760] + + * plugins/sudoers/Makefile.in: + regen + [f70579d2972b] + + * MANIFEST, doc/sudo.conf.man.in.sed: + Add conditional for sesh path in sudo.conf manual. + [93b5c6fcf8f4] + +2019-08-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Bug #895 + [d69984bccd0e] + + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/sudo_printf.c, + src/conversation.c: + Use the SUDO_CONV_PREFER_TTY flag during authentication. This + prevents the password and PAM prompts from being redirected. Bug + #895 + [546082c674b7] + +2019-08-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * mkpkg: + Fix typo that prevented a missing linux audit lib from being + detected. + [b9412151615d] + +2019-08-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoreplay.c: + Use fputs(), not printf() for plain strings. + [b102ae1cb6da] + + * NEWS: + Recent fixes. + [8249e98a05c8] + + * plugins/sudoers/ldap.c: + Add user ID to the search filter when matching sudoUser. We already + support group IDs but the user ID was missing. From + sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7. + [3da7b9f990be] + + * plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test2.toke.ok, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix parsing of double-quoted Defaults bindings that start with % or + +. From sudo-1.8.23-fix-double-quote-parsing-for-Defaults- + values.patch in RHEL 7. + [df613e67ef45] + + * src/exec.c: + Restore core dump resource limit before the PAM session module is + run. Otherwise, we may override the limits set by PAM. Bug #894 + [f35441098234] + +2019-08-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/sig2str.c, lib/util/str2sig.c: + sys_signame on macOS contains lower-cases names + [d7af71311b3d] + + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/regress/strsig/strsig_test.c: + Add regress tests for str2sig() and sig2str(). + [fb73303699fb] + + * lib/util/str2sig.c: + SIGIOT and SIGABRT are aliases on BSD systems. + [d35f75aba04a] + + * lib/util/sig2str.c, lib/util/str2sig.c: + Fix handling of real-time signals. + [39066a5eabcb] + +2019-08-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + ipa_hostname fix + [54245ed09830] + +2019-08-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/file.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Fix special handling of ipa_hostname that was lost in sudo 1.8.24. + We now include the long and short hostname in sudo parser container. + [b4f31dbe3109] + +2019-08-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_event.h: + Remove unused include file. + [0731078e72b1] + +2019-08-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, doc/UPGRADE: + Mention I/O log signal change in NEWS and UPGRADE files. + [ac7969640146] + + * MANIFEST, NEWS, plugins/sudoers/po/ast.mo, + plugins/sudoers/po/ast.po: + Asturian translation for sudoers from translationproject.org. + [4f011f10129e] + + * mkdep.pl: + Check source dir if source file is not listed in MANIFEST. + Previously, we just used the file name without $(srcdir). + [cd17ca929217] + + * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in, + lib/util/str2sig.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_util.c: + Store signal name, not number in I/O log timing file. The "SIG" + prefix is not used so, e.g. SIGTERM -> "TERM". This makes the I/O + log files portable from one system to another. Older I/O log files + with signal numbers can still be replayed. + [5652f831b715] + +2019-07-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/utmp.c: + Disable stringop-truncation false positive warnings on gcc 8. + Strings in struct utmp/utmpx are not guaranteed to be NUL- + terminated. + [644b97bba318] + + * plugins/group_file/plugin_test.c, src/net_ifs.c: + Replace non-essential strncpy() calls. + [2377cad6e155] + +2019-07-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Revert version back to 1.8.28 + [4e2deb0b4925] + + * lib/util/Makefile.in: + Link util functions being tested directly with the test harness. + Otherwise we may get the version from the installed libsudo_util.so. + [46c833080d13] + +2019-07-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_TW.mo, + plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, + po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, + po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, + po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, + po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, + po/zh_TW.mo, po/zh_TW.po: + Updated translations from translationproject.org + [a5aa41ab05cb] + +2019-07-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/parse.c: + Use strftime(3) instead of formatting struct tm by hand. Fixes a + warning on newer versions of gcc. + [4a2fdb51bbe5] + + * doc/sudo.man.in, doc/sudo.mdoc.in: + Update error message when the password cannot be read from the + terminal. + [9b329f92e8a0] + + * NEWS: + Fix for Bug #888 + [d64fc43adfdd] + + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c: + If the command in sudoers does not exist on the file system, match + by name. We still want to match the command even if it doesn't exist + so that the NOPASSWD flag on sudoers entries with non-existant paths + works as expected. Bug #888. + [0879054870be] + + * NEWS, doc/TROUBLESHOOTING, po/sudo.pot, src/tgetpass.c: + More verbose error message when a password is required and no + terminal is present. Bug #828. + [f15ffeffff32] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [8e0fdf8e4cd5] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that PAM session modules are now run with the silent flag. + [b67b769a0532] + +2019-07-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Simpler change to retry sudo_secure_file() as root as needed. + [feb0c2309366] + + * plugins/sudoers/sudoers.c: + If we are unable to stat() sudoers as non-root, try again as root. + By default, sudo relies soley on group permissions to read sudoers + to make it possible to store sudoers on NFS. However, if + /etc/sudoers is not accessible to non-root uids for some reason, + sudo will fail. Bug #880. + [6a50adb25f2e] + +2019-07-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Clarify that ttyin contains raw terminal input. + [eea9d33f85bd] + +2019-07-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand the description of the I/O log files. + [f15cefc9bbd8] + + * doc/sudo.conf.mdoc.in: + Remove trailing whitespace. + [421e9f481c1d] + +2019-07-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Rename PLUGINDIR -> plugindir + [75cc43534ee1] + + * configure, configure.ac: + Use $libexecdir in default settings used by the documentation. The + web and pdf pages will substitute /usr/local/libexec for + $noexec_file. Also do substitution of variables using exec_prefix + even if we don't use them in the Makefile since the documentation + may reference them. + [b7a37b03b6db] + + * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Add conditional for sesh path in sudo.conf manual. + [ec1f8f559bad] + + * configure, configure.ac: + Update plugindir even when --disable-shared is specified. Otherwise, + the default value is substituted into the Makefiles and + documentation which may not match --prefix. Bug #886 + [0f6c9a4af739] + +2019-06-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_util.h, lib/util/fatal.c, lib/util/inet_ntop.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sudo_debug.c, + plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestamp.c, src/load_plugins.c, src/net_ifs.c, + src/sudo.c: + Add ssizeof macro that returns ssize_t. We can use this instead of + casting the result of size_t to int. Also change checks for + snprintf() returning <=0 to <0. + [da4a95a5d8ec] + +2019-06-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/TROUBLESHOOTING, doc/sudoers.man.in, doc/sudoers.mdoc.in: + sudoedit should be used for editing files instead of "sudo editor" + That way the user's editor config files are used by the editor. + [24bb1e6326ee] + + * doc/TROUBLESHOOTING: + Move the section on HOME to be after the environment section. Also + strongly discourage the disabling of env_reset. + [7a41bddf5fde] + +2019-06-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/TROUBLESHOOTING: + Remove the Solaris last login question, add one about HOME. The PAM + session is opened with PAM_SILENT so last login info is not printed. + It is dangerous to preserve HOME from the user's environment. + [99be2cd98556] + + * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use the term pseudo-terminal more consistently. + [129a0d2e5a33] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document why HOME should not be preserved from the user's + environment. Text was adapted from what is already present in the + UPGRADE file. Also mark set_home and always_set_home as obsolete. + [3cddca2f78de] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in: + Refer to command line options, not flags. + [5caa383e1f9b] + + * NEWS: + sync + [fd7e952e3e43] + + * doc/TROUBLESHOOTING: + sudo will now prompt for a password as long as /dev/tty is + available. + [a4241d432e63] + + * MANIFEST, configure, configure.ac, doc/Makefile.in, + doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, + doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: + Remove .cat pages, there is no need for them in the modern world. + Sudo only shipped .cat pages for Irix, which lacked nroff. Irix is + long dead and there are multiple open source nroff options. + [b7a48dc22bdb] + + * INSTALL, configure.ac, doc/sudoers.cat, doc/visudo.cat: + Make env_editor the default. It is already the default in the + package script. + [a4f0c46ef5d6] + + * INSTALL, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Don't describe env_editor as a security hole. Users that are able to + edit sudoers can grant themselves permissions so the fact that + visudo runs the editor as root is not a security issue. + [627f0a96ccc9] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) + preserved. The description in the editor option was incorrect and + didn't mention env_keep. Reported by Sander Bos + [1b498d610672] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Modern visudo locks the actual sudoers file, not the sudoers.tmp + file. Refer to sudoers.tmp as a temporary file, not a lock file. + Reported by Sander Bos + [3a449f316304] + +2019-06-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + In tty_present(), check for /dev/tty if sudo was unable to get the + tty name. For requiretty it is enough to check that /dev/tty is + available. If sudo can't get the tty from the kernel (missing + /proc?) that is OK. + [2102ffa0fa7e] + + * src/tgetpass.c: + Don't refuse to use the tty unless /dev/tty is unavailable. We don't + care whether sudo was able to get the tty name from the kernel. All + that really matters is whether we are able to disable echo as + needed. + [a3376277883f] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use of "they" was ambiguous. + [a39f42aa21ca] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Better description of secure_path. The secure_path option affects + the resolution of unqualified commands as well as the environment + that commands run with. + [e0534efa8271] + + * doc/CONTRIBUTORS: + Add Sander Bos + [75f6f90c2f24] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix a few typos and awkward wording. Use the singular "they" instead + of he/she. Add back missing text in description of variables + starting with (). Based on changes from Sander Bos. + [d6b5068ae2ca] + +2019-06-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Clarify which environment variables are set based on the target + user. + [1e6ac7e5ef32] + +2019-06-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/Makefile.in: + libsudo_util depends on LT_DEP_LIBS even when building a static lib + [232370d6af88] + + * aclocal.m4, config.h.in, configure, configure.ac, + lib/util/arc4random.c: + Solaris getentropy() requires that sys/random.h be included. + [f1ec0a7290a6] + +2019-05-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c: + Use the runhost for "User foo is not allowed to run sudo on bar." + Otherwise, if the -h option is specified sudo will print the local + host name instead of the host specified via -h. + [8e6836ff952c] + +2019-05-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/TROUBLESHOOTING: + Document that "no tty present and no askpass program specified" may + happen when /proc is not accessible. + [b551c47e55aa] + +2019-05-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/CONTRIBUTORS: + Add Sangamesh Mallayya and Michael Spradling + [73b3acddc973] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c, + src/sudo.h, src/tgetpass.c: + Add -B option to ring the bell before the password prompt. + [b2181b069809] + + * plugins/sudoers/auth/aix_auth.c: + Allow the user to change their password if expired on AIX. Bug #883 + [b1def2572198] + +2019-05-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/aix_auth.c: + When using AIX auth, don't display the AIX password incorrect + message. Avoids a "3004-300 You entered an invalid login name or + password" message in addition to sudo's own "Sorry, try again" + message. + [ee606cfc3c8c] + +2019-05-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * mkpkg: + AIX packages were not being build with optimization enabled. + [41563464b897] + +2019-05-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c, plugins/sudoers/parse.h: + Fix a typo. + [6cd3fdc40b13] + + * mkpkg: + Support using macOS SDKs from + /Library/Developer/CommandLineTools/SDKs + [98399af73e06] + +2019-05-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/term.c: + It is safe to assume _POSIX_VDISABLE is defined. The old compat + defines were to support pre-termios systems. + [82153896cede] + +2019-05-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/pam.c: + Remove second catopen() which is never called. + [8a3db9d71297] + +2019-05-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/TROUBLESHOOTING: + Sudo's conversation functions now filters out the last login + information. + [ac21b18ba6bf] + +2019-04-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c: + Add pam_acct_mgmt setting to enable/disable PAM account validation. + [ec657af6eeb8] + + * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, + doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: + regen + [d39b0636806f] + + * NEWS, configure, configure.ac: + Sudo 1.8.28 + [dd02af1b71e1] + + * Makefile.in, configure.ac, doc/Makefile.in, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, doc/fixman.sh, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in, + include/compat/charclass.h, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/getopt.h, + include/compat/glob.h, include/compat/nss_dbdefs.h, + include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h, + include/sudo_debug.h, include/sudo_digest.h, include/sudo_dso.h, + include/sudo_event.h, include/sudo_fatal.h, include/sudo_gettext.h, + include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_queue.h, + include/sudo_rand.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/arc4random.c, lib/util/arc4random.h, + lib/util/arc4random_uniform.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, + lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getentropy.c, + lib/util/getgrouplist.c, lib/util/gethostname.c, + lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, + lib/util/glob.c, lib/util/inet_ntop.c, lib/util/inet_pton.c, + lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, + lib/util/nanosleep.c, lib/util/parseln.c, lib/util/pipe2.c, + lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/getdelim/getdelim_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, + lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c, + lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c, + lib/util/ttyname_dev.c, lib/util/ttysize.c, lib/util/utimens.c, + lib/util/vsyslog.c, lib/zlib/Makefile.in, log2cl.pl, m4/sudo.m4, + mkdep.pl, mkpkg, pathnames.h.in, plugins/group_file/Makefile.in, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, plugins/sudoers/file.c, + plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gc.c, + plugins/sudoers/gentime.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/ins_python.h, plugins/sudoers/insults.h, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_util.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c, + plugins/sudoers/match_digest.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, + plugins/sudoers/starttime.c, plugins/sudoers/strlist.c, + plugins/sudoers/strlist.h, plugins/sudoers/stubs.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, + plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, + src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c, + src/parse_args.c, src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + Add SPDX-License-Identifier to files. + [db66decfad24] + +2019-04-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/pam.c: + Filter out last login messages on HP-UX unless running a shell. HP- + UX in trusted mode will display last login messages as part of the + PAM account management module by libpam_comsec. There is no way to + suppress these messages from the PAM configuration in trusted mode + so we need to filter them in the conversation function. In regular + mode, similar (but different) messages may be produced by + libpam_hpsec. + [5bbb02c69b46] + +2019-04-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/closefrom.c: + FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted. + In practice this doesn't matter since FreeBSD >= 8 has a native + closefrom + [bbeeb52550f1] + +2019-04-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + Keep debug fds open in send_mail() to aid in debugging. Adds + closefrom_nodebug() which acts like closefrom(3) but doesn't close + debug fds for use by send_mail(). Also moves the code to exec the + mailer to its own function. + [b1892425667a] + +2019-04-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c: + Set def_mailerflags even if sendmail was not found at configure + time. Fixes a NULL dereference when mailerpath is set but + mailerflags is not. Bug #878 + [6c57f5ddca54] + +2019-04-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/getdelim.c, + lib/util/getline.c, lib/util/parseln.c, + lib/util/regress/getdelim/getdelim_test.c, mkdep.pl, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/sssd.c: + Add a proper getdelim(3) replacement and use it instead of + getline(3). + [2e06e45ffbd6] + + * plugins/sudoers/auth/pam.c: + Restrict the PAM_TTY kludge to Solaris and Linux-PAM. Setting + PAM_TTY to the empty string causes problems with some modules on HP- + UX so restrict it to systems where it is fixes known issues. + [d61f4e20dc67] + +2019-03-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/getgrouplist.c: + Fix the counting of supplementary groups on AIX. We should not + assume that basegid will be present in the list of gids returned by + getgrset(). + [6b5fa2805840] + +2019-03-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/pwutil.c: + Plug a memory leak on user/group lookup failure found by ASAN. + [aff673f310d0] + +2019-03-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/regress/testsudoers/test3.d/root, + plugins/sudoers/regress/testsudoers/test3.sh: + Fix test failure when run by a user other than the file owner. + [c41ea7cfedf8] + + * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/da.mo, + po/da.po, po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/zh_TW.mo, + po/zh_TW.po: + Updated translations from translationproject.org + [484d7b28bdd6] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test1.sh, + plugins/sudoers/regress/cvtsudoers/test10.sh, + plugins/sudoers/regress/cvtsudoers/test11.sh, + plugins/sudoers/regress/cvtsudoers/test12.sh, + plugins/sudoers/regress/cvtsudoers/test13.sh, + plugins/sudoers/regress/cvtsudoers/test14.sh, + plugins/sudoers/regress/cvtsudoers/test15.sh, + plugins/sudoers/regress/cvtsudoers/test16.sh, + plugins/sudoers/regress/cvtsudoers/test17.sh, + plugins/sudoers/regress/cvtsudoers/test18.sh, + plugins/sudoers/regress/cvtsudoers/test19.sh, + plugins/sudoers/regress/cvtsudoers/test2.sh, + plugins/sudoers/regress/cvtsudoers/test20.sh, + plugins/sudoers/regress/cvtsudoers/test21.sh, + plugins/sudoers/regress/cvtsudoers/test22.sh, + plugins/sudoers/regress/cvtsudoers/test23.sh, + plugins/sudoers/regress/cvtsudoers/test24.sh, + plugins/sudoers/regress/cvtsudoers/test25.sh, + plugins/sudoers/regress/cvtsudoers/test26.err.ok, + plugins/sudoers/regress/cvtsudoers/test26.out.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh, + plugins/sudoers/regress/cvtsudoers/test27.sh, + plugins/sudoers/regress/cvtsudoers/test28.sh, + plugins/sudoers/regress/cvtsudoers/test29.sh, + plugins/sudoers/regress/cvtsudoers/test3.sh, + plugins/sudoers/regress/cvtsudoers/test30.sh, + plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.err.ok, + plugins/sudoers/regress/cvtsudoers/test32.out.ok, + plugins/sudoers/regress/cvtsudoers/test32.sh, + plugins/sudoers/regress/cvtsudoers/test33.sh, + plugins/sudoers/regress/cvtsudoers/test4.sh, + plugins/sudoers/regress/cvtsudoers/test5.sh, + plugins/sudoers/regress/cvtsudoers/test6.sh, + plugins/sudoers/regress/cvtsudoers/test7.sh, + plugins/sudoers/regress/cvtsudoers/test8.sh, + plugins/sudoers/regress/cvtsudoers/test9.sh: + Test cvtsudoers stdout and stderr separately. Fixes a test failure + on systems with musl libc. Bug #873 + [e82a381f4f3d] + +2019-03-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/starttime.c, src/ttyname.c: + Better comment about EOVERFLOW and pstat_getproc(). Also remove some + useless casts. + [09a915110812] + + * lib/util/closefrom.c: + Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error. It + just means that one of the fields in pstat lacks the precision to + store a value. That's not an issue for pst_highestfd. + [bb7ed18e360b] + + * sudo.pp: + update copyright year + [cff8184aeb11] + +2019-03-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/load_plugins.c: + Fix error message when a fully-qualified plugin path does not exist. + [318f7511c9bc] + +2019-03-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix unescaped '\' and remove an extra '[' in the definition of + digest. + [9ea1a400ebc9] + +2019-03-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Ignore carriage return before a linefeed. This allows sudo to parse + files with DOS-style line endings. + [65882b63a84d] + +2019-02-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + For sssd, the nsswitch.conf setting should be "sss" not "sssd". From + Johnathan Smith. + [5c07130d1bbc] + +2019-02-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Add simple API for to allow reading environment data from different + sources. Currently, this is used to read a file like + /etc/environment. + [ce9161899719] + +2019-02-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Fix pasto; the unrestricted env file was read when we want the + restricted one. + [23b0b3c473db] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.h, + plugins/sudoers/parse.h, plugins/sudoers/strlist.c, src/sudo.h: + Be sure to include sudo_queue.h where needed instead of relying on + other headers. + [fe9418a9b378] + +2019-02-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/util.exp.in: + Only export sudo_arc4random_uniform() if arc4random_uniform() is + missing. + [e32a7243976d] + + * lib/util/regress/vsyslog/vsyslog_test.c: + Quiet a warning on gcc 8 + [fe8cad6564e2] + + * include/sudo_compat.h: + AIX 7.1 defines O_CLOEXEC but it can't be used outside the kernel. + Redefine O_CLOEXEC if it doesn't fit in an int and pipe2() is + missing. + [3ef0220351ca] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, + plugins/sudoers/parse.h: + Split command match code out into match_command.c. Also remove + unused SUDOERS_NAME_MATCH code. + [2a7adb93a65e] + +2019-02-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match_digest.c: + Split out digest matching into its own file. + [93863918f934] + + * plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/parse.h: + Split out digest matching into its own file. + [aafdc9b976ed] + +2019-02-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. Fixes a + namespace collision on Solaris when bison is used. + [707b94b7c1e9] + +2019-02-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + Add stub definition of digest_matches() for SUDOERS_NAME_MATCH + [a322e57c85e0] + + * plugins/sudoers/sudo_nss.c: + No longer need to include sudo_lbuf.h + [db110422b24c] + + * mkpkg: + On RedHat/CentOS get the OS major version from /etc/redhat-release. + We cannot determine this from the output of "pp --probe" since it + doesn't contain a period to separate the major and minor numbers. + [78a27d62de0c] + +2019-02-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Use SET macro instead of bitwise OR. + [b523937e8da8] + + * plugins/sudoers/pwutil_impl.c: + In sudo_make_grlist_item() the calculation of total did not include + space for pointers to the group names. + [7c438dd62f45] + + * plugins/sudoers/cvtsudoers_pwutil.c: + Use correct debug_decl() names. + [d0f02db8be20] + + * plugins/sudoers/sudoers.h: + Add fallback values for sudoers uid, gid and mode if not set in + Makefile. + [21e41ed7a06c] + +2019-02-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/memset_s.c: + include stddef.h to make sure we get NULL + [d42b4c325c0c] + +2019-02-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/net_ifs.c: + Fix memory leak when there are no network interfaces or an error + occurs. + [7ba525ee9233] + +2019-01-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + Use $ac_cv_search_FUNCTION instead of $ac_lib and $ac_res. Fixes a + problem where libcrypt is not used with autoconf caching. Adapted + from a diff from Adam Labbe. + [5cfcade6ce3e] + +2019-01-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * po/de.mo, po/de.po, po/ko.mo, po/ko.po: + Updated translations from translationproject.org + [4995f6542a2c] + +2019-01-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c: + Fix listpw=never and verifypw=never. Bug #869 + [ecb89088a884] + +2019-01-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sig2str.c, + plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_pwutil.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, + plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c, src/sudo.c, src/ttyname.c: + Minor snprintf() usage tweaks: 1) don't assume snprintf() returns -1 + on error, check for <0 2) when comparing return value of + sizeof(foo), cast the sizeof, not the len 3) cast return value to + void in cases where snprintf cannot fail + [2af6dfb31a49] + +2019-01-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + The AIX nofiles hard limit fix and bug #867 will make 1.8.27. + [a8b4710ff907] + + * plugins/sudoers/auth/pam.c: + Use PAM_SILENT to prevent pam_lastlog from printing last login + information on RedHat except when explicitly running a shell. + Adapted from a patch from Nir Soffer. Bug #867 + [b8b5d3445a3c] + + * lib/util/aix.c: + Fix the default nofiles and stack hard limits. The table of default + hard limits in /etc/security/limits was out of date with respect to + the current documentation. The default hard limit for nofiles should + be unlimited, not 8196. The default hard limit for stack should be + 4194304 blocks (which fits in an unsigned long on 32-bit platforms). + [68c8c05a0b9b] + +2019-01-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + regen + [3000c62ed0ba] + + * NEWS: + Final updates for sudo 1.8.27. + [40d6ecb1f739] + + * src/exec_pty.c: + Update copyright year + [adc9f4046585] + + * doc/LICENSE: + Update for 2019 + [ccbbad25d7c7] + +2019-01-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Fix setting of utmp entry when running command in a pty. Regression + introduced in sudo 1.8.22. + [cf81f3fa1f3a] + +2018-12-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Use debug_return_int not debug_return_bool in resolve_host + [490241e14e68] + + * NEWS, configure, configure.ac: + sudo 1.8.27 + [f59a4a391a44] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c: + Allow the sudoers file to be specified without the -f option. Bug + #864 + [eb3d4c4461ba] + +2018-12-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The iolog_dir section is below the maxseq section, not above. + [35534e4f23d9] + +2018-12-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo, + po/ja.po: + Updated translations from translationproject.org + [270660da2de4] + +2018-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoreplay.c: + Add -n and -R options to help; reported by Radovan Sroka + [683df32eb950] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Add missing description of padding option and missing argument to + -c. + [c762020f1694] + + * plugins/sudoers/cvtsudoers.c: + The -c option was missing from the help info; from Radovan Sroka + [aa36d5c05b0b] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Fix some typos; reported by Radovan Sroka + [d6137224dd47] + +2018-12-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/pam.c: + In sudo_pam_approval(), for the exempt case, only overwrite pam + status when the passwd is expired or needs to be updated. + [2c2d1ed1bb7e] + +2018-12-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/pam.c: + The fix for bug #843 was incomplete and caused pam_end() to be + called early. sudo_pam_approval() must not set the global pam status + to an error value if it returns AUTH_SUCCESS. Otherwise, + sudo_pam_cleanup() will call pam_end() before + sudo_pam_begin_session(). This resulted in a NULL PAM handle being + used in sudo_pam_begin_session(). + [656aa910fbaf] + +2018-12-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec.c: + Don't run the command in a pty if no I/O plugins are logging + anything. That way an I/O plugin that doesn't actually log anything + won't cause the command to be run in a pty. + [ef83f35c9cb0] + +2018-11-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgignore: + Update ignore patterns to match doc changes. + [7438cdacc0e1] + + * doc/fixmdoc.sed: + fix mode fixmdoc.sed + [d74c0b7c5932] + +2018-11-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.man.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Fix section in the .TH line of *.man.in file. The substitution for + @mansectsu@ and @mansectform@ was broken. No longer need to strip + out OpenBSD from the header line. + [cb02c8496b21] + + * doc/sudoers.man.in.sed: + Add sudoers.man.in.sed, missed from previous commit. + [a2113a52e6a7] + + * doc/CONTRIBUTORS: + Add Guillem Jover + [db7a39f9726a] + + * NEWS: + recent changes + [0c07a0cdf2ff] + + * MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sed, + doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.in.sed, + doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Use roff conditionals in the manuals instead of post-processing. We + still need to process the resulting .man.in files to add back the + conditionals but this should be easier to debug as the changes are + visible in the .in file. Some minor postprocessing is still used to + make the manuals HP-UX friendly and to change "0 seconds" -> + unlimited after substitution. + [44316d271ab8] + +2018-11-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Sudo plugin manual updates and clarification from Guillem Jover: + - Add missing return information for show_version(). + - Fix prototypes for several function pointers. + - Update SUDO_API_VERSION_MINOR. + - Add missing references to log_suspend() and change_winsize(). + - Add missing "array.". + - Clarify that argc can be zero on sudo -V. + - Clarify size requirements for conversation array arguments. + - Clarify timeout zero value for struct sudo_conv_message. + - Clarify initial and final state of reply in struct sudo_conv_reply. + [1241cff4dd51] + + * doc/fixmdoc.sh, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Revert changes to give arguments to the .Bx macro. This is intended + for things like .Bx 4.3 to generate "4.3BSD" so the argument ends up + before the BSD, not after. Just go back to using "BSD + authentication" and "BSD login classes" so fixmdoc.sh can operate + correctly. Bug #861 + [c58965343318] + +2018-11-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/fixmdoc.sh, doc/sudo.mdoc.in, doc/sudoers.mdoc.in: + Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals. + Bug #861 + [7ddfb74781a1] + +2018-11-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, m4/sudo.m4, src/utmp.c: + Add support for utmps as found in HP-UX. + [f55312948139] + +2018-11-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, include/sudo_util.h, + lib/util/utimens.c: + Support st_nmtime in struct stat as found in HP-UX. + [0854b34cd2ea] + + * lib/util/closefrom.c: + If fcntl fails, fall back to the /proc implementation. + [59a03e0d3148] + +2018-11-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Mention schema.olcSudo + [320adcd29a61] + +2018-11-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention schema.olcSudo here too. + [a19dff54603b] + + * MANIFEST, README.LDAP, doc/CONTRIBUTORS, doc/schema.OpenLDAP, + doc/schema.olcSudo: + OpenLDAP schema file for Sudo in on-line configuration (OLC) format. + From Frederic Pasteleurs. + [1fcfa9f307a2] + + * po/ast.mo, po/ast.po: + Updated translations from translationproject.org + [70f0ec8c721c] + +2018-11-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/closefrom.c: + Only use closefrom_fallback() if no better method exists. The + previous logic was too fragile. + [2510928e291f] + +2018-11-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo, + po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + Updated translations from translationproject.org + [898154804015] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/pt.mo, + plugins/sudoers/po/pt.po, po/pt.mo, po/pt.po: + Portuguese translation for sudo and sudoers from + translationproject.org. + [4c49e5cf8936] + +2018-11-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, configure, configure.ac, include/sudo_fatal.h, + lib/util/Makefile.in, lib/util/fatal.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn + and gai_log_warning that use gai_strerror() instead of strerror(). + [9c37c5db3293] + +2018-10-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + Fix memory leak in runaslist_matches(). + [f1366ad50eb3] + +2018-10-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + typo + [fc8aa243672a] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [f333405eb06c] + + * NEWS: + More updates for 1.8.26 + [1941961b232f] + +2018-10-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_util.c, + plugins/sudoers/regress/cvtsudoers/test33.out.ok, + plugins/sudoers/regress/cvtsudoers/test33.sh: + Add support for negated sudoRunAsUser and sudoRunAsGroup entries. + [d0368336d92b] + +2018-10-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that the target user's groups may be specified via the -g + option. + [67b7643e3bcb] + + * plugins/sudoers/tsgetgrpw.c: + Include getpwent() version of sudo_getgrouplist2_v1() from + getgrouplist.c + [60aa493504d1] + + * MANIFEST, plugins/sudoers/regress/testsudoers/group, + plugins/sudoers/regress/testsudoers/test1.sh: + Use a testsudoers group file with known contents instead of the + system one. + [7a4499c92acd] + + * plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/set_perms.c: + Allow the group set by "sudo -g" to be any of the target user's + groups. Previously, this was only allowed if the group matched the + target user's primary group ID (from the passwd database entry). The + sudoers policy will now allow the group if it is one of the target + user's supplemental groups as well. + [c43fedc19a01] + +2018-10-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/regress/getgrouplist/getgrouplist_test.c: + Skip sudo_getgrouplist2() check on systems with getgrouplist_2(). + sudo_getgrouplist2() is just a wrapper on such systems and this + avoids a test failure on macOS where a user is automatically a + member of certain groups. + [26ba0c363b80] + + * lib/util/util.exp.in: + Add missing exported symbol sudo_term_eof + [2d8e0438eba4] + + * plugins/sudoers/ldap_conf.c: + Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT Fixes problems + building on older LDAP sdks. + [1effb0f19867] + + * MANIFEST: + add getgrouplist_test.c + [ca5bae341846] + + * lib/util/regress/getgrouplist/getgrouplist_test.c: + Check the user's primary gid from the passwd file too. + [60ba98074d75] + + * .hgignore: + ignore prologue + [589222ec2717] + + * lib/util/aix.c, lib/util/arc4random.c, + lib/util/arc4random_uniform.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, + lib/util/getentropy.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c, + lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c, + lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c, + lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, + lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c, + lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, + plugins/sudoers/strlist.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c, + src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, + src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Convert PVS-Studio comment to ANSI C. + [31f2aefe6d9b] + + * Makefile.in, doc/Makefile.in, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in, + doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in, + include/sudo_lbuf.h, lib/util/Makefile.in, lib/util/digest.c, + lib/util/digest_gcrypt.c, lib/util/digest_openssl.c, + lib/util/lbuf.c, lib/util/setgroups.c, lib/util/ttysize.c, + lib/zlib/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/base64.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/gentime.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/system_group/Makefile.in, src/Makefile.in, src/sesh.c, + src/sudo_usage.h.in: + Fix some mangled text in the license block. + [86b88fbda4b4] + + * lib/util/Makefile.in, + lib/util/regress/getgrouplist/getgrouplist_test.c, + lib/util/regress/parse_gids/parse_gids_test.c: + Add regress test for sudo_getgrouplist2(). This test assumes all the + groups in root's group list can be resolved by group ID. + [48564f85b7ed] + +2018-10-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + More changes in 1.8.26 + [fe81e3e4b653] + + * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test31.conf, + plugins/sudoers/regress/cvtsudoers/test31.out.ok, + plugins/sudoers/regress/cvtsudoers/test31.sh, + plugins/sudoers/regress/cvtsudoers/test32.out.ok, + plugins/sudoers/regress/cvtsudoers/test32.sh: + Add padding option to cvtsudoers. Bug #856 + [6e31b0e37ba1] + + * lib/util/getgrouplist.c: + Remove an errant grset++ in the AIX version of sudo_getgrouplist2(). + Bug #857 + [03b19227cab2] + +2018-10-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. + Since we don't auto-generate dependencies for sudo_noexec.c we can't + easily check it from outside the source tree. This is not a problem + as it just contains stub functions. + [3cf842d30e45] + + * MANIFEST, doc/CONTRIBUTORS, po/ast.mo, po/ast.po: + Asturian translation for sudo from translationproject.org + [dc0b31fa013c] + +2018-10-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/gettime.c: + Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present on + macOS. + [5f34c8de0707] + + * INSTALL, configure, configure.ac: + Add --enable-pvs-studio configure option to create PVS-Studio.cfg. + [772e86227c11] + + * lib/util/aix.c, lib/util/arc4random.c, + lib/util/arc4random_uniform.c, lib/util/closefrom.c, + lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c, + lib/util/getentropy.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c, + lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c, + lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c, + lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c, + lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c, + lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c, + plugins/sudoers/digestname.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/env_pattern.c, + plugins/sudoers/file.c, plugins/sudoers/filedigest.c, + plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, + plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/regress/starttime/check_starttime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/starttime.c, + plugins/sudoers/strlist.c, plugins/sudoers/stubs.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c, + src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, + src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Add comments in .c files so PVS-Studio will check them. + [b42b6dcb48a6] + + * .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + mkdep.pl, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add pvs-studio target and associated production rules. + [3dbcef5ac205] + +2018-10-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog_util.c: + Simplify range checks. No need to check for ERANGE in the cases + where we also check that the value is <= INT_MAX. Found by PVS- + Studio. + [45810a8437b6] + +2018-10-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/key_val.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/toke_util.c, + src/preserve_fds.c: + Avoid some PVS-Studio false positives. + [e4d8ce94fda7] + + * src/sudo.c: + Remove some calls to sudo_fatalx(); just propagate the error return. + [bc9eefbf0cdf] + + * src/sesh.c: + No need to check if fd_dst is -1 in sudoedit mode. Failure to open + the destination sudoedit file is fatal so there's no need to check + that fd_dst != -1 later on. Found by PVS-Studio. + [5530586ace16] + + * plugins/sudoers/timestamp.c: + In timestamp_open() no need to free cookie on error, it is NULL. + Found by PVS-Studio. + [becfe97c72f8] + +2018-10-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap_util.c: + Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). + Coverity CID 188804 + [1bea56670410] + + * plugins/sudoers/parse_ldif.c: + Move the allocation of role to be immediately before in_role is set. + This makes it clear that when in_role == true, role is non-NULL. + Also remove two dead stores. + [790d90c578c8] + + * plugins/sudoers/parse_ldif.c: + Fix trimming of non-escaped trailing space in + ldif_parse_attribute(). Found by PVS-Studio. + [37fded3c77a4] + + * plugins/sudoers/match.c: + Simplify the logic surrounding sudoers_args in command_args_match(). + We only need to check that sudoers_args is non-NULL once. Found by + PVS-Studio. + [93c967145e82] + + * plugins/sudoers/ldap.c: + If sudo_ldap_get_values_len() fails goto cleanup instead of oom. + This is not strictly necessary as there's not anything to cleanup in + this case but it is more consistent with the code that follows. + [d0d8b8b8dca8] + + * plugins/sudoers/policy.c: + Fix handling of timeout values in sudoers. When passing the timeout + back to the front end, ignore the user-specified timeout if it is + not set (initialized to 0). Otherwise, sudo would choose a zero + user-specified timeout over the sudoers-specified timeout (non- + zero). + [6b08b3b918b7] + +2018-10-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_pwutil.c: + Fix cut & pastos in cvtsudoers_make_gritem() + [bd901c0394ba] + + * plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok: + Fix expected test output now that command_timeout is parsed + correctly in LDIF. + [ba6cfd26330e] + + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + tv_nsec can never be negative after timespecsub. Found by PVS Studio + [ecfb93c9463c] + +2018-10-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Avoid potentially undefined behavior. Found by PVS Studio. + [ae76c69e0d6f] + + * plugins/sudoers/ldap_util.c: + sudo_ldap_parse_option() never returns '=' as the operator. When + parsing command_timeout, role, type, privs and limitprivs, check + that val is non-NULL instead. Found by PVS Studio. + [10f8cff7cce7] + + * plugins/sudoers/Makefile.in, plugins/sudoers/toke.c: + Fix up #line entries that reference lex.sudoers.c. + [c724cef37b66] + +2018-10-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog.h, plugins/sudoers/iolog_util.c: + Fix workaround for broken sudo 1.8.7 timing files. + [78ef3625c650] + + * plugins/sudoers/parse_ldif.c: + Fix memory leak when reusing the runas list. We need to free the + member list itself as well as its contents. + [62fb86a5c83f] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Some DIAGNOSTICS updates: Update error message for when the user's + uid does not exist in passwd. Remove "This error indicates" and some + other cosmetic cleanups. + [c73841e03014] + + * src/sudo.c: + If the user's passwd entry cannot be resolved via the uid, use the + same error message as visudo. + [ce596b32dfbb] + +2018-10-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Add a DIAGNOSTICS section with an explanation of the more non- + trivial error messages. + [775419794f7d] + + * plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c: + Replace sudo_fatal(NULL) with an "unable to allocate memory" message + that includes the function name. + [26e19bcc0ce8] + +2018-10-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/tgetpass.c: + Make EOF handling while reading the password prompt more like + getpass(3). We now return the password as long as at least one + character has been read. Previously, EOF at the password prompt was + treated as if nothing was entered. + [fc2ed4a87e6f] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [2aee8680abc3] + + * src/tgetpass.c: + Print a warning for password read issues. Issues include: timeout at + the password prompt, read error while reading the password, and EOF + reading the password. + [df1dcebe9ffa] + +2018-10-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/term.c, src/tgetpass.c: + Handle EOF on password input when pwfedback is enabled. + [4958978fc967] + +2018-10-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.mdoc.in: + Fix remaining instances of "e.g." without a trailing ','. + [8cbf11c04b3c] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, + doc/sudoers_timestamp.mdoc.in: + Use mdoc macros for BSD systems. All manuals now pass "make lint" + [7f23209a5e1c] + + * doc/Makefile.in: + Use -Wstyle with -Tlint since sudo is not part of the base system. + This avoids "referenced manual not found" and "operating system + explicitly specified" warnings. + [e417e972a88a] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document log_suspend() and fix the description of the + change_winsize() return value. + [be02b0fb26a9] + +2018-10-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix problems found by igor. Bug #854 + [4ddcb625f3b7] + + * doc/Makefile.in: + Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed + twice). + [abb2baac9373] + + * doc/Makefile.in: + Add igor target to run igor(1) on the manuals. + [64be7fb868b3] + +2018-10-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Add new -S option to sleep while the command was suspended. The + default behavior is now to not consider the time the command was + suspended as part of the normal inter-event delay. + [bb30f7b28126] + + * MANIFEST, include/sudo_plugin.h, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h, + plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/sudoreplay.c, src/exec_pty.c: + Add a suspend event type to the I/O log to log suspend/resume of the + command so we can skip that delay during replay. + [8091d1835a31] + + * src/exec_pty.c, src/sudo.c, src/sudo.h: + Initialize the pty rows/cols based on the values we stored in + user_details. This fixes a minor issue where we would send an extra + window size change event the first time the command was suspended. + [b2ae9be4d1d6] + +2018-09-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_conf.c, + plugins/sudoers/sudo_ldap_conf.h: + Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf. + [f07a14ae05cb] + +2018-09-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_util.h, plugins/sudoers/defaults.c, + plugins/sudoers/iolog_util.c, + plugins/sudoers/regress/starttime/check_starttime.c: + Move definition of TIME_T_MAX to sudo_util.h + [469c36d44950] + + * NEWS, doc/UPGRADE: + Changes in 1.8.26 (so far). + [5c73b0d8c676] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/env.c: + Treat LOGIN, LOGNAME and USER specially. If one is preserved or + deleted we want to preserve or delete all of them. + [ea1782686195] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/env.c, + plugins/sudoers/logging.c, plugins/sudoers/regress/visudo/test6.sh: + Remove special handling of the USERNAME environment variable. It + used to be set on old versions of Fedora but that hasn't been the + case for some time. It's worth noting that ssh doesn't set USERNAME + either. + [5141bebd99c4] + + * configure, configure.ac: + sudo 1.8.26 + [cfe8d540328e] + +2018-09-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo.c: + Remove unused system_maxgroups argument from fill_group_list(). + [debc4ca9d35f] + + * lib/util/getgrouplist.c: + Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room + for the primary gid. + [fccf07f2e8cf] + +2018-09-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_json.c: + In print_member_json_int() eliminate the need_newline variable and + just move the non-alias expansion printing bits into the else + clause, including the newline and comma printing. + [b40224fc6090] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test30.out.ok, + plugins/sudoers/regress/cvtsudoers/test30.sh: + Add regress test for bug #853 + [31544afc6013] + + * plugins/sudoers/cvtsudoers_json.c: + When expanding an alias in print_member_json_int() avoid printing an + extra comma at the end of the entry. Bug #853. + [e73e09f8569a] + +2018-09-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/CONTRIBUTORS: + Add Kan Sasaki + [ff277fb5b0c9] + + * NEWS, configure, configure.ac: + sudo 1.8.25p1 + [c4f0a69e6356] + + * lib/util/event_poll.c: + Fix a crash in the event system's poll() backend introduced with + support for nanosecond timers. Only affects systems without ppoll(). + Bug #851 + [54e561b11a0f] + +2018-09-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + regen + [04afa00445ef] + +2018-08-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Allow for some clock drift due to ntpd, etc. + [2d72989fe7b1] + + * plugins/sudoers/visudo.c: + If sudo_lock_file() fails for a reason other than the file already + being locked, give the user a chance to edit anyway. + [e5a963ecc083] + +2018-08-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/cvtsudoers/test28.sh: + Quick sort is not a stable sort; use distinct sudoOrder values so + the output is predictable. + [46ebc1169c0c] + + * lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + plugins/sudoers/ldap.c, + plugins/sudoers/regress/parser/check_base64.c: + Fix warnings on OpenIndiana (Illumos) + [1b45d303b338] + + * plugins/sudoers/ldap.c: + Correct ldap_to_sudoers() return value. + [16b0d144b196] + + * NEWS: + Bug #849 + [3e05bad00a44] + + * plugins/sudoers/sssd.c: + The sssd backend used to take the first match, assuming that entries + were sorted in descending order by sudoOrder. That allowed it to + avoid iterating over the entire list of rules. Now that we convert + to a sudoers parse tree, we need to convert rules in ascending + order, not descending. The simplest way to accomplish this is to + simply iterate over the rules from last to first, reversing the sort + order. Bug #849 + [63627909bb10] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test28.out.ok, + plugins/sudoers/regress/cvtsudoers/test28.sh, + plugins/sudoers/regress/cvtsudoers/test29.out.ok, + plugins/sudoers/regress/cvtsudoers/test29.sh: + Add some more ldif -> sudoers tests to verify sudoOrder. + [f41358fbd066] + + * plugins/sudoers/ldap.c: + For conversion to a sudoers parse tree, ldap_entry_compare() now + needs to sort in ascending order, not descending. Bug #849 + [9f23126cded8] + +2018-08-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c: + No need to set input_file for stdin in parse_ldif(); noted by clang + analyzer. + [c852e1c92dd2] + + * plugins/sudoers/iolog_util.c: + Use TIME_T_MAX when parsing the I/O log file timestamp and disallow + negative times. + [bfb17118e584] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_util.c, + plugins/sudoers/iolog_util.h, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/regress/iolog_util/check_iolog_util.c, + plugins/sudoers/sudoreplay.c: + When parsing an I/O log timing line, store the result in a timespec, + not a double. The speed factor (for scaling the delay) in sudoreplay + is still a double but we only need to adjust the delay if the factor + is something other than 1.0. + [39077129d1f9] + + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Fix memory leak in test. + [94fb9f39dfee] + + * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat, + doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat: + regen + [f2850c2f733a] + +2018-08-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/env.c: + Update conversion of DID_* to KEPT_* to match the new values of + DID_* and KEPT_*. + [6ce1bc30a4d1] + + * NEWS, plugins/sudoers/env.c: + Set the LOGIN environment variable on AIX like we do LOGNAME. + [e6afb82d918c] + +2018-08-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, m4/sudo.m4, + plugins/sudoers/bsm_audit.c: + Add a test for the 4-argument au_close() function found in Solaris + 11 instead of assuming it is present if __sun is defined. Fixes a + compilation error on OpenIndiana and older Solaris versions. + [4a4f91e28bbc] + + * doc/CONTRIBUTORS: + Add Miguel Sanders and Scott Cheloha + [14aca7309a0a] + + * NEWS: + testsudoers changes + [f008d473c933] + + * plugins/sudoers/Makefile.in, plugins/sudoers/testsudoers.c: + Add ldif support to testsudoers + [321f11b7badd] + +2018-08-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c: + Move ldif -> sudoers conversion code into parse_ldif.c + [497d55799d5b] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/strlist.c, + plugins/sudoers/strlist.h: + Move string list functions to their own file. + [a15902cde4eb] + + * lib/util/Makefile.in: + sync + [9b1f98d4335f] + +2018-08-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in: + Backward ABI compatibility for even functions that use a timeval. + [01d9e617a923] + + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + Use a monotonic timer for the event subsystem. + [acf30905a275] + + * config.h.in, configure, configure.ac, include/sudo_event.h, + lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + plugins/sudoers/iolog_util.h, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c: + Use struct timespec, not struct timeval in the event subsystem. Use + ppoll() or pselect() if avaialble which use timespec. + [b1bfccec8b13] + +2018-08-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgignore: + sync + [193fd33e9864] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c: + Eliminate most use of parsed_sudoers in cvtsudoers + [0d0504f61e3e] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Make alias_apply() take 3 arguments, the first being a pointer to + the struct sudoers_parse_tree. + [7802295c07fa] + +2018-08-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c: + Handle systems where root's gid is not 0. + [1fc92bad715a] + + * plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h: + Add missing files from last commit. + [a155e07bb191] + + * .hgignore, MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/po/sudoers.pot, + plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c, + plugins/sudoers/sudoreplay.c: + Add regress test for I/O log plugin endpoints + [bf9fbe5ff2a6] + + * plugins/sudoers/iolog.c: + We cannot reuse last_time for the I/O log info file now that it is a + monotonic timer. Just call time(3) in write_info_log() directly. + [f2e1de732a91] + + * src/exec_pty.c: + Move the loop to free the monitor_messages list into + free_exec_closure_pty() + [d6edc1a94e7e] + + * po/sudo.pot: + regen + [6467f05a2fd0] + +2018-08-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * lib/util/getentropy.c: + Fix typo in last commit. + [38f3450b57fb] + + * config.h.in, configure, configure.ac, lib/util/getentropy.c: + Do not assume all Linux has linux/random.h. Add missing + sys/syscall.h include + [8460f258e1af] + + * plugins/sudoers/policy.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Cast uid/gid to unsigned int before printing. + [37fcab8b4f97] + + * include/sudo_compat.h: + Only include stdarg.h if we need it. + [c266d34454ba] + + * plugins/sudoers/bsm_audit.c, plugins/sudoers/timestamp.c: + fix compiler warnings on Solaris 11 + [6c92c438a38e] + + * lib/util/getentropy.c: + Fix setting of errno when gotdata() fails. + [4fab71fa575f] + + * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c, + src/sudo_noexec.c: + Include stddef.h for offsetof() definition. + [15d13ae1ba46] + + * NEWS: + Bugs 846 and 847 + [a0ba7ad24812] + + * include/sudo_compat.h: + We still need to include string.h for AIX (and possibly others) when + we are not using the system memset_r() function and rsize_t is + defined by the system headers. + [e1f8f7537209] + + * configure, configure.ac, include/sudo_compat.h, mkpkg: + Add --enable-package-build to give configure a hint that we are + building a package. This can be used to avoid relying on libc + functions that may not be present in all libc versions for a + particular system. For instance, AIX 7.1 may or may not have + memset_s() and getline() present. + [7e843bed8435] + + * include/sudo_compat.h: + AIX defines rsize_t in string.h, not stddef.h for use by the + memset_s() prototype. We use our own memset_s() on AIX since it is + not available on all BOS levels which makes package building + problematic. + [3724b47eadd8] + +2018-08-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c: + Fix printing of T_TIMESPEC values. + [8775c17229a4] + + * plugins/sudoers/iolog.c: + Remove unused struct script_buf + [fd27f67123b3] + +2018-08-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Document when the I/O log timing file entry bug was introduced. + [09a75d80487e] + + * NEWS: + sync + [95fd54c61719] + + * config.h.in, configure, configure.ac, lib/util/gettime.c: + HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() + instead. + [3ec7d99444c0] + + * src/exec_monitor.c, src/exec_pty.c: + Close the pty slave in the parent so that when the command and + monitor exit, the pty gets recycled without our having to close it + directly. + [fec53753cf52] + + * lib/util/term.c, src/exec_monitor.c, src/exec_pty.c, src/sudo.h: + Move updating of the window size to the monitor process. This will + allow us to close the slave in the main sudo process in the future + so only the command and monitor have it open. + [07108a1c2edc] + + * configure, configure.ac: + sudo 1.8.25 + [4938ba570787] + + * plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok: + Fix test output for bug #845 + [ee6f2d615bd8] + + * plugins/sudoers/ldap_util.c: + Fix pasto when converting sudoNotAfter; from Miguel Sanders Bug #845 + [69638cd6da60] + +2018-08-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * aclocal.m4, config.h.in, configure, configure.ac, + include/sudo_util.h, lib/util/gettime.c, lib/util/util.exp.in: + Add sudo_gettime_uptime() to measure time while not sleeping. + [a128e7d51740] + + * plugins/sudoers/iolog.c: + Use a monotonic timer that only runs while not suspended for the + iolog timing values and write nsec-precision entries. + [7f37f0b24ce7] + +2018-08-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * mkpkg: + Detect number of CPUs on AIX. + [2b7c62b42da2] + + * plugins/sudoers/iolog.c: + Fix I/O log timing file on systems without a C99-compatible + snprintf(). On those systems we use our own snprintf() that doesn't + support floating point. We don't actually need floating point in + this case since the we can print seconds and microseconds without + using it. + [4ea419ac5bee] + + * NEWS: + Fix for Bug #844 + [51cfeb79669c] + + * src/sudo_edit.c: + Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY + is not. In theory, O_DIRECTORY is redundant when O_SEARCH is + specified but it is legal for O_EXEC and O_SEARCH to have the same + value. Bug #844 + [fb75d75c7249] + +2018-08-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + sync + [2be1b619a06a] + + * plugins/sudoers/starttime.c: + Fix get_starttime() on HP-UX. + [329a4ad9f4ef] + + * mkpkg: + Detect number of CPUs on HP-UX. Use MAKE environment variable if + set. + [c95ab5d6d392] + + * src/net_ifs.c: + Avoid a compilation problem on HP-UX 11.31 with gcc and + machine/sys/getppdp.h + [b861e894271b] + +2018-08-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/Makefile.in: + Add CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX + executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld is + passed the +s flag. This lets the check_symbols test pass on systems + where the ldap libraries aren't installed in the standard location. + [c2d6d3248fa4] + +2018-08-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/Makefile.in: + For the lint target, don't stop after the first manual that fails + lint. + [8a80d8e7b540] + + * plugins/sudoers/timestamp.c: + Add debugging info so we can tell why a timestamp record doesn't + match. + [99ede76f9835] + +2018-08-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + typo + [8a5a11b921ea] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo, + po/da.po: + sync with translationproject.org + [19f7eba39013] + +2018-08-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/iolog.c: + Fix the return value of sudoers_io_change_winsize() on success. + Otherwise, we only log a single window size change. + [d6cdab99f6f9] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + sync with translationproject.org + [4109b52f393f] + +2018-08-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + sync + [1448675b44aa] + +2018-08-07 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix ambiguity when talking about Aliases. We can't use User_Alias in + the grammar as both the definition of the Alias as well as its name. + This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate + between the name of the alias and its definition. Bug #834 + [06678d12306f] + + * doc/cvtsudoers.cat, doc/sudoreplay.cat: + regen + [d7237381675a] + + * Makefile.in: + Warn if unable to run xgettext or msgfmt. + [d0cbba35cd49] + +2018-08-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/ja.mo, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo: + sync with translationproject.org + [d1deb5cb5eb3] + +2018-08-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Refactor code to convert defaults to tags and do conversion on + output for "sudo -l". + + Remove the short_list (was long_list) global in favor of a verbose + argument. + [eae1e1e814e0] + +2018-08-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/policy.c: + Assign short_list true, not 1 now that it is a boolean. + [10354cd29439] + + * plugins/sudoers/fmtsudoers.c: + fix typo + [ad7e93f375ba] + +2018-08-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/rcstr.c: + Fix a warning on FreeBSD which has a fancier __containerof + implementation. + [b5106a524232] + + * plugins/sudoers/po/de.po, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.po, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po: + sync with translationproject.org + [ae5353cbeac4] + +2018-08-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * aclocal.m4, autogen.sh, config.h.in, configure: + Regen with aclocal 1.15.1. + [22c02e451333] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + For ldap/sssd, include defaults in the generate privilege unless we + are listing in short mode (in which case we convert them to tags if + possible). Fixes a problem where sudoOptions were not being applied + to the command. + [b21267488971] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + update_defaults() needs to be able to take a defaults_list for the + ldap/sssd backends which support per-role defaults. + [ddbb07881a46] + +2018-07-31 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + regen + [29c5a09aaeaf] + +2018-07-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Update + [045b535f84b9] + +2018-07-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/file.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + o Move userspecs, defaults and aliases into a new struct + sudoers_parse_tree. o The parse tree is now passed to the alias, + match and defaults functions. o The nss API has been changed so that + the nss parse() function returns a pointer to a struct + sudoers_parse_tree which will be filled in by the getdefs() and + query() functions. + [bddb4676ad0e] + + * lib/util/getgrouplist.c: + Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux. For + BSD/Linux, getgrouplist(3) will tell us the number of groups if we + don't have enough. For AIX, we can count the entries in the group + set before allocating the group vector. + [c278fd947af4] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/sudoers.h: + Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from + pam_acct_mgmt() if authentication is disabled for the user. Bug #843 + [1dc39794cf0d] + +2018-07-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Work around a bug on AIX where closing the pty slave causes the main + sudo process to lose its controlling tty (which was *not* the pty + slave). + [649a25b7f864] + + * src/sudo.c: + Add missing aix_restoreauthdb() call to match the aix_setauthdb() + added in b8a011be9af7. Fixes issues on AIX where local users/groups + may not be resolved when some NIS/AD/LDAP is used for users. + [16e196a7a337] + + * lib/util/getgrouplist.c: + Linux getgrouplist(3) returns the number of groups on success + instead of 0 like BSD. + [599a89afa4f5] + +2018-07-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * mkdep.pl, plugins/sudoers/Makefile.in: + When both a .o and .lo file was used in a Makefile, we used to make + the .o depend on the .lo. Unfortunately, this creates a race + condition for parallel make since libtool is not atomic (it creates + a .o and then renames it when building PIC objects for shared libs). + + We always link with libtool so the only reason to prefer the .o over + the .lo file is to avoid mixing .o and .lo in the dependencies. + That's not a good enough reason so change mkdep.pl to warn when both + a .o and .lo are referenced in a Makefile and do nothing else. + + Bug #842 + [a8d94e6aed9f] + +2018-07-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap.c: + Avoid duplicate free when netgroup_base is invalid. + [5ce39dff77ba] + +2018-07-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/arc4random.h: + Use madvise(2) with MADV_WIPEONFORK if available. + [a11461409569] + +2018-07-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, po/eo.mo, + po/eo.po: + sync with translationproject.org + [01bcfe7b30e5] + + * NEWS: + Update. + [f5e0b1f909bb] + +2018-06-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + sync with schema.OpenLDAP + [d83420d8228d] + + * doc/schema.OpenLDAP: + RFC 2849 specifies whitespace as the space character only so replace + tabs with spaces. Bug #840 + [e9d5de6365ba] + + * doc/schema.OpenLDAP: + Fix typo; bug #839 + [dee2dad738de] + +2018-06-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Should no longer need to set max_groups. + [459119b11265] + +2018-06-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c, + src/sudo.c: + Use new sudo_getgrouplist2() function instead of getgrouplist(). + [8e88b6d3ea6f] + + * configure, configure.ac, include/sudo_compat.h, include/sudo_util.h, + lib/util/Makefile.in, lib/util/getgrouplist.c, lib/util/util.exp.in: + Add sudo_getgrouplist2() to dynamically allocate the group vector. + This allows us to avoid repeatedly calling getgrouplist() with a + statically sized vector on macOS, Solaris, HP-UX, and AIX. + [55480e2ec7c2] + + * src/conversation.c: + Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID + 186605. + [fb6eb518bc4c] + +2018-06-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, + doc/sudoers_timestamp.mdoc.in, doc/visudo.cat, doc/visudo.man.in, + doc/visudo.mdoc.in: + Fix some issues pointed out by mandoc -Tlint + [7ace981c7334] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/conversation.c: + Add SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo + to try writing to /dev/tty first. Can be used in conjunction with + SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG. + [a1e9420a7c5e] + +2018-06-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/LICENSE: + Update for arc4random.c, arc4random_uniform.c and getentropy.c + [168db3c8d590] + +2018-06-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/regress/noexec/check_noexec.c: + FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell + process. Since we've prevented execve() from succeeding this is the + error we get back from wordexp() on FreeBSD. + [2a7a73de30cf] + +2018-06-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/starttime.c: + Fix conversion of usec to nsec; from Scott Cheloha + [26fa756ea623] + +2018-06-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * include/sudo_plugin.h: + Fix typo. + [504256dc4ccc] + +2018-05-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + The getdefs() function now get called multiple times so use the + cached data if present. + [042be7ccab3c] + + * plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c: + Return an empty defaults list, not NULL if there is no global + sudoers defaults entry in sss. + [8e16de465ee2] + + * plugins/sudoers/file.c: + Fix memory leak of handle pointer on close. + [e4eb30e611d4] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Remove a needless copy when parsing options. + [60fe50b736a9] + + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c: + Move cached userspecs and defaults into the handle object. + [37e4df73907d] + +2018-05-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet a clang analyzer warning. It should not be possible for + pop_include() to be called when YY_CURRENT_BUFFER is NULL. + [148d79e5a44e] + + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c: + Reorder things to avoid the need to declare static functions. + [8f27e69fa9cb] + +2018-05-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h, + lib/util/Makefile.in, lib/util/arc4random.c, lib/util/arc4random.h, + lib/util/arc4random_uniform.c, lib/util/chacha_private.h, + lib/util/getentropy.c, lib/util/util.exp.in, mkdep.pl: + Import arc4random() from libressl. This takes an all-in-one approach + instead of the one-file-per-OS approach that libressl takes. The + fallback code does not have as many OS-specific bits as libressl. + [310d65e466bd] + + * lib/util/Makefile.in, lib/util/mktemp.c, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/insults.h: + Use arc4random for mkstemp() and insults. + [b8c7447756f2] + + * MANIFEST, configure, configure.ac, include/sudo_digest.h, + lib/util/Makefile.in, lib/util/digest.c, lib/util/digest_gcrypt.c, + lib/util/digest_openssl.c, lib/util/util.exp.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c, + plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c, + plugins/sudoers/filedigest_openssl.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/sudo_ldap.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Move digest code into libutil + [c53cf5c508eb] + +2018-05-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test25.sh, + plugins/sudoers/regress/cvtsudoers/test26.out.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh, + plugins/sudoers/regress/cvtsudoers/test27.out.ok, + plugins/sudoers/regress/cvtsudoers/test27.sh: + Check for invalid bas64 attributes. + [4218d11c8205] + + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/parser/check_base64.c: + Fix pointer sign warnings. + [5ee724e3956e] + + * plugins/sudoers/cvtsudoers_ldif.c: + Add missing variable declaration for SELinux and Solaris. + [c8084f0508e5] + + * plugins/sudoers/cvtsudoers_ldif.c: + Handle empty string and treat it as safe. + [8029b97d8f4a] + + * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test26.out.ok, + plugins/sudoers/regress/cvtsudoers/test26.sh: + Add support for base64-encoding non-safe strings in LDIF output. + [b9fd1795f4ee] + +2018-05-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/base64.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_base64.c: + Add base64_encode() by Jon Mayo. + [a893ec3dc667] + +2018-05-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/cvtsudoers/test25.out.ok, + plugins/sudoers/regress/cvtsudoers/test25.sh: + Add support for parsing base64-encoded attributes + [262dd9a526de] + +2018-05-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test2.ldif.ok: + rfc2253 says we need to escape " and leading and trailing space. + [1c0105a5eb1b] + + * configure, configure.ac: + Define ZLIB_CONST so we get the const version of the API. + [71a629d0eb4b] + +2018-05-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/parse.c: + Fix logic inversion when handing the authenticate Defaults option + for "sudo -l" and "sudo -v" in long list mode. + [f8157d4c4f03] + + * plugins/sudoers/sssd.c: + Set handle->pw before sss_to_sudoers() since sss_check_user() uses + it. Coverity CID 185651 + [fa646e569352] + + * plugins/sudoers/ldap_util.c: + Fix memory leak on error, CID 185602 + [31c1ab085985] + + * plugins/sudoers/ldap.c: + Some ldap_get_values_len -> sudo_ldap_get_values_len that were + missed before. + [d7f1877531be] + + * plugins/sudoers/ldap_util.c: + When building up the cmndspec, add the actual command member last. + This simplifies the logic regarding the SETENV tag and alsomakes + "out of memory" cleanup simpler. + [d704f3b09ac1] + + * plugins/sudoers/cvtsudoers_ldif.c: + Fix format string mismatch, sudo_order is unsigned. + [ecc398e45b0a] + + * plugins/sudoers/pwutil.c: + Add cppcheck annotation to suppress memory leak false positive. + [d4a0ae57c372] + + * plugins/sudoers/ldap_util.c: + Sudo "ALL" implies the SETENV tag. + [7abc653b4d39] + + * src/parse_args.c: + Only set MODE_PRESERVE_ENV when preserving the entire environment. + Fixes a problem introduced in 1.8.23 where "sudo -i" could not be + used in conjunction with --preserve-env=VARIABLE. Bug #835 + [8ea75ca8fbd2] + +2018-05-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/file.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Add free_userspecs() and free_default() and use them instead of + looping over the lists and calling free_userspec() and + free_default(). + [797221539242] + + * configure, configure.ac: + Depending on the bos level, AIX 6.1 may or may not include + getline/getdelim and AIX 7.1 may or may not include memset_s. Since + we need to build packages that will work on all AIX 6.1 and 7.1 + machines, use our getline() and memset_s emulation. + [f5c427076b2c] + +2018-05-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap_util.c: + Do not leak struct sudo_command when the command is ALL. Coverity + CID 185602. + [d71ca4bc06bc] + + * NEWS, configure, configure.ac: + Sudo 1.8.24 + [7df3df9a3907] + + * plugins/sudoers/sssd.c: + Improve comments about why we need to do a user check and how it + related to netgroups. + [605234ed0935] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add checks for ldap/sss functions failing due to memory allocation + errors. + [0dfeb0d8ecf5] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Let the main sudoers lookup code check the host name. We still check + the user name so it is possible to use a single userspec but this + may change in the future. + [a74699b90213] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/file.c, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Simplify the nss interface such that each sudoers provider fills in + a per-nss list of userspecs and defaults instead of using separate + lookup and list functions. This makes it possible to have a single + implementation of the code for sudoers lookup and listing. + [50de9302de01] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, + plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c, + plugins/sudoers/filedigest_openssl.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, + plugins/sudoers/ldap_util.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + Include parse.h in sudoers.h since it will soon be required. + [196abb590d96] + + * plugins/sudoers/ldap_util.c: + Parse "ALL" as a command correctly. + [d969e7dfdbbc] + +2018-05-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + Add debug warning if lseek() fails (should not be possible). + [d568dc923c7d] + + * plugins/sudoers/match.c: + Fix swapped args of lseek() when rewinding. This didn't cause a + problem because the value of SEEK_SET is 0. + [142591a3f333] + +2018-05-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/parser/check_hexchar.c: + Fix a format-truncation warning in newer gcc by avoiding using %0x + and %0X in the test. We are formatting a single byte so just do it + one nybble at a time. + [7c594a63598f] + + * configure: + Regen with autoconf git commit + e17a30e987d7ee695fb4294a82d987ec3dc9b974 AC_HEADER_MAJOR: port to + glibc 2.25 + [9fe77765c768] + +2018-05-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_ldif.c: + No need to explicitly free role on EOF, it will be freed after the + loop is done. + [8d08c06b7622] + + * plugins/sudoers/policy.c: + Garbage collect the command argv, envp and info vectors since they + are not available at policy close time. + [de22290a8ec5] + + * plugins/sudoers/cvtsudoers_ldif.c: + Plug memory leaks on parse error or when an LDIF entry doesn't match + the dn filter. + [4f48e740eed1] + + * plugins/sudoers/cvtsudoers.c: + Rename variables now that the string list functions are not ldap- + specific. + [640497f70551] + +2018-04-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + Fix typo + [6466295ba962] + +2018-04-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * configure, configure.ac: + fix version + [bfed601130b5] + + * NEWS: + sync + [1c382f2aff27] + + * configure, configure.ac, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [ec28ff5acbd6] + +2018-04-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + O_EXEC for fexecve() not O_SEARCH. + [a156d8b38f31] + + * doc/TROUBLESHOOTING: + Document how to suppress the last login message on Solaris. + [2926b670aca4] + +2018-04-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_json.c: + Fix compilation error with older Sun Studio compilers. + [0f735611642d] + + * NEWS: + Update Bug #831 decription. + [d5e6a2a807b8] + + * MANIFEST, doc/CONTRIBUTORS, po/zh_TW.mo, po/zh_TW.po: + Add Chinese(Taiwan) translation for sudo. + [5a4ba6769cca] + + * plugins/sudoers/match.c: + Move the check for /dev/fd/N until *after* the digest has been + checked. We still need to be able to check the digest even if there + is no /dev/fd/N or fexecve(). + [e0e086b4e764] + +2018-04-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + Rewind the fd after calling sudo_filedigest(). Otherwise, when + running a script via fexecve(), the interpreter may get EOF when + reading /dev/fd/N. This only appears to affect BSD systems with + fdescfs. Bug #831. + [d79f5125cc73] + + * plugins/sudoers/match.c: + In open_cmnd(), return true, not false, if we the /dev/fd/N pathname + is not present. We don't want to fail a match because of this. + [72c4b499c019] + + * NEWS: + Bug #831. + [700646725f45] + + * plugins/sudoers/match.c: + We can only use fexecve() on a script if /dev/fd/N exists. Some + systems, such as FreeBSD, don't have /dev/fd mounted by default. Bug + #831 + [30f7c5d64104] + +2018-04-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po, + plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, + plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, + po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo, + po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo, + po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo, + po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo, + po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [a786a841f30a] + +2018-04-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po, + plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, + plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, + po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo, + po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo, + po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo, + po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo, + po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [268a65ce44cb] + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test23.out.ok, + plugins/sudoers/regress/cvtsudoers/test23.sh, + plugins/sudoers/regress/cvtsudoers/test24.out.ok, + plugins/sudoers/regress/cvtsudoers/test24.sh: + Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers + and LDIF -> sudoers -> LDIF. + [370d4ba4dbb8] + +2018-04-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/regress/cvtsudoers/test22.out.ok, + plugins/sudoers/regress/cvtsudoers/test22.sh: + Test the -b option when converting from LDIF. + [4d65c7c2ed01] + + * plugins/sudoers/cvtsudoers_ldif.c: + Fix the -b option when converting from LDIF. + [f3c1e4dbd61e] + +2018-04-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, + po/it.po: + sync with translationproject.org + [1953956c60fe] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Fix some more typos. + [87fde92a1fa4] + + * doc/Makefile.in: + mandoc now preserves the copyright notice, no need to do it + ourselves + [2c3f6841941a] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Describe the special handling of LOGNAME, USER and USERNAME. Fix + typos reported by aspell. + [e89bd28f4530] + + * src/load_plugins.c: + Fix a memory leak on the error path. + [db5a4678e0e4] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that the editor setting is also used by sudoedit. + [2ae14439efd7] + +2018-04-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Plug memory leak when an I/O plugin is specified in sudo.conf but + the I/O plugin is not configured. + [5b5086d7152a] + + * INSTALL, MANIFEST, NEWS, config.h.in, configure, configure.ac, + plugins/sudoers/Makefile.in, plugins/sudoers/ins_python.h, + plugins/sudoers/insults.h: + Monty Python insults from Philip Hudson + [8330cfc5ea19] + +2018-04-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + add examples + [830ff26a0dbc] + + * doc/sudo.conf.man.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Update copyright year and regen man pages. + [6385891ebaa3] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, + po/uk.po: + sync with translationproject.org + [3495b17becb0] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c: + Prune alias contents when pruning and expanding aliases. This abuses + the userlist_matches_filter() and hostlist_matches_filter() + functions. A better approach would be to call the correct function + from user_matches() and host_matches(). + [0ae5f351b09f] + + * MANIFEST, examples/sudoers, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/cvtsudoers/sudoers, + plugins/sudoers/regress/cvtsudoers/sudoers.defs, + plugins/sudoers/regress/cvtsudoers/test1.out.ok, + plugins/sudoers/regress/cvtsudoers/test1.sh, + plugins/sudoers/regress/cvtsudoers/test10.out.ok, + plugins/sudoers/regress/cvtsudoers/test10.sh, + plugins/sudoers/regress/cvtsudoers/test11.out.ok, + plugins/sudoers/regress/cvtsudoers/test11.sh, + plugins/sudoers/regress/cvtsudoers/test12.out.ok, + plugins/sudoers/regress/cvtsudoers/test12.sh, + plugins/sudoers/regress/cvtsudoers/test13.out.ok, + plugins/sudoers/regress/cvtsudoers/test13.sh, + plugins/sudoers/regress/cvtsudoers/test14.out.ok, + plugins/sudoers/regress/cvtsudoers/test14.sh, + plugins/sudoers/regress/cvtsudoers/test15.out.ok, + plugins/sudoers/regress/cvtsudoers/test15.sh, + plugins/sudoers/regress/cvtsudoers/test16.out.ok, + plugins/sudoers/regress/cvtsudoers/test16.sh, + plugins/sudoers/regress/cvtsudoers/test17.out.ok, + plugins/sudoers/regress/cvtsudoers/test17.sh, + plugins/sudoers/regress/cvtsudoers/test18.out.ok, + plugins/sudoers/regress/cvtsudoers/test18.sh, + plugins/sudoers/regress/cvtsudoers/test19.out.ok, + plugins/sudoers/regress/cvtsudoers/test19.sh, + plugins/sudoers/regress/cvtsudoers/test2.out.ok, + plugins/sudoers/regress/cvtsudoers/test2.sh, + plugins/sudoers/regress/cvtsudoers/test20.conf, + plugins/sudoers/regress/cvtsudoers/test20.out.ok, + plugins/sudoers/regress/cvtsudoers/test20.sh, + plugins/sudoers/regress/cvtsudoers/test21.conf, + plugins/sudoers/regress/cvtsudoers/test21.out.ok, + plugins/sudoers/regress/cvtsudoers/test21.sh, + plugins/sudoers/regress/cvtsudoers/test3.out.ok, + plugins/sudoers/regress/cvtsudoers/test3.sh, + plugins/sudoers/regress/cvtsudoers/test4.out.ok, + plugins/sudoers/regress/cvtsudoers/test4.sh, + plugins/sudoers/regress/cvtsudoers/test5.out.ok, + plugins/sudoers/regress/cvtsudoers/test5.sh, + plugins/sudoers/regress/cvtsudoers/test6.out.ok, + plugins/sudoers/regress/cvtsudoers/test6.sh, + plugins/sudoers/regress/cvtsudoers/test7.out.ok, + plugins/sudoers/regress/cvtsudoers/test7.sh, + plugins/sudoers/regress/cvtsudoers/test8.out.ok, + plugins/sudoers/regress/cvtsudoers/test8.sh, + plugins/sudoers/regress/cvtsudoers/test9.out.ok, + plugins/sudoers/regress/cvtsudoers/test9.sh: + cvtsudoers regress tests + [72fd218b5036] + +2018-04-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Fix typo + [e572c36919b7] + + * plugins/sudoers/cvtsudoers.c: + Fix cut & pasto that prevented "-d command" from working. + [6e4ff7f23d0a] + +2018-04-13 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Fix a user after free crash as well as a memory leak when filtering + Defaults. + [9bdd404ae6a4] + +2018-04-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Document that a User_Alias or Host_Alias may be used in the match + filter. + [49b9306a6a6d] + + * plugins/sudoers/fmtsudoers.c: + Don't always expand aliases when formatting a host-based Defaults + line. This was missed when expand_aliases support was added. + [ef12a033306c] + + * plugins/sudoers/cvtsudoers.c: + Allow host and user aliases to be specified in match filters. + [6bc8c0da4578] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update copyright year. + [e9c2eb23def1] + +2018-04-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/da.mo, + po/da.po, po/hr.mo, po/hr.po, po/hu.mo, po/hu.po, po/pt_BR.mo, + po/pt_BR.po, po/tr.mo, po/tr.po: + sync with translationproject.org + [4a0811073374] + +2018-04-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/parse.h: + When the -d option is used, remove aliases used by the non-converted + Defaults settings if the aliases are not also referenced by + userspecs. + [d07c4254b3dd] + +2018-04-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [9a4d88b2a965] + + * NEWS: + update + [6ef9dde8fc9a] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Mention -p and -M options in the description of -m. + [b20abfd14164] + +2018-04-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo_edit.c: + Check sudoedit temporary directory for writability before using it. + [1e29ade3f4b2] + + * plugins/sudoers/regress/starttime/check_starttime.c: + Use btime in /proc/stat to determine system start time instead of + /proc/uptime. Fixes the process start time test when run from a + container where /proc/uptime is the uptime of the container but the + process start time is relative to the host system boot time. Bug + #829 + [65ba61e55011] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Add option to prune non-matching entries from cvtsudoers output with + -m option is used. + [9a69ba35389d] + +2018-04-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: + Allow defaults types and suppression list to be specified in the + config file. + [62dd7a96ac9b] + + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/parse.h, plugins/sudoers/visudo.c: + Refactor common alias code out of cvtsudoers and visudo and into + alias.c. + [b3ba3e6f24d2] + +2018-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/cvtsudoers.c: + Avoid NULL deref in an error path. CID 183467 + [38ea56670f18] + + * plugins/sudoers/cvtsudoers.c: + No need to initialize the last pointer passed to strtok_r(). This + was originally added to appease newer gcc but no longer seems to be + required. CID 183466, CID 183468, CID 183469 + [b0a9b90603e1] + + * plugins/sudoers/cvtsudoers_json.c: + Avoid false positive NULL dereference by uses value.u.string instead + of name as the former is guaranteed not to be NULL. Fixes CID + 183465. + [c896d10f5626] + +2018-03-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + regen + [8a88e162fd0b] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Add a section on convertion from file-based sudoers. + [033c797b229d] + +2018-03-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c: + Add support for "cvtsudoers -d all" + [62e748b70105] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h: + Add -d option to control what type of Defaults entries are + converted. + [b723f0dae5c7] + +2018-03-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + In pty_close() we still need to check whether the pty master and + slave fds are open before closing them. When no tty is present but + we are I/O logging pty_close() will be called when there is no + actual pty in use. + [59201fb78427] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/sudo.conf.cat, + doc/sudoers_timestamp.cat, doc/visudo.cat: + regen + [186f3b58daf5] + +2018-03-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgignore: + ignore *.ldif2sudo regress output + [8d57e8a0013f] + + * src/exec_pty.c: + In pty_close() there is no need to remove events associated with the + pty slave as there are none. We also don't need to check for the pty + fds being -1 since they are not closed elsewhere and pty_close() is + only called if pty_setup() succeeds. + [585a47fb5a8b] + +2018-03-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/Makefile.in, doc/cvtsudoers.mdoc.in: + Move cvtsudoers to section 1. + [69adcb2d24ff] + + * src/exec_pty.c: + In pty_close() close the slave and remove any events associated with + it. Fixes a potential hang when performing the final flush on non- + BSD systems. + [40159d852c2d] + +2018-03-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap_util.c: + Fix typo in strcmp(), we are comparing var not val. + [07ccd7bae4f6] + + * MANIFEST: + sync + [7960511e39dd] + + * NEWS: + sync + [c655e7111ce9] + +2018-03-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot: + regen + [ff7b545844fb] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.h: + Add -M option to cvtsudoers to force the use of the local passwd and + group databases when matching. + [ea58e2765a40] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c: + Add cvtsudoers command line option to suppress certain parts of the + security policy. Can be used to suppress displaying of Defaults + entries, aliases or privileges. + [b243efa695e6] + +2018-03-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/parser/check_gentime.c: + Silence a false positive from the clang static analyzer. + [bfde0594783e] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Silence a false positive from the clang static analyzer. + [5257e321158d] + + * plugins/sudoers/cvtsudoers.c: + Fix memory leak on error path. + [1a13732abfd5] + + * plugins/sudoers/po/sudoers.pot: + regen + [c139b8bed3c1] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_ldif.c: + Move cvtsudoers string functions into cvtsudoers.c + [4b5b799e7abc] + + * plugins/sudoers/Makefile.in: + regen + [6ecb37e35c9f] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/parse.h: + Initial support filtering by user, group and host in cvtsudoers. + Currently forces alias expansion when a filter is applied and the + entire matching user or host list is printed, even the non-matching + entries. This effectively allows you to grep sudoers by user, group + and host. + [0adbf8d38eb4] + + * plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Add free_default() to free a struct defaults pointer so we have a + single place where we free the defaults. A pointer to the previous + Default's binding may be passed in to avoid freeing an already free + binding. + [9d9ef007ee88] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Decrease bullet width to 1n. + [e6f3776fd72e] + +2018-03-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/sudo.c: + Add aix_setauthdb() before the initial getpwuid() call. + [b8a011be9af7] + +2018-03-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + fix compilation on Solaris + [e31019b5f545] + +2018-03-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Make "sudoreplay -m 0" skip the pauses entirely. + [d9a7fc9f5720] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Document that a negative value for -m will elmininate the pauses. + [a025e96abb47] + +2018-03-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/testsudoers.c: + Update copyright date, remove unneeded include and add a few + comments. + [ac1bccd631e5] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test10.out.ok, + plugins/sudoers/regress/sudoers/test11.out.ok, + plugins/sudoers/regress/sudoers/test12.out.ok, + plugins/sudoers/regress/sudoers/test13.out.ok, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test15.out.ok, + plugins/sudoers/regress/sudoers/test16.out.ok, + plugins/sudoers/regress/sudoers/test17.out.ok, + plugins/sudoers/regress/sudoers/test18.out.ok, + plugins/sudoers/regress/sudoers/test19.out.ok, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test20.out.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test22.out.ok, + plugins/sudoers/regress/sudoers/test3.out.ok, + plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/regress/sudoers/test9.out.ok, + plugins/sudoers/testsudoers.c: + Use fmtsudoers functions in testsudoers. + [be27df4a5291] + + * MANIFEST, plugins/sudoers/regress/sudoers/test22.in, + plugins/sudoers/regress/sudoers/test22.json.ok, + plugins/sudoers/regress/sudoers/test22.ldif.ok, + plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test22.out.ok, + plugins/sudoers/regress/sudoers/test22.sudo.ok, + plugins/sudoers/regress/sudoers/test22.toke.ok: + Add test for empty runas user list. + [5598cf4c3329] + + * plugins/sudoers/testsudoers.c: + Don't print an empty user list as ALL. + [806ee09f854d] + + * plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h: + In sudoers_format_userspecs make the separator optional and silence + a printf format warning. + [62c576cbec4b] + + * plugins/sudoers/starttime.c: + Use correct defines when checking for sysctl kinfo_proc support. + [6017e45d14b9] + + * plugins/sudoers/cvtsudoers_json.c: + Fix crash when converting sudoers entry with a runas list that is + present but empty. + [ff6b9ef53c6b] + +2018-03-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, plugins/sudoers/starttime.c, + plugins/sudoers/sudoers.c, src/regress/ttyname/check_ttyname.c, + src/tgetpass.c, src/ttyname.c: + Less confusing sysctl checks for kinfo_proc. + [553f6b3f9c3b] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c: + Add case_insensitive_group and case_insensitive_user sudoers + options, which are enabled by default. + [bd74d8b7fe83] + +2018-03-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/fmtsudoers.c: + Kill dead store found by clang-analyzer. + [af2021d3d396] + + * plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok, + plugins/sudoers/sssd.c: + Initial support for adding comments that will be emitted when + sudoers is formatted. Currently adds a comment for the source + sudoRole when converting from ldif -> sudoers. + [bf2e7f48f452] + + * lib/util/lbuf.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h: + Special case comment lines in lbufs. + [10d6d229ffae] + + * plugins/sudoers/cvtsudoers_ldif.c: + Handle escaped commas when skipping over the cn. + [61aed7ff5e1c] + +2018-03-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c, + plugins/sudoers/parse.h: + When formatting as sudoers, flush the lbuf after each userspec. + [060266dd440c] + +2018-03-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok, + plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok: + Add tests for round-tripping sudoers -> ldif -> sudoers + [72e3e73fb612] + + * plugins/sudoers/cvtsudoers_ldif.c: + Add missing sudoOrder support to parse_ldif(). + [8c5e9f22f0da] + + * plugins/sudoers/ldap_util.c: + Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and + expand support for NOMAIL tags. + [2820c8333381] + + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok: + Don't emit an empty sudoRole for global defaults if there are none. + [2a69dccb7071] + + * plugins/sudoers/ldap_util.c: + Avoid changing the order of non-negated hosts and commands. We still + put negated hosts/commands at the end of the list. + [e1aea92dd6dc] + + * plugins/sudoers/cvtsudoers_ldif.c: + Handle parsing boolean options that have no explicit value. + [b5d597faa23d] + + * plugins/sudoers/cvtsudoers_ldif.c: + Refactor the code that actually converts the role to sudoers format + into role_to_sudoers() now that it is more involved than just + calling sudo_ldap_role_to_priv(). + [b876171ff96e] + + * plugins/sudoers/cvtsudoers_ldif.c: + When merging two privileges, use the runas lists of the previous + privilege when possible. Otherwise, the generated sudoers line will + include a runas list for commands that is not necessary. + [337b49451947] + +2018-03-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/match.c: + Use a case-insensitive comparison when matching user and group names + in sudoers with the passwd or group database. This can be necessary + when users and groups are stored in AD or LDAP. + [bfccb8acc3e9] + + * plugins/sudoers/Makefile.in: + Fix clean target for *.sudo regress files + [6f52a4aef93a] + + * .hgignore: + ignore more binaries + [9adf244d0e9e] + + * plugins/sudoers/cvtsudoers.c: + Fix use of uninitialized variable (conf) if sudoers_debug_register() + happens to fail. + [0ef1765f14f4] + +2018-02-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_ldif.c: + Split conversion code out of parse_ldif() and into + ldif_to_sudoers(). + [27c8b7001735] + + * plugins/sudoers/cvtsudoers_ldif.c: + Quiet a clang analyzer warning. + [21102c27dcce] + + * MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap_common.c, + plugins/sudoers/ldap_util.c: + rename ldap_common.c -> ldap_util.c + [3093bdbb8a9b] + + * plugins/sudoers/cvtsudoers_ldif.c: + When converting from ldif to sudoers, sudoRole objects with the same + user if possible. If both user and host are the same, merge into a + single privilege. This makes it possible to convert a sudoers entry + like: + + aaron shanty = NOEXEC: /usr/bin/vi, /usr/bin/more, EXEC: /bin/sh + + to ldif and then back to sudoers as a single line. Currently, the + ldif entries to be merged must have the same or adjacent sudoOrder + attributes. + [74e5cef2e849] + + * plugins/sudoers/cvtsudoers_ldif.c: + plug memory leaks + [a5268668c397] + + * src/parse_args.c: + Restore line to set MODE_PRESERVE_ENV in flags when the -E command + line option is used. The caller doesn't check MODE_PRESERVE_ENV + these days but parse_args uses it to detect usage errors when -E is + used along with a mutually excusive option. Problem found by Yuriy + Vostrikov. + [b511e35d9be4] + +2018-02-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add missing close parenthesis in "Including other files from within + sudoers" section. Bug #824 + [3335cb2ce29f] + +2018-02-25 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap_common.c: + When converting from LDAP to sudoers, put negated hosts and commands + at the end of the list. Since LDAP doesn't guarantee attribute order + we need to make sure negated entries always override non- negated + ones. + [0ebff259c521] + +2018-02-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c: + We may need the hostname to resolve %h escapes in include files. + [3e57710762d3] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: + Setting a sudoOrder start point of 0 will disable creation of + sudoOrder attributes in the resulting LDIF output. + [4107f61b431b] + + * plugins/sudoers/cvtsudoers.c: + Don't need to fill in struct sudo_user since we don't do matching. + [cdc876d298b5] + + * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, pathnames.h.in, plugins/sudoers/Makefile.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c: + Add support for setting default options in a config file. In + addition to expand_aliases, input_format and output_format, both the + initial sudoOrder and the increment when updating sudoOrder for + subsequent sudoRole objects can be specified. Command line options + have also been added for the start order and increment. + [d3121c039ddf] + +2018-02-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + cvtsudoers can now read LDIF + [99b7ed30c754] + + * doc/UPGRADE: + Fix a typo. + [87f635970a5d] + + * plugins/sudoers/fmtsudoers.c: + Deal with user_name not being set in cvtsudoers. + [421bb1dbff57] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_common.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_ldap.h: + Initial support for parsing sudoers LDIF files in cvtsudoers. This + makes it possible to convert from LDAP sudoers to a traditional + sudoers file. Semantic differences between file sudoers and LDAP + sudoers mean that LDIF -> sudoers is not completely equivalent. + [ddf513e2778f] + +2018-02-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test14.ldif.ok: + Fix LDIF conversion of commands with an associated digest. + [590ab0cb58e4] + + * plugins/sudoers/ldap_common.c: + In array_to_member_list() use the correct type for netgroups and + user groups. + [359947d19131] + + * plugins/sudoers/fmtsudoers.c: + Prepend digest to command if present. Fix printing of group IDs and + non-unix groups. + [5f9834b4bcbc] + + * plugins/sudoers/cvtsudoers_json.c: + Fix gcc false positive for uninitialized variable + [d250b862c1ed] + +2018-02-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * pp: + Update Polypkg to the latest version from git. + [204ebffb502f] + + * config.h.in, configure, configure.ac, src/sudo.c: + Use setpassent() and setgroupent() on systems that support it to + keep the passwd and group database open. Sudo does a lot of passwd + and group lookups so it can be beneficial to just leave the file + open. + [3d2d5bca9670] + +2018-02-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c: + Add option to cvtsudoers to expand aliases in the output. + [1af56459fd7d] + + * plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test15.json.ok, + plugins/sudoers/regress/sudoers/test16.json.ok, + plugins/sudoers/regress/sudoers/test17.json.ok, + plugins/sudoers/regress/sudoers/test19.json.ok, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test6.json.ok: + Fix conversion of "ALL" in the JSON output format, which was being + printed as an alias. + [3f7869688820] + + * INSTALL, configure, configure.ac: + Clarify that --with-rundir and --with-vardir take sudo-specific + directory, e.g. /var/run/sudo and not just /var/run. Bug #823 + [e1913085e544] + + * src/exec_pty.c: + In pty_cleanup() we need to call sudo_term_restore() even if no I/O + plugins are present as long as /dev/tty exists. Fixes the use_pty + case with no I/O plugins. + [82fecef72998] + + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in, + plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c: + Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags. + Similar the dispatch function in libevent. + [61e588fd50d0] + + * INSTALL, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4: + Use /run in preference to /var/run if it exists. Bug #822 + [ec2febe6f8a3] + +2018-02-14 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + mention common sudoers formatting changes + [b32825ca3e2f] + +2018-02-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap.h, + plugins/sudoers/sudo_ldap_conf.h: + Move LDAP configuration bits into ldap_conf.c + [1673e3c7855a] + +2018-02-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c: + No longer need to include stddef.h + [a10a13dc73c7] + + * plugins/sudoers/iolog.c: + Remove dead store, found by cppcheck. + [744e99ffc82e] + + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: + simplify iterator + [944fd546ec98] + + * plugins/sudoers/mkdir_parents.c: + Silence a false positive from cppcheck. + [f94421968d8e] + + * plugins/sudoers/tsdump.c: + Cast version to int when printing. Avoids a cppcheck warning. + [3312bec4f1e3] + +2018-02-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: + Use an iterator instead of fragile pointer arithmetic to iterate + over value arrays in sudo_ldap_role_to_priv(). + [61752c5f3427] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Move sudoers formatting code into fmtsudoers. + [ff25291c99f4] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse.c: + Clean up some XXX in parse.c + [19854e7d8ac7] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Rename sudo_file_append_default() -> sudo_lbuf_append_default() and + use it for ldap and sssd too. + [dae22810f2dd] + + * MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/ldap_common.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h: + Move common bits of ldap to sudoers conversion into ldap_common.c + and use it in sssd.c. + [5cca03f64b77] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h: + Convert ldap results into a sudoers userspec so we can use the "sudo + -l" output functions in parse.c. + [1422e10dc274] + +2018-02-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * sudo.pp: + Don't mark sudoers.dist volatile, it only gets used on systems that + don't have the concept of volatile files. + [c47fd17e62e3] + +2018-02-05 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.h: + Refactor member freeing code into free_member(). Refactor userspec + freeing code into free_userspec(). + [ccc95e8b9f69] + + * plugins/sudoers/cvtsudoers.c: + Fix compilation with glibc where stdout is not constant. + [97a0302c29c8] + +2018-02-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap.c: + For "sudo -l", if a word includes spaces, print it in double quotes. + Also escape spaces in the command path. This matches the sudoers + quoting rules. + [04ace6decf3a] + +2018-02-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/ldap.c: + Display sudoNotBefore and sudoNotAfter in "sudo -l" + [ef7de4c8aa9e] + + * plugins/sudoers/parse.c: + For "sudo -l", if a word includes spaces, print it in double quotes. + Also escape spaces in the command path. This matches the sudoers + quoting rules. + [fa12a254657c] + + * plugins/sudoers/cvtsudoers.c: + Add back printing of negation operator ('!') when printing a word + with spaces in it. + [c69706a91817] + + * plugins/sudoers/Makefile.in: + Use visudo to validate "cvtsudoers -f sudoers" output. + [06bae7204926] + + * plugins/sudoers/regress/sudoers/test21.in, + plugins/sudoers/regress/sudoers/test21.json.ok, + plugins/sudoers/regress/sudoers/test21.ldif.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test21.toke.ok: + Remove syslog_goodpri and syslog_badpri without a value that causes + visudo to report an error. + [c1f696e49f49] + + * plugins/sudoers/cvtsudoers.c: + When outputting sudoers, if a word includes spaces, print it in + double quotes. Also escape spaces in the command path. + [d040c1a21277] + +2018-02-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/parse.h, plugins/sudoers/visudo.c: + Add sudoers output format to cvtsudoers. In the future this may be + used with filters to emit a partial sudoers file instead of a full + one. + [533d2c389213] + + * plugins/sudoers/parse.c: + When printing a member name, quote sudoers special characters unless + it is a UID/GID, in which case we print the '#' unquoted. + [e4e8154c4fe9] + + * plugins/sudoers/parse.c, plugins/sudoers/parse.h: + Move SUDOERS_QUOTED define to parse.h + [a813ec4acb5f] + +2018-01-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/timestamp.c: + Remove extraneous break statement and fix some whitespace. + [39df566c33e3] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The max timeout for kernel time stamps is 60 minutes, not 3600 + minutes. + [95be88c4f106] + +2018-01-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/testsudoers.c: + Check the return value of sudoers_debug_register(). Coverity CID + 182574 + [fb5449acdafd] + + * plugins/sudoers/cvtsudoers_ldif.c: + Fix memory leak, su->count is now 0 when it is unused, not 1. + Covertity CID 182573 + [77019ded8f84] + + * plugins/sudoers/cvtsudoers_ldif.c: + Quiet a clang analyzer false positive. + [ef04f7069df4] + + * plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok: + Quote special characters when creating the cn as per RFC2253 + [e49ff28c1fd7] + + * NEWS, configure, configure.ac, doc/UPGRADE: + Sudo 1.8.23 + [e364ed057d1d] + + * doc/LICENSE: + Remove the C-style comment charactes from the getopt_long.c and + inet_pton.c license text as it was inconsistent with the rest of the + file and messed up the html formatting. + [a26679d2d0a7] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers2ldif, + sudo.pp: + Remove sudoers2ldif, it has been replaced by cvtsudoers. + [7563cc3768c2] + +2018-01-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: + Add -b option to specify the base dn. + [7cd4c46c33bf] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in: + Document limitations of LDIF conversion. + [e8c84362f084] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c: + Switch the default output format to LDIF + [a677c7b72a90] + + * plugins/sudoers/visudo.c: + Execute cvtsudoers if the user runs "visudo -x" but also emit a + warning. + [53ec45a847d2] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c, + plugins/sudoers/visudo.c: + Revert 04ec05108b2b, change the default input source back to stdin. + [df8d94f1bab4] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.ldif.ok, + plugins/sudoers/regress/sudoers/test10.ldif.ok, + plugins/sudoers/regress/sudoers/test11.ldif.ok, + plugins/sudoers/regress/sudoers/test12.ldif.ok, + plugins/sudoers/regress/sudoers/test13.ldif.ok, + plugins/sudoers/regress/sudoers/test14.ldif.ok, + plugins/sudoers/regress/sudoers/test15.ldif.ok, + plugins/sudoers/regress/sudoers/test16.ldif.ok, + plugins/sudoers/regress/sudoers/test17.ldif.ok, + plugins/sudoers/regress/sudoers/test18.ldif.ok, + plugins/sudoers/regress/sudoers/test19.ldif.ok, + plugins/sudoers/regress/sudoers/test2.ldif.ok, + plugins/sudoers/regress/sudoers/test20.ldif.ok, + plugins/sudoers/regress/sudoers/test21.ldif.ok, + plugins/sudoers/regress/sudoers/test3.ldif.ok, + plugins/sudoers/regress/sudoers/test4.ldif.ok, + plugins/sudoers/regress/sudoers/test5.ldif.ok, + plugins/sudoers/regress/sudoers/test6.ldif.ok, + plugins/sudoers/regress/sudoers/test7.ldif.ok, + plugins/sudoers/regress/sudoers/test8.ldif.ok, + plugins/sudoers/regress/sudoers/test9.ldif.ok: + Add LDIF conversion to sudoers tests + [997b79da8874] + + * plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/cvtsudoers_ldif.c, + plugins/sudoers/regress/sudoers/test19.json.ok: + Add notbefore and notafter support to the backends. + [be50db300eda] + +2018-01-27 Todd C. Miller <Todd.Miller@sudo.ws> + + * README.LDAP: + cvtsudoers instead of sudoers2ldif + [3909ea2c29c1] + + * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in, + doc/cvtsudoers.mdoc.in, plugins/sudoers/Makefile.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c: + Add ldif backend to cvtsudoers, to replace sudoers2ldif + [f0e039c63488] + + * plugins/sudoers/Makefile.in: + fix make check + [2cbedce72e3a] + +2018-01-26 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c: + Parse sudoers in the front end, not the back end. + [30d4e40ed69a] + + * doc/Makefile.in: + install the cvtsudoers manual + [243d319fed1c] + + * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c, + plugins/sudoers/visudo.c: + Use the built-in sudoers file location as the default sudoers file + for cvtsudoers and move parse_sudoers_options() to stubs.c since it + is shared between visudo.c and cvtsudoers.c. + [04ec05108b2b] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, + plugins/sudoers/stubs.c, plugins/sudoers/visudo.c: + Move common stub functions required by the parser out of visudo.c + and cvtsudoers.c and into stubs.c. + [a324cbde55a3] + + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c: + Rename export_sudoers() to convert_sudoers_json() and move the check + for the same input and output file to the front-end. + [7c83c21ea479] + + * sudo.pp: + add cvtsudoers + [e8ba851cafb4] + + * MANIFEST, doc/Makefile.in, doc/cvtsudoers.cat, + doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/Makefile.in, + plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: + Move sudoers JSON conversion to cvtsudoers which will eventually + output to other formats too. + [e64a50657a88] + + * plugins/sudoers/defaults.c: + Convert from time in minutes to timespec directly instead of + converting to double via strtod(). This makes it easier to catch + overflow. + [0d6ab7c21a15] + +2018-01-24 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + document that kernel tty timestamps don't support negative timeouts + [4ff726cf2010] + +2018-01-23 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/timestamp.c: + Fall back to ppid time stamps if timestamp_type == kernel and no tty + is present. This is consistent with timestamp_type == tty. + [26c527166a0c] + + * plugins/sudoers/timestamp.c: + Do not call the TIOCSETVERAUTH ioctl with a negative number of + seconds. Also cap the max number of seconds at 3600 to avoid getting + EINVAL from TIOCSETVERAUTH. + [371744874743] + +2018-01-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c: + Better conversion from double to nanoseconds. + [2f54790801c8] + + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults, + plugins/sudoers/timestamp.c: + Store passwd_timeout and timestamp_timeout as a struct timespec + instead of as a float. Remove timeout argument to auth_getpass() as + it was never used. + [c4a3c60d0284] + +2018-01-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/mkdefaults: + Don't rely on perl being installed in /usr/local/bin + [e3274f56df43] + +2018-01-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * config.h.in, configure, configure.ac, lib/util/gettime.c, + lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/utimens.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/net_ifs.c, src/sesh.c, src/sudo.c, + src/sudo_edit.c, src/utmp.c: + Remove use of AC_HEADER_TIME, only obsolete platforms actually need + this. Also stop removing sys/time.h unless the source file uses + struct timeval. + [a744b8a07685] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Remove duplicate options %type + [3ea3c3d477bf] + +2018-01-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + Add an approval function to the sudo auth API which is run after the + user's password has been verified. The approval function is run even + if no password is required. This is currently only used for PAM (use + pam_acct_mgmt) and BSD auth (auth_approval). + [cab448ac8633] + +2018-01-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/tsdump.c: + treat uid as unsigned in error message + [2672d4ca3479] + + * MANIFEST, plugins/sudoers/po/fur.mo: + Add missing plugins/sudoers/po/fur.mo file to repo. + [cfa503d7fcd4] + + * NEWS: + Mention new sudoers_timestamp manual. + [f96ad00c4ba4] + +2018-01-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * .hgignore: + ignore tsdump + [39306d37c846] + + * plugins/sudoers/tsdump.c: + Convert from mono time to real time before displaying time stamps. + [12f9e1f5e8e5] + +2018-01-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/solaris_audit.c: + Use PATH_MAX, not MAXPATHLEN. + [d3c7466aad1d] + + * MANIFEST, config.h.in, configure, configure.ac, include/sudo_util.h, + lib/util/Makefile.in, lib/util/ttyname_dev.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/check.h, + plugins/sudoers/tsdump.c, src/ttyname.c: + Add tsdump, a simple utility to dump a timestamp file. To build, run + "make tsdump" in the plugins/sudoers directory (it is not built by + default). In order to map the tty device number to a name, + sudo_ttyname_dev() has been moved into libsudo_util. + [b79ae30fe6a4] + +2018-01-04 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/uk.mo, + po/uk.po: + sync with translationproject.org + [71140a551c60] + + * doc/LICENSE: + Welcome to 2018 + [3ddea360d414] + +2017-12-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fur.po, plugins/sudoers/po/nb.mo, + plugins/sudoers/po/nb.po, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po: + sync with translationproject.org + [fbd54c7f59f1] + +2017-12-22 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/logging.c: + Silence a clang analyzer false positive. + [bfcdfe2c1376] + + * doc/Makefile.in: + Remove extra $(srcdir)/sudoreplay.man.in target added by mistake. + [7e83806cc17e] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ja.mo, + po/ja.po: + sync with translationproject.org + [27cf5abeeb1a] + + * plugins/sudoers/timestamp.c: + Use a tty lock even for kernel time stamps so we can avoid + simultaneous password prompts. + [90a55098176b] + + * NEWS: + visudo changes + [06c99aab6f7a] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/editor.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Also honor SUDO_EDITOR in visudo. Previously is was only used by + sudoedit. + [9bccc7171a53] + +2017-12-21 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoers.c: + Stop looking for an editor as soon as we find one. A similar fix was + made to visudo some time ago. + [c6c5d968612a] + + * doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in, + doc/sudoers_timestamp.mdoc.in: + The session ID was added in 1.8.6p7 to prevent a user in another + session from re-using the time stamp file. Other minor cleanups. + [f733f7ea97a7] + + * plugins/sudoers/check.h: + "time stamp" not "timestamp" + [af0f2d8b6d52] + +2017-12-20 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/timestamp.c: + Add "kernel" as a possible value of timestamp_type. Currently only + supported on OpenBSD. + [ca1a2a03e37d] + + * MANIFEST, doc/Makefile.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat, + doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in, + plugins/sudoers/check.h: + Document the sudoers time stamp file format. + [d3470da8fde9] + +2017-12-19 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/starttime/check_starttime.c: + Verify start time of the current process, allowing for some clock + drift. For Linux, process start time is relative to boot time, not + wallclock time. + [4928645eaa1c] + +2017-12-18 Todd C. Miller <Todd.Miller@sudo.ws> + + * NEWS: + sync + [aeffb7f82e10] + + * plugins/sudoers/po/sudoers.pot: + regen + [8be51858eec1] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/starttime/check_starttime.c: + Trivial test for process start time. We don't try to check the + resulting timespec as it differs by platform. On most it is + wallclock time, on others it is relative to boot time (Linux). + [e74cf3bd4c87] + + * lib/util/Makefile.in: + regen + [6de26735d666] + +2017-12-17 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/starttime.c: + Support start time on macOS and 4.4BSD + [81f2eebc7edb] + +2017-12-16 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/regress/env_match/check_env_pattern.c: + Include sys/types.h for mode_t used in sudoers.h. + [bdff1606f111] + + * plugins/sudoers/starttime.c: + Fix compilation error on FreeBSD + [2c4962a7812c] + + * plugins/sudoers/starttime.c: + Fix debug_decl(), it should be SUDOERS_DEBUG_UTIL Add debugging for + the successful case For Linux, don't NUL out *ep before parsing with + strtoull(). + * * * Add missing debug info for the System V /proc version. + [2394c6d9375d] + + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/check.h, + plugins/sudoers/starttime.c, plugins/sudoers/timestamp.c: + In the timestamp record, include the start time of the terminal + session leader for tty-based timestamps or the start time of the + parent process for ppid-based timestamps. Idea from Duncan + Overbruck. + [f0964b4cf4ac] + +2017-12-15 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/timestamp.c: + If the lock record doesn't match the expected record size we need to + seek to the end of the record as we otherwise may have gone too far + (or not far enough). Fixes interop problems when the time stamp + record changes size. + [e8e4c3815db5] + +2017-12-12 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + No need for a loop around the recv() now that we don't have to worry + about EINTR. CID 180697 + [7cb966d69bc6] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Try to be clearer about sudo's exit value when the -l option is + used. + [efbddaa576a7] + + * NEWS: + sync + [99fc4b347250] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c: + An empty RunAsUser means run as the invoking user, similar to how + the sudoers files works. + [576172386594] + + * doc/sudoers.cat, doc/sudoers.man.in: + regen + [9b6d0064f410] + +2017-12-11 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/logging.c: + Add authfail_message sudoers option to allow the user to override + the default message of %d incorrect password attempt(s). + [f11e9d64a6da] + + * plugins/sudoers/policy.c, src/parse_args.c: + Allow the plugin to determine whether or not an empty timeout is + allowed. For sudoers, an error will be returned for an empty + timeout. + [26511c049fb1] + + * plugins/sudoers/timeout.c: + Return an error for an empty timeout string. Just use strtol() for + syntax checking instead of scanning with strspn(). + [1fa1b712fbcc] + + * src/parse_args.c, src/sudo_edit.c: + Change some _() into U_() since they are used for warn/fatal. We + always want to issue warnings in the user's locale. + [684331aee66e] + + * Makefile.in: + update my email address + [b4ec26be6203] + +2017-12-10 Todd C. Miller <Todd.Miller@sudo.ws> + + * log2cl.pl: + Don't print mercurial branch info for merges. + [489881774e52] + + * log2cl.pl: + Use log size instead of using a separator between the log entry and + the file names. + [620c231f789b] + + * src/parse_args.c: + Print usage and return an error when an empty argument is given for + all command line arguments other than -p and -E. Bug #817 + [143be1bc8316] + + * plugins/sudoers/policy.c: + Better input validation of settings passed by the sudo front-end. + Instead of ignoring an empty setting, throw an error. + [93cc4f4761f3] + + * log2cl.pl: + Treat a blank line in a commit message as a line break. There + doesn't appear to be a way to make perl's format use a blank field + but at least the line break happens now. + [fbc3ff819341] + +2017-12-09 Todd C. Miller <Todd.Miller@sudo.ws> + + * MANIFEST, Makefile.in, log2cl.pl: + Add script to generate ChangeLog from git log output. + [e8bfbd1ae6ef] + +2017-12-08 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/defaults.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h: + Don't include syslog.h from logging.h, just include it in the two .c + files it is actually needed. + [9ffc5ca9eb49] + +2017-12-06 Todd C. Miller <Todd.Miller@sudo.ws> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Document that in check mode, visudo does not check the owner/mode on + files specified with the -f flag. + [f5d86019e4c7] + +2017-12-03 Todd C. Miller <Todd.Miller@sudo.ws> + + * Makefile.in, configure.ac, doc/HISTORY, doc/LICENSE, + doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.man.in, + doc/sudoreplay.mdoc.in, doc/visudo.man.in, doc/visudo.mdoc.in, + examples/Makefile.in, include/Makefile.in, + include/compat/charclass.h, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/nss_dbdefs.h, + include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h, + include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h, + include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h, + include/sudo_plugin.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/closefrom.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c, + lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, + lib/util/glob.c, lib/util/isblank.c, lib/util/key_val.c, + lib/util/lbuf.c, lib/util/locking.c, lib/util/memrchr.c, + lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/parseln.c, + lib/util/pipe2.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, + lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, + lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c, + lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c, + lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c, + lib/zlib/Makefile.in, m4/sudo.m4, mkdep.pl, mkpkg, pathnames.h.in, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/sample/Makefile.in, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/digestname.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c, + plugins/sudoers/filedigest_gcrypt.c, + plugins/sudoers/filedigest_openssl.c, plugins/sudoers/find_path.c, + plugins/sudoers/gc.c, plugins/sudoers/gentime.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/ins_2001.h, + plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, + plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/po/sudoers.pot, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, + plugins/sudoers/sudoers_version.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, po/sudo.pot, src/Makefile.in, + src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, + src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c, + src/parse_args.c, src/preload.c, src/preserve_fds.c, + src/regress/noexec/check_noexec.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c, sudo.pp: + update my email to Todd.Miller@sudo.ws + [96110003e904] + +2017-12-02 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sudoreplay.c: + Add missing carriage return before prompt when replay is done. + [cf4b8bfcb3dd] + + * src/exec_pty.c: + Track window size changes that happen while sudo is suspended + [cae06f75bde9] + +2017-12-01 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [26ae754b8416] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + regen for sudo 1.8.22 + [596d82da0158] + + * NEWS, configure, configure.ac: + Sudo 1.8.22 + [6b32c2f5d020] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Background processes started by the command will no longer receive + SIGHUP. + [47bcc3ae4362] + + * src/exec_monitor.c: + When the command completes, make the monitor the foreground process + group before informing the main sudo process of the command's exit + status. This will prevent processes started by the command (which + runs in a different process group) from receiving SIGHUP since the + kernel sends SIGHUP to the foreground process group associated with + the terminal session. The monitor has a SIGHUP handler installed so + the signal is effectively ignored. + [9e163efe4afb] + + * src/sudo.c: + Add debug printfs around group list retrieval. + [5f307b00153b] + +2017-11-30 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_pty.c: + Move call to sudo_ev_loopcontinue() into schedule_signal() itself. + We always want to prioritize signal forwarding. + [4b25dc24038b] + + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying + to handle EINTR. We now use SA_RESTART with signals so this is not + needed and is potentially dangerous if it is possible to receive + SIGTTIN or SIGTTOU (which it currently is not). + [ba6885b57891] + +2017-11-29 Todd C. Miller <Todd.Miller@sudo.ws> + + * src/exec_monitor.c, src/signal.c: + Sprinkle some extra debugging printfs + [bf33574bc603] + + * src/exec_pty.c: + We don't need to be the foreground process to be able to write to + the terminal in most cases. If the background process tries to + modify the terminal flags it will receive SIGTTOU which is relayed + to the sudo front-end. This currently mishandles terminals with the + TOSTOP local flag set. + [3fc25570d482] + + * src/exec_pty.c: + Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the + tty. We can't use a signal event for these since that would restart + the system call after the signal was handled and the callback would + not get a chance to run. Fixes running a command in the background + that write to the tty when the TOSTOP terminal flag is set. + [5ac68f05249a] + +2017-11-28 Todd C. Miller <Todd.Miller@sudo.ws> + + * plugins/sudoers/sssd.c: + Avoid a double free when ipa_hostname is set in sssd.conf and it is + an unqualified host name. From Daniel Kopecek. + + Also move the "unable to allocate memory" warning into + get_ipa_hostname() itself to make it easier to see where the + allocation failed in the debug log. + [14dacdea3319] + + * plugins/sudoers/ldap.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + When running a command as the invoking user we cannot use the gid + list from the front-end since it may not correspond to the user's + aux group vector as defined by the group database. + [b456101fe509] + + * lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/parser/check_hexchar.c: + Add missing initprogname() calls. + [ad4f8d236d89] + +2017-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Better describe things when a command is run in a pty. + [0f34fc342ab5] + +2017-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Plug some memory leaks on error, some found by the clang static + analyzer. + [62844cc145b6] + +2017-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c: + Avoid calling cmnd_matches() in list/verify mode if we already have + a match. + [5bddfc911065] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c: + In list (-l) or verify (-v) mode, if we have a match but + authentication is required, clear FLAG_NOPASSWD so that when + listpw/verifypw is set to "all" and there are multiple sudoers + sources a password will be required unless none of the entries in + all sources require authentication. From Radovan Sroka of RedHat + [edac7222600a] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When checking the results for "sudo -l" and "sudo -v", keep checking + even after we get a match since the value of doauth may depend on + evaluating all the results. From Radovan Sroka of RedHat. + [ae0704445bd4] + +2017-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + If passwd_tries is less than 1, check_user() will always return + false (since the user didn't authenticate). The normal reason for + this is an authentication error but in this case no authentication + was tries so no warning message has been displayed to the user. If + the user wasn't given a chance to authenticate, set inform_user to + true when calling log_denial() from sudoers_policy_main(). + + An alternate approach would be for check_user() to return true in + this case but seems more confusing. + [c8be95b46e9d] + +2017-10-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Document bash shell alias issue with "sudo -i". + [8affa5376277] + +2017-10-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/policy.c: + Return an error if the sudo front end doesn't set the user name, + user ID, group ID or host name. Bug #807 + [03e281d93fff] + + * lib/util/gethostname.c: + Treat an empty hostname as a failure and return NULL. + [fafb3a3083cb] + +2017-10-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers2ldif: + Add support for #include and #includedir from Natale Vinto. + [926deea0d506] + +2017-10-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Minor corrections from Tae Wong + [dbc5ee98ffa6] + +2017-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Add a warning that for "sudo -i command" and "sudo -s command" the + shell is not run in interactive mode which may change its behavior. + [76c19db05a1e] + +2017-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_compat.h, src/exec_pty.c: + Fix stair-stepped output when the output of a sudo command is piped + to another command and use_pty is set. + [e91e3f12d2d4] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + env_keep and env_check are also taken into account with "sudo -i". + Bug #806 + [5f5568c6fdd9] + +2017-09-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, config.h.in, configure, configure.ac, + plugins/sudoers/ins_classic.h: + Make PC insults the default and add new configure option, enable- + offensive-insults, to enable the offensive insults. + [eb264d342601] + +2017-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Add missing translators from recent updates and one name change. + [20828c25ad92] + +2017-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/fur.po, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/sv.mo, + plugins/sudoers/po/sv.po, po/hr.mo, po/hr.po, po/sv.mo, po/sv.po: + sync with translationproject.org + * * * sync with translationproject.org + [24bb066fa19f] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + More accurately describe the use_pty option now that its behavior + has changed with respect to interposition with a pipe. Also describe + some caveats with log_input. + [a87056499931] + + * doc/UPGRADE: + Document changes in use_pty behavior when no terminal is present. + [a4b978693178] + + * src/exec_pty.c: + Set ec->cmnd_pid to the correct value when receiving the command's + process ID from the monitor. + [a624309ba848] + + * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + If /dev/tty is not available and no I/O logging plugins are + configured, fall back on exec_nopty() even if the policy plugin + requested a pty. We never allocate a pty when sudo is not run from a + terminal anyway. + [c9b9c6c4e0ad] + + * src/exec_pty.c: + Do not set utmp_user if we did not actually allocate a pty. + [aa8e0fdea32b] + +2017-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + sudo 1.8.21p2 + [94d18888e7c4] + + * src/exec.c: + sudo_terminated() should not return true when SIGCHLD is pending. + Bug #801 + [57f636b6489f] + + * src/tgetpass.c: + Set SIGCHLD handler to SIG_DFL before forking the askpass command + and restore after. Otherwise, SIGCHLD will end up in the list of + pending signals and sudo_execute() will not execute the command. + [c171eeabdc72] + + * lib/util/event.c: + The read and write sides of signal_pipe[] were swapped, resulting in + EBADF reading from and writing to the signal pipe on Linux and + probably others. On systems with bidirectional pipes this was not an + issue. + [7668f93e6544] + +2017-09-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Fix a logic error in 96651906de42 which prevented sudo from using + the PAM-supplied prompt. Bug #799 + [6ee5cc13af69] + +2017-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + Sudo 1.8.21p1 + [7e6bf56cb06c] + + * mkpkg: + The Fedora sudo package uses /etc/ldap.conf not /etc/sudo-ldap.conf. + [7b4e6f50e138] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + The fix for matching when no sudoRunAsUser is present in a sudoRole + was incomplete. If no -g option was specified on the command line + but sudoRunAsGroup is present in a sudoRole, we need to treat the + group match as failed instead of missing. + [3aaeeebd924c] + + * plugins/sudoers/check.c, plugins/sudoers/defaults.c: + Sprinkle a few more debugging printfs. + [f7a40f9985cf] + + * plugins/sudoers/sudoreplay.c: + Fix replaying sessions that contain input logs. When the inter- + record timeout expires we need to read the next record if there is + nothing to output. + [443b329ddc60] + + * doc/visudo.cat: + regen + [7ace4ac32116] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Fix typo (Auguest vs. August). From David Pocock. + [98a792ff1c90] + +2017-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudo_nss.c: + Go back to returning true from display_privs() on non-error. This + results in "sudo -U otheruser -l" exiting with a status of 0 even + when otheruser is not allowed to run commands. This is appropriate + since the "sudo -l" command was successful. This does not change the + exit value when otheruser runs "sudo -l" themselves, the exit status + will be 1 since that user is not allowed to run commands. Requested + by Radovan Sroka. + [055b78015fcb] + + * plugins/sudoers/ldap.c: + Fix the pass2 ldap query string when no search filter is defined. + Due to the addition of "(sudoUser=*)" to the query we always need + the AND operator, even if no search filter is present. + [631243487d27] + +2017-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_nopty.c: + Don't forward SIGINFO to the child when it is send by the kernel + (not another user process). This is consistent with the handling of + other keyboard-generated signals such as SIGINT, SIGQUIT and + SIGTSTP. Bug #796 + [29603b0a4315] + +2017-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Fix path to LICENSE and NEWS files that get used in the installer. + Previously, the installed versions were used instead of the ones in + the destdir. + [689a5806f2de] + +2017-08-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/fi.mo, + po/fi.po: + sync with translationproject.org + [32a0f3bbba31] + +2017-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * po/es.mo, po/es.po: + sync with translationproject.org + [bfa5659d66f2] + +2017-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, + po/it.po: + sync with translationproject.org + [05cd6ff68a4b] + +2017-08-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Preserving environment variables on the command line was bug #279 + [46f2c7931a84] + +2017-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, NEWS, doc/CONTRIBUTORS, po/fur.mo, po/fur.po: + Add Friulian translation for sudo from Fabio Tomat via + translationproject.org + [77fdb76e83c8] + +2017-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/ko.mo, po/ko.po, po/nb.mo, + po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, + po/sr.po, po/sv.mo, po/sv.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [0f18e2f30ff5] + +2017-08-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + In the Runas example that uses "boulder" make it clear that + "boulder" is a host name. + [6bca59aa5579] + +2017-08-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [9bb78048656f] + + * NEWS, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + src/parse_args.c: + Allow the user to specify a list of environment variables to + preserve. This adds an option paramter to the --preserve-env option, + a comma-separated list of variable names. + [a6bc511a2e81] + +2017-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, NEWS, config.h.in, configure, configure.ac, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Replace tty_tickets option with timestamp_type which can be global, + ppid or tty. Defaults to tty (no change in behavior). Some users + want the ppid behavior. + [426161a2e06f] + + * lib/util/Makefile.in, plugins/sudoers/Makefile.in: + regen + [b396e70a4a8b] + + * plugins/sudoers/sudoers.c: + Don't send email about an unresolvable host name if fqdn is enabled + and the user specified the run host via the -h flag. + [59d7a8743943] + +2017-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + fix playback of stdout/stderr without embedded carriage returns + [f1a5b47be2db] + +2017-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Avoid unused variable warning when sasl is not used. + [3010fd3c5a7f] + + * INSTALL, configure, configure.ac: + Add support for --enable-sasl and --disable-sasl to make it possible + to enable/disable support for LDAP with SASL authentication. Sudo + compiles in support for SASL authentiation by default if the + ldap_sasl_interactive_bind_s() function is detected. Bug #788 + [cf94d407d576] + + * NEWS: + List the correct pattern ("*=()*") in the env_delete description. + Use pseudo-tty instead of pseudo terminal for consistency. + [f2df0baea2f0] + +2017-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/closefrom.c: + Include pathnames.h for /dev/fd on FreeBSD and Mac OS X. + [b190dc607277] + + * NEWS: + update for 1.8.21 + [a3a38f6cba66] + + * src/exec_pty.c: + No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free() + will delete the event from its base before freeing it. + [ebf3dedcba5c] + + * src/exec_pty.c: + Terminate the command if an I/O log function returns 0 or -1. This + was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the + removal of the ignore_iolog_errors variable. + [e1dd18d95815] + + * plugins/sudoers/sudoreplay.c: + Quiet a coverity false positive. + [b7a9c9e35fd0] + + * plugins/sudoers/sudoreplay.c: + Change to a single event loop in sudoreplay and use signal events. + [7320de46cf48] + +2017-07-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + start new sentences on a new line + [ae35ab253de5] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Clarify how the variable prompt options interact with each other and + PAM. + [342b936c4aaa] + + * plugins/sudoers/sudoers.c: + Don't set passprompt_override when SUDO_PROMPT is present. This + effectively reverts ed77d255f383. + + We treat the SUDO_PROMPT environment variable similar to passprompt + in sudoers: it will only override a PAM prompt if the PAM prompt is + either "Password:" or "username's Password:". + [6dad2bd126d1] + +2017-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/logging.c: + Add syslog_pid sudoers option to log sudo's process ID when logging + via syslog. This is disabled by default to match historic behavior. + [f4dc29b0052c] + + * plugins/sudoers/auth/pam.c: + When deciding which prompt to use (PAM's or sudo's) treat the PAM + prompt "username's Password:" as equivalent to "Password:". Some PAM + modules (on AIX at least) use this prompt. + [96651906de42] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Add missing argument to a few of the defaults strings in the "sudo + -V" output. + [44546c4b87c3] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/visudo.c: + When examining environment variables or variables passed in from the + front-end, ignore variables with no value specified. + [8537a7fc6190] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document that "-p prompt" overrides SUDO_PROMPT. + [d2e6b518d00d] + + * plugins/sudoers/sudoers.c: + Enable passprompt_override by default if SUDO_PROMPT is present in + the environment. This is consistent with how "sudo -p prompt" is + handled. + [ed77d255f383] + +2017-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + When reading a single character via a switch() use "default: instead + of "case 1:" to quiet a coverity warning. + [ddcfc40159e4] + + * plugins/sudoers/sudoreplay.c: + Initialize ch in getsize_cb() in case we are called with the wrong + initial state. + [a31431c59e14] + + * plugins/sudoers/sudoreplay.c: + remove unused variable + [488054411049] + + * plugins/sudoers/visudo.c: + Call install_sudoers() even when doedit is false. If a file in a + #includedir has a syntax error it will still have been edited and we + need to install the edited temp file. + [ab833e2d1791] + + * plugins/sudoers/visudo.c: + Reparse sudoers if a new #include file was added. Otherwise the new + file will not get its syntax checked. Bug #791 + [e584dc8bf306] + +2017-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + don't restore the cursor when setting terminal size, we don't want + the cursor to move + [9cbcb3372bcd] + + * plugins/sudoers/sudoreplay.c: + Read the xterm terminal size using an event so we can easily time + out if needed. + [634524476741] + + * lib/util/event.c, src/exec_nopty.c, src/exec_pty.c: + If we free the default base in sudo_ev_base_free(), reset the + default base to NULL. + [2a8f7938618b] + +2017-07-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in, + src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + Add the ability to set a default event base, to be used by plugins + which don't have access to the event base. + [dc159ea98b25] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Allow sudoreplay to adjust the window size on xterm-like terminals. + [3358b1a9f01c] + +2017-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/term.c: + Clear input, output, control and local flags before copying them + from the source terminal. Otherwise, flags that are disabled in the + source terminal may still be enabled in the destination. + [ead41242b820] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c: + Pass window size change events to the plugin. + [529b5c9d16a4] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Log window size change events in the sudoers I/O plugin. Let + sudoreplay parse a timing file with window change events (currently + ignored). + [a67f4627dfa7] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Remove pointless subshells in targets that simply change the + directory and execute a command. The command is already run in a + shell so there is no need to execute a subshell in this case. + [e57639cb2f97] + +2017-07-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + Store the debug instance ID for I/O plugins too. Now iolog_open() is + consistent with policy_open(). + [519abb3c09d0] + +2017-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, lib/util/mktemp.c: + Use getentropy() in mkstemp/mkdtemp replacement. + [8d8e45266858] + + * configure, configure.ac, lib/util/closefrom.c, lib/util/mktemp.c, + pathnames.h.in, src/exec_pty.c, src/get_pty.c, src/ttyname.c: + Use _PATH_DEV consistently + [ca10a91539e0] + +2017-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/term.c: + When copying terminal settings from one tty to another only copy a + subset of the flags. Sudo now copies the same set of flags that + OpenSSH uses, which should be safe. + [2f12bc7a87d1] + + * src/exec_monitor.c, src/exec_nopty.c: + Add debug warning when we have wait status but don't overwrite the + existing cstat. + [5ae8f8e75104] + + * src/exec_monitor.c: + Better handling of SIGCONT from in command in the monitor. It is + useful to know when the command continued but we don't want to + inform the parent or store the wait status in this case. Fixes a + hang after multiple suspends on Linux. + [9cdbbb7ff3dd] + +2017-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.h: + avoid padding in struct cmndspec + [2529551a9c2d] + +2017-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Fix the man section of sudo_plugin in cross-references. + [f964de570403] + +2017-06-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Don't treat an unchanged file as an error. From Xin Li. + [503e04f7856e] + + * src/sudo_edit.c: + sudo_edit() must return a wait status but if there is an error, or + even if no changes were made to the file, it was returning 1 instead + which would be interpreted as the command having received SIGHUP. + Use the W_EXITCODE() to construct a proper wait status in the error + case too. + [62515bd6c64c] + +2017-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Avoid sign extension when assigning the value of tty_nr in + /proc/self/stat on Linux. It is an unsigned int value that is + printed as a signed int but dev_t is unsigned long long. We need to + cast to unsigned int before assigning to a dev_t. + [c198d1317560] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/env.c: + Instead of hard-coding a check for bash functions in + env_should_delete(), use a "*=()* " pattern in + initial_badenv_table[] to match them instead. This allows the user + to remove the check via env_delete. + [90c4dfd1d3a3] + +2017-06-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL.configure, configure.ac, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, mkpkg, sudo.pp: + Mac OS X -> macOS + [08f793d1f496] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + devsearch is ignored on BSD, macOS and Solaris + [b041a1d64eda] + +2017-06-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/event.c: + Move the bits to fill in the new event base to sudo_ev_base_init(), + which is not currently exported. + [9be46693bed1] + +2017-05-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + A command name may also contain newline characters so read + /proc/self/stat until EOF. It is not legal for /proc/self/stat to + contain embedded NUL bytes so treat the file as corrupt if we see + any. With help from Qualys. + + This is not exploitable due to the /dev traversal changes in sudo + 1.8.20p1 (thanks Solar!). + [9ad60fe663e5] + + * NEWS: + Sudo 1.8.20p2 + [39f199a38383] + +2017-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/selinux.c: + After opening a tty device, fstat() and error out if it is not a + character device. + [e03cfa98f2b6] + + * INSTALL, configure, configure.ac, doc/sudo.conf.cat, + doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h, + lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in, + src/ttyname.c: + Add a new "devsearch" Path setting to sudo.conf for configuring the + /dev paths to traverse instead of hard-coding a list in ttyname.c + The default value can be set at configure time. + [7ab1be502dc3] + + * src/ttyname.c: + Use /proc/self consistently on Linux. As far as I know, only AIX + doesn't support /proc/self. + [ef737b5d4ed8] + +2017-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure: + Sudo 1.8.20p1 + [c34da84ae8e4] + + * src/ttyname.c: + Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when + the process name contains spaces. Since the user has control over + the command name this could be used by a user with sudo access to + overwrite an arbitrary file. Thanks to Qualys for investigating and + reporting this bug. + + Also stop performing a breadth-first traversal of /dev when looking + for the device. Only the directories specified in search_devs[] are + checked. + [b5460cbbb11b] + +2017-05-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/event_select.c: + Fix potential memory leak on reallocarray() error. Coverity CID + 169639 + [c303e6eecc78] + + * plugins/sudoers/bsm_audit.c: + Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler + warnings on macOS. + [18f4699e417c] + + * mkpkg: + Use clang on macOS if present + [a963454d1b9e] + + * sudo.pp: + fix paths to LICENSE and NEWS files for macOS packages + [47103614311b] + +2017-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + To avoid overwriting existing command status, check for CMD_INVALID + instead of CMD_ERRNO or CMD_WSTATUS. + [5fec1fa81482] + + * plugins/sudoers/regress/env_match/data: + Add some patterns that could result in exponential run time for + poorly written '*' matching. + [98f4d085c919] + +2017-05-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/ttysize.c, src/exec_pty.c: + On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize + visisble, we need termios.h too. + [211510123ad6] + + * lib/util/ttysize.c: + Always used TIOCGWINSZ. + [82e679b8cd00] + + * src/exec.c, src/sudo.c, src/sudo.h: + Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c + to exec.c. + [9127e50cf4ec] + + * src/sudo_edit.c: + No need to include selinux.h here. + [8bb07a8f4203] + + * plugins/sudoers/regress/env_match/check_env_pattern.c: + Fix compilation error on macOS + [bc5e5c3d44f2] + +2017-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/term.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec_monitor.c, src/exec_nopty.c, + src/exec_pty.c, src/signal.c, src/sudo.c, src/tcsetpgrp_nobg.c, + src/tgetpass.c: + Remove use of non-standard sigaction_t + [81a57af4c7a9] + + * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c: + Use debug logging instead of ignore_result() where possible. + [9c9fde5b52cc] + + * Makefile.in: + Add cov-build and cov-submit targets for checking with coverity. + [bf88b4439c7b] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c: + Avoid a clang analyzer false positive. + [9f4f915a2e28] + + * plugins/sudoers/sudoreplay.c: + Restore the error message for sudo_ev_add() failure. + [267305606577] + + * include/sudo_event.h, lib/util/event.c: + Add support for signal events in sudo's event subsystem + [0d48fab2dec8] + + * include/sudo_event.h, lib/util/event.c: + Handle the possibility of the siginfo parameter in sa_sigaction + handler being NULL. + [0835ca553426] + + * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, + src/signal.c, src/sudo.h, src/sudo_exec.h: + Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the + signal_pipe explicitly. + [841e2ca6a4a6] + + * lib/util/event.c: + Activate the sigevents inside the signal pipe callback itself and + call signal_pipe_cb() directly if the backend returns EINTR and the + signal_caught flag is set. This has the side effect of processing + signal events in the current pass of the event loop instead of the + next one. + [d94e202b8e57] + + * src/signal.c: + Add SIGCHLD to the list of signals we install sudo_handler() for. + Otherwise, it is possible for the command to exit before the SIGCHLD + handler is installed. POSIX says that signals that are ignored by + default are still ignored even if the signal mask would block them. + We need to have a handler installed for SIGCHLD before the fork(). + [a26f04459c37] + + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/env_pattern.c, + plugins/sudoers/regress/env_match/check_env_pattern.c, + plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h: + Add support for multiple '*' in env_keep, env_check and env_delete + entries. + [b55270a8ecc4] + + * configure, configure.ac: + sudo 1.8.21 + [76aa5455903e] + + * include/sudo_compat.h, plugins/sudoers/timestamp.c, + src/tcsetpgrp_nobg.c, src/tgetpass.c: + Remove use of the non-standard SA_INTERRUPT + [3ec05ffb0dcb] + + * include/sudo_queue.h: + Add workaround for clang static analyzer being confused by + LIST_REMOVE and TAILQ_REMOVE. + [ff8d278e8526] + +2017-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Fix "make check" when openssl or gcrypt is used. Bug #787 + [7968686742e2] + +2017-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Only display string version of errno if sudo_ev_add() fails for now + [24244a02c93f] + +2017-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update + [8e3359235e24] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Be clear that #includedir diverts control to the files in the + specified directory and, when parsing of those files is complete, + returns control to the original file. Bug #775 + [f68769f15356] + +2017-05-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo, + po/sr.po: + sync with translationproject.org + [4552eaf8fabf] + +2017-05-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update + [53d1c9424816] + + * src/exec_monitor.c: + Fix a hang introduced in the last commit. Don't close the pty slave + until after we have the controlling tty. + [c9c19beb60ed] + + * src/exec_monitor.c, src/exec_pty.c: + If any of std{in,out,err} are not hooked up to a tty only interpose + ourselves with a pipe if the plugin will actually log the data. This + avoids a problem with non-interactive commands where no tty is + present where sudo will consume stdin even when log_input is not + enabled in sudoers. + [a79edafdd307] + + * NEWS: + update + [144ff056cd01] + + * doc/TROUBLESHOOTING: + Update based on information from Michael Felt. + [7ea34380ba1d] + +2017-05-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + In check_input() when switch()ing on the return value of read(), use + the default label instead of 1 for the success case. It is only + reading a single byte so the two are equivalent but it reads better + using default. + [860682b86af5] + + * plugins/sudoers/sudoreplay.c: + Check sudo_ev_add() return value. Coverity CID 168362 + [b69779d3801f] + + * plugins/sudoers/iolog.c: + Add io_open() wrapper for open(2) that retries with PERM_IOLOG if + open(2) fails with EACCES. Use io_open() instead of duplicate copies + of the same fallback code. + [09f7992f681b] + + * plugins/sudoers/iolog.c: + Don't retry the open() if set_perms() fails. + [0808a9157037] + + * plugins/sudoers/iolog.c: + Fix typo (fd2 vs. fd) caught by coverity, CID 168359. + [f68df770e06f] + + * po/hu.mo, po/hu.po: + sync with translationproject.org + [ebef76dc27be] + +2017-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Warn people not to use --enable-asan in production. + [ecb5c1143ef4] + + * configure, configure.ac, src/Makefile.in: + Move the invocation of check_noexec into the main "check" target but + only run it if not cross compiling and whe CHECK_NOEXEC is not + empty. + [cba8fd3337c2] + + * src/Makefile.in: + Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly. + [efaa9c44e749] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Move syslog_maxlen to the "Integers" section. Move syslog_goodpri + and syslog_badpri to the "Strings at can be used in a boolean + context" section. + [342dfe9dd37c] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix a pasto that resulted in an extra (empty) syslog_goodpri list + entry. + [eb0563c5b8dc] + + * MANIFEST, plugins/sudoers/regress/sudoers/test20.in, + plugins/sudoers/regress/sudoers/test20.json.ok, + plugins/sudoers/regress/sudoers/test20.out.ok, + plugins/sudoers/regress/sudoers/test20.toke.ok, + plugins/sudoers/regress/sudoers/test21.in, + plugins/sudoers/regress/sudoers/test21.json.ok, + plugins/sudoers/regress/sudoers/test21.out.ok, + plugins/sudoers/regress/sudoers/test21.toke.ok: + Add tests for parsing tuples and syslog options. + [86f3da23b4df] + + * plugins/sudoers/defaults.c: + Allow the syslog Defaults option to be used in a "true" boolean + context and use the compiled in default log facility in this case. + [4fab25217602] + + * plugins/sudoers/defaults.c: + Allow a tuple to be set to boolean true. Regression introduced by + refactor of set_default_entry() in sudo 1.8.18. + [9b38728deb27] + +2017-05-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Replace the list of "dangerous" environment variables and explain + how sudo handles the environment instead. + [966cf87d1bed] + +2017-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/glob.c: + Fix exponential behavior in glob() with respect to multiple '*'. See + https://research.swtch.com/glob Adapted from https://perl5.git.perl. + org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95 + [3d187b0fb764] + + * src/exec_pty.c: + We no longer need to write to the tty if the command was killed by a + signal. Sudo will terminate itself with the same signal the command + died from. Unfortunately, we lose the "core dumped" bit since sudo + itself will not dump core, but there doesn't appear to be a way + around that. + [1be331e0c4d4] + +2017-04-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE to + 0. This will prevent sudo itself from dumping core in this case. + [cf5a5793ebf4] + + * INSTALL: + Update path to sudo_noexec.so + [14e995667c8b] + + * src/sudo.c: + If the command terminated due to a signal, sudo will send that same + signal to itself so the parent shell knows the command died from a + signal. However, we don't want sudo itself to dump core. + [8d823e6ec41e] + +2017-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + sync + [1704e6005b07] + + * src/sudo.c: + The fix for Bug #722 contained a typo/thinko that resulted in the + exit status being 0 when a command was killed by a signal other than + SIGINT. This fixes the signal handler setup so sudo will terminate + with the same signal as the command. Bug #784. + [50b988d0c97f] + + * sudo.pp: + Better check for /etc/rc.d/rc2.d/S90sudo on AIX + [93de5e34a6a3] + + * src/Makefile.in: + Don't install the rc.d link when installing to a DESTDIR. DESTDIR is + generally only set when installing to a temporary directory for + packaging in which case the link should be made in a post-install + script. + [4200ef757b56] + + * plugins/sudoers/Makefile.in, sudo.pp: + In "make install", install sample sudoers file as /etc/sudoers.dist + and copy it to /etc/sudoers if there is no existing /etc/sudoers. + Packages either contain /etc/sudoers (RPM and Debian) or + /etc/sudoers.dist (everything else). + [40f8e5806d71] + + * Makefile.in, mkdep.pl: + Allow "make dist" and "make depend" to work for out of tree builds. + [7b7ba3f38abb] + +2017-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/zlib/Makefile.in: + Add missing $(srcdir) prefix to shlib_exp definition. + [c63e8e73507e] + +2017-04-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_compat.h: + Fix typo in killpg macro. + [f7392d21c915] + + * include/sudo_compat.h: + Fix the killpg macro for systems without killpg() in libc. + [ba0c5162bc4a] + +2017-04-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Use the standard idiom for popping all entries from a tail queue. + The llvm checker gets confused by TAILQ_REMOVE and generate use- + after-free false positives. + [a88cacd23f09] + + * src/exec_monitor.c, src/exec_nopty.c: + rewrite errpipe callbacks + [5c75729cea19] + + * src/exec_monitor.c, src/exec_nopty.c: + use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and + FD_CLOEXEC + [c8c9cc31c43a] + + * src/exec_pty.c: + init io_pipe[][] to -1, not 0 + [71012940a8f1] + +2017-04-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + In sudo_sss_check_user() it is not possible for handle to be NULL. + [de41ba76a4ce] + + * plugins/sudoers/sssd.c: + Fix a use after free when the fqdn sudoOption is set and no hostname + value is present in sssd.conf. + [716a7c502cc0] + + * src/sudo.c: + Avoid unused variable when getgrouplist_2() is available. It would + be nicer to just provide getgrouplist_2() (or the equivalent) and + avoid the ugly #ifdefs. + [2c7ac21feb5f] + + * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, + po/nb.po: + sync with translationproject.org + [e91a983f9de6] + +2017-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + regen + [790d9a05f585] + +2017-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + In sudo_ttyname_scan() if dir is the empty string, set errno to + ENOENT before returning. + [f531ea6e489e] + +2017-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to make it clear that when match_group_by_gid is enabled, groups + in sudoers are looked up by group name instead of group ID. This + doesn't usually cause problems, but if there are conflicting group + entries (for example, from a local /etc/group file and an LDAP or AD + group database), whether the group is resolved by name or ID can be + used to work around conflicts. + [fe3bfca4fcce] + +2017-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo, + po/ja.po: + sync with translationproject.org + [94d36c45e345] + + * plugins/sudoers/regress/parser/check_digest.c: + plug memory leak in check_digest + [40aab9e6e365] + + * src/exec.c: + Check return value of dispatch_pending_signals() in case we received + SIGINT or SIGQUIT before executing the command. + [218758d1560d] + +2017-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + back out unintentional change to the version number + [799b396c1c69] + +2017-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/fr.mo, + po/fr.po, po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [04c4a3ec233d] + +2017-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_digest.out.ok: + Make check_digest test sudo_filedigest() itself instead of the + underlying SHA2 functions. That way we can test it regardless of + whether we use sudo's SHA2 functions or a library version. + [9834b37f1fb0] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that commands matched by "sudo ALL" are not affected by + fdexec. + [7cc3b770a2ff] + +2017-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for 1.8.20 + [14a09000c1dc] + + * plugins/sudoers/po/sudoers.pot: + regen for restricted_env_file + [81290b370c95] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that iolog_user is useful for NFS. + [9c8f9dfdebf0] + +2017-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Only retry mkdir or create with PERM_IOLOG if errno is EACCES. Also + always use PERM_IOLOG for mkdtemp() since we cannot retry if it + fails. Since we are guaranteed to create a new directory there's no + real need to try w/o PERM_IOLOG in this case. + [c3c67d78e46a] + +2017-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Add fallback to PERM_IOLOG when making the final componenet of + iolog_dir. + [72924e4c8f5d] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/env.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add restricted_env_file which is like env_file but subject to the + same restrictions as the user's own environment. + [ec887cc57a8b] + + * plugins/sudoers/iolog.c: + quiet a warning on older zlib + [bcd3cac968a2] + + * plugins/sudoers/iolog.c, plugins/sudoers/timestamp.c: + cast mode_t to unsigned int when printing with %o + [f9ca9ead134e] + +2017-03-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + regen + [f62e81f74d10] + + * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/timestamp.c: + Set umask temporarily when creating files instead of changing the + mode after the fact. This is slightly less error prone. + [a9b4cf336b73] + + * plugins/sudoers/iolog.c: + remove now-useless variable + [9a36b2449ac4] + + * plugins/sudoers/mkdir_parents.c: + Don't set owner/mode on directories that already exist, only on + newly-created ones. + [2b616be0e165] + + * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c: + Explicitly set the file mode of I/O log files so the mode is not + affected by the invoking user's umask. + [ec7d5dd47b6b] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Add PERM_IOLOG so we can create I/O log files on an NFS-mounted + filesystem where root is remapped to an unprivileged user. + [01804a971cd5] + + * plugins/sudoers/mkdir_parents.c: + Restore the '/' in the path before returning if we encounter an + error. + [bb12cfce16fd] + + * plugins/sudoers/sssd.c: + zero out nss->handle after it has been freed to make sure we cannot + free it twice + [00d5340b7541] + +2017-03-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + When creating the timestamp directory, use the group of the + timestamp owner instead of inheriting the group of the parent + directory. + [7a4a10cafe08] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: + Add iolog_flush option. + [96baa17409cf] + +2017-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/iolog.c: + Don't allow the user to specify an I/O log file mode that sudo can't + read or write to. I/O logs must always be readable and writable by + the owner. + [b32e2ef04905] + +2017-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + Regenerate the cat pages with newer mandoc which formats double + quotes as "foo" instead of ``foo''. + [5f14e527ae05] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make it clear that I/O logs will be complete even if the command run + by sudo is terminated by a signal. The I/O log buffering just + prevents the logs from being displayed in real-time as the command + is running. + [072fd419ac1e] + +2017-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_monitor.c, src/signal.c, src/sudo.h: + Replace pipe_nonblock() with pipe2() + [c106b62d7835] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/pipe2.c, + mkdep.pl: + Emulate pipe2() on systems without it. + [5a183dd380f0] + +2017-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/kerb5.c: + Fix declaration of sudo_krb5_verify() in the case where + krb5_verify_user() is not present. Bug #777 + [eafd4e2d7c7f] + + * plugins/sudoers/rcstr.c: + Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. Bug #778 + [dbac86777429] + +2017-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [2fc489ddc143] + + * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c: + Move SIGCHLD handling into handle_sigchld() functions and move the + remaining bits of dispatch_signal() into signal_pipe_cb() + [b120f5cfa8cc] + +2017-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/utmp.c: + e_termination should be set to the value of WTERMSIG not WEXITSTATUS + [95f37078ae8f] + +2017-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, src/Makefile.in, src/exec_nopty.c, src/sudo.h, + src/tcsetpgrp_nobg.c: + Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 for + a background process. This is safer than blocking SIGTTOU which + would cause tcsetpgrp() to succeed in the background. + [7ab75c47b8bf] + +2017-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_nopty.c: + Prevent sudo from receiving SIGTTOU when it tries to restore the + controlling terminal. There appears to be a race with the shell + (bash) which we may lose. + [aab018fb9940] + +2017-03-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/timestamp.c, src/exec_monitor.c: + Add some casts to quiet gcc warnings on Solaris and remove a now- + useless debug printf. + [16c862eab0ce] + + * src/exec_pty.c: + change debug info when suspending sudo + [f5c5ee07f8e3] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_monitor.c, + src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: + Reorganize the command execution code to separate out the pty and + non-pty code paths into their own event loops. The non-pty exec code + is now contained in exec_nopty.c and the pty exec code is split + between exec_pty.c (parent process) and exec_monitor.c (session + leader). This results in a small bit of duplicated code but improves + readability. Some of the duplicated code will fall out in future + changes to the event subsystem (the signal pipe). + [fe239d2a3cbd] + +2017-02-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/ttysize.c, src/exec_pty.c: + Remove support for the TIOCGSIZE ioctl. Systems that use this rather + than TIOCGWINSZ are too old for sudo to build on anyway. + [0179b16c70f9] + +2017-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c: + Set the child pid to -1 after we've waited for it and take care to + avoid killing pid -1. This makes it a bit more explicit and removes + the need for a separate variable to track the child's status. Sudo + already stops processing signals after it receives SIGCHLD so it is + not vulnerable to CVE-2017-2616. + [1123704858ae] + +2017-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Update the description of strict mode to current reality. Aliases + haven't needed to be defined before they are used since sudo 1.7. + [9dc4ce4ec538] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/visudo.c: + Go back to using a Warning/Error prefix in the message printed to + stderr for alias problems. Requested by Tomas Sykora. + [ad4dc6e34222] + +2017-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_openssl.c: + fix copyright years + [b9f013f95bb2] + +2017-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c, + plugins/sudoers/filedigest.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/visudo_json.c: + Move the file digest code out of match.c and into filedigest.c. + Inspired by RedHat changes that used libgcrypt. Also add + digest_type_to_name() to map a sudo digest type (int) to a name + (string) and use it. + [9213d8c94b8f] + + * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c: + Add support for using the message digest functions in OpenSSL + instead of sudo's own SHA2 implementation. + [d77639c97e43] + + * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c: + Add support for using the message digest functions in libgcrypt + instead of sudo's own SHA2 implementation. + [0259467c38dd] + + * plugins/sudoers/gmtoff.c: + Check for gmtime() or localtime() returning NULL and just use a zero + offset in that case. Should not be possible. + [ed210dd8bf46] + +2017-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers2ldif: + Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE + and NOTAFTER. + [d0310b017c78] + + * config.h.in, configure, configure.ac, plugins/sudoers/timestr.c: + strftime() was in C89 so use it unconditionally. + [87bf66aa18fd] + + * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_debug.h, + lib/util/sudo_debug.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c, + plugins/sudoers/gmtoff.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_gentime.c, + plugins/sudoers/regress/sudoers/test19.in, + plugins/sudoers/regress/sudoers/test19.json.ok, + plugins/sudoers/regress/sudoers/test19.out.ok, + plugins/sudoers/regress/sudoers/test19.toke.ok, + plugins/sudoers/regress/visudo/test10.out.ok, + plugins/sudoers/regress/visudo/test10.sh, + plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add NOTBEFORE and NOTAFTER command options similar to what is + already available in LDAP. + [3ba0f9567f83] + +2017-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [f2876eadc1f5] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + Bump version to 1.11 for timeout entry in settings[] + [7b288e4bab93] + + * doc/sudo.conf.cat, doc/sudo_plugin.cat, doc/sudoers.ldap.cat, + doc/sudoreplay.cat, doc/visudo.cat: + regen + [8c059a57d367] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in: + Add a command line option to specify the command timeout, as long as + sudoers does not specify a shorter time limit. + [a8ef7f923d0a] + +2017-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Better error message when the timeout value does not parse. + [2360fb093e3e] + + * plugins/sudoers/timeout.c: + set errno to ERANGE not EOVERFLOW on range error + [9654e1acab0d] + +2017-02-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + regen + [46a124dd72aa] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Merge command tags, SELinux type/role and Solaris privs settings + into "command options". This relaxes the order of things so tags and + other options can be interspersed. + [0970fd78cbe8] + + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/mkdefaults, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/sudoers/test17.in, + plugins/sudoers/regress/sudoers/test17.json.ok, + plugins/sudoers/regress/sudoers/test17.out.ok, + plugins/sudoers/regress/sudoers/test17.toke.ok, + plugins/sudoers/regress/sudoers/test18.in, + plugins/sudoers/regress/sudoers/test18.json.ok, + plugins/sudoers/regress/sudoers/test18.out.ok, + plugins/sudoers/regress/sudoers/test18.toke.ok, + plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo_json.c: + Add support for command timeouts in sudoers. After the timeout, the + command will be terminated. + [a36a748e9324] + + * doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Split out tags again so they must precede the command and not allow + them to be mixed in with options. + [e7e7d60316cc] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Only inherit SELinux role/type and Solaris privilege sets if the + command does not include any. Previously, a command with only a role + would inherit a type from the previous command which is not what was + intended. + [171a3ad972e7] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + List SELinux role/type for "sudo -l" with LDAP and SSSd backends. + Also fix printing of the timeout. + [740723a49ab5] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Plug some memory leaks found by ASAN. + [08189098a5b6] + + * plugins/sudoers/Makefile.in: + Only inhibit ASAN leak detector for tests that result in a parse + error. The parser cannot currently clean up completely on error. + [b2f82dcd2545] + + * plugins/sudoers/rcstr.c: + supress cppcheck memory leak false positive + [e0caf2275a44] + + * lib/util/strtoid.c: + fix typo that prevented compilation on FreeBSD + [27866f6a2b5e] + +2017-02-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/Makefile.in: + Link vsyslog.lo directly into vsyslog_test to make sure the syslog() + stub gets called. Otherwise, the real syslog will get called via + libutil on AIX. + [693bc8411a98] + + * lib/util/regress/vsyslog/vsyslog_test.c: + Fix final test with a format > 2048 bytes. Keep track of tests run + in the syslog() stub so we can detect if the stub is not being + called. + [d10d784446c1] + + * lib/zlib/deflate.c: + avoid redefining the MIN macro + [45b7b0ba0f01] + + * plugins/sudoers/parse.h, plugins/sudoers/timestr.c: + Include parse.h in timestr.c which is where function prototype + lives. + [3ec9ec84a84c] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix for including a sudoers file that begins with the letter 'i'. + The hack to determine whether we are parsing an include or + includedir is no longer safe now that relative include paths are + permitted. Bug #776. + [4d9691a43867] + +2017-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Display the value of syslog_maxlen in sudo -V output. + [0841ad36531c] + +2017-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add ignore_unknown_defaults flag to ignore unknown Defaults entries + in sudoers instead of producing a warning. + [a7fdb44677dd] + +2017-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Always set the close-on-exec bit on the fd used to generate the + digest (i.e. the command to run) on systems that lack fexecve(2). + That way we don't need to explicitly close it using #ifdefs. + [f840a22fac1c] + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ca.mo, + po/ca.po, po/eo.mo, po/eo.po, po/sv.mo, po/sv.po: + sync with translationproject.org + [57e877674892] + + * NEWS: + first updates for 1.8.20 + [118208688b08] + + * configure, configure.ac: + sudo 1.8.20 + [6cba125ea903] + +2017-01-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/LICENSE, lib/zlib/adler32.c, lib/zlib/compress.c, + lib/zlib/crc32.c, lib/zlib/deflate.c, lib/zlib/deflate.h, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c, + lib/zlib/trees.c, lib/zlib/uncompr.c, lib/zlib/zconf.h.in, + lib/zlib/zlib.exp, lib/zlib/zlib.h, lib/zlib/zutil.c, + lib/zlib/zutil.h: + update zlib to version 1.2.11 + [75a563663083] + +2017-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Fix fdexec=never when a digest is present. + [49d3ab5baad0] + +2017-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/match.c: + Add new fdexec sudoers setting to allow choose whether execve() or + fexecve() is used. + [6a7623aa9a64] + + * src/exec.c, src/exec_pty.c: + Close execfd in parent processes where it is not needed. + [f44e334d43e2] + +2017-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Add support for digest matching when the command is a glob-style + pattern or a directory. For example: + + millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/ + millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/* + + would only match /bin/ls (assuming the digest matches). + + Previously, only explicit path matches checked the digest. + [d4f6822ba9bb] + +2017-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Add support for SASL_MECH in ldap.conf; Bug #764 + [d057bb7f2ddc] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix documentation bug, the contents of env_file have never been + subject to env_keep or env_check. However, variables are only added + if they have not already been preserved. + [4483b1b44709] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + examples/sudoers: + Safer example for rule that can change non-root passwords. GNU + getopts allows options to follow arguments so we need to be able to + deny things like "passwd root -q". From Paul "Joey" Clark. Bug #772 + [c809f1372811] + +2017-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Don't overwrite the return value of ldap_sasl_interactive_bind_s() + by the subsequent call to sudo_set_krb5_ccache_name(). From Paul + Zirnik of SUSE. + [448baff2b586] + + * plugins/sudoers/env.c: + In sudo_unsetenv_nodebug(), decrement envp.env_len after removing + the variable. From Paul Zirnik of SUSE. + [3d87a008671c] + +2017-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/Makefile.in: + only run vsyslog_test if it exists + [5323dfcfb009] + + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/regress/vsyslog/vsyslog_test.c: + Add regress for vsyslog replacement. + [1f767b8f5940] + +2017-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Define HAVE_NANOSLEEP if we find nanosleep in librt + [ec8d949bf411] + + * configure, configure.ac: + sudo_nanosleep not nanosleep in util.exp.in + [18a3bca78962] + + * configure, configure.ac: + add nanosleep to util.exp.in if needed + [6ac2e9266d67] + + * NEWS, configure, configure.ac: + sudo 1.8.19p2 + [9c15593a007a] + + * lib/util/vsyslog.c: + Double the size of new_fmt[] and remove an extraneous break in the + %m handling that was leftover from an earlier edit. + [fcb28dc9cd4e] + + * lib/util/vsyslog.c: + Fix typo, want vsnprintf not snprintf. + [2717f2125ecd] + + * plugins/sudoers/logging.c: + move va_start() in mysyslog() + [b58ec40bbfc3] + + * plugins/sudoers/sudoers.c: + Only treat failure of expand_iolog_path() as fatal if + ignore_iolog_errors is not set. + [1ba009311cf7] + +2017-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/nanosleep.c, + mkdep.pl, src/exec_pty.c: + When waiting for the parent to grant us the tty, use nanosleep + instead of spinning to avoid hogging the CPU. + [76335b380d7c] + + * src/sudo.c: + Use ROOT_UID instead of 0 + [5ed03a4e0b0b] + +2017-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + regen + [99b26e2c523d] + +2017-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/interfaces.c, + plugins/sudoers/regress/visudo/test9.out.ok, + plugins/sudoers/regress/visudo/test9.sh, plugins/sudoers/visudo.c: + Fix crash in visudo introduced in sudo 1.8.9 when an IP address or + network is used in a host-based Defaults entry. Bug #766 + [ff9001f126b5] + +2017-01-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, doc/LICENSE: + Avoid using the system strnlen/strndup on AIX < 6. Even if configure + correctly detects it is working on the build machine, the sudo + package may be run on a system with an old libc were it is broken. + [28d148db0aaa] + +2016-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + sudo 1.8.19p1 + [7bfd43fa5caf] + + * plugins/sudoers/defaults.c: + Fix logic bug when matching syslog priority and facility. + [576cc9eb850f] + + * doc/HISTORY: + Dell spun off Quest so simplify the history by just talking about + Quest and not Dell. + [a66120495435] + +2016-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/LICENSE: + Fix copyright year + [3122e55195a6] + + * NEWS: + typo + [ffe9e84928b6] + +2016-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_compat.h: + HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2 + is, we need to check its value, not whether it is defined. + [849eb3113149] + +2016-12-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po: + sync with translationproject.org + [abf5d356a33b] + +2016-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo, + po/sr.po: + sync with translationproject.org + [fec672d5a4c7] + + * config.h.in, configure.ac, include/sudo_compat.h, + plugins/sudoers/pwutil_impl.c, src/sudo.c: + Use getgrouplist_2() on macOS if available. + [3bf58af56d18] + +2016-12-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + regen + [3f4d52230317] + + * plugins/sudoers/interfaces.c: + In set_interfaces() treat a parse error as fatal. + [7d0048108b1d] + +2016-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/regress/atofoo/atofoo_test.c: + Fix a clang warning on macOS + [58e9d192e907] + +2016-12-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ko.mo, + po/ko.po, po/vi.mo, po/vi.po: + sync with translationproject.org + [99cce0f5fddc] + + * NEWS: + update for 1.8.19b2 + [18cfc9b8b8e7] + + * plugins/sudoers/timestamp.c: + Ignore a boot time that is in the future, which can happen when the + clock is corrected down after boot. Otherwise, the timestamp file + will be unlinked each time sudo is run and a password is always + required. + [dd3b2b7ae709] + +2016-11-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/logging.c: + Allow syslog priority to be negated or set to "none" to disable + logging successes or failures. + [624eddac4ab1] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Allow stdin and ttyin to be displayed too. The only one that is + really useful in sudoreplay is stdin when input is from a pipe. + [5aa8b3a90c84] + + * src/regress/noexec/check_noexec.c: + Solaris 10 wordexp() returns 127 on execve() failure like popen() + does. + [f927c50dda17] + + * config.h.in, configure, configure.ac, include/sudo_debug.h, + lib/util/regress/atofoo/atofoo_test.c, lib/util/strtoid.c, + lib/util/sudo_debug.c, lib/util/util.exp.in: + id_t is 64-bits on FreeBSD so use strtoll() there. Fixes the strtoid + regress. + [448a9857e89f] + +2016-11-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + fix typo + [92ea657a87f5] + + * plugins/sudoers/sudoers.c: + Fix the "all" setting for verifypw and listpw; nopass would never be + true even if all the user's entries had the NOPASSWD tag. Regression + introduce in sudo 1.8.17. Bug #762 + [c672e3ebfbe2] + +2016-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/cs.mo, + plugins/sudoers/po/cs.po, plugins/sudoers/po/da.mo, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/el.mo, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/hu.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, + plugins/sudoers/po/lt.mo, plugins/sudoers/po/nb.mo, + plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.mo, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/ru.mo, plugins/sudoers/po/sk.mo, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sr.mo, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, + po/es.mo, po/es.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, + po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, po/ko.po, + po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, + po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [8a4ab570d132] + +2016-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/openbsd.c: + Just use malloc_options "S" on OpenBSD instead of "AFGJPR". + [2851cd2da1c7] + +2016-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update year in license + [e370bf3d1035] + +2016-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [d524f0306467] + + * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat: + regen + [185328ea20c3] + + * include/sudo_debug.h, lib/util/sudo_debug.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/visudo.c, src/sudo.c: + Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() + and check for it in places where we check the return value of + sudo_debug_register(). + [d1e74c5f21a6] + +2016-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update for 1.8.19 + [b248866c511d] + +2016-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: + Add support for getpwnam_shadow() on OpenBSD + [4db7ed374c33] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, plugins/sudoers/policy.c, src/sudo.c: + Add umask to user_info passed in from the front end to the plugin. + [4a4eee52a717] + + * plugins/sudoers/auth/rfc1938.c: + Fix sign compare warning. + [8732d632cbff] + + * MANIFEST, aclocal.m4, configure, configure.ac, m4/ax_append_flag.m4, + m4/sudo.m4: + Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct + modification of LDFLAGS. + [c1464dcd45e0] + + * MANIFEST, configure, configure.ac, plugins/sudoers/aixcrypt.exp: + Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where + crypt() was not exported. + [785d57666d41] + + * doc/TROUBLESHOOTING: + Remove obsolete solaris issue with snprintf + [3ce6cc899026] + + * INSTALL: + SunOS 4.x is no longer supported + [2239eb30ff2c] + +2016-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/regress/sudo_conf/test1.in, lib/util/sudo_conf.c: + Plug memory leak when a particular Path is set more than once. + [debc97dac01d] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions and + use them to parse negated entries instead of doing it manually. + [12010b64afe5] + + * plugins/sudoers/ldap.c: + Fix printing of sudoedit_follow in "sudo -l" + [2094a8f880c4] + + * plugins/sudoers/sssd.c: + For "sudo -l" print sudoOption sudoedit_follow as FOLLOW. + [9c860b1fa721] + + * config.h.in, configure, configure.ac, include/sudo_conf.h, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.out.ok, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/policy.c, src/exec_common.c, + src/load_plugins.c, src/parse_args.c: + Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, + _PATH_SUDO_PLUGIN_DIR, even if only defined to NULL. This means the + accessors can always be present. + + Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when + noexec is available. + + Add ENABLE_SUDO_PLUGIN_API and use it instead of + _PATH_SUDO_PLUGIN_DIR to tell when the plugin API is available. + + Add sudo_conf_clear_paths() to clear the path values so the regress + tests are not affected by compile-time settings. + [2b05e4a143d9] + + * plugins/sudoers/ldap.c: + Use readline() in sudo_ldap_read_secret() + [3f0506e5cbe3] + +2016-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/sudo_conf.c: + Get rid of struct sudo_conf_paths and just use #defined index values + to access the path values. Make all accessors available even when + the feature is not enabled. + [58d1ec6170a8] + + * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + mkdep.pl, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS + to prevent libtool from strippign them out. Avoid using ASAN flags + when building sudo_noexec.so. + [9644dd92e586] + +2016-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Disable noexec for HP-UX 10.x which probably doesn't support + LD_PRELOAD + [d87bc5ea4688] + + * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: + Remove SunOS 4 support, it is not modern enough to run sudo. + [b6e15f8360b6] + + * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c: + Remove HP-UX 9 support, it is not modern enough for sudo. + [226dda48c1e1] + + * config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c, + plugins/sudoers/getspwuid.c: + Remove Ultrix support, modern sudo can't run on Ultrix anyway. + [95a11ef29a2b] + + * MANIFEST, configure, configure.ac, lib/util/sudo_conf.c, + src/Makefile.in, src/exec_common.c, + src/regress/noexec/check_noexec.c, src/sudo_exec.h: + Add regress for noexec functionality + [2cadd8e04677] + + * src/Makefile.in: + Unbreak sudo_noexec on macOS where shared libraries and dynamic + modules are different. We still want to install sudo_noexec.so + without the "lib" prefix so some hackery is required. + [93d7b69491a1] + + * configure, configure.ac: + Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above. + [92cad0180239] + +2016-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/Makefile.in: + Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. + Otherwise, the wordexp(3) wrapper will fail due to an undefined + symbol. Bug #761 + [120a317ce25b] + + * plugins/sudoers/visudo.c: + In strict mode, go to the file/line with an undefined aliases or + aliases cycle directly. + [b4f51b79bd9e] + +2016-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/visudo.c: + Store the file/lineno for alias and userspec entries so we can + provide that info if there is an error. + [7deb4e41ca7b] + +2016-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/rcstr.c, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Add simple reference-counted string allocator and use it for passing + around references to the sudoers path. This lets us avoid making + copies of the sudoers path for the errorfile as well as each + Defaults entry. + [afcff7b5b647] + + * lib/util/sha2.c: + Cast len from size_t to uint64_t before bit shifting since we are + adding to count which is also uint64_t. Quiets a PVS-Studio warning. + [167210670b30] + +2016-11-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/regress/visudo/test7.out.ok, + plugins/sudoers/regress/visudo/test7.sh, + plugins/sudoers/regress/visudo/test8.err.ok, + plugins/sudoers/regress/visudo/test8.out.ok, + plugins/sudoers/regress/visudo/test8.sh: + Add checks for sudoers_locale early Defaults + [582c08c9418c] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Add the argument vector allocated for -s and -i mode to the garbage + collector list. Avoids an ASAN warning on exit when the -s or -i + flags are used. + [652691a5216b] + +2016-11-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + add missing sudo_pw_delref/sudo_gr_delref to plug memory leak + [c4ba4c26e0c1] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Go back to parsing Defaults entries in update_defaults instead of as + sudoers is read. Otherwise, we cannot properly support early + defaults like sudoers_locale. + [ff1328a86b97] + + * mkpkg: + Use expr instead of POSIX sh numerical expression to avoid a syntax + error on older shells. + [638383bb40d5] + +2016-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + Bump plugin minor version to 10 for sudo_mode, sudo_group and + sudo_user. + [0c65dc1f2874] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix a bug in host matching where a negated sudoHost entry would + prevent other sudoHosts following it from matching. + [40cbd5790106] + + * plugins/sudoers/defaults.c: + Zero out sd_un before calling parse_default() so we don't try to + free stack garbage in the ldap/sssd backends. + [6b64a8e3a19d] + +2016-11-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Use "ret", not "rc" for the function return value. + [fdfe637adee6] + + * include/sudo_compat.h, lib/util/strtomode.c, + plugins/sudoers/defaults.c, plugins/sudoers/goodpath.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c, src/sudo_edit.c: + Use sys/stat.h defines instead of bare octal values. + [215c80e09830] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c: + Pass iolog mode, group and user from policy plugin to I/O log + plugin. + [1ed4967771c8] + +2016-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c: + Instead of parsing sudoers Defaults twice, parse once while reading + sudoers and then just set the parsed value in update_defaults(). + [370d51681c6e] + + * plugins/sudoers/defaults.c: + Use "struct defaults *d" instead of "struct defaults *def" + throughout for consistency and to avoid confusino with "struct + def_values *def". Use "str" not "var" for the string argument to + convert and store in sd_un for the store_* functions. + [5cc3efc609df] + + * plugins/sudoers/parse.c: + In display_bound_defaults() rename dtype arg -> deftype. + [b3323960e1db] + +2016-11-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/regress/sudo_conf/test4.err.ok, + lib/util/regress/sudo_conf/test5.err.ok, + plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test3.err.ok: + Update error output to match quoting changes. + [27bbf5004d1e] + + * plugins/sudoers/defaults.c: + Avoid passing in a struct sudo_defs_types pointer to the store + functions. Pass in a pointer to the union to fill instead. + [ea956d00aae3] + + * plugins/sudoers/defaults.h: + no longer need struct defaults forward referebce + [21e34ca85de5] + +2016-11-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/load_plugins.c: + Use "double quotes" in messages instead of a combination of the + accent (grave) mark and apostrophe. + [10dee3ecf3e1] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add file:linenumber prefix to all Defaults warnings so we can see + them when running sudo too. For LDAP/SSSD we print the sudoRole + instead of the file name and omit the line number. + [5c6b95cd3792] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Use sudoedit in examples instead of "sudo vi" + [6008c208682c] + +2016-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Only treat an unknown Defaults entry as a parse error in visudo, not + in sudo itself. + [8d8aa7ac5a32] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/visudo.c: + Instead of checking Defaults values after the fact, check them at + sudoers parse time. This makes it possible to display the file and + line number with the problem and for visudo to go right to the + error. + [ac66bd690d05] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + Refactor freeing of a member_list into free_members(). + [d29daa01bb9c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + add_defaults() now calls sudoerserror() itself instead of the caller + assuming any error means out of member. + [a25e51321e0b] + + * plugins/sudoers/defaults.c, plugins/sudoers/mkdir_parents.c: + s/rval/ret/g -- old habits die hard + [fa55d08b233a] + +2016-10-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse + error. + [052b0e112839] + + * plugins/sudoers/visudo.c: + The fix for Bug #408 broke editing of files in an include dir that + have a syntax error. Normally, visudo does not edit those files, but + if a syntax error is detected in one, the user gets a chance to fix + it. + [6b00f9bfff31] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Make a copy of the current sudoers path when assigning errorfile. + Fixes a potential use after free in visudo when there is an error in + one of the include files. + [eb6db5d15b61] + + * plugins/sudoers/sudoers_debug.c: + sudoers_debug_register() was not setting the active debug instance + to sudoers_debug_instance when called from the I/O log plugin. This + is because it relied on sudo_debug_register to do that but + sudoers_debug_parse_flags() doesn't set debug_files[] + sudoers_debug_instance is already set (we can only init sudoers + debug once). + + To work around this, just make sudoers_debug_instance the active + debug instance in sudoers_debug_register() when it is already set. + [71b0221c8c28] + + * src/load_plugins.c: + Fix pasto when setting I/O plugin debug files + [03c3aab22e65] + + * plugins/sudoers/iolog.c: + use cp instead of *cur when comparing against plugin_path + [f2dfe69549f5] + +2016-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/mkdir_parents.c: + In sudo_mkdir_parents() inherit the gid of / instead of using gid 0 + for the first component. + [5f2bf33bccb5] + + * plugins/sudoers/iolog.c: + We want to inherit the gid from the parent directory when not + setting permissions on intermerdiate directories. + [845f5a20b5fa] + +2016-10-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/mkdir_parents.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Move io_mkdir_parents() to its own file and use it in ts_mkdirs(). + [c1d55f588a60] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make the I/O log file/dir permissions and owner configurable. + [e7a74f3dfa56] + + * lib/util/Makefile.in, mkdep.pl: + Add vsyslog.lo + [18362a9ae32e] + + * configure, configure.ac: + sudo 1.8.19 + [97743604e6e3] + +2016-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c: + Don't try to syntax check an unrecognized Defaults value in visudo. + [e4972655b5d3] + +2016-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Create I/O log files with the same gid as the parent directory. + [0da5824e006d] + + * plugins/sudoers/ldap.c: + Check for sudo_ldap_result_last_search() returning NULL. This can't + happen in practice because we always call + sudo_ldap_result_add_search() first which guarantees there is a + result to be found. Quiets a PVS-Studio warning. + [4f6074f40fbc] + + * src/exec_pty.c: + Quiet a PVS-Studio warning about the spin loop when waiting for the + parent to assign us the terminal pgrp. + [d063a283477b] + + * plugins/sudoers/env.c: + Fix incorrect strncmp() lengths. The check for USERNAME was only + looking at the first 5 characters (copy and paste error). The check + for SUDO_PS1 was not checking the trailing '=' character (off by one + error). Found by PVS-Studio. + [297380eb6940] + + * plugins/sudoers/env.c: + When checking for old-style bash functions in the environment, check + for values starting with "() " (note the trailing space) rather than + "()". Bash will only treat the value as a function if the space + after "()" is present. The trailing space was already present in the + compare string but when it was added, the length passed to strncmp() + was not updated from 3 to 4. Found by PVS-Studio. No security + impact. + [7e35f39d356b] + + * plugins/sudoers/set_perms.c: + Add some missing casts from uid_t/gid_t to int when printing uid/gid + values. We print these as signed so a value of -1 (no change) is + obvious. Quiets PVS-Studio warnings. + [9773e5b166e1] + + * plugins/sudoers/timestamp.c: + def_timestamp_timeout is a double so compare against 0.0 not 0 to + avoid making it appear to be an integer type. + [8675db470ab7] + + * plugins/sudoers/defaults.c: + When checking syslog facility or priority, move the string compare + into the body of the loop and return if it matches. If we finish the + loop it means we didn't find a match. This makes the code a little + bit more readable. + [d1df1649a01e] + + * lib/util/strlcpy.c, lib/util/strnlen.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/logging.c, + plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec_pty.c: + Replace bare ";" in the body of for() loops with "continue;" for + improved readability. + [92eff8dbe5f8] + +2016-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess, config.sub: + Update from http://git.savannah.gnu.org/gitweb/?p=config.git + [86e6144dfdd7] + + * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, + m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.4.6 + [8d85d9e8687b] + +2016-10-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/vsyslog.c: + Use a static buffer if possible. + [758ce6478994] + + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/vsyslog.c, plugins/sudoers/logging.c: + add vsyslog() for systems without it. + [c6457f333252] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + There are now 14 tag values, not 10. Don't bother mentioning the + number since it keeps increasing. Bug #759 + [17e4c900dc12] + +2016-10-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, plugins/sudoers/logging.c: + Use vsyslog() if available. + [ea9b7a51eaec] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c: + Add syslog_maxlen to control the max size of syslog messages. + [5f9872d2073f] + +2016-10-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/tgetpass.c: + Don't generate SIGTOU when restoring the terminal modes. It doen't + make sense to suspend the process only to restore the terminal + settings since in this case the shell has already taken ownership of + the tty. + [981c26f3fc8f] + + * plugins/sudoers/sudoreplay.c, src/exec_pty.c, src/tgetpass.c: + The flush parameter of sudo_term_restore() is bool, not int. + [c2597f1881f3] + +2016-10-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Add wordexp() to the list of functions wrapped by sudo_noexec.so. + [2e847ce3f02f] + +2016-10-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_noexec.c: + Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on + AIX 5.1 at least. + [167a518d8129] + + * src/sudo_noexec.c: + add missing guard around wordexp() + [7b8357b0a358] + + * NEWS: + expand on 1.8.18p1 changes + [f560e06ad584] + +2016-10-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + sudo 1.8.18p1 + [a36e17d1c5db] + + * config.h.in, configure, configure.ac, src/sudo_noexec.c: + Fix configure check for seccomp filter on Linux + [5d88d7cda853] + +2016-10-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, src/sudo_noexec.c: + Use a seccomp filter on Linux to disable execve(2) and execveat(2). + This still relies on LD_PRELOAD to work so it has the same issues as + the existing mether with respect to running 32-bit binaries on a + 64-bit kernel. + [59d76bdc0f0c] + + * src/Makefile.in: + regen + [9e313cb0900b] + + * plugins/sudoers/Makefile.in: + regen + [5ca77049e5cd] + +2016-10-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, config.h.in, configure, configure.ac, src/sudo_noexec.c: + Wrap wordexp(3) in sudo_noexec. + [e7d09243e51b] + +2016-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Clean .json files created by "make check" + [d214117fbda1] + +2016-09-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * po/ca.mo, po/da.mo, po/eo.mo, po/es.mo, po/eu.mo, po/fi.mo, + po/gl.mo, po/hr.mo, po/hu.mo, po/ko.mo, po/nl.mo, po/ru.mo, + po/sk.mo, po/sl.mo, po/sr.mo, po/tr.mo: + recompile .po files + [3d91cbf75744] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix matching when no sudoRunAsUser is present in a sudoRole. If only + a sudoRunAsGroup is present, match on the invoking user if the -g + option was specified and the group matched. If no sudoRunAsGroup is + present and the -g option was specified, allow it if it matches the + passwd gid of the runas user. This matches the behavior of the + sudoers backend. + [e1a52c34da5e] + + * plugins/sudoers/match.c: + runas_pw can no longer be NULL + [020c6ddcae11] + +2016-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + RunAsGroup without RunAsUser issues + [52d1547c9d3a] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + user_matched and group_matched must be type int, not bool + [204d8de97a05] + + * plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding + whether to check runas user/group instead of checking runas_pw or + runas_gr. + [d17f223e8313] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When matching against runas_default use userpw_matches() instead of + just strcasecmp(). + [ce70077c5861] + + * plugins/sudoers/testsudoers.c: + Set RUNAS_USER_SPECIFIED when -u is specified and/or + RUNAS_GROUP_SPECIFIED when -g is specified. + [fa7a1035a058] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix printing of the default runas user when a RunAsGroup is + specified but no RunAsUser is present. + [c05dabd194a1] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Only match against runas_default if both sudoRunAsUser and + sudoRunAsGroup are missing. + [019084f428b2] + + * plugins/sudoers/match.c: + runas_pw can no longer be NULL here + [e73dcebafa15] + + * plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/sssd.c: + Update check for whether or not the runas user was set in the ldap + and sssd backends to match the sudoers file backend. Introduces the + runas_user_set() macro to improve readability. Previously, runas_pw + was set late, now it is set before checking sudoers. + [d8280d8a96c9] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document that negated sudoHosts are only supported by 1.8.18 and + higher. + [f56824fe61bc] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Disable Address Sanitizer leak detection for tests which generate + parse errors. The parser leaks a bit on error. + [4b0ddb11df3a] + + * plugins/sudoers/sssd.c: + Fix underflow in get_ipa_hostname() when trimming trailing + whitespace. + [875f2f5cd363] + +2016-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Document negated sudoHost entries. + [41d9853f89f7] + + * plugins/sudoers/sssd.c: + Support negated sudoHost entries. + [7c25f9111633] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document negated sudoHost entries. + [6c8444c6bc6c] + + * plugins/sudoers/ldap.c: + Support negated sudoHost entries. + [1899906b8ef4] + +2016-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Don't check the username when matching a host netgroup unless + def_netgroup_tuple is enabled. + [238c8064542f] + + * plugins/sudoers/match.c: + Move valid domain name check into a new valid_domain() function. Fix + memory leak if getdomainname(2) fails and avoid using heap garbage + for the domain name matching in this case. + [946f2441c90a] + +2016-09-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo, + po/it.po: + sync with translationproject.org + [40eab0801eae] + +2016-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Add back line mistakenly removed in 0cf2a9351740 + [8622c83c1474] + + * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, + po/nb.po: + sync with translationproject.org + [f180826bb77b] + +2016-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Bug #757 + [de67bc9e26f8] + + * plugins/sudoers/sudoers.c: + Fix typo that broke short host name matching when the fqdn flag is + enabled. Bug #757 + [605c03afc80f] + +2016-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_debug.h, lib/util/aix.c, lib/util/fnmatch.c, + lib/util/getgrouplist.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/strtoid.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, plugins/sample/sample_plugin.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/hooks.c, src/load_plugins.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, + src/utmp.c: + Be consistent with the naming of the variable used to store the + function return value. Previously, some code used "rval", some used + "ret". This standardizes on "ret" and uses "rc" for temporary return + codes. + [017866310d24] + +2016-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ca.po, plugins/sudoers/po/cs.mo, + plugins/sudoers/po/cs.po, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/el.po, plugins/sudoers/po/eo.po, + plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.po, plugins/sudoers/po/hr.po, + plugins/sudoers/po/hu.po, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/ko.po, plugins/sudoers/po/lt.po, + plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/ru.po, plugins/sudoers/po/sk.po, + plugins/sudoers/po/sl.po, plugins/sudoers/po/sr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, po/ca.po, po/cs.mo, po/cs.po, po/da.po, + po/de.mo, po/de.po, po/eo.po, po/es.po, po/eu.po, po/fi.po, + po/fr.mo, po/fr.po, po/gl.po, po/hr.po, po/hu.po, po/it.po, + po/ja.mo, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.po, po/sk.po, po/sl.po, + po/sr.po, po/sv.mo, po/sv.po, po/tr.po, po/uk.mo, po/uk.po, + po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [6312962695df] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, po/nn.mo, po/nn.po: + Norwegian Nynorsk translation of sudo from translationproject.org + [05203a266265] + + * NEWS: + Fix for Bug #756 + [89ff21579216] + +2016-09-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + In sudoers_main() avoid setting rval prematurely. Prevents a crash + when auditing fails after successfully authenticating. Bug #756 + [d17a06bce04c] + + * plugins/sudoers/defaults.c: + Apply match_group_by_gid early. + [1259c7fd66ca] + +2016-09-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update + [292a9e21474e] + + * src/ttyname.c: + Don't disable large file support for Linux, just SVR4-style /proc. + Otherwise, stat(2) may fail on Linux when running a 32-bit sudo on a + 64-bit machine. Bug #755 + [09450ce8b8a8] + +2016-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_util.h: + Make sudo_parseln() flags hex to make it more obvious that they are + bit flags. + [b912a078047e] + + * plugins/sudoers/env.c: + Don't try to support line continuation in /etc/environment. + [d7e30e821c0e] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + No line continuation support in ldap.conf. + [211caaba2395] + + * include/sudo_util.h, lib/util/parseln.c: + Add flag to sudo_parseln() to disable line continuation support. + [d2820247fc07] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + A comment character ('#') is only special at the beginning of the + line. + [b3b67b7e4fc0] + + * include/sudo_util.h, lib/util/parseln.c, + lib/util/regress/sudo_parseln/parseln_test.c, lib/util/sudo_conf.c, + lib/util/util.exp.in, plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudo_nss.c: + Add a flags option to sudo_parseln() and a flag to only mach + comments at the beginning of the line. Use the flag when parsing + ldap.conf. + [40c560fc9a10] + + * src/sudo.c: + If get_process_ttyname() fails for errno != ENOENT, just warn + instead of making it a fatal error. Bug #755 + [1a028b861801] + +2016-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/mkdefaults: + use strict + [681281bc0f6d] + + * plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults: + Define def_foo in terms of the I_FOO index instead of a bare number. + [abb119f84ae6] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + sync with translationproject.org + [d339717f8692] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that match_group_by_gid has no effect when sudoers is stored + in LDAP. + [5eb6ae45c699] + + * include/sudo_compat.h, src/sudo.c: + Use W_EXITCODE to construct the wait status if sudo could not + execute the command. Fixes the sudo exit value for exec(3) failure. + [95eae2d60292] + + * src/exec.c: + fix brace style + [54448c10b6b5] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [794b06ba727b] + + * src/sudo.c: + It is possible for get_user_info() to fail for reasons other than + ENOMEM so print the warning message there rather than in main(). + [8c24df8d6b78] + +2016-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + match_group_by_gid is only available in sudo 1.8.18 and above + [dd237eb540d0] + + * doc/UPGRADE: + Mention match_group_by_gid + [417f27e9059a] + + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document match_group_by_gid + [2234997acb8d] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/pwutil.c: + Add match_group_by_gid Defaults option to allow sites with slow + group lookups and a small number of groups in sudoers to match + groups by group ID instead of by group name. + [20714580da96] + +2016-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention "sudo -l command" bug fix. + [cb8ade186880] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix "sudo -l command" in the LDAP and SSS backends when the command + is not allowed. + [631038350b2a] + +2016-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c: + Use sudo_strsplit() instead of doing the equivalent manually. + [9eb6d1cc78bd] + +2016-08-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Move SIGPIPE bug fix to 1.8.18 where it belongs + [52509fd0100e] + + * plugins/sudoers/defaults.c: + Fix memset size typo in previous commit. + [e00299f7c50f] + + * plugins/sudoers/regress/visudo/test6.out.ok, + plugins/sudoers/regress/visudo/test6.sh: + Add regress for check_defaults() use-after-free bug. + [0b362678ca10] + + * MANIFEST, plugins/sudoers/defaults.c: + Fix use-after-free in check_defaults(), reported by Radovan Sroka of + RedHat. + [ab3a4227c12f] + +2016-08-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + SIGPIPE bug fix + [24c9a12f7e59] + + * src/signal.c: + Now that we ignore SIGPIPE in sudo we need to restore it at exec + time. Problem reported by Radovan Sroka of RedHat. + [3cfa7e3510ff] + +2016-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Fix appending to make_opts + [abe28b6b7663] + + * NEWS: + Add Bug #753 and fix reference to Bug #752. + [e8c959e1cd6c] + +2016-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/da.mo, + po/da.po, po/pt_BR.mo, po/pt_BR.po: + sync with translationproject.org + [219c3f0aeee7] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen pot files + [d0c56a4ff553] + +2016-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update with logging changes. + [f41beca23b99] + + * plugins/sudoers/logging.c: + Avoid duplicate warnings when we cannot write to the log file. Also + send the warning in mail if possible. + [9b8509cff137] + + * plugins/sudoers/iolog.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Move the ignoring of I/O log plugin errors into the I/O log plugin + itself. + [25b7fd056614] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Make the behavior when we cannot write to a log or audit file + configurable. File log failures are ignored by default for + consistency with syslog. Audit errors are ignored by default to + allow the admin to fix the issue. I/O log file errors are still + fatal by default since if I/O logging is activated it is usually to + have an audit trail. Bug #751 + [dbd085e7c736] + +2016-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Make sure we print an error message to stderr (and not just send + mail) if do_logfile() fails. Bug #751 + [7884a23a0cdc] + +2016-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c: + Separate out the supplemental group ID checks from the supplemental + group name checks in user_in_group(). We now call sudo_get_gidlist() + only when the group name in sudoers begins with a '#' (which is + seldom used). + [80534785d8b7] + + * plugins/sudoers/ldap.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Cache the user's group IDs and group names separately and only + resolve group IDs -> names when needed. If the sudoers file doesn't + contain groups we will no longer try to resolve all the user's group + IDs to names, which can be expensive on some systems. + [8ce3564e896e] + +2016-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c: + Remove the "op" parameter from all the store_foo() functions except + store_list() where it is actually needed. For the others, a NULL + value indicates the setting was negated. This unconfuses static + analyzers (and perhaps humans too). + [fca031b57f15] + + * plugins/sudoers/defaults.c: + Flags always have a NULL value. Regression introduced by refactor of + set_default_entry(). + [71fe4fad097b] + + * plugins/sudoers/defaults.c: + Set rc to true when setting a flag Defaults value. + [cf016b6aedd4] + + * src/utmp.c: + suppress a cppcheck false positive + [0d44aa7cf05c] + + * plugins/sudoers/defaults.c: + Refactor the error parts of set_default_entry() so the switch() is + mostly just calls to store_foo() functions. Avoids a lot of + duplicated error checking and silences a cppcheck false positive. + [1112b894007c] + + * plugins/sudoers/defaults.c: + In set_default_entry() check for unsupported Defaults type. + [beb1ae20179f] + + * lib/util/aix.c: + Add missing break in switch that sets the max limit for + RLIMIT_NOFILE. Found by cppcheck. + [39b1979b1b92] + + * plugins/sudoers/defaults.c: + Check sudoers_initlocale return value and treat as oom. Coverity CID + 141832 + [b1cad9d6c49d] + +2016-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Set runas_pw early and adjust runaslist_matches() to deal. Since we + now set runas_default early there is no need to call update_defaults + with SETDEF_RUNAS after sudoers has been parsed. + [35e0b08219a8] + +2016-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Load sudoers group plugin via an early callback. + [0fc4382cd6e4] + + * sudo.pp: + System Integrity Protection on Mac OS X won't allow us to write + directly to /etc or /var. We must install in /private/{etc,var} + instead. + [831c78241e78] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that fqdn, runas_default and sudoers_locale are parsed + early. + [beb4868c449e] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + Regen for 1.8.18 + [eb4feabb8fee] + +2016-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.h, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c: + Avoid passing around struct defaults when it is not needed. As a + result, we no longer need to include gram.h in the LDAP and SSSD + backends. + [14d0bfdc8bd2] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Instead of deferring setting early defaults until we have traversed + the entire defaults list, just defer running the callbacks. + Otherwise, if the last early default setting we see has a bad value + we won't set any defaults of that type even if there was an earlier + one that was valid. + [552863e5a097] + + * plugins/sudoers/defaults.c: + Run callbacks once in set_default_entry() instead of each of the + store_foo() functions. + [b92b51c67845] + +2016-08-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Use /proc/cpuinfo on Linux instead of running lscpu + [450ea436dbe4] + + * mkpkg: + If using GNU make on a multi-cpu system, use the -j flag to run make + jobs in parallel, up to the number of cpus/cores. + [7a6670de96dc] + +2016-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Only check SUDO_USER if euid is 0 + [f42d00c94817] + +2016-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Initialize sudo_user based on the SUDO_USER environment variable if + present. This allows things like :Defaults:username editor=foo" to + work when visudo is run via sudo. + [a526d6f74198] + +2016-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Add function name in "command resumed" debug message + [e209f199a79f] + + * src/exec_pty.c: + If waitpid() returns 0 or -1, display a warning, this should never + happen. Add a check for unhandled wait status (also should never + happen). + [983a0b79b527] + + * plugins/sudoers/defaults.c: + Flag settings have a NULL value so we can't use that to test whether + an entry in struct early_default is set or not. Add a "set" member + and use that instead. + [68a7c0de9b0e] + +2016-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Explicitly check for a continued process with waitpid(2). Otherwise, + waitpid() will return 0 when the command is resumed after being + suspended, which we were treating the same as -1. Fixes suspend and + resume on Linux and probably others. + [54a464b116ad] + + * plugins/sudoers/defaults.c: + Fix --with-fqdn, the value should be NULL since it is a flag. + [95bc8b82911e] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add support for early defaults to the ldap and sssd backends. + [3a034360c177] + +2016-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Repair symlink check in sudo_edit_openat_nofollow() on systems + without O_NOFOLLOW, it must be done relative to dfd. Previously the + lstat() would always fail, possibly leading to a false positive. + Also add an early symlink check like in sudo_edit() while here. + [f72901c7f7cc] + + * src/sudo_edit.c: + On systems that lack the O_NOFOLLOW open(2) flag, check in + sudo_edit_open() whether the path to be opened is symlink before + opening it. This is racey but we detect losing the last post-open + and it is better to fail early if possible. When editing a link to a + non-existent file, a zero-length file will be left behind but it is + too dangerous to try and remove it after the fact. Bug #753 + [dac04f305262] + + * src/sudo_edit.c: + Update debug_decl for sudo_edit_openat_nofollow() Remove unused + variables when O_NOFOLLOW is not present. + [8dc0afb1de58] + +2016-07-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c, plugins/sudoers/visudo.c: + Split set_default_entry() out of set_default() so we can call it + from check_defaults() to validate the defaults value. In visudo, + suppress warnings from update_defaults() and rely on + check_defaults() to provide warnings. + [7d9b50f42d0b] + + * plugins/sudoers/defaults.c: + Split binding match code out of default_type_matches() into + default_binding_matches(). We can now use default_type_matches() in + check_defaults(). + [c158768b12c5] + + * plugins/sudoers/visudo.c: + Pass quiet flag to init_parser() and update_defaults() when doing + first parse of sudoers. + [3af76c1a0d84] + +2016-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Update defaults in visudo after sudoers has been edited so we pick + up locale changes. The init_defaults() function will now re-init the + sudoers locale. + [ceb099392289] + +2016-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/testsudoers.c: + Set sudoers locale before calling sudoersparse(). We don't need to + restore the user's locale since warnings are displayed in the user's + locale anyway. + [c44a38a496d1] + + * plugins/sudoers/visudo.c: + Set the locale to the sudoers locale when parsing and restore the + user's locale afterward. Also set the warn/fatal locale helper + function so warning messages during a sudoers parse are displayed in + the user's own locale. + [a0b2cdb69d43] + + * plugins/sudoers/logging.h: + Add forward decl of union sudo_defs_val to silence a gcc warning. + [9e717510f132] + + * plugins/sudoers/sudoers.c: + Set the warn/fatal locale helper function in sudoers_policy_init() + so warning messages during sudoers loading are displayed in the + user's own locale. + [b6c7bab1ca80] + + * plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Move sudoers locale callback function to locale.c and user it in + visudo and testsudoers. + [7c4e9a71e252] + + * plugins/sudoers/sudoers.c: + In cb_sudoers_locale() actually set the locale in addition to + storing its name. Otherwise, it won't take effect until sudoers + lookup time. + [ceb446c2168b] + + * plugins/sudoers/defaults.c: + Fix regression that would cause early defaults entries to be set + multiple times. + [5f5cd02d5f0f] + + * NEWS, configure, configure.ac: + sudo 1.8.18 + [7c778904c39b] + +2016-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Only set early defaults once, regardless of how many times the + variable is set in sudoers. This avoids running an early callback + more than once. For example, we don't want to call cb_fqdn() if sudo + is compiled with FQDN set but sudoers has "Defaults !fqdn". + [0c5d80939ea2] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Make strings const in functions that set defaults as they are not + modified. + [d01f22ab1902] + + * plugins/sudoers/sudoers.c: + In cb_fqdn() just return if the fqdn flag is set to false. + [0cb3d78aa944] + +2016-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c: + Implement callbacks for defaults flags (T_FLAG). + [936adcc98800] + + * plugins/sudoers/sudoers.c: + add debug_decl for cb_runas_default and cb_sudoers_locale + [4667b1e14172] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Convert fqdn to a callback and add it to the list of early defaults. + [df863787cf5e] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + Change defaults callbacks to take a union sudo_defs_val * instead of + a char *. + [c7730fa19e46] + + * plugins/sudoers/defaults.c: + When updating defaults, process certain values fist since they can + influence how other defaults are parsed. Currently, runas_default + and sudoers_locale are processed early. + [32062737a1ae] + +2016-07-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke_util.c: + Fix typo introduced in last commit to fix fill_args() overflow + check. + [535d13b81c5d] + + * plugins/sudoers/toke_util.c: + Fix underflow checl in fill_args(). + [2c6852e65ad6] + + * plugins/sudoers/toke_util.c: + Make sure we account for the trailing NUL when computing arg_size in + fill_args(). Bug #752 + [c73c1ea4b230] + + * plugins/sudoers/toke_util.c: + Make arg_size and arg_len unsigned since we do bitwise operations on + them. + [0a551c7a5e67] + +2016-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Only remove backup files as part of "make uninstall" when + INSTALL_BACKUP is set. + [c2541d2de89c] + + * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Only keep backups of installed files on HP-UX where you cannot + unlink a shared library that is in use. + [8763a1d0d515] + +2016-07-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Ignore a missing or insecure #includedir, it is not a fatal error. + [8a82818c9f0d] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Make sure we always call sudoerserror() on error in + read_dir_files(), otherwise sudo will not treat it as a fatal error. + [1a38da425ca0] + +2016-06-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Set the sudoers locale before opening the sudoers file. Previously + the sudoers locale was used when evaluating sudoers but not during + the inital parse. Bug #748 + [c8deb0da75b4] + + * plugins/sudoers/locale.c: + Add debugging + [5fbe2f109b92] + + * plugins/sudoers/Makefile.in: + Don't link test programs with the sudoers-specific locale code if we + don't need to. + [41224154534e] + + * plugins/sudoers/Makefile.in: + sudoreplay does not need to link with the sudoers-specific locale + code. + [348638a68f69] + +2016-06-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + new_digest was prototyped as static but not explicitly declared + static. + [52949a024acb] + + * configure, configure.ac: + Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if + _XOPEN_SOURCE_EXTENDED is defined. Only define + _XOPEN_SOURCE_EXTENDED if we can still compile net/if.h. + [0189ff7daa63] + + * plugins/sudoers/Makefile.in: + Some versions of HP-UX make will ignore suffix rules if they are + empty. + [cffeee232752] + +2016-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Don't skip debug printfs in handle_sigchld() just because execve() + returned an error. + [0cf2a9351740] + + * include/compat/charclass.h, include/sudo_compat.h, lib/util/aix.c, + lib/util/getaddrinfo.c, lib/util/sudo_debug.c, + plugins/sudoers/insults.h, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers_debug.c: + Add definition of nitems for those without it and use it throughout. + [4b30c8834fdd] + +2016-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Update copyright year. + [638c964e44fd] + + * NEWS, configure, configure.ac: + Sudo 1.8.17p1 + [bc30a172370c] + + * src/sudo.c, src/sudo.h: + Set user groups in exec_setup() if they were not already set by + policy_init_session(). Bug #749 + [3bf16489800c] + +2016-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Point the reader to the sudoers manual for the list of supported + arguments after the plugin path. + [40cbfa5deeb1] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + forgot to update date in last commit + [3872a46e229b] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix typo; cn=default should be cn=defaults + [06e097667465] + +2016-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Fold lines at 80 characters for the clean: target + [651623231cd8] + + * lib/util/Makefile.in: + Remove mksiglist, siglist.c, mksigname, signame.c as part of + "distclean" + [ed7f58685633] + +2016-06-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: + sync with translationproject.org + [a3bb8c15ef3d] + + * plugins/sudoers/sssd.c: + LDAP sudoers doesn't support negated users, groups or netgroups. + [d6585245c24d] + +2016-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Bug #746 + [e0bba3ae78c2] + + * plugins/sudoers/match.c: + When matching paths with glob(3), check returned matches against + user_cmnd first if it is fully-qualified. This avoids a lot of + needless stat(2) calls and avoids a mismatch between safe_cmnd and + argv[0] if there are multiple matches with the same inode/dev due to + links. Bug #746. + [29bdba0cf2eb] + + * NEWS: + Add execve failure in pty bug fix. + [941672cc6793] + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po: + sync with translationproject.org + [a4f789cedecc] + + * src/exec_pty.c: + In handle_sigchld() fix the return value when we've already received + an exec error. We don't want to overwrite the error status but we do + need to indicate that the command is no longer running. Fixes as + hang on execve(2) error when running in a pty. + [797bed2c39a7] + + * src/exec.c, src/exec_common.c: + Move sudo_debug_execve() call into sudo_execve(). + [ab2ea3459a7c] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo, + po/sr.po, po/sv.mo, po/sv.po: + sync with translationproject.org + [046ba9a0fca8] + +2016-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update for 1.8.17 final + [a2f02775aba5] + + * lib/util/aix.c: + Fix setting of hard stack limit when stack_hard is not specified in + /etc/security/limits. When 64-bit resource limits are supported we + can use the default value of 8388608 512-byte blocks directly. We + should only resort to using RLIM_SAVED_MAX for 32-bit resource + limits. + [cc4933fc41bd] + +2016-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + regen + [4ab85a46cf63] + +2016-06-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + Ignore empty ipa_hostname + [9421ade7b47f] + + * plugins/sudoers/sssd.c: + Better martching of ipa_hostname in sssd.conf + [abd53491cb4b] + +2016-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.ac, pathnames.h.in, + plugins/sudoers/sssd.c: + Use the value of ipa_hostname from /etc/sssd/sssd.conf if present + instead of the system hostname. + [3f5cffcd8432] + +2016-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + When matching host, short-circuit the loop when we get a match. Only + check username as part of the netgroup when netgroup_tuple is + enabled. + [2eab4070dcf7] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Avoid using !strcmp() + [f976b3d973e0] + +2016-06-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + SSSD doesn't handle netgroups, we have to ensure they are correctly + filtered in sudo. The rules may contain mixed sudoUser specification + so we have to check not only for netgroup membership but also for + user and group matches. Adapted from a patch from Daniel Kopecek. + [50d8d88bcc28] + +2016-06-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Return PAM_CONV_ERR from the conversation function if getpass + returns NULL or the user pressed ^C. + [bec7e2ec26ff] + + * plugins/sudoers/base64.c: + Make base64 decoding table-driven. + [2d001c111552] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Back out cfa26b99228f, it was already fixed differently. Caught by + regress checks. + [0584f80e9951] + +2016-05-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow double-quoted groups and netgroups to be part of a Defaults + spec. From Daniel Kopecek. + [cfa26b99228f] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. + Also fix the section for ldap.conf cross-references. + [eb1c0a2b84a1] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". Add missing word + "order" in a sentence describing sudoOrder. + [653cb783f89b] + + * plugins/sudoers/sssd.c: + For sudo -ll (long list) print the SSSD role just like we do for the + LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch + [46f962b1f3ef] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Setting timestamp_timeout less than zero only lasts until the next + reboot. Adapted from a RedHat patch. + [f8ce1dfebfe9] + + * po/it.mo, po/it.po, po/nb.mo, po/nb.po: + sync with translationproject.org + [31b55426358b] + +2016-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/conversation.c: + fputs() is now specified as returning non-negative on success, not + explicitly zero. Fixes a failure on glibc. + [55f8a25d4af4] + + * src/conversation.c: + Don't try to dereference replies[] if it is a NULL pointer. + [c4fdd838f2f5] + + * plugins/sudoers/policy.c: + sudo_version should be unsigned + [7719d425c65a] + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo, + po/ca.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, + po/de.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, + po/ja.po, po/pl.mo, po/pl.po, po/sk.mo, po/sk.po, po/sv.mo, + po/sv.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + sync with translationproject.org + [e40cdc972d19] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/ko.mo, + plugins/sudoers/po/ko.po, po/ko.mo, po/ko.po: + Korean translation for sudo and sudoers from translationproject.org. + [188ffbed5bf2] + + * NEWS, plugins/sudoers/auth/pam.c: + Ignore PAM_SESSION_ERR from pam_open_session() since this can + apparently happen on systems using Solaris-derived PAM. Other errors + from pam_open_session() are treated as fatal. This avoids the + "policy plugin failed session initialization" error message seen on + some systems. + [0f7f3e7ead21] + +2016-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, src/exec_pty.c: + Don't read from stdin when flushing final buffers in blocking mode. + Reading from the pipe can block too if the other end is not closed. + [a651f913a1ef] + +2016-05-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention visudo -x change. + [2fd35df055b2] + + * plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test15.json.ok, + plugins/sudoers/regress/sudoers/test16.json.ok, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/visudo_json.c: + There's no need to escape forward slashes in JSON output. While it + is legal to escape a forward slash, it is not required. + [044710f516a9] + + * doc/UPGRADE: + Document that in 1.8.12 sudo started being able to check the NIS + domain on Solaris. + [bced94478c0e] + +2016-05-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Better description of the I/O logging pipe issue. + [6eee2f8a1fae] + + * src/exec_pty.c: + In del_io_events(), avoid reading from the pty master in blocking + mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and + another that could block if stdin is a pipe. This ensures we consume + the pipe until EOF. + [564ae2b4c305] + + * lib/util/event.c: + Improve debug info in sudo_ev_add() and sudo_ev_del() + [ca839439ff22] + + * src/exec_pty.c: + In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag so + the event loop will exit after a single run through. Otherwise, we + may hang at exit on non-BSD systems. + [e6c38d5a341b] + +2016-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * po/sudo.pot: + regen + [18a4570be506] + +2016-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF + for this because that corresponds to the value for atomic pipe + writes. The actual pipe buffer is much larger on modern systems and + 64K is what BSD and Linux support for large pipe buffers. + [3b5d995966ef] + + * NEWS: + I/O logging bug fix + [934d755ac12c] + + * src/exec_pty.c: + Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close + time, only when the user suspends sudo. Fixes a problem where all + buffers might not get flushed at exit when logging I/O. Reproducible + via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD. + [bbe0e18739ec] + +2016-05-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Don't try to fflush(export_fp) or ferror(export_fp) if export_fp is + NULL, which can happen on the error path. + [ccfb4dd260fa] + + * plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c, + src/tgetpass.c: + O_NOCTTY has no effect when opening /dev/tty as the open can only + succeed if there is already a controlling tty. + [9ca106c499b2] + + * src/sudo.c: + Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on + first open like a physical terminal. By definition, if you have a + controlling tty, the first open (which might block) has already + occurred. + [15a5f006836a] + + * src/selinux.c: + Use O_NOCTTY when opening a tty. + [5f9fd6458be4] + + * src/Makefile.in: + regen + [105ef4533724] + + * plugins/sudoers/auth/sudo_auth.c: + No need to set pass to NULL after freeing at the end of the loop it + since it is already set to NULL each time through the loop. + [2657b0b4260d] + +2016-05-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + SELinux fixes in 1.8.17. + [f743cf0d9c62] + + * plugins/sudoers/logging.h, plugins/sudoers/logwrap.c: + Check fprintf() return value in writeln_wrap() and return the number + of characters actually written, or -1 on error. + [4739e0f58fa3] + + * src/conversation.c: + Check fputs() return value. + [e85778cbe0e3] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Do not write directly to stdout/stderr, use sudo_printf which calls + the conversation function. + [e86d5ed4dca7] + + * plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c: + Do not write directly to stdout/stderr, use sudo_printf which calls + the conversation function. + [002a30fdb4e0] + + * plugins/sudoers/iolog.c, plugins/sudoers/visudo_json.c: + Use ferror() after fflush() to check the error status of the stdio + stream we wrote to. + [fa1db13fe9ac] + +2016-05-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c: + printf() returns < 0 on error, not explicitly -1 + [2a2385b941de] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat: + Regen for 1.8.17 + [e24b0f944000] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that you need to preserve EDITOR and/or VISUAL for + env_editor to be useful. + [ef0ce8917307] + + * src/selinux.c: + Fix last commit, now that argc is not reset we need to explicitly + start the copy from argv[1]. From Daniel Kopecek + [f52403ef587a] + +2016-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/selinux.c: + cosmetic change to warning string + [a2893e3f9b70] + + * plugins/sudoers/auth/pam.c: + Avoid adding an extraneous warning string to sudoers.pot. + [6b07043b48f7] + + * lib/util/snprintf.c: + Use EOVERFLOW, not ENOMEM for overflow conditions. For snprintf() + and vsnprintf(), POSIX says we should return -1 and set errno to + EOVERFLOW if the size param is > INT_MAX; also zero out the string + in this case (not mandated by POSIX) for safety. + [294720fc981a] + +2016-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Now that pam_open_session() failure is fatal we should print and log + an error from it. Bug #744 + [0e98a92ef910] + + * src/selinux.c: + Repair SELinux support, broken by 397722cdd7ec. From Daniel Kopecek. + [1246583c7c1f] + + * plugins/sudoers/iolog.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the + caches as needed on demand. Also remove calls to sudo_freepwcache() + and sudo_freegrcache() that are immediately followed by execve(), + they are not needed. + [60448afe813d] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). + Sudo never iterates over the passwd or group file. Rename + sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and use + sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent(). + [66e6f5e7b51b] + +2016-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.h: + Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The only + place where the pointers could be NULL is in visudo_json.c but we + already check for "next" being NULL there. Quiets a cppcheck + warning. + [a0d84832c154] + +2016-05-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + In replay_session() free iov at the end of the function (if needed) + instead of after processing each line from the timing file. Coverity + CID 104843. + [5112f514af87] + + * plugins/sudoers/sudoreplay.c: + Add io_log_read() and io_log_gets() to hide differences between + gzread/fread and gzgets/fgets. Check for premature EOF and error + from io_log_read(). Also sanity check the index in the timing file. + Coverity CID 104630. + [6a3b9932f567] + + * src/exec_pty.c: + Break up io_callback() into read_callback() and write_callback() to + make it clear that we can't get an event with both read and write + set. + [cd3a1e182dd4] + +2016-05-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + In io_callback() make sure we clear SUDO_EV_READ if we close the fd. + It should not be possible for SUDO_EV_READ to be set when revent is + non-NULL but this makes static analyzers happier. Coverity CID + 104124. + [7acc249fa098] + + * plugins/sudoers/ldap.c: + In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label + so we only have to cleanup in one place. Coverity CID 104577. + [0f189e70c59d] + + * plugins/sudoers/ldap.c: + Fix memory leak in sudo_netgroup_lookup() in the non-error case. + Coverity CID 104572, 104573, 104574, 104575. + [7f9fb7a360b7] + + * plugins/sudoers/ldap.c: + Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails. + Coverity CID 104571. + [d9434cdfb73c] + + * plugins/sudoers/sudoreplay.c: + Free the events and event base before returning from + replay_session(). Coverity CID 104116, 104117. + [321216089e4a] + + * src/sudo_edit.c: + In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() + fails. Coverity CID 104114. + [713de09ff956] + + * src/sudo_edit.c: + Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable() + returns an error. Coverity CID 104113. + [314a57004f00] + + * src/sudo_edit.c: + Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). Coverity + CID 104112. + [ac7f0cbd07c9] + + * plugins/sudoers/visudo.c: + Fix memory leak in get_editor() if resolve_editor() fails with an + error. Coverity CID 104107. + [e355b1f45bcb] + + * src/sudo.c: + Fix memory leak on error if sudo_new_key_val() fails. Coverity CID + 104103. + [c2ee1557aef2] + + * plugins/sudoers/visudo.c: + Ignore the return value of the initial sudoersparse(), before we + have actually edited any files. Coverity CID 104078. + [184d9c6aec65] + + * src/exec.c: + Ignore the result of send() on exec error, if it fails the other end + of the pipe is gone and we are headed for exit. Coverity CID 104066. + [cdcd7dfcbca1] + + * plugins/sudoers/toke_util.c: + In fill_args() clean up properly if there is an internal overflow + (which should not be possible). Coverity CID 104569. + [0bc710e91ec4] + + * plugins/sudoers/gc.c: + Fix logic inversion in sudoers_gc_remove(), currently unused. + Coverity CID 104568 + [e29df8da11ea] + +2016-05-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + In io_mkdirs(), change the order from stat then mkdir, to mkdir then + stat. This more closely matches what "mkdir -p" does. Coverity CID + 104120. + [e462528ff7ea] + + * plugins/sudoers/timestamp.c: + In ts_mkdirs(), change the order from stat then mkdir, to mkdir then + stat. This more closely matches what "mkdir -p" does. Coverity CID + 104119. + [c0c0e2662883] + + * plugins/sudoers/sudoers.c: + Newer versions of Ubuntu have switched from using the "admin" group + to the "sudo" group to align with Debian. + create_admin_success_flag() now accepts either one. + https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347 + [17b4d725dac4] + + * plugins/sudoers/timestamp.c: + Cast off_t printed via printf(3) instead of assuming it is long + long. + [b1d398f4a8dc] + + * plugins/sudoers/sudoers.c: + Instead of using stat(2) to see if the admin flag file exists and + creating it if not, just try to create the file and treat EEXIST as + a non-error. Coverity CID 104121. + [bd58b0a35a3c] + + * MANIFEST, plugins/sample/README: + README file for the sample plugin that tells the user how to build, + install and enable it. + [8d7096ce78cc] + + * plugins/sample/sample_plugin.c: + Fix compilation error and export sample_policy struct. From Michael + Evans + [5280c1576e7f] + + * NEWS: + Update for 1.8.17 + [979688a5ef13] + + * configure, configure.ac: + Sudo 1.8.17 + [09311b2e9697] + + * plugins/sudoers/logging.c: + Check return value of restore_perms() in vlog_warning(). Coverity + CID 104079. + [86555dd0942d] + + * plugins/sudoers/editor.c: + Fix memory leaks in resolve_editor() in the error path. Coverity CID + 104109, 104110 + [6ac3f7e3ada9] + + * plugins/sudoers/policy.c: + Fix memory leak of gid_list in sudoers_policy_exec_setup() in the + error path. Coverity CID 104111. + [eac1e9489367] + + * plugins/sudoers/logging.c: + Fix fd leak in do_logfile() if we fail to lock the log file. + Coverity CID 104115. + [164a693207a8] + + * plugins/sudoers/sssd.c: + Fix memory leak of sss_result in sudo_sss_lookup() Coverity CID + 104106 + [7dcee1e6d76f] + + * plugins/sudoers/iolog.c: + Fix fd leak in open_io_fd() if gzdopen/fdopen fails. Coverity CID + 104105 + [c4c2848c1167] + + * plugins/sudoers/iolog.c: + Fix fd leak in io_nextid() in error path. Coverity CID 104104 + [8920cdaab5bd] + +2016-05-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/timestamp.c: + Check lseek() return value. Coverity CID 104061. + [bf3bb4c80cfc] + + * plugins/sudoers/timestamp.c: + Ignore ts_write() return value when disabling an entry with a bogus + timestamp. We ignore the timestamp entry even it doesn't succeed. + Coverity CID 104062. + [5e5925ebbc75] + + * plugins/sudoers/iolog.c, plugins/sudoers/match.c, + plugins/sudoers/tsgetgrpw.c, src/exec.c, src/exec_pty.c, src/sudo.c: + Cast the return value of fcntl() to void when setting FD_CLOEXEC. + Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, + 104074 + [48720d2f6658] + + * plugins/group_file/getgrent.c: + Cast the return value of fcntl() to void when setting FD_CLOEXEC. + Coverity CID 104075, 104076, 104077. + [7fe1d9f97321] + + * plugins/sudoers/env.c: + Avoid a false positive. Coverity CID 104056. + [0256978219a6] + + * plugins/sudoers/visudo_json.c: + Avoid calling fclose(NULL) on error in export_sudoers(). Coverity + CID 104091. + [2f73d86ab929] + + * plugins/sudoers/toke_util.c: + In fill_args(), check for "arg_size == 0" instead of + "sudoerslval.command.args == NULL" since the latter leads Coverity + to imply that sudoerslval.command.args could be NULL later on. + Coverity CID 104093. + [bab505438881] + + * plugins/sudoers/sudoers.c: + Avoid calling fclose(NULL) if the sudoers file is not secure and + restore_perms() fails. Coverity CID 104090. + [150db126c221] + +2016-05-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + In fill_args(), replace loop that increments arg_size() with a + simple add and mask. Should prevent a false positive from Coverity + CID 104094. + [411c7e398286] + + * plugins/sudoers/sudoreplay.c: + In parse_expr(), move the "bad" label after the "default" case in + the switch(), not before it. This seemed to confuse Covertity, + resulting in a false positive, CID 104095. + [4371f26995fb] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + For "sudoreplay -l", not all predicates may be shortened to a single + character. Both 'c' and 't' have more than one possibility. + [29a5a9a313e2] + + * src/exec.c, src/exec_pty.c, src/sudo.c: + pid_t is defined by POSIX as a signed integer type so we don't need + a cast when comparing to -1. + [98f0a86260a0] + + * src/exec.c: + In dispatch_signal() for stopped processes check for tcgetpgrp() + returning -1. Also change checks from "saved_pgrp != -1" to "fd != + -1". Coverity CID 104098. + [42ac4ad85900] + + * src/selinux.c: + In relabel_tty() always jump to bad: on error, regardless of the + value of se_state.enforcing. On error, return -1 if enforcing, else + 0. Coverity CID 104099. + [db1a54d718f1] + + * config.h.in, configure.ac: + Define NO_LEAKS when sudo is built with Coverity. + [f4209b9ade8c] + + * src/exec_pty.c: + In io_callback() if we write the complete buffer and find that there + is no associated reader just return as there is nothing else to be + done. In practice is it not possible for SUDO_EV_READ to be set if + revent is NULL but an early return is harmless and possibly easier + to understand. Coverity CID 104124. + [3b3eb45b701e] + + * src/sudo_edit.c: + Handle read() returning -1 when creating temporary files. Coverity + CID 104100 + [e82af51e4f48] + + * plugins/sudoers/policy.c: + Fix cut and paste error when checking cols for 0. Coverity CID + 104081 + [22a3b7d9bce1] + + * plugins/sudoers/pwutil.c: + Use a single debug message for cache hit or store to avoid another + situation where they get out of sync. Bug #743 + [4cf484e9b016] + + * plugins/sudoers/pwutil.c: + Sync the "cache hit" debug messages with the "cached" debug + messages. This fixes a bug where we could dereference a NULL pointer + when we look up a negative cached entry which is stored as a NULL + passwd or group struct pointer. Bug #743. + [1d13341d53ec] + +2016-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Remove the check for __sprintf_chk when checking for + _FORTIFY_SOURCE, Some implementations are purely header-file based. + As long as we can link a test program using sprintf() when + _FORTIFY_SOURCE=2 it should be safe to use. + [910af8ba4666] + + * config.h.in, configure, configure.ac: + Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t + and ssize_t. These have been specified by either ANSI C or POSIX for + long enough that if the system doesn't support them, it is unlikely + to be able to compile sudo anyway. + [c9fd433cfe27] + + * src/sudo.c: + Do group setup in policy_init_session() before calling out to the + plugin. This makes it possible for the pam_group module to change + the group in pam_setcred(). It's a bit bogus since pam_setcred() is + documented as not changing the group or user ID, but pam_group is + shipped with stock Linux-PAM so we need to support it. + [814cda602541] + +2016-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Add missing newline when logging to a file (not syslog) and + loglinelen is set to a non-positive number. Bug #742 + [ef0a5428a574] + +2016-04-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + style fix; fork_cmnd should start on a new line + [e8211fe0f8d7] + +2016-04-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, src/signal.c, src/sudo.c, src/tgetpass.c: + Ignore SIGPIPE for the duration of sudo and not just in a few select + places. We have no control over what nss, PAM modules or sudo + plugins might do so ignoring SIGPIPE is safest. + [7c919101b8ec] + + * src/selinux.c: + Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE + from flask.h. Avoids a warning with new SELinux includes. + [24f357b419c4] + +2016-04-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + When determining whether or not "sudo -l" or "sudo -b" should prompt + for a password, take all sudoers sources into account. In other + words, if both file and ldap sudoers sources are in use, "sudo -v" + will now require that all entries in both sources be have NOPASSWD + (file) or !authenticate (ldap) in the entries. + [51e2a5ecacc6] + +2016-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.h: + If the auth_type setting in /etc/security/login.cfg is set to + PAM_AUTH but pam_start() fails, fall back to use AIX authentication. + Skip the auth_type check if sudo is not compiled with PAM support. + [cdbe432c465c] + +2016-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). + [d3afd5bd550f] + +2016-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/policy.c: + hook_version and hook_type are unsigned so use 0, not -1 in the + final (empty) entry. Quiets a warning on Solaris Studio 12.2. + [4947de8e35b7] + +2016-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, config.h.in, configure, configure.ac, + plugins/sudoers/auth/pam.c: + Work around an ambiguity in the PAM spec with respect to the + conversation function. It is not clear whether the "struct + pam_message **msg" is an array of pointers or a pointer to an array. + Linux-PAM and OpenPAM use an array of pointers while Solaris/HP- + UX/AIX uses a pointer to an array. Bug #726. + [d2b926e2f7d6] + +2016-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/eo.mo, + po/eo.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ru.mo, + po/ru.po, po/sr.mo, po/sr.po: + sync with translationproject.org + [271c6738213d] + +2016-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Bug #738 + [9e7974480cdc] + +2016-02-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo, + po/nb.po: + sync with translationproject.org + [6aa32f6e5240] + + * lib/util/regress/fnmatch/fnm_test.in: + Better test for negated character classes. + [635e3c17bca1] + + * lib/util/regress/fnmatch/fnm_test.in: + Add test for negated character class + [0d813e098864] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, + po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [9398ffdc7719] + + * NEWS: + sync + [a27a7d40491e] + + * lib/util/fnmatch.c: + Fix negation of character classes. + [aed07c013a41] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix the check for whether a user is allowed to lists another user's + privileges. The "matched" variable is not boolean, it can also have + the value UNSPEC so we need to check explicitly for true. Bug #738 + [e8ed706fda03] + + * plugins/sudoers/auth/pam.c: + Log the number of PAM messages in the conversation function at debug + level. + [3f16eea5875f] + +2016-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Don't check for posix_spawn() or posix_spawnp() if we were unable to + find spawn.h. This should only be a problem on systems with broken + headers. Bug #730 + [5e5b0646dca4] + +2016-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update for 1.8.16 + [bad5e6534f39] + + * doc/CONTRIBUTORS, plugins/sudoers/sudoers2ldif: + Fix documented bug with duplicate role names and turn on perl + warnings. Based on a diff from Aaron Peschel + [344a1c1f5c93] + +2016-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/aix.c: + Add declaration of getauthdb() for AIX 5.1 + [f758960bcfd6] + +2016-02-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [e61e1241f15f] + + * plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po: + sync with translationproject.org + [2f3dea24199b] + + * INSTALL: + Add a note that --with-solaris-audit is only for Solaris 11 and + above. Bug #737 + [6722331c2830] + +2016-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Remove last remnants of the deprecated --with-stow option. + [8616d6de7ecd] + + * src/Makefile.in: + src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be + overridden via the Makefile like other consumers of _PATH_SUDO_CONF. + Bug #735 + [10148ef883ec] + +2016-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, include/sudo_util.h, lib/util/aix.c, + lib/util/getgrouplist.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/set_perms.c, src/sudo.c: + Add an administrative domain to the passwd/group cache key for AIX + which can have different name <-> ID mappings depending on whether + the database is local, LDAP, etc. + [5319c11aefe9] + + * mkpkg, sudo.pp: + Fedora dropped "core" from the name some time ago so just match on + f[0-9] for the rpm distro name provided by pp. Since the version + numbers of Fedora and RHEL are so different switch to defining + variables to indicate which features should be enabled. Works for + Fedora 23. + [4ec50b352293] + +2016-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, sudo.pp: + Treat fedora core like centos/rhel for package building. + [0dfc607d07a1] + +2016-01-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/parser/check_fill.c: + Plug some memory leaks in the tests. + [ce76ba538867] + + * plugins/sudoers/toke_util.c: + If realloc of sudoerslval.command.args fails, reset + sudoerslval.command.args as well as arg_len and arg_size after + freeing sudoerslval.command.args. + [6481bad56e6a] + + * src/exec_pty.c: + When freeing the iobs after pty tear-down, also free the associated + event structures. Quiets a memory leak warnings from address + sanitizer and valgrind. + [f19c689a2ded] + +2016-01-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + iolog_compress should be bool, not int + [b437123a242b] + + * plugins/sudoers/visudo.c: + Quiet address sanitizer leak detector. + [b7ce672331f6] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/gc.c, plugins/sudoers/sudoers.h: + Simple garbage collection (really a to-be-freed list) for the + sudoers plugin. Almost identical to what sudo.c uses. Currenly only + the environment strings are collected at exit time which is enough + to quiet address sanitizer's leak detector. + [47f32e047b1a] + + * src/sudo.c: + Rename gc_cleanup to gc_run and remove I/O plugins from the plugin + list when freeing them. + [ea640f0b46f9] + + * src/sudo.c: + Free up the garbage via an atexit() handler instead of requiring a + call to gc_exit. + [cc9c96d88595] + + * src/sudo_edit.c: + Plug a memory leak in sudo_edit. + [cab9a13a669b] + +2016-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention --enable-asan + [ee2bc0f60c8b] + + * plugins/sudoers/auth/sudo_auth.c: + Try to deconfuse static analyzers a bit. + [7e728c76f5df] + + * plugins/sudoers/sssd.c: + Avoid possible NULL deref found by clang analyzer. + [8bb3cbfe0446] + + * config.h.in, configure, configure.ac: + Add --enable-asan configure flag to enable address sanitizer + [8aae250fb68e] + + * src/sudo.c, src/sudo_plugin_int.h, src/ttyname.c: + Add support for garbage collecting info passed to the plugin before + exit to appease address sanitizer's leak detector (and valgrind's + leak checker). We can't free these sooner since the plugin may be + using the memory. For plugin API 2.0 it should be make clear that + the plugin must make a copy of the data in the arrays passed in to + the plugin's open() function. Only enabled if NO_LEAKS is defined. + [8458bcb165d8] + + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c: + auth_getpass() returns a dynamically allocated copy of the plaintext + password which needs to be freed after checking (and clearing) it. + [28d2c83c3ac4] + + * src/sudo.c: + Remove sudo_fatalx() calls from format_plugin_settings(). + [96a18a3ccc49] + + * plugins/sudoers/sssd.c: + fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles + a NULL poiner so there's no need to check before calling it. Add + missing initialization of sss_sudo_result to NULL in + sudo_sss_setdefs(). + [fa1c8eaed6ac] + + * plugins/sudoers/sssd.c: + Add missing return when user is not found in sudo_sss_result_get(). + Previously we fell through to the default case which just logged a + debug message and returned so this just avoids the extra (generic) + debug message. + [68c2201f3a85] + +2016-01-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/gettime.c: + Fix a warning on AIX. + [4ebc19a143ff] + + * src/sudo.c: + Pass updated user_env_out, not envp, to the I/O open function. + [f02e6f32f189] + + * src/sudo.c: + Pass updated argv/envp to the I/O open function like the plugin API + documents. + [ff9f4fae5cf3] + +2016-01-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Add check for I/O log file handle being NULL. This could only happen + if the front-end calls iolog_open with argc == 0 but actually runs a + command. + [5113a3c04494] + +2016-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c: + Additional debugging for pwutil functions. + [908b83c3acbb] + + * config.h.in, configure, configure.ac, lib/util/aix.c: + When calling setauthdb(), save the old registry value so we can + restore it properly. Previously we were setting the registry to + unrestricted instead of actually restoring it. + [5a2921412663] + + * plugins/sudoers/sudoers.c: + Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin. + [79b012777e71] + +2016-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/sudo_debug.c: + When parsing debug entries, don't make a lower value override a + higher one. For example, for "pcomm@debug,all@warn" the "all@warn" + should not set pcomm to "warn" when it is already at "debug". + [031037a56e51] + +2016-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/policy.c: + Set sudoedit_checkdir=false in command_details when it is disabled + in sudoers. + [811dd43b29f5] + + * include/sudo_compat.h, lib/util/strtobool.c, plugins/sudoers/ldap.c, + plugins/sudoers/sssd.c, src/sudo_edit.c: + Update copyright year + [5ec484920763] + + * src/sudo_edit.c: + If the user runs "sudoedit /" we will receive ENOENT from openat(2) + and sudoedit will try to create a file with the null string. If path + is empty, open the cwd instead so sudoedit can give a sensible error + message. + [fc39d5804f1f] + + * lib/util/strtobool.c: + Log an error for invalid boolean strings. + [004afa5e05c5] + + * src/sudo.c: + Fix off by one error in new SET_FLAG macro. + [5bdce4edf8b9] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the race with sudoedit_checkdir in 1.8.15. + [cb7aed3367e9] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document sudoedit_checkdir + [89f2452272ad] + +2016-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + There are no systems that support O_SEARCH/O_PATH that do not also + support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a + bit. + [a48f11ea53b3] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [8ae4d883ac59] + + * NEWS, doc/UPGRADE: + Add 1.8.16 changes + [8d3a3f5cdf59] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/defaults.c, + src/sudo.c: + Make sudoedit_checkdir the default and update the documentation + accordingly. + [84bbc1b73411] + + * src/sudo.c: + Add a SET_FLAG macro to simplify parsing command details boolean + flags. Previously, flags were only set and never cleared even if the + boolean value was false. This was not a problem as there were no + default flags for the plugin to enable. That will change in the + future. + [75f24ca13f41] + +2016-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Need to be root when switching to a different user. + [06d5f010b607] + + * src/sudo_edit.c: + Use O_SEARCH on systems without O_PATH if present. It can be used + for a similar purpose. + [3f559a389bf9] + + * config.h.in, configure, configure.ac, src/sudo_edit.c: + Use faccessat(2) for directory writability instead of doing the + checks manually where possible. This also allows us to remove the + #ifdef __linux__ bits since we no longer use fstat(2) on Linux with + an O_PATH fd. + [fe50d0c1f1b9] + +2016-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add "I/O LOG FILES" section to the manual and move many of the + details from the log_input and log_output descriptions to it. + [a604903f5ae3] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use "Nm sudoers" when talking about the plugin and "Em sudoers" when + talking about the sudoers file. + [727a68b02de7] + +2016-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/zlib/zlib.exp: + Remove gzopen_w which is only defined on Windows. + [a73236903e7b] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using + pread64() on that platform. + [31c4be934115] + +2016-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/testsudoers.c: + Add support for matching the entire netgroup tuple (user, host, + domain). + [9f694ba7c86d] + + * plugins/sudoers/ldap.c: + Use asprintf() to generate the netgroup filter instead of using lots + of concatenation. + [f8290c040aea] + + * lib/util/util.exp.in: + Add missing sudo_debug_exit_ssize_t_v1 symbol. + [9407fb25dfa4] + +2016-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Silence warning in digest_matches() on systems with no fexecve(2). + [0cd3cc8fa195] + + * plugins/sudoers/sssd.c: + Fix free() of invalid pointer introduced in the commit that stripped + whitespace between a '!' and the name in a sudoOption. + [4d2c1761c752] + + * plugins/sudoers/ldap.c: + Fix free() of invalid pointer introduced in the commit that stripped + whitespace between a '!' and the name in a sudoOption. + [14391603a9e5] + + * src/sudo_edit.c: + Add missing dfd argument to the version of + sudo_edit_openat_nofollow() for systems without O_NOFOLLOW. + [574e4a840879] + + * plugins/sudoers/ldap.c: + In sudo_netgroup_lookup() only build up the search filter once + instead of once per netgroup_base. + [a03440237078] + + * plugins/sudoers/ldap.c: + It is safe to pass ldap_msgfree() a NULL pointer. + [abc2eaddbf83] + + * plugins/sudoers/ldap.c: + On overflow, warn before freeing anything. + [2e3bcfa4a8f9] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Use user_runhost and user_srunhost instead of user_host and + user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd. + [e1abfdc82242] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Update description of sudoedit_checkdir. Reported by Sander Bos. + [ee44e7255096] + + * src/sudo_edit.c: + No need to check whether the fd we opened is really a directory in + sudo_edit_open_nonwritable() since if not, the openat() will fail + with ENOTDIR anyway. + [b41c5b289f35] + +2016-01-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, src/sudo_edit.c: + Rewritten sudoedit_checkdir support that checks all the dirs in the + path and refuses to follow symlinks in writable directories. This is + a better fix for CVE-2015-5602. Adapted from a diff by Ben + Hutchings. Bug #707 + [c2e36a80a279] + +2016-01-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/ca.mo, + po/ca.po, po/fi.mo, po/fi.po, po/hu.mo, po/hu.po, po/sr.mo, + po/sr.po: + sync with translationproject.org + [94ffd6b18431] + + * configure, configure.ac, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/exec.c, src/exec_common.c, + src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h: + Add support for using fexecve() if supported on commands that are + checksummed. + [397722cdd7ec] + +2015-12-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Call openat() with the basename not the full path. From Ben + Hutchings. + [33272418bb10] + +2015-12-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c: + Fix compilation with --disable-shared + [84c084618676] + +2015-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_common.c: + Check for existing dso in LD_PRELOAD and only add it if it is not + already present. + [15042e8999f7] + +2015-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Clarify when SIGINT and SIGQUIT are relayed by sudo to the command. + [8efed5784393] + + * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/load_plugins.c: + Actually use the plugin_dir Path setting in sudo.conf. + [bccc548127a2] + + * lib/util/sudo_conf.c: + The Path setting for the plugin directory is "plugin_dir" not + "plugin". + [07c2677bbce5] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + lib/util/sudo_conf.c, src/exec_common.c: + Allow sudo.conf Path settings to disable path names (by setting the + value of NULL). + [81a44e011a40] + +2015-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/selinux.c, src/sudo.h: + Change noexec flag in selinux_execve() from int to bool. + [7cb872aac155] + + * src/exec_common.c, src/sudo_exec.h: + Refactor code to set LD_PRELOAD (or the equivalent) in the + environment into a preload_dso() function. Also avoid allocating a + new copy of the environment array if the size of the array does not + change. + [72194b0b51f7] + + * configure, configure.ac: + Add missing square brackets in configure option descriptions. + [6e25685c6349] + +2015-12-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the names of the I/O log files and mention buffering. + Document that I/O logs are in gzip format by default. + [474838e7b365] + +2015-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas + [f206a9089a69] + +2015-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + When parsing sudoOptions that include an operator (!, +, +=, -=) + strip out any whitespace on either side of the operator. + [62041b5888e5] + +2015-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers2ldif: + Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. + [dcc9d15b0f3c] + +2015-12-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the race condition between the digest check and command + execution. + [24a3d9215c64] + +2015-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + When checking the query results, don't set user_matches in the + netgroup pass unless sudo_ldap_check_non_unix_group() returns true. + This was preventing the mail_no_user sudoOption from being + effective. + [31004144421b] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST + regardless of whether or not there was an actual match. Otherwise, + warning mail may be sent which is not what we want in list mode. + This is consistent with what the sudoers file backend does. + [2809338a7b21] + +2015-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + Use size_t for length parameters in the fill functions used by the + lexer. + [0428c9067182] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Use yy_size_t for digest_len since newer flex uses yy_size_t for + yyleng. Old flex uses int for yyleng so we need to use a cast to + avoid a sign compare warning. + [4a3dc6fb8f99] + +2015-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, README, configure, configure.ac, + plugins/sudoers/regress/sudoers/test1.in, sudo.pp: + Use https in sudo.ws urls + [04e5177022d3] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Use https in urls. + [855b05943b2d] + + * configure, configure.ac: + sudo 1.8.16 + [b745f7031aeb] + + * plugins/sudoers/env.c: + When preserving variables from the invoking user's environment, if + there are duplicates only keep the first instance. + [d4dfb05db5d7] + +2015-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_debug.h, lib/util/parseln.c, lib/util/sudo_debug.c, + plugins/sudoers/timestamp.c: + Add debug_return_ssize_t + [d491ed281726] + + * plugins/sudoers/timestamp.c: + Avoid compilation error on Solaris 10 with Stun Studio 12. Bug #727 + [facd8ff1ee6c] + +2015-10-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo, + po/da.po: + sync with translationproject.org + [6711d740d3d0] + + * NEWS: + Mention ssp configure fix. + [92d64fd724cc] + +2015-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/it.mo, + po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, + po/vi.po, po/zh_CN.mo, po/zh_CN.po: + sync with translationproject.org + [9c8eb0062d8c] + + * configure, configure.ac: + Don't use CPPFLAGS for the -fstack-protector check. Otherwise on + systems with _FORTIFY_SOURCE support we'll get an error due to the + lack of optimization flags. Bug #725 + [1a9f8571a82d] + + * configure, configure.ac: + When checking for stack protector support we need to actually link + the test program. + [ab4f94aac7de] + +2015-10-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Preserve LDFLAGS when checking for stack protector as they may + include rpath settings to allow the stack protector lib to be found. + Avoid using existing CFLAGS since we don't want the compiler to + optimize away the stack variable. + [e6bc59225c06] + + * configure, configure.ac: + Better configure test for -fstack-protector. Some gcc installations + may be missing the ssp library even though the compiler supports it. + [4ade5d1249f4] + +2015-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Set errno to EISDIR instead of ENOTDIR if directory is writable + since ENOTDIR can be a legitimate errno. This avoids a bogus + "directory is writable" error in that case. + [97ee37d905ce] + + * mkpkg: + Fix the check for whether to include 32-bit arch in Mac OS X + packages. + [a76654512f6b] + +2015-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [58277a8f418b] + + * NEWS, src/sudo_edit.c: + When creating a new file, sudoedit will now check that the file's + parent directory exists before running the editor. + [65bc45510fb2] + + * NEWS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/match.c: + Add always_query_group_plugin + [7e9060d4c13a] + +2015-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * ABOUT-NLS, MANIFEST: + Add ABOUT-NLS from GNU gettext. + [971c168c065a] + + * NEWS, config.h.in, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/policy.c, plugins/sudoers/sudoers_version.h, + src/sudo.c, src/sudo.h, src/sudo_edit.c: + Add directory writability checks for sudoedit. + [f5349d059a98] + +2015-10-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Latest. + [9aae49302c60] + + * src/conversation.c: + Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. This + was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which resulted in + a masked password instead of an echoed one. + [53f6a78d79e3] + + * plugins/sudoers/auth/bsdauth.c: + Repair challenge/response prompting for BSD authentication which got + broken while it was converted to use the conversation function. + [2d0b0cec5e4f] + + * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Use the auth_getpass (and the plugin conversation fuction) for Tru64 + SIA. This prevents sudo from sleeping while holding the tty ticket + lock. + [9221eec812cf] + + * NEWS, doc/UPGRADE, plugins/sudoers/env.c: + For env_reset, SHELL should be set based on the target user, not the + invoking user unless preserved via env_keep. + [b77adbc08c91] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + sync with translationproject.org + [adb927ad5e86] + +2015-10-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Hungarian and Slovak translations + [d3b6acece125] + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/hu.mo, + plugins/sudoers/po/hu.po, plugins/sudoers/po/sk.mo, + plugins/sudoers/po/sk.po, po/sk.mo, po/sk.po: + Add new Slovak and Hungarian translations from + translationproject.org + [132ec9b7a927] + +2015-10-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Remove S_ISREG check from sudo_edit_open(), it is already done in + the caller. + [9fff8c0bb1f7] + + * src/sudo_edit.c: + Open sudoedit files with O_NONBLOCK and fail if they are not regular + files. + [56b01164869c] + + * plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/tgetpass.c: + It is possible for WIFSTOPPED to be true even if waitpid() is not + given WUNTRACED if the child is ptraced. Don't exit the waitpid() + loop if WIFSTOPPED is true, just in case. + [a2cab04a03da] + +2015-09-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/de.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/nb.mo, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo, + plugins/sudoers/po/zh_CN.mo, po/cs.mo, po/de.mo, po/fi.mo, po/fr.mo, + po/gl.mo, po/it.mo, po/ja.mo, po/nb.mo, po/pl.mo, po/pt_BR.mo, + po/uk.mo, po/vi.mo, po/zh_CN.mo: + rebuild .mo files + [676362ed6061] + + * plugins/sudoers/po/pt_BR.po, po/pt_BR.po: + sync with translationproject.org + [be932694e600] + +2015-09-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, src/sudo_noexec.c: + There's no point in trying to interpose protected versions of the + exec family of functions. Many modern C libraries use hidden symbols + for the functions and syscalls defined in libc such that they cannot + be overridden inside libc itself. We have to just wrap all the exec + variants plus system and popen. + [30aa4bd6c15b] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + List all the functions wrapped by sudo_noexec.so. + [57a9db56f4e0] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The section is now called "EXEC and NOEXEC" and it is above, not + below. + [9b0a2537f65d] + + * src/sudo_noexec.c: + Also wrap popen(3). + [a826cd7787e9] + + * src/sudo_noexec.c: + Also interpose system(3). On glibc systems you cannot interpose the + syscalls used internally by libc. + [58a5c06b5257] + + * src/conversation.c: + Set active debug instance to sudo_debug_instance() during the + conversation function. + [22fb750d92a9] + +2015-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + LOGNAME and USERNAME are set the same way as USER + [54f170cf2536] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document behavior when the command dies from a signal in EXIT + STATUS. + [3c93d682e5e6] + +2015-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Bug #722 + [5cca49bb0e02] + + * src/sudo.c: + When the command sudo is running is killed by a signal, sudo will + now send itself the same signal with the default signal handler + instead of exiting. The bash shell appears to ignore some signals, + e.g. SIGINT, unless the command is killed by that signal. This makes + the behavior of commands run under sudo the same as without sudo + when bash is the shell. Bug #722 + [153f016db8f1] + +2015-09-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Adjust set_logname description to new behavior when any of LOGNAME, + USER or USERNAME are preserved. + [89009c2dcf38] + + * NEWS, plugins/sudoers/env.c: + If some, but not all, of the LOGNAME, USER or USERNAME environment + variables have been preserved from the invoking user's environment, + sudo will now use the preserved value to set the remaining variables + instead of using the runas user. This ensures that if, for example, + only LOGNAME is present in the env_keep list, that sudo will not set + USER and USERNAME to the runas user. + [54a60fe72b9a] + +2015-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Fix passing of the callback pointer to the conversation function. + This was preventing the on_suspend and on_resume functions from + being called on PAM systems. + [611246ded4ff] + + * include/sudo_plugin.h: + Explicitly mark large hex constants unsigned. + [5b67b0090814] + + * plugins/sudoers/timestamp.c: + Cast sizeof(entry) to off_t before making it a negative offset for + lseek(). Fixes "sudo -k" on Solaris and probably others. + [ed5d312f6baa] + +2015-09-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add explicit mention of sudo's netgroup semantics since they differ + from most other netgroup consumers. + [0e9030f8cf56] + + * plugins/sudoers/po/fi.po, po/fi.po: + sync with translationproject.org + [f9236f25a616] + + * plugins/sudoers/check.c: + Fix potential double free of the cookie when sudo is suspended at + the password prompt. + [cbecb3136155] + +2015-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/cs.po, plugins/sudoers/po/zh_CN.po, po/cs.po, + po/zh_CN.po: + sync with translationproject.org + [21138f16a3a6] + +2015-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/de.po, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, po/de.po, po/fr.po, po/gl.po, po/it.po, + po/ja.po, po/nb.po, po/pl.po, po/uk.po, po/vi.po: + sync with translationproject.org + [2d9f3e4c3ccf] + + * NEWS: + Bug #719 + [cfa393164a0f] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + SIGHUP is now relayed to the command. Bug #719 + [8db7c492c52a] + + * src/exec.c: + When a terminal device is closed, SIGHUP is sent to the controlling + process associated with that terminal. It is not sent to the entire + process group so sudo needs to relay SIGHUP to the command when it + is not being run in a new pty. Bug #719 + [b408a792f31a] + + * NEWS: + Mention visudo bug in 1.8.14 + [0fec829807fd] + + * plugins/sudoers/visudo.c: + We reserved two slots at the end of the editor argv for the line + number and the file name. However, resolve_editor() adds "--" before + the file names so the +line_number is interpreted as a file name, + not a line number so we need to overwrite the "--" as well. + [ff107430ee4b] + +2015-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, lib/util/sig2str.c, + lib/util/strsignal.c: + Remove checks for __sys_siglist and __sys_signame. They are internal + to libc and there are no known systems that export those symbols + that do not already export the single underbar or no- underbar + versions. + [2b3efe0a91f2] + + * plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, po/es.mo, + po/es.po: + Sync with translationproject.org + [feb5eb934a9e] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [947e8320c557] + +2015-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/tgetpass.c: + Restore old signal handlers before tty settings. That way SIGTTOU is + at its original value if sudo_term_restore() should fail. + [69d2cc6c0702] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document what happens when the on_suspend/on_resume callbacks return + an error. + [d8c9dcf7a926] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c, + plugins/system_group/system_group.c, src/hooks.c: + No need to have version macros for hooks, callbacks and the sudoers + group plugin. We can just use the main sudo API macros. The sudoers + group plugin macros are preserved for source compatibility but are + not documented. + [8c52bb83f991] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Properly escape the backslash before a comma in an example so the + example rule is parsable by visudo. + [6745d38e9876] + + * src/tgetpass.c: + Ignore callbacks if major version doesn't match. + [f852e6ebff01] + + * MANIFEST, config.h.in, configure, configure.ac, + include/compat/timespec.h, lib/util/Makefile.in, lib/util/gettime.c, + lib/util/utimens.c, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/Makefile.in, src/sudo_edit.c: + Remove include/compat/timespec.h. Systems old enough to lack struct + timespec are too old to build a modern sudo. + [37812e10a449] + + * NEWS: + Bug #713 + [8a7245d76799] + + * src/exec.c: + Fill in cstat if exec_setup() fails. Previously it was only filled + in for an execve() failure. Fixes an unkillable sudo process when + exec_setup() fails and I/O logging is enabled. + [ff1d39d9e505] + + * src/sudo.c: + Fix running commands as non-root when neither setresuid() not + setreuid() are available. At this point we are already root so + setuid() must succeed. Bug #713 + [34754ad586c7] + + * src/sudo.c: + Cast uid_t to unsigned int when printing as %u + [669e2d5244a6] + + * doc/UPGRADE: + Mention time stamp file locking changes, fix some spelling. + [c4563ea85e3a] + + * NEWS: + Update with latest changes. + [2cbd50e7c158] + +2015-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_fatal.h, + include/sudo_plugin.h, lib/util/fatal.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h, + src/tgetpass.c: + Add a struct sudo_conv_callback that contains on_suspend and + on_resume function pointer args plus a closure pointer and at it to + the conversation function. + [5608cb4c18f2] + + * config.h.in, configure, configure.ac, include/sudo_util.h, + lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: + Lock individual records in the timestamp file instead of the entire + file. This will make it possible for multiple sudo processes using + the same tty to serialize their timestamp lookups. + [f4ad82e36d90] + + * lib/util/term.c, plugins/sudoers/check.c, + plugins/sudoers/sudoreplay.c, src/tgetpass.c: + Implement suspend/resume callbacks for the conversation function. If + suspended, close the timestamp file (dropping all locks). On resume, + lock the record before reading the password. + + For this to work properly we need to be able to run th callback when + tsetattr() suspends us, not just when the user does. To accomplish + this the term_* functions now return EINTR if SIGTTOU would be + generated. The caller now has to restart the term_* function (and + send itself SIGTTOU) instead of it being done automatically. + [572374035897] + + * plugins/sudoers/timestamp.c: + Allow the time stamp lock to be interrupted by signals. + [aa5017f86210] + + * plugins/sudoers/timestamp.c: + Adjust new locking to work when tty_tickets is disabled. We need to + use per-tty/ppid locking to gain exclusive access to the tty for the + password prompt but use a separate (short term) lock that is shared + among all sudo processes for the user. + [d6d7a0bb6bd0] + + * lib/util/locking.c: + Set errno to EINVAL if sudo_lock_* is called with a bad type. + [cfba014f1c1a] + + * src/exec_pty.c: + sudo_term_* already restart themselve for all but SIGTTOU so we + don't need to use our own restart loops. + [113924cd05c0] + + * config.h.in, configure, configure.ac, plugins/sudoers/iolog.c, + plugins/sudoers/timestamp.c: + Use pread(2) and pwrite(2) where possible. + [86cd3f6bab9e] + + * plugins/sudoers/timestamp.c: + Bring back the check for time stamp files that predate the boot + time. Instead of truncating we now unlink the file since another + process may be sleeping on the lock. + [9cdf7468d0f2] + + * plugins/sudoers/check.c: + Avoid touching the time stamp directory for "sudo -k command" + [391d20c17775] + +2015-09-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + Make hook_version and hook_type unsigned. + [77cb84793f07] + +2015-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/base64.c, plugins/sudoers/match.c, + plugins/sudoers/regress/parser/check_base64.c: + When decoding base64, avoid using '=' in the decoded temporary array + as a sentinel as it can legitimately be present. Instead, just use + the count of bytes stored in the temp array to determine which bytes + to fold into the destination. + [6abef15d3954] + +2015-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: + When parsing def_editor, break out of the loop when we find the + first valid editor. Bug #714 + [c7508ed075c2] + +2015-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + The condition for adding a missing newline at the end of sudoers was + never reached. Keep track of the last character and write a newline + character if when copying to the temp file. Found by Radovan Sroka. + [86c20e7fc6bd] + + * plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c: + Remove extraneous while() from botched do {} while() loop conversion + to use sudo_strsplit. Noticed by Radovan Sroka. + [cd2d25510129] + +2015-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c: + In sudo_pam_begin_session() and sudo_pam_end_session() return + AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session() + treat anything other than AUTH_SUCCESS as a fatal error. + [3ad7296390f2] + + * doc/CONTRIBUTORS, src/exec.c, src/exec_pty.c: + Linux sets si_pid in struct siginfo to 0 when the process that sent + the signal is in a different container since the PID namespaces in + different conatiners are separate. Avoid looking up the process + group by id when si_pid is 0 since getpgid(0) returns the process + group of the current process. Since sudo ignores signals sent by + processes in its own process group, this had the effect of ignoring + signals sent from other containers. From Maarten de Vries + [6d3f43b95a1f] + + * plugins/sudoers/auth/pam.c: + Sprinkle some debugging. + [f5a94a3a1192] + +2015-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.man.in, doc/sudo.mdoc.in: + Document that sudo uses the real uid to map from uid to passwd file + user name. + [04f6709675cc] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in: + disable_coredump can be set to no on modern OSes without security + consequences. + [ebe6d5bb2274] + +2015-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Emphasis on the never. + [39ca000281c7] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Explicitly tell people not to grant sudoedit to directories the user + can write to. While sudoedit will no longer open symbolic links, + hard links are still an issue. + [26e0afae9bae] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Add warning about writable directories and sudo/sudoedit. + [701ff725af42] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Emphasize that wildcards are not regexps. Bug #692 + [1e071810c4cb] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Emphasize that wildcards in command line arguments are dangerous. + Document the failings of the passwd example on GNU systems. Bug #691 + [54d793aea6b2] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Escape the colons in [[:alpha:]] as required by sudoers. + [ad875dd5ca64] + + * po/sudo.pot, src/sudo_edit.c: + Change warning when user tries to sudoedit a symbolic link. + [b8f44e834c2f] + +2015-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + add .json regress files to MANIFEST + [03ddb3a9671b] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [5abaa0eeab86] + + * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat, + doc/visudo.cat: + regen + [43e6b445734c] + + * doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, include/sudo_compat.h, include/sudo_plugin.h, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/policy.c, + plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok, + plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo_json.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c: + Do not follow symbolic links in sudoedit by default. This behavior + can be controlled by the sudoedit_follow Defaults flag as well as + the FOLLOW/NOFOLLOW tags. + [9636fd256325] + + * NEWS, aclocal.m4, configure, configure.ac: + Sudo 1.8.15 + [bf18da363b06] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.json.ok, + plugins/sudoers/regress/sudoers/test10.json.ok, + plugins/sudoers/regress/sudoers/test11.json.ok, + plugins/sudoers/regress/sudoers/test12.json.ok, + plugins/sudoers/regress/sudoers/test13.json.ok, + plugins/sudoers/regress/sudoers/test14.json.ok, + plugins/sudoers/regress/sudoers/test15.json.ok, + plugins/sudoers/regress/sudoers/test16.json.ok, + plugins/sudoers/regress/sudoers/test2.json.ok, + plugins/sudoers/regress/sudoers/test3.json.ok, + plugins/sudoers/regress/sudoers/test4.json.ok, + plugins/sudoers/regress/sudoers/test5.json.ok, + plugins/sudoers/regress/sudoers/test6.json.ok, + plugins/sudoers/regress/sudoers/test7.json.ok, + plugins/sudoers/regress/sudoers/test8.json.ok, + plugins/sudoers/regress/sudoers/test9.json.ok: + Check JSON output of sudoers test files too. + [3d8517812b80] + +2015-08-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Move comment to match moved code. + [7a30f06462a8] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + maxseq is an int not a string + [bffd97d22064] + +2015-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/preserve_fds.c: + Include sys/types.h for id_t. Bug #711 + [fda95d9ca1e9] + +2015-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/fnmatch.c: + Avoid a potential out of bounds read found by enh while fuzzing with + address sanitizer enabled. + [52d6b9916593] + +2015-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. Bug #710 + [428421925a20] + +2015-07-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, src/Makefile.in: + The init.d files are generated from a .in file so we need to install + from top_builddir not top_srcdir. From Ross Burton. Bug #708 + [df1e7a0d3182] + +2015-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/term.c: + Replace two "return 0" with debug_return_bool(false). + [49f8fb3dcd36] + + * src/ttyname.c: + fix typo in previous commit + [094488696f2c] + + * NEWS, configure, configure.ac: + Sudo 1.8.14p3 + [0079c43d8247] + +2015-07-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Fix errno value from get_process_ttyname() when no tty is present. + [ff7b12bb0638] + + * src/ttyname.c: + On AIX, only convert the tty device number from dev64_t to dev32_t + if dev_t is 32-bits. + [0e728a1eb07a] + +2015-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + Sudo 1.8.14p2 + [55fe56b28c7b] + + * plugins/sudoers/timestamp.c: + Fix creation of the timestamp file; bug #704 + [1ff77fd5cc8f] + +2015-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/regress/ttyname/check_ttyname.c, src/sudo.c, src/sudo.h, + src/ttyname.c: + Avoid needless memory allocation when resolving the tty name. + [c58cce92d5e0] + +2015-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + Sudo 1.8.14p1 + [973705806759] + + * plugins/sudoers/sssd.c: + Fix typo in sudo_sss_attrcpy() that caused a memory allocation + error. + [0fa324a7bb56] + +2015-07-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: + rebuild + [e4c7cda46475] + +2015-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/lbuf.c, plugins/sudoers/env.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, src/hooks.c, src/net_ifs.c, src/sudo.c: + Add some debugging printfs when malloc fails and we don't have an + explicit call to sudo_warnx(). + [07aebb5839c3] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Add missing warnings for memory allocation failure. Add function + name to memory allocation warnings. + [4f6027786a28] + + * lib/util/parseln.c: + Return -1 if realloc() fails. + [707632291eac] + + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c: + Add line number to debug log for memory allocation errors. + [f4f3debdfcc5] + + * plugins/sudoers/auth/pam.c: + Add warning if calloc() fails. Add debugging for other unexpected + errors. + [a1e0945237d8] + + * plugins/sudoers/ldap.c: + Add missing check for calloc(3) return value. + [37fe3ca78e8e] + +2015-07-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that the values printed by "sudo -V" are affected by + Defaults settings in sudoers. + [80ec2572861b] + +2015-07-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/group_plugin.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sssd.c, src/load_plugins.c: + Avoid calling dlerror() multiple times since it clear the error + status after printing the error. Problem caused by + sudo_warn/sudo_fatal being macros... + [c0fd3b0fb9c3] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Attempt to clarify the conditions under which MAIL and HOME are set + to the target user. + [ebd269bebe64] + +2015-07-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Better checks for the libaudit package for Debian and error out if + we can't figure it out. + [225c1bfcb629] + + * mkpkg: + Fix linux_audit setting on non-multiarch Debian. + [0a38e9d158f4] + + * sudo.pp: + Fix typo that broke the linux_audit dependency on Debian. + [0917bd45acf1] + + * NEWS: + Mention /proc/stat btime fix. + [754050a340e2] + + * config.h.in, configure, configure.ac, lib/util/getaddrinfo.c, + plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c, + src/net_ifs.c: + Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in + resolv.h. + [dc0f62743845] + + * plugins/sudoers/boottime.c: + Sprinkle debugging for boottime. + [dfb45c763179] + + * mkpkg: + The old Solaris /bin/sh doesn't support POSIX $( .. ) syntax, use + backquotes instead. + [c9e33ffef2b1] + +2015-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, sudo.pp: + Only use --with-sssd-lib on Debian/Ubuntu w/ multipackage. Use dpkg- + query to determine the name of the audit package for proper + dependencies. + [e9669389aa2f] + + * mkpkg, plugins/sudoers/sudoers.in, sudo.pp: + Update Debian/Ubuntu packages to be more like the vendor ones. One + notable exception is that sudo.ws packages use /var/run, not + /var/lib for timestamp files. + [0f4c49a3768e] + + * doc/CONTRIBUTORS: + Add Jakub Wilk + [78bfdf2e441b] + + * plugins/sudoers/boottime.c: + Strip newline from /proc/stat btime line to avoid a strtonum() + failure. From Jakub Wilk. + [8a04f85a070f] + + * src/exec_pty.c: + In io_callback() service writes before reads. That way, if both + SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF) we + don't close the fd before the write() is performed. + + If the write() returns EPIPE, ENXIO, EIO or EBADF, clear + SUDO_EV_READ before we close the fd to avoid calling read() on a + closed fd. + [167548fd8af2] + +2015-07-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/regress/sudo_conf/conf_test.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: + Check sudo_conf_read() return value and exit on fatal error (a + warning was already printed by sudo_conf_read()). + [d05797f4f197] + + * NEWS: + Mention double-quoted sudoOption value support. + [55684a73f097] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Add support for parsing quoted strings in a sudoOption just like + sudoers Defaults settings. + [fe8291414179] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/da.mo, + po/da.po: + Sync with translationproject.org + [1c15d1a3dbdd] + +2015-07-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update year. + [6ca660e4a957] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/de.mo, + po/de.po, po/nb.mo, po/nb.po: + Sync with translationproject.org + [d7ede74dcb19] + + * src/sudo.c: + Fix utmp setup broken by commit be0ca60facf8 + [cd8a06f57f2b] + +2015-07-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/fr.mo, po/fr.po, po/it.mo, po/it.po, po/pl.mo, + po/pl.po: + Sync with translationproject.org + [aa473519e66d] + + * plugins/sudoers/po/sudoers.pot: + regen + [8f8aa321f043] + + * plugins/sudoers/logging.c: + Fix typo in error message. + [220832711826] + +2015-07-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Bug #702 is the AIX timespec issue. + [c597a312e816] + + * config.h.in, configure, configure.ac, lib/util/closefrom.c, + lib/util/getcwd.c, lib/util/glob.c, plugins/sudoers/match.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/ttyname.c: + We require POSIX so no need to conditionally include dirent.h. Add a + check for d_namlen and use the result in the NAMLEN macro. + [2728194cb6cf] + + * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + lib/util/getcwd.c, lib/util/gettime.c, lib/util/glob.c, + lib/util/lbuf.c, lib/util/locking.c, lib/util/mktemp.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/ttysize.c, + plugins/group_file/group_file.c, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, plugins/system_group/system_group.c, + src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/openbsd.c, src/parse_args.c, src/preserve_fds.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/sudo_noexec.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + There's no need to conditionalize the #include <unistd.h>, we + require a POSIX system. + [79389c527c08] + + * include/sudo_compat.h: + Remove some compatibilty defines that should no longer be needed. + [e9136646d1c6] + +2015-06-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Final changes in 1.8.14 + [3a5cd4f2875a] + + * include/sudo_compat.h: + Need to include stddef.h to get rsize_t on Mac OS X for + sudo_memset_s() prototype. + [9615efed4a9a] + + * lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/strsplit/strsplit_test.c: + Add missing exit value. + [484202b53893] + + * lib/util/regress/mktemp/mktemp_test.c: + Add missing fcntl.h include. + [020fe6252d96] + + * configure, configure.ac: + Do check for inet_pton before inet_ntop since we may need to record + dependent libraries for inet_pton when linking our getaddrinfo + replacement. + [fde03eefd88d] + + * include/sudo_debug.h, lib/util/sudo_debug.c: + Fix build on compilers w/o __func__ or __FUNCTION__ + [196d75416cd5] + + * lib/util/util.exp.in: + Remove sudo_evasprintf_v1, missed during alloc.c removal. + [7d0ac7e5909d] + + * lib/util/snprintf.c: + Add missing fcntl.h include. + [23b886deb879] + + * config.h.in, configure, configure.ac: + Add check for inline support. + [061dab0e411c] + +2015-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/LICENSE: + Add reallocarray.c license. + [b4b4d46309f3] + +2015-06-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Fix entry for Joel Pelaez Jorge. + [386434049903] + +2015-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_lbuf.h, lib/util/lbuf.c, lib/util/util.exp.in, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c: + Add an error flag to the lbuf struct to simplify error checking. + Callers of the lbuf functions now check the error flag to tell if a + memory allocation error ocurred. + [bc44b0fbc03b] + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h: + display_privs() and display_cmnd() may need to return -1 on error. + [b6d8826900bb] + +2015-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: + Check restore_perms() return value in all cases, pushing the return + value back up the call stack. + [c9beeed2b614] + + * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Return -1, not 0 from sudoers when there is an error (as opposed to + a policy denial). + [5d197fe29e0e] + + * doc/CONTRIBUTORS: + Add Joel Pelaez Jorge + [55387b44d6e9] + + * plugins/sudoers/auth/pam.c: + When checking whether the PAM prompt matches "Password:", also check + for the untranslated version. The PAM module might not be using the + localized string even though it exists. From Joel Pelaez Jorge. + Fixes Bug #701 + [d87f6f2ccb42] + +2015-06-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Silence clang analyzer warning on glibc systems where the first + argument to qsort() is marked as non-NULL. Also change some counters + from into to unsigned int and two flags from int to bool. + [09e400445ca2] + +2015-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Silence clang analyzer warning on glibc systems where the first + argument to qsort() is marked as non-NULL. + [34fa7256f1e2] + + * include/sudo_compat.h, include/sudo_debug.h, include/sudo_util.h, + src/preserve_fds.c: + Use our own bitmap macros instead of borrowing the ones from select. + [51ef403511d9] + + * lib/util/sudo_debug.c: + Must call round_nfds() with fd+1 since it takes a count not the fd + number. In other words, the lowest value is 1, not 0. + [cc175cba5371] + + * src/ttyname.c: + Quiet clang analyzer false positive. + [9ebecd6b6b29] + + * src/sesh.c: + Fix uninitialized variables warnings in error case when src file + cannot be opened. At least one of these is a false positive. + [98b417c1307a] + +2015-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/getline.c, plugins/sudoers/toke_util.c: + It's safe to rely on C89 semantics for realloc(NULL, size). + [b633582413ac] + + * plugins/sudoers/env.c: + malloc() sets errno to ENOMEM on failure so we don't need to set it + explicitly. + [09cb5ceaaec3] + + * include/sudo_compat.h: + No longer need __malloc_like + [a41b69f256f6] + + * lib/util/util.exp.in: + Remove symbols from the now-removed alloc.c. + [da0753d85d20] + + * include/sudo_compat.h, lib/util/aix.c, lib/util/closefrom.c, + lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + lib/util/getaddrinfo.c, lib/util/getcwd.c, lib/util/getgrouplist.c, + lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gettime.c, lib/util/gidlist.c, lib/util/glob.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/parseln.c, + lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, lib/util/setgroups.c, + lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c, + lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/plugin_test.c, + plugins/sample/sample_plugin.c, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/editor.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/openbsd.c, src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Only include stddef.h where it is needed. + [ce597fb7ffb9] + +2015-06-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [cad83b927f4e] + + * lib/util/sudo_conf.c, plugins/sudoers/locale.c: + Better handling of setlocale() returning NULL. + [7cd4fcdb528c] + + * lib/util/aix.c, lib/util/gidlist.c, lib/util/sudo_conf.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/defaults.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/conversation.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/parse_args.c, src/preserve_fds.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c: + Add function name to "unable to allocate memory" warnings. + [98c07e26a13e] + + * configure, configure.ac, include/sudo_compat.h, lib/util/aix.c, + lib/util/closefrom.c, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c, + lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c, + lib/util/glob.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/reallocarray.c, lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/setgroups.c, + lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c, + lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/editor.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + plugins/system_group/system_group.c, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/openbsd.c, src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/signal.c, src/solaris.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, + src/utmp.c: + We require ANSI C so stop using the obsolete STDC_HEADERS. + [35a5a680e5fe] + + * lib/util/getgrouplist.c, lib/util/regress/glob/globtest.c, + lib/util/sudo_debug.c, plugins/group_file/getgrent.c, + plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/tsgetgrpw.c: + Use strtok_r() instead of strtok() + [6b8e3c253dcf] + + * config.h.in, configure, configure.ac: + Add back _REENTRANT define on HP-UX to expose strtok_r on some + versions. We may need to define it on other systems too. + [12c36f12eed2] + + * configure, configure.ac: + Fix check for strnlen() when cross-compiling. + [e501c508891a] + + * plugins/sudoers/interfaces.c: + Use sudo_strsplit() in dump_interfaces. + [b76ee2f47f37] + +2015-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/inet_pton.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/parseln.c, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/progname/progname_test.c, + lib/util/regress/strsplit/strsplit_test.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/sha2.c, + lib/util/snprintf.c, lib/util/strtobool.c, lib/util/term.c, + plugins/group_file/getgrent.c, plugins/group_file/group_file.c, + plugins/sample/sample_plugin.c, plugins/sudoers/boottime.c, + plugins/sudoers/editor.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_hexchar.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/tsgetgrpw.c, plugins/system_group/system_group.c, + src/conversation.c, src/exec_pty.c, src/net_ifs.c, src/openbsd.c, + src/preserve_fds.c, src/regress/ttyname/check_ttyname.c, + src/solaris.c, src/sudo.c, src/tgetpass.c, src/ttyname.c, + src/utmp.c: + Remove obsolete memory.h include. + [0c1351d614a9] + + * config.h.in, configure, configure.ac, lib/util/getcwd.c, + lib/util/gethostname.c, lib/util/glob.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/pw_dup.c, lib/util/reallocarray.c, + lib/util/snprintf.c, lib/util/strndup.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/env_hooks.c: + Remove support for the obsolete malloc.h header. + [2a118de27d4e] + + * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c: + Remove BROKEN_SYSLOG define which was for obsolete versions of HP- + UX. Remove last remnants of 4.2BSD syslog support. + [e234515f515d] + + * lib/util/sudo_conf.c: + Use sudo_strsplit() instead of doing the equivalent manually. + [220f2e4a0e68] + + * lib/util/regress/strsplit/strsplit_test.c: + Test strsplit behavior with an empty string. + [62ae80dcee4a] + + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Allow "make LIBTOOL=/path/to/libtool" to work properly. + [f9e5f7109107] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/visudo.c: + Use a common function for resolviong the user's editor in sudoedit + and visudo. The find_path() function now returns a dynamically + allocated path instead of using a static string. + [97fe58966144] + + * config.h.in, configure, configure.ac, lib/util/Makefile.in, + lib/zlib/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Replace use of OSDEFS with config.h defines. Rename DEFS in + Makefile.in to CPPDEFS and include in CPPFLAGS. Bring back + _BSD_SOURCE as a config.h define. Remove obsolescent _REENTRANT + define. + [0d76a12adca8] + +2015-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, include/sudo_alloc.h, lib/util/Makefile.in, + lib/util/alloc.c: + Remove now-unused sudo_alloc.h and alloc.c + [0fe70085c75c] + + * plugins/sudoers/Makefile.in, src/Makefile.in, src/conversation.c, + src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/regress/ttyname/check_ttyname.c, + src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/ttyname.c: + Avoid using exiting allocators in the front end. + [be0ca60facf8] + + * include/sudo_conf.h, include/sudo_lbuf.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/gidlist.c, lib/util/lbuf.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c: + Use non-exiting allocators in libsudo_util. + [d9b7cf17b9b4] + + * plugins/sudoers/ldap.c, plugins/sudoers/logging.c: + Remove asprintf() return value warnings. + [fe25ce11f96a] + + * config.h.in, configure, configure.ac: + Use AC_FUNC_STRNLEN to check for broken strnlen() on AIX. This + requires that we use AC_USE_SYSTEM_EXTENSIONS so remove things from + OSDEFS that are enabled by AC_USE_SYSTEM_EXTENSIONS. + [1f64269cab6e] + + * plugins/sudoers/ldap.c: + Remove extraneous semicolons in CHECK_* macros. + [ef99aa3c9d70] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Remove remaining SUDO_MAIN remnants. + [1c077699f444] + + * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use non-exiting allocatings in the sudoers plugin. + [a5668cb9c516] + +2015-06-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + Use non-exiting allocators in the sudoers SSSD backend. + [dba29b55ac0b] + + * plugins/sudoers/ldap.c: + Use non-exiting allocators in the sudoers LDAP backend. + [37bfa441345a] + + * lib/util/Makefile.in: + regen dependencies + [5be6eb005946] + +2015-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, lib/util/Makefile.in, mkdep.pl: + Add missing dependency info for reallocarray.lo in + lib/util/Makefile.in and regen configure to match last configure.ac + change. + [da1fc49b53dc] + + * plugins/sudoers/ldap.c: + Use \28 and \29 instead of \( and \) in the ldap query as per RFC + 2254. Fixes netgroup queries on AIX. From Steven Soulen. + [33267d6243aa] + +2015-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/glob.c: + Move pattern length check until after we have initialized the glob_t + so we can call globfree() even on error. From Frank Denis. + [a246f9054395] + +2015-06-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c: + We need to unlimit RLIMIT_NPROC in sudoers as well as the sudo front + end since set_perms() and restore_perms change the read uid and may + fail with EAGAIN on Linux kernels prior to 3.1. + [e6a03c31f4e5] + +2015-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Fix underlining of "root" in -u option descriptions. Bug #699 + [b3afe47d9798] + + * doc/UPGRADE, src/load_plugins.c: + Remove support for converting plugin.so -> plugin.sl on HP-UX when + plugin.so can not be found. This was a temporary hack for using an + older (pre 1.8.7) sudoers plugin with a newer sudo front-end. + [561e2ce444ed] + +2015-06-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/event.c, lib/util/event_select.c: + Add debugging output on memory alloc failure. Add missing checks in + event_select.c for reallocarray() failure. + [0853c7bcbeaa] + + * lib/util/event_poll.c: + Use non-exiting allocators. + [5ed0e276b551] + +2015-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Bring back VALIDATE_ERROR which will be used in the case of memory + allocation errors. + [784c885db95c] + +2015-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/snprintf.c: + If asprintf() or vasprintf() fail, set the dest pointer to NULL like + BSD and Solaris do. This appears to be the direction glibc is going + as well. + [92fb2283dc9a] + +2015-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Use a stack buffer for the validate_env_vars() error message. + [69df3a0cbc2b] + +2015-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/fatal.c: + Fix typo/thinko in static buffer conversion; use vsnprintf() not + snprintf() + [9d42fb3a94f6] + + * plugins/sudoers/ldap.c: + Fix old gcc2 variadic macro support. + [fd951ed8865e] + + * plugins/sudoers/visudo.c: + Restore old behavior where visudo prevents you from making the main + sudoers file zero length. + [b03ef908120f] + + * plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c: + Non-exiting allocators for log functions. If log_allowed() fails the + user may not run the command. We don't try to return early for + log_failure(), log_auth_failure() or log_denial() as we would not + run the command in that case. + [40c3d0dd75bc] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Use non-exiting allocators in the parser (much of it already did). + [f14222e5ad1b] + + * lib/util/aix.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c: + Use non-existing allocators in the passwd/group cache functions. + [86bbe840f348] + + * MANIFEST, configure.ac, lib/util/alloc.c, lib/util/reallocarray.c: + Add standalone reallocarray.c from OpenBSD instead of rolling our + own. + [36ec5840729e] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/iolog.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use non-exiting allocators in the redblack tree and fix the fallout. + Also switch to non-exiting allocators in affected code blocks. + [bca56cf769cb] + + * plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.h: + The error string returned by alias_add should be const. + [b378188a0a8f] + + * plugins/sudoers/policy.c: + Fix typo, efree vs. free. + [9146ba7473ca] + + * plugins/sudoers/policy.c, src/exec_common.c, src/sudo.c: + Add a few missing sudo_new_key_val() return value checks. Also use + non-exiting allocators for consistency. + [2ae76a679052] + +2015-05-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/parse_gids/parse_gids_test.c, + lib/util/regress/strsplit/strsplit_test.c: + Add unit tests for strsplit and parse_gid_list. + [e08c5ff7b5f0] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/strsplit.c, lib/util/util.exp.in, + plugins/sudoers/sudoers.c: + Add sudo_strsplit(), similar to strtok_r() but non-destructive and + operates on non-C strings (requires a length parameter). + [45fb50775249] + + * lib/util/fatal.c: + Use a static buffer for sudo_warn/sudo_fatal messages where + possible. + [6e1d6ecc022d] + + * include/sudo_compat.h: + Fix sudo_strnlen() prototype. + [1367bd9227b3] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/strndup.c, + mkdep.pl: + Add strndup() for those without it. As strndup.c uses strnlen(), use + our own if it is missing. + [cf904a9c68f7] + + * lib/util/strnlen.c: + Add missing sudo_ prefix and include sudo_compat.h. + [d5e5dfc3fd20] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/strnlen.c: + Add strnlen() replacement needed for glob.c. Only used if no glob() + and no strnlen(). + [bb6b7c4549b1] + +2015-05-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.h, plugins/sudoers/sudoers.h: + Get rid of SUDO_MAIN. Modern compilers don't warn about mixing + extern and auto declarations unless they conflict. + [a273b73bca6d] + + * config.h.in, configure.ac, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/getaddrinfo.h, + include/compat/getopt.h, include/compat/glob.h, + include/compat/nss_dbdefs.h, include/compat/sha2.h, + include/compat/stdbool.h, include/compat/timespec.h, + include/sudo_alloc.h, include/sudo_compat.h, include/sudo_conf.h, + include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h, + include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h, + include/sudo_plugin.h, include/sudo_queue.h, include/sudo_util.h, + lib/util/fatal.c, plugins/sudoers/bsm_audit.h, + plugins/sudoers/check.h, plugins/sudoers/defaults.h, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.h, plugins/sudoers/linux_audit.h, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/net_ifs.c, src/sudo.h, + src/sudo_exec.h, src/sudo_plugin_int.h, src/sudo_usage.h.in: + Avoid using a leading underbar in defines as they are reserved in + ISO C. + [a442d88c6490] + + * Makefile.in, doc/Makefile.in, examples/Makefile.in, + include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c, + plugins/system_group/Makefile.in, src/Makefile.in, src/selinux.c: + Add target for "make splint". A few files need extra guards to avoid + errors on systems where they would not otherwise be compiled. No + warnings from splint. + [64fc04debc58] + +2015-05-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sia.c: + Use reallocarray() instead of sudo_emallocarray() and return an + error on allocation failure. + [fee12ac1e0c8] + + * plugins/sudoers/auth/kerb5.c: + In our krb5_get_init_creds_opt_alloc() replacement use malloc() + instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation + failure. Only old versions of Kerberos V will need this. + [95ac6c5b7b60] + + * lib/util/event.c, lib/util/event_select.c: + Use non-exiting allocators. + [91bbc657901d] + +2015-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, src/sudo.c: + There should be no need to check for tzset() as it is POSIX. + [50825eb75c97] + + * configure, configure.ac: + Add sudo_reallocarrary to util.exp.in if reallocarray is not found. + [32588e00bb33] + +2015-05-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + NLS now works on Mac OS X properly. + [1485c9e51b04] + + * configure, configure.ac, src/Makefile.in: + Force flat namespace on darwin to make the getenv() hooking work as + it does on ELF. + [0837cc3559ce] + +2015-05-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/alloc.c, lib/util/snprintf.c, + plugins/sample/sample_plugin.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/redblack.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke_util.c: + No need to cast malloc() return value. + [09c7236d3e1a] + + * lib/util/getcwd.c, lib/util/getline.c, lib/util/glob.c, + plugins/sudoers/env.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Use reallocarray where possible. + [2b5957a38baa] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/alloc.c: + Add reallocarray() for those without it. + [3ac5a4abe077] + +2015-05-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + The getenv() hook still doesn't work on Mac OS X. + [d9297b9ff54c] + +2015-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_fatal.h, lib/util/fatal.c: + In sudo_warn_gettext_v1() call dgettext() not gettext() to make sure + the domain is set correctly. The sudoers plugin uses its own text + domain. + [f7ce0100ff5c] + +2015-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/Makefile.in: + man pages should explicitly depend on config.status since it is used + to substitute in variables/settings. + [bebe8e19d767] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/visudo.cat: + regen + [2e613d7bb477] + + * NEWS, configure, configure.ac: + Sudo 1.8.14 + [66e33bc0d18e] + + * INSTALL, MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, + include/sudo_fatal.h, lib/util/Makefile.in, lib/util/fatal.c, + lib/util/locale_weak.c, lib/util/util.exp.in, + m4/ax_sys_weak_alias.m4, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, src/Makefile.in, src/locale_stub.c: + Instead of trying to make weak functions work on all platforms, just + use a registration function for a plugin-specific setlocale + function. The sudoers version just wraps sudoers_setlocale(). + [0eef64f41cdf] + + * src/parse_args.c: + Fix indentation of -a flag help line. + [a2ed556b6454] + + * include/sudo_compat.h: + Fix compilation when HAVE_DECL_SIG2STR_MAX is not defined. + [31aa465affaa] + + * doc/Makefile.in: + Add lint target to run "mandoc -Tlint" over the manuals. + [63ed14d91adc] + +2015-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_compat.h: + HAVE_DECL_SIG2STR_MAX is always defined so use a + !HAVE_DECL_SIG2STR_MAX check instead of #ifndef. + [65cc03302d39] + +2015-05-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/tgetpass.c: + Sync tty_present() with sudoers version. + [040c05e68627] + + * src/load_plugins.c: + sudo_check_plugin() returns bool. + [15b2851bfb90] + + * plugins/sudoers/match.c: + In usergr_matches() matched should be bool but we have to take care + to handle group_plugin_query() returning a value other than 0/1. + [c120901f71c7] + + * plugins/sudoers/ldap.c: + sudo_ldap_check_non_unix_group() returns bool, not int. + [d12e9242454f] + + * plugins/sudoers/logging.c: + Convert two debug_return_int to debug_return_bool. + [594d0fc8efda] + + * include/sudo_debug.h, lib/util/sudo_debug.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, src/sudo.c: + Previously, debug_return_bool was the same as debug_return_int + except that it logged true/false for 1/0. However, this appears to + trigger a bug in some compilers. To avoid this, debug_return_bool + now uses bool, not int. Callers that were passing it an int have + been converted to use debug_return_int instead. + [ca142b5a9433] + + * src/get_pty.c, src/sudo.h: + get_pty() should return bool + [2c72c8d3603b] + + * src/sudo.h, src/tgetpass.c: + Make tty_present static to tgetpass.c + [bb73a2cc8754] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for SIG2STR_MAX, which may be missing on + UnixWare. + [e9dcac23c639] + + * m4/ax_sys_weak_alias.m4: + Need to quote $GCC as it may include arguments. From Tim Rice. + [9ed8a3be94bf] + + * MANIFEST: + Add missing m4/ax_sys_weak_alias.m4 + [269a8d5bfb49] + +2015-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + There's no point in building i386 binaries for Mac OS X 10.7 and + higher. + [e8876ea36d14] + +2015-04-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, po/ja.mo, + po/ja.po: + Sync with translationproject.org + [414c51286530] + +2015-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/bsm_audit.c: + Only fall back on AUE_DARWIN_sudo if au_preselect() fails. + [aea2f3a60b46] + +2015-04-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/bsm_audit.c: + Work around a problem on Mac OS X 10.10 which defines AUE_sudo but + where au_preselect() only accepts AUE_DARWIN_sudo (the old value). + [b5d32d6453d1] + +2015-04-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/env_hooks.c: + Don't use dlsym() to find the libc getenv() since this may allocate + memory on some systems (glibc) which leads to a hang if malloc() + calls getenv() (jemalloc). + [441846664820] + + * include/sudo_debug.h, src/sudo.c: + Split variable declaration out of debug_decl into debug_decl_vars() + so we can use it in main() when we know sudo_debug_enter() cannot + succeed. + [6931948a57f8] + + * src/sudo.c: + Defer conversation initialization until right before plugins are + initialized. + [83db53d4945c] + +2015-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + When creating a passwd struct from a uid that is not in the passwd + database, set pw_gid to the user's gid instead of whatever the user + specified via the -g flag (or 0 if no -g). + [4154970432df] + +2015-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Add some ldap_err2string() debugging when the LDAP search fails. + Adapted from a diff from Steven Soulen. + [e08d38481041] + +2015-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo, + po/sr.po: + Sync with translationproject.org + [cbf24072ad07] + +2015-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Add David Michael and Andrey Klyachkin. + [e153a9b46e1f] + + * sudo.pp: + Sync tmpfiles.d/sudo.conf with init.d/sudo.conf.in + [9e3945c1fe6e] + + * include/sudo_util.h: + Avoid struct assignment when stashing mtime since AIX at least uses + a struct st_timespec that differs from struct timespec. From Andrey + Klyachkin. + [e267ea5b019e] + +2015-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Work around a bug in pp that caused a warning when exampledir is a + subdir of docdir. + [d81db98f215f] + + * plugins/sudoers/solaris_audit.c: + Add sys/types.h + [e0794f05e95c] + + * lib/util/getopt_long.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, lib/util/sha2.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_hexchar.c: + Include sys/types.h instead of unistd.h to get uid_t and gid_t. Add + missing include of sys/types.h to a few places. + [86eb67f3c41a] + +2015-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Remove unintended commit + [2eeeb74b9174] + + * init.d/sudo.conf.in: + Add tmpfiles.d/sudo.conf template. + [ead9bb7b5328] + +2015-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * .hgignore, INSTALL, MANIFEST, Makefile.in, configure, configure.ac, + mkpkg, src/Makefile.in, sudo.pp: + Create template tmpfiles.d/sudo.conf for installation instead of + creating one via echo commands in the Makefile. + + Add --enable-tmpfiles.d configure option to enable/disable use of + tmpfiles.d and override the default directory. + + Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore + tmpfiles.d/sudo.conf in sudo.pp. + [930983f88927] + + * sudo.pp: + Fix setting of pp_rpm_version when there is no patchlevel present. + Also tighten up the regexp for pp_rpm_release. + [d6a89aafd99d] + +2015-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, + examples/Makefile.in, mkpkg, sudo.pp: + Make exampledir configurable and default to + DATAROOTDIR/examples/sudo on BSD systems. + [4c1271298712] + + * src/Makefile.in, sudo.pp: + Install /usr/lib/tmpfiles.d/sudo.conf on systems with systemd but do + not package it. For packages we create /usr/lib/tmpfiles.d/sudo.conf + as needed in the postinstall script. + [522666bc079f] + +2015-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Fix "mandoc -Tlint" warnings. Sync AUTHORS section in man pages. + Regenerate all man pages. + [34e4149bb225] + + * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + Make libsudo_util depend on libintl instead of requiring users of + libsudo_util to link with libintl directly. Bug #690 + [f2508d1a21ee] + +2015-03-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Use saved errno in vlog_warning() before calling + sudo_vwarn_nodebug(). Fixes the error message printed if set_perms() + fails. + [68bd7297137e] + +2015-03-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for 1.8.13 final. + [4c03db3a740f] + +2015-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + For sudoedit, run the editor with the user's original environment as + per the documentation (and as in sudo 1.7.x). Bug #688 + [a5081c8f6950] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, po/fr.mo, + po/fr.po: + Sync with translationproject.org + [0b820c5ecb0c] + +2015-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/term.c: + Update function names in debug_decl. + [b83f153b2f43] + + * lib/util/term.c: + Use TCSAFLUSH instead of TCSANOW in sudo_term_copy(). Be consistent + with where we put TCSASOFT in the action flags. + [6ffeec3aa184] + +2015-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/da.mo, + po/da.po, po/fi.mo, po/fi.po, po/zh_CN.mo, po/zh_CN.po: + Sync with translationproject.org + [0d20f88c0a83] + +2015-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/sha2.c: + Include unistd.h since sudo_compat.h uses gid_t. + [da491d83e5dc] + +2015-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.ac: + Add --disable-weak-symbols option to disable use of weak symbols in + libsudo_util. + [3edf2bccb4d8] + + * configure: + regen + [ff1abfcd2b61] + + * m4/ax_sys_weak_alias.m4: + When checking for weak aliases, check the gcc attribute format last + since some C compilers just ignore unsupported attributes. + [e172cbbfa615] + + * sudo.pp: + Update copyright year. + [67bcd24c6477] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/it.mo, + po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po: + Sync with translationproject.org + [ceb62f98364c] + + * configure, configure.ac, include/compat/sha2.h: + Fix symbol name collision with systems that have their own sha2 + implementation. This can result in PAM using the wrong sha2 + implementation on Solaris systems configured to use SHA512 for + passwords. + [3a25c4896804] + + * src/Makefile.in: + Use SSP_LDFLAGS when linking sudo_noexec.la + [6187b17fad90] + +2015-03-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, config.h.in, configure, configure.ac, + include/compat/utime.h, lib/util/Makefile.in, lib/util/utimens.c: + Remove compat/utime.h, it was only useful for ancient systems that + are no longer capable of compiling sudo. + [94e4f02868db] + +2015-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, lib/util/Makefile.in: + Link libsudo_util with -lrt on systems where clock_gettime is in + -lrt. + [44a9a0d0af69] + + * NEWS: + Update. + [811c8d7090c0] + + * lib/util/strlcat.c, lib/util/strlcpy.c: + Update OpenBSD CVS Ids + [933788497ee4] + + * lib/util/strlcat.c: + Make comment match code. + [b1b68810929d] + + * lib/util/utimens.c: + Fix compilation error on systems without futimes(). + [4d55a58ea12e] + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/gettime.c, lib/util/util.exp.in, lib/util/utimens.c, + lib/util/utimes.c, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/boottime.c, plugins/sudoers/gettime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/Makefile.in, src/sesh.c, + src/sudo_edit.c: + Use futimens() and utimensat() instead of futimes() and utimes(). + [8400f91466d8] + + * plugins/sudoers/visudo.c: + Fix compiler warning on systems where mode_t is not unsigned int, + such as 32-bit Solaris. + [1eeeea1c203d] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Fix logic for verifypw/listpw all in sudoers LDAP and sssd. + [5bc60a34a477] + + * src/tgetpass.c: + Fix cut & pasto that prevented the SIGPIPE handler from being + restored before returning from tgetpass(). From mancha + [230b0a86876e] + +2015-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sesh.c, src/sudo_edit.c: + Our utimes() emulation support futime() too. + [439851535285] + +2015-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [40aa9164563f] + + * plugins/sudoers/testsudoers.c: + Define YYDEBUG to 0 if not already defined so we can protect use of + sudoersdebug with "#if YYDEBUG" like the generated parser does. From + David Michael. + [394e1c237aac] + +2015-02-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that Aliases may not be redefined and that "sudo -f + /etc/sudo.d/foo" will not catch the redefinition. + [3bff3b5f7eb1] + + * sudo.pp: + Only create /usr/lib/tmpfiles.d/sudo.conf if + /usr/lib/tmpfiles.d/systemd.conf also exists. Some other package may + have created /usr/lib/tmpfiles.d even though it is not used. + [cf013d95b7d7] + + * plugins/sudoers/Makefile.in: + regen + [4dde632c35cd] + + * sudo.pp: + Clear the ts dir instead of just making sure it exists. + [c49b6e3e2360] + + * configure, configure.ac: + Only substiture init.d scripts that we are going to use. + [301f16bd04c5] + +2015-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, sudo.pp: + Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used. + [532dc61e7bb7] + + * plugins/sudoers/iolog.c, plugins/sudoers/visudo.c, src/sudo_edit.c, + src/utmp.c: + Check the return value of gettimeofday(), even though it should + never fail. + [747715d8a11c] + +2015-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/clock_gettime.c, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, + plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as it + may be present but not implemented. Add sudo_gettime_real() and + sudo_gettime_mono() functions to get the real and monotonic times + respectively. Now sudo_gettime_mono() checks the value of + sysconf(_SC_MONOTONIC_CLOCK) before calling + clock_gettime(CLOCK_MONOTONIC) and falls back on sudo_gettime_real() + as needed. The Mach version of sudo_gettime_mono() uses + mach_absolute_time(). + + This should fix problems with timestamp files on systems where the + CLOCK_MONOTONIC is defined but not actually implemented. + [cd04a21af4c5] + + * include/sudo_compat.h, plugins/sudoers/timestamp.c: + Check clock_gettime() return value and warn if it fails. Currently, + the timestamp will be ignored if clock_gettime() fails. + [3658154638da] + +2015-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/sudo_debug.c: + Plug memory leak when debug file cannot be opened. Use %zu printf + format now that our snprintf support it. + [a168a002cd19] + + * plugins/sudoers/auth/pam.c: + Pam conversation function changes: o use PAM_BUF_ERR as the return + value when calloc() fails. o sanity check the value of num_msg o + remove the workaround for old Apple PAM o PAM_AUTH_ERR is not a + valid PAM conversation function return value + + If getpass_error is set after a call to pam_verify (usually because + the user pressed ^C), return AUTH_INTR immediately instead of + checking the pam_verify return value. + [8d378f40fe1f] + + * INSTALL, NEWS, configure, configure.ac, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + On AIX use the value of auth_type in /etc/security/login.cfg to + determine whether to use LAM or PAM unless the user specified the + --with-pam or --with-aixauth configure flags. + [cb314c1ed5f8] + + * lib/util/parseln.c: + Fix cast. + [4f56047e2bc4] + +2015-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, lib/util/snprintf.c: + Update snprintf.c from OpenBSD. The floating point and wide + character code has been retained but is not compiled by default. + [6801a77398fc] + +2015-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok: + Update the regression test that check that all tags are parsed. + [d0f9af2f9d45] + + * MANIFEST, configure, configure.ac, lib/util/Makefile.in, + lib/util/mktemp.c, lib/util/regress/mktemp/mktemp_test.c, mkdep.pl: + Add regress for mkdtemp and mkstemps from OpenBSD + [18714ae9bffd] + + * plugins/sudoers/po/sudoers.pot: + regen + [b77490dd9b33] + + * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, po/tr.mo, + po/tr.po: + Sync with translationproject.org + [b2946065653d] + + * config.h.in, configure.ac: + Correct SECURE_PATH comment. + [3fd6132d5dba] + + * NEWS, configure, configure.ac: + Sudo 1.8.13 + [32c1183b0666] + +2015-02-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in, + lib/util/gethostname.c, lib/util/util.exp.in, + plugins/sudoers/match.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sudo.c: + Avoid using HOST_NAME_MAX directly and use + sysconf(_SC_HOST_NAME_MAX) instead. + [97036b819d58] + + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Historically, crypt() returned the empty string on error, which + ensured that crypt("", "") would return "", which supported matcing + empty encrypted passwords with no additional code. Some modern + versions of crypt() (such as glibc) return NULL on error so we need + an explicit test to match an empty plaintext password and an empty + encrypted password. + [b88eb9da5e57] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Sort tags lexically in the sudoers manual + [66716c0b7a13] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo_json.c: + Add support for MAIL and NOMAIL command tags to toggle mail sending + behavior on a per-command (or Cmnd_Alias) basis. + [04f30a064c25] + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + lib/util/closefrom.c, lib/util/setgroups.c, + plugins/sudoers/pwutil_impl.c, src/sudo.c: + Almost no systems actually define OPEN_MAX since it is dynamic on + modern OSes. If sysconf(_SC_OPEN_MAX) ever fails, fall back on + _POSIX_OPEN_MAX instead. We can assume modern systems have + sysconf(). Also remove checks for strrchr() and strtoll() for which + the HAVE_* defines are no longer used. + [c3058a6cca86] + + * lib/util/getline.c, plugins/group_file/getgrent.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/tsgetgrpw.c: + All modern systems should have LINE_MAX. + [117322b6d86c] + + * Makefile.in, sudo.pp: + Don't need to pass exampledir to polypkg now that it is just under + docdir. + [9f24f0184a78] + +2015-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Fix packaging of the example dir. + [4c7cbc3fc190] + + * lib/util/mktemp.c: + Fix mkstemps() extension handling. Sudoedit will now preserve the + extension properly when the system libc lacks mkstemps(). + [b86f54331972] + +2015-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, aclocal.m4, config.h.in, configure, configure.ac, + lib/util/Makefile.in, lib/util/locale_weak.c, + m4/ax_sys_weak_alias.m4, mkdep.pl, src/Makefile.in, + src/locale_stub.c: + Use weak symbols for sudo_warn_gettext() and sudo_warn_strerror() so + distros using "-Wl,--no-undefined" in LDFLAGS don't run into + problems. + [708418615aae] + + * lib/util/mksiglist.c, lib/util/mksigname.c: + Include unistd.h in siglist.c and signame.c to get gid_t which is + used by sudo_compat.h. Bug #686 + [0ab6450a96ec] + +2015-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/logging.c: + Add mail_all_cmnds to always mail when a user runs a command (or + tries to) including sudoedit. The mail_always flag goes back to its + old semantic of always mailing when sudo is run. + [edc904502061] + +2015-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Minor change in description of TZ path handling. + [579b02f0dbe0] + + * Makefile.in, examples/Makefile.in: + Move example dir under the doc dir to conform to Debian guidelines. + Bug #682. + [494d9a0484b6] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that a leading ':' is skipped when checking TZ for a fully- + qualified path name. + [91859f613b88] + +2015-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Typo. + [b9257ea66116] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix typos. + [ac1467f71ac0] + + * plugins/sample/sample_plugin.c: + Fix compilation on systems w/o __dso_public + [b773ef9127fa] + +2015-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po: + Russian translation for sudoers from translationproject.org. + [8a7fc2e00072] + +2015-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ru.mo, + plugins/sudoers/po/ru.po: + Russian translation for sudoers from translationproject.org. + [1d5869e4d4af] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add check for getresuid() declaration, which may be missing on HP- + UX. When checking for getdomainname() prototype, look in netdb.h + too. + [0ba583590b17] + + * INSTALL, NEWS, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in, + plugins/sudoers/env.c: + Sanity check the TZ environment variable by special casing it in + env_check. The --with-tzdir configure option can be used to specify + the zoneinfo directory if configure doesn't find it. + [650ac6938b59] + + * NEWS: + Mention crash fixes. + [f759c993e172] + + * src/parse_args.c: + Bail with usage() early if argc <= 0. + [aaba56c9a797] + +2015-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c: + Remove extraneous casts of node->data (which is void *). + [950749570a00] + + * doc/CONTRIBUTORS: + Add Stephane Chazelas + [a6c7becabee7] + + * plugins/sudoers/pwutil.c: + Fix a potential crash when getpwnam() of the running user fails and + we don't replace the negative cached entry with a faked up one. From + Stephane Chazelas + [9088f041bbad] + + * src/parse_args.c, src/sudo.c: + Don't assume argv[0] is set without first checking argc. + [aabdc9d0ba26] + + * lib/util/progname.c: + Call setprogname("sudo") if getprogname() returns NULL or the empty + string. + [45438f7227b1] + + * plugins/sudoers/set_perms.c: + Handle sudo_get_grlist() returning NULL which can happen if + getgrouplist() fails even after allocating the appropriate amount of + memory. From Stephane Chazelas + [25747a0ead7c] + + * config.h.in, configure, configure.ac: + Remove configure checks for strrchr() and strtoll() for which the + HAVE_* defines are no longer used. + [f04216435aba] + + * config.h.in, configure, configure.ac, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + Require POSIX regular expression support for sudoreplay. + [1486747cd470] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Check whether getdomainname(), innetgr(), setresuid() and + setresgid() are declared and add prototypes in sudo_compat.h as + needed. + [03aa144afce4] + + * plugins/sudoers/policy.c: + The plugin no longer needs to call initprogname() now that it links + with the same libsudo_util as sudo. + [78b65a352ac5] + +2015-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Add /usr/local/share/examples/ directory to parentdirs so it is + explicitly added to the package. + [ef1aa52b0aad] + + * plugins/sudoers/po/da.mo, po/da.mo: + Sync with translationproject.org + [943986acd31c] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/nl.mo, + po/nl.po: + Sync with translationproject.org + [4977ac967bdd] + +2015-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Regen with yacc skeleton that the clang analyzer doesn't complain + about. + [e15991fd4ab1] + + * configure, configure.ac, lib/util/alloc.c, lib/util/glob.c, + plugins/sudoers/env.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX + systems doesn't include stdint.h itself. + [9fbd35811743] + + * configure, configure.ac: + SIZE_MAX may be in limits.h on pre-C99 compilers. + [d3b554f7e0e5] + + * config.h.in, configure, configure.ac, lib/util/aix.c: + Add missing prototypes for usrinfo() and setauthdb() for AIX. + [aa4b205296cf] + + * config.h.in, configure, configure.ac, plugins/sudoers/match.c: + Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to + get the host's NIS domain. + [9234c62a1469] + +2015-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Remove AC_PROG_GCC_TRADITIONAL and add AC_PROG_CC_STDC since we need + C99. + [005775f5662b] + + * plugins/sudoers/match.c: + Actually use the check for prior initialization in + sudo_getdomainname(). + [06368385ad0d] + + * configure, configure.ac: + We need to add OSDEFS to CFLAGS to expose LLONG_MAX et al on glibc + when not explicitly asking for c99. + [ae9435631600] + + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/logging.c: + Don't send mail about pseudo-command failure unless it is an + authentication failure. + [deddcfc1f2ab] + + * configure, configure.ac: + Fix check for SIZE_MAX, which should be in stdint.h not limits.h. + [47bf0ab7dfca] + + * lib/util/glob.c: + Need to include inttypes.h for SIZE_MAX + [a11f42f40294] + + * plugins/sudoers/po/sudoers.pot: + regen + [d35b24f95ef8] + +2015-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_debug.h, lib/util/aix.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c, + lib/util/ttysize.c, lib/util/util.exp.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/get_pty.c, src/hooks.c, + src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/ttyname.c, src/utmp.c: + Go back to a 2 args debug_decl and just use the "default" instance, + now renamed "active". + [7130b7478355] + +2015-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/LICENSE: + Update copyright year. + [e1dad7b195e4] + +2015-01-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + When querying LDAP netgroups, use the NIS domain if it is sent but + also match nisNetgroupTriple entries that have no domain. + [5a0fa3ac26f7] + + * plugins/sudoers/sudoreplay.c: + Avoid setting the tty to non-blocking mode so "sudoreplay | cat" + (for example) works as expected. We only read a single byte from the + keyboard and only when interactive anyway so this should be fine. + [9615a932545b] + + * lib/zlib/Makefile.in, plugins/sudoers/Makefile.in: + regen + [f19c6e000850] + + * plugins/sudoers/sudoreplay.c: + Avoid a cppcheck warning about undefined behavior (using the address + of a stack buffer - 1) and fix a memory leak of the iov when doing + nl->crnl conversion. + [e26f9008c2e4] + + * doc/CONTRIBUTORS: + Add Steven Soulen + [17a47303d5fe] + + * plugins/sudoers/sudoreplay.c: + Fix handling of partial writes from writev() which can occur with + large output buffers. + [1065dbeaa13d] + +2015-01-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Add support for querying netgroups directly via LDAP since there is + no other way to look up all the netgroups for a user (unlike regular + groups). This introduces netgroup_base and netgroup_search_filter + options to ldap.conf. Based on a diff from Steven Soulen. + [7e3d55983e71] + +2015-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Sort ldap.conf options. + [264608124698] + +2015-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Add macros to ease the checking of strlcpy, strlcat and + sudo_ldap_value_cat return values. + [e9122413d4fa] + +2015-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Rename VALIDATE_OK -> VALIDATE_SUCCESS Rename VALIDATE_NOT_OK -> + VALIDATE_FAILURE + [4379cac9f75d] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.h: + Remove now-unused VALIDATE_ERROR define. + [569d4936b761] + + * plugins/sudoers/logging.c: + should_mail() now returns bool. + [0316d1fb08c3] + + * lib/util/sudo_debug.c: + If sudo_debug_register() fails return + SUDO_DEBUG_INSTANCE_INITIALIZER, not -1. Otherwise we could end up + setting the instance to -1 which is invalid. + [032bb1db6db5] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix typo. + [014be972780c] + + * doc/Makefile.in: + Use "mandoc -Tascii" to generate .cat pages to avoid locale-specific + characters. + [0ec42d8924fc] + +2015-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, m4/sudo.m4: + Use AC_PATH_PROG to find programs instead of checking the path + manually. + [2b5d9893a7a7] + +2015-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/strlcat.c, lib/util/strlcpy.c: + Sync with OpenBSD version + [22c073c42a9e] + +2015-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Use AC_CHECK_HEADERS_ONCE and AC_CHECK_FUNCS_ONCE where possible and + quote the first args in AC_CHECK_FUNCS calls. + [84aa40ab410a] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Avoid inadvertantly defining things like PATH_MAX simply because the + source file doesn't include limits.h. + [d2e7c4093f55] + +2015-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltversion.m4: + Update to libtool 2.4.4 + HP-UX patches + [859b7378bc37] + + * src/ttyname.c: + Document why we need sys/param.h. + [f21a4d7122f0] + + * configure, m4/sudo.m4: + Don't need sys/param.h. + [6aa24ecfc9d4] + + * lib/util/closefrom.c: + Don't appear to need sys/param.h for pstat_getproc() on HP-UX even + though the man page lists it. + [47d75f3db288] + + * lib/util/inet_ntop.c, lib/util/inet_pton.c: + Should not need sys/param.h here. + [5c83cebcd75f] + +2014-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match_addr.c: + Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs. + [d30313d726eb] + +2014-12-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + Update link to gq LDAP editor, now on sourceforge. + [706dadea1abb] + +2014-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/compat/glob.h, lib/util/glob.c: + Add support for GLOB_LIMIT from OpenBSD (not currently used) and + also a limit on the max recursion depth for glob(). + [6f9e26b88612] + + * lib/util/glob.c: + Quiet compiler sign compare warning. + [c4f35c02122c] + +2014-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + fnmatch fix + [07542b07ac67] + + * lib/util/fnmatch.c: + Remove artificial limit on length of pattern and string. It is + possible to use fnmatch() on things other than paths (such as + arguments) so a limit of PATH_MAX does not make sense. Fixes a bug + where rules would fail to match if the length of the arguments were + larger than PATH_MAX (usually 1024). + [942770c20422] + +2014-12-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Remove the extra /sudo in sudo.ws urls + [0b804e3a1008] + +2014-11-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Reference bugzilla.sudo.ws + [7dc11bbe6f13] + +2014-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + sync + [da17d5a611ce] + +2014-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Require that a digest be specified with a real command, not an alias + or pseudo-command. Found via a crash by afl. + [55f6166cab63] + + * NEWS: + sync + [4b31247735c4] + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/fr.mo, + plugins/sudoers/po/fr.po: + French translation for sudoers from translationproject.org. + [5c592350c4b0] + +2014-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c, src/tgetpass.c: + Defer registration of the SIGCHLD handler until just before we exec + the command. Fixes a problem where pam_gnome_keyring installs its + own SIGCHLD handler and may not restore the original one. As a + result, we now have to explicitly wait for the askpass helper to + finish. Bug #657 + [f499500fef71] + +2014-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention sssd support in the sudoers.ldap manual and cross-reference + sssd-sudo(5). + [32f84fbf210c] + +2014-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Reorder an entry. + [5d15735294f1] + +2014-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Prevent cppcheck from getting confused by our compat definition of + the va_copy macro for pre-C99. + [61d94525be2e] + +2014-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog_path.c: + Fix potential NULL pointer deref found by cppcheck. + [668967e031e0] + + * plugins/sudoers/alias.c: + Quiet a cppcheck false positive. + [35a16ae4660c] + + * lib/util/sudo_debug.c: + If there are multiple outputs, ap will be re-used so make a copy and + operate on it instead. + [f4f19df43c93] + + * src/hooks.c: + Fix typo in hook return value check. + [b12839dc6e78] + + * NEWS: + Mention visudo use of sudoers plugin args to set default sudoers + file name and owner/mode. + [7f2733b53431] + + * NEWS: + Mention fix for bug #678 + [7f7a6d8b985b] + +2014-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + In set_fqdn() we neeed to set user_runhost/user_srunhost at the same + time we set user_host/user_shost since that is what + hostlist_matches() uses. Bug #678 + [4f75b01d4884] + +2014-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/hooks.c: + Do not call sudo_warnx() on invalid value from the env hook + functions as the printf() family may call getenv() for locale + reasons. + [547fc25acb7c] + + * doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + No need to keep specifying ".Nm foo" since the Nm macro remembers + the argument it was first called with and uses it if none is + specified. Also fix a few minor formatting errors and regen bulleted + lists in the .man.in files. + [d2669e94add4] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Add sudo.conf to SEE ALSO and rename section on sudo.conf + [d4cc8ad2c2b4] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Mention sudo.conf use for debugging + [9393fb061bcd] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in, + doc/sudoreplay.cat: + regen + [1d34d21b2136] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Document sudo.conf usage now that visudo will parse the sudoers + arguments. + [78a413c019a9] + +2014-11-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid, + sudoers_gid, and sudoers_mode in visudo. + [1c7408b5ff7e] + + * plugins/sudoers/visudo.c: + Use sudoers_file, sudoers_uid, sudoers_gid, and sudoers_mode symbols + from toke.l instead of the upper case defines. + [21ba15518c7d] + + * lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Use SSP_LDFLAGS when creating shared objects. + [2428de97d2c2] + + * lib/util/Makefile.in: + We only build .lo (not .o) files for libsudo_util + [2c1e0475cddc] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo, + po/eo.po, po/fi.mo, po/fi.po, po/it.mo, po/it.po, po/nb.mo, + po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, + po/ru.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po: + Sync with translationproject.org + [e51055fdffe1] + +2014-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + sync + [aab14a9942e0] + +2014-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c: + Make sure that SIGCHLD is not treated as a user-generated signal in + which case it could be ignored. Bug #676 + [a4caaaaa47a8] + +2014-10-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, lib/util/mktemp.c: + Use arc4random() for mkstemp/mkdtemp if available. If not, try to + seed from /dev/urandom before falling back to the gettimeofday seed. + [7a7096ab82c9] + + * lib/util/sudo_debug.c: + Use a static buffer for sudo_debug_execve2() if possible. + [abf1fd5891ab] + +2014-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.4.3 + HP-UX patches + [9ddfd96f3bea] + +2014-10-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, include/sudo_compat.h, lib/util/mktemp.c: + If a system lacks mkdtemp() or mkstemps(), use our own mkdtemp() and + mkstemps(). Previously we only exposed the missing one but since the + guts are the same we might as well use them. + [12d4ac64462f] + + * src/env_hooks.c: + Mark the putenv(), setenv() and unsetenv() symbols as global, not + hidden. Fixes a mismatch where a plugin (or its loaded dso) would + call setenv() to set a variables but be unable to find it later with + getenv(). + [96127ac4bbb3] + +2014-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Fix install-nls target from builddir. + [da63bc37f6c5] + + * Makefile.in: + Fix dependency on sudo.pp, it needs to relative to srcdir. + [c76088da98e8] + + * src/sesh.c: + Adapt to new debug subsystem registration. + [8e13b349b44b] + +2014-10-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/zlib/Makefile.in, lib/zlib/zlib.exp: + Add missing zlib.exp file and common LT_LDFLAGS Makefile.in. + [0bc0092d3e03] + + * lib/util/sudo_conf.c: + Fix path settings broken in rev 9731. + [2b33916eb287] + + * MANIFEST, lib/util/regress/sudo_conf/test4.err.ok: + Adjust regress test now that boolean settings display an error for + invalid input. + [73a7365f492e] + + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add sudoers_debug_deregister() and use it instead of calling + sudo_debug_deregister() directly. + [819b0e08196e] + + * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Use AC_PROG_AWK + [945cf6deb18d] + + * NEWS: + Mention shared zlib. + [094bdada1106] + + * MANIFEST: + Add lib/zlib/zlib.exp + [7b5011e3eea9] + + * INSTALL, configure, configure.ac, lib/zlib/Makefile.in, + lib/zlib/zconf.h.in: + Add support for installing a shared zlib + [6875ab6ca44f] + + * lib/util/Makefile.in: + fix comment typo + [35c3dda27eec] + + * configure, configure.ac, lib/zlib/Makefile.in: + Newer zlib uses HAVE_HIDDEN to turn on symbol hiding so we don't + need to disable it with NO_VIS. + [b3eee86f015f] + + * po/sudo.pot: + regen + [687bc1ea88ac] + + * configure.ac, include/sudo_debug.h, lib/util/sudo_debug.c, + lib/util/util.exp.in: + Version the symbols for sudo_debug.c now that the API is stable. + [873850a062a8] + +2014-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/sudo_conf.c: + Go back to parsing sudo.conf in place for settings and paths and + improve debugging info for unsupported entries and parse errors. + [264e1f7d6551] + + * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c, + lib/util/sudo_conf.c, lib/util/util.exp.in, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Add a flag argument to sudo_conf_read() so we can decide which bits + get parsed. This lets us parse Debug statements first and init the + debug subsystem early. + [56dbf1e671de] + +2014-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/zlib/gzguts.h: + Include stdio.h after zlib.h, not before. We need the large file + defines to come first. + [b42b53d10252] + + * doc/LICENSE, lib/zlib/compress.c, lib/zlib/crc32.c, + lib/zlib/crc32.h, lib/zlib/deflate.c, lib/zlib/deflate.h, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inflate.c, lib/zlib/inftrees.c, lib/zlib/trees.c, + lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h, + lib/zlib/zutil.c, lib/zlib/zutil.h: + Update zlib to version 1.2.8 + [f95280e0448d] + + * configure, configure.ac: + Don't add -Wold-style-definition to CFLAGS as it causes problems + with 3rd party libraries such as zlib. + [1d7613d1c177] + + * src/load_plugins.c: + Free up plugin info structs after converting to plugin containers. + [1168e873d778] + + * INSTALL, MANIFEST, Makefile.in, configure, configure.ac, + doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE, doc/sample.pam, + doc/sample.sudo.conf, doc/sample.sudoers, doc/sample.syslog.conf, + examples/Makefile.in, examples/pam.conf, examples/sudo.conf, + examples/sudoers, examples/syslog.conf, sudo.pp: + Move sample.* files to a sudo examples dir + [b53e3df56c66] + + * sudo.pp: + Fix a packaging problem with the sudoedit man page link on Debian. + [8ad77a37048e] + + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + Initialize the debug subsystem in sudoers early. Currently this + means iterating over the settings list twice. + [93b12ea08405] + + * lib/util/sudo_debug.c: + No need to convert sudoedit -> sudo in sudo_debug_get_instance() as + we store the actual program name and only do the sudoedit -> sudo + conversion when reading the sudo.conf file. Fixes debugging when + invoked as sudoedit. + [535c01d83b14] + + * lib/util/sudo_conf.c, lib/util/sudo_debug.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + In the plugin registers with the debug framework at open time, the + sudo front-end will now set the default debug instance appropriately + before calling into the plugin. This means the plugin no longer + needs to do the sudo_debug_set_default_instance() dance. + [10dd45a7884f] + + * Makefile.in: + Remove duplicate -U__NBBY in CPPCHECK_OPTS + [ad518cb36279] + +2014-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Older shells don't support unset. + [8762e40871ab] + + * configure, configure.ac, include/sudo_compat.h, + lib/util/inet_ntop.c, src/net_ifs.c: + Fix inet_ntop() replacement on older systems without it. We only + expose the prototype for net_ifs.c due to the use of socklen_t. + [18b95ca378ab] + + * lib/util/sudo_debug.c: + Dynamically allocate debug_fds bitmap and realloc as needed. + [e858199414f6] + + * Makefile.in, include/sudo_debug.h, lib/util/Makefile.in, + lib/util/sudo_debug.c, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, + plugins/system_group/Makefile.in, src/Makefile.in, src/exec.c: + Use generic bitmap macros instead of select-style fd_set. + [c382edc413be] + + * lib/util/sudo_debug.c: + Replace sudo_debug_num_instances with sudo_debug_max_instance + [12625fd174a4] + + * plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + Don't call into the debug subsystem after we've deregistered the + plugin's instance. + [fca7279d2f40] + + * lib/util/sudo_debug.c: + Only fill in subsystem_ids[] for the instance if the caller passed + in an array for it. If the caller only wants the default subsystems + we don't actually need ids[]. + [07939da6d3a5] + + * lib/util/Makefile.in: + Link with -ldl if needed when built with --disable-shared-libutil/ + [542eeffaf57d] + + * src/regress/ttyname/check_ttyname.c: + Fix includes order. + [ddd58edba5af] + + * lib/util/util.exp.in: + Remove extra newline mistakenly introduced in rev 9682. + [36a40e308bbc] + + * plugins/sudoers/Makefile.in: + Fix typo in unset. + [2c5fbe4c9a54] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c: + Set debug instance for standalone programs. + [306225438408] + + * plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + src/net_ifs.c: + Fix compilation issues, fallout from the debug changes. + [aff5bb3d0322] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + regen + [bbb69f299d1f] + + * configure, configure.ac: + Sudo 1.8.12 + [8d9b15c1de44] + + * NEWS: + Update with debug system changes and revent bug fixes. + [44133de1dee2] + + * include/sudo_debug.h, lib/util/sudo_conf.c, lib/util/sudo_debug.c, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h: + When registering with the debug subsystem, the caller now passes in + an arrary of ints that gets filled in with the subsytem IDs to be + used in debug_decl. + [80e80ba194f7] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + sudoers_debug_instance is now included in libparsesudoers so we + don't need to declare it here. + [a56f79e6fcf8] + +2014-10-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, include/sudo_debug.h, lib/util/sudo_debug.c, + lib/util/ttysize.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + The sudoers plugin now defines its own list of debugging subsystem + names and defines. + [e85d0375e059] + + * MANIFEST, include/sudo_debug.h, lib/util/aix.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c, + lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c, + lib/util/ttysize.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/base64.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/logwrap.c, + plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + src/Makefile.in, src/exec.c, src/exec_common.c, src/exec_pty.c, + src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c, + src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: + Add support for multiple Debug lines per program. Callers may + register arbitrary debug facilities or use built-in defaults. We now + use separate Debug statements for plugins and programs. + [5e553cbbfbb1] + + * MANIFEST, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_conf.h, include/sudo_debug.h, + lib/util/Makefile.in, lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test7.in, + lib/util/regress/sudo_conf/test7.out.ok, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/solaris_audit.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h, src/hooks.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, + src/sudo_plugin_int.h: + Change how sudo.conf is parsed. We now do a quick parse and then set + the values after the entire file has been parsed. This lets us init + the debug system earlier. Plugin-specific debug flags are now stored + in struct plugin_info and struct plugin_container and passed to the + plugin via one or more debug_flags settings. + [62fb1102e1e2] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Return settings from parse_args as struct sudo_settings and format + for the plugin at plugin open time. This will allow for additional, + plugin-specific settings to be added to the array. + [167929871b94] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/load_plugins.c, + src/sudo.c, src/sudo_plugin_int.h: + Pass plugin path in the settings array. + [45bc2d087115] + + * plugins/sudoers/parse.c: + Remove an unneeded NULL check to quiet a cppcheck warning. + [64cb92122658] + +2014-10-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Set locale to C for visudo and testsudoers regression tests. Bug + #672 + [adf7997a0a65] + +2014-10-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/linux_audit.c: + Fix logic bug. We only want to return -1 from linux_audit_open() + when audit_open() fails and errno is not one of EINVAL, + EPROTONOSUPPORT, or EAFNOSUPPORT. For those errno values, we return + AUDIT_NOT_CONFIGURED which is not a fatal error. Bug #671 + [6f0d8f1c7648] + +2014-10-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Add back fix for Bug #663 + [a3dfc76ee776] + +2014-10-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + The older style bash function exporting is not used by post- + shellshock versions of bash. + [223efe328e86] + + * plugins/sudoers/env.c: + Apple uses a different variant of the BASH_FUNC prefix for bash + functions. + [ea13c8c2a716] + +2014-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Remove change that is part of 1.8.12 not 1.8.11p1 + [8fdad4c4f314] + + * NEWS, configure, configure.ac: + Update for sudo 1.8.11p1 + [80e9898f7c04] + + * src/regress/ttyname/check_ttyname.c: + Only check stdin for the tty and avoid the check entirely if we + don't have a way to get the tty from the kernel. Bug #643 + [deb799e16416] + + * lib/util/sudo_debug.c: + Make a copy of ap in sudo_debug_vprintf2() in case the static buffer + is not big enough and we need to call vasprintf(). + [a5d32b9d63be] + + * src/sudo.c: + Avoid comparing new cwd with old one if getcwd() failed. Bug #670 + [e99093578ca7] + + * plugins/sudoers/env.c: + Fix debugging printout output for env_should_keep() + [a9e7ea4b6751] + +2014-10-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, include/Makefile.in: + Use INSTALL_OWNER instead of -O/-G flags so we can work with the + autotools install-sh too. Bug #669 + [a5f87f6a52b7] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Move sudo_printf to policy.c to match sudo_conv. + [f2d6065c3daf] + +2014-10-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, include/sudo_fatal.h, lib/util/Makefile.in, + lib/util/fatal.c, lib/util/sudo_printf.c, lib/util/util.exp.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sudo_printf.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Add sudo_warn_set_conversation() to specify a conversation function + to use for warn/fatal. If no conversation function is specified, the + standard error will be used. We now only need sudo_printf() for + things that use the parser. + [d6049e53e3e3] + +2014-10-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Use correct names when referring to subsections in the sudoers + manual. + [7a016916f0ab] + +2014-10-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, config.h.in, configure, configure.ac, + lib/util/inet_ntop.c, src/net_ifs.c: + Use inet_ntop() instead of inet_ntoa() and include a version for + systems that are missing it. + [1a1a70dba9c0] + +2014-10-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Fix detection of functions in network libs like -lsocket, -lnsl and + -linet when we have already added those libs to NET_LIBS. Fixes a + problem where inet_pton() was not detected on Solaris. + [27e10183649e] + + * NEWS: + Mention --disable-shared-libutil fix. + [7efe70688237] + + * src/Makefile.in: + Always use --tag=disable-static to avoid installing a static + sudo_noexec. + [5d7d58879f99] + + * configure, configure.ac, lib/util/Makefile.in, + plugins/sudoers/Makefile.in: + Instead of building libutil statically for --disable-shared-libutil, + just treat it as a convenience library. Do the same with sudoers for + --enable-static-sudoers. Fixes link errors on Solaris among others + when --disable-shared-libutil is used. + [c5357fe78ab7] + + * configure, configure.ac, lib/util/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in: + Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the + compiler-specific option to restrict symbol exporting. + [09e8dab6f528] + + * src/preload.c: + Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a + build issue on Solaris. + [b8917967df41] + +2014-09-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/regress/ttyname/check_ttyname.c: + Fix cust & pasto in error message when there is a mismatch between + the sudo and libc ttys. From Diego Elio Petteno'. Bug #643 + [87d5f1a49535] + +2014-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Add BASH_FUNC_* to environment blacklist for newer-style bash + functions. + [b6e66c4a782e] + + * Makefile.in: + Pull additional password prompts out of mkpkg instead of hard-coding + them. + [d2a6da883b34] + + * NEWS: + Add post-1.8.11 changes + [11169ace8fa4] + + * Makefile.in, configure.ac, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/po/sudoers.pot: + Add a space after "Password:" in default password prompt so it is + easier to read when pwfeedback is enabled. + [a7750d845b5b] + + * plugins/sudoers/auth/sudo_auth.c: + Simplify how we count the password tries + [71b9f2021561] + + * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c: + Block SIGINT and SIGQUIT while verifying passwords so that + authentication modules that use sleep() are not interrupted. If the + user interrupted authentication, exit the loop. + [1cfafd7fcb13] + + * configure, configure.ac: + Remove Convex support; it is not modern enough to run sudo 1.8. + [c3bdfbb2ee11] + + * configure, configure.ac: + Only check for -lshadow if we haven't already found getspnam() in + libc. Rather than treat this specially, just add -lshadow as another + place to search in addition to -lgen. + [fdf06757f25d] + +2014-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sudo_auth.c: + If all authentication methods fail init/setup, fail with an error. + [4cd0481bf05e] + + * plugins/sudoers/auth/sudo_auth.c: + Move pass_warn() so that it is defined before it is called(). + [6ea697e89fef] + +2014-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Remove duplicate Requires: line in generated rpm spec file. + [335703b110c7] + + * pp: + In pp_files_expand() set _target to be empty. Fixes a problem with + Solaris sh where simply using typeset doesn't causes the variable to + be treated as local so we can inadvertantly inherit a value from a + previous call. + [f3cecca3c7b0] + +2014-09-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Fix version for release. + [39f6a2e9a098] + +2014-09-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, pathnames.h.in: + Only redefine _PATH_BSHELL on AIX if we included paths.h. + [2dd4e808f69f] + + * NEWS: + Bug 661 + [7f2b278086b2] + + * pathnames.h.in, src/exec_common.c, src/sudo.c: + On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh + (which is usually ksh). This makes sudo's behavior when executing a + shell without the #! magic number match execvp() on AIX. + [2b438ff99991] + + * pathnames.h.in: + Whitespace changes. + [107f66ecfa54] + + * configure, m4/sudo.m4: + Prefer /usr/bin/sh to /bin/sh to match modern systems. + [9e2ccb5b239f] + + * NEWS, lib/util/Makefile.in: + Don't use SSP_CFLAGS or PIE_CFLAGS when building mksiglist/mksigname + as they are built with the host compiler which may be different when + cross-compiling. From Gustavo Zacarias. Bug 662. + [f1a6d58c0baa] + +2014-09-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, + po/pt_BR.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + Sync with translationproject.org + [588c41d2eab5] + +2014-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudo_nss.c: + Make sure we can't insert an nss entry in the list that has already + been used before. + [b5fab945991b] + + * plugins/sudoers/visudo_json.c: + Use correct gettext macro with sudo_warnx() + [0a532986b016] + + * NEWS: + Make nsswitch.conf bug fix description more accurrate. It affects + the "files" nsswitch source too. + [a29cce3a3ee9] + + * NEWS: + Mention nsswitch.conf duplicate entry fix. + [f8a45b59a577] + +2014-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c, plugins/sudoers/sudoers.h: + Make sudoers file nsswitch functions static to parse.c since they + are self-contained. + [cf22385d0659] + + * plugins/sudoers/sudo_nss.c: + Fix infinite loop when mulitple sudoers entries are present in + nsswitch.conf. From Daniel Kopecek. + [e773e0eee736] + +2014-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Fix for bug #660 + [e25192ad79cc] + + * src/get_pty.c: + Fix compilation on systems without openpty(), _getpty() or + grantpt(). From Vasilyy Balyasnyy + [897280412e3e] + +2014-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/conversation.c: + Remove remaining use of SUDO_CONV_DEBUG_MSG. + [4ee756b687ea] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h: + SUDO_CONV_DEBUG_MSG is no longer supported. + [7bf46cf06578] + + * doc/sudo.conf.cat, doc/sudoers.cat: + regen + [5bff0d4d3956] + + * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/sudo_printf.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c: + There is no longer a reason for the plugin to init the debug + subsystem itself. It will always be initialized by the front-end if + needed. + [970dd80a9e3c] + + * include/sudo_alloc.h, include/sudo_compat.h, include/sudo_fatal.h: + Add function arg names to prototypes where missing. + [e78dc4c48521] + + * lib/util/alloc.c: + Remove obsolete definition of SIZE_T which is now handled by + sudo_compat.h and rename the format arg to fmt in + sudo_evasprintf_v1() for consistency with sudo_easprintf_v1(). + [72c0fc5e5114] + + * src/parse_args.c: + If we were invoked with any name ending in "edit", treat as + sudoedit. + [d307572f08bc] + +2014-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * po/sudo.pot: + regen + [31c115ffbba8] + + * src/exec.c, src/exec_pty.c, src/signal.c: + Check return value of sigaction(), even though it should never fail. + [75c578e6a07c] + +2014-09-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/Makefile.in, src/Makefile.in: + regen + [2fcb390e8e89] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_hexchar.c: + Add hexchar unit test + [de65e0ded4a2] + + * plugins/sudoers/regress/parser/check_addr.c: + Avoid division by zero if there was no test data. + [de3324077ba0] + +2014-09-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/event.c: + Remove confusing comment. + [ee1765a06b94] + + * lib/util/sudo_debug.c: + Use a stack buffer for the debug message when possible, most are + small. + [945fb94a7aaf] + +2014-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, po/ca.mo, + po/ca.po: + Sync with translationproject.org + [661d536a7599] + +2014-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Convert a debug printf to a user-visible warning. + [c3866eaea3ec] + + * include/sudo_fatal.h, include/sudo_util.h, lib/util/fatal.c: + Move sudo_printf extern to sudo_util.h + [50275ef999e9] + + * include/sudo_fatal.h, include/sudo_lbuf.h, lib/util/fatal.c, + lib/util/lbuf.c: + Some versions of the HP C Compiler don't export functions that take + function pointers as arguments unless a typedef is used. + [97cc0525dbd7] + + * include/sudo_lbuf.h: + Work around a bug in the HP C compiler. + [5c902aefeba6] + + * lib/util/lbuf.c: + Don't need sudo_fatal.h + [bccfe4df4794] + +2014-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * po/da.mo, po/da.po: + Sync with translationproject.org + [7910e3fc0f3e] + + * src/exec.c: + Remove signal_event from evbase before calling sudo_ev_loopexit() + when the command has exited or been killed. It is possible that we + could receive another signal on the pipe if they are delivered out + of order. + [b8ed1c9482b4] + +2014-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Treat EOF on signal pipe (which should never happen) as ECONNRESET. + [eb57e9047a2c] + + * include/sudo_event.h, lib/util/event.c, src/exec_pty.c: + Don't allow sudo_ev_loopcont() to override sudo_ev_loopexit() + [b6b53eacbc61] + + * include/sudo_event.h, lib/util/event.c, lib/util/event_poll.c, + lib/util/event_select.c: + Add some internal convenience functions. + [b01063d82347] + +2014-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Fix osrelease sed expression. It wasn't matching distros with a + single digit version such as sles9. + [44f3e9b7e6c0] + + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo, + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo, + po/fi.po, po/it.mo, po/it.po, po/nb.mo, po/nb.po, po/pl.mo, + po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/uk.mo, + po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po: + Sync with translationproject.org + [5b2c6063db75] + + * plugins/sudoers/iolog.c: + Return -1 from logging functions if we get a write error. + [a3ae43d54101] + + * NEWS: + Mention I/O plugin changes. + [0bd2e99fe87a] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c: + Change behavior when plugin I/O logging function returns 0 or -1. + For -1 (error) return, we now kill the command and disable the I/O + logging function that returned the error. For a 0 (reject) return, + we no longer display the rejected output to the user's terminal. The + plugin API revision is now 1.6. + [27bb504860f3] + + * doc/sudoers.cat: + regen to fix version. + [641ea29b7dd3] + + * plugins/sample/sample_plugin.c: + Add trivial dirty word check to the sample output logging function. + [a14494b87b4d] + +2014-08-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for 1.8.11b2 + [72ac1f26ba78] + + * src/sudo_edit.c: + Fix restoration of effective uid/gid in command_details. This masked + the effects an unset (really zero) egid. Bug 656 + [b75eed459386] + + * src/sudo.c: + Set runas egid to the same value as runas gid if egid not specified + by the plugin. Only affects new files created by sudoedit. Bug #656 + [f2daabba4912] + + * src/sudo_edit.c: + Don't leak temp fd in sudo_edit_copy_tfiles(). Fix fd leak in error + path in sudo_edit_copy_tfiles(). + [465d6a79b5cf] + +2014-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + fix typo + [a4659abcbc1d] + + * src/signal.c: + We write an unsigned char, not an int, to the signal pipe. + [fae4217be608] + +2014-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Sprinkle some debugging around uid/gid setting in sudoedit. + [15e4a337f0b0] + + * src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/sudo_exec.h: + Make sudoedit work with SELinux RBAC. Adapted from RedHat patches + (Daniel Kopecek) but made to behave a bit more like the non-SELinux + bits. + [8f3f7969220f] + + * src/sudo_edit.c: + Refactor code that copies temp files into separate functions. + [b1057f4bee87] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Fix typo, .em should be .Em + [ec28aa3bdd6a] + +2014-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sesh.c: + Add missing call to initprogname(). + [71040679765f] + + * lib/util/sudo_debug.c, lib/util/sudo_printf.c: + Don't recurse infinitely until we blow the stack when the debug file + can't be opened in the front-end. The conversation-type debug mode + will be removed in the future. + [38cd1a6343c2] + +2014-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Only use the first two digits of the version number. Fixes a problem + on RHEL 7 which has version numbers like 7.0.1406 + [272727fd57fb] + + * plugins/sudoers/linux_audit.c: + Fix return value when kernel has no audit support. + [7ca1c9857058] + + * lib/util/progname.c: + remove unused label + [4179ea1ffa3a] + +2014-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, autogen.sh: + Update to automake 1.14 (no code changes). + [5e04db4f7c5d] + +2014-08-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document the interaction between sudoers environment handling and + the pam_env module. + [bd56868f078c] + + * plugins/sudoers/env.c: + Don't allow pam_env to overwrite existing variables when env_reset + is disabled unless the variables match the black list and would + normally be removed. It may just be better to never overwrite when + env_reset is disabled. + [e0ae88fce535] + +2014-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Update year range to include 2014 + [6b3b5f3fa791] + +2014-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/Makefile.in: + Remove regress .err files in distclean target. + [d66a4f1db130] + + * lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in: + Remove generated files for linker as part of distclean. + [5d1bf6c32c6b] + + * .hgignore: + Ignore .out and .err files in lib/util regress + [9f4d91e77c0f] + + * NEWS: + Add additional 1.8.11 changes and fix typos. + [7980e2abb6ea] + + * configure, configure.ac, plugins/sudoers/Makefile.in: + Avoid building/running the check_symbols test program unless we are + building a shared sudoers plugin. + [a6bde1a12111] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Remove two instances of -no-fast-install that were missed before. + [8a2c89cdf252] + + * INSTALL, NEWS, configure, configure.ac, lib/util/Makefile.in: + Add --disable-shared-libutil configure option. It may only be used + in conjunction with the --enable-static-sudoers option. + [e19c71464399] + +2014-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/Makefile.in: + Remove noop man.sed files Use full path instead of $@.in when + calling config.status with --file=- + [53c69928427e] + + * src/preserve_fds.c: + Fix "sudo -C" when we have internal fds to preserve from + closefrom(). + [942db66345ea] + +2014-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/env.c: + Add explicit support for matching the full environment string + (name=value). Bash functions may now be preserved for full matches, + but not for name-only matches. + [f4d816e11f66] + +2014-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * .hgignore: + Ignore lib/util/util.exp + [e08306ca6a6d] + +2014-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Fix exporting of asprintf/vasprintf symbols. + [5ff59bdeb501] + + * configure, configure.ac: + Don't export getaddrinfo symbols if we found the function in a + library. + [3bf4a5d3cfdb] + + * src/sudo_edit.c: + It is now sudo_efree() not efree(). Don't try to free a pointer to + garbage on error. + [51a1ddaa220d] + + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: + Regen .pot files + [8c46fe51d32e] + +2014-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Plug memory leak, even though we are headed for exit. + [e2b28ddffabe] + + * configure, configure.ac, lib/util/Makefile.in, + plugins/sudoers/Makefile.in: + If getaddrinfo() is missing libsudoutil may need to pull in + networking libraries. + [4d6724d54927] + + * MANIFEST, configure, configure.ac, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/util.exp, lib/util/util.exp.in, + m4/sudo.m4: + Only include functions in util.exp that are actually in the library. + Fixes a problem on Solaris where undefined functions that are listed + as exported in the map file result in a link error. Also make sure + we use our glob.c if the system is missing glob(). + [3121ad215f1e] + + * configure, configure.ac: + Make sure shadow libs don't end up in LIBS, only SUDOERS_LIBS (and + SUDO_LIBS if set_auth_parameters() or initprivs() are present. + [fb084b157c76] + + * configure.ac: + No need to AC_SUBST HAVE_BSM_AUDIT and HAVE_SOLARIS_AUDIT + [5d73ccf3a7b9] + +2014-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Attempt to handle systems with SA_SIGINFO but that lack SI_USER. + [0c8b09861ad5] + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Replace use of HAVE_GETCWD with PREFER_PORTABLE_GETCWD. It is safe + to assume getcwd() exists, we just need to handle broken ones. + [e897223a8f38] + + * config.h.in, configure, configure.ac, plugins/sudoers/Makefile.in: + Add check for inet_ntoa() since it may live in libnsl. Make getcwd() + replacement private to the SunOS 4 section. + [8e2cd0fdd6cd] + + * plugins/sudoers/match.c: + Avoid mixing declarations and code for non-C99 compilers. + [1fa5cf2356fd] + + * include/sudo_debug.h: + For C89, use "const char __func__[]" instead of "const char + *__func__". + [c4e9f9d6691b] + + * plugins/sudoers/match.c: + Fix compilation on systems w/o netgroups. + [57deb66ef8ff] + +2014-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/preserve_fds.c: + Back out old workaround for sudoedit hang when debugging was + enabled. + [f547bf80c436] + + * src/sudo_edit.c: + Don't memcpy() the preserved_fds TAILQ as the pointers into the head + will be wrong. All we need to do is save the old command details and + restore them after calling run_command(). Fixes a hang with sudoedit + when debugging is enabled. + [84ff8e1f490a] + +2014-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + The default policy close function should only print an error message + if the error_code is non-zero. + [2032c9e33e3f] + + * src/preserve_fds.c: + If there the preserved fds list is empty, add a new element with + TAILQ_INSERT_HEAD instead of TAILQ_INSERT_TAIL to avoid an infinite + loop on AIX, Solaris and possibly others when debug mode is active. + [63cefe22c515] + + * lib/util/progname.c: + Remove support for getting program name via /proc as pr_fname is + usually filled in after symbolic links have been processed, even on + Solaris. + [0460c613753c] + + * lib/util/Makefile.in: + Use shlib_enable instead of soext when determining whether to + install the library. + [d46640a7733c] + + * lib/util/regress/atofoo/atofoo_test.c: + Avoid potential division by zero + [6411d276a138] + + * lib/util/Makefile.in: + Don't link progname test with libsudo_util, just link in progname.lo + directly since that is all we need. Avoid a linker issue on darwin. + [ee6210ee5cc0] + + * lib/util/progname.c: + Remove pstat_getproc() path as pst_ucomm on HP-UX will return the + target of a symbolic link and not the name of the link itself. Avoid + using pr_fname on AIX for the same reason. Bug 654 + [36aced8e3714] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/progname/progname_test.c: + Add test for getprogname() and symbolic links; bug 654 + [fbbe9faeda46] + +2014-07-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Document tracing + [cfd7f14d596d] + +2014-07-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * lib/util/util.exp: + sudo_term_{erase,kill} are regular symbols not functions. + [3454a9c1328b] + +2014-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Fix NULL deref if base64_decode returns -1. + [d03e207b1bb8] + + * MANIFEST, include/missing.h, include/sudo_compat.h, + lib/util/Makefile.in, lib/util/aix.c, lib/util/alloc.c, + lib/util/clock_gettime.c, lib/util/closefrom.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c, + lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c, + lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/glob/globtest.c, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c, + lib/util/strsignal.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/sudo_printf.c, + lib/util/term.c, lib/util/ttysize.c, lib/util/utimes.c, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/base64.c, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/hexchar.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/redblack.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/locale_stub.c, src/net_ifs.c, src/preload.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h, + src/sudo_noexec.c: + Rename missing.h -> sudo_compat.h + [ddcc945a0f87] + + * MANIFEST, include/secure_path.h, include/sudo_util.h, + lib/util/Makefile.in, lib/util/secure_path.c, lib/util/sudo_conf.c, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Merge secure_path.h -> sudo_util.h + [0385dfbf2e2d] + + * include/secure_path.h, include/sudo_alloc.h, include/sudo_conf.h, + include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h, + include/sudo_lbuf.h, include/sudo_util.h, lib/util/aix.c, + lib/util/alloc.c, lib/util/event.c, lib/util/fatal.c, + lib/util/gidlist.c, lib/util/key_val.c, lib/util/lbuf.c, + lib/util/locking.c, lib/util/parseln.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/strtobool.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/sudo_dso.c, + lib/util/term.c, lib/util/ttysize.c, lib/util/util.exp, + plugins/sudoers/locale.c, src/locale_stub.c: + Version the functions in libsudo_util + [c6d6eba95bb4] + +2014-07-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/gettext.h, include/sudo_gettext.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/alloc.c, lib/util/fatal.c, + lib/util/gidlist.c, lib/util/strsignal.c, lib/util/strtoid.c, + lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, src/sesh.c, + src/sudo.h: + Rename gettext.h -> sudo_gettext.h + [7f6b44473b8f] + + * include/fatal.h, include/sudo_fatal.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/alloc.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/getopt_long.c, lib/util/gidlist.c, lib/util/lbuf.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, plugins/sudoers/Makefile.in, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: + Rename fatal.h -> sudo_fatal.h + [bef3401dbb24] + + * include/queue.h, include/sudo_conf.h, include/sudo_event.h, + include/sudo_queue.h, lib/util/Makefile.in, lib/util/fatal.c, + lib/util/regress/tailq/hltq_test.c, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/hooks.c: + Rename queue.h -> sudo_queue.h to avoid collisions with the system + version. + [473614fdde5a] + + * include/sudo_debug.h, lib/util/sudo_debug.c: + Conver sudo_debug_write() to a macro + [0f110f27a23c] + +2014-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/fixman.sh, doc/fixmdoc.sh: + Fix man page post-processing; it was deleting more than intended. + [716af03dcfb7] + +2014-07-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/Makefile.in: + Remove double $(srcdir) when running sed scripts. + [16add67ae550] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + "an EXEC tag" not "a EXEC tag" + [9ac1b8e322f9] + + * doc/sudoers.cat: + Document that I/O logging is not enabled by default. + [08fca95dd5a4] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that exec_background is off by default. + [87fe5defff58] + +2014-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sesh.c: + Error out if sesh is run as a login shell but the shell it needs to + run has no slash. This shouldn't happen in practice. + [10ff502888ee] + + * MANIFEST, include/compat/mksiglist.h, include/compat/mksigname.h, + lib/util/Makefile.in, lib/util/mksiglist.c, lib/util/mksiglist.h, + lib/util/mksigname.c, lib/util/mksigname.h: + Move mksiglist.h and mksigname.h to lib/util where they belong. + [d01046c69060] + + * config.h.in, configure, configure.ac, include/missing.h, + lib/util/progname.c, lib/util/util.exp, plugins/sudoers/Makefile.in: + Avoid passing -no-fast-install to libtool as this results in the + build dir being left in the library path of the installed + executable. Instead, we remove the "lt-" prefix from the program + name in initprogname() so that the regress test output is unaffected + by libtool's binary wrapper. + [75d1563e95b4] + + * sudo.pp: + Fix syntax error with some shells. + [91e8da7702c5] + +2014-07-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Force libtool to use runtime linking on AIX so that it installs the + plugins as .so files and not .a files. + [ae66488bd9ca] + + * plugins/sudoers/ldap.c: + Be sure to NUL-terminate the decoded secret when converting from + base64. + [b3dc463c8882] + + * plugins/sudoers/ldap.c: + Fix a pointer signednes warning calling base64_decode(). + [74f7354867a3] + + * lib/util/getgrouplist.c: + Use sudo_strtoid() now that it is located in the same library. + [4868532e2d65] + + * lib/util/strtoid.c: + Skip leading space (ala strtol) so that we can pick up the sign even + if it is not the first character of the string. + [148ee633c6a4] + +2014-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + For sudoedit, audit the actual editor being run, not just the + sudoedit command. + [59a5b0ad36af] + + * src/selinux.c: + Audit failed user role changes. RedHat bz #665131 + [cf9777687124] + + * plugins/sudoers/Makefile.in: + Avoid running check_symbols for static sudoers + [71b13bada1ce] + + * plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test3.sh: + Adapt to unused alias changes. + [4b58e36c3d8f] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c: + An unused alias is not really an error, even in strict mode. RedHat + bz #604297 + [f10b3b7ec5a6] + + * src/sesh.c: + When running a login shell via sesh, make new argv[0] -shell, not + /path/to-shell. RedHat bz #1065418 + [414cb512f102] + +2014-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + The RHEL sudo package allows users in group wheel to run sudo. + [9f22020a57cf] + + * Makefile.in, sudo.pp: + Avoid packaging parent directories when they are system directories. + Currently we just skip this when prefix is /usr + [93ccede545cd] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 + [1c99a4fd9c7d] + + * mkpkg: + RHEL 6 and above use /etc/sudo-ldap.conf not /etc/ldap.conf + [ce3216e4390a] + + * pp: + For rpm, do not specify a mode in %attr for symbolic links. Avoids + the warning "Explicit %attr() mode not applicaple to symlink" + [3f5a80ed5081] + +2014-07-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_alloc.h, lib/util/aix.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/lbuf.c, lib/util/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c, + src/net_ifs.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sudo.c, + src/ttyname.c: + efree -> sudo_efree for consistency + [7dfd16fbb6cf] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat, + doc/sudoers.cat, doc/sudoreplay.cat, doc/visudo.cat: + regen + [a1d38600d34c] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Add support for base64 secrets in ldap.conf and ldap.secret. Based + on an idea from anthony AT rlost DOT com + [4999b78f8b6d] + +2014-07-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Don't use the HP compiler in preference to gcc. Some versions have + trouble compiling lbuf.c. + [322daf03ab6f] + +2014-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Remove @SOEXT@ and @SHLIB_EXT@ now that we use libtool to install + shared objects. Instead, use the new @SHLIB_ENABLE@ that is set to + the value of $enable_dlopen. For sudo_noexec.so there is nothing + special to do since the install-noexec target is only called when + noexec is enabled by configure. + [4447190f212b] + + * configure, configure.ac: + Make dynamic shared objects non-writable on HP-UX. Using writable + DSOs can substantially increase the load time. + [8715aff11063] + + * include/fatal.h, lib/util/fatal.c, lib/util/util.exp, + plugins/sudoers/locale.c, src/locale_stub.c: + Add sudo_warn_strerror() that wraps strerror() with calls to + setlocale() in sudoers so we always get the error string in the + user's locale. Also change _warning() to take the error number as a + parameter instead of examining errno. + [cc38a8389a7b] + +2014-07-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Avoid a cppcheck warning when NSIG is not defined. + [f8e5e92bab60] + + * include/missing.h: + Fix typos in utimes/futimes macros. + [10f022d933c2] + +2014-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [e351d905c0c9] + + * configure.ac: + Fix sudo when --disable-shared configure option was specified. + [07899f6b43f0] + + * configure, m4/libtool.m4: + Do not set an internal name for HP-UX modules, only archives. This + works around a problem with some versions of HP-UX ld where setting + an internal name that doesn't end in .sl causes link errors. + [9a049adb22aa] + + * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/system_group/Makefile.in: + Never build build static versions of other plugins. + [52123c4c17bc] + + * lib/util/Makefile.in: + Don't build a static libsudo_util.a unless we are linking sudoers + statically. + [9c3327977dff] + +2014-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, lib/util/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Use libtool to install/uninstall the plugins and sudo_noexec. + [18ae09c53f2e] + + * configure, ltmain.sh, m4/libtool.m4: + Fix my typos in the HP-UX libtool patch + [6e70066d86bb] + +2014-06-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention Solaris audit. + [d90efa19ca16] + + * INSTALL, MANIFEST, config.h.in, configure, configure.ac, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/solaris_audit.c, plugins/sudoers/solaris_audit.h: + Add Solaris audit support; from Gary Winiger at Oracle. + [6f68a27e53f5] + + * MANIFEST: + Sync MANIFEST with file name changes. + [d9958df5f9da] + + * plugins/sudoers/toke.c: + regen + [ad82b20093c3] + + * include/sudo_util.h, lib/util/Makefile.in, lib/util/atobool.c, + lib/util/atoid.c, lib/util/atomode.c, lib/util/getgrouplist.c, + lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c, + lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c, + lib/util/sudo_conf.c, lib/util/util.exp, + plugins/group_file/getgrent.c, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/policy.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo_json.c, + plugins/system_group/system_group.c, src/sudo.c: + atobool -> sudo_strtobool atoid-> sudo_strtoid atomode -> + sudo_strtomode + [aefe6f09f4a4] + + * lib/util/alloc.c, lib/util/event_select.c: + Fix regexp damage when renaming erecalloc() -> sudo_erecalloc() + [d772a34032cc] + + * src/sudo_edit.c: + Handle systems like AIX that lack a way to set the modification time + on open fds. + [b93c0a55c21b] + + * MANIFEST: + update MANIFEST for alloc.h -> sudo_alloc.h change + [ce240c682554] + + * include/alloc.h, include/sudo_alloc.h, lib/util/Makefile.in, + lib/util/aix.c, lib/util/alloc.c, lib/util/event.c, + lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c, + lib/util/gidlist.c, lib/util/lbuf.c, lib/util/sudo_conf.c, + lib/util/sudo_debug.c, lib/util/util.exp, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/env_hooks.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/preserve_fds.c, + src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/ttyname.c: + Add sudo_ prefix to alloc.c functions and rename alloc.h -> + sudo_alloc.h + [3a19f5391442] + + * lib/util/fatal.c: + Remove extra sudo_ prefix from vfatalxnodebug and vfatalx_nodebug. + [819ad8075005] + + * MANIFEST, include/fileops.h, include/sudo_util.h, + lib/util/Makefile.in, lib/util/fileops.c, lib/util/locking.c, + lib/util/parseln.c, lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/sudo_conf.c, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.h, src/Makefile.in, src/sudo.h: + Split fileops.c into parseln.c and locking.c + [361ea81e88d9] + + * include/fatal.h, include/gettext.h, lib/util/aix.c, + lib/util/alloc.c, lib/util/fatal.c, lib/util/getopt_long.c, + lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c, + lib/util/util.exp, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/hooks.c, src/load_plugins.c, src/locale_stub.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c, + src/tgetpass.c, src/ttyname.c, src/utmp.c: + Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace + pollution in libsudo_util.so. + [4eb69f501113] + +2014-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_util.h, lib/util/term.c, lib/util/ttysize.c, + lib/util/util.exp, plugins/sudoers/sudoreplay.c, src/exec_pty.c, + src/sudo.c, src/tgetpass.c: + Reduce name space pollution in libsudo_util.so + [215e4413529a] + + * src/solaris.c: + Use sudo_dso_load() from libsudo_util.so instead of dlopen() since + we no longer link sudo directly with libdl.so. + [fe6942873c2d] + + * MANIFEST, Makefile.in, doc/Makefile.in, include/alloc.h, + include/compat/fnmatch.h, include/compat/getaddrinfo.h, + include/compat/getopt.h, include/compat/glob.h, + include/compat/sha2.h, include/fatal.h, include/fileops.h, + include/lbuf.h, include/missing.h, include/secure_path.h, + include/sudo_conf.h, include/sudo_debug.h, include/sudo_dso.h, + include/sudo_event.h, include/sudo_util.h, install-sh, + lib/util/Makefile.in, lib/util/fatal.c, lib/util/getaddrinfo.c, + lib/util/pw_dup.c, lib/util/regress/fnmatch/fnm_test.c, + lib/util/sudo_dso.c, lib/util/sudo_printf.c, lib/util/term.c, + lib/util/util.exp, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/match.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, + plugins/system_group/Makefile.in, src/Makefile.in, src/parse_args.c, + src/preload.c: + Add exported libsudo_util functions to util.exp and mark in headers + using __dso_public. + [18faff6ab915] + + * include/fatal.h, lib/util/fatal.c, lib/util/util.exp, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c: + Remove use of setjmp/longjmp in the sudoers plugin. We no longer + call fatal() except in the malloc wrappers and due to libsudo_util + there is now a single copy of fatal/fatalx. + [109407210f9c] + + * NEWS, configure, configure.ac: + Sudo 1.8.11 + [5fb775825aab] + + * include/fileops.h, lib/util/fileops.c, lib/util/util.exp, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Remove touch() from fileops.c and just call utimes/futimes directly. + Rename lock_file -> sudo_lock_file to avoid namespace pollution + [ec08128b6900] + + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, + lib/util/fmt_string.c, lib/util/key_val.c, lib/util/util.exp, + plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, + src/Makefile.in, src/exec_common.c, src/parse_args.c, src/sudo.c: + Rename fmt_string -> sudo_new_key_val to better describe its + function. + [f9061e319cc3] + + * include/sudo_util.h, lib/util/gidlist.c, lib/util/util.exp, + plugins/sudoers/policy.c, src/sudo.c: + Rename parse_gid_list -> sudo_parse_gids to avoid namespace + pollution. + [d88f3cab97e1] + + * MANIFEST, Makefile.in, include/lbuf.h, include/sudo_lbuf.h, + lib/util/Makefile.in, lib/util/lbuf.c, lib/util/util.exp, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/Makefile.in, src/parse_args.c: + Don't pollute the namespace with lbuf struct and functions + [7859e3c22fb9] + + * config.h.in, configure, configure.ac, include/compat/fnmatch.h, + include/compat/getaddrinfo.h, include/compat/getopt.h, + include/compat/glob.h, include/missing.h, lib/util/clock_gettime.c, + lib/util/closefrom.c, lib/util/fnmatch.c, lib/util/getaddrinfo.c, + lib/util/getcwd.c, lib/util/getgrouplist.c, lib/util/getline.c, + lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mktemp.c, + lib/util/pw_dup.c, lib/util/sig2str.c, lib/util/snprintf.c, + lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strsignal.c, + lib/util/strtonum.c, lib/util/utimes.c: + Prefix all libc replacements with sudo_ and #define the real name to + the sudo_ version. That way we don't pollute the libc namespace. + [5cf7101479b8] + + * .hgignore, MANIFEST, Makefile.in, common/Makefile.in, common/aix.c, + common/alloc.c, common/atobool.c, common/atoid.c, common/atomode.c, + common/event.c, common/event_poll.c, common/event_select.c, + common/fatal.c, common/fileops.c, common/fmt_string.c, + common/gidlist.c, common/lbuf.c, common/progname.c, + common/regress/atofoo/atofoo_test.c, + common/regress/sudo_conf/conf_test.c, + common/regress/sudo_conf/test1.in, + common/regress/sudo_conf/test1.out.ok, + common/regress/sudo_conf/test2.in, + common/regress/sudo_conf/test2.out.ok, + common/regress/sudo_conf/test3.in, + common/regress/sudo_conf/test3.out.ok, + common/regress/sudo_conf/test4.in, + common/regress/sudo_conf/test4.out.ok, + common/regress/sudo_conf/test5.err.ok, + common/regress/sudo_conf/test5.in, + common/regress/sudo_conf/test5.out.ok, + common/regress/sudo_conf/test6.in, + common/regress/sudo_conf/test6.out.ok, + common/regress/sudo_parseln/parseln_test.c, + common/regress/sudo_parseln/test1.in, + common/regress/sudo_parseln/test1.out.ok, + common/regress/sudo_parseln/test2.in, + common/regress/sudo_parseln/test2.out.ok, + common/regress/sudo_parseln/test3.in, + common/regress/sudo_parseln/test3.out.ok, + common/regress/sudo_parseln/test4.in, + common/regress/sudo_parseln/test4.out.ok, + common/regress/sudo_parseln/test5.in, + common/regress/sudo_parseln/test5.out.ok, + common/regress/sudo_parseln/test6.in, + common/regress/sudo_parseln/test6.out.ok, + common/regress/tailq/hltq_test.c, common/secure_path.c, + common/setgroups.c, common/sudo_conf.c, common/sudo_debug.c, + common/sudo_dso.c, common/sudo_printf.c, common/term.c, + common/ttysize.c, compat/Makefile.in, compat/charclass.h, + compat/clock_gettime.c, compat/closefrom.c, compat/endian.h, + compat/fnmatch.c, compat/fnmatch.h, compat/getaddrinfo.c, + compat/getaddrinfo.h, compat/getcwd.c, compat/getgrouplist.c, + compat/getline.c, compat/getopt.h, compat/getopt_long.c, + compat/glob.c, compat/glob.h, compat/inet_pton.c, compat/isblank.c, + compat/memrchr.c, compat/memset_s.c, compat/mksiglist.c, + compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h, + compat/mktemp.c, compat/nss_dbdefs.h, compat/pw_dup.c, + compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, + compat/regress/glob/globtest.c, compat/regress/glob/globtest.in, + compat/sha2.c, compat/sha2.h, compat/sig2str.c, compat/siglist.in, + compat/snprintf.c, compat/stdbool.h, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/strtonum.c, + compat/timespec.h, compat/utime.h, compat/utimes.c, configure, + configure.ac, include/compat/charclass.h, include/compat/endian.h, + include/compat/fnmatch.h, include/compat/getaddrinfo.h, + include/compat/getopt.h, include/compat/glob.h, + include/compat/mksiglist.h, include/compat/mksigname.h, + include/compat/nss_dbdefs.h, include/compat/sha2.h, + include/compat/stdbool.h, include/compat/timespec.h, + include/compat/utime.h, lib/util/Makefile.in, lib/util/aix.c, + lib/util/alloc.c, lib/util/atobool.c, lib/util/atoid.c, + lib/util/atomode.c, lib/util/clock_gettime.c, lib/util/closefrom.c, + lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c, + lib/util/fatal.c, lib/util/fileops.c, lib/util/fmt_string.c, + lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c, + lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c, + lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c, + lib/util/isblank.c, lib/util/lbuf.c, lib/util/memrchr.c, + lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c, + lib/util/mktemp.c, lib/util/progname.c, lib/util/pw_dup.c, + lib/util/regress/atofoo/atofoo_test.c, + lib/util/regress/fnmatch/fnm_test.c, + lib/util/regress/fnmatch/fnm_test.in, lib/util/regress/glob/files, + lib/util/regress/glob/globtest.c, lib/util/regress/glob/globtest.in, + lib/util/regress/sudo_conf/conf_test.c, + lib/util/regress/sudo_conf/test1.in, + lib/util/regress/sudo_conf/test1.out.ok, + lib/util/regress/sudo_conf/test2.in, + lib/util/regress/sudo_conf/test2.out.ok, + lib/util/regress/sudo_conf/test3.in, + lib/util/regress/sudo_conf/test3.out.ok, + lib/util/regress/sudo_conf/test4.in, + lib/util/regress/sudo_conf/test4.out.ok, + lib/util/regress/sudo_conf/test5.err.ok, + lib/util/regress/sudo_conf/test5.in, + lib/util/regress/sudo_conf/test5.out.ok, + lib/util/regress/sudo_conf/test6.in, + lib/util/regress/sudo_conf/test6.out.ok, + lib/util/regress/sudo_parseln/parseln_test.c, + lib/util/regress/sudo_parseln/test1.in, + lib/util/regress/sudo_parseln/test1.out.ok, + lib/util/regress/sudo_parseln/test2.in, + lib/util/regress/sudo_parseln/test2.out.ok, + lib/util/regress/sudo_parseln/test3.in, + lib/util/regress/sudo_parseln/test3.out.ok, + lib/util/regress/sudo_parseln/test4.in, + lib/util/regress/sudo_parseln/test4.out.ok, + lib/util/regress/sudo_parseln/test5.in, + lib/util/regress/sudo_parseln/test5.out.ok, + lib/util/regress/sudo_parseln/test6.in, + lib/util/regress/sudo_parseln/test6.out.ok, + lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c, + lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c, + lib/util/siglist.in, lib/util/snprintf.c, lib/util/strlcat.c, + lib/util/strlcpy.c, lib/util/strsignal.c, lib/util/strtonum.c, + lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c, + lib/util/sudo_printf.c, lib/util/term.c, lib/util/ttysize.c, + lib/util/utimes.c, lib/zlib/Makefile.in, lib/zlib/adler32.c, + lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h, + lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzclose.c, + lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c, + lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c, + lib/zlib/inffast.h, lib/zlib/inffixed.h, lib/zlib/inflate.c, + lib/zlib/inflate.h, lib/zlib/inftrees.c, lib/zlib/inftrees.h, + lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c, + lib/zlib/zconf.h.in, lib/zlib/zlib.h, lib/zlib/zutil.c, + lib/zlib/zutil.h, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, po/README, po/ca.mo, po/ca.po, + po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, + po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, + po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/gl.mo, po/gl.po, + po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, + po/nb.mo, po/nb.po, po/nl.mo, po/nl.po, po/pl.mo, po/pl.po, + po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/sl.mo, po/sl.po, + po/sr.mo, po/sr.po, po/sudo.pot, po/sv.mo, po/sv.po, po/tr.mo, + po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, + po/zh_CN.po, src/Makefile.in, src/po/README, src/po/ca.mo, + src/po/ca.po, src/po/cs.mo, src/po/cs.po, src/po/da.mo, + src/po/da.po, src/po/de.mo, src/po/de.po, src/po/eo.mo, + src/po/eo.po, src/po/es.mo, src/po/es.po, src/po/eu.mo, + src/po/eu.po, src/po/fi.mo, src/po/fi.po, src/po/fr.mo, + src/po/fr.po, src/po/gl.mo, src/po/gl.po, src/po/hr.mo, + src/po/hr.po, src/po/it.mo, src/po/it.po, src/po/ja.mo, + src/po/ja.po, src/po/nb.mo, src/po/nb.po, src/po/nl.mo, + src/po/nl.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, + src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, src/po/sl.mo, + src/po/sl.po, src/po/sr.mo, src/po/sr.po, src/po/sudo.pot, + src/po/sv.mo, src/po/sv.po, src/po/tr.mo, src/po/tr.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po, zlib/Makefile.in, zlib/adler32.c, + zlib/compress.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c, + zlib/deflate.h, zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c, + zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c, + zlib/inffast.h, zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h, + zlib/inftrees.c, zlib/inftrees.h, zlib/trees.c, zlib/trees.h, + zlib/uncompr.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c, + zlib/zutil.h: + Top level directory reorg Move src/po -> po Combine common and + compat -> lib/util Move zlib -> lib/zlib + [d699ccb60e7e] + + * configure, ltmain.sh, m4/libtool.m4: + libtool patches for HP-UX to support DESTDIR + [9df98a9582bd] + + * pp: + Update polypkg from trunk. + [4dc362248196] + + * plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c: + Fix sssd compiler warnings and fix the sha2 digest support. + [2975b030b298] + +2014-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Don't call gss_krb5_ccache_name() with a NULL pointer when restoring + the old credential cache file name. This can happen if there was no + old name returned by gss_krb5_ccache_name(). Fixes a crash on + kerberized LDAP on some platforms. + [4090029e463e] + +2014-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/el.mo, + plugins/sudoers/po/el.po: + Add Greek PO file for sudoers from translationproject.org + [6c0cc2def911] + +2014-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c: + Ignore signals sent by the command's process group, not just the + command itself. If we cannot determine the process group ID of the + sender (as it may no longer exist), just check the process ID. + [7ffa2eefd3c0] + +2014-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + In handler_user_only() only forward the signal if it was not + generated by the command. This should fix a problem with programs + that catch SIGTSTP, perform cleanup, and then re-send the signal to + their process group (of which sudo is the leader). + [d590c899e194] + + * src/exec.c, src/exec_pty.c, src/signal.c: + Handle EINTR from write(2) when writing to pipes and socket pairs. + [d26a40d21d7a] + +2014-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po: + Norwegian Bokmaal translation for sudoers from + translationproject.com + [92e4aea46c1e] + +2014-05-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, doc/CONTRIBUTORS, src/po/nb.mo, src/po/nb.po: + Norwegian Bokmaal translation for sudo from translationproject.com + [3497f74028fe] + +2014-05-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c: + Try to be clearer about which are the input and output files in + export mode. + [66167511a410] + + * plugins/sudoers/visudo_json.c: + In -x mode, require that the input and output files be different. + This won't currently catch collisions between the output file and an + include file. + [0c19b82a75e7] + + * plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h: + BSM and Linux audit do not yet use the argc function argument. + [3291695d1dfb] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c: + Pass argc to audit functions too. Will be needed for Solaris audit + support. + [d2114897a44e] + +2014-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/fatal.c, include/fatal.h, plugins/sudoers/policy.c: + Do not allow the same callback function to be registered more that + once in fatal_callback_register(). Add fatal_callback_deregister() + to deregister a callback. + [eff74fb9d274] + + * MANIFEST, plugins/sudoers/regress/sudoers/test15.in, + plugins/sudoers/regress/sudoers/test15.out.ok, + plugins/sudoers/regress/sudoers/test15.toke.ok, + plugins/sudoers/regress/sudoers/test16.in, + plugins/sudoers/regress/sudoers/test16.out.ok, + plugins/sudoers/regress/sudoers/test16.toke.ok: + Add trivial sudoedit parsing tests. + [291ba6f4d6fd] + + * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po: + Catalan translation for sudoers from translationproject.org. + [b102f8cfeed1] + +2014-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/ca.mo, src/po/ca.po, src/po/gl.mo, src/po/gl.po: + Sync with translationproject.org + [62e5b4842834] + +2014-05-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + lockf() is broken on the Hurd -- use flock instead Bug #647 + [7b8935a0c8b9] + + * plugins/sudoers/visudo.c: + Don't try to install the temporary sudoers file if we didn't edit + it. By default, visudo does not edit files in a #includedir. Fixes a + NULL pointer defef on GNU hurd; Bug #647 + [3a677c4773e5] + +2014-05-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/regress/ttyname/check_ttyname.c: + When comparing tty names, resolve the tty for fds 0-3 and compare + each one instead of just using the first that resolves. + [c37946b280a5] + + * compat/getgrouplist.c, configure, configure.ac: + Solaris 8 doesn't export _nss_initf_group() so we need to provide + out own for getgrouplist(). + [d494b39e9376] + +2014-05-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/getgrouplist.c, plugins/group_file/group_file.c, + plugins/system_group/system_group.c: + deal with NULL gr_mem here too + [0db43ed71001] + + * NEWS, configure, configure.ac: + Sudo 1.8.10p3 + [3f415a180023] + +2014-05-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Rename log_warning flags and only send mail if SLOG_SEND_MAIL is set + instead of mailing by default like we used to. + [5b3882833aa1] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Add log_warningx + [feef646cb8b1] + + * src/exec_pty.c: + Add debugging info for when we delete I/O events that still have + buffered data in them. + [7f17992cdf22] + + * common/event.c: + Fix non-blocking mode. We only want to exit the event loop when + poll() or select() returns 0 and there are no active events. This + fixes a problem on some systems where the last buffer was not being + written when the command exited. + [deb6b1a7b241] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Change return value of switch_dir() to an int so we can distinguish + between an error and an empty dir in push_includedir(). + [d0462b84782e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move code to fill in the list of dirs out of switch_dir and into its + own function. Quiets a false positive from cppcheck which got + confused due to variable reuse. + [6d6296f46255] + + * plugins/sudoers/audit.c: + Avoid unused variable warning if auditing is not supported. + [5e6fd2ffe039] + +2014-05-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Fix library order when linking binaries. + [3fec51f98ae1] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Include limits.h and inttypes.h for SIZE_MAX define. + [41f8be660384] + + * include/missing.h, plugins/sudoers/env.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y: + Move SIZE_MAX compat define into missing.h where it belongs. + [1bb108cf9df3] + +2014-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c: + Remove now-unused log_fatal() + [53478df3bb1e] + + * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just + pass back a return value. + [d7f2be8f2740] + +2014-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: + Make get_boottime() return bool. + [9ff15a995d01] + + * doc/CONTRIBUTORS, plugins/sudoers/boottime.c: + Fix fd leak on Linux when determing boot time. This is usually + masked by the closefrom() call in sudo. From Jamie Anderson. Bug + #645 + [0b4c430e8b88] + +2014-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/audit.c: + Handle the (currently impossible) case where both BSM and Linux + auditing are supported. Pacifies cppcheck. + [899cd6b5e487] + + * plugins/sudoers/iolog.c: + Don't call ferror() on a closed stream, just check the return value + of fclose() instead. Found by cppcheck. + [e843f3c8f5d8] + +2014-04-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: + Use calloc() instead of malloc(n * s) followed by memset(). From + Jean-Philippe Ouellet. + [f416cebd3d8e] + + * plugins/sudoers/sudoers.c: + Format string safety in error path. + [956fd6dbba80] + + * common/alloc.c, common/event_poll.c, common/gidlist.c, + common/sudo_conf.c, include/alloc.h, plugins/sudoers/auth/sia.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/env_hooks.c, src/exec_common.c, src/parse_args.c, src/selinux.c, + src/sudo.c, src/sudo_edit.c, src/ttyname.c: + Rename emalloc2() -> emallocarray() and erealloc3() -> + ereallocarray(). + [db3941093c68] + + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Add missing rule for building sha2.lo when not supported by libc or + libmd. + [70a16e10ddcd] + +2014-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.in: + Disable I/O logging for halt and poweroff in addition to reboot in + commented out example. + [40a7f11686ce] + + * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: + Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when + changing the user. This is the correct flag to use with a program + that changes the uid like su or sudo and fixes a role problem on + Solaris. From Gary Winiger; Bug #642 + [ec23c3bf41bb] + + * plugins/sudoers/defaults.c: + pam_setcred should default to true; from Gary Winiger Bug #642 + [23e6628ec546] + +2014-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/policy.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c: + Make set_perms() and restore_perms() return an error instead of + calling exit() on failure. + [b1a1a36abdb4] + + * plugins/sudoers/sudoers.c: + Eliminate calls to fatal() in sudoers.c and just pass back a return + value. + [e4d87a036f6d] + + * plugins/sudoers/logging.c: + Elimate calls to fatal() in the logging code. + [9847acdf7066] + +2014-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/regress/atofoo/atofoo_test.c: + Quiet a compiler warning on Solaris. + [3b9827834800] + + * MANIFEST, common/Makefile.in, compat/Makefile.in, compat/sha2.c, + compat/sha2.h, config.h.in, configure, configure.ac, m4/sudo.m4, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/match.c, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/sudoers/test14.toke.ok, + plugins/sudoers/sha2.c, plugins/sudoers/sha2.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move the sha2 code into libreplace and add configure checks for + SHA224Update in libc and libmd. Solaris uses "void *" where we use + "unsigned char *" so we need a check for that too. Solaris sha2.h + defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens. + Adapted from changes from Vladimir Marek in bug #641. + [cd02732f0704] + + * MANIFEST, plugins/sudoers/match.c, + plugins/sudoers/regress/testsudoers/test6.out.ok, + plugins/sudoers/regress/testsudoers/test6.sh, + plugins/sudoers/regress/testsudoers/test7.out.ok, + plugins/sudoers/regress/testsudoers/test7.sh: + Fix matching of uids and gids broken in sudo 1.8.9. + [315eff4add59] + + * plugins/sudoers/testsudoers.c: + Fix -P option in usage() + [50753b6222b7] + +2014-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/set_perms.c: + Remove a few more unnecessary uses of fatal(). + [8cfb205831dc] + + * plugins/sudoers/auth/sudo_auth.c: + Use log_warning() not log_fatal() for the "Invalid authentication + methods compiled into sudo" message. We return -1 on error anyway. + [c8da5cf74348] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Return MODE_ERROR from sudoers_policy_deserialize_info() instead of + calling fatalx(). + [6faefdd188f2] + + * common/gidlist.c, src/sudo.c: + parse_gid_list() now returns -1 on error instead of calling + fatalx(). + [ccf19c4a0d5b] + +2014-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Forward SIGINFO to running command if supported. If the command is + being run in the background (or exec_background is set in sudoers), + it is the sudo process, not the actual command, that receives the + ^T. + [d2b020bdf0d5] + + * plugins/sudoers/defaults.h, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Remove calls to log_fatal() in I/O log functions and just pass an + error back to the caller. + [e89593d9dc35] + +2014-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/alloc.c, plugins/sudoers/env.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/policy.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Make "internal error, %s overflow" arguments consistent, using + __func__ where possible (when debugging is allowed). + [84e2c40d101b] + +2014-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke_util.c, src/net_ifs.c: + Use common printf format when warning of buffer overflow prevention. + [8b0d732b0eae] + + * Makefile.in: + Remove init.d/*.sh in distclean + [99cd1eaf4684] + + * .hgignore: + Correctly ignore init.d/*.sh + [04aabe1893e5] + + * plugins/sudoers/ldap.c: + Remove remaining calls to fatalx(); just pass the error to the + caller. + [a8bcf903d84b] + +2014-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h: + Make a password/group cache collision a warning rather than fatal. + This should not be possible in practice and we can safely return the + new (potentially duplicate) item as it will be freed by the caller. + Make sudo_set_grlist() return an error on failure instead of calling + fatalx(). + [5e8d3006862d] + + * plugins/sudoers/timestamp.c: + Use log_warning() instead of log_fatal() if the ticket or lecture + path is too long and just return an error. This can only happen from + a misconfiguration so just ignoring the ticket/lecture file is safe. + [864c5de8345b] + + * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + In find_path(), return NOT_FOUND_ERROR instead of calling fatal() if + the path is too long. Remove an extraneous check against PATH_MAX in + set_cmnd() since find_path() already contains such a check. + [183106753690] + + * plugins/sudoers/sudoers.h: + Remove unused MODE_LISTDEFS define and correct a comment. + [fb47e59ce5fe] + + * plugins/sudoers/hexchar.c, plugins/sudoers/match.c, + plugins/sudoers/toke_util.c: + Make hexchar() return -1 on invalid input instead of calling + fatalx(). Callers used to check that the string was hex before + calling hexchar(). Now callers must check for a -1 return value + instead. + [1be217c71ce7] + + * plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Propagate errors in audit code to caller instead of using fatal(). + If we fail to audit an otherwise successful command, return an error + from the policy. For Linux audit, sudo may be compiled with audit + support but auditing may not be setup, so we don't consider that an + error. + [9a5753bfcb95] + + * plugins/sudoers/boottime.c: + Remove unused variable on Linux. + [f63d7b86797d] + + * plugins/sudoers/timestamp.c: + Fix warning on systems where mode_t is not unsigned int (Solaris). + [acd1457c23ec] + +2014-03-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c: + Audit path too long errror. Add comments about non-audit events and + placeholders for future audit hooks. + [434ee47c83dc] + + * src/net_ifs.c: + Fix aliasing warning in old-style interface probe code. + [1d6ce6f46da1] + + * plugins/sudoers/set_perms.c: + Fix some sign comparision warnings. + [20c6068db104] + + * common/aix.c, common/gidlist.c, compat/getgrouplist.c, + include/sudo_util.h, src/sudo.c: + Don't call fatal/fatalx in common/*.c + [ebf5e55a1ec1] + +2014-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw + or targetpw is set. Bug #639 + [dff0208d1194] + +2014-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + Sudo 1.8.10p2 + [774ebec63b41] + + * plugins/sudoers/timestamp.c: + Don't write an empty timestamp record when timestamp_timeout is + zero. If we find an empty record in the timestamp file, overwrite it + with a good one, truncating the file as needed. + [9c226d81b660] + +2014-03-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typos in description of the -x option. Bug #637 + [6ff2bfaaf99d] + +2014-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + Sudo 1.8.10p1 + [33828a3385ad] + + * plugins/sudoers/timestamp.c: + Fix typo/thinko that prevented "Defaults !tty_tickets" from working. + [f65cc29dbcc7] + + * plugins/sudoers/parse.c: + Fix "sudo -l command" output when the matching command is negated. + Bug #636 + [b4a92803f733] + +2014-03-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c, + common/regress/sudo_conf/test5.err.ok, + common/regress/tailq/hltq_test.c: + The atofoo_test and hltq_test tests now display their own test error + rate. Display pass/fail count separately for sudo_conf and + sudo_parseln tests. Check stderr output for the sudo_conf test. + [5c814709ac70] + + * src/Makefile.in: + Don't run the check_ttyname test if cross compiling. + [874ecc1c3db0] + + * plugins/sudoers/Makefile.in: + CWD no longer used. + [13b2f3c4269b] + + * plugins/sudoers/Makefile.in: + Fix diff of toke and err output files in "make check" + [485cdf3c75e7] + +2014-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/po/de.mo, src/po/de.po: + sync with translationproject.org + [d246c72a2350] + +2014-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Check whether ber.h is needed before ldap.h even if we are not using + any ber functions. Needed for older versions of nss ldap. + [c2310324dc34] + + * plugins/sudoers/sssd.c: + Fix compiler warning in debug code. + [8ee4cb6cafad] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po: + Catalan translation for sudo from translationproject.org. + [d6af7d06ee36] + +2014-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Document negation fix in JSON output. + [37a85423ae49] + +2014-03-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Fix handling of '!' operator when converting sudoers. We now add a + "negated" boolean flag to objects that have the '!' operator. + [071926c10280] + +2014-03-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po: + Czech translation for sudoers from translationproject.org + [c0aae297f7c1] + +2014-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Try -libmldap before -lldap in case there is no link from + libibmldap.so to libldap.so. Since IBM ldap is installed under /opt + we should only be able to reach it if --with-ldap was given an + explicit path. + + Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined. + [89d50c29d737] + +2014-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Fix typo in setreuid() PERM_ROOT error message. + [533415f53165] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Remove unused FLAG_USER auth flag. We have no auth methods that + require that authentication be run as the invoking user. + [4a9a9f557cb1] + + * mkpkg: + No longer need to disable setresuid() on debian. + [96ba687c35f0] + +2014-02-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/timestamp.c: + Fix conversion of timestamp_timeout from double to struct timeval. + Also quiet a printf format warning on 32-bit systems. + [59d1f3094dda] + +2014-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po: + Serbian translation for sudoers from translationproject.org. + [7134b386d658] + +2014-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Add Ingo Schwarze + [114cdf286987] + + * NEWS, plugins/sudoers/visudo_json.c: + When exporting sudoers in JSON format, use the same type of Options + object for both Defaults and Cmnd_Specs. + [caa57043e197] + +2014-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/inet_pton.c: + Silence cppcheck false positive. + [b2781c42a80f] + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: + sync with translationproject.org + [baba43a6d682] + + * NEWS, doc/UPGRADE: + Mention init.d scripts on AIX and HP-UX Mention sudoers group + mismatch fix + [0259cb1f7cae] + + * INSTALL: + Talk about clearing files at boot time, not reboot time since it + happens when the system comes up, not down. + [e8e480bc34fd] + + * plugins/sudoers/sudoers.c: + We also need to open the sudoers file as root if there is a GID + mismatch. + [2fb2ba6fc4e6] + + * sudo.pp: + Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX + rpm packages. + [4aca1d318599] + +2014-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/Makefile.in: + Remove init.d file and link in uninstall target. + [249a9f105cdd] + + * configure, configure.ac, sudo.pp: + Fix INIT_DIR for real this time. + [5444eb1afbc5] + + * configure, configure.ac, sudo.pp: + Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and + init.d dirs. + [809b54ef95f8] + + * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in, + init.d/hpux.sh.in, src/Makefile.in, sudo.pp: + First cut add installing an init.d file for HP-UX and AIX to remove + old sudo timestamp files at boot time. + [ec6d35c62d88] + +2014-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -" + for the default login class. From Ingo Schwarze. + [f13ea603760e] + + * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, + doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Remove some extraneous markup; from Ingo Schwarze + * No need to explicitly end a macro with No before | because | counts + as middle punctuation and falls out of the macro, anyway. + * No need to explicitly re-open in-line macros after | because | + counts as middle punctuation and the macros resume afterwards, + anyway. + * Simplify the mnemonic remarks regarding the option letters, no need + for manual font and spacing control with No and Ns. + * Trim Ns No to just Ns, it already implies No. + [cc63d66c6655] + + * doc/sudoers.man.in, doc/sudoers.mdoc.in: + Move zerowidth space in :alpha: after the colon for consistency. + [799f6656c6e8] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + regen + [14d682732b6f] + + * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Remove extraneous keeps in SYNOPSIS now that mandoc does implied + keeps when converting from mdoc to man. + [0f48fc289f29] + + * doc/sudoers.mdoc.in: + Properly escape the : in :alpha: + [e41d4533a55f] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From + Jan Stary. + [90ec488905de] + +2014-02-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Fix indentation of Defaults entries. The initial indent should be + outside the loop iterating over the entries. + [dc493c888fb2] + +2014-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: + sync with translationproject.org + [fc517bc0908e] + + * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c, + common/fatal.c, common/gidlist.c, common/sudo_conf.c, + common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c, + plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, + src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h: + We must include gettext.h before missing.h as it includes system + headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers + audit code that does not include sudoers.h. + [3ac4aa43ce40] + + * common/sudo_dso.c: + When emulating DSO_NEXT with shl_get() we need to skip the program's + handle. This used to be documented as being index -2 but now it + seems to be index 0. As this is not guaranteed we need to look up + the real handle value for PROG_HANDLE and skip it when interating + through all the DSOs. Fixes infinite recursion on HP-UX in the + getenv() replacement. + [ade1b3045232] + + * src/env_hooks.c: + Export getenv() so it is visible to shared objects we link with. + [1ac08446a3a7] + +2014-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/regress/atofoo/atofoo_test.c, + common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/tailq/hltq_test.c, + plugins/sudoers/regress/parser/check_fill.c: + Add some initprogname() calls to the test programs. + [e4320585a88b] + +2014-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + regen + [038d066a866d] + + * doc/UPGRADE: + Mention that there is now a default LDAP search filter. + [6351da3f8377] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Minor word choice change. + [7e59ab3eb453] + + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c: + Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup + support requires an expensive substring match on the server. If + netgroups are not needed, this option can be disabled to reduce the + load on the LDAP server. + [e6bd6c103390] + +2014-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Update copyright year. + [1299eed430a5] + + * NEWS: + Mention LDAP changes. + [512b1e363587] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: + Use a default LDAP search filter of (objectClass=sudoRole). When + constructing the netgroup query, add (sudoUser=*) to the query so we + don't fall below the 3 character OpenLDAP substring threshold. + Otherwise the index for sudoUser will never be used for that query. + Pointed out by Michael Stroeder. + [54856973af41] + + * plugins/sudoers/timestamp.c: + Don't warn about an insecure lecture dir twice. Display warnings in + the user's locale. + [2c56b8b6d6f9] + +2014-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention the fix for ^Z at the password prompt when sudo was started + in the background. + [352d52ad1f7d] + + * common/term.c, src/exec_pty.c: + In term_restore(), only restores the terminal if we are in the + foregroup process group. Instead of calling tcgetpgrp(), which is + racy, we set a temporary handler for SIGTTOU and check whether it + was received after a failed call to tcsetattr(). + [94979d51daa2] + + * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in, + configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl, + plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c: + Use inet_pton() instead of inet_aton() and include a version from + BIND for those without it. + [fe61a27c76d3] + + * common/regress/atofoo/atofoo_test.c: + Quiet a gcc warning. + [f197821892ea] + + * compat/getaddrinfo.c: + Need to include limits.h for USHRT_MAX. + [d1d8bd9a0e01] + +2014-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/term.c, include/sudo_util.h: + Use bool for function return values instead of 1 or 0. + [99e357c0800b] + + * configure, configure.ac: + Warn the user if the rundir needs to be cleared in the rc files. + Neither AIX not HP-UX clear /var/run (if it even exists). + [6cdbf57a2f9e] + + * NEWS: + Update for sudo 1.8.9p5 + [efb737c32615] + + * src/preserve_fds.c: + When the closefrom limit is greater than any of the preserved fds, + the pfds list will be non-empty but lastfd will be -1 triggering an + ecalloc(0) assertion. Instead, test for lastfd being -1 and make + sure we always update it, even if dup() fails. Also restore initial + value of lowfd after we are done relocating. Fixes bug #633 + [a11206a31f28] + + * common/term.c: + Document function return values. + [267bc85f6fbb] + +2014-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + term_restore() now restarts itself so we don't need to do it + ourselves. + [a17e885d0b0a] + + * common/term.c: + syscall restarting is broken on Mac OS X when interrupted by a tty + signal so restart tcsetattr() by hand. For details, see. + http://openradar.appspot.com/radar?id=6402578615107584 + [3997b2a0577e] + + * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c: + Add regress for atobool(), atoid() and atomode() + [e1cbdf86d6e2] + + * plugins/sudoers/Makefile.in: + Add back boottime.lo + [0b7ddc31e13e] + + * INSTALL: + Mention that rundir and vardir may be the same and what to do if + they are. + [301df9a31d43] + + * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c: + Bring back boot time checking code and zero out time stamp files + that predate the boot time. This should help systems w/o /var/run + where the admin has setup rc.d to clear the timestamp directory. + [e09389a8b1ca] + + * configure, configure.ac: + Check libraries for inet_pton() if not in libc. + [9f9bd83895e8] + +2014-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Fix clock_gettime() detection when it lives in librt. Some systems + have inet_aton() in libresolv (older Solaris). + [e5f7c8bc9a81] + + * sudo.pp: + Avoid duplicate directories if vardir and rundir are the same. + [c5df5ebc191b] + + * plugins/sudoers/po/sudoers.pot: + regen + [740b2cc42fea] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Elaborate on time stamp error message causes. + [2838fea2e21a] + +2014-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Remove the time stamp dir and its contents when uninstalling. We + currently leave the lecture status files installed until there is a + better way to detect upgrades. + [61532b7113ff] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Update time stamp error messages and regen. + [edf570c98cd5] + + * plugins/sudoers/timestamp.c: + Restore warning when sudoers is unable to update the time stamp + file. + [86648a771250] + + * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, + m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp: + Replace --with-timedir and --with-lecture_dir with --with-rundir and + --with-vardir which are the parent directories of the time stamp and + lecture dirs. These directories need to be searchable by non-root so + that the timestampowner setting can function. + [5c38d77a2d0c] + + * plugins/sudoers/timestamp.c: + Fix use of timestampowner in the new time stamp world order. Parent + directories for timestampdir and lecture_dir are now created with + the execute bit set so that we can traverse them as non-root. + [9ff6f07c0a5d] + +2014-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in: + Regen Makefiles. + [59542bcdb222] + + * common/sudo_debug.c, config.h.in, include/sudo_util.h, + plugins/sample/sample_plugin.c: + Move ctim_get and mtim_get to sudo_util.h + [d565391f5491] + + * plugins/sudoers/timestamp.c: + sprinkle some debug printfs and add function header comments + [1842d9b8170d] + + * plugins/sudoers/timestamp.c: + Properly handle the case where /var/run/sudo/ts doesn't exist. + [895f3ad6ad60] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + fix typo + [50041ebb6ce6] + + * NEWS: + Mention "sudo -K" change. + [e99bd7657aae] + + * doc/UPGRADE: + Upgrade info for 1.8.10 + [0867718b9af5] + +2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/timestamp.c: + Warn on ftruncate failure(). + [d2081876da25] + + * plugins/sudoers/timestamp.c: + Fix checking of lecture status. + [e12d78234d17] + + * mkpkg: + Do not override timedir on Debian. + [283fa2e69a0a] + + * common/event.c, common/event_select.c, include/missing.h, + plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Use sudo_timeval macros and remove compat macros from missing.h + [1de76d8b811e] + + * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c, + config.h.in, configure, configure.ac, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h, + include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in, + plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c, + plugins/sudoers/check.h, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, src/Makefile.in: + Switch to new time stamp file format. Each user now has a single + file which may contain multiple records when per-tty time stamps are + in use (the default). The time stamps use a monotonic timer where + available and are once again stored in /var/run/sudo. The lecture + status is now stored separately from the time stamps in a different + directory. + [7e16eb37bacc] + + * common/atomode.c: + Zero out errstr when there is no error; fixes bug #632 + [74950ef1a0dc] + +2014-01-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/check.c: + When listing a user's privileges, always prompt the user for their + own password, regardless of the value of target_pw, root_pw or + runas_pw. + [73a13ccc7933] + +2014-01-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, plugins/sudoers/interfaces.c, + plugins/sudoers/match_addr.c: + Use inet_aton() instead of inet_addr() as it allows us to + distinguish between the address (or mask 255.255.255.255) and an + error. In the future we may consider switching to inet_pton() for + IPv4 too. + [b6b4e4c77e9a] + +2014-01-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Fix typo, ULONG_MAX vs. ULLONG_MAX + [5d274daa9fb1] + + * plugins/sudoers/sudo_nss.c: + Fix typo in the AIX case. + [ee531c950fce] + + * plugins/sudoers/sudo_nss.c: + Size pointer for sudo_parseln() should be size_t not ssize_t. This + was already correct for the nsswitch.conf case. + [cfaf895c1db4] + +2014-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c: + It is now possible to disable network interface probing in sudo.conf + by changing the value of the probe_interfaces setting. + [e9dc28c7db60] + +2014-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match_addr.c: + If inet_addr() returns INADDR_NONE, return false instead of + iterating through the interfaces looking for a match that will never + happen. + [1559c301caec] + + * configure, configure.ac, src/Makefile.in: + Add explicit dependency on sudoers.la to sudo target when sudoers is + compiled statically into the sudo binary. + [d08cc66e18bd] + +2014-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c: + Do not assume localtime(), gmtime() and ctime() always return non- + NULL. + [a1b5b67436de] + +2014-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Update copyright years + [37d2aaa92544] + + * plugins/sudoers/visudo_json.c: + Eliminate dead store found by clang checker. + [86874d5340f1] + + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p4 + [f79ab7c6c1c5] + + * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: + When relocating fds, update the debug fd if it is set so we are + guaranteed to get debugging output. + [b1deaa472aa6] + +2014-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + If the event loop exits due to an error and we are not logging I/O, + kill the command if still running. Fixes a bug where sudo could exit + while the command was still running. + [844018ff8a8c] + + * src/preserve_fds.c: + When relocating preserved fds, start with the highest ones first to + avoid moving fds around more than we have to. Now uses a bitmap to + keep track of which fds are being preserved. Fixes a bug where the + debugging fd could be relocated to the same fd as the error + backchannel temporarily, resulting in debugging output being printed + to the backchannel if util@debug was enabled. + [55e006dbeaf3] + + * src/preserve_fds.c: + When restoring fds traverse list from high -> low, not low -> high + to avoid implicitly closing an fd we want to relocate. + [6351225f47d7] + + * src/exec.c: + If not logging I/O we may get EOF when the command is executed and + the other end of the backchannel is closed. Just remove the + backchannel event in this case or we will continue to receive the + event. Bug #631 + [a204b69d91f7] + + * src/po/sr.mo, src/po/sr.po: + sync with translationproject.org + [987087ce4658] + +2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 + [3448dffe9701] + + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p3 + [22e5a6f69999] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Do not leak old istack if realloc fails; found by cppcheck. Also + modify yyless() to avoid a harmless cppcheck warning every time it + is used. + [021077017a23] + + * common/term.c: + Add suppression line to quiet a bogus (inconclusive) cppcheck + warning. + [065207271e5d] + + * plugins/group_file/plugin_test.c: + Make this compile again + [f0ff8df475e8] + + * plugins/sudoers/logwrap.c: + Remove dead store; found by cppcheck + [a59833af3401] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Add cppcheck target to run cppcheck on all source files. + [d207c2ef49a2] + +2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p2 + [2e7fe6e371a4] + + * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool-2.4.2.418 + [d1dbed89d733] + + * config.guess, config.sub: + Update from http://git.savannah.gnu.org/gitweb/?p=config.git + [2b5e32d23be5] + +2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sesh.c: + Quiet a cppcheck warning about a negative subscript. + [ab98b72f5bdf] + + * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h: + Make noexec parameter to sudo_execve() bool. + [daa75e4c248a] + + * plugins/sudoers/sudoreplay.c: + Quiet a few innocuous cppcheck warnings. + [90ffa16d27b1] + + * plugins/sudoers/sssd.c: + Handle in_res being NULL for sudo_debug_printf() in + sudo_sss_filter_result(). + [8595cc05d2a8] + + * plugins/sudoers/iolog.c: + When writing length to timing file, use %u not %d as it is unsigned. + [a7f2fcb6919e] + + * plugins/sudoers/visudo_json.c: + Close export_fp in the error path too, but do not close stdout. + [5c918718ab45] + + * plugins/sudoers/auth/secureware.c: + Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck. + [f2619d2eb7a8] + + * NEWS: + Sudo 1.8.9 also fixes bug #617 + [cc5c18228719] + +2014-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + The fix for the hang was already in the 1.8.9 tarballs. + [f038ebcc1071] + + * NEWS, configure, configure.ac: + Update for sudo 1.8.9p1 + [732fca0003cf] + + * common/atobool.c, common/event.c, plugins/sudoers/iolog.c, + plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c: + Update copyright year. + [fdeb5956810e] + + * plugins/sudoers/parse.h: + Go back to making the bit fields in struct cmndtag explicitly + signed. This fixes a problem on gcc 4.8 (at least) which appears to + be treating the value as unsigned by default. + [46b9a7bb10ac] + + * common/atobool.c: + Use debug_return_int() instead of bare return for debugging support. + [c273f822de5f] + +2014-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/event.c: + Fix infinite loop that could be triggered by sudo_ev_loopbreak() and + sudo_ev_loopcontinue(). + [1723561c46b0] + + * NEWS: + Update for 1.8.9 final. + [d49c14d21410] + +2014-01-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Handle a sequence file with no trailing newline. + [aa29306e4f6d] + +2014-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Truncate io log and timing files on open when recycling them. Only + an issue when the sequence number wraps around. + [01b2dfe15ff0] + + * plugins/sudoers/iolog.c: + Repair reading of the iolog sequence number that got broken when + adding stricter strtoul() checks. + [e0f4a11c3437] + + * src/exec.c: + If invoked as sudoedit we can't just exec the command directly since + the temporary files need to be updated before sudo exits. + [508503be1c4f] + + * src/preserve_fds.c: + Fix restoration of the close-on-exec flag when moving a relocated fd + back into its original position. + [5572f1f8b48a] + +2014-01-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add "see below" to reference "Secure editing" section in "Preventing + shell escapes". + [b2db990a36b3] + +2014-01-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add initial "Secure editing" section. + [0d7a192e0e25] + + * doc/LICENSE: + Update copyright year. + [4a639d9207a9] + +2013-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo, + src/po/eo.po, src/po/fi.mo, src/po/fi.po: + sync with translationproject.org + [5c15a411b10d] + + * plugins/sudoers/policy.c: + Make user_cwd and user_tty dynamically allocated even for the + "unknown" case. + [015454bf97f8] + +2013-12-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Use -fstack-protector-strong in preference to -fstack-protector-all + or -fstack-protector. + [bdd1066eefc4] + + * doc/HISTORY: + Dell acquired Quest + [3d5b7d27a313] + +2013-12-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo, + src/po/ru.po, src/po/vi.mo, src/po/vi.po: + sync with translationproject.org + [f964671d08ce] + +2013-12-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, + src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, + src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [5f5becf5fb7a] + + * doc/sudoers.ldap.cat: + regen + [77745e6bc0d5] + + * NEWS: + Update for recent changes. + [365b9084268a] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Fix typo; we want setlocale(LC_ALL, "") since we are setting the + locale for the first time. + [e2b9660e9d48] + +2013-12-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Use sudoers_initlocale() in main() startup, not sudoers_setlocal() + as the latter assumes we are already in the user's locale which may + not be the case. For sudoreplay, we can just use setlocale() + directly as there is no sudoers locale. + [12235e50dea0] + +2013-12-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/preserve_fds.c, src/sudo.c, src/sudo.h: + Redo preserve_fds support to remap high fds so we can get the most + out of closefrom(). The fds are then restored after closefrom(). + [7d712ec49db7] + + * plugins/sudoers/Makefile.in: + Fix install-plugin when sudoers is compiled statically. + [36a8bf3b588d] + +2013-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in, + src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c, + src/sudo.h, src/sudo_exec.h: + Add support for preventing fds from getting clobbered by + closefrom(). + [269f45964ff0] + +2013-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + regen + [b8f458379b5b] + +2013-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/alloc.c: + Need to include limits.h here too. + [b53c6edef597] + +2013-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.ac, plugins/sudoers/parse.h: + No need to use __signed. + [05f9648d1953] + + * plugins/sudoers/regress/logging/check_wrap.c: + Need limits.h here too. + [54aac3bbf66a] + + * compat/closefrom.c: + Still need limits.h here. + [0abc6b2be208] + + * plugins/sudoers/po/sudoers.pot: + regen + [386b47ced07f] + + * compat/closefrom.c: + Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX + lacks /proc/self and it has F_CLOSEM. + [b5735fbcfdce] + +2013-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Use a switch to map digest type to name instead of an array of + strings. + [ab17ceb4dd60] + + * compat/closefrom.c: + Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. + [e70df3b3144b] + + * compat/snprintf.c: + Remove _MAX and _MIN compat; we rely on missing.h for that. We + already require the compiler handle long long so there's no need to + use HAVE_LONG_LONG_INT everywhere. + [2bda15071439] + + * common/ttysize.c, include/missing.h: + Remove _MAX and _MIN defines that any system from the last 20 years + should have. Add ULLONG_MAX in case it is missing. + [2db0cee4aaa8] + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: + Change visudo -x to take a file name argument, which may be '-' to + write the exported sudoers file to stdout. + [84cb72c3c391] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c: + Move symbol extern defs into sudoers.h + [b631a0b57fae] + + * plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c: + Add missing sudo_util.h + [ed0edc2e2d0c] + +2013-12-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Warn if the time stamp in the I/O log file does not fit in time_t. + Warn if the info line is not well-formed instead of silently + ignoring it. + [37a050de5be5] + +2013-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + Rename libcommon libsudo_util + [df3ffd4229e5] + +2013-12-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c, + common/atoid.c, common/atomode.c, common/fmt_string.c, + common/gidlist.c, common/progname.c, common/setgroups.c, + common/sudo_conf.c, common/term.c, common/ttysize.c, + include/missing.h, include/sudo_util.h, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h: + Move prototypes for functions provided by libcommon that don't have + their own header files into sudo_util.h. + [43f423a24416] + +2013-12-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/mkdefaults: + Now that we have proper number parsing functions we should store + T_UINT defaults values as unsigned int, not int. + [67d8c2244f1d] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Don't use int where we really mean enum def_tuple. When this code + was written it was assumed that we may have multiple tuple types. + However, that hasn't happened and probably never will. + [8491f970f343] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen after string parsing changes. + [fd6bf79c3286] + + * common/atoid.c, common/atomode.c, compat/strtonum.c, configure, + configure.ac, include/missing.h, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c: + The OpenBSD strtonum() uses very short error strings that can't be + translated usefully. Convert them to longer strings on error. Also + use the longer strings for atomode() and atoid(). + [dace028594da] + +2013-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c, + plugins/sudoers/defaults.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: + Add atomode() function for parsing a file mode. + [44e29629aa5e] + + * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in, + compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c, + configure, configure.ac, include/missing.h, + plugins/sudoers/boottime.c, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c, + src/parse_args.c, src/sudo.c, src/ttyname.c: + Use strtonum() instead of atoi(), strtol() or strtoul() where + possible. + [e4a1fc84b893] + + * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in, + configure, configure.ac, include/missing.h, mkdep.pl: + Add strtonum.c to compat for simpler number parsing. + [a4c69b003da0] + +2013-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_common.c: + Fix a warning on Solaris, we need to use debug_return_const_ptr. + [932aa94c0cac] + + * plugins/sudoers/Makefile.in: + check_symbols needs to link with SUDO_LIBS in order to get -lpthread + on HP-UX for libldap (which uses threads). It would be better to + have a separate variable for the pthread library but this is no + worse than it used to be. + [94591b765371] + +2013-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + add missing comma + [7dcbd1c6dd25] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Make -c option description more accurate. + [3f305ae6037e] + +2013-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c: + When checking whether a user may change the login class, just check + pw_uid of the runas user, which was passed in to set_loginclass(). + [aaf736440441] + +2013-12-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Use atoid() when parsing user/group IDs and print them as unsigned + int. + [40c77459a36a] + +2013-12-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Correctly parse 64-bit times in I/O log files. + [d053ee75adc3] + + * compat/getgrouplist.c, plugins/group_file/getgrent.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Use atoid() not atoi() when parsing uids/gids. + [491146596626] + + * plugins/sudoers/match.c, plugins/sudoers/match_addr.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h: + Better match debugging. Sprinkle const in match functions. + [4cd8d793f165] + +2013-12-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document that plugins can be compiled statically into the sudo + binary. + [434061cf909f] + +2013-12-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + sudo_sss_filter_user_netgroup(): fix comment typos, break out of + loop early if we match ALL or netgroup. + [0691731f4b12] + + * plugins/sudoers/sssd.c: + When filtering netgroups, use the passwd struct stashed in the + handle, not user_name since we may be listing another users + privileges. + [f2669cf7b70c] + + * mkpkg: + RHEL 6 and above builds sudo with SSSD support + [afc3d894851e] + + * plugins/sudoers/sssd.c: + Avoid passing NULL domainname to sudo_debug_printf(). + [b08abe5e6d23] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document sssd debug subsystem. + [250c3ab1bcf0] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Document "event" debug subsystem. + [85d220b48edc] + + * plugins/sudoers/match.c: + Use atoid() instead of atoi() when parsing uids/gids so we get + proper range checking. + [5c3e2f3f6cb9] + + * plugins/sudoers/sssd.c: + Add user netgroup filtering for SSSD. Previously, rules for a + netgroup were applied to all even when they did not belong to the + specified netgroup. RedHat Bugzilla 880150. + [784848b5462c] + + * plugins/sudoers/sssd.c: + Fix several issues found by the clang static analyzer; Daniel + Kopecek + [520261dd7461] + +2013-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + Mention how to dump sudoers info from LDAP. + [a53c93790a30] + + * src/exec_common.c: + On Solaris, disabling the proc_exec privilege appears to interfere + with DAC file permissions. Adding DAC override permissions to the + inheritable set works around this for commands run as root without + giving extra permissions to other users. Bug #626 + [391ad44026c3] + +2013-12-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in, + compat/getprogname.c, configure, configure.ac, include/missing.h, + mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/parse_args.c, + src/regress/ttyname/check_ttyname.c, src/sudo.c: + Instead of setprogname(), add initprogname() which gets the program + name for getprogname() using /proc or pstat() if possible. + [e2d48d81456f] + +2013-11-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to + return this in certain situations but it appears to be harmless at + least insofar as retrieving the tty goes. + [105bea4e1c20] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po, + src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, + src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, + src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Sync with translationproject.org + [3694d7ad4c9d] + +2013-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Add missing newline in help message after export option. + [1c0bff0c181e] + +2013-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac, plugins/sudoers/Makefile.in, + src/Makefile.in: + Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in + Makefile.in so we can make it last. Fixes a linking problem on + Ubuntu precise. + [f8d3bddbe742] + +2013-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, m4/ax_func_getaddrinfo.m4: + Do not rely on NULL being defined for getaddrinfo() test. Fixes the + check on HP-UX 11.23. + [a5dcf0283693] + +2013-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen for sudo 1.8.9b1 + [945f27a7aa1c] + + * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po: + Sync with translationproject.org + [52abae16ccfa] + +2013-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c, + compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, + configure, configure.ac, include/sudo_dso.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sssd.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c, + src/sudo.h: + Add wrapper functions for dlopen() et al so that we can support + statically compiling in the sudoers plugin but still allow other + plugins to be loaded. The new --enable-static-sudoers configure + option will cause the sudoers plugin to be compiled statically into + the sudo binary. This does not prevent other plugins from being + loaded as per sudo.conf. + [9425770e9d2b] + +2013-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Handle non-unix groups correctly. Get rid of runasuser and + runasgroup types and use username and usergroup instead. The fact + that the user or group is inside a Runas_List doesn't affect its + underlying type. + [ea1789258c11] + +2013-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + Simplify Defaults list option object. The name and value strings are + superfluous. + [5852b0184669] + + * compat/dlopen.c: + Back out unintended change. + [85156e49e96e] + + * MANIFEST, aclocal.m4, configure, configure.ac, + m4/ax_func_getaddrinfo.m4: + Add dedicated test for getaddrinfo(). Tru64 UNIX contains two + versions of getaddrinfo and we must include netdb.h to get the + proper definition. + [9882e3e1e8e3] + + * compat/dlopen.c, + plugins/sudoers/regress/check_symbols/check_symbols.c: + Define RTLD_GLOBAL for older systems without it. Bug #621 + [ed38ac84f1da] + +2013-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/snprintf.c, include/missing.h: + Rename snprintf replacement rpl_snprintf since we may now replace + the libc version and #define rpl_snprintf snprintf in missing.h so + we get our version when needed. This is consistent with how we + replace glob and fnmatch. + [309aa17d0dfe] + + * common/Makefile.in, common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/tailq/hltq_test.c, src/Makefile.in: + libcommon tests need locale_stub.lo to link. + [baae40f36de5] + + * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure, + configure.ac, m4/ax_func_snprintf.m4: + Add check for C99 compliant (v)snprintf function. + [79e02551543c] + + * compat/sig2str.c, configure, configure.ac: + Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and + SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug + #621; from Daniel Richard G. + [2a59ccb8c966] + + * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c: + Add definition of U_ for --disable-nsl Don't define warning_gettext + if --disable-nsl Bug #621; from Daniel Richard G. + [c0054eb89c2b] + +2013-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo_json.c: + When merging Defaults entries we need to check the type of the next + entry and not just assume it is the same as the previous one. + [e97d9b9cf0d5] + + * plugins/sudoers/visudo_json.c: + runasgroups not runasgroup in the Cmnd_Spec. + [92ea5dc20e4d] + + * plugins/sudoers/visudo_json.c: + Fix some syntax errors and change how lists are handled. + [027b8dea44b2] + + * common/sudo_debug.c, config.h.in, configure, configure.ac, + include/fatal.h, include/sudo_debug.h: + Allow sudo to compile without variadic macro support in cpp. + Debugging support will be limited (no file info from warnings.) From + Daniel Richard G.; Bug #621 + [51b8b868cd4b] + + * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c, + common/sudo_conf.c, include/fatal.h, include/gettext.h, + include/missing.h, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, + src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/utmp.c: + Add warning_gettext() wrapper function that changes to the user + locale, then calls gettext(). Add U_ macro that calls + warning_gettext() instead of gettext(). Rename warning2()/error2() + back to warning_nodebug()/error_nodebug(). + [f3bb207db201] + +2013-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c, + compat/utimes.c, configure.ac, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.h, plugins/sudoers/sssd.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c, + src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c: + Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug + #624; from Daniel Richard G. + [b212e4694018] + + * include/sudo_debug.h, plugins/sudoers/defaults.c, + plugins/sudoers/ldap.c, src/exec_common.c: + Add debug_return_const_str and debug_return_const_ptr for returning + a const string or pointer. Using const for the normal versions + produces warnings with the Tru64 compiler. + [45018a149cb4] + + * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure, + configure.ac, m4/sudo.m4: + Fixes for building under Tru64; from Daniel Richard G. Bug #624 + [fc4a6cbae1ba] + +2013-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + log_{fatal,warning} now logs to the debug file itself. + log_{fatal,warning} now calls warningx2() after setting the locale + itself instead of using the wrapper macros. This removes the only + use of warningx(ngettext(...)). + [930129361e0a] + +2013-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.ac: + Add -Wpointer-arith to --enable-warnings + [2043ae306d1b] + + * configure, configure.ac: + Fix more instances of #include directives where the '#' was not in + column 1. From Daniel Richard G. (bug #622) + [75f36f39dcab] + + * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, + plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, + plugins/sudoers/visudo_json.c: + Add support to visudo to export sudoers in JSON format. + [1697b2b4bfd2] + +2013-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.h: + Remove unused digest field from struct cmndspec, the digest really + lives in struct sudo_command. + [e9a1e2e112d6] + + * config.h.in, configure: + Regen with autoconf 2.69 + [275f69f98f9e] + + * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in, + doc/Makefile.in: + Rename configure.in -> configure.ac + [0aeafe425373] + + * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure, + configure.in, ltmain.sh, m4/sudo.m4: + From Daniel Richard G. (bug #622) Add an autogen.sh script that + rebuilds the autoconf world. Move old aclocal.m4 contents to + m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include + directives. Some tests had #include directives where the '#' was not + in column 1. Updated obsolete macro usage via autoupdate. + [5fe8de5a56df] + +2013-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_exec.h: + Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The + likelihood of receiving a partial message is quite low so this is + not a big deal. + [900a304f9548] + + * configure, configure.in: + HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for + MSG_WAITALL to be visible. + [f08b1a00a30a] + + * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok, + plugins/sudoers/regress/visudo/test5.sh: + Add regress test for bug #623 + [8e83cfccaf14] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Cope with a comment on the last line of the file with no newline. + Bug #623 + [f826243bc4e6] + + * compat/getaddrinfo.c: + Include arpa/inet.h for HP-UX; from Daniel Richard G. + [d4d7a4303bae] + + * doc/Makefile.in: + Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel + Richard G. + [f664c8d2f961] + +2013-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/fatal.h: + In v{warning,fatal}x?() make a new copy of ap for the debug + functions. It is not legal to use ap twice without reinitializing + it. Noticed by Daniel Richard G. + [6ca8bc48ecb3] + + * include/fatal.h: + Remove errant warning_restore_locale() call. + [4ef7aecefcbb] + + * include/missing.h, plugins/sudoers/logging.c: + Move va_copy compat macro to missing.h + [c873e4cc4c8a] + + * common/Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Uniquify header dependencies so we don't end up with duplicates when + a header file includes other headers. The header dependencies are + sorted so the generated order is stable. + [95747db2f07a] + + * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS, + mkdep.pl: + Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From + Daniel Richard G. + [e94ee99a52a9] + + * plugins/sudoers/testsudoers.c: + Fix pasto + [5262735e78e0] + +2013-11-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.mdoc.in: + Fix typo. + [6b11a4eec6b6] + +2013-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + regen + [995ca9f21862] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c: + Fix warnings from -Wold-style-definition + [a748c5c7b423] + + * configure, configure.in: + Add -Wold-style-definition to --enable-warnings + [0484de0deb59] + + * common/event_poll.c: + Extra debugging for ready fds. + [91fb85cdecbb] + + * common/event_select.c: + When deleting an event, check ev->events to determine whether to + remove from readfds or writefds instead of blinding removing from + both. Also fix highfd adjustment. + [7384db65ca9c] + +2013-11-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/event_select.c: + Only check an fd that is >= 0. Timeout-only events may have a + negative fd. + [fa0e5cbc3cc2] + +2013-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/event.c: + Don't call sudo_ev_{add,del}_impl() for timeout-only events. This + makes it possible to pass sudo_ev_alloc() an fd of -1 for events + only use SUDO_EV_TIMEOUT. + [6838657a1a2f] + +2013-10-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/alloc.c, common/event_select.c, include/sudo_event.h: + Make a copy of readfds/writefds before calling select() instead of + calculating it each time. Keep track of high fd in the base. + [6048b78f2e94] + +2013-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Add Stephen Gelman + [0028c7a91a4f] + + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Fix sign comparison warning. + [914cb36b9ed2] + + * plugins/sudoers/sudoreplay.c: + Fix potential NULL dereference in non-interactive mode. + [9233428d3f32] + +2013-10-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c: + Use MSG_WAITALL when receiving struct command_status over the Unix + domain socket since we no longer use datagrams. This should avoid + the need to handle incomplete reads, though in theory it is still + possible. + [28a92888a908] + + * plugins/sudoers/sudoreplay.c: + SIGKILL is not catchable + [79f82e4cb11d] + + * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c: + Add sudo_ev_get_timeleft() to get the amount of time left before an + event times out and use it in sudoreplay. + [d5b17ee30fa4] + +2013-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, + plugins/sudoers/sudoreplay.c: + If the user presses <return> or <enter> in sudoreplay, skip to the + next event. Useful for skipping past long pauses in the data. + [43343f45c94d] + + * common/event.c, common/event_poll.c, common/event_select.c: + Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we + clear active flag from unprocessed events if sudo_ev_loopbreak() or + sudo_ev_loopcontinue() are used. Remove bogus optimization when the + timeout is zero or negative; it could prevent an I/O event from + being triggered. + [a13603fb3134] + + * plugins/sudoers/sudoreplay.c: + Move session replay into its own function. + [e323f7729595] + + * common/event.c, common/event_poll.c, common/event_select.c, + include/sudo_event.h: + Get rid of cur and pending pointers in struct sudo_event_base. We + now pop the first event off the active queue instead of using a + foreach loop with deferred removal of the event. Add + SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the + event on the event queue and timeouts queue respectively. No longer + need to compare the timeout to {0,0} or compare the event's base + pointer to NULL to determine queue membership. + [f2b2251fd523] + + * common/event_poll.c: + rename sudo_ev_loop_impl() -> sudo_ev_scan_impl() + [614faaff04e3] + + * MANIFEST, common/event.c, common/event_poll.c, + common/event_select.c, compat/Makefile.in, compat/nanosleep.c, + config.h.in, configure, configure.in, include/missing.h, + include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: + Add support for libevent-style timed events. Adding a timed event is + currently O(n). The only consumer of timed events is sudoreplay + which only used a singled one so O(n) == O(1) for now. This also + allows us to remove the nanosleep compat function as we now use a + timeout event instead. + [db41c08e92dc] + +2013-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c: + Now that sudo_ev_base_free() removes all events before freeing we + don't need to do this by hand. + [b59d43658c5f] + + * common/event.c, common/event_poll.c, common/event_select.c, + include/sudo_event.h: + Add a list of active events in the base that the back end sets when + it calls poll or select. This allows the front end to iterate over + the events instead of having that code in both back ends. It will + also simplify support for timeout events. Also make sure we can't + touch freed memory if a callback frees its own event. + [933b99b3f2bc] + + * common/event.c: + Remove any existing events before freeing the event base. + [2543c6620cf1] + +2013-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + mon_handler() should be static + [b1a62ef65c96] + +2013-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + If user specified start_tls and ldaps, display a warning and ignore + start_tls. There's no reason to make this a fatal error. + [bf446dd1e740] + + * src/exec_pty.c: + Add missing else when the connection from the monitor to the parent + sudo process is broken (due to the parent dying). Prevents a + spurious "unexpected reply type on backchannel" warning. + [5c44053cef08] + + * src/exec_pty.c: + When flushing output we don't care whether we are the foreground + process or not, we still need to flush to /dev/tty. If we are in the + background, it is OK to get SIGTTOU. + [9716892d1fb5] + + * plugins/sudoers/ldap.c: + Should not attempt start_tls on an ldaps connection. + [9d01d461c52c] + +2013-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/parser/check_fill.c: + Fix sign compare warning. + [6130fa8df758] + + * doc/Makefile.in: + Eliminate warning about circular dependency from GNU make. + [7ed5df762089] + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + src/ttyname.c: + More sign compare fixes. On Solaris id_t is signed so use uid_t in + the set_perms.c ID macro instead. + [8166dcc50d0b] + + * common/fileops.c, common/lbuf.c, common/secure_path.c, + common/sudo_debug.c, include/secure_path.h, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c, + src/ttyname.c: + Quiet sign comparision warnings. + [e34f45dad10c] + + * configure, configure.in: + Add -Wsign-compare to --enable-warnings + [d560e274a6ae] + + * plugins/sudoers/ldap.c: + Ignore SIGPIPE when connecting to the LDAP server so we can get a + proper error message with the IBM LDAP libs. Also return + LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that + return an int. + [611a4ed9b8ee] + + * plugins/sudoers/regress/parser/check_base64.c, + plugins/sudoers/regress/parser/check_digest.c: + Quiet compiler warnings. + [7d82dcca7126] + +2013-10-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + sudo_ldap_parse_uri() should join multiple URIs in the string list + together but it was clearing the host entry each time through the + loop. Fixes a bug with multiple URI entries in ldap.conf where only + the last one was being honored. + [83cee19b136d] + + * src/exec_pty.c: + Avoid a double free introduced when plugging a memory leak in + safe_close(). A new ev_free_by_fd() function is used to remove and + free any events sharing the specified fd. This can be used after + safe_close() to make sure we don't try to select() on a closed fd. + [54f48a281147] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c: + Quiet some llvm check false positives. The common idiom of using + TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a + TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is + probably faster anyway). + [bd1b8c11f416] + + * plugins/sudoers/auth/pam.c: + If pam_open_session() fails don't call pam_getenvlist() with a NULL + pam handle. + [352e0329acba] + + * plugins/sudoers/defaults.c: + Fix newly introduced use after frees found by llvm checker. + [a81080230f1f] + + * common/event_select.c: + Remove an errant list_next() call that should have been removed in + the TAILQ conversion. + [3bbf8d117ce4] + + * MANIFEST, common/Makefile.in, common/list.c, + common/regress/tailq/hltq_test.c, include/list.h, include/queue.h, + plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add "headless" tail queues and use them in place of the semi- + circular lists in sudoers. Once the headless tail queue is built up + it is converted to a normal TAILQ. This removes the last consumer of + list.c and list.h so those can now be removed. + [5986ba762a24] + + * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/env.c, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, + plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c, + src/hooks.c: + Use SLIST and STAILQ macros instead of doing headless singly linked + lists manually. As a bonus we now use a tail queue for ldap.c and + sudoreplay.c. + [c31bc2d99082] + + * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, + common/event_select.c, common/list.c, + common/regress/sudo_conf/conf_test.c, common/sudo_conf.c, + doc/LICENSE, include/list.h, include/missing.h, include/queue.h, + include/sudo_conf.h, include/sudo_event.h, + plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, + src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c, + src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: + Convert sudo to use BSD TAILQ macros instead of home ground tail + queue functions. This includes a private queue.h header derived from + FreeBSD. It is simpler to just use our own header rather than try to + deal with macros that may or may not be present in various queue.h + incarnations. + [450bce095d7c] + +2013-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Fix AND operator broken by changes to fix OR. + [a4d3485ee943] + +2013-10-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Fix OR operator. + [f5c1c90ee284] + +2013-10-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Fix memory leak of I/O buffer events in safe_close(). + [08cd790cfbba] + +2013-10-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c: + Don't allow the debug subsystem to be initialized twice. Otherwise + we can exhuast our stack when built in static mode. + [fadacb6a4617] + + * common/event_poll.c: + Make sure we do not try to usie index -1 in base->pfds[]. + [beeb922aba3f] + +2013-10-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.in: + Bump version to 1.8.9 + [758dbb464796] + +2013-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Convert the monitor process to the event subsystem. + [c4fe8e2ba53c] + + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Convert the main sudo event loop to use the event subsystem. Read + events for I/O buffers are added before the loop starts. Write + events are added on demand as the buffers are filled. + [72a603e997e0] + + * INSTALL, MANIFEST, common/Makefile.in, common/event.c, + common/event_poll.c, common/event_select.c, common/list.c, + common/sudo_debug.c, config.h.in, configure, configure.in, + include/list.h, include/sudo_debug.h, include/sudo_event.h, + mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, + src/exec_pty.c: + Simple event subsystem that uses poll() or select(). Basically a + simplied subset of libevent2. Currently only fd events are supported + (since that's all we need). The poll() backend is used by default, + except on Mac OS X where poll() is broken for devices (including + /dev/tty and ptys). + [8773142b4117] + + * src/exec.c, src/exec_pty.c: + Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent + semantics when the other end closes. This should make the conversion + to poll() less problematic. + [b6a321722a91] + +2013-10-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c: + Fix removal of trailing newlines in a debug message. + [6f5ce5ac64e0] + +2013-10-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + When checking for unused Runas_Aliases, count those used as part of + a Runas Group too. Fixes a false positive warning. + [f13271a4a377] + +2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Include stddef.h for rsize_t and errno_t on systems that support it + natively. + [bc547d47e9c6] + + * MANIFEST: + Fix braino. + [67b79747312f] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: + Rebuild message catalog files. + [0a9befb0674e] + + * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, + src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo, src/po/zh_CN.mo: + Rebuild message catalog files. + [25191089ddf2] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: + Czech translation for sudo from translationproject.org. + [8bc0ed069ddb] + +2013-09-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, + src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, + src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.po: + Sync with translationproject.org + [c16f9bb4579e] + + * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Change "next" back to 2. In the context of "next Friday" we really + do want the friday of the upcoming (not current) week. + Unfortunately, this means that things like "next week" and "next + year" will match one more than we really want. Fixing this will + require some fairly major changes to the grammar. + [7f863c930121] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Mention that relative times don't always do what you might expect. + [710a9b0dd36f] + +2013-09-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Add diacritical for Zdenek Behan. + [78d333f88e6c] + +2013-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/regress/ttyname/check_ttyname.c: + Do not fail if ttyname() cannot determine the tty but sudo can. + Should fix problems with running "make check" under pbuilder. + [e6fc06a6c5cf] + + * plugins/sudoers/Makefile.in: + Remove extraneous $$CWD; from Bdale Garbee + [4d040ddd7446] + +2013-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Make "this" and "next" qualifiers work a bit better. There is still + room for improvement as "this week" will use the current time + instead of the beginning of the week. That's a separate issue + though. + [e844c02f754a] + +2013-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/regress/sudo_conf/conf_test.c, + common/regress/sudo_parseln/parseln_test.c: + Mark main() public to silence a warning on HP-UX. + [ac0b869b9842] + +2013-09-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: + Be specific that we are talking about the Unix epoch; bug #615 + [25887775371b] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, + src/po/sudo.pot, src/selinux.c: + Do not use "setup" as a verb; bug #614 + [17c4750aac5f] + + * plugins/sudoers/iolog.c: + Fix logic goof when checking open() status. + [76ece1445d71] + + * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, + src/po/nl.po, src/po/ru.mo, src/po/ru.po: + Sync with translationproject.org + [21351498000f] + + * NEWS, plugins/sudoers/sudoreplay.c: + Work around a bug in sudo 1.8.7 timing files where the indexes are + off by two. + [4aa0cd58af58] + + * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, + plugins/sudoers/sudoreplay.c: + Repair writing of the I/O log file indices broken in sudo 1.8.7. + [6a5f867884f5] + +2013-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to improve the PAGERS noexec example a bit. + [226f11118daa] + +2013-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Document comment character in ldap.conf Clarify what is and is not + supported in TLS_KEYPW Mention that gsk8capicmd can be used to + create a stash file + [fb8f06ab4458] + +2013-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + New bugs fixed for 1.8.8. + [c158df7cd9d2] + + * plugins/sudoers/visudo.c: + Fix setting of quiet flag when -q / --quiet is specified. Do not + print "sudoers: parsed OK" in quiet mode. + [df55acd57ce6] + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, + src/po/fi.po, src/po/it.mo, src/po/it.po: + Updated translations from translationproject.org + [e9e8abd23a28] + + * plugins/sudoers/check.c: + Don't allow root to change its SELinux role without a password. Bug + #611 + [f8b599acb29d] + +2013-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention new Mac OS X symbol interposition. + [98293b7c4e0f] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po, src/po/fr.mo, src/po/fr.po: + Updated translations from translationproject.org + [865be7454354] + + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add configure checks for the exec functions we will dummy out. This + is only really needed on Mac OS X when symbol interposition is being + performed but won't hurt elsewhere. + [49c20cf6bab0] + +2013-08-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, src/Makefile.in, + src/sudo_noexec.c: + Fix installation of sudo_noexec on Mac OS X. Use library symbol + interposition on Mac OS X 10.4 and higher so we don't need to set + DYLD_FORCE_FLAT_NAMESPACE=1. + [a82999dff8e6] + +2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix typo in tls_key example for Tivoli + [36599f424ac4] + + * src/parse_args.c: + Don't escape '$' when running "sudo -i command". Bug #564 + [17542d52f714] + + * plugins/sudoers/iolog_path.c: + Fix typo in comment. + [d0510ed5eaba] + + * plugins/sudoers/auth/pam.c: + Fix comment. + [4e89e0bfd6af] + + * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: + Quiet some gcc -Wformat=2 false positives + [28a2014b9822] + +2013-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Remove now-obsolete arg to env_merge() + [ba015cf5d935] + + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + Updated translations from translationproject.org + [72b6aeaba505] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: + French translation for sudo from translationproject.org. + [a72321771860] + + * plugins/sudoers/logging.h: + Add __printflike to audit_failure. + [1686b3699d41] + + * include/missing.h: + Use __nonnull__ attribute in __printflike. + [d123613a1fb6] + +2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + When merging the PAM environment, allow environment variables set in + PAM to override ones set by sudo as long as they do not match the + env_keep or env_check lists. + [f3c64967fed7] + + * plugins/sudoers/auth/pam.c: + Call pam_getenvlist() after we've opened the session to get the + session-specific environment variables. + [b413fb9e1c77] + + * plugins/sudoers/ldap.c: + Fix error display from ldap_ssl_client_init(). There are two error + codes. The return value can be decoded via ldap_err2string() but the + ssl reason code cannot (you have to look it up in a table online). + [0267125ce9f0] + +2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + option not flag + [08c31af7b818] + + * compat/getopt_long.c, config.h.in, configure, configure.in: + Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add + a check for optreset which is a BSD extension and provide a + definition in getopt_long.c if it is not present. + [3393e8d83400] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [f38f65830118] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: + Use lower case for the long option arguments to match the manual. + This is inconsistent with GNU but it is better to match the sudo + documentation. + [8fac2d64f5d2] + + * NEWS: + Sudo 1.8.8 + [105c73752474] + + * src/parse_args.c: + Use lower card for the long option arguments to match the manual. + This is inconsistent with GNU but it is better to match the sudo + documentation. + [af243dd39850] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Describe how remote command execution can be implemented. + [3eba7f93b7f6] + + * doc/sudoers.ldap.cat: + Bump version. + [0ee7f02f3627] + +2013-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + Make it a fatal error if the plugin returns invalid or out of range + command info. + [8a7e56c7584a] + + * plugins/sudoers/policy.c: + Use strtol() instead of atoi() and perform error checking of + parameters passed from the sudo front-end. + [05e05be3c6c4] + + * plugins/sudoers/auth/pam.c: + It is not possible for auth to be NULL here. + [771500e776e9] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Initialize user_runhost and user_srunhost to user_host and + user_shost in visudo and testsudoers. + [c47cca74e1fc] + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, + common/list.c, common/sudo_conf.c, common/sudo_debug.c, + compat/Makefile.in, compat/getopt_long.c, include/error.h, + include/fatal.h, plugins/sudoers/Makefile.in, + plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + src/Makefile.in, src/locale_stub.c, src/net_ifs.c, + src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: + Rename error.h -> fatal.h now that there is no error() function. + [3a3827f10f04] + + * common/sudo_debug.c, include/sudo_debug.h: + Add support to the debug subsystem for zero-length strings. This can + happen for things like warning(NULL) or fatal(NULL) where we just + want to log the errno string. + [3ed739c5cc91] + + * include/error.h: + Add __printflike for vfatal, vfatalx, vwarning and vwarningx. + [57e65ed595d2] + + * plugins/sudoers/audit.c: + Need to include gettext.h for BSM audit. + [a87fda2d0123] + + * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, + src/parse_args.c, src/sudo.c: + Change some fatalx(NULL) that should be fatal(NULL). + [8b1efda9f578] + + * include/error.h, include/missing.h: + Use __printf0like for warning() and fatal() since the fmt string may + be NULL. + [858a890f00ad] + + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [98f47f89ce60] + + * mkpkg: + Enable bsm audit on Mac OS X and Solaris >= 11. + [8607488f986c] + + * plugins/sudoers/bsm_audit.c: + Fix compilation on Solaris 11. + [01aa46298ed7] + + * plugins/sudoers/bsm_audit.c: + Add missing missing.h + [080de69a55a1] + + * plugins/sudoers/sudoers.c: + Move the -C (user_closefrom) check until after set_cmnd() so that + closefrom_override can be used in a command-specific Defaults line. + Fixes bug #610 from Mengtao Sun. + [413565c6ff6b] + +2013-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + If not using a pty and the child process gets SIGTTOU or SIGTTIN and + sudo is the foreground process, make the child the foreground + process and continue it. + [5ff433443bc4] + + * src/sudo.c: + If sudo is not setuid and was not invoked with a full path, look in + the user's PATH for the sudo binary to give a better error message. + [a740129a38f0] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.h: + Add limited support for "sudo -l -h other_host". Since group lookups + are done on the local host, rules that use group membership may be + incorrect if the group database is not synchronized between hosts. + [2c8b222a5f7f] + + * src/parse_args.c: + Fix parsing of "-h host" when used in conjunction with the -l flag. + [62f3d726d52b] + + * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, + src/sudo_usage.h.in: + Simplify usage messages a bit and make --help output more closely + resemble GNU usage wrt long options. Sync usage and man page + SYNOPSYS sections and improve long options in the manual pages. Now + that we have long options we don't need to give the mnemonic for the + single-character options in the description. + [17b7e386955a] + +2013-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Fix setting of mailer argv[0] to basename of mailerpath. No need to + strdup() mailerpath as it is not modified. + [8843cdd958ee] + + * plugins/sudoers/logging.c: + Make sure the mailer exists and is a regular file before trying to + exec it. + [b73d6214014f] + + * plugins/sudoers/timestamp.c: + If tty_tickets are enabled but there is no tty, use a ticket file + based on the parent pid. + [75408bd61ced] + + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: + Allow default plugin dir to be configured in sudo.conf. + [478883594cc5] + + * doc/CONTRIBUTORS: + UTF8 for Ruusamae, Elan; from Tae Wong + [02e0c95b4fa6] + +2013-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/regress/sudo_conf/test5.in, + common/regress/sudo_conf/test5.out.ok, + common/regress/sudo_conf/test6.in, + common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, + doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: + Don't allow max_groups to be set to zero, it just complicates things + needlessly. Fixes an assertion in visudo when there is a group- + based Defaults entry. + [d62a8ea32db9] + +2013-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/gidlist.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h: + Refactor code to parse list of gids into its own function that is + shared by the sudo front-end and the sudoers module. Make uid/gid + parse error be fatal, not just a warning. + [da3b2b06605c] + + * common/atoid.c: + Add function comment block. + [09a324de716f] + + * common/atoid.c: + Default text domain is now sudo, not sudoers. + [1acb1da6f304] + + * common/Makefile.in: + Update dependency for atoid.lo + [5e367cd44288] + + * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, + src/sudo.h: + Add endpointer and separator args to atoid() + [2077e4ed8578] + +2013-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/getgrouplist.c: + Use private version of atoid() to avoid a dependency on libcommon.a + (since that already depends on libreplace.a). + [7c12d63b0560] + + * doc/CONTRIBUTORS: + More UTF8 in names; from Tae Wong + [512b263f51c8] + + * compat/getgrouplist.c, plugins/sudoers/iolog.c, + plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: + Use atoid() in more places. + [06f4ae57c707] + + * MANIFEST, common/Makefile.in, common/atoid.c, + plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: + Move atoid() to common so it can be used in src and compat too. + [095d730701e4] + + * compat/closefrom.c: + Avoid a crash on Mac OS X 10.8 (at least) when we close + libdispatch's fds out from under it before executing the command. + Switch to just setting the close on exec flag instead. + [349ebf4987df] + + * doc/CONTRIBUTORS: + Convert to last, first for easier sorting and use UTF8 (including a + BOM). + [8c30d221bd75] + + * plugins/sudoers/atoid.c: + Add atoid() function to convert a string to an id_t (uid, gid or + pid). We have to be careful to choose() either strtol() or strtoul() + depending on whether the string appears to be signed or unsigned. + Always using strtoul() is unsafe on 64-bit platforms since the uid + might be represented as a negative number and (unsigned long)-1 on a + 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem + with uids larger than 0x7fffffff on 32-bit platforms. + [5d818e399157] + + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Add atoid() function to convert a string to an id_t (uid, gid or + pid). We have to be careful to choose() either strtol() or strtoul() + depending on whether the string appears to be signed or unsigned. + Always using strtoul() is unsafe on 64-bit platforms since the uid + might be represented as a negative number and (unsigned long)-1 on a + 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem + with uids larger than 0x7fffffff on 32-bit platforms. + [cd92246a710f] + + * plugins/sudoers/sudoers.c: + Avoid "perm stack underflow" error when logging the unknown uid + error. + [871514c713b7] + + * plugins/sudoers/set_perms.c: + In rewind_perms() there is nothing to do if perm_stack_depth == 0. + [98de335f47f0] + +2013-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: + Add pam_setcred sudoers option to allow the user to control whether + pam_setcred() is called on the user's behalf. + [4260a8e43073] + + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_service and pam_login_service sudoers settings to control + the service name passed to pam_start. + [5ea0e3588f3a] + + * mkpkg: + Newer Xcode places the SDKs under Xcode.app + [4b54379d5c45] + +2013-08-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/zero_bytes.c, + compat/Makefile.in, compat/memset_s.c, config.h.in, configure, + configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, + mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/logging.c, plugins/sudoers/sha2.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, + src/tgetpass.c: + Implement memset_s() and use it instead of zero_bytes(). A new + constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the + max conversation reply length. This constant can be used as a max + value for memset_s() when clearing passwords filled in by the + conversation function. + [264ec146028e] + +2013-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/system_group/Makefile.in: + Do not try to install plugins when shared modules are disabled + (sudoers already had the check). + [3d582c042042] + + * plugins/sudoers/Makefile.in: + Update dependencies to take into account compat/getopt.h and + compat/dlfcn.h. + [301fb31cd121] + + * src/Makefile.in: + Update dependencies now that sudo_usage.h is always included from + the build dir. + [c1ff70ec9515] + +2013-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Add some warnings and debugging to sasl ccname handling. + [467f415861f0] + + * plugins/sudoers/ldap.c: + Fix write loop invariant in sudo_krb5_copy_cc_file() + [6948cf6e9b9f] + +2013-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Strip off leading FILE: or WRFILE: prefix before trying to copy the + user's credential cache. + [56c16feab62f] + +2013-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, + just save RLIMIT_NPROC in exec_setup() before the final setuid() and + restore it immediately after. We don't need to modify RLIMIT_NPROC + for simple euid changes, just for changing the real (and saved) uids + before we exec. This also means we no longer need to worry about + _SC_CHILD_MAX returning -1. Bug #565 + [1372f1909039] + +2013-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, src/preload.c: + Now that the ldap code runs with the real and effective uid set to + 0, it is not possible for the gssapi libs to find the user's krb5 + credential cache file. To work around this, we make a temporary copy + of the user's credential cache specified by KRB5CCNAME (opened with + the user's effective uid) and point gssapi to it. To set the + credential cache file name, we dynamically look up + gss_krb5_ccache_name() and use it if available, otherwise fall back + to setting KRB5CCNAME. + [8b86c134541a] + +2013-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, + doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c: + Long option support for visudo and sudoreplay. + [91427968be71] + +2013-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, + src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: + Add support for long options and fix inclusion of sudo_usage.h with + modern gcc broken in 8597:1fcb7ba13018. + [d13134819944] + + * src/Makefile.in: + Add rule to rebuild sudo_usage.h when the .in file changes. + [59a32899e251] + + * compat/Makefile.in, mkdep.pl, src/Makefile.in: + Add make rules for building getopt_long.c + [5f57593b3a8b] + + * src/parse_args.c: + Make "-h hostname" work. Optional args in GNU getopt() only work + when there is no space between the option flag and the argument. + [b8258659cabb] + +2013-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, + configure, configure.in, doc/LICENSE, src/parse_args.c: + Use getopt_long() so we can make the -h flag take an optional + argument. Includes a version for those without it. + [d1dd66c8a86b] + +2013-07-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document that the -h option can be used specify a host name for + future plugins. + [8470c74cf326] + + * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: + Overload -h option to specify an optional hostname for remote + access. This is future-proofing; no policy plugins currently support + this. + [0e01d8c3c623] + + * configure, configure.in: + Bump version to 1.8.8 + [a1155bfaa28f] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document the remote_host setting (-h host) + [c737db906f5d] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + fix "the the" + [0025464a3942] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Do not error out if arg to -U option cannot be resolved, that is for + the plugin to decide. There is no need for runas_user and + runas_group to be global, make them local to parse_args() instead. + [fb02a62a72ba] + + * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, + plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, + src/po/pt_BR.mo, src/po/pt_BR.po: + Sync with translationproject.org + [e8f4772d918a] + +2013-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Remove old bits about sudo setuid problems that should have been + cleaned up in changeset 7917:fa4894896d8a. Also update the mode of + sudo to 04755 to match current packaging. + [1e3904cdc2de] + + * plugins/sudoers/auth/pam.c: + Go back to ignoring the return value of pam_setcred() since with + stacked PAM auth modules a failure from one module may override + PAM_SUCCESS from another. If the first module in the stack fails, + the others may be run (and succeed) but an error will be returned. + This can cause a spurious warning on systems with non-local users + (e.g. pam_ldap or pam_sss) where pam_unix is consulted first. + [b6022e26135a] + + * src/net_ifs.c: + Remove unused variable. + [93dde7d82fde] + + * NEWS: + Fix typo + [5ef79671c2c7] + +2013-07-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sssd.c: + Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). + From Dan Harnett. + [4a0af6f12765] + +2013-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Fix formatting typo; from Eric S. Raymond + [058b533ba460] + +2013-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Use -gxcoff on aix so dbx can be used to debug sudo. + [4950e019ed2d] + +2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typo; bug 605 + [41f7b46a6e51] + +2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, + src/po/tr.mo: + Regen .mo files that were out of date. + [9e25a254f9db] + +2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.in: + On Solaris 11 and higher, tag binaries for ASLR if supported by the + linker. + [a2a6cafa3e60] + + * mkpkg: + No longer need to disable PIE on Solaris. + [cf90019ae67e] + +2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: + Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. + OpenBSD also supports PIE but enables it by default so we don't need + to do anything. This fixes problems on systems with a version of GNU + ld that accepts -pie but where the run-time linker doesn't actually + support PIE. Also verify that a trivial PIE binary works unless PIE + is explicitly enabled. + [3c5f125efeb1] + +2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure, configure.in: + Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld + where we can end up crashing due to malloc() failures. Sems OK when + Using Sun as and ld. + [b8ba412102ab] + + * NEWS: + Update with final changes. + [78ff6d2ed47a] + +2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add -fPIE to PIE_LDFLAGS as per gcc manual. + [fe900cbb0780] + +2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/Makefile.in, compat/Makefile.in: + Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs + [f84bc7482b78] + + * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/visudo/test4.out.ok, + plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: + Replace sequence number-based cycle detection in visudo with a + "used" flag in struct alias. The caller is required to call + alias_put() when it is done with the alias. Inspired by a patch from + Daniel Kopecek. + [0bdbac1b3b39] + +2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Eliminate a few relocations related to sudoers_io. + [18e9e2cc3367] + + * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: + Sync with translationproject.org + [f38cc128a2ad] + +2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Clarify a comment. + [7a045ee06e95] + +2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Handle d_type == DT_UNKNOWN when resolving the device to a name and + sprinkle some more debugging. + [8774133747d9] + +2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Add message about disabling PIE if sudo gets SIGSEGV. + [c786af2a6751] + + * plugins/sudoers/check.h, plugins/sudoers/timestamp.c: + No longer store the ctime of a devpts tty. The handling of ctime on + devpts in Linux has been changed to conform to POSIX. As a result we + can no longer assume that the ctime will stay unchanged throughout + the life of the session. We store the session ID in the time stamp + file so there is a much smaller chance of the time stamp file being + reused by a new login. While here, store the uid/gid in the + timestamp file too for good measure. + [7028b21f7a9b] + + * configure, configure.in: + PIE is broken on FreeBSD/arm + [f232c60d6229] + + * mkpkg: + Add explicit sendmail path for Linux since we may not have sendmail + installed in the build chroot. + [1ba2f84f4ff0] + +2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: + Quiet a few -Wunused-result compiler warnings. + [ef12afb61423] + +2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention what SHA-2 formats are supported. + [bf298d0fdf8a] + + * doc/CONTRIBUTORS: + List code and translations separately. + [826547bc1295] + +2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: + Sync with translationproject.org + [9499a6f438b8] + + * plugins/sudoers/po/sudoers.pot: + regen + [cce449e284a6] + + * Makefile.in: + Fix c-format for fatal/fatalx + [4ad81d3faaeb] + +2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: + Change some error/errorx -> fatal/fatalx in comments and xgettext + flags. + [9d9b64fa2ec9] + + * NEWS: + There is now a Turkish translation of sudoers. + [701c5af6aa76] + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Updated translations from translationproject.org including new + Turkish translation. + [9cedbb50d90f] + +2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document that sudoers will re-use existing I/O log paths unless they + are mktemp-style with trailing X's. + [4f43bd13d9e7] + + * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: + Allow ldap_conf and ldap_secret to be specified as plugin arguments + in sudo.conf + [37c6c425b565] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + sudoers_debug is now deprecated in favor of the sudo debugging + framework. + [1195be1ec254] + + * plugins/sudoers/ldap.c: + Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use + SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the + debug file with the ldap subsystem. The sudoers_debug setting in + ldap.conf is still honored for now but will be removed in a future + release. + [cfa42b4b913e] + +2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers2ldif: + Add support for converting sudoers files with SHA-2 command digests. + [dc0d03485946] + + * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, + plugins/sudoers/sudoers2ldif: + Add copyright notice to scripts + [5e8bd4e6083f] + + * MANIFEST, plugins/sudoers/regress/sudoers/test14.in, + plugins/sudoers/regress/sudoers/test14.out.ok, + plugins/sudoers/regress/sudoers/test14.toke.ok: + Add regress for SHA-2 digests. + [0b258c2a2a95] + + * compat/getgrouplist.c: + Solaris maps negative gids to GID_NOBODY. + [57050e5c750f] + + * plugins/sudoers/visudo.c: + Clear up an llvm checker warning which appears to be a false + positive and fix an old XXX while I'm at it. + [9ee13133e596] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Correct last change date + [3bc1fa5b0f76] + + * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: + No need to translate this error message. + [4d9941970a26] + + * doc/UPGRADE: + Mention .sl vs. .so extension handling on HP-UX Mention group + membership changes Fix typos + [40ac0efbdb2b] + + * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, + common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, common/ttysize.c, + compat/Makefile.in, compat/dlopen.c, compat/endian.h, + compat/getline.c, compat/getprogname.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, doc/Makefile.in, + include/Makefile.in, include/alloc.h, include/fileops.h, + include/gettext.h, include/lbuf.h, include/missing.h, + include/sudo_plugin.h, pathnames.h.in, + plugins/group_file/Makefile.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, src/Makefile.in, + src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, + src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, + src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, + src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, + src/utmp.c: + Update copyright years. + [5c6d72661bad] + + * plugins/sudoers/mon_systrace.h: + Systrace support was removed long ago. + [10a038a2da77] + +2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Remove some files that were mistakenly added. + [833502da26de] + + * common/sudo_debug.c, config.h.in, configure, configure.in, + plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: + Use time(&now) instead of now = time(NULL) when storing the current + time in a time_t (better compiler error checking). Better parsing + and printing of 64-bit time_t on 32-bit platforms. + [c227dc72c04e] + +2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Don't check the tty of the parent process. Now that we get the + controlling tty device number from the kernel there is no need. If + the process has really disassociated from the tty then reporting + "unknown" is appropriate. + [62fb66e565db] + +2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/error.c: + Use EXIT_FAILURE instead of 1 as the fatal() exit value. + [ed94c2c5e88a] + + * src/sesh.c: + Change remaining errorx -> fatalx + [3f6d70e19303] + +2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an + error if the entry already exists in the cache. + [94d45970400a] + + * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: + Change "foo: failed" to just "foo" since we print the string form of + errno. Gets rids of some useless translations. + [476f37349dbc] + +2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Fix pasto in debug_decl + [08650186a239] + + * plugins/sudoers/Makefile.in: + regen + [acf4c34fba2c] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Rename log_error() -> log_warning() for consistency with + warning()/fatal() + [474ed5a0e335] + + * plugins/sudoers/auth/API: + The NO_EXIT flag was removed a while ago. + [e0a4be270226] + + * common/aix.c, common/alloc.c, common/error.c, include/error.h, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, + src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, + src/utmp.c: + Rename error/errorx -> fatal/fatalx and remove the exit value as it + was always 1. + [ea66f58c4da5] + + * NEWS: + digests are supported in sudoers ldap too + [77d6c25f7653] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Print test failures to stdout like the final count so the outputis + not displayed out of order. + [f541b78ecb93] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, + src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, + src/po/it.po, src/po/tr.po: + Sync with translationproject.org + [cbd70678b99f] + + * Makefile.in: + Check for any uncommitted changes in dist target and add force-dist + target that omit check-dist. + [78dc3f41e37e] + +2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/regress/ttyname/check_ttyname.c: + Fix logic bug when checking tty via ttyname(). + [279aee076194] + + * compat/endian.h: + Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and + __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) + [fe35e0b04502] + + * plugins/sudoers/po/sudoers.pot: + regen + [0ddebccd3045] + + * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document digest support. + [d794c7b9a7bc] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_base64.c: + Simple bas64 decode unit test. + [344b0df0fe50] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h: + Move base64_decode into its own source file. + [30497e7f88bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Only check year against 2038 if time_t is 32-bit. + [9c1f2e3fc3ba] + +2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.h, + plugins/sudoers/sssd.c: + Add digest support for sudoers in ldap and sss. + [314937b5e59e] + + * INSTALL, configure, configure.in: + Error out in configure if the compiler doesn't support "long long". + [d3645c1d50d1] + + * plugins/sudoers/match.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Include stdint.h or inttypes.h before sha2.h + [20ad1c20313d] + + * common/lbuf.c: + Simplify lbuf append functions by moving the realloc code into + lbuf_expand(). We now expand as needed each time bytes need to be + written to the lbuf. Also handle a NULL pointer being passed in for + paranoia's sake. + [6283ee562ef4] + + * plugins/sudoers/iolog.c: + Zero out struct iolog_details early to avoid a potential (though + unlikely) dereference of stack garbage if we hit a fatal error + before iolog_deserialize_info() is called. + [2eeca8be05fb] + +2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Update copyright year. + [b843c6a43238] + + * plugins/sudoers/sudoers_version.h: + Bump SUDOERS_GRAMMAR_VERSION for new digest support. + [188556fb8156] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Sanity check digest in parser so visudo can catch errors. Add base64 + support + [b8586d5cc7ed] + + * MANIFEST, compat/endian.h, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: + For big endian architectures just use memcpy() instead of BE macros + in a loop. + [c71a0f4a8a8e] + +2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/parse.h, + plugins/sudoers/regress/parser/check_digest.c, + plugins/sudoers/regress/parser/check_digest.out.ok, + plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Initial implementation of checksum support in sudoers. Currently + supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format + validation in parser and base64 support. checksum support for ldap + sudoers + [b8f196346eca] + +2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: + SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public + domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai + respectively. + [7511d07c0a83] + +2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Add sudo 1.8.6p8 + [0666fd0321ae] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: + Add missing "not" in error message when mixing standalone and non- + standalone authentication methods. + [7eba4439db73] + + * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: + Check for crypt() returning NULL. Traditionally, crypt() never + returned NULL but newer versions of eglibc have a crypt() that does. + Bug #598 + [887b9df243df] + + * plugins/sudoers/auth/pam.c: + Better PAM error messages + [fd7eda53cdd7] + + * plugins/sudoers/auth/kerb5.c: + Better error messages + [98142874a2f4] + + * plugins/sudoers/bsm_audit.c: + Use same error message for getauid() failure. + [07f0d88cb1df] + + * plugins/sudoers/sssd.c: + Start warning with a lower case letter for consistency and to match + existing translated strings. + [b719ac52c9e3] + +2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Disable PIE on Solaris where it is not really supported. + [c36c84cdcc7a] + + * src/ttyname.c: + AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit + before we try to match it against st_rdev. + [5dab449fb962] + + * src/ttyname.c: + Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes + a problem finding the tty name when it is not in /dev/pts. + [6c205d087fa0] + + * compat/snprintf.c: + Support %lld and %llu + [feabfa06c954] + + * .hgignore, MANIFEST, src/Makefile.in, + src/regress/ttyname/check_ttyname.c: + Add ttyname test. + [e987038f8c07] + +2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Sync with translationproject.org + [4d7b73b22079] + + * plugins/sudoers/timestamp.c: + Log timestampfile to debug file. + [e997281146c0] + + * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: + Don't add the "Password: " string we look up in the PAM text domain + to the sudoers.pot file. + [771b52244abf] + +2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + Synce with regcomp() error message change. + [fc6d3dfb8eb8] + + * plugins/sudoers/sudoreplay.c: + Be consistent with error message when regcomp() fails. + [de6c69ba04e4] + +2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh: + Use group -1 instead of 1 as the invalid group since the running + user might have group 1 as their default group. + [71404a9fa75d] + + * plugins/sudoers/Makefile.in: + PWD may be a shell builtin, use CWD instead. + [c443105c5091] + +2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Split up check_user(). + [ce7cc0767589] + +2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure.in: + Cosmetic fixes in the comments. + [640abee43c14] + +2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status + message for visibility checks when the test fails. + [99665477ee55] + + * config.h.in: + regen + [00c22606719a] + + * configure, configure.in: + We no longer use mbr_check_membership() and setrlimit64() is AIX- + specific. + [43caf685a1f1] + + * Makefile.in: + The first (all) target must be by itself or some makes will choose + the run the entire target list. + [16cf3def49f5] + + * configure, configure.in: + Do exec_prefix expansion when enable_shared even if noexec is not + enabled. + [7ed28cb32d8d] + + * compat/getgrouplist.c: + Use free() not efree() since we don't include alloc.h here + [1a008737be24] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [b939f941346f] + + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Pass in expected gid to testsudoers in addition to the uid that + matches the test sudoers files. + [6a1710e8cac1] + +2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Tru64 5.x does declare innetgr() and getdomainname(). + [c75598e69c7e] + + * plugins/sudoers/match.c: + Fix compilation when getdomainame() is not present. + [e831b017a962] + + * config.h.in, configure.in, include/missing.h: + Move SET/CLR/ISSET from config.h.in to missing.h + [3a3dd29fd7f0] + + * configure, configure.in: + Fix getgrouplist() check. + [12a2adf60e98] + + * MANIFEST: + No more timestamp.h + [5677e26afc0f] + + * plugins/sudoers/check.c: + Neded sys/time.h for struct timeval in struct sudo_tty_info. + [aceaadd8c400] + + * plugins/sudoers/Makefile.in: + regen depends + [21675a8b67e5] + + * NEWS: + Mention libibmldap on HP-UX + [75b4e4b22950] + + * NEWS, plugins/sudoers/match.c: + Instead of checking the domain name explicitly for "(none)", just + check for illegal characters. + [ce35dda811db] + + * plugins/sudoers/visudo.c: + Only warn once when we are unable to open the sudoers file. + [9e27e3aa5b10] + + * plugins/sudoers/sudoers.c: + Fall back to opening /dev/tty to determine whether there is a tty if + the system doesn't have kernel support for determing the tty. + [2775bcf9a9b5] + + * compat/getprogname.c: + Update guard to take __progname into account + [60eae3f20232] + + * compat/snprintf.c: + Some older systems have inttypes.h but not stdint.h + [ed1ef160015f] + + * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, + compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c: + Add guards in compat source files. Not really needed since we only + include them in the Makefile if they are needed but should not hurt + either. + [8cbd3b4595b9] + +2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Don't include gram.h in gram.y, its contents are already included. + Move sudoerserror to the end of gram.y so COMMENT is declared when + we need to use it. + [7d72ebdd7222] + +2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure.in: + Remove some pre-ANSI cruft. + [6a95704b2116] + + * plugins/sudoers/match.c: + Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h + when it is set. + [da40c550ffed] + + * NEWS, plugins/sudoers/iolog_path.c: + We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but + just leave it as-is. + [9a22de140d28] + +2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Add missing semicolon in rule. + [817d3f1b2a21] + + * plugins/sudoers/sudoers.c: + Now that we can determine the terminal even when file descriptors + are redirected we can check user_ttypath rather than opening + /dev/tty when enforcing requiretty. + [56a28bc09041] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Stash umask in struct sudo_user so we don't need to look it up + later. + [9f85749199dc] + + * plugins/sudoers/sudoers.c: + Minor cosmetic change + [c373e106ed49] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to declare interfaces + [d7ff7e579557] + + * plugins/sudoers/logging.c: + Fix compilation in SUDOERS_NO_SEQ case + [9a6db9247534] + + * plugins/sudoers/regress/parser/check_addr.c: + No longer need to define sudo_printf + [578ad13c3546] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c: + Pass auth_pw to the timestamp functions. + [f603649177d6] + + * plugins/sudoers/iolog_path.c: + Fix SUDOERS_NO_SEQ + [17881f9bcd68] + + * plugins/sudoers/locale.c: + Don't need all of sudoers.h in here + [c518150c6483] + + * plugins/sudoers/sudoers.c: + Don't need to include sudoers_version.h here. + [8abb31102119] + +2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + DEFAULT_LECTURE is no longer used. + [f565c00a68c1] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: + Move sudo_conv into policy.c + [f699aee7136b] + + * plugins/sudoers/pwutil.c: + cosmetic fixes + [930e60389ca8] + + * plugins/sudoers/match.c: + RHEL (and perhaps other Linux distros) use the string "(none)" + instead of an empty string when there is no actual NIS-style domain + name. Bug #596 + [11aec11489ac] + + * plugins/sudoers/match.c: + Fix return values when NAME_MATCH is defined. + [ce030be9ccef] + +2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: + Update copyright year. + [7e4b8d49addd] + + * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, + plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: + Add sudo_set_grlist(), currently unused by the back end. + [b37ac1d0e8fc] + + * plugins/sudoers/pwutil.c: + Remove unused macros, fix a debug_decl + [6136fb4a0d3b] + + * include/missing.h: + Tru64 Unix doesn't prototype innetgr() or getdomainname(). + [585ac1874dfe] + + * include/missing.h: + Whitespace fixes + [0bb28cd91d97] + + * common/error.c: + Don't need to include setjmp.h here, error.h already includes it. + [fd05ab00e186] + +2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/Makefile.in, plugins/sudoers/Makefile.in: + regen depends + [57991f5e16b4] + + * plugins/sudoers/check.h: + Rename guard define. + [ccf4dba241d6] + + * plugins/sudoers/check.c, plugins/sudoers/check.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Move contents of timestamp.h into check.h. + [c139757a9283] + + * plugins/sudoers/sudoers.h: + expand_prompt() is now in prompt.c sudo_printf extern is now in + error.h + [219bd74ca62b] + + * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, + plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, + plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, + plugins/sudoers/toke.h: + Change multiple inclusion guards to be _SUDOERS_FOO_H + [faace6d55e78] + +2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, + src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: + New Dutch translation for sudo and sudoers New Turkish translation + for sudo From translationproject.org + [bc918b7b23a4] + +2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + Fix a typo in a comment and make sure we don't mistakenly include + _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in + [694d12ac70ec] + +2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Don't build check_symbols if we are linking sudoers in statically. + [f6602723bab7] + + * configure, configure.in: + Use $host_os not $host when we only care about the os name and + version. + [05e4f4fcba06] + + * aclocal.m4, configure, configure.in: + Suppress duplicate -L and -I flags. + [228f2f581aed] + + * common/Makefile.in, compat/regress/fnmatch/fnm_test.c: + Fix regress tests on non-OpenBSD platforms. + [9d91bc859c50] + + * configure, configure.in: + If we find sasl/sasl.h there's no need to check for sasl.h too + [889efaa86012] + + * aclocal.m4, configure, configure.in: + Add -R flags at the very end after configure link tests are done + since we can only count on libtool to accept -R, the compiler front + end may not. Also unify the libldap and libibmldap tests using + AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by + libibmldap (but is not an explicit dependency). + [ab1451894351] + +2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Back out changes that broke detection of skey, opie and ldap + libraries. + [ffa82b8f8641] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/regress/visudo/test1.sh, + plugins/sudoers/regress/visudo/test2.sh, + plugins/sudoers/regress/visudo/test3.sh: + Add explicit "exit 0" to prevent the check target from ending + prematurely. + [cca411b492bd] + + * plugins/sudoers/Makefile.in: + Fix exit values in check target so we don't have to ignore errors. + [cbc429c409e9] + + * plugins/sudoers/Makefile.in: + Fail a test if there is unexpected stderr output. + [4fc24d536bec] + + * MANIFEST: + Fix path to sudo.conf manuals; remove non-existant test2.err.ok + [6b8bcd60dd85] + + * src/load_plugins.c: + Fix compilation in dynamic mode. + [679856fa0774] + + * configure, configure.in: + On HP-UX, libibmldap has a hidden dependency on libCsup + [22994709d77c] + + * compat/dlopen.c: + Pass BIND_VERBOSE to shl_load() + [0060b9cfa9ab] + + * configure, configure.in: + Only create static helper libs when --disable-shared is specified. + [1fcdb1a437e0] + + * src/load_plugins.c: + Ubreak static build. + [4ac9f96be285] + + * INSTALL, aclocal.m4, configure, configure.in: + Replace --with-rpath and --with-blibpath with --disable-rpath. Now + that we use libtool for linking we can just use the -R flag and have + libtool translate it to the proper linker flag. + [09798fad6888] + +2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Bump I/O buffer size 32K + [4ef793225309] + +2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Document sesh Path setting. + [34b0b903b4f8] + + * src/exec.c, src/exec_common.c: + Move exec_cmnd to exec.c to fix a compilation issue with sesh.c + [06aa1956f38d] + + * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, + src/selinux.c: + Make sesh path configurable in sudo.conf + [91d331f273b7] + + * configure, configure.in: + Use -fno-pie and -nopie if supported when --disable-pie is + specified. + [777138c04dcc] + +2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document direct execution of the command if the policy plugin has no + close function. + [6a14145c6e80] + +2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Only delete creds if we actually established them. Print an error if + pam_setcred() fails and we actually authenticated. + [1e015314903b] + + * common/Makefile.in, plugins/group_file/Makefile.in: + regen + [dd8cee2a5e1b] + + * common/alloc.c, include/alloc.h: + Convert efree() to a macro that just casts to void * and does + free(). If the system free() can't handle free(NULL) this may crash + but C89 was a long time ago. + [efd0ff9270fb] + + * configure, configure.in: + Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. + Fixes a problem with errno sometimes not being set on error on HP- + UX. + [54b419d58320] + + * common/sudo_debug.c: + Fix debug logging from the plugin when there is no error number. + This was broken in the big debugging reorg for 1.8.7. + [2ea7e145e928] + +2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, plugins/group_file/Makefile.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/load_plugins.c: + Always install plugins with a .so extension regardless of what + extension the system uses for shared libraries. That way the + group_plugin sudoers setting can be shared between heterogenous + systems. + [a7e6ecff6fdf] + + * plugins/sudoers/match.c: + Mac OS X has netgroup functions in netdb.h. + [243881a974aa] + + * plugins/sudoers/parse.h: + Tags in struct cmndtag can be set to IMPLIED as well. + [cb6926988cc8] + + * plugins/sudoers/parse.c: + Quiet a compiler warning. + [14e608c2001d] + + * plugins/sudoers/testsudoers.c: + Quiet an llvm checker warning. + [2eeb9f3d08f3] + + * plugins/sudoers/parse.c: + Quiet gcc -Wuninitialized false positive + [643ad987503d] + +2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Document group_file and system_group plugins. + [b56511e79230] + + * NEWS: + Sudo 1.8.7 + [e95183b8fa27] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Try to clarify that sudoedit in sudoers should not include a leading + pathname. + [7b2beac92a9c] + + * plugins/sudoers/pwutil_impl.c: + Make sure groupname_len is at least 32 just to be on the safe side. + It is better to allocate a little extra and not need it than to have + to reallocate and start over. + [6d3e1ba47de9] + + * include/alloc.h, include/missing.h: + Add __malloc_like macro to apply __malloc__ attribute to emalloc, + ecalloc and estrdup. It cannot be applied to realloc since that may + return the same pointer. + [8d70cb81d1f1] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix potential double free in an error path. + [657573feb6a4] + + * src/exec_pty.c: + When running the command in a pty, defer the call to exec_setup() + until just before we exec the command. This is consistent with the + non-pty path. As a side effect, the monitor process runs as root and + not the runas user. + [e2a7f8c7ee4c] + +2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/closefrom.c: + Update copyright year. + [9b652af4dfc0] + +2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/closefrom.c: + Use pst_highestfd from pstat_getproc() on HP-UX. + [09f3fea46a3d] + +2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, common/Makefile.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Clean up generated test files and other minor housekeeping. + [f5f4fdd908e1] + + * plugins/sudoers/iolog.c: + Add back gettimeofday() call inadvertantly removed in e1abb9810a83 + [675cce8401ae] + + * config.h.in, configure, configure.in, src/ttyname.c: + Use pstat() on HP-UX to determine the tty device. + [2884af22a9df] + + * plugins/sudoers/auth/pam.c: + Fix PAM compilation: def_pam_session, not just pam_session. + [5417d7acc6ea] + + * doc/fixmdoc.sh: + Don't remove the -S option description when trimming out selinux. + Bug #592 + [8a94f2cfa0a0] + +2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for Sudo 1.8.6p7 + [0858a73e9c40] + +2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Document when sudo may exec the command directly instead of forking. + [da41951edc28] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document that close and version be NULL for plugin API >= 1.3 and + that sudo may execute the command directly if there is no close, or + pty or timeout needed. + [e5f929ddeaf8] + + * plugins/sudoers/auth/sudo_auth.c: + Fix debug_decl for sudo_auth_begin_session and + sudo_auth_end_session. + [58243392c0df] + + * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: + Add pam_session sudoers option. + [d994465db9f1] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.h: + Dummy out close function if there is no end_session for the auth + method and the front-end can handle a NULL close function. Avoids + the extra sudo process when we don't actually need it. + [74886d5b0fb6] + +2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, aclocal.m4: + Add m4/ to paths m4_include parameters so we don't need to use + autoconf's -I flag. + [4fd86e7a84f3] + + * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, + src/sudo_plugin_int.h: + If the policy plugin does not provide a close function, there is no + command timeout and no pty is required, skip the event loop and just + exec the command directly. + [ad532f107170] + + * src/sudo.c: + Do not crash if the plugin close and version functions are not + defined. If there is no policy close function, simply print a + warning that the command was not found. + [c789a9dd54e8] + +2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c: + Fix typos in selinux/solaris privs specific code. + [9af3999361b4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass the default plugin directory to the plugin via the settings + list. Could be used by a stacking plugin. + [688e771fc145] + + * plugins/sudoers/timestamp.c: + Completely ignore time stamp file if it is set to the epoch, + regardless of what gettimeofday() returns. + [df58842af660] + + * doc/CONTRIBUTORS: + Add Nikolai Kondrashov + [df59791438f9] + + * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: + Use userpw_matches() for username matching so #uid works for + sudoRunAsUser. + [a124062334df] + + * plugins/sudoers/sssd.c: + Avoid calling realloc3() with a zero size parameter when all + retrieved sssd rules fail. Otherwise we'll get a run-time error due + to malloc(0) checking. + [84dfcb73ebd7] + + * plugins/sudoers/sssd.c: + Do not send error mail if a user is not found in SSSD. Local users + can run sudo too. From Nikolai Kondrashov + [3d2ae99ee468] + +2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/regress/sudo_conf/test4.in, + common/regress/sudo_conf/test4.out.ok: + Test setting disable_coredump to illegal value. + [3c71c6c49027] + + * common/sudo_conf.c: + Fix atobool() usage. + [d40c9f4d06b0] + + * common/regress/sudo_conf/conf_test.c: + Remove unused variable. + [328b524b365b] + + * plugins/sudoers/sudoers.c: + Make "sudo -l non_existent_command" warn that non_existent_command + doesn't exist, not the "list" pseudo-command. + [9dc0388fc4f3] + + * plugins/sudoers/parse.c: + Make sudoers file long list output better match the format used by + ldap sudoers. Tags are now converted to options and there is a + single command per line. + [6e6dc3f20d84] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use the correct the sudoers policy symbol names and undo an editor + goof committed when adding max_groups to sudo.conf. + [2a6f7ddf5cc3] + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" start a new line if the runas list changes to make the + output easier to read. + [7dc3d724c924] + +2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: + For "sudo -l" and "sudo -ll" only print the runas info for + subsequent commands in a list if the runas info has changed. If we + have new runas info, print out the tags again so as to be less + confusing to the user. For "sudo -ll" set the line continuation + indent to 8. + [b5ec02fe7fc1] + +2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, + plugins/group_file/group_file.c, plugins/group_file/group_file.exp, + plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, + plugins/sample_group/sample_group.exp: + Rename sample_group plugin to group_file. Install group_file and + system_group plugins by default. + [951b3e446fae] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add maxseq sudoers option to limit the max number of I/O log files. + [e1abb9810a83] + +2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Log lines and columns in the iolog file. + [03adb6230e05] + +2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, + common/regress/sudo_conf/test1.in, + common/regress/sudo_conf/test1.out.ok, + common/regress/sudo_conf/test2.in, + common/regress/sudo_conf/test2.out.ok, + common/regress/sudo_conf/test3.in, + common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, + include/sudo_conf.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, + src/sudo.c: + Add simple regress tests for sudo.conf parsing. + [3c36b61bf61c] + + * src/sudo.c: + Always display the I/O plugin version as long as its open functions + doesn't return an error. Previously it was only displayed if the + plugin open returned 1. + [4b0277db3f8c] + + * plugins/sudoers/pwutil_impl.c: + Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead + of poking around in struct utmpx. + [2c0cc5c42958] + + * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: + #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the + build directory and not the src dir when using a separate build + directory. + [1fcb7ba13018] + +2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/fileops.c: + If a line was longer that 0x80000000 the bit hack to round to the + next power of two would roll over to zero. + [f4f729cf6f0f] + + * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Use max_groups in front-end and plugin. + [bf1e74166831] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, src/parse_args.c: + Pass max_groups to plugin in settings list. + [d7d76e8651f4] + + * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, include/sudo_conf.h: + Add max_groups setting to sudo.conf (currently unused) and remove + unused return value from setters. + [f6494f71e1f0] + +2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Reorganize configure options + [23475de8039f] + +2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Add Sudo 1.8.6p7 + [5192fc511cbe] + +2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL.configure: + Sync with autoconf 2.68 + [985e5c8efa4e] + + * INSTALL, README: + Remove obsolete OS notes and move build requirements to INSTALL. + [bf0dd53ca164] + +2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Sort elements of the settings, user_info and command_info lists. + [663062ada5b7] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove trailing white space + [027916a6c8e7] + + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Store the session ID in the tty ticket file too. A tty may only be + in one session at a time so if the session ID doesn't match we + ignore the ticket. + [4eb2cb8df48b] + +2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move tzset() call from sudoers plugin to sudo front end. + [3c058dad8772] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Mention line continuation + [399873f8c805] + + * MANIFEST, common/Makefile.in, common/fileops.c, + common/regress/sudo_parseln/parseln_test.c, + common/regress/sudo_parseln/test1.in, + common/regress/sudo_parseln/test1.out.ok, + common/regress/sudo_parseln/test2.in, + common/regress/sudo_parseln/test2.out.ok, + common/regress/sudo_parseln/test3.in, + common/regress/sudo_parseln/test3.out.ok, + common/regress/sudo_parseln/test4.in, + common/regress/sudo_parseln/test4.out.ok, + common/regress/sudo_parseln/test5.in, + common/regress/sudo_parseln/test5.out.ok, + common/regress/sudo_parseln/test6.in, + common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, + include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudo_nss.c: + Add line continuation support to sudo_parseln() and make it use + getline() instead of fgets() internally. + [d02bf3973fc5] + +2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sample/sample_plugin.c: + Fix memory leak in error path; found by llvm checker + [d090c26a5b00] + + * plugins/sudoers/sudoreplay.c: + Remove useless store detected by llvm checker. + [12a4db91651a] + + * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, + src/load_plugins.c, sudo.pp: + Sudo now stores its libexec files in a "sudo" subdirectory instead + of in libexec itself. For backwards compatibility, if the plugin is + not found in the default plugin directory, sudo will check the + parent directory default directory ends in "/sudo". + [5de67de76489] + + * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, + plugins/system_group/system_group.c: + Add missing __dso_public to plugin structs so they are exported. + [dde703577621] + + * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: + Mention that sudoers has its own plugins too. + [0a6c6203b512] + +2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Correct last change date. + [45894291d792] + + * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in: + Remove duplicated sudo.conf info in the sudo, sudoers and + sudo_plugin manuals and cross-reference the new sudo.conf manual. + [b808ba29cf3a] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + Fix typos + [0e70964150c6] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in: + Fix some typos. + [94ae045cfbc6] + + * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, + doc/sudo.conf.mdoc.in: + Add standalone sudo.conf manual page. + [d64d949b700c] + + * doc/sample.sudo.conf: + add group_source example + [118c1ba1c014] + + * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, + doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. + [f5bd6006dc1c] + + * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, + src/po/it.po: + Sync with translationproject.org + [a6f2b9aac371] + +2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, + src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, + src/po/vi.po: + Sync with translationproject.org + [ba546666969d] + +2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, + src/po/es.po, src/po/gl.po: + Sync with translationproject.org + [cdc454e34c03] + +2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Clarify ttyname changes. + [cbf2f80fe582] + + * NEWS: + Add 1.8.6p6 + [3aa591e98b3b] + + * src/ttyname.c: + Remove ttyname() fall back code on systems where we can query the + kernel for the tty device via /proc or sysctl(). If there is no + controlling tty, it is better to just treat the tty as unknown + rather than to blindly use what is hooked up to std{in,out,err}. + [b2bd3005d2e4] + +2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: + Add group_source setting in sudo.conf to allow the admin to specify + how a user's groups are looked up. Legal values are static (just the + kernel list from getgroups), dynamic (whatever the group database + includes) and adaptive (only use group db if kernel group list is + full). + [87a5b02e22ad] + + * plugins/sudoers/policy.c: + Pass back exec_background to front end if it is enabled in sudoers. + [8230e1cd0bbd] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention that exec_background is for 1.8.7 and higher only. + [fdf0d5a3e182] + +2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + Add missing test files. + [1165389aa5e6] + + * plugins/sudoers/regress/visudo/test3.err.ok, + plugins/sudoers/regress/visudo/test3.out.ok, + plugins/sudoers/regress/visudo/test3.sh: + Add regress test for bug 361 + [54c7fb61b82d] + + * plugins/sudoers/iolog.c: + Add __dso_public to extern declaration of declaration to match + actual definition. + [4695ded501e6] + + * NEWS: + Add 1.8.6p5 + [b07b28c5c4d7] + +2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, + plugins/sudoers/regress/visudo/test2.out.ok, + plugins/sudoers/regress/visudo/test2.sh: + Add test for visudo cycle check core dump; test case from Daniel + Kopecek + [41074541147a] + + * plugins/sudoers/visudo.c: + Fix potential stack overflow due to infinite recursion in alias + cycle detection. From Daniel Kopecek. + [d7e018a87434] + + * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: + Ignore duplicate entries in sudo.conf and report the line number + when there is an error. Warn, don't abort if there is more than one + policy plugin. + [dfcb5a698f0a] + + * plugins/sudoers/tsgetgrpw.c: + Use strtoul() not atoi(). + [58a52cf9b6b8] + +2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/Makefile.in: + regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo + [9b44e9d26d16] + + * compat/nss_dbdefs.h: + Fix typo that breaks the build on HP-UX. + [b9ab6ba23485] + + * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, + configure, configure.in: + Use nss_search() to implement getgrouplist() where available. Tested + on Solaris and HP-UX. We need to include a compatibility header for + HP-UX which uses the Solaris nsswitch implementation but doesn't + ship nss_dbdefs.h. + [d29dbc4dc06d] + +2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: + Remove extra flag to sudo_sigaction(). We want to trap the signal + regardless of whether or not it is ignored by the underlying command + since there's no way to know what signal handlers the command will + install. Now we just use sudo_sigaction() to set a flag in + saved_signals[] to indicate whether a signal needs to be restored + before exec. + [c042d52c7192] + +2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/getgrouplist.c, config.h.in, configure, configure.in: + Use _getgroupsbymember() on Solaris to get the groups list. Fixes + performance problems with the getgroupslist() compat on Solaris + systems with network-based group databases. + [287d3ae2ce8d] + +2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Document signal handler behavior in plugin API 1.3 + [20dc9d1c105f] + + * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, + src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: + Move signal code into its own source file and add sudo_sigaction() + wrapper that has an extra flag to check the saved_signals list to + only install the handler if the signal is not already ignored. Bump + plugin API version for the new front-end signal behavior. + [5d2f27a1b404] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute + the command. If we get SIGINT or SIGQUIT, call the plugin close() + functions as if the command was interrupted. If we get SIGTSTP, + uninstall the handler and deliver SIGTSTP to ourselves. + [332baf3a81b7] + + * src/exec.c, src/exec_pty.c: + Rename handle_signals() to dispatch_signals(). Block other signals + in handler() so we don't have to worry about the write() being + interrupted. + [666e95c9a0f1] + +2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/tgetpass.c: + Rename signal handler to avoid name clash with one in exec.c + [8913101a29b6] + +2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + Add missing call to save_signals(). + [47d075d7326b] + +2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Fill in the comment block at the top of the .pot files and preserve + it when regenerating them. + [6449497b76db] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Add exec_background option in plugin command info and a sudoers + option to match. When set, commands are started in the background + and automatically foregrounded as needed. There are issues with some + ill-mannered programs (like Linux su) so this is not the default. + [c0b32b0938f2] + + * common/Makefile.in: + regen + [2b2b220e7aea] + + * src/Makefile.in: + Add SESH_OBJS variable for sesh object files. + [d3e04ae8fd1f] + + * configure.in, doc/LICENSE, plugins/sudoers/redblack.c: + Update copyright year. + [61a0f0cedb13] + + * src/exec_pty.c: + Always resume the command in the foreground if sudo itself is the + foreground process. This helps work around poorly behaved programs + that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At + worst, sudo will go into the background but upon resume the command + will be runnable. Otherwise, we can get into a situation where the + command will immediately suspend itself. + [c368ac3eb2e4] + + * configure, configure.in: + Use -fstack-protector-all in preference to -fstack-protector where + supported. + [f930c95ceb51] + +2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Only test for -fstack-protector and -fvisibility=hidden on GNU + compatible compilers. + [796f4696d863] + +2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Add Sudo 1.8.6p4 + [8a928de8e717] + + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, + src/Makefile.in: + Break out stack smashing protector options into SSP_CFLAGS and + SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). + [01be114fc9fb] + +2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, plugins/sudoers/redblack.c: + In rbrepair(), make sure we never try to change the color of the + sentinel node, which is the first entry, not the root. From Michael + King + [3fc4dc4004ec] + +2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + No need to restore default signal handler for SIGSTOP as it is not + catchable. Attempting to do so is harmless but sigaction() will fail + and set errno to EINVAL which makes it looks like there is an error. + [be7c0b759e9a] + + * src/exec.c: + Print SIGCONT_FG and SIGCONT_BG properly in debug output. + [93e59e301c8f] + +2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. + [9ed48f696595] + +2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Add howmany() macro since some systems have this in sys/param.h + which we no longer include. + [2c5efaa16c45] + +2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/sudoers/test11.toke.out.ok: + Remove errant file. + [a91699beffc6] + +2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Remove obsolete sudoers_cleanup() stubs. + [89153025a2ae] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/secure_path.c, + common/sudo_conf.c, common/sudo_debug.c, common/term.c, + compat/closefrom.c, compat/getcwd.c, compat/glob.c, + compat/snprintf.c, include/missing.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/policy.c, plugins/sudoers/prompt.c, + plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, + plugins/sudoers/redblack.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + plugins/system_group/system_group.c, src/conversation.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/get_pty.c, + src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: + Don't include <sys/param.h>. We only needed it for MAXPATHLEN, + MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and + HOST_NAME_MAX throughout without falling back on MAXPATHLEN or + MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. + [f4807d46f504] + + * include/missing.h, plugins/sudoers/match.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN + (sys/param.h or netdb.h). + [2544f5e306dd] + +2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Move debug_decl() in log_failure() to be after the variable + declarations for C89. + [f48d2035ab44] + +2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/error.c, include/error.h, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Cannot wrap sigsetjmp() or we end up returning to the wrong place. + Use a macro instead. + [749ee6acdad8] + +2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/policy.c: + Fix return in sudoers_policy_open that should be debug_return. + [a78b795b6846] + +2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case + too. + [acfa891c229e] + + * src/solaris.c: + Quiet a gcc warning and add comment about needing to keep the handle + open. + [f954f228960f] + +2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention --disable-shared + [6954d39e2d0f] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Add missing command_info argument in I/O plugin open() prototype. + Bug #579 + [72beb07aba0e] + +2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c: + Regen for proper line numbers. + [6cf6e132e764] + + * configure, configure.in: + Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. + [d604dc8ca38a] + + * common/sudo_printf.c: + Include missing.h for __printflike. + [a33640600faf] + + * plugins/sudoers/iolog.c: + Saner loop invariant in io_mkdirs (cosmetic only). + [dc30274afe38] + + * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, + configure, configure.in, include/error.h, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, + src/sesh.c: + Move warn/error into common and make static builds work. + [4d3f374f4e4c] + + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/conversation.c, src/sesh.c: + Move _sudo_printf from src/conversation.c to common/sudo_printf.c. + Add sudo_printf function pointer that is initialized to + _sudo_printf() instead of requiring a sudo_conv function pointer + everywhere. The plugin will reset sudo_printf to point to the + version passed in via the plugin open function. Now plugin_error.c + can just call sudo_printf in all cases. The sudoers binaries no + longer need their own version of sudo_printf. + [9b09d3f63790] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't + need error_jmp to be extern. Also add plugin_clearjmp() that clears + a flag so error()/errorx() knows when to call exit() vs. longjmp(). + [5a4617148e70] + + * plugins/sudoers/set_perms.c: + Let warning() call gettext() for us. + [ab8d502ba4ac] + + * include/error.h, plugins/sudoers/plugin_error.c, src/error.c: + Do locale swapping in the warning()/error() macros themselves + instead of in the underlying functions. + [4cd205540e17] + + * common/alloc.c, common/list.c, include/error.h, + plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/hooks.c: + Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). + [48346393634d] + + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, + src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Call gettext() on parameters for warning()/warningx() instead of + having warning() do it for us. + [c71088bc9d3e] + + * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: + Call gettext() in sudoerserror() in the user's locale and pass the + untranslated string to it. + [cdbfc231b848] + + * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Allow sudoers programs (visudo, sudoreplay, visudo) to use + plugin_error.c instead of the error.c from the front-end. This means + sudoers_setlocale() needs to be independent of the sudo_user struct + and the defaults table. The sudoers locale is now updated via a + callback. + [e356f5f8cd6a] + + * plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c + Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers + warning/error functions work when sudo_conv is NULL + [7365ee24a779] + + * src/error.c: + No need to change locale in front-end warning()/error(). + [23dc1df7f93b] + + * plugins/sudoers/tsgetgrpw.c: + Ignore bad lines in passwd/group file instead if stopping processing + when we hit one. + [79b790559075] + + * plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test5.sh: + Bash doesn't let you set UID to use MYUID instead. + [5be56335f059] + + * plugins/sudoers/visudo.c: + Avoid NULL deref for unknown Defaults in strict mode. + [545c21c1e7d6] + + * common/sudo_conf.c, common/sudo_debug.c: + See DEFAULT_TEXT_DOMAIN + [3d723e1d27db] + +2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * .hgignore: + Add signame.c and mksigname. + [d59bbf423f00] + + * plugins/sudoers/Makefile.in: + Fold preinstall into install-plugin and pass the path to the plugin + binary to the preinstall command. + [2c2205af8bb7] + + * pp: + sync with upstream + [a4b7336b3256] + + * src/sudo.h: + repair spacing + [f5c1255ce514] + +2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c: + Set group on sudo_debug when creating it to gid 0 so systems without + BSD group semantics don't get the invoking user's group. + [7dda01196554] + + * plugins/sudoers/iolog.c: + Rename mkdir_parents() io_mkdirs() and add a flag to specify whether + path is a temporary, in which case the final component is created + via mkdtemp() instead of mkdir(). + [79c0c4e7ed58] + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: + For PERM_ROOT set egid to 0 so log files are not created with the + gid of the user. + [5b964ea43474] + + * plugins/sudoers/logging.c: + Add calls to set_perms(PERM_ROOT) becore logging to a file. We + should already be root but since we cache the current permission + status it is basically free. That way, if more of sudoers runs as + non-root in the future logging will still work correctly. + [c591d4973f41] + + * common/sudo_conf.c, config.h.in, configure, configure.in, + include/gettext.h, plugins/sudoers/locale.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c: + #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. + [41f6bb4926f4] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in: + Mention that sudo.conf is parsed in the C locale. + [f711c416e30c] + + * common/sudo_conf.c: + Parse sudo.conf in the "C" locale. + [776658f651ea] + + * plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.h: + Fix compilation on systems w/o setlocale() + [6940d1c1c1ce] + + * doc/TROUBLESHOOTING: + Sudo now includes a workaround for the Solaris 11 locale issue. + [ab93787a552c] + +2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/gettext.h, plugins/sudoers/iolog_path.c, + plugins/sudoers/locale.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: + Always include locale.h from gettext.h so we no longer need to + include locale.h from the .c files. + [93d39182ccfa] + + * MANIFEST, config.h.in, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, + src/solaris.c, src/sudo.c, src/sudo.h: + Add os-specific initialization functions for solaris (workaround + setuid locale problem in Solaris 11) and openbsd (set malloc_options + if SUDO_DEVEL). Also move set_project() to solaris.c. + [1d6581afbaf4] + +2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/policy.c, + plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: + Avoid strerror() when possible and just rely on warning/error to + handle errno in the proper locale. + [bf612caae97c] + + * plugins/sudoers/logging.c: + Set sudoers locale in log_allowed() + [2dd0ac704cae] + + * plugins/sudoers/check.c: + Make the sudo lecture translatable. + [3cdfc183d72d] + + * Makefile.in: + Add the values of badpass_message, passprompt and mailsub to + sudoers.pot so they can be translated. + [51cbe8adcb94] + + * plugins/sudoers/logging.c: + Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked + up by xgettext. + [c5b74115caf0] + +2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Make expand_prompt() args const and free the prompt when we are done + with it. + [995ef8519fe6] + + * plugins/sudoers/policy.c: + Fix cut and pasto + [e002921c1d15] + + * plugins/sudoers/defaults.c, plugins/sudoers/logging.c: + Expand def_mailsub in the sudoers locale, not the user's. + [a4775f2fb385] + + * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sssd.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/visudo.c, src/error.c, src/exec.c, + src/exec_common.c, src/exec_pty.c, src/load_plugins.c, + src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/tgetpass.c: + Display warning/error messages in the user's locale. + [00a04165c0cf] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/iolog.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/timestamp.c: + Call gettext inside log_error et al instead of having the caller do + it. This way we can display any messages to the user in their own + locale but log in the sudoers local. + [286e0444f785] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/locale.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add simple locale switching to make it easy to switch from the + user's locale to the sudoers locale without making excessive + setlocale() calls when we don't need to. + [5c61582fdeee] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c: + Convert setlocale() to sudoers_setlocale() in the sudoers module. + This only converts existing uses, there are more places where we + need to sprinkle sudoers_setlocale() calls. + [8ee0cbf0d0a9] + + * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + audit_failure() now calls gettext itself using the sudoers locale. + [d77f1d78799a] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/plugin_error.c, src/error.c: + Add variants of warn/error and sudo_debug_printf that take a va_list + instead of a variable number of args. + [00392bdc063c] + + * INSTALL, doc/TROUBLESHOOTING: + Document Solaris 11 locale issues and workarounds. + [05f7d34af3ae] + + * Makefile.in, configure, configure.in: + Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 + locales. Make links from localdir/lang -> localdir/lang.UTF-8 + [5ca9326480e2] + +2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: + Do not inform the user that the command was not permitted by the + policy if they do not successfully authenticate. This is a + regression introduced in sudo 1.8.6. + [c1279df08bfb] + + * plugins/sudoers/Makefile.in: + Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup + the rpath in HP-UX SOM shared libraries for the LDAP libs. + [b07185657b42] + + * src/parse_args.c: + The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. + [22c73cbe3ff9] + +2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in: + Allow the user to specify and alternate libtool + [c9d6fc9521fd] + +2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: + Allow sudo to be build with sss support without also including ldap + support. From Stephane Graber. + [b992a80ebea1] + +2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Refactor policy plugin interface code from sudoers.c into policy.c + [393e62910b8a] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Refactor command_info setting into its own function. + [a952b948324c] + + * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, + plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Make interfaces pointer private to interfaces.c and add + get_interfaces() accessor. + [b69b9334ed3c] + +2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Make user_cwd const since it is either a string literal or passed in + from the front-end. + [90751b81e8bc] + + * configure, configure.in: + sudo 1.8.7 + [bf727adb8af0] + + * plugins/sudoers/sudoers.c: + Avoid nested strtok() calls. + [9d9f22ab52a9] + +2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: + Move expand_prompt() into its own source file for easier unit + testing. + [b419b48a436f] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/check.h, plugins/sudoers/sudoers.h, + plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: + Make check.c independent of the underlying timestamp implementation. + [895071bd6065] + + * plugins/sudoers/iolog_path.c: + Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. + [8ac38f02dd6d] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Use a list for the possible values of Tag_Spec with a minimal indent + to improve readability. In the pod version, these were =head3. Also + use .St -p1003.1 instead of just POSIX when talking about glob() and + fnmatch(). + [361a6f7a5c44] + +2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + sudo_ttyname_dev() is unused if there is no /proc or sysctl(). + [6598dbf81e16] + + * compat/mksiglist.c, compat/mksigname.c, + compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, + plugins/sample_group/plugin_test.c, + plugins/sudoers/regress/check_symbols/check_symbols.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: + Explicitly mark main() as public in executables to avoid an HP-UX ld + warning. + [72a40ce218be] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: + Remove grep from SEE ALSO section. + [c7cafee1621f] + + * common/alloc.c: + If vasprintf() fails, just use the errno it sets instead of assuming + ENOMEM. + [1be5bfdc0cab] + +2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Mention HP-UX pam.conf settings. + [8b8e745b49fd] + +2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, + plugins/sudoers/timestamp.h: + Split off timestamp functions into their own source file. + [d5833332511d] + +2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Mention how !foo is not the same as ALL,!foo + [51f8e470757d] + +2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Start commands in the background when I/O logging is enabled. We + can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) + which returns EINTR on signal instead of restarting automatically. + [83b1d59146f7] + + * src/exec_pty.c: + Handle SIGCONT_FG and SIGCONT_BG when converting signal number to + string in deliver_signal(). + [2cefea7a976e] + +2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Fix running commands that need the terminal in the background when + I/O logging is enabled. E.g. "sudo vi &". When the command is + foregrounded, it will now resume properly. + [0bc13a253429] + + * plugins/sudoers/match.c: + Add rudimentary support for name-based matching as a compile-time + option. This unsafe when used in conjunction with the '!' operator. + [f93bc8e6db15] + +2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, + plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: + Split out implementation-specific back end code out of pwutil.c into + pwutil_impl.c. This will allow the main pwutil code to be used for + lookup methods other than getpw* and getgr*. + [999c2dde60e4] + +2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.in: + sudo 1.8.6p3 + [97fef3d9ed65] + +2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/fixman.sh: + Don't use embedded newline when matching, use \n. This got expanded + at some point. Bug #573 + [6652f834b8f5] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Rename yyerror() to sudoerserror() to match yacc prefix changes. Not + really needed due to the #defines that yacc makes but it is less + confusing this way as the lexer calls sudoerserror(). + [a0577be6527d] + + * common/alloc.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/env.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/exec_common.c, src/parse_args.c, src/sudo.c: + No need to translate "unable to allocate memory" when we can just + use the system translation via strerror(). + [377499e5827c] + + * plugins/sudoers/sudoreplay.c: + Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not + all file systems support d_type. Bug #572 + [8b861c62945f] + + * plugins/sudoers/sudoreplay.c: + Avoid calling fclose(NULL) in the error path when we cannot open an + I/O log file. + [9401d5c4bb05] + +2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.in: + Sudo 1.8.6p2 + [6e32496280f2] + + * src/exec.c: + When setting the signal handler for SIGTSTP to the default value in + non-I/O log mode, store the old handler value for when we restore it + after resume. + [242628694e42] + + * plugins/sudoers/env.c: + Replace the guts of sudo_setenv_nodebug() with our old setenv.c + which supports non-standard BSD and glibc semantics. sudo_setenv() + now simply calls sudo_setenv2(). + [57ffb6c9efaa] + +2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document non-Unix group support in LDAP sudoers. + [33c89f3aeee6] + + * plugins/sudoers/ldap.c: + Enable non-Unix group support for LDAP sudoers. We now check for + non-Unix groups and netgroups with the same query in the second + pass. Bug #571 + [eb98fdff54d9] + +2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. + [cb6c0d93215e] + +2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention support for SUCCESS=return in /etc/nsswitch.conf + [ef1f35aa0863] + + * NEWS, configure, configure.in: + sudo 1.8.6p1 + [73a5e1f004b3] + +2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Avoid setting LOGNAME, USER and USERNAME variables twice when + set_logname is enabled. + [0de4f5fbd1d4] + + * plugins/sudoers/env.c: + Fix duplicate detection in sudo_putenv(), do not prune out the + variable we just set when overwriting an existing instance. Fixes + bug #570 + [854ee714c831] + + * plugins/sudoers/env.c: + Add some debuggging + [a25cd3305823] + +2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudo_nss.c: + Disable word wrap in list mode when stdout is a pipe to make "sudo + -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. + [65ade04511fd] + + * common/lbuf.c: + Print a trailing newline in lbuf_print() when there is not enough + space to do word wrapping and the lbuf does not end with a newline. + [c0200e19cd09] + + * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: + Add support for [SUCCESS=return] in nsswitch.conf; from Daniel + Kopecek + [5c480316e3ce] + + * MANIFEST: + Add sssd.c + [9cadd014ef97] + +2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, + plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, + src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: + regen .po files + [62423d4d143d] + + * MANIFEST, plugins/sudoers/po/vi.mo: + Add Vietnamese sudoers translation from translationproject.org + [33666a605525] + + * NEWS: + mention PIE + [05032e5304c6] + + * MANIFEST, plugins/sudoers/po/vi.po: + Add Vietnamese sudoers translation from translationproject.org + [015c2204bae2] + +2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, compat/Makefile.in, mkdep.pl: + Add missing signame dependency + [e493bfb01929] + + * src/exec.c, src/ttyname.c: + Silence compiler warnings. + [1c5374b66d9b] + + * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, + config.h.in, configure, configure.in, include/missing.h, mkdep.pl, + src/exec.c, src/exec_pty.c: + Replace strsigname() with sig2str(), emulating it as needed. + [1e348cca1fa6] + + * config.h.in, configure, configure.in, src/utmp.c: + Use fseeko() for legacy utmp handling if available. + [b4bbd8d2c0e9] + +2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/strsigname.c, config.h.in, configure, configure.in: + Detect sys_sigabbrev[] and use it in place of sys_signame[] if + present. For some reason glibc does not declare sys_sigabbrev so we + must add an extern definition of our own. + [b38f3fbd7078] + + * compat/strsignal.c, compat/strsigname.c: + Handle NULL entries in sys_siglist and sys_signame. + [a388959d9654] + + * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, + compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: + Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} + [711e41aba59a] + +2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + sync + [5a2522488754] + + * src/exec.c: + Pass on SIGTSTP to the command if it was sent by a user process (not + the kernel or the terminal) when we are not I/O logging and set the + default SIGTSTP handler when we re-send the signal to ourself, + restoring our handler after we resume. + [4259c47e31c0] + + * src/exec.c: + Shells typically change their process group when they start up so + that they can implement job control. Most well-behaved shells change + the pgrp back to its original value before suspending so we must not + try to restore in that case, lest we race with the child upon + resume, potentially stopping sudo with SIGTTOU while the command + continues to run. Some shells, such as pdksh, just suspend the shell + by sending SIGSTOP to themselves without restoring the pgrp. In this + case we need to change the pgrp back for them. Should fix bug #568 + [6ac6751ffd17] + +2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, compat/Makefile.in, compat/mksigname.c, + compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, + config.h.in, configure, configure.in, include/missing.h, mkdep.pl, + src/exec.c, src/exec_pty.c: + Use strsigname() to print signal names in the debug output. If the + system has no strsigname(), use our own. + [0735f18906b9] + +2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/testsudoers/test5.inc, + plugins/sudoers/regress/testsudoers/test5.sh: + Remove generated file and change path for temporary include file. + [4e9fa830c6b5] + + * plugins/sudoers/Makefile.in: + When running regress tests, list pass/fail rate for each dir + (testsudoers and visudo) instead of the total. Also prevent the + result files from clobbering each other by keeping them in the + relevant directories. + [6aac53baff7d] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Don't print an error message in yyerror() if open_sudoers() fails, + we've already printed an error message. Also restore the check for + sudoers_warnings in yyerror(). + [aa6036df5fb2] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Avoid printing the >>> parse error <<< message for testsudoers when + the -t flag is specified. + [76f3433c8992] + +2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c: + Fix NULL deref when an entry has no Runas_Entry + [4b14983ff6e7] + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [440e9c9b37de] + + * NEWS: + sync + [3142ba2dce60] + + * plugins/sudoers/check.c: + Correct the check_user() comment header. + [73da30308fff] + + * plugins/sudoers/auth/sudo_auth.c: + Change a log_fatal() into log_error() when no auth methods are + configured. The caller already checks the return value. + [05f5c39793a7] + + * plugins/sudoers/logging.c: + Add missing debug_return + [3a76bb7c2fe7] + +2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in: + Make the capitalization consistent for .Ss and .Sx + [5c5735ee4b2f] + + * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.mdoc.in: + Add COMMAND EXECUTION section that describes how sudo runs the + command, the extra sudo processes and signal handling. + [dff2d88e984e] + +2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Happy Easter + [4b9d697c6b83] + +2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/Makefile.in: + Don't echo the awk command when building siglist.in + [21daa72921e6] + + * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Cosmetic changes. + [19259528e9ad] + + * doc/Makefile.in: + The HISTORY, LICENSE and CONTRIBUTORS files are not longer + generated. + [ea6ac9e981e6] + + * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, + plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, + src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, + src/po/uk.po, src/po/vi.po: + Sync with translationproject.org and add Italian sudoers + translation. + [9276740aea59] + +2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand description of fqdn to talk about systems where the hosts + file is searched before DNS. + [4ee812ca6116] + +2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/Makefile.in: + For cat pages there is nothing to make unless DEVEL is set. + [fab4a5b68708] + + * configure, configure.in, doc/Makefile.in: + Always use mandoc to format cat pages and remove now-extraneous + nroff configure tests. + [5747f4ed5762] + + * pp: + sync polypkg from git + [89ddf6ea3e3f] + + * plugins/sudoers/sudoers.c: + Use AI_FQDN instead of AI_CANONNAME if available since "canonical" + is not always the same as "fully qualified". + [7c1d9c098386] + +2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.mdoc.in: + Fix some typos. Describe error messages not related to policy + permissions. + [f5ebf9030d85] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/visudo.c: + Add new check_defaults() function to check (but not update) the + Defaults entries. Visudo can now use this instead of update_defaults + to check all the defaults regardless instead of just the global + Defaults entries. + [3fa879ce1b65] + +2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Document sudoers log format. + [08998a7061ab] + + * NEWS: + Update for sudo 1.8.5p3 + [6e102a5d4e8d] + + * src/load_plugins.c: + Add missing check for I/O plugin API version when checking for the + presence of I/O plugin hooks. + [ef05c7eeaf81] + + * src/hooks.c: + Can't call debug code in the process_hooks_xxx functions() since + ctime() may look up the timezone via the TZ environment variable. + [2179fb26bd8e] + +2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_common.c, src/sesh.c, src/utmp.c: + Include signal.h before sudo_exec.h since it uses sigset_t * in the + fork_pty prototype. + [94fc0d859600] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Remove OPTIONS section; options now go inside DESCRIPTION + [a619fc58a746] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [44719d80bc06] + + * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, + src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: + Sync with translationproject.org and add new Slovenian translation. + [34b4b966bbac] + + * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Reduce the number of "internal error, foo overflow" messages that + need to be translated. + [93ffa2b3d53f] + + * NEWS: + Mention HP-UX reboot fix. + [1e39b5aa32ac] + + * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, + doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, + plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: + Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers + data source. From Daniel Kopecek and Pavel Brezina. + [3f85e95d6928] + +2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_conf.c, src/load_plugins.c: + If sudo.conf contains an I/O plugin but no policy plugin, use + sudoers for the policy plugin. If a policy plugin is specified + without an I/O plugin, only the policy plugin will be loaded. + [ea192df2439d] + + * doc/Makefile.in, doc/sudoers.man.in: + Do not modify the .Os section when building the .man.in file from + .mdoc.in. + [a9f9628e147f] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Add a note about wildcards matching multiple words and include an + example. Also mention that for sudoedit, a wildcard in command line + args does not match a slash. + [fcb9fbac14e0] + +2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c, src/sudo_exec.h: + Fix a comment, update a variable name in a prototype; all cosmetic. + [e89f10cbd6e1] + + * plugins/sudoers/iolog.c: + Cast 2nd argument of lseek() to off_t if it is a constant for + systems with 64-bit off_t but without a proper lseek() prototype. + [d8779da135d0] + + * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/visudo.c: + Fix some warnings from clang checker-267 + [1e44ef7860b5] + + * plugins/sample/sample_plugin.c: + Fix memory leak found by clang checker-267 + [f8a43617fdfb] + +2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: + If we receive a signal from the command we executed, do not forward + it back to the command. This fixes a problem with BSD-derived + versions of the reboot command which send SIGTERM to all other + processes, including the sudo process. Sudo would then deliver + SIGTERM to reboot which would die before calling the reboot() system + call, effectively leaving the system in single user mode. + [4ffab9ab9e98] + +2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/fixman.sh, doc/fixmdoc.sh: + Remove section about Solaris 10 on other systems. Add missing + sudoers.man.in bit to fixman.sh. + [176559199ba7] + +2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: + Expand section on Solaris privileges. + [3a1bfa2f1743] + + * NEWS: + Expand a bit on the Solaris priv set changes. + [bffb78b4a520] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + The second argument to init_parser() is now bool. + [fb727a4fb651] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Fix printing of parse error message to stderr. + [dea6b420b84f] + + * plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: + If a command matches using an empty Runas_List (i.e. Runas_List is + present but empty) and the -u option was not specified, set runas_pw + to user_pw instead of using runas_default. This is intended to be + used in conjunction with the Solaris Privilege Set support for rules + that grant privileges without changing the user. + [e84a081f3c11] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: + Add support for parsing an empty Runas_List, which only allows the + command to be run as the invoking user. This can be used in + conjunction with the Solaris Privilege Set support to grant + privileges without changing the user. + [dc34373792fc] + +2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/fixman.sh: + Fix HP-UX, just use ".TH name section" like the vendor manuals. + [559738237c92] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix compilation on Solaris + [2d310302207c] + + * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, + doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, + doc/sudoers.mdoc.sh: + Generate a sed script file when munging *.mdoc or *.man instead of + passing sed expressions on the command line. Older seds do not + support \n in a replacement so generate and run a sed script + instead. + [0bcce3f1ca18] + + * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, + doc/visudo.man.in: + Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" + [fe0f10b63776] + +2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + When checking whether a signal is user-generated, compare si_code + against SI_USER instead of <= 0 since on HP-UX, terminal-related + signals get a code of 0. + [4e9021243343] + + * src/sudo.c: + SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX + interchangably. This causes problems when setting RLIMIT_NPROC to + RLIM_INFINITY due to a bug in bash where bash tries to honor the + value of _SC_CHILD_MAX but treats a value of -1 as an error, and + uses a default value of 32 instead. + + Previously, we just checked RLIMIT_NPROC and, if it was unlimited, + restored the previous value of RLIMIT_NPROC. However, that makes it + impossible to set nproc to unlimited. We now only restore the nproc + resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, + pam_limits will set RLIMIT_NPROC for us. + [cb71cc8d0b08] + +2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Active Directory apparently requires that tenths of a second be + present in a date so append .0 to the "now" value in the time + filter. Also remove space for the global AND from TIMEFILTER_LENGTH + since it was not being used consistently. Buffers of + TIMEFILTER_LENGTH now need to account for the terminating NUL byte. + [d28619ff6e45] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix SELinux build + [cc0d1f4e851b] + +2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they + were not being kept in sync. + [fc3ad1847cb1] + + * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, + doc/license.pod: + Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they + were not being kept in sync. + [950363dffe3a] + +2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Fix printing of the permission denied message to standard error when + a user is not allowed to run a command. This got broken by the + recent logging changes. + [b7af63da3ca1] + + * plugins/sudoers/sudoers_version.h: + Bump grammar version for Solaris privs. + [2a2baf024477] + + * doc/schema.ActiveDirectory: + Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder + were added. From David Hicks. + [3fc432a8edb4] + +2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Remove lex.yy.c when building toke.c + [72bb9e62b289] + + * doc/Makefile.in: + Fix building docs in a build dir. + [7a6f435af022] + + * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.pod, doc/visudo.pod: + Remove pod versions of the manual; we now use mdoc. + [5c967d2dd5db] + + * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, + doc/sudoers.man.sh, doc/sudoers.mdoc.sh: + Add post-processing scripts to strip out login class, BSD auth, + SELinux and privilege set bits when they are not supported. + [d0d51f72f597] + + * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, + doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: + Merge in Solaris privilege support by Darren Moffat and John + Zolnowsky + [3aa0a64f2f5c] + +2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/contributors.pod: + Sync with CONTRIBUTORS file + [9a0852306ad9] + + * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.man.in: + Regen .man.in files with my private mandoc. + [dc3c9fc449eb] + + * doc/Makefile.in: + add MANDOC variable + [35527e66afc5] + +2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: + Regen .man.in files with hacked mandoc to avoid issues with historic + nroff. + [d45cfa7d665f] + +2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.mdoc.in, doc/sudoers.mdoc.in: + Fix groff warnings. + [111d522ca807] + + * doc/Makefile.in: + Fix dependencies for .man.in files. + [aefeffe1af2b] + + * .hgignore: + Add doc/*.mdoc to ignore file + [1e4de6ef2ad8] + + * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.mdoc.in: + Build .man.in and .cat files from .mdoc.in files. Add new --with-man + and --with-mdoc configure options. + [c963fd7e8f80] + +2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, + doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: + Sudo manuals formatted in mdoc, to replace the pod versions. + [e6dca4030451] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: + More minor costmetic fixes. + [a7287a68385a] + +2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Minor cosmetic fixes. + [9c48bdaf3946] + +2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: + Use "a password is required" instead of "password required" when the + -n flag is used and we need to read a password. + [a3c30fc41648] + +2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention logging changes. + [8238fd6e02e8] + + * plugins/sudoers/po/sudoers.pot: + regen + [e2cf634ba63b] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that other mail_* flags have precedence over mail_badpass. + [9f4cc9188f40] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Move log_denial() calls and logic to log_failure(). Move + authentication failure logging to log_auth_failure(). Both of these + call audit_failure() for us. + + This subtly changes logging for commands that are denied by sudoers + but where the user failed to enter the correct password. Previously, + these would be logged as "N incorrect password attempts" but now are + logged as "command not allowed". Fixes bug #563 + [cad35f0b3ad7] + +2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/aix.c: + Do not set a resource limit to zero when we are unable to fetch a + value from /etc/security/limits. + [62bfb0a7895e] + +2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Add "Provides: sudo" to debian sudo-ldap package + [beb8afa0beb2] + +2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, zlib/Makefile.in: + Define NO_VIZ for zlib when gcc doesn't support symbol visibility + attributes. + [9fdcbf526386] + + * configure, configure.in: + Use the autoconf cache when checking for symbol export control + support. + [03c2cce8711f] + + * INSTALL, common/Makefile.in, compat/Makefile.in, configure, + configure.in, mkpkg, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in: + Add configure check for building PIE executables instead of doing it + in mkpkg. + [02b5b78ef258] + + * sudo.pp: + MacOS pp backend doesn't like modes longer than 4 characters. + [01b49022bf01] + +2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding + -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool + will strip -fstack-protector from the linker flags and we always + link with libtool. + [0a0a0250ac2b] + +2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Regen for sudo 1.8.6 + [1657ee28b496] + + * NEWS, doc/sudoers.ldap.pod: + Document improved Tivoli Directory Server support. + [fb411edf4687] + + * config.h.in, configure, configure.in, plugins/sudoers/ldap.c: + Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf + option to specify Tivoli key db password. Allow TLS ciphers to be + configured for Tivoli. + [737e17c91e60] + +2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Tivoli Directory Server 6.3 libs always return a (bogus) error when + setting LDAP_OPT_CONNECT_TIMEOUT. + [504406637c38] + + * NEWS: + Update + [687a755604e8] + + * plugins/sudoers/ldap.c: + Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the + same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a + set an ldap option fatal. + [17cf93ae3304] + +2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Zero pointers in sudo_user struct after freeing, just in case. + [8eff1f80b943] + + * plugins/sudoers/sudoers.c: + Free user_gids in close function if it has not already been freed. + [cbce28877f37] + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Defer group ID to name resolution until we actually need it. + [463e75b81e89] + + * src/sudo.c: + It is safe to read in sudo.conf before calling user_info(). + [3290b6434e3c] + + * plugins/sudoers/env.c, plugins/sudoers/ldap.c: + Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to + prevent potential truncation. Bug #562. + [29d9fc4e0c4e] + +2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + If installing with installp, error out if there is already an + instance of the rpm package installed. + [ec24c6faba22] + + * mkpkg: + Add --disable-nls for AIX + [192ac2f7d65e] + +2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Debian sudo-ldap packages should now depend on libldap-2.4-2, not + libldap2. + [cbcec71e6b58] + +2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Add Homepage and Bugs to debian control file. + [0f19d7d14e66] + +2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + fix typo when setting aix_freeware + [2fd6feb50195] + + * common/Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Don't run regress tests or sudoers sanity check (using the newly- + built visudo) when cross compiling. Bug #560 + [0c4e3f68b2f5] + + * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, + plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.exp, + plugins/sample_group/sample_group.map, + plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, + plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, + plugins/system_group/system_group.exp, + plugins/system_group/system_group.map, + plugins/system_group/system_group.sym: + Rename foo.sym -> foo.exp Remove foo.map from the repo and generate + it on demand Use a loader option file for HP-UX ld to explicitly + export symbols + [2402ff5302ab] + + * src/Makefile.in: + Remove extraneous backslash + [8ca054de138c] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Don't check for errorx as an exported symbols as it is now a macro. + Check for user_in_group() instead. + [7b02c8ecd3ea] + +2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Adjust ld map file support to use an anonymous scope to match the + updated .map files. + [49be44282d9e] + +2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, include/gettext.h: + Older versions of Solaris lack ngettext() + [028af10dfa5f] + + * configure, configure.in: + Move the check for -static-libgcc until after AC_LANG_WERROR has + been called and use AX_CHECK_COMPILE_FLAG(). + [a7b09120e7ff] + + * include/gettext.h: + Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H + [3aa2780d4a4e] + + * include/error.h, include/sudo_debug.h: + Fix gcc 2.x variant macro support. + [8e71c2370997] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: + Fix compilation on gcc 2.95 and other compilers that only allow + variable declarations at the beginning of a block. + [9d80c802bb46] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Link check_symbols with SUDO_LIBS to make sure we link with the + requisite libraries to successfully dlopen sudoers.so. This is + needed on HP-UX where a program dlopen()ing a shared object that + uses pthreads must also be linked with pthreads (and HP-UX LDAP uses + pthreads). + [b8961cd82337] + + * plugins/sudoers/regress/check_symbols/check_symbols.c: + Add check for exported local symbols. This will cause a "make check" + failure on systems where we don't support symbol hiding. + [8aa549389bb1] + + * configure, configure.in: + Additional ${foo} -> $(foo) Makefile tweaks. + [046bbde18f52] + + * plugins/sample/sample_plugin.map, + plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, + plugins/system_group/system_group.map: + No need to provide a name for the scope in the map file since we + don't use the it for versioning. + [5ed4b997560d] + +2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/check_symbols/check_symbols.c: + Add regress test for symbol visibility. + [9adddd4e0518] + +2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.in: + sudo 1.8.6 + [57008a7afb77] + + * configure, configure.in, include/missing.h: + Add support for controlling symbol visibility using the HP and + Solaris C compilers. + [46d5b468979e] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/sudoers.h: + Use the expanded io log dir when updating the sequence number. + Includes a workaround for older versions of sudo where the sequence + number was stored in the unexpanded io log dir. + [210797dab9a8] + +2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/parse_args.c: + Simplify "sudo -s" argv rewriting. + [7be143dae7c5] + + * MANIFEST, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, + src/sudo_noexec.map: + Don't use a map file for sudo_noexec.so since Solaris ld doesn't + allow '*' in the global section. The libtool export flag is now + added to LT_LDFLAGS instead of commenting/uncommenting lines. + [38fc37a66b04] + +2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, include/missing.h: + The visibility attribute was actually added in gcc 3.3.x, not 4.0. + Just assume that if -fvisibility=hidden works that the attribute is + usable. + [d3904d6faf14] + + * plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, + plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, + plugins/system_group/system_group.c: + Export group cache from sudoers.so for system_group.so to use. + [16695d207fc5] + + * MANIFEST, configure, configure.in, include/missing.h, + plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, + plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, + plugins/system_group/system_group.map, src/sudo_noexec.c, + src/sudo_noexec.map: + Use gcc's visibility attribute to specify when symbols are visible + or hidden, if available. If not available, use an ELF version script + if it is supported. If all else fails, fall back to using libtool's + -export-symbols. + [64e889921727] + +2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Add mode for installed locale files but leave the directories with + default mode and owner. + [142237dbb31f] + +2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, sudo.pp: + Install AIX packages under /opt/freeware with links in /usr/bin and + /usr/sbin. This matches the layout of the sudo package from AIX + freeware. + [0b79d47bbe01] + + * Makefile.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: + Install shared objects with mode 0644 except on HP-UX which needs + the executable bit set. + [ae416af0ba6c] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Make installed file modes consistent with the file modes in the sudo + package. + [307386373289] + +2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod: + Add "%:" prefix when talking about QAS non-Unix group support. + [7cb25f6861f8] + + * pp, sudo.pp: + Fix packaging of symbolic links on HP-UX when the link source + already exists in the filesystem. + [c9bb48031596] + + * mkpkg: + Only specify prefix if we are overriding the default value. Fixes + the man dir (/usr/local/man vs. /usr/local/share/man). + [65351b6c1697] + + * sudo.pp: + Fix setting of sudoedit_man variable. + [9beed9ae5bba] + + * doc/Makefile.in: + Echo the command when linking the sudoedit manual. + [6c83b5657b55] + +2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, sudo.pp: + Build .deb packages with selinux support. + [3fd9cb1b4526] + +2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Don't list paths for unstripped binaries in the lintial overrides. + [4c8e16f1773b] + + * pp: + Add support for Installed-Size header in control file, required by + newer debian versions. + [e97d76234bee] + + * pp: + Fix extended description in .deb files. + [d35e27ace146] + + * sudo.pp: + Add Depends, Replaces and Conflicts headers for .deb packages. + [76eb6c4b3278] + +2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudo_nss.c: + If there are no privs to print, write the message to the lbuf + instead of printing it directly. + [ecd56226abb7] + +2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Set -e in %pos and %preun for debian to quiet a lintian warning. + [8bb908514df9] + + * doc/Makefile.in, src/Makefile.in, sudo.pp: + Install sudoedit and the sudoedit manual as symbolic links, not hard + links and package them as such. + [f317ff3cf3e7] + + * sudo.pp: + Make sudo binary permissions 755 instead of 111 Add lintian + overrides file for .deb files. + [991cd7d7f0e1] + + * configure, configure.in, doc/Makefile.in, mkpkg: + Replace out of date MAN_POSTINSTALL with MANCOMPRESS and + MANCOMPRESSEXT which can be used to compress the installed manual + pages. Compress the man pages for .deb files to appease lintian. + [4e34083b41d2] + + * sudo.pp: + Debian fixes: + * fix modes to be more in line with what Debian expects + * add section + * install LICENSE as copyright and ChangeLog as changelog + * create stub changelog.debian + [7f6c5647f588] + + * pp: + Fix find command to properly skip files in the DEBIAN dir when + building md5sums. + [8918bde941fa] + + * pp, sudo.pp: + Use a debian-compliant package maintainer field. + [fc51a94170eb] + +2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + No need to loop over atomic_writev(), it guarantees to write all + data or return an error. + + Fix handling of stdout/stderr that contains "\r\n" and handle a + "\r\n" pair that spans a buffer. + [8aaf02d90c45] + +2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for sudo 1.8.5p2 + [d369d4d40a19] + + * plugins/sudoers/sudoreplay.c: + Instead of doing extra write()s when replaying stdout, build up a + vector for writev() instead. This results in far fewer system calls. + [303d866c025c] + +2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/env_hooks.c, src/sudo.h, src/tgetpass.c: + Provide unhooked version of getenv() and use it when looking up + DISPLAY and SUDO_ASKPASS in the environment. + [04dbdccf4a14] + +2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + When replaying a log of stdout or stderr, do newline to carriage + return + linefeed conversion. We cannot have termios do this for us + since we've disabled output postprocessing (POST) when setting raw + mode. + [61352a7d996f] + +2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + When checking for -fstack-protector, treat warnings as fatal errors. + [4124cd12d511] + +2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix test for -z relro + [548bdb6f5c4a] + + * MANIFEST: + Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 + [ed063264a2a1] + + * INSTALL, aclocal.m4, configure, configure.in, + m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: + Build with -fstack-protector and link with -zrelo where supported. + Added --disable-hardening option to disable hardening options. + [0b6c1a1ceb03] + +2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/testsudoers/test4.out.ok, + plugins/sudoers/regress/testsudoers/test4.sh, + plugins/sudoers/regress/testsudoers/test5.inc, + plugins/sudoers/regress/testsudoers/test5.out.ok, + plugins/sudoers/regress/testsudoers/test5.sh, + plugins/sudoers/testsudoers.c: + Add tests for sudoers mode, owner and group checks. + [a7607443aba0] + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + If sudoers_mode is group-readable but the actual sudoers file is + not, open the file as uid 0, not uid 1. This fixes a problem when + sudoers has a more restrictive mode than what sudo expects to find. + In older versions, sudo would silently chmod the file to add the + group-readable bit. + [c056b6003e6f] + + * INSTALL, common/secure_path.c, config.h.in, configure, configure.in: + No longer throw an error if sudoers is a symbolic link. Deprecated + the --with-stow option as that is now (effectively) the default. + [8ce783e54886] + +2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test2.inc, + plugins/sudoers/regress/testsudoers/test2.out.ok, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.d/root, + plugins/sudoers/regress/testsudoers/test3.out.ok, + plugins/sudoers/regress/testsudoers/test3.sh: + Add basic tests for #include and #includedir + [b303e4218951] + + * plugins/sudoers/testsudoers.c: + Add -U sudoers_uid option to testsudoers. + [3f8ed13501ba] + +2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, configure, configure.in: + Update for 1.8.5p1 + [c33c49bf5b4b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix #includedir; from Mike Frysinger + [d4833d4e39a0] + + * plugins/sudoers/check.c: + Don't prompt for a password if the user is in the exempt group, is + root, or is running the command as themselves even if the -k option + was specified. This makes "sudo -k command" consistent with the + behavior one would get if the user ran "sudo -k" immediately before + running the command. + [632b3961df00] + +2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Fix capitalization + [7258aa977caf] + + * mkpkg: + Build PIE executable on Mac OS X 10.5 and above. + [2a5c7ef92182] + +2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for sudo 1.8.4p5 + [21164f508b68] + + * plugins/sudoers/match_addr.c: + Add missing break between AF_INET and AF_INET6 in + addr_matches_if_netmask() + [672a4793931a] + + * plugins/sudoers/mon_systrace.c: + Move systrace monitor code to the attic + [d6faf4754e9c] + +2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + The pointer to the siginfo_t struct in a signal handler may be NULL. + [41a4ee934b53] + +2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c: + Fix an alignment problem on NetBSD systems with a 64-bit time_t and + strict alignment. Based on a patch from Martin Husemann. + [1e5ba3c18f17] + + * include/missing.h: + Add offsetof macro for those without it. + [e44cb51d2587] + + * MANIFEST: + add system_group plugin + [6169793b510c] + +2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/dlopen.c: + Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. + [85bd03bc5d94] + +2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention system_group plugin + [05393dd4bdb8] + + * Makefile.in, plugins/sudoers/Makefile.in, + plugins/system_group/Makefile.in: + update depends + [6feb0b824fc4] + + * plugins/system_group/system_group.c: + Only call gr_delref() when use sudo's password caching functions. + [1103442e21fa] + + * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: + Add missing dependency on libreplace.la + [05bfd9d4657f] + + * compat/dlopen.c: + Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and + PROG_HANDLE. + [2382d0693acc] + + * Makefile.in, configure, configure.in, + plugins/system_group/Makefile.in, + plugins/system_group/system_group.c, + plugins/system_group/system_group.sym: + Add group plugin that does lookups by name using the system group + database. + [2ddbb604112f] + + * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, + src/po/pl.po: + sync with translationproject.org + [4ef05df4226d] + +2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [115c3f828fc5] + +2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Add mode for docdir and use '-' (default) for localedir mode. Fixes + a problem on Linux when building in a directory with the setgid bit + set. + [582279c8bcb1] + +2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Match CentOS 6.0 + [1e99ef210f98] + +2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update with recent changes + [c5fc220ba696] + + * pp: + Fix version check on AIX + [d272e39112f4] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [72b23509465a] + + * plugins/sudoers/ldap.c: + Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP + SDK. + [87b685e70b9a] + + * plugins/sudoers/ldap.c: + Fix printing of invalid uri + [645aa53acdde] + + * plugins/sudoers/auth/pam.c: + Pass PAM_SILENT when deleting creds to remove an annoying warning + message on Solaris. + [1dd0301ef293] + +2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/utmp.c: + Fix the setutxent and endutxent compatibility defines (this time + correctly) when only setutent and endutent are available. + [d136d2867db9] + + * plugins/sudoers/ldap.c: + sudo_ldap_set_options_global() should not take an LDAP handle as an + argument since the options affect the global settings. + [1dc39b9d20f2] + + * mkpkg: + Debian sudo has not been built with --with-exempt=sudo since 1.6.8. + [c7716291a856] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, + src/sudo.h: + Call the policy's init_session() function before we fork the child. + That way, the session is created and destroyed in the same process, + which is needed by some modules, such as pam_mount. + [ece552ba002e] + + * doc/TROUBLESHOOTING: + Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is + not specified. + [bd293e100b28] + + * plugins/sudoers/auth/pam.c: + Delete creds after closing the PAM session. + [5158d726d6a5] + + * plugins/sudoers/ldap.c: + Provide a more useful error message if using a Mozilla-style LDAP + SDK and you forgot to specify TLS_CERT in ldap.conf. + [7cb78feb899c] + + * src/exec_pty.c: + Add missing initialization of a sigaction structure when I/O + logging. Fixes a potential problem when suspending the command. + [f4480f2ba816] + + * plugins/sudoers/ldap.c: + Split global and per-connection LDAP options into separate arrays. + Set global LDAP options before calling ldap_initialize() or + ldap_init(). After we have an LDAP handle, set the per-connection + options. Fixes a problem with OpenLDAP using the nss crypto backend; + bug #342 + [265c9d2dc12b] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, + src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [6d7fe44be21e] + +2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c, src/sudo.h: + Move struct passwd pointer into struct command details. + [d6fb1eff2065] + +2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Sync with upstream for Mac OS X (and other) fixes. + [c2f4998d01b0] + + * mkpkg: + Only built Mac intel universal binary on an intel machine. + [0009e0b7e5a8] + + * src/Makefile.in: + Do not pass libtool the -static-libtool-libs option when building + sudo and sesh. Otherwise, libtool may prefer a static version of an + installed library over a dynamic one when linking. + [6fbac9adc885] + +2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, + plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: + Add German translation for sudo Add Croatian translation for sudoers + [fa4da1a6530c] + + * plugins/sudoers/iolog.c: + typo fix in comment + [abd721d1288e] + +2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update with recent changes + [6fa11e8448b9] + + * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Sort xgettext output by file name. + [f650841810f0] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Clarify what "sudoreplay -l" displays and mention that it is sorted. + [84031c117bd6] + + * config.h.in, configure, configure.in, src/ttyname.c: + Use AC_HEADER_MAJOR to determine where major/minor are defined. + [3c949650a223] + + * config.h.in, configure, configure.in, src/ttyname.c: + Include sys/mkdev.h if present instead of sys/sysmacros.h for + minor(). This is needed on Solaris (at least) where the makedev + macros in sysmacros.h are obsolete and library functions should be + used instead. + [343928acf81e] + + * mkpkg: + When building on Mac OS X, only set SDK_FLAGS if specified osversion + doesn't match host. + [d84c6efac872] + +2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Add back buf and tty variables for _ttyname() case that were + inadvertantly removed. + [a4a820b22a44] + +2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + regen + [5446b12c1250] + + * configure, configure.in: + Remove b8 from version number. + [5adc4dcec061] + + * src/ttyname.c: + remove some XXX + [187579a5f593] + + * src/ttyname.c: + When looking for a device match, do a breadth-first search instead + of depth-first. We already special case /dev/pts/ so chances are + good that if it is not a pseudo-tty it is in the base of /dev/. Also + avoid a stat(2) when possible if struct dirent has d_type. + [0183f8a1b278] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/sudo.c, src/sudo.h: + Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. + [f0574d878491] + + * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, + src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, + src/po/vi.mo: + sync with translationproject.org + [4527ea78fbd5] + + * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, + src/po/hr.mo, src/po/hr.po: + New Croatian and Galician translations from translationproject.org + [ad4bd924b4de] + + * src/ttyname.c: + Add depth-first traversal of /dev/ for the /proc case when not + /dev/pts/N + [499bd3456774] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: + If struct dirent has d_type, use it to avoid an extra stat(). + [741dabbe4bcd] + + * plugins/sudoers/sudoreplay.c: + Sort output of "sudoreplay -l" + [c0615795bd4b] + +2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Fix duplicate free introduced in last rev + [efdaabe69d75] + +2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Instead of treating ^C from tgetpass() specially, always return + AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL + like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. + [a3b17298d4d0] + + * config.h.in, configure, configure.in, src/ttyname.c: + Rototill code to determine the tty. For Linux, we now look up the + tty device in /proc/pid/stat instead of trying to open + /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given + device number to a string. On BSD, we can use devname(). On Solaris, + _ttyname_dev() does what we want. TODO: write /dev/ traversal code + for the generic sudo_ttyname_dev(). + [6b22be4d09f0] + +2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/ttyname.c: + Define PRNODEV for those w/o it. + [f17290e64559] + + * config.h.in, configure, configure.in, src/ttyname.c: + Check for SVR4-style struct psinfo.pr_ttydev and use that to + determine the tty if std{in,out,err} are not ttys. + [76ad33a91f4b] + + * src/ttyname.c: + Better support for SVR4-style /proc entries where we can't use + ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, + attempt to map the device number back to the correct pseudo-tty + slave device. + [4f9f48cc79eb] + + * src/ttyname.c: + When trying to determine the tty name, check parent's stderr in + addition to its stdin and stdout. + [604644056c7d] + + * src/exec_pty.c: + Treat a tty read failure like EOF as it usually means the pty has + gone away. Handle write() on the tty returning EIO. + [16957f4a706f] + + * src/exec.c, src/exec_pty.c: + Linux select() may return ENOMEM if there is a kernel resource + shortage. Older Solaris select() may return EIO instead of EBADF + when the tty goes away. If we get an unhandled select() failure, + kill the child and exit cleanly. + [d93940a311ab] + + * src/ttyname.c: + Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might + block in open. + [a9f809d09d52] + +2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Fix restoration of AIX permissions. + [30c717115988] + + * src/parse_args.c: + Allow the -k flag to be used along with the -i and -s flags. + [0653b17c97f1] + + * plugins/sudoers/sudoreplay.c: + Plug memory leak in parse_logfile() in the error path. + [9cce86fa833b] + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, + src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, + src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [14af43d0b170] + +2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, plugins/sudoers/match.c: + Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the + glob() and fnmatch() results to be consistent. + [4226750d73c2] + +2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, + src/ttysize.c: + Move ttysize.c to common so sudoreplay can use it. + [b4a0aa514cd4] + + * plugins/sudoers/sudoreplay.c: + If I/O log file includes rows + cols, warn if the user's tty is not + big enough. + [b980ef89efff] + + * plugins/sudoers/sudoreplay.c: + Fix printing of TSID in "sudoreplay -l" + [4221e3e108b4] + + * common/sudo_debug.c, include/sudo_debug.h, + plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c: + Log the process id in the debug file output. Since we don't want to + keep calling getpid(), stash the value at init time and when we + fork(). + [2782d30c024d] + + * src/exec_pty.c: + Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It + is better to receive EIO from read()/write() than to be suspended + when we don't expect it. Fixes a problem when our terminal is + revoked which can happen when, e.g. our sshd is killed + unceremoniously. Also, only change the value of "alive" from true to + false, never from false to true. It is possible for us to receive + notification of the child having stopped after it is already dead. + This does not mean it has risen from the grave. + [26c9fe8ce0f9] + + * src/exec_pty.c: + Distinguish between signals we received from the parent vs. those + delivered explicitly to the monitor process in debugging info. + [40716cb180e5] + +2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". + Update tty_is_devpts() to match so we can determine when the tty has + been reused. + [2689665df027] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h: + Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() + and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. + This allows consumers of sudo_debug_printf() to log that data + without having to specify it manually. + [7c94c4879208] + + * src/exec_pty.c: + Make this compile after last change. + [ee09034f3266] + + * src/exec_pty.c: + Don't try to restore the terminal if we are not the foreground + process. Otherwise, we may be stopped by SIGTTOU when we try to + update the terminal settings when cleaning up. + [c48b24335456] + + * src/exec.c: + If select() return EBADF in the main event loop, one of the ttys + must have gone away so perform any I/O we can and close the bad fds. + [3bc8678c03ce] + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the + function, file and line number in the debug log for warning() and + error(). + [894cd131f11d] + +2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + src/conversation.c: + Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. + Use this flag when wrapping error() and warning() so the debug + output includes the error string. + [1e2c67adaf1f] + +2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for sudo 1.8.5 + [7d2b62b823fe] + + * plugins/sudoers/po/sudoers.pot: + regen + [718ad9de92cd] + + * doc/CONTRIBUTORS: + sync + [f48013aea641] + + * plugins/sudoers/pwutil.c: + Use ecalloc() + [fabd23c1f271] + + * src/exec_pty.c: + Don't need zero_bytes() after ecalloc() + [1a9d95cd10ef] + + * config.h.in, configure, configure.in, src/sudo_noexec.c: + Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to + sudo_noexec.c. + [cbaa1d4b0f8a] + + * src/utmp.c: + Fix compat setutxent and endutxent macros for systems with + setutent() but not setutxent(). From Gustavo Zacarias + [d7ce622fc5f2] + +2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + Add ignore_result definition to AH_BOTTOM + [8d4096838a98] + + * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Fix compiler warnings on some platforms and provide a better method + of defeating gcc's warn_unused_result attribute. + [9a8f804fcc75] + + * configure, configure.in: + Fix building the builtin zlib from a build dir. When a zlib dir was + specified, prepend its include path instead of appending so we get + the right zlib headers. + [5f61d591b186] + + * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, + zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, + zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, + zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Update zlib to version 1.2.6 + [173c4bc4d4fc] + +2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + g/c __unused which is no longer used + [7ef3f23edcd6] + + * src/env_hooks.c: + Fix compilation if RTLD_NEXT is not defined. + [d5605f468b71] + + * src/po/sr.mo, src/po/sr.po: + sync with translationproject.org + [27d559f7985d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.man.in: + regen + [f9f63ce478b6] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [59035d82d15a] + + * Makefile.in: + Ignore Project-Id-Version when comparing pot files. + [22feb9ede46b] + + * plugins/sudoers/bsm_audit.c: + Use error() instead of log_fatal() + [54130bda4b50] + + * plugins/sudoers/env.c: + Fix signedness of didvar in env_update_didvar() + [77048a80b3e4] + + * plugins/sudoers/iolog.c: + Quiet a compiler warning on some platforms. + [8fdcaece0400] + + * compat/fnmatch.c: + cast ctype(3) function/macro arguments from char to unsigned char to + avoid potential negative subscripting. + [bdcf7eef21ef] + + * common/setgroups.c: + Quiet a warning on systems where the gids array in setgroups() is + not prototyped as being const, even though it really is. + [fdd758c6302d] + + * src/env_hooks.c: + Quiet a compiler warning on systems where the argument to putenv(3) + is const. + [51bae2193b53] + + * plugins/sudoers/sudoreplay.c: + Undo an incorrect int -> bool conversion. + [b9a4ce320f14] + + * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, + src/po/sv.mo, src/po/sv.po: + Add Swedish sudo and sudoers translations from + translationproject.org + [f7ce1de9073f] + + * plugins/sudoers/env.c: + No need to preserve ODMDIR on AIX now that we always read + /etc/environment. + [4aa04b2f0125] + +2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod, plugins/sudoers/env.c: + When initializing the environment for env_reset, start out with the + contents of /etc/environment on AIX and login.conf on BSD. + [5717bdc321e2] + + * doc/TROUBLESHOOTING, src/sudo.c: + If we are not running with an effective uid of 0, try to give the + user enough information to debug the problem. + [fa4894896d8a] + + * plugins/sudoers/getdate.c, plugins/sudoers/gram.c: + Quiet a clang-analyzer false positive. + [c4c0c1b9c8b0] + + * src/tgetpass.c: + If there is nothing to read from the askpass program, set errno to + EINTR. This makes the cancel button behave like the user entered ^C + at the password prompt when PAM is used. + [594302cb9caf] + + * src/sudo.h, src/tgetpass.c: + Fetch the value of "askpass" from the sudo conf struct. + [4593ee8f1bd3] + + * common/sudo_conf.c: + Fix matching of "Path askpass" and "Path noexec" + [4df28d62afb9] + +2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Quiet a clang-analyzer dead store warning. + [dd90bf385a3f] + + * plugins/sudoers/sudoers.c: + If the "timestampowner" user cannot be resolved, use ROOT_UID + instead of exiting with a fatal error. + [8d62aae99715] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/env.c, + plugins/sudoers/iolog.c, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Remove the NO_EXIT flag to log_error() and add a log_fatal() + function that exits and is marked no_return. Fixes false positives + from static analyzers and is easier for humans to read too. + [a0fe785c2a3d] + +2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, + src/po/eo.po: + sync with translationproject.org + [df5e8777de13] + +2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/po/da.mo, src/po/da.po: + sync with translationproject.org + [629d99548b78] + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + sync with translationproject.org + [9d122a2860d6] + +2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/po/it.mo, src/po/it.po: + sync with translationproject.org + [6397593b15cf] + + * common/sudo_conf.c, plugins/sudoers/alias.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, + src/load_plugins.c: + Use ecalloc() when allocating structs. + [8b5888868db2] + + * common/alloc.c, include/alloc.h: + Add ecalloc() and commented out recalloc(). Use inline strnlen() + instead of strlen() in estrndup(). + [7fb9aa46c1e0] + +2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, + src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, + src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + sync with translationproject.org + [45a032c37334] + +2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Remove unused label + [2660bb0c1313] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document what changed in each plugin API revision + [59b30a6fc4d1] + + * plugins/sudoers/set_perms.c: + Remove bogus optimization that could lead to a double free of the + group list. + [b0bfbd2a83a8] + +2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Expand AIX /etc/security/privcmds entry. + [9f3f072e034e] + + * NEWS: + Update for sudo 1.8.5 + [086049011f25] + + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Rename plugin "args" to "options" + [f25624951bd2] + + * doc/CONTRIBUTORS: + Add Lithuanian and Vietnamese translators + [2b4c075b69e3] + + * Makefile.in: + Ignore comments when comparing new and old pot files. + [f872999347b3] + + * src/Makefile.in: + regen + [c8193b1b11c7] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in: + regen + [15e3c17e8a3a] + + * doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, + src/sudo.c, src/sudo.h: + Pass a pointer to user_env in to the init_session policy plugin + function so session setup can modify the user environment as needed. + For PAM authentication, merge the PAM environment with the user + environment at init_session time. We no longer need to swap in the + user_env for environ during session init, nor do we need to disable + the env hooks at init_session time. + [3f5277b359d8] + + * plugins/sample/sample_plugin.c: + Add explicit NULL entries for init_session, register_hooks and + deregister_hooks with appropriate comments. + [727a57978b40] + + * compat/pw_dup.c: + Quiet a gcc "used uninitialized in this function" false positive. + [f14b68379ce9] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We should always call warning() with a format string or a string + literal. In this case, the argument (path) is not user-controlled. + [e9ef51224024] + +2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/selinux.c: + Include sudo_exec.h for the sudo_execve() prototype. + [769e58065edc] + + * config.h.in, configure, configure.in: + Add check for pam_getenvlist() + [36bde3f26c60] + + * common/sudo_conf.c: + Set args to NULL in default plugin info struct when there is no + Plugin line in sudo.conf. + [93ec67708f01] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [a9287677795c] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [a242769d7962] + + * configure, configure.in: + Bump version to 1.8.5 + [e8618f0c2505] + + * doc/sudo_plugin.pod: + Document hooks API + [e6ad07d27958] + +2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. + [fd72340042d3] + + * include/sudo_plugin.h: + Use sudo_hook_fn_t in struct sudo_hook. + [938f93112d6e] + + * doc/TROUBLESHOOTING: + If cross compiling, --host must include the OS in the tuple. E.g. + --host powerpc-unknown-linux + [b8c010070c1e] + +2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c: + Fix bogus int -> bool conversion; tags can have a value of -1. + [e63d6434a303] + + * plugins/sudoers/env.c: + Add env_should_keep() and env_should_delete() wrapper functions to + simplify things a bit and hide the fact that matches_env_check() is + not bool. + [7a03d7a12b50] + + * sudo.pp: + Fix application of debian-specific sudoers mods when building + packages as non-root. + [34bf4c52c425] + + * plugins/sudoers/env.c: + matches_env_check() returns int, not boolean + [0ad915b8d5cb] + + * src/sudo_edit.c: + Fix compilation when seteuid() is not available. + [8a722f998000] + + * src/ttyname.c: + Simply move the free of ki_proc outside the realloc() loop. + [217b786da760] + + * src/ttyname.c: + Bring back the erealloc() for the ENOMEM loop and just zero the + pointer after we free it. + [29a016e45127] + + * src/ttyname.c: + Don't try to erealloc() a potentially freed pointer; Mateusz Guzik + [266e08844065] + +2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Use normal error path if unable to set sudoers gid. + [01c816918c99] + + * plugins/sudoers/set_perms.c: + Make this work again on systems w/o seteuid(). + [2e67f7421e97] + +2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Fix compilation if no seteuid/setreuid/setresuid available. + [d0b3c1f88eb4] + + * plugins/sudoers/set_perms.c: + Better error messages, and added debugging throughout. Fixed + seteuid() version of set_perms()/restore_perms(). Fixed logic bug in + AIX version of restore_perms(). Added checks to avoid changing + uid/gid when we don't have to. Never set gid/uid state to -1, use + the old value instead. + [29188d469b5c] + + * src/exec_pty.c, src/ttyname.c: + Fix format string warning on Solaris with gcc 3.4.3. + [d1eeb6e1dd0f] + + * src/sudo.c: + Always declare environ now that we swap it around unilaterally. + [aaa3e92e7d0d] + + * src/Makefile.in: + Honor LDFLAGS when linking sesh; from Vita Cizek + [498b41438f6e] + + * src/sesh.c: + Include alloc.h for estrdup() prototype; from Vita Cizek + [93203655a320] + +2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Don't read /etc/environment on Linux when using PAM, PAM should set + the environment variables as needed via pam_env. + [b1ef62cb2d40] + + * INSTALL: + Fix editor goof. + [0c3dd3bb8b57] + + * src/hooks.c, src/sudo.c, src/sudo.h: + Disable environment hooks after we get user_env back to make sure a + plugin can't to modify user_env after we "own" it. This is kind of a + hack but we don't want the init_session plugin function to modify + user_env. + [8e6d119452a5] + + * src/hooks.c, src/sudo.c: + Add support for deregistering hooks. If an I/O log plugin fails to + initialize, deregister its hooks (if any). + [ac00c93900c5] + +2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook + setenv. + [e75469dd9908] + + * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, + compat/setenv.c, compat/unsetenv.c, config.h.in, configure, + configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, + plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, + src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Initial cut at a hooks implementation. The plugin can register hooks + for getenv, putenv, setenv and unsetenv. This makes it possible for + the plugin to trap changes to the environment made by authentication + methods such as PAM or BSD auth so that such changes are reflected + in the environment passed back to sudo for execve(). + [61cffa06f863] + +2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, src/po/vi.mo, src/po/vi.po: + Add Vietnamese sudo translation from translationproject.org + [96df426790d5] + +2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, + doc/sudoers.pod: + List sudo_noexec.so not noexec.so in the sample sudo.conf + [53844e190ec5] + + * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, + src/sudo_plugin_int.h: + Add support for plugin args at the end of a Plugin line in + sudo.conf. Bump the minor number accordingly and update the + documentation. A plugin must check the sudo front end's version + before using the plugin_args parameter since it is only supported + for API version 1.2 and higher. + [587f1f819536] + +2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + update depends + [6d2da44e11e5] + + * MANIFEST: + secure_path.c is in common, not compat + [619c4a663dde] + + * configure, configure.in: + Add check for variadic macro support in cpp. + [756854caf675] + +2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/secure_path.c, common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add type param to sudo_secure_path() and add sudo_secure_file() and + sudo_secure_dir() wrappers which get by #includedir in sudoers. + [2ec2d3d8df04] + +2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.pod, plugins/sudoers/visudo.c: + Check the owner and mode in -c (check) mode unless the -f option is + specified. Previously, the owner and mode were checked on the main + sudoers file when the -s (strict) option was given, but this was not + documented. + [b2d6ee1e547a] + + * config.h.in, configure, configure.in, src/ttyname.c: + Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions + of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. + [159f6a50456a] + +2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS: + Add Eric Lakin for patch in bug #538 + [490c29c234c6] + + * src/exec_pty.c: + Fix typo in safe_close() made while converting to debug framework + that prevented it from actually closing anything. + [a66422a62afd] + + * src/exec_pty.c: + Add some more debugging. + [b5667947dda9] + + * common/Makefile.in, compat/Makefile.in, doc/Makefile.in, + include/Makefile.in: + We need sysconfdir in compat/Makfile to get the proper sudo.conf + path. Add standard prefix and foodir expansion in all Makefiles to + avoid this problem in the future. + [62b6ce4ecae9] + +2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: + New Lithuanian sudoers translation from translationproject.org + [10436b649035] + + * plugins/sudoers/po/ja.po: + Update from translationproject.org + [acb8db5f8ef1] + +2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + When adding gids to the LDAP filter, only add the primary gid once. + This is consistent with the space computation/allocation. From Eric + Lakin + [35d9d99c92c6] + + * doc/TROUBLESHOOTING: + Add entry for AIX enhanced RBAC config. + [5e10b6f8def7] + + * mkpkg: + Target Mac OS X 10.5 when building packages. + [06fce9bbebee] + +2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/secure_path.c, + common/sudo_conf.c, include/secure_path.h, + plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: + Relax the user/group/mode checks on sudoers files. As long as the + file is owned by the right user, not world-writable and not writable + by a group other than the one specified at configure time (gid 0 by + default), the file is considered OK. Note that visudo will still set + the mode to the value specified at configure time. + [241174babfcc] + +2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Add AIX-specific version of permission setting code to make sure + that the saved uid gets restored properly. + [9a6f5d22c301] + + * config.h.in, configure, configure.in, src/exec_common.c: + Check for LD_PRELOAD variants in configure instead of checkign cpp + symbols. In disable_execute(), compute the length of the new envp + and allocate it once instead of reallocating on demand. Also append + old value of LD_PRELOAD (if any) to the new value. + [680266346917] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Fix the description of noexec. + [6a6d142f3c80] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + The "op" parameter to set_default() must be int, not bool since it + is set to '+' or '-' for list add and subtract. + [8da5b137bea2] + + * sudo.pp: + Make sure sudoers is writable before calling ed script. + [95352ab6336b] + +2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, doc/contributors.pod: + Update contributors. Now includes translators and authors of compat + code. + [4fb5b616b50a] + +2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/po/sudo.pot: + regen + [2c86e2c328fe] + + * pp, sudo.pp: + Build flat packages, not package bundles, on Mac OS X. + [57bda3cd5520] + +2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Move macos section to be with the other OS-specific sections. + [51423bb2973a] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: + Sync with translationproject.org + [8ce41cbb8da0] + + * configure, configure.in: + Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS + [fa979aa6fe7d] + + * sudo.pp: + Add Mac OS X support, printing the latest chunk of the NEWS file and + the license text in the installer. + [ffeab72387c0] + + * sudo.pp: + Add explicit file modes that match those used by "make install" + [7eb37242c920] + + * pp: + Sync with upstream for Mac OS X fixes. + [97cba179041e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Got back to using "install-sh -M" for files installed as non- + readable by owner. This fixes "make install" as non-root for package + building. + [967804ee77d6] + +2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Sync with translationproject.org + [0e53db12039a] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use -m not -M for install-sh for everything except setuid. Install + locale .mo files mode 0444, not 0644. If timedir parent doesn't + exist, use default dir mode, not 0700. + [8b6f64c92090] + +2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Re-sync with upstream; no longer need a local patch. + [97a2c7be5e59] + + * mkpkg: + Add support for building Mac OS X packages. + [94d49ac223a4] + + * pp: + Sync with upstream + [1c97654fc841] + + * src/Makefile.in: + No longer need to define _PATH_SUDO_CONF here. + [2560905b7482] + + * src/exec_common.c: + Fix noexec for Mac OS X. + [b7a744bca2c0] + +2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/Makefile.in: + Move _PATH_SUDO_CONF override to common to match sudo_debug.c + [f0788972a63a] + + * plugins/sudoers/set_perms.c: + More complete fix for LDR_PRELOAD on AIX. The addition of + set_perm(PERM_ROOT) before calling the nss open functions (needed to + avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective + and then real uid to 0 for PERM_ROOT works around the issue. + [5888eda051af] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [997fe403e219] + + * src/sudo.c: + Set real uid to root before calling sudo_edit() or run_command() so + that the monitor process is owned by root and not by the user. + Otherwise, on AIX at least, the monitor process shows up in ps as + belonging to the user (and can be killed by the user). + [d4772d7d2fc5] + + * plugins/sudoers/set_perms.c: + For PERM_ROOT when using setreuid(), only set the euid to 0 prior to + the call to setuid(0) if the current euid is non-zero. This + effectively restores the state of things prior to rev 7bfeb629fccb. + Fixes a problem on AIX where LDR_PRELOAD was not being honored for + the command being executed. + [b9b40325b4dc] + + * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, + include/missing.h, src/sudo.c: + Make a copy of the struct passwd in exec_setup() to make sure + nothing in the policy init modifies it. + [b721261c921f] + +2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod: + update copyright + [f9d229d1f65e] + + * common/sudo_debug.c, include/sudo_debug.h: + g/c now-unused debug subsystems + [8f21726e698f] + + * doc/sudo.pod, doc/sudoers.pod: + Enumerate the debug subsystems used by sudo and sudoers. + [ac4f84293d14] + +2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, + include/sudo_conf.h, src/sudo.c: + Normally, sudo disables core dumps while it is running. This + behavior can now be modified at run time with a line in sudo.conf + like "Set disable_coredumps false" + [ad14e0508b0d] + + * NEWS: + Mention Spanish translation + [600f3205bd6e] + + * common/sudo_debug.c: + Make sure we don't try to fall back to using the conversation + function for debugging in the main sudo process if we are unable to + open the debug file. + [ffa329aa908c] + + * MANIFEST, src/po/es.mo, src/po/es.po: + Add sudo Spanish translation from translationproject.org + [c1906654e740] + +2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Better debug subsystem usage + [1a31f115743c] + + * src/sudo.c: + Remove duplicate function prototypes + [ae04b00532eb] + +2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Error out if user specified --with-pam but we can't find the headers + or library. Also throw an error if the headers are present but the + library is not and vice versa. + [d6bf3e3d0aae] + +2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Fix the sudoers permission check when the expected sudoers mode is + owner-writable. + [8b0b7e770a22] + +2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Verify that we can link executables built with -D_FORTIFY_SOURCE + before using it. + [7578215d1a95] + + * src/exec_common.c: + Fix potential off-by-one when making a copy of the environment for + LD_PRELOAD insertion. Fixes bug #534 + [cc699cd551b6] + + * configure, configure.in: + Add rudimentary check for _FORTIFY_SOURCE support by checking for + __sprintf_chk, one of the functions used by gcc to support it. + [a992673d2ef8] + + * compat/stdbool.h, config.h.in, configure, configure.in: + Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. + [8ba1370884b3] + +2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen + [1e0b38397705] + +2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/sudo.c: + The change in 818e82ecbbfc that caused to exit when the monitor dies + created a race condition between the monitor exiting and the status + being read. All we really want to do is make sure that select() + notifies us that there is a status change when the monitor dies + unexpectedly so shutdown the socketpair connected to the monitor for + writing when it dies. That way we can still read the status that is + pending on the socket and select() on Linux will tell us that the fd + is ready. + [7fb5b30ea48d] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, + src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, + src/sudo_exec.h: + Refactor disable_execute() and my_execve() into exec_common.c for + use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of + disabling exec in exec_setup(), disable it immediately before + executing the command. Adapted from a diff by Arno Schuring. + [ec4d8b53db6b] + +2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure, configure.in: + Add custom version of AC_CHECK_LIB that uses the extra libs in the + cache value name. With this we no longer need to rely on a modified + version of autoconf. + [1c3b1d482d6c] + +2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Better handling of network functions that need -lsocket -lnsl + [cc386342ec2b] + + * src/sudo.c: + When setting up the execution environment, set groups before + gid/egid like sudo 1.7 did. + [928e1c5fa6c1] + + * configure, configure.in: + Remove "WARNING: unable to find foo() trying -lsocket -lnsl" + [84b23cdf138f] + + * plugins/sudoers/sudoers.c: + For "sudo -g" prepend the specified group ID to the beginning of the + groups list. This matches BSD convention where the effective gid is + the first entry in the group list. This is required on newer FreeBSD + where the effective gid is not tracked separately and thus + setgroups() changes the egid if this convention is not followed. + Fixes bug #532 + [782d6909108b] + +2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix sh warning; use "test" instead of "[" + [c6ee3407f65e] + + * src/exec.c: + When not logging I/O, use a signal handler that only forwards + SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. + Fixes a race in the non-I/O logging path where the command may + receive two keyboard-generated signals; one from the kernel and one + from the sudo process. + [9638684e786a] + + * src/exec.c: + Back out change that put the command in its own pgrp when not + logging I/O. It causes problems with pipelines. + [4fc9c6e1e770] + +2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/Makefile.in, configure, configure.in: + Only run compat regress tests on compat objects we actually build. + Fixes "make check" in the compat dir for systems that don't + implement character classes in fnmatch() or glob(). Bug #531 + [a7addc305e83] + +2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Update po files from translationproject.org + [5ea066af1356] + +2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Include parent directories in case they don't already exist. This + fixes a directory permissions problem with the AIX package when the + /usr/local directories don't already exist. + [a14f783dc827] + + * pp: + sync with git version + [2f79d0543661] + + * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: + regen dependencies + [24c92ca6c64d] + + * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: + Move tty name lookup code to its own file. + [58faf072cbf4] + +2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update with latest sudo 1.8.4 changes. + [a4ffe4f42528] + + * config.h.in, configure, configure.in: + Remove obsolete template for HAVE_TIMESPEC + [75709007c906] + + * src/sudo.c: + Add a check for devname() returning a fully-qualified pathname. None + of the devname() implementations do this today but you never know + when this might change. + [16813ace38f9] + +2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + For "visudo -c" also list include files that were checked when + everything is OK. + [ad6f85b35c9c] + + * src/sudo.c: + The device name returned by devname() does not include the /dev/ + prefix so we need to add it ourselves. + [b55285abb7ed] + + * src/sudo.c: + Add debug warning if KERN_PROC sysctl fails or devname() can't + resolve the tty device to a name. + [b5a23916ba3a] + + * common/sudo_debug.c: + The result of writev() is never checked so just cast to NULL. + [4be4e9b58d5b] + + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: + Update Esperanto, Finnish, Polish and Ukrainian translations from + translationproject.org. + [bb91bc6ad7e9] + +2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, src/sudo.c: + Add support for determining tty via sysctl on other BSD variants. + [fd15f63f719a] + + * configure, configure.in: + Only check for struct kinfo_proc.ki_tdev on systems that support + sysctl. + [109b3f07a39d] + + * src/sudo.c: + For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on + ttyname() of std{in,out,err}. + [95969b70bd68] + +2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, src/sudo.c: + On newer FreeBSD we can get the parent's tty name via sysctl(). + [3207290501ee] + + * plugins/sudoers/testsudoers.c: + Include locale.h + [a602cd0b8c2d] + + * src/sudo.c: + Silence a gcc warning. + [8c6d0e3cd534] + + * plugins/sudoers/bsm_audit.c: + Need to include gettext.h and sudo_debug.h; from John Hein + [447912aa7300] + + * plugins/sudoers/iolog.c: + Initialize the debug framework from the I/O plugin too. + [ce1bf44d96d2] + +2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/testsudoers.c: + Enable debugging via sudo.conf. + [d85669c749d0] + +2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Use SUDO_DEBUG_ALIAS for alias checking functions. + [fb84af30dc76] + + * configure, configure.in: + More complete test for getaddrinfo() that doesn't rely on the + network libraries already being added to LIBS. + [cbaf2369f4f0] + +2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/aix.c: + Add debug support. + [def1bdf24485] + + * configure, configure.in: + Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. + [a2ea1c2eac61] + + * compat/getaddrinfo.c: + Include errno.h and missing.h + [7d15e17cc2f2] + + * .hgignore: + ignore doc/varsub + [417f9fc3231b] + + * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, + plugins/sudoers/gram.y, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, + src/parse_args.c, src/sudo.c, src/sudo.h: + Update copyright year. + [5d0ffc7dd567] + + * NEWS: + Update for sudo 1.8.4 + [841e3eff9844] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [c509cb45b66a] + + * plugins/sudoers/sudoreplay.c: + Enable debugging via sudo.conf. + [5087aaee8484] + + * plugins/sudoers/visudo.c: + Enable debugging via sudo.conf. + [04b067c16ed3] + + * plugins/sudoers/visudo.c: + Allow "visudo -c" to work when we only have read-only access to the + sudoers include files. + [d8c6713fe5c1] + + * doc/sudo.pod, doc/visudo.pod: + Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add + HISTORY section in sudo that points to HISTORY file. + [d1f1bcb051c5] + + * doc/sudo.pod, doc/sudo_plugin.pod: + Document Debug setting in sudo.conf and debug_flags in plugin. + [acfc505aa4a9] + +2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a + bug where a pattern like "/usr/*" include /usr/bin/ in the results, + which would be incorrectly be interpreted as if the sudoers file had + specified a directory. From Vitezslav Cizek. + [0cdb6252188c] + + * INSTALL, config.h.in, configure, configure.in, + plugins/sudoers/auth/kerb5.c: + Add --enable-kerb5-instance configure option to allow people using + Kerberos V authentication to use a custom instance. Adapted from a + diff by Michael E Burr. + [e83af8bb7aa7] + + * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: + Remove -D debug_level option. + [cbcd05094347] + + * doc/LICENSE: + Update copyright year. + [9f43dd7aa852] + +2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + parse_error is now bool, not int + [5ea7fb6fda38] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c: + Print a more sensible error if yyparse() returns non-zero but + yyerror() was not called. + [d44ec88f1183] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c: + Replace y.tab.c with the correct filename in #line directives. + [3c84fcb7e959] + +2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} + if the main process's fds 0-2 are not hooked up to a tty. Adapted + from a diff by Zdenek Behan. + [b9dfce12af85] + + * src/exec.c: + When not logging I/O, put command in its own pgrp and make that the + controlling pgrp if the command is in the foreground. Fixes a race + in the non-I/O logging path where the command may receive two + keyboard-generated signals; one from the kernel and one from the + sudo process. + [d0e263ce496c] + +2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Quiet a bogus gcc warning. + [2009669e0608] + + * src/parse_args.c, src/sudo.h: + Fix warnings related to sudo.conf accessors. + [08ddc29ba50b] + + * common/sudo_conf.c, include/sudo_conf.h: + Separate sudo.conf parsing from plugin loading and move the parse + functions into the common lib so that visudo, etc. can use them. + [f1fc659a8079] + + * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, + src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: + Separate sudo.conf parsing from plugin loading and move the parse + functions into the common lib so that visudo, etc. can use them. + [e1f2cf6bd57a] + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/sudoers.c, src/sudo.c: + Remove support for noexec_file in sudoers and the plugin API + [3e2fd58879b5] + + * plugins/sudoers/sudoers.c: + Don't dump interfaces if there are none. + [9081bb4d3e9e] + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: + Add missing %s printf escape to the group_plugin, iolog_dir and + iolog_file descriptions. + [7db03f2b737e] + +2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: + Fix typo in visiblepw description; from Joel Pickett + [2fb4b26d5c2c] + +2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c: + When running a login shell with a login_class specified, use + LOGIN_SETENV instead of rolling our own login.conf setenv support + since FreeBSD's login.conf has more than just setenv capabilities. + This requires us to swap the plugin-provided envp for the global + environ before calling setusercontext() and then stash the resulting + environ pointer back into the command details, which is kind of a + hack. + [ad4f1190143b] + + * plugins/sudoers/Makefile.in: + If srcdir is "." just use the basename of the yacc/lex file when + generating the C version. This matches the generated files currently + in the repo. + [0b11c3df87a8] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Clean up the DEVEL noise + [9de2afe457fd] + + * src/exec.c: + Handle different Unix domain socket (actually socketpair) semantics + in BSD vs. Linux. In BSD if one end of the socketpair goes away + select() returns the fd as readable and the read will fail with + ECONNRESET. This doesn't appear to happen on Linux so if we notice + that the monitor process has died when I/O logging is enabled, + behave like the command has exited. This means we log the wait + status of the monitor, not the command, but there is nothing else we + can do at that point. This should only be an issue if SIGKILL is + sent to the monitor process. + [818e82ecbbfc] + + * src/exec_pty.c: + Catch common signals in the monitor process so they get passed to + the command. Fixes a problem when the entire login session is killed + when ssh is disconnected or the terminal window is closed. + Previously, the monitor would exit and plugin's close method would + not be called. + [0e4658263138] + + * INSTALL, configure, configure.in: + Mention how to configure pam_hpsec on HP-UX to play nicely with + sudo. + [a7294cd8ce98] + +2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Escape values in the search expression as per RFC 4515. + [c2adbc5db92b] + + * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + No need for install target to depend explicitly on install-dirs, the + install-foo targets all depend on it. + [62a36ed98279] + +2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * .hgignore: + ignore src/sesh + [463d492f6782] + + * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, plugins/sudoers/env.c, + plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/Makefile.in: + Add support for setenv entries in login.conf. We can't use + LOGIN_SETENV since the plugin sets up the envp the command is + executed with. Also regen the Makefile.in files while here. Fixes + bug #527 + [088d507926e2] + +2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, + config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, + src/net_ifs.c: + Add getaddrinfo() for those without it, written by Russ Allbery + [4cf9ac831222] + + * doc/Makefile.in: + Restore PACKAGE_TARNAME, it is used in docdir + [9d65e893edb1] + + * MANIFEST, compat/stdbool.h: + SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to + the MANIFEST + [e67700dc5621] + + * common/atobool.c, common/term.c, src/exec.c: + Remove duplicate return statements. + [48a20d5215fd] + + * plugins/sudoers/auth/bsdauth.c: + Remove inaccurate comment + [e7f0265cf657] + + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: + Fetch the login class for the user we authenticate specifically when + using BSD authentication. That user may have a different login class + than what we will use to run the command. When setting the login + class for the command, use the target user's struct passwd, not the + invoking user's. Fixes bug 526 + [21bf0af892f7] + + * compat/Makefile.in, configure, configure.in, doc/Makefile.in, + plugins/sudoers/Makefile.in: + Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" + [8ee6e0891f27] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Fix "make check" fallout from the sudo_conv changes in sudo_debug. + [b0aaa63c9081] + + * common/fileops.c, common/sudo_debug.c, configure, configure.in, + include/fileops.h, plugins/sample/Makefile.in, + plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, + plugins/sudoers/env.c, plugins/sudoers/find_path.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, + src/sudo_plugin_int.h, src/utmp.c: + Use stdbool.h instead of rolling our own TRUE/FALSE macros. + [dcb0bbc42fc9] + +2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/stdbool.h, config.h.in, configure, configure.in: + Add stdbool.h for systems without it. + [18bd9dda1dcd] + + * aclocal.m4, config.h.in, configure, configure.in: + No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default + includes have unistd.h in them. Add check for socklen_t for upcoming + getaddrinfo compat. + [d705465bef69] + + * common/fileops.c, compat/nanosleep.c, config.h.in, configure, + configure.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, + plugins/sudoers/sudoreplay.c, src/net_ifs.c: + Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of + HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. + [fa187c9bd2be] + + * src/sudo_noexec.c: + No longer need to include time.h here as missing.h does not use + time_t. + [fa3a089bf5b1] + +2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Fix mode on sudoers as needed when the -f option is not specified. + [7a1c40b0dc03] + + * MANIFEST, src/po/sr.mo, src/po/sr.po: + Add Serbian translation for sudo from translationproject.org + [9a0c25e25cba] + + * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, + src/parse_args.c: + No longer pass debug_file to plugin, plugins must now use + CONV_DEBUG_MSG + [810cda1abb0b] + + * mkpkg: + Build PIE executables for newer Debian and Ubuntu + [1c5f25f8904a] + + * common/sudo_debug.c: + Include time.h for ctime() prototype. + [10090cf3bca1] + +2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c, include/sudo_debug.h, src/exec.c, + src/exec_pty.c: + Do not close error pipe or debug fd via closefrom() as we need them + to report an exec error should one occur. + [732f6587fafa] + + * doc/sudoers.ldap.pod: + Document that a sudoUser may now be a group ID. + [2fef46b9d3d3] + + * plugins/sudoers/ldap.c: + Add support for permitting access by group ID in addition to group + name. + [b9450fdf1f69] + + * plugins/sudoers/ldap.c: + Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() + [d62a1e7cff4f] + + * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: + Replace UCB fnmatch.c with a non-recursive version written by + William A. Rowe Jr. + [354d3384adb8] + + * plugins/sudoers/auth/pam.c: + Fix typo, return_debug vs. debug_return + [1b522efcbb0d] + +2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: + Update Japanese sudoers translation from translationproject.org + [ec0f2beaad36] + + * doc/sudoers.pod: + Make the env_reset descriptions consistent. + [41c056f02688] + +2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Do multiple expansion when expanding paths to the noexec file, sesh + and the plugin directory. Adapted from a diff by Mike Frysinger + [d7e16c876c66] + + * common/Makefile.in: + regen + [9d729e09c186] + +2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * .hgignore: + Add ignore file; from Mike Frysinger + [1fa8d52425f8] + + * mkdep.pl: + no longer save old Makefile.in to .old + [378dd2395545] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + regen + [769faf517720] + + * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, + m4/ltoptions.m4, m4/ltversion.m4: + Update to libtool 2.4.2 + [9dac78d84b4f] + +2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers_version.h: + Bump grammar version for #include and #includedir relative path + support. + [82a4f7cd8f71] + +2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add support for relative paths in #include and #includedir + [4d6e3bd0c24f] + + * plugins/sudoers/Makefile.in: + Fix install-plugin when shared objects are unsupported or disabled. + [cbdd770a7a1b] + + * plugins/sudoers/goodpath.c: + Don't write to sbp if it is NULL + [fc438f8e8570] + +2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, + only install matching .mo files + [c1dc30ab4ebc] + +2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/conversation.c: + Fix non-dynamic (no dlopen) sudo build. + [b0bd3fa925a3] + + * configure, configure.in: + Don't error out if the user specified --disable-shared + [cf035dd1e5cc] + + * common/sudo_debug.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/conversation.c: + Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to + the debug file. + [640c62f83251] + + * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/sudoers.h: + Make sudo_goodpath() return value bolean + [fea2d59a6e55] + + * INSTALL, MANIFEST, configure, configure.in, mkdep.pl, + plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: + Remove obsolete securid auth method. + [4e54f860214b] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Prefix authentication functions with a "sudo_" prefix to avoid + namespace problems. + [581d74063ea1] + + * INSTALL, MANIFEST, config.h.in, configure, configure.in, + doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: + Remove the old Kerberos IV support + [2e4b4a44209d] + +2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Don't print garbage at the end of the custom lecture. + [44bb788fafaa] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add lexer tracing as debug@parser + [d850f3f9d414] + + * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/gram.c, + plugins/sudoers/match.c, plugins/sudoers/parse.c, + plugins/sudoers/regress/parser/check_fill.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/visudo.c: + Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and + <def_data.h> and not "def_data.h" when generating the parser in a + build dir. + [7da701def753] + +2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkdep.pl, plugins/sudoers/Makefile.in: + Better devdir support in mkdep.pl + [7dcec57bd155] + + * plugins/sudoers/Makefile.in: + Add devdir before srcdir in include path and fix up dependecies + accordingly. + [6e9958eca485] + + * plugins/sudoers/alias.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + #include "gram.h" not <gram.h> and "def_data.h" and not + <def_data.h>. + [003bdb078a15] + + * sudo.pp: + Mark libexec files as optional. If we build without shared object + support, libexec is not used. + [4bffcf482219] + + * src/load_plugins.c: + Change Debug sudo.conf setting to take a program name as the first + argument. In the future, this will allow visudo and sudoreplay to + use their own Debug entries. + [cfb8f7e4867c] + + * src/sudo.c: + fix sudo_debug_printf priority + [dcb67e965609] + + * plugins/sudoers/sudoers.c: + add missing debug_return_int + [d88ec450c592] + +2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/sudo_debug.c, include/error.h, include/sudo_debug.h, + plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: + Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR + [dcee8efc294f] + + * doc/UPGRADE: + Add missing word in HOME security note. + [fd844fdcc1ac] + + * plugins/sudoers/testsudoers.c: + Prevent "testsudoers -d username" from trying to malloc(0). + [839126e56e8c] + +2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/sudoers/test10.in, + plugins/sudoers/regress/sudoers/test10.out.ok, + plugins/sudoers/regress/sudoers/test10.toke.ok, + plugins/sudoers/regress/sudoers/test10.toke.out.ok, + plugins/sudoers/regress/sudoers/test11.in, + plugins/sudoers/regress/sudoers/test11.out.ok, + plugins/sudoers/regress/sudoers/test11.toke.ok, + plugins/sudoers/regress/sudoers/test11.toke.out.ok, + plugins/sudoers/regress/sudoers/test12.in, + plugins/sudoers/regress/sudoers/test12.out.ok, + plugins/sudoers/regress/sudoers/test12.toke.ok, + plugins/sudoers/regress/sudoers/test13.in, + plugins/sudoers/regress/sudoers/test13.out.ok, + plugins/sudoers/regress/sudoers/test13.toke.ok, + plugins/sudoers/regress/sudoers/test9.in, + plugins/sudoers/regress/sudoers/test9.out.ok, + plugins/sudoers/regress/sudoers/test9.toke.ok, + plugins/sudoers/regress/sudoers/test9.toke.out.ok: + Tests for empty sudoers (should parse OK) and syntax errors within a + line (should report correct line number) both with and without the + trailing newline. + [d57c879c4718] + + * plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/testsudoers.c: + Print line number when there is a parser error. + [5444ef6ac6dc] + +2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Keep track of the last token returned. On error, if the last token + was COMMENT, decrement sudolineno since the error most likely + occurred on the preceding line. Previously we always uses + sudolineno-1 which will give the wrong line number for errors within + a line. + [d661a03a64da] + +2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + update with sudo 1.8.3p1 info + [0f79ff31f602] + + * plugins/sudoers/sudoers.c: + Fix crash when "sudo -g group -i" is run. Fixes bug 521 + [a3087ae337c4] + +2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Make alias_remove_recursive() return TRUE/FALSE as its callers + expect and remove two unused arguments. Fixes bug 519. + [2ee3b2882844] + + * plugins/sudoers/regress/visudo/test1.out.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for bugzilla 519 + [48000ebedf97] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_fill.c: + Disable warning/error wrapping in regress tests. + [373c589ba561] + +2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Do compile-po as part of sync-po so that the .mo files get rebuild + automatically when we sync with translationproject.org + [83f3cbfc2f33] + + * plugins/sudoers/Makefile.in: + check_addr needs to link with the network libraries on Solaris + [322bd70e316e] + + * plugins/sudoers/match.c: + When matching a RunasAlias for a runas group, pass the alias in as + the group_list, not the user_list. From Daniel Kopecek. + [766545edf141] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + We need to init the auth system regardless of whether we need a + password since we will be closing the PAM session in the monitor + process. Fixes a crash in the monitor on Solaris; bugzilla #518 + [e82809f86fb3] + +2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Get rid of done: label. If the child exits we still need to close + the pty, update utmp and restore the SELinux tty context. + [cc127bf48405] + +2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/Makefile.in, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, + common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, + plugins/sudoers/alias.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/logwrap.c, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, + src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, + src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/tgetpass.c, src/ttysize.c, src/utmp.c: + Add debug_decl/debug_return (almost) everywhere. Remove old + sudo_debug() and convert users to sudo_debug_printf(). + [8f3bbf907b67] + + * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/error.c: + Wrap error/errorx and warning/warningx functions with debug + statements. Disable wrapping for standalone sudoers programs as well + as memory allocation functions (to avoid infinite recursion). + [562ed7b5ae8d] + + * README, config.h.in, configure, configure.in: + Add checks for __func__ and __FUNCTION__ and mention that we now + require a cpp that supports variadic macros. + [314cfe4c5d23] + + * MANIFEST, common/Makefile.in, common/sudo_debug.c, + include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, + src/load_plugins.c, src/parse_args.c, src/sudo.c, + src/sudo_plugin_int.h: + New debug framework for sudo and plugins using /etc/sudo.conf that + also supports function call tracing. + [cded741e9f10] + +2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: + Update Japanese sudoers translation from translationproject.org + [c24725775e32] + +2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Override and ignore the --disable-static option. Sudo already runs + libtool with -tag=disable-static where applicable and we need non- + PIC objects to build the executables. + [aff1227b853a] + +2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Add sudoedit fix + [74655c7ccad1] + + * plugins/sudoers/po/sudoers.pot: + regen pot files + [28d89a831ed3] + + * plugins/sudoers/env.c: + Ignore set_logname (which is now the default) for sudoedit since we + want the LOGNAME, USER and USERNAME environment variables to refer + to the calling user since that is who the editor runs as. This + allows the editor to find the user's startup files. Fixes bugzilla + #515 + [6c5dddf5ff05] + + * plugins/sudoers/pwutil.c: + Instead of trying to grow the buffer in make_grlist_item(), simply + increase the total length, free the old buffer and allocate a new + one. This is less error prone and saves us from having to adjust all + the pointers in the buffer. This code path is only taken when there + are groups longer than the length of the user field in struct utmp + or utmpx, which should be quite rare. + [5587dc8cffaf] + + * src/po/it.mo: + Add Italian translation for sudo from translationproject.org + [1b3dd886e7e3] + + * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, + src/po/ja.mo, src/po/ja.po: + Japanese translation for sudo and sudoers from + translationproject.org + [c06dd866be6e] + +2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + sudoreplay depends on timestr.lo too; from Mike Frysinger + [b9e73214b2f1] + +2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot: + Regen sudoers pot file. + [019588bafdb3] + + * NEWS: + Update with latest sudo 1.8.3 news + [6868042a88e9] + + * plugins/sudoers/sudoers.c: + It appears that LDAP or NSS may modify the euid so we need to be + root for the open(). We restore the old perms at the end of + sudoers_policy_open(). + [2da67a5497ef] + + * plugins/sudoers/set_perms.c: + Better warning message on setuid() failure for the setreuid() + version of set_perms(). + [07abcfe7bd9a] + +2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Delref auth_pw at the end of check_user() instead of getting a ref + twice. + [cb665f55e6a5] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: + Make sudo_auth_{init,cleanup} return TRUE on success and check for + sudo_auth_init() return value in check_user(). + [92631c919356] + + * plugins/sudoers/auth/sudo_auth.c: + Do not return without restoring permissions. + [59ef40b6696a] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + regen pot files + [9f320a340b7c] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Modify the authentication API such that the init and cleanup + functions are always called, regardless of whether or not we are + going to verify a password. This is needed for proper PAM session + support. + [19a53f3fb596] + + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Add missing dependency for getspwuid.lo and regen other depends. + [f7f70eae819a] + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: + Fix a PAM_USER mismatch in session open/close. We update PAM_USER to + the target user immediately before setting resource limits, which is + after the monitor process has forked (so it has the old value). + Also, if the user did not authenticate, there is no pamh in the + monitor so we need to init pam here too. This means we end up + calling pam_start() twice, which should be fixed, but at least the + session is always properly closed now. + [fbc063a2a872] + + * src/utmp.c: + Add check for old being NULL in utmp_setid(); from Steven McDonald + [e87126442f2e] + +2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If the invoking user cannot be resolved by uid fake the struct + passwd and store it in the cache so we can delref it on exit. + [a27e2f8b9f5e] + +2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Don't error out if the group plugin cannot be loaded, just warn. + [0fbfcd381e33] + +2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Quiet a false positive found by several static analysis tools. These + tools don't know that log_error() does not return (it longjmps to + error_jmp which returns to the sudo front-end). + [33d0469df21b] + +2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, + plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: + Add Italian translation for sudo from translationproject.org Regen + .mo files + [c3c888a82be6] + +2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Update to current reality and add bit about ssh auth + [184a1e7c2eeb] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Make "verbose" static; fixes a namespace clash with + pam_ssh_agent_auth (and it doesn't need to be extern these days). + [cc38d2eb2f4c] + + * config.h.in, configure, configure.in, src/get_pty.c: + FreeBSD has libutil.h not util.h + [dab4c94b6d4f] + + * configure, configure.in: + Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD + [41c362f0a92a] + +2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, + plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: + Update po files from translationproject.org + [1e99e147c7fa] + +2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for DEREF in ldap.conf. + [3c1937a98547] + + * Makefile.in: + install target should depend on ChangeLog too, not just install-doc + [1a7c83941175] + + * doc/sudoers.pod: + Only iolog_file (not iolog_dir) supports mktemp-style suffixes. + [0eca47d60a2c] + + * NEWS: + Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. + [0501415cc5ff] + + * doc/UPGRADE: + Document group lookup change and possible side effects. + [585743e1ebf7] + + * configure, configure.in: + Fix some square brackets in case statements that needed to be + doubled up. While here, use $OSMAJOR when it makes sense. + [8973343f4696] + + * plugins/sudoers/pwutil.c: + Fix a crash in make_grlist_item() on 64-bit machines with strict + alignment. + [c89508c73c46] + + * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: + Remove list_options() function that is no longer used now that "sudo + -L" is gone. + [fcc6a776c135] + + * configure, configure.in: + Error message if user tries --with-CC + [ec5b478f813a] + + * configure, configure.in: + Check for -libmldap too when looking for ldap libs, which is the + Tivoli Directory Server client library. + [bb3007a97206] + +2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/parse.c: + Honor NOPASSWD tag for denied commands too. + [8dd92656db92] + +2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in: + Remove --with-CC option; it doesn't work correctly now that we use + libtool. Users can get the same effect by setting the CC environment + variable when running configure. + [ec22bd1a55e0] + +2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, + src/sudo_edit.c: + Assume all modern systems support fstat(2). + [6a5a8985f6a0] + +2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/regress/glob/globtest.c, config.h.in, configure, + configure.in, include/missing.h, plugins/sudoers/sudoers.h, + src/sudo.h, src/sudo_noexec.c: + Add configure test for missing errno declaration and only declare it + ourselves if it is missing. + [456e76c809a2] + + * plugins/sudoers/alias.c: + Include errno.h before sudo.h to avoid conflicting with the system + definition of errno. + [d0b97e392512] + +2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/parser/check_addr.c: + Only print individual check status when there is a failure. + [2ac704c91441] + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/parser/check_addr.c: + Add calls to setprogname() for test programs. + [a8d9b420e826] + + * configure, configure.in: + Add -Wall and -Werror after all tests so they don't cause failures. + [2661188ff3fa] + + * plugins/sudoers/Makefile.in: + Actually run check_addr in the check target + [0b2778bc86bf] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, + plugins/sudoers/match_addr.c, + plugins/sudoers/regress/parser/check_addr.c, + plugins/sudoers/regress/parser/check_addr.in: + Split out address matching into its own file and add regression + tests for it. + [12b9a2bf8dba] + +2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + When matching an address with a netmask in sudoers, AND the mask and + addr before checking against the local addresses. + [9747bb6d7b1c] + +2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + Fix netmask matching. + [a3c8f8cc1464] + + * plugins/sudoers/visudo.c: + Don't assume all editors support the +linenumber command line + argument, use a whitelist of known good editors. + [21d43a91fd10] + +2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/sudo.c: + Silence compiler warnings on Solaris with gcc 3.4.3 + [da620bae6fdb] + + * mkpkg: + Fix building on RHEL 3 + [f3227fb2a252] + + * INSTALL, configure, configure.in: + Add --enable-werror configure option. + [fec2cdb95543] + + * common/setgroups.c: + setgroups() proto lives in grp.h on RHEL4, perhaps others. + [de91c0de5a98] + + * configure, configure.in: + Use PAM by default on AIX 6 and higher. + [e16493208e5f] + +2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, + src/po/eo.mo, src/po/eo.po: + Add new Esperanto translation from translationproject.org + [0d9a59e04c64] + +2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog_path.c: + Quiet an innocuous valgrind warning. + [0582b6027161] + +2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/data: + Fix expansion of strftime() escapes in log_dir and add a regress + test that exhibited the problem. + [a5c7c1c4c589] + + * plugins/sudoers/Makefile.in: + Fix "make check" return value. + [33b58e175230] + +2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regen pot files + [063841aac19b] + + * Makefile.in: + Fix logic inversion in pot file up to date check. + [f6a8ca8654df] + +2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add caching for gettext() checks. + [01b7200f6105] + + * configure, configure.in: + Better handling of libintl header and library mismatch. + [9a49b1d4db69] + +2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Also check sudoers gid if sudoers is group writable. + [23ef96ca0d33] + +2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + If dlopen is present but libtool doesn't find it, error out since it + probably means that libtool doesn't support the system. + [a9da0a5f7941] + + * mkpkg: + configure args on the command line should override builtin defaults. + Disable NLS for non-Linux/Solaris unless explicitly enabled. + [b2fb05614504] + + * plugins/sudoers/auth/aix_auth.c: + Fix loop that calls authenticate(). If there was an error message + from authenticate(), display it. + [063a0c4f0b9a] + +2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * m4/libtool.m4, m4/ltversion.m4: + Update to autoconf 2.68 and libtool 2.4 + [5a912a6eb67b] + + * config.guess, config.sub, configure, configure.in, ltmain.sh: + Update to autoconf 2.68 and libtool 2.4 + [931ab56aecf6] + + * doc/sudoers.pod: + Fix typo; OPT should be OTP + [e97bd2e46544] + + * plugins/sudoers/Makefile.in: + Rename libsudoers convenience library to libparsesudoers to avoid + libtool confusion. + [2a89a613f537] + +2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: + Add Danish sudoers translation from translationproject.org + [27b96e85eb13] + + * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: + Add dedicated callback function for runas_default sudoers setting + that only sets runas_pw if no runas user or group was specified by + the user. + [b8382d8eea34] + +2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, + src/po/ru.po: + Update Finish, Polish, Russian and Ukrainian translations from + translationproject.org. + [f9339aff664e] + + * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c: + Go back to using a callback for runas_default to keep runas_pw in + sync. This is needed to make per-entry runas_default settings work + with LDAP-based sudoers. Instead of declaring it a callback in + def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a + bit naughty, but avoids requiring stub functions in visudo and the + tests. + [9aaefb908415] + +2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Add check for out of date message catalogs when doing "make dist". + [e45a29b612f4] + +2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [d6f9ad26774a] + + * configure.in: + Make sure compiler supports static-libgcc before using it. + [b01bd9566e50] + +2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/Makefile.in: + Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc + [c99c7ab3edef] + +2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, + plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, + src/po/zh_CN.mo: + Add new Russian sudo translation from translationproject.org and + rebuild the other translation files. + [e20015459056] + +2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: + Update Finish and Polish translations from translationproject.org + [4e3dbba4a1de] + + * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: + Go back to escaping the command args for "sudo -i" and "sudo -s" + before calling the plugin. Otherwise, spaces in the command args are + not treated properly. The sudoers plugin will unescape non- spaces + to make matching easier. + [dfa2c4636f33] + +2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Fix some potential problems found by the clang static analyzer, none + serious. + [ff64aa74aae6] + + * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, + src/po/zh_CN.po: + Updated Ukranian and Chinese (simplified) po files from + translationproject.org + [ec792becb48e] + +2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/pl.po: + Updated Polish translation from translationproject.org + [a3af53cb649c] + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Rebuild pot files + [c650524c0f0a] + + * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: + Don't try to audit failure if the runas user does not exist. We + don't have the user's command at this point so there is nothing to + audit. Add a NULL check in audit_success() and audit_failure() just + to be on the safe side. + [2a0007c2022f] + + * mkpkg: + Add -g to CFLAG for PIE builds. + [32a0a9693c9c] + +2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c: + Remove fallback to per-group lookup when matching groups in sudoers. + The sudo front-end will now use getgrouplist() to get the user's + list of groups if getgroups() fails or returns zero groups so we + always have a list of the user's groups. For systems with + mbr_check_membership() which support more that NGROUPS_MAX groups + (Mac OS X), skip the call to getgroups() and use getgrouplist() so + we get all the groups. + [51b3ed8c600b] + +2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/setgroups.c: + Fix setgroups() fallback code on EINVAL. + [2b6faecd56a4] + + * plugins/sudoers/set_perms.c: + Fix two PERM_INITIAL cases that were still using user_gids. + [9680bab0acc6] + + * MANIFEST: + Add Polish sudo message catalog + [8bb40c3ba576] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + user_group is no longer used, remove it + [9acede0fe6c5] + +2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: + Add Polish translation from translationproject.org + [afac5c638573] + + * MANIFEST, common/Makefile.in, common/setgroups.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Add a wrapper for setgroups() that trims off extra groups and + retries if setgroups() fails. Also add some missing addrefs for + PERM_USER and PERM_FULL_USER. + [224dfd8aae5c] + + * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, + configure, configure.in, include/missing.h, mkdep.pl, + plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: + Instead of keeping separate groups and gids arrays, create struct + group_info and use it to store both, along with a count for each. + Cache group info on a per-user basis using getgrouplist() to get the + groups. We no longer need special to special case the user or list + user for user_in_group() and thus no longer need to reset the groups + list when listing another user. + [0ad849a8b2d5] + + * src/preload.c: + Don't rely on NULL since we don't include a header for it. + [b40937f1890c] + +2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod: + Fix typo + [c1035360e169] + +2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Do not shadow global sudo_mode with a local variable in set_cmnd() + [0c72969503ad] + +2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + bash 2.x doesd not support the -l flag and exits with an error if it + is specified so use --login instead. This causes an error with bash + 1.x (which uses -login instead) but this version is hopefully less + used than 2.x. + [5c4c296e30e6] + + * src/po/pl.mo, src/po/pl.po: + Add Polish translation from translationproject.org + [48592dd6edcf] + +2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Make error strings translatable. + [414c5c484768] + + * mkpkg: + Only run configure with --with-pam-login for RHEL 5 and above. + [6c16e4de4026] + + * sudo.pp: + Fix typo in summary + [9ac618c9a749] + +2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logwrap.c: + Add missing logwrap.c + [c12a413ecc1d] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, + plugins/sudoers/regress/logging/check_wrap.c, + plugins/sudoers/regress/logging/check_wrap.in, + plugins/sudoers/regress/logging/check_wrap.out.ok: + Split out log file word wrap code into its own file and add unit + tests. Fixes an off-by one in the word wrap when the log line length + matches loglinelen. + [52ed277f6690] + +2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + For SuSE, only use /usr/lib64 as libexec if generating 64-bit + binaries. + [645ab903cf77] + + * src/load_plugins.c, src/sudo.c: + Fix build error when --without-noexec configure option is used. + [b994f7b0d8b4] + + * configure, configure.in: + Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 + and above. + [c2a6f9b472f3] + +2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Resolve the list of gids passed in from the sudo frontend (the + result of getgroups()) to names and store both the group names and + ids in the sudo_user struct. When matching groups in the sudoers + file, match based on the names in the groups list first and only do + a gid-based match when we absolutely have to. By matching on the + group name (as it is listed in sudoers) instead of id (which we + would have to resolve) we save a lot of group lookups for sudoers + files with a lot of groups in them. + [8dc19353f148] + +2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Workaround for "sudo -i command" and newer versions of bash which + don't go into login mode when -c is specified unless -l is too. + [9393762b80f3] + +2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Rewrite logfile word wrapping code to be more straight-forward and + actually wrap at the correct place. + [f712a0c90f55] + +2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: + Set use_pty=true in command details when use_pty is set in sudoers. + From Ludwig Nussel + [8d95a163dfc1] + +2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, + src/po/zh_CN.mo, src/po/zh_CN.po: + Sync Chinese (simplified) PO files from translationproject.org + [acce8eb7be18] + +2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, + plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: + Add Danish translation from translationproject.org and add missing + Basque mo files. + [0c22bb21b9c4] + + * Makefile.in, configure, configure.in: + No longer need to specify LINGUAS in configure, "make install-nls" + now just installs all the .mo files it finds. + [fcd45cf04885] + +2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: + Build CONTRIBUTORS from newly-added contributors.pod + [8b192f2720f4] + + * doc/CONTRIBUTORS: + Rework the wording in the leading paragraph + [312044145cdd] + +2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, doc/CONTRIBUTORS: + Add a CONTRIBUTORS file with the names of folks who have contributed + code or patches to sudo since I started maintaining it (plus the + original authors). + [b8bdd8b59528] + +2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Preserve SHELL variable for "sudo -s". Otherwise we can end up with + a situation where the SHELL variable and the actual shell being run + do not match. + [b8b3974aee3e] + +2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Only enable Solaris project support when setproject() is present in + libproject. + [49ad7857ab89] + + * sudo.pp: + Explicitly set mode and owner of /etc/sudoers instead of relying on + "cp -p" to work in the postinstall script. On AIX 6.1 at least the + postinstall script runs before the final file permissions are set. + [e41ffc0212b2] + +2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.pod, doc/sudoers.pod: + Refer the user to the "Command Environment" section in description + of sudo's -i option. + [263cc3be7eef] + + * doc/sudo.pod: + Fix typo + [35dfac450f4d] + +2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkdep.pl: + If there is no old dependency for an object file, use the MANIFEST + to find its source. + [d15e3b9899f9] + + * compat/Makefile.in: + Remove dependency for getgrouplist.lo as we don't ship that source + file. + [312a6d5fe6b0] + +2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Do not declare yyparse() static as the actual function generated by + yacc is extern. + [9017b79dcf55] + +2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Remove locale files in "make uninstall" + [201ff261ecbe] + + * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, + plugins/sudoers/po/uk.po, src/po/eu.po: + Add Basque translation and sync Finish and Ukranian translations. + [66d2c78c8a13] + + * configure, configure.in: + FreeBSD no longer needs the main sudo binary to link with -lpam now + that plug-ins are loaded with RTLD_GLOBAL. + [96c710df2457] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes + problems with pam modules not having access to symbols provided by + libpam on some platforms. Affects FreeBSD and SLES 10 at least. + [0d016983ec84] + + * Makefile.in: + Move xgettext invocation out of update-po target into update-pot + [19a73c6d017c] + +2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: + Regenerate .pot files for 1.8.2rc2 + [c3037f591dd8] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Move nls targets to the top level Makefile so the paths in the pot + file are saner + [65b9285cd8d9] + + * src/po/fi.mo: + Add compiled version of sudo Finish translation + [8f2405384ea3] + + * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: + Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo + files + [a165e70fa9ec] + + * configure, configure.in, plugins/sudoers/po/fi.po: + Add Finish translation from translationproject.org + [4466f8a96ceb] + +2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod: + The group named by exempt_group should not have a % prefix. + [df084d6b32c8] + +2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod: + Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" + [5113699a3f8b] + +2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c, src/exec_pty.c: + Fix compressed io log corruption in background mode by using _exit() + instead of exit() to avoid flushing buffers twice. + + Improved background mode support. When not allocating a pty, the + command is run in its own process group. This prevents write access + to the tty. When running in a pty, stdin is not hooked up and we + never read from /dev/tty, which results in similar behavior. + [87c15149894c] + + * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: + Clean up regress files Generate proper dependencies for regress objs + in compat + [88bfc728c1e7] + + * plugins/sudoers/Makefile.in: + Add missing dependency for check_fill.o. + [0bd6362e3e17] + +2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in: + Add support for --enable-nls[=location] + [b90db44a050f] + +2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/linux_audit.c: + Include gettext.h + [7f909a6e48cb] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Quiet gcc warnings. + [b41a6cdca583] + + * configure, configure.in: + Don't install .mo files if gettext was not found. + [1397b34cc165] + +2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Always allocate a pty when running a command in the background but + call setsid() after forking to make sure we don't end up with a + controlling tty. + [b6454ba172e8] + + * plugins/sudoers/iolog.c: + Add missing space between command name and the first command line + argument. + [fe217f0a36d4] + + * plugins/sudoers/sudoreplay.c: + Quiet a compiler warning on some platforms. + [de9f2849f236] + + * plugins/sudoers/po/README, src/po/README: + README file that directs people to translationproject.org + [30c0fc323281] + + * plugins/sudoers/po/uk.po, src/po/fi.po: + Sync translations with TP + [1d7d64559cba] + + * Makefile.in: + Add 'sync-po' target to top-level Makefile to rsync the po files + from translationproject.org. + [20508211aaa3] + + * plugins/sudoers/Makefile.in: + install nls files from install target + [5fc07b6cab38] + + * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: + Include .mo files in sudo binary packags. + [278d4821a916] + + * configure, configure.in, plugins/sudoers/po/zh_CN.mo, + plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: + Add simplified chinese translation + [2b33ffc755b9] + +2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, plugins/sudoers/po/uk.mo, + plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: + Add ukranian translation + [2d8102688e93] + + * compat/Makefile.in: + refer to siglist.c, not ./siglist.c since not all makes will treat + foo and ./foo the same. + [6639d293ffba] + + * plugins/sudoers/sudoers.c: + Set def_preserve_groups before searching for the command when the -P + flag is specified. + [0edc7942f875] + + * Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/sudoers/Makefile.in: + Add dependency for siglist.lo in compat. This is a generated file so + "make depend" needs to depend on it. + [28d0932f8b50] + + * compat/Makefile.in: + More dependency fixes. + [aad0d05cd020] + + * compat/Makefile.in: + Fix a few dependencies. + [eb21aa35a032] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Place compiled mo files in the src dir, not the build dir. When + installing compiled mo files, display a status message. + [e15634c29cd3] + +2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Tivoli Directory Server requires that seconds be present in a + timestamp, even though RFC 4517 states that they are optional. + [55fe23dd4ef9] + + * plugins/sudoers/sudo_nss.h: + Add missing bit of copyright + [d2eba3c364ca] + + * doc/visudo.pod: + Mention cycle detection warnings + [a76bef15ab67] + + * plugins/sudoers/visudo.c: + When checking aliases, also check the contents of the alias in case + there are problems with an alias that is referenced inside another. + Replace the self reference check with real alias cycle detection. + [a66c904cf53b] + + * plugins/sudoers/alias.c: + Set errno to ELOOP in alias_find() if there is a cycle. Set errno to + ENOENT in alias_find() and alias_remove() if the entry could not be + found. + [b4f0b89e433c] + + * plugins/sudoers/visudo.c: + Increment alias_seqno before calls to alias_remove_recursive() to + avoid false positives with the alias loop detection. Fixes spurious + warnings about unused aliases when they are nested. + [a344483b8193] + + * MANIFEST: + add mkdep.pl + [86b7ed33eab2] + + * plugins/sudoers/Makefile.in: + Add dependency on convenience libs to binaries + [cd3078b3c997] + + * Makefile.in: + mkdep.pl only works when run from the src dir + [f35a5e47c944] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Auto-generate Makefile dependencies with a perl script. + [a3e4afcd7975] + +2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + If the user specifies a runas group via sudo's -g option that + matches the runas user's group in the passwd database and that group + is not denied in the Runas_Spec, allow it. Thus, if user root's gid + in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if + no groups are present in the Runas_Spec. + [e3f9732dc564] + +2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Add dependencies on gettext.h + [a3a9dc51f78b] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Fix install-nls target with HP-UX sh when gettext is not present. + [0c6b9655cd41] + +2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, + src/Makefile.in, src/po/sudo.pot: + regenerate .pot files for lbuf changes + [918ded125a0b] + + * configure, configure.in: + Add missing "checking" message for gettext when using the cache. + [9c21187ad1d2] + + * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, + plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, + src/parse_args.c: + Add primitive format string support to the lbuf code to make + translations simpler. + [ee71c7ef5299] + + * MANIFEST, plugins/sudoers/Makefile.in, + plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: + Add message catalog template files for sudo and the sudoers module. + [f3f8acb1f014] + + * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, + config.h.in, configure.in, doc/Makefile.in, include/gettext.h, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, + src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: + Add gettext.h convenience header. This is similar to but distinct + from the one included with the gettext package. + [930a0591f73c] + +2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add checks for nroff -c and -Tascii flags + [19ca990b3149] + + * configure, configure.in: + Add check for HP bundled C Compiler (which cannot create shared + libs) + [517716a7072d] + + * plugins/sudoers/sudoreplay.c: + Fix C format warnings. + [6514326013fa] + + * include/error.h: + Add __printflike + [e1749a30a406] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c, src/parse_args.c: + Translate help / usage strings. + [ee1cc9b1a8bd] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Set --msgid-bugs-address to the bugzilla url + [5a0aa250ca21] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, + configure.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: + Add scaffolding to update .po files and install .mo files. + [f05f4eed1fe1] + + * doc/license.pod: + update copyright year + [fa0c62523875] + + * INSTALL, README: + No need to include version number at the top of these files. + [9f2981325351] + +2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/visudo.c: + Minor warning/error cleanup + [9236dc85aeab] + + * config.h.in, configure.in: + Emulate ngettext for the non-nls case + [13571d63fa36] + + * plugins/sudoers/ldap.c: + Do not mark untranslatable strings for translation + [735f5d4413fe] + + * plugins/sudoers/check.c: + Use ROOT_UID not 0. + [09a268db8da4] + + * plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, + src/load_plugins.c, src/sudo.c, src/sudo_edit.c: + Minor warning/error message cleanup + [3c7b1a7939b5] + + * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/net_ifs.c, src/selinux.c: + cannot -> "unable to" in warning/error messages + [31c3897649e9] + + * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, + src/sudo.c, src/utmp.c: + can't -> "unable to" in warning/error messages + [127b75f15291] + + * configure, configure.in: + FreeBSD needs the main sudo executable to link with -lpam when + loading dynaic pam modules for some reason. + [944522cc9bef] + +2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: + We don't want to translate debugging messages. + [56a1a365815a] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/sesh.c, src/sudo.c: + Add calls to bindtextdomain() and textdomain() Currently there are + two domains, one for the sudo front-end and one for the sudoers + plugin and its associated utilities. + [0426138f789e] + + * configure, configure.in: + Fix caching of libc gettext check. + [942142d2c43a] + + * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, + plugins/sudoers/mkdefaults: + Mark defaults descriptions for translation + [5b27f018e6cf] + + * NEWS: + Update for sudo 1.8.1p2 + [747c4dee2ca7] + +2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Quiet compiler warning when SELinux is enabled. + [1fbf77dda240] + + * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + src/error.c, src/net_ifs.c, src/sesh.c: + Add missing includes of libintl.h. + [bc1d66316082] + + * plugins/sudoers/auth/pam.c: + Fix gettext marker. + [a5cf4ed66c66] + + * common/aix.c, common/alloc.c, compat/strsignal.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: + Include libint.h where needed. + [2b0e5a663c7b] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, + plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: + Prepare sudoers module messages for translation. + [7212ae1909c5] + + * plugins/sudoers/sudoers.c: + Only check gid of sudoers file if it is group-readable. + [50e3bc0cb242] + + * plugins/sudoers/auth/aix_auth.c: + For AIX, keep calling authenticate() until reenter reaches 0. + [e240815b74b1] + +2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Cache the status of the initial gettext() check. + [32751ebe1704] + + * INSTALL, configure, configure.in: + Add --disable-nls flag and improve checks for gettext. + [c7e6b17052de] + + * configure, configure.in: + When building with gcc on HP-UX, use -march=1.1 to produce portable + binaries on a pa-risc2 host. Previously, the +Dportable option was + used for the HP-UX C compiler but gcc always produced native + binaries. + [8f4c749324d7] + +2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, + src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, + src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, + src/sudo_edit.c, src/tgetpass.c, src/utmp.c: + Prepare sudo front end messages for translation. + [2fc2fabceccb] + +2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: + Add initial scaffolding to support localization via gettext() + [7d47b59fcf95] + + * compat/fnmatch.h, compat/glob.h: + Don't let the fnmatch/glob macros expand the function prototype. + [a9014aa0288e] + +2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: + Resolve namespace collisions on HP-UX ia64 and possibly others by + adding a rpl_ prefix to our fnmatch and glob replacements and + #defining rpl_foo to foo in the header files. + [caa9b690a15d] + +2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Split ALL, ROLE and TYPE into their own actions. Since you can only + have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in + the non-SELinux case. This is safe because the actions are in one + big switch() statement. + [7473fc2cfa2c] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. + [9be3480c2865] + +2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/UPGRADE, doc/sudoers.pod: + askpass moved from sudoers to sudo.conf in sudo 1.8.0 + [b2c2956cec4e] + + * doc/sudoers.pod: + Remove obsolete warning about runas_default and ordering. Move + syslog facility and priority lists into the section where the + relevant options are described. + [e57b8dc3f779] + +2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sia.c: + Fix SIA support; we no longer have access to the real argc and argv + so allocate space for a fake one and use the argv passed to the + plugin with "sudo" for argv[0]. + [1c0552772ad2] + +2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/net_ifs.c: + Remove useless realloc when trying to get the buffer size right. + [792225380a62] + + * plugins/sudoers/set_perms.c: + Be explicit when setting euid to 0 before call to setreuid(0, 0) + [7bfeb629fccb] + +2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Need to do checks for krb5_verify_user, krb5_init_secure_context and + krb5_get_init_creds_opt_alloc regardless of whether or not + krb5-config is present. + [9d1b98ece1d3] + +2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + Work around weird AIX saved uid semantics on setuid() and + setreuid(). On AIX, setuid() will only set the saved uid if the euid + is already 0. + [069fc08150ca] + +2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + update copyright year + [1c42d579ba6e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Treat a missing includedir like an empty one and do not return an + error. + [92f71d8cbfd4] + +2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Fix ARCH setting in cross-compile Solaris packages. + [b0de281cc889] + + * sudo.pp: + Fix aix version setting. + [98437dbfb085] + + * plugins/sudoers/ldap.c: + Remove extraneous parens in LDAP filter when sudoers_search_filter + is enabled that causes a search error. From Matthew Thomas. + [1d75bf1fc8d9] + +2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + Correct sizeof() to fix test failure. + [fd2f7c0c0572] + + * plugins/sudoers/Makefile.in: + "install" target should depend on "install-dirs". Fixes "make -j" + problem and closes bz #487. From Chris Coleman. + [083902d38edb] + +2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + Add HAVE_RFC1938_SKEYCHALLENGE + [a94cb33758a8] + +2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention plugin loading and libgcc changes + [e11b30b5026a] + + * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: + Load plugins after parsing arguments and potentially printing the + version. That way, an error loading or initializing a plugin doesn't + break "sudo -h" or "sudo -V". + [1b76f2b096a2] + + * Makefile.in: + When using a sub-shell to invoke the sub-make, exec make instead of + running it inside the shell to avoid an extra process. + [fd2c04a71fbf] + + * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: + Stop testing unspecified behavior in fnmatch Make glob test more + portable + [229803093725] + + * compat/Makefile.in: + No need to add current dir to include path and having it breaks the + test programs that expect to get the system glob.h and fnmatch.h + [68085f624be4] + + * INSTALL, configure, configure.in: + Fix and document --with-plugindir; partially from Diego Elio Petteno + [07edc52ea89e] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, + compat/regress/glob/globtest.in: + Fix fnmatch and glob tests to not use hard-coded flag values in the + input file. Link test programs with libreplace so we get our + replacement verions as needed. + [c2cca448f660] + + * Makefile.in: + If make in a subdir fails, fail the target in the upper level + Makefile too. Adapted from a patch from Diego Elio Petteno + [76fc9a0d96fd] + + * configure, configure.in, plugins/sudoers/auth/rfc1938.c: + Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also + has this. Adapted from a patch from Diego Elio Petteno + [a97279a59b93] + + * plugins/sudoers/Makefile.in: + Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ + directly. + [47b884029b3b] + + * configure, configure.in: + Fix warnings when -without-skey, --without-opie, --without-kerb4, + --without-kerb5 or --without-SecurID were specified. + [71ad150f4d24] + + * MANIFEST: + Add plugins/sudoers/sudoers_version.h + [7423966de440] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + Back out the --with-libpath addition to SUDOERS_LDFLAGS since that + now include LDFLAGS in the sudoers Makefile.in. Add missing settng + of @LDFLAGS@ in plugin Makefile.in files. + [b835826f889c] + +2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention %#gid support in User_List and Runas_List + [5a983dff017a] + + * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, + plugins/sudoers/visudo.c: + Keep track of sudoers grammar version and report it in the -V + output. + [52901a3c0296] + + * plugins/sudoers/sudo_nss.h: + Add multiple inclusion guard + [50853aed046e] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + The --with-libpath option now adds to SUDOERS_LDFLAGS as well as + LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and + set it to -Wc,-static-libgcc if not using GNU ld so we don't have a + dependency on the shared libgcc in sudoers.so. + [66ad8bc5e32d] + + * doc/sudoers.pod: + Fix typo; from Petr Uzel + [f9a7afd80892] + +2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/testsudoers.c: + In dump-only mode, use "root" as the default username instead of + "nobody" as the latter may not be available on all systems. + [0c48e6414337] + +2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/testsudoers.c: + Remove NewArgv/NewArgc, they are no longer needed. + [16e18f734c7e] + + * plugins/sudoers/testsudoers.c: + Fix setting of user_args + [aa29e0d0a54a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add '!' token to lex tracing + [5227ad266235] + + * plugins/sudoers/regress/testsudoers/test1.sh: + Use group bin in test, not wheel as most systems have the bin group + but the same is no longer true of wheel. + [718802b3b45e] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Avoid using pre or post increment in a parameter to a ctype(3) + function as it might be a macro that causes the increment to happen + more than once. + [78e281152c3a] + +2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Strip off the beta or release candidate version when building AIX + packages. + [28fe31668559] + + * configure, configure.in: + We need to include OSDEFS in CFLAGS when doing the utmp/utmpx + structure checks for glibc which only has __e_termination visible + when _GNU_SOURCE is *not* defined. + [59ae1698911f] + + * common/aix.c: + getuserattr(user, ...) will fall back to the "default" entry + automatically, there's no need to check "default" manually. + [3c7a47a61fdb] + +2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/UPGRADE: + Document parser changes. + [ec415503308d] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + If there is an existing sudoers file, only install if it passes a + syntax check. + [37427c73e8cb] + + * plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/testsudoers.c: + Add runasgroup support to testsudoers + [047ea5571f33] + + * plugins/sudoers/Makefile.in: + For "make check", keep going even if a test fails. + [ce6a0a73c372] + + * plugins/sudoers/testsudoers.c: + More useful exit codes: + * 0 - parsed OK and command matched. + * 1 - parse error + * 2 - command not matched + * 3 - command denied + [1d2ce1361903] + + * doc/sudoers.pod: + Document %#gid, and %:#nonunix_gid syntax. + [492d4f9696c4] + + * plugins/sudoers/pwutil.c: + Add support to user_in_group() for treating group names that begin + with a '#' as gids. + [20240c94a134] + + * config.h.in, configure, configure.in, src/utmp.c: + Add explicit check for struct utmpx.ut_exit.e_termination and struct + utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update + ut_exit if we detect one or the other. + [b4e8cab777e6] + +2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c: + Add back missing #include of config.h + [9ab3897a1b2e] + + * plugins/sudoers/iolog_path.c, + plugins/sudoers/regress/iolog_path/data: + Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like + strftime() does. + [93395762cdcd] + + * aclocal.m4: + Quote first argument to AC_DEFUN(); from Elan Ruusamae + [97f53ad31d77] + +2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + add new sudoers tests + [476af91b3da3] + + * plugins/sudoers/regress/sudoers/test8.in, + plugins/sudoers/regress/sudoers/test8.out.ok, + plugins/sudoers/regress/sudoers/test8.toke.ok: + Add test for a newline in the middle of a string when no line + continuation character is used. + [de2394bc86ab] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Use bitwise AND instead of modulus to check for length being odd. A + newline in the middle of a string is an error unless a line + continuation character is used. + [bdb1d762a1d5] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Move lexer globals initialization into init_lexer. + [1ce62211aadb] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix a potential crash when a non-regular file is present in an + includedir. Fixes bz #452 + [1586760c3525] + + * pp: + On some Linux systems, "uname -p" contains detailed processor info + so check "uname -m" first and then "uname -p" if needed. Recognize + PLD Linux. + [b8535cb9012e] + +2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/redblack.c: + Don't need all sudoers.h here. + [8c0929f42dab] + + * src/sudo.c: + Print sudo version early, in case policy plugin init fails. + [47cddc4358bc] + +2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/sudoers/test4.toke.ok: + Update to match change in input. + [4a3af8e68790] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Make an empty group or netgroup a syntax error. + [66f51ddc2ff6] + + * plugins/sudoers/regress/sudoers/test7.in, + plugins/sudoers/regress/sudoers/test7.out.ok, + plugins/sudoers/regress/sudoers/test7.toke.ok: + An empty group or netgroup should be a syntax error. + [bd5bf1e2edce] + + * plugins/sudoers/regress/sudoers/test6.in, + plugins/sudoers/regress/sudoers/test6.out.ok, + plugins/sudoers/regress/sudoers/test6.toke.ok: + Check that uids work in per-user and per-runas Defaults Check that + uids and gids work in a Command_Spec + [c5e848e6082b] + + * plugins/sudoers/regress/sudoers/test5.in, + plugins/sudoers/regress/sudoers/test5.out.ok, + plugins/sudoers/regress/sudoers/test5.toke.ok: + Test empty string in User_Alias and Command_Spec + [3a084d777e03] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow a group ID in the User_Spec. + [bc2859eb71dc] + +2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Return an error for the empty string when a word is expected. Allow + an ID for per-user or per-runas Defaults. + [915c259b00ff] + + * plugins/sudoers/testsudoers.c: + Fix printing "User_Alias FOO = ALL" + [ba58c3d548b3] + +2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/parse_args.c: + Better error message about invalid -C argument + [c9a8d15bbf5d] + + * NEWS: + fix typo + [cdcfbafed013] + + * doc/sudoers.pod: + Fix placement of equal size ('=') in user specification summary. + [5ad7178b230d] + +2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + update to match sudoers regress + [e04db0648717] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Restore ability to define TRACELEXER and have trace output go to + stderr. + [d9531e4d1b20] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Restore old behavior of setting sawspace = TRUE for command line + args when a line continuation character is hit to avoid causing + problems for existing sudoers files. + [fd930ad25550] + + * plugins/sudoers/regress/sudoers/test4.in, + plugins/sudoers/regress/sudoers/test4.out.ok, + plugins/sudoers/regress/sudoers/test4.toke.ok: + Add test for line continuation and aliases + [29ab538ca6bb] + + * plugins/sudoers/Makefile.in: + Make test output line up nicely for parse vs. toke + [257ef82c1434] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/sudoers/test1.in, + plugins/sudoers/regress/sudoers/test1.out.ok, + plugins/sudoers/regress/sudoers/test1.toke.ok, + plugins/sudoers/regress/sudoers/test2.in, + plugins/sudoers/regress/sudoers/test2.out.ok, + plugins/sudoers/regress/sudoers/test2.toke.ok, + plugins/sudoers/regress/sudoers/test3.in, + plugins/sudoers/regress/sudoers/test3.out.ok, + plugins/sudoers/regress/sudoers/test3.toke.ok, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.out.ok, + plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Move parser tests to sudoers directory and test the tokenizer output + too. + [44f529b3cdb6] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If we match a rule anchored to the beginning of a line after parsing + a line continuation character, return an ERROR token. It would be + nicer to use REJECT instead but that substantially slows down the + lexer. + [355478293f8c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move LEXTRACE macro to toke.h so we can use it in yyerror(). + [72ee7a06d3ca] + +2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l: + Make lex tracing settable at run-time in testsudoers via the -t + flag. Trace output goes to stderr. Will be used by regress tests to + check lexer. + [93bd53c413c8] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Allow whitespace after the modifier in a Defaults entry. E.g. + "Defaults: username set_home" + [9dfcf8dd8a3a] + +2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Don't set CC when cross-compiling. + [4b95b0c04e1c] + + * NEWS: + Credit Matthew Thomas for the sudoers_search_filter changes. + [a65998ab09f7] + + * MANIFEST: + Add the .sym files to the MANIFEST + [f599225cc861] + + * NEWS: + Update for sudo 1.8.1 beta + [71021e854c49] + + * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: + user_shell -> run_shell to avoid confusion with the user's SHELL + variable. + [dc0ac6dafc21] + + * src/exec_pty.c: + Save the controlling tty process group before suspending in pty + mode. Previously, we assumed that the child pgrp == child pid (which + is usually, but not always, the case). + [10b2883b7875] + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for sudoers_search_filter setting in ldap.conf. This can + be used to restrict the set of records returned by the LDAP query. + [b0f1b721d102] + +2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Remove the hack to disable -g in CFLAGS unless --with-devel + [89822cf84ef4] + + * doc/sudoers.pod: + The '@' character does not normally need to be quoted. + [7823f5ed829a] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + We normaly transition from GOTDEFS to STARTDEFS on whitespace, but + if that whitespace is followed by a comma, we want to treat it as + part of a list and not transition. + [1ca6943e1824] + + * plugins/sudoers/regress/testsudoers/test3.ok, + plugins/sudoers/regress/testsudoers/test3.sh: + Add check for whitespace when a User_List is used for a per-user + Defaults entry. + [91f75e6dd19a] + + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh: + Expand quoted name checks to cover recent fixes. + [ce4f76bca146] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Fix parsing of double-quoted names in Defaultd and Aliases which was + broken in 601d97ea8792. + [424b0d6c1dc4] + + * plugins/sudoers/Makefile.in: + toke_util.c lives in $(srcdir) not $(devdir) + [94866bebee83] + +2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Change trunk version to 1.8.x to distinguish from real 1.8.0. + [a9781e61d064] + + * NEWS, doc/UPGRADE: + Document major changes in 1.8.1 and add upgrade notes. + [f2cf51b0d9ce] + + * plugins/sudoers/match.c: + Be careful not to deref user_stat if it is NULL. This cannot + currently happen in sudo but might in other programs using the + parser. + [06a2334dd674] + + * mkpkg: + configure will not add -O2 to CFLAGS if it is already defined to add + -O2 to the CFLAGS we pass in when PIE is being used. + [1ce6481ece59] + + * doc/sudoers.pod: + Warn about the dangers of log_input and mention iolog_file and + iolog_dir in the log_input and log_output descriptions. + [ae854ffb0768] + + * pp: + sync with git version + [a993e39ce3cb] + + * doc/sudoers.pod: + It seems that h comes after i + [0f621109220d] + + * doc/sudoers.pod: + Move log_input and log_output to their proper, sorted, location. + Document set_utmp and utmp_runas. + [273b234b9c34] + + * src/exec.c: + Save the controlling tty process group before suspending so we can + restore it when we resume. Fixes job control problems on Linux + caused by the previous attemp to fix resuming a shell when I/O + logging not enabled. + [f03a660315ee] + + * common/lbuf.c: + Fix printing of the remainder after a newline. Fixes "sudo -l" + output corruption that could occur in some cases. + [25d83fb501fc] + +2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, src/exec_pty.c, + src/sudo_exec.h, src/utmp.c: + Add support for ut_exit + [b574c13f1bba] + + * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, + src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: + Add support for controlling whether utmp is updated and which user + is listed in the entry. + [44a81632133f] + + * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, + plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, + plugins/sudoers/parse.c: + Fix typo; tupple vs. tuple + [697744acb710] + + * src/utmp.c: + For legacy utmp, strip the /dev/ prefix before trying to determine + slot since the ttys file does not include the /dev/ prefix. + [7ad5b81ff90c] + + * aclocal.m4, configure, configure.in, pathnames.h.in: + Add check for _PATH_UTMP + [21e638029bfd] + +2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + Adapt check_iolog_path to sessid changes + [728b5fe2be6f] + + * config.h.in, configure, configure.in, src/Makefile.in, + src/exec_pty.c, src/sudo_exec.h, src/utmp.c: + Redo utmp handling. If no getutent()/getutxent() is available, + assume a ttyslot-based utmp. If getttyent() is available, use that + directly instead of ttyslot() so we don't have to do the stdin dup2 + dance. + [18aa455cd140] + +2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, + src/utmp.c: + Move utmp handling into utmp.c + [f6eae6c8e012] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, + compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/utimes.c, doc/sudo.pod, doc/visudo.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/logging.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/redblack.c, + plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/tgetpass.c: + Update copyright years. + [16aa39f9060a] + + * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/parse_args.c: + Add "user_shell" boolean as a way to indicate to the plugin that the + -s flag was given. + [fb1ef0897b32] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.h: + Move sessid out of sudo_user. + [ba298ddb57f4] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Log the TSID even if it is not a simple session ID. + [d7cc1b9c513c] + + * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: + Document noexec in sample.sudo.conf and add back noexec_file section + in sudoers with a note that it is deprecated. + [4a6e961e494d] + + * plugins/sudoers/set_perms.c: + Fix running commands as non-root on systems where setreuid() changes + the saved uid based on the effective uid we are changing to. + [df0769b71b34] + +2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, + src/sudo.h: + Move noexec path into sudo.conf now that sudo itself handles noexec. + Currently can be configured in sudoers too but is now undocumented + and will be removed in a future release. + [6fa8befdc110] + + * doc/sudo.pod, doc/sudoers.pod: + Document "Path noexec ..." in sudo.conf. No longer document + noexec_file in sudoers, it will be removed in a future release. + [24eee3a0b3e5] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: + Move noexec handling to sudo front-end where it is documented as + being. + [3ed4f10d7052] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, + src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, + src/sudo_exec.h: + Add support for disabling exec via solaris privileges. Includes + preparation for moving noexec support out of sudoers and into front + end as documented. + [dec843ed553e] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, + plugins/sample_group/Makefile.in, + plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, + plugins/sudoers/sudoers.sym: + Only export the symbols corresponding to the plugin structs. + [8d8d03b0ca54] + + * configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: + Install plugins manually instead of using libtool. This works around + a problem on AIX where libtool will install a .a file containing the + .so file instead of the .so file itself. + [796971cfbddb] + + * Makefile.in: + Move check into its own rule since some versions of make will run + both targets as the default rule. + [34d759979176] + + * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, + m4/ltversion.m4, m4/lt~obsolete.m4: + Update to libtool 2.2.10 + [34c130de6af7] + +2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + In handle_signals(), restart the read() on EINTR to make sure we + keep up with the signal pipe. Don't return -1 on EAGAIN, it just + means we have emptied the pipe. + [d5b9c8eb9000] + + * compat/mktemp.c: + Reorder functions to quiet a compiler warning. + [c9e9a23729f0] + + * mkpkg: + Use the Sun Studio C compiler on Solaris if possible + [11a86e27891e] + +2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Fix default setting of osversion variable. + [52e49ca1cedd] + + * doc/sudo_plugin.pod: + Make two login_class entris consistent. + [18ff1fa94a91] + + * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, + src/sudo_exec.h: + Add support for adding a utmp entry when allocating a new pty. + Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). + Currently only creates a new entry if the existing tty has a utmp + entry. + [32db72b81d80] + + * plugins/sudoers/boottime.c: + Avoid pulling in headers we don't need on Linux For getutx?id(), + call setutx?ent() first and always call endutx?ent(). + [5dad21e1ee1b] + + * configure, configure.in: + Add some more libs to SUDOERS_LIBS instead of relying on them to be + pulled in by SUDO_LIBS. + [18a7c21c09a7] + + * plugins/sudoers/sudoers.c: + Fix return value of "sudo -l command" when command is not allowed, + broken in [c7097ea22111]. The default return value is now TRUE and a + bad: label is used when permission is denied. Also fixed missing + permissions restoration on certain errors. On error()/errorx(), the + password and group files are now closed before returning. + [4f2d0e869ae5] + +2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: + Fix passing of login class back to sudo front end. + [6f70a784ce48] + + * mkpkg: + Add --osversion flag to specify OS instead of running "pp + --probeonly" + [a8efdccb7bc1] + + * sudo.pp: + Fix expr usage w/ GNU expr + [48895599ee63] + +2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Fix exit value for validate and list mode. + [c7097ea22111] + + * plugins/sudoers/sudoers.c: + Fix non-interactive mode with sudoers plugin. + [172f29597bd2] + +2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoreplay.pod: + sudoreplay can now find IDs other than %{seq} and display the + session. + [fc3dd3be67e9] + +2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Add support for replaying sessions when iolog_file is set to + something other than %{seq}. + [ca3131243874] + + * plugins/sudoers/visudo.c: + If we are killed by a signal, display the name of the signal that + got us. + [994bb76a990e] + + * configure, configure.in: + Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS + where they belong. + [40f94b936fa4] + + * configure.in: + Fix bug in skey/opie check that could cause a shell warning. + [83c043072be5] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + No longer need sudo_getepw() stubs. + [bbee15c36912] + +2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudo_nss.c: + Fix exit value of "sudo -l command" in sudoers module. + [a6541867521b] + +2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/regress/glob/globtest.c: + Use fgets() not fgetln() for portability. + [df1bb67fb168] + + * sudo.pp: + Don't use the beta or release candidate version as the rpm release. + [d661ef78021a] + +2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + version 1.8.0 + [f6530d56f6ae] [SUDO_1_8_0] + + * NEWS: + update sudo 1.8 section + [f2ee2cf95d18] + +2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/testsudoers/test2.sh: + fix test description + [cd5730fa9f09] + + * plugins/sudoers/regress/testsudoers/test2.out, + plugins/sudoers/regress/testsudoers/test2.sh, + plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + convert test2 to use testsudoers + [b5ec3f0b69f1] + + * include/sudo_plugin.h, src/sudo_plugin_int.h: + Move struct generic_plugin to sudo_plugin_int.h + [6f7bc629329c] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/parse.c, plugins/sudoers/parse.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Allow sudoers file name, mode, uid and gid to be specified in the + settings list. The sudo front end does not currently set these but + may in the future. + [22f38a0fda2a] + +2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + 1.8.0rc1 + [5d4588b9c057] + + * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/parse_args.c, src/sudo.h: + add help text to sudo, visudo and sudoreplay for the -h option + [52e7378d8476] + +2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/snprintf.c: + avoid using "howmany" for a parameter name since it is a select- + related macro + [a14d565401a1] + + * doc/sudoers.pod: + mention group_plugin when describing nonunix_group + [e0d1d0034b17] + + * doc/sudo_plugin.pod: + Add missing period at end of sentence + [6744d7e9056d] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, + plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + add localstatedir; closes bug 471 + [7aefcab85088] + + * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c, + src/exec.c, src/exec_pty.c: + The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes + Bug 470 + [927ed6740f32] + + * configure.in: + add missing AH_TEMPLATE for ENV_RESET + [16300010c986] + + * src/exec.c: + SVR5 systems return non-zero for success on socketpair(), check for + -1 instead. Closes Bug 469 + [4d276494bf8e] + +2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + 1.8.0b5 + [d611cd5d73d3] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [85e96eeaed82] + + * doc/sudo.pod: + Document that a sudo.conf file with no Pligin lines uses the default + sudoers plugins. + [88bd52da977f] + + * src/load_plugins.c: + If sudo.conf contains no Plugin lines, use the default sudoers + policy and I/O plugins. + [fd8f4cb811ab] + +2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudo_nss.c: + Avoid printing empty "Runas and Command-specific defaults for user" + line. + [2dd330fe4f8b] + + * common/lbuf.c: + Truncate the buffer at buf.len before printing in the non-wordwrap + case. + [901e9833f80d] + + * common/lbuf.c: + Remove extra newline when the tty width is very small or unavailable + [245c05506c0e] + +2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/alias.c: + Remove unneeded variable. + [2c086d30b796] + +2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Prefer getutxid over getutid + [3f3322e9c93e] + + * plugins/sudoers/boottime.c: + Include utmp.h / utmpx.h before missing.h as apparently including it + afterwards causes a compilation problem on GNU Hurd. + [a528029ae962] + +2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c: + #include "foo.h", not <foo.h> for local includes. + [f65ec693998e] + + * src/parse_args.c: + remove bogus XXX + [9136c17d53ce] + + * compat/mksiglist.c: + Fix typo + [1a3bb7b455c9] + + * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c: + return foo not return(foo) + [5c9e0647359a] + +2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Remove duplicate FD_SET of signal_pipe[0] + [3096527d2215] + +2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/mksiglist.c: + Use "missing.h" not <missing.h> in generated code. + [d8e09cffbe09] + +2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure: + fix --with-iologdir=no + [a89699cb5f5f] + + * aclocal.m4, configure: + fix typo that broke --with-iologdir + [91b54eb22403] + +2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, + doc/visudo.man.in: + Bump version to 1.8.0b4 + [e2b7f2cdc02e] + + * NEWS: + sync + [decf5a0a8a33] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Attempt to clarify how users and groups interact in Runas_Specs + [e6fb3a2dbd77] + + * plugins/sudoers/regress/visudo/test2.out, + plugins/sudoers/regress/visudo/test2.sh: + Add test for quoted group that contains escaped double quotes + [44596c48c629] + + * src/exec.c, src/exec_pty.c: + Pass SIGUSR1/SIGUSR2 through to the child. + [c3108a827b01] + + * src/exec_pty.c, src/sudo_exec.h: + Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and + SIGUSR2 to indicate whether the child should be continued in the + foreground or background. + [35ca47cc6785] + + * src/exec.c: + Use pid_t not int and check the return value of kill() + [36ae7d37d7f9] + +2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c: + Remove obsolete comment + [baebef4919f6] + + * src/exec.c: + In non-pty mode before continuing the child, make it the foreground + pgrp if possible. Fixes resuming a shell. + [fef5b1d02ddb] + + * src/exec_pty.c: + If we get a signal other than SIGCHLD in the monitor, pass it + directly to the child. + [b3ecb28163a0] + + * src/exec.c, src/exec_pty.c, src/sudo.h: + Save signal state before changing handlers and restore before we + execute the command. + [faf7475dc4bf] + +2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Use a char array to map a number to a base36 digit. + [257576c51f8b] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod: + Be clear about what versions of sudo support new LDAP attributes. + Fix up some formatting of attribute names. Minor other tweaks. + [39f65df71f65] + +2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + match quoted strings the same way whether in a Defaults line or as a + user/group/netgroup name. Fixes escaped double quotes in quoted + user/group/netgroup names. + [601d97ea8792] + + * plugins/sudoers/Makefile.in: + 'make check' depends on visudo and testsudoers + [127c5a24df8f] + + * plugins/sudoers/sudoers2ldif: + Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags + [9029163a58c3] + +2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/UPGRADE: + Mention LDAP attribute compatibility status. + [2c3595aaec63] + +2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + Mention phpQLAdmin + [9304c9064fbe] + + * INSTALL, NEWS, config.h.in, configure, configure.in, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Add --disable-env-reset configure option. + [8a753aa13a46] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document that sudoers_locale also affects logging and email. + [998d6ac11277] + + * NEWS, config.h.in, configure, configure.in, + plugins/sudoers/logging.c: + Do logging and email sending in the locale specified by the + "sudoers_locale" setting ("C" by default). Email send by sudo + includes MIME headers when the sudoers locale is not "C". + [cb7e55408400] + +2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Fix indentation + [65ae7e92b9e4] + +2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, src/parse_args.c, src/sudo.c: + Perform command escaping for "sudo -s" and "sudo -i" after + validating sudoers so the sudoers entries don't need to have all the + backslashes. + [4e168c103f4b] + +2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/logging.c: + Prepend "list " to the command logged when "sudo -l command" is used + to make it clear that the command was listed, not run. + [f392a6056cd6] + + * plugins/sudoers/parse.c: + cosmetic change + [7c0951dbc2dd] + + * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, + common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c, + compat/nanosleep.c, compat/regress/glob/globtest.c, + compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, + compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo_noexec.c, src/tgetpass.c: + standardize on "return foo;" rather than "return(foo);" or "return + (foo);" + [32d76c5aaf8c] + + * plugins/sudoers/sudoers.c: + Do not reject sudoers file just because it is root-writable. + [0febc579185b] + +2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + sync + [1ab03f8278ff] + + * plugins/sudoers/sudo_nss.c: + For "sudo -U user -l" if user is not authorized on the host, say so. + [289afe6dd15c] + + * plugins/sudoers/ldap.c: + In sudo_ldap_lookup(), always do the initial sudoers check as the + invoking user. If we are listing another user's privs we will do a + separate lookup using list_pw later. + [e52bc15de76d] + +2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + add parser fill tests + [4f65140d3515] + + * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Don't test features not supported by the bundled glob() + [8ec7ace11949] + + * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c, + compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in, + doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/ldap.c, plugins/sudoers/match.c, + plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in: + Update copyright year to 2011 + [ac1b45cb1809] + + * plugins/sudoers/sudo_nss.c: + When listing, use separate lbufs for the defaults and the privileges + and only print something if the number of privileges is non-zero. + Fixes extraneous Defaults output for "sudo -U unauthorized_user -l". + [d0854d39f8ef] + + * plugins/sudoers/ldap.c: + Stash pointer to user group vector in LDAP handle and only reuse the + query if it has not changed. We always allocate a new buffer when we + reset the group vector so a simple pointer check is sufficient. + [88861d4eba69] + + * plugins/sudoers/sudo_nss.c: + Check initgroups() return value. + [3bdaf58408a7] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/parser/check_fill.c: + Add tests for the fill functions in toke_util.c + [bca587ab4956] + +2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/regress/iolog_path/check_iolog_path.c: + fix copyright year + [e2038cdaf055] + + * NEWS: + sync + [56ca5d5eaebe] + +2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/term.c: + Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e. + [b91f266624ec] + +2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, sudo.pp: + Add Requires line for audit-libs >= 1.4 for RHEL5+ + [6c02f976171b] + + * pp: + sync with git version + [d301c32d5865] + +2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + fix typo + [39353f92976f] + +2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Update for sudo 1.7.4p5 + [b444da76901f] + + * doc/schema.OpenLDAP, doc/schema.iPlanet: + Add sudoNotBefore and sudoNotAfter attributes as optional attributes + to the sudoRole object class. From Andreas Mueller + [dacfad7e7a95] + +2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS: + Mention "sudo -g group" password check fix. + [1eb8fb14e53b] + + * plugins/sudoers/sudoers.c: + Fix "sudo -g" support in the sudoers module. + [07d1b0ce530e] + + * plugins/sudoers/check.c: + If the user is running sudo as himself but as a different group we + need to prompt for a password. + [caf1fcc9a117] + +2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP + LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla- + derived LDAP SDKs but we can pass the timeout parameter to + ldap_search_ext_s() or ldap_search_st() when possible. + [5537049991f7] + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [5b361c3c4324] + + * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility + with OpenLDAP ldap.conf files. + [e97843bd16fb] + + * plugins/sudoers/pwutil.c: + If user has no supplementary groups, fall back on checking the group + file expliticly. + [5223ad4eb690] + +2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c: + constify + [6e132a4cca61] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.h, + plugins/sudoers/toke.l: + Move fill macro to toke.h + [623d430798cf] + + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c, + plugins/sudoers/toke.h, plugins/sudoers/toke.l, + plugins/sudoers/toke_util.c: + Split tokenizer utility functions out into toke_util.c + [89a97bd51618] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/toke.c, plugins/sudoers/toke.l: + ANSIfy + [ca0eba1dfaa9] + +2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + sync + [a43f94064bb3] + + * plugins/sudoers/Makefile.in: + Add visudo tests to check target + [8c82fb4ed40f] + + * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, + compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files, + compat/regress/glob/globtest.c, compat/regress/glob/globtest.in: + Add my regress tests for fnmatch() and glob() from OpenBSD. + [6e8c1f211723] + + * plugins/sudoers/regress/testsudoers/test1.sh, + plugins/sudoers/regress/visudo/test1.ok, + plugins/sudoers/regress/visudo/test1.sh: + Add regress test for command tags using visudo -c + [18b0ef207c0f] + + * plugins/sudoers/Makefile.in, + plugins/sudoers/regress/testsudoers/test1.ok, + plugins/sudoers/regress/testsudoers/test1.sh: + Add support for regress tests using testsudoers + [1fa94bd2671b] + + * plugins/sudoers/testsudoers.c: + Need to set user_name explicitly due to internal changes made when + converting sudoers to a plugin. + [1fa54e86a364] + +2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/regress/iolog_path/check_iolog_path.c, + plugins/sudoers/regress/iolog_path/data, src/Makefile.in, + zlib/Makefile.in: + Add regression tests for iolog_path() + [afa4b416e559] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Add support for "make Makefile" to regenerate Makefile from + Makefile.in + [98bd2dda3294] + + * plugins/sudoers/iolog_path.c: + Quiest a bogus compiler warning. + [5ff932a7ad67] + +2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog_path.c: + Protect call to setlocale() with HAVE_SETLOCALE + [2c29ee3ccc81] + +2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST: + mkstemps.c was renamed mktemp.c + [ae299c3b1827] + + * NEWS: + Update from 1.7 branch + [20817d79717b] + + * Makefile.in: + Use "mv -f" when regenerating ChangeLog + [c163635206c6] + + * plugins/sudoers/match.c: + Fix NULL dereference with "sudo -g group" when the sudoers rule has + no runas user or group listed. Fixes RedHat bug Bug 667103. + [41a6a1243d9e] + +2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Correct the default sudo.conf example + [4e791698cad1] + +2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog_path.c: + Reset slashp if we allocate a new buffer for strftime() + [e491daa4203b] + + * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add extra out parameter to expand_iolog_path() to allow the caller + to split the path into dir and file components if needed. + [88346bc5ae39] + +2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + mkdir_iopath() returns size_t now that it uses strlcpy() and not + snprintf() + [3c4c64d265eb] + + * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c: + Trim leading slashes from iolog_file and trailing slashes from + iolog_dir + [a803b51f8948] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Pass a single I/O log file name in command_details instead of + separate dir + file parameters. + [d672a3e46e80] + + * plugins/sudoers/sudoreplay.c: + change an error() to errorx() + [8013dcfdd69d] + + * plugins/sudoers/iolog.c: + Add missing cwd line to I/O log info file that got dropped when + iolog_deserialize_info() was added + [7cf84f208423] + +2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Avoid relying on globals filled in by the sudoers policy module for + the sudoers I/O log module. The I/O log open function now pulls the + bits it needs out of user_info and command_info. + [c02f6951b0cc] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If no iolog file is specified by the policy plugin, use io_nextid() + to determine the next file in the sequence. + [faa1130b1020] + +2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document iolog_compress in command_info + [58895c7d12f5] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add support for the iolog_compress variable in command_info. + [36f13a2fd1c1] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Add sigsetjmp() calls to all plugin entry points just to be safe. + [3fa482355bc4] + + * src/sudo.c, src/sudo.h: + Don't need iolog variables in struct command_details, they are for + the I/O log plugins to handle. + [5111579ffd9d] + +2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document use of mkdtemp() for iolog path teplates + [5db6101408a9] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + regen + [1ee11fd6d4eb] + + * doc/sudo_plugin.pod, doc/sudoers.pod: + Document iolog_file and supported escape sequences for sudoers. + Clarify that iolog_file can contain directories. + [da611dedcbdb] + + * compat/Makefile.in, configure, configure.in: + Fix building of mkstemps/mkdtemp replacements. + [793a5e303122] + + * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure, + configure.in, include/missing.h: + Provide mkdtemp() for systems without it. + [b0527dfa965c] + + * plugins/sudoers/iolog_path.c: + Fix typo + [277f6c514cba] + + * plugins/sudoers/iolog.c: + Only use mkdtemp() if the path ends in at least 6 Xs since otherwise + glibc mkdtemp() returns EINVAL. + [2e7323b05579] + + * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c, + plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Allow sudoers to specify the iolog file in addition to the iolog + dir. Add escape sequence support to iolog file and dir: sequence + number, user, group, runas_user, runas_group, hostname and command + in addition to any escape sequence recognized by strftime(3). + [75cd32ee0435] + + * plugins/sudoers/iolog.c: + Add missing sigsetjmp() call in I/O plugin open function. Fixes a + crash when the I/O plugin calls error(), errorx() or log_error(). + [1a6718bd817d] + +2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.pod, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Give the policy module fine-grained control over what the I/O plugin + logs. + [d29784fd2a66] + + * common/term.c: + Clear OPOST from c_oflag like we used to. Fixes screen-based editors + such as vi. + [506ad5ae9b4e] + + * doc/sudoers.pod: + Clarify umask option description. From Reuben Thomas. + [1294ac84222b] + +2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Pick last match in LDAP sudoers too + [fbfd8e85703b] + + * doc/sudo_plugin.pod: + Document iolog_file, iolog_dir and use_pty + [26120a59c20e] + + * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c, + plugins/sudoers/sudoers.c: + Adapt plugins to version I/O logging ABI 1.1 + [880dd64bc1e8] + + * src/exec.c, src/sudo.h: + Add use_pty command_info flag for policies to indicate that a pty + should be allocated even if no I/O logging is performed. + [e7b167f8a6e5] + + * src/sudo.c: + Add remaining plugin convenience functions + [ffeaf96da031] + + * include/sudo_plugin.h, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h: + Change I/O log API to pass in command info to the I/O log open + function. Add iolog_file and iolog_dir parameters to command info. + This allows the policy plugin to specify the I/O log pathname. Add + convenience functions for calling plugin functions that handle ABI + backwards compatibility. + [9b81dce76ce5] + + * compat/dlopen.c: + Remove useless cast + [7cecce969739] + +2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Bump version to 1.8.0b3 + [1dc9f040aae0] + +2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + Remove extraneous newline + [71c94551eea5] + +2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/iolog.c: + Make I/O log dir configurable. + [99b576667a38] + + * aclocal.m4, configure, configure.in, doc/sudoers.pod: + Rename io_logdir to iolog_dir + [0731662acc8d] + +2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Add missing '*' that prevented the generic ELF case from matching. + [be77ca26bfb2] + + * pp: + If file(1) can't identify the ELF binary type, try readelf(1). + [38a18d32a9e3] + +2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c, + plugins/sudoers/env.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, src/sudo.c: + Use %u to print uid/gid, not %lu and adjust casts to match. + [03c43b8749cf] + + * doc/sudoers.ldap.pod: + Clarify ordering of entries and attributes. + [924e2a6bb603] + + * doc/sudoers.ldap.pod: + Fix typo and editing goof. + [79dc7ccd85a8] + + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod: + Merge in ordered LDAP entry support from Andreas Mueller. + [ea5885989bad] + + * plugins/sudoers/ldap.c: + Make sure we don't dereference a NULL handle. + [1a9f9ee15371] + +2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Add support for RHEL 6 file modes that include a trailing dot on + files with an SELinux security context + [dc09be959547] + +2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + exec_setup() does not need to setuid(0), the Ubuntu issue was in the + sudoers module. + [d6dd99fc6062] + + * plugins/sudoers/sudoers.c: + create_admin_success_flag() should use restore_perms() rather than + set_perms() to restore the uid. + [eba7a91c1f57] + + * src/sudo.c: + In exec_setup() call setuid(0) to make certain the subsequent uid + and gid changes will succeed. Fixes a problem on Ubuntu. + [c5d32abf0645] + + * src/sudo_edit.c: + Error out if we cannot change to root's uid so we catch the failure + early. + [7a2e7f8f2c80] + +2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.pod: + fix typo; from Michael T Hunter + [a574a9d0db5b] + + * plugins/sudoers/match.c: + In sudoedit mode, assume command line arguments are paths and pass + FNM_PATHNAME to fnmatch(). + [ce0abff8ce9f] + +2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add workaround for an error in sys/types.h on HP-UX 11.23 when large + file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the + broken bits of the header file. + [e337217f097a] + + * aclocal.m4: + Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM + [fbbcee28961f] + + * sudo.pp: + For Tru64, strip off beta version. + [eeccd762df5e] + + * MANIFEST, plugins/sudoers/testsudoers.c, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h: + Avoid conflicts with system definitions in grp.h and pwd.h + [b219ffe1da09] + + * zlib/gzguts.h: + Include stdio.h after zlib.h, not before. We need the large file + defines to come first. + [21d6df39790f] + +2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: + regen + [3ff8750d0aac] + + * Makefile.in: + Don't clean ChangeLog + [ab0d30d289d4] + + * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Add prototype for cleanup() + [75626fd3769a] + +2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/group_plugin.c: + Avoid deferencing group_plugin if it is NULL in + group_plugin_query(). This should not happen. + [4f2933c8da7e] + + * plugins/sudoers/group_plugin.c: + group plugin init function return TRUE when successful + [198024477030] + +2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Enlarge the array of entry wrappers int blocks of 100 entries to + save on allocation time. From Andreas Mueller + [375c916bb03b] + + * plugins/sudoers/ldap.c: + Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() + that was mistakenly dropped. + [1555f5bc132d] + +2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/TROUBLESHOOTING: + Mention that sudo needs "ar" to build. + [65582ace2d09] + + * configure, configure.in: + Fail with a more useful error if "ar" is not found. + [d1cb83719c17] + +2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Merge in ordered LDAP entry support from Andreas Mueller and add + local changes from the 1.7 branch. + [bca29e461618] + +2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add timed entry support from Andreas Mueller. + [e18d1df46a8d] + + * plugins/sudoers/group_plugin.c: + Don't try to unload if group_plugin is NULL. Don't call dlclose() if + group_handle is NULL + [de2273da37d5] + + * plugins/sudoers/sudoers.h: + It is now plugin_cleanup(), not cleanup() + [da62a4e1a78c] + + * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: + Call plugin_cleanup(), not cleanup() + [e800ad8b33ad] + +2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Use efree() not free() and remove malloc.h include since we never + directly call malloc() or free(). + [107fffd134bb] + +2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + set PSTAMP for Solaris and move the backend-specific bits to their + own %if [xxx] %endif blocks in %set. + [a94ebe8920c1] + + * pp: + sync with git repo + [75ff509696b4] + + * configure, configure.in: + Only substitute file zlib files when using the builtin zlib + [6c8145b2deb4] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, zlib/Makefile.in: + Give up on using VPATH to find sources as it is implemented + inconsistenly in different versions of make. + [60517c69aaee] + + * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, + plugins/sudoers/gram.c, plugins/sudoers/toke.c: + Include config.h before any other includes to make sure we get the + right value for _FILE_OFFSET_BITS. + [8fb007ca832e] + + * MANIFEST: + Add zlib + [04a3e23dfaa9] + + * zlib/Makefile.in: + Add missing targets + [40e45a177168] + + * src/Makefile.in: + g/c unused $(GENERATED) + [c8758068c1bc] + +2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/group_plugin.c: + Zero out group_plugin on unload just to be safe. + [0b10f4d101ca] + + * plugins/sudoers/group_plugin.c: + Unload group plugin if its init function fails. + [6552cdac4b7c] + + * src/sudo.c: + Only chdir to cwd if it is different from the current cwd or there + is a new root (chroot). + [b8203e875e84] + + * configure, configure.in, doc/sudo.cat, doc/sudo.man.in, + doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat, + doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in: + Bump version to 1.8.0b2 + [6dadeb75a878] + +2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Better --enable-zlib description + [e0da54fa59a6] + + * mkpkg: + Use system zlib on Linux Let configure decide on Solaris For all + others, use builtin zlib + [3d52eddb523c] + + * zlib/zconf.h.in: + Add large file support. + [bec01215270d] + + * config.h.in: + Add large file support. + [244e95b034ec] + + * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod, + zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c, + zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c, + zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c, + zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h, + zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h, + zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in, + zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: + Add local copy of zlib for systems that lack it. + [7542ca465c5a] + +2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + If perform_io() fails, kill the child before exiting so it doesn't + complain about connection reset. We can get an I/O error if, for + example, and we get EIO reading from stdin. + [e59a05fa729f] + +2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c: + Fix complilation on systems with set_auth_parameters() Sprinkle + volatile to quiet warnings from gcc 2.8.0 + [a34c2b924ba7] + + * compat/dlfcn.h, compat/dlopen.c: + Avoid potential namespace issues with dlopen() emulation. + [aedfababd6ca] + + * MANIFEST: + sync + [6afb97e6d308] + + * plugins/sudoers/interfaces.c: + Use INADDR_NONE instead of casting -1 to in_addr_t (which may not + exist). + [ddfca5af1a36] + + * Makefile.in: + Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg + [e9d04bfa4505] + + * configure, configure.in: + HP-UX 10.20 libc has an incompatible getline + [2e7bc202e78d] + + * plugins/sudoers/visudo.c: + Quiet an HP-UX compiler warning. + [55b9d587ac8c] + + * configure, configure.in: + Check for vi even with --with-editor specified; the sample plugin + needs it. + [94dfc3643f76] + +2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/dlopen.c: + Fix remaining syntax errors. + [9d729b5b577e] + + * src/Makefile.in: + sudo binary depends on the libtool-generated libs + [9e6148406adb] + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to + include the local or system dlfcn.h + [68cfe4c1089b] + + * pp: + Don't use run_as_superuser=false on HP-UX + [532242370b09] + + * src/net_ifs.c: + Use memset() instead of zero_bytes() since we don't include + sudoers.h + [a187c18c2472] + + * plugins/sudoers/interfaces.c: + Fix pasto; AF_INET not AF_INET6 + [2d2e9d7dc6f9] + + * compat/dlopen.c: + Actually call shl_load() + [ed8153b8a3cd] + + * pp: + Update from git repo. Debian: version numbers now compliant with + policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX + 10.20 + [ecf2692bceeb] + + * configure, configure.in: + Fix dlopen() detection for systems where dlopen() is in a separate + library. + [fa6b175582b6] + + * plugins/sudoers/auth/pam.c: + If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more + useful message and return AUTH_FATAL so sudo does not keep trying to + validate the user. + [1be8857e5291] + + * src/preload.c: + sudo_preload_table is an array + [b7704e72a9da] + + * compat/dlopen.c: + Quiet a compiler warning and fix sudo_preload_table external + definition. + [8234987664cc] + + * compat/dlfcn.h: + Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype. + [8bab6a4053cc] + + * plugins/sudoers/group_plugin.c: + Make this compile correctly when no dlopen is available. + [57643879bd2b] + +2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Having a timestamp file defined is no longer indicative of tty + tickets being enabled. Check def_tty_tickets directly. + [efcc11ad157f] + + * src/exec_pty.c, src/sudo.h, src/ttysize.c: + Fix TCGETWINSZ compat. + [da3a8b17cf7a] + +2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec_pty.c, src/ttysize.c: + Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE + [926492dd10a6] + +2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c: + Move set_project() from sudoers module into sudo proper. + [beabafac03b4] + + * configure, configure.in: + Fix typo and regenerate + [4a3caf4234f3] + + * plugins/sudoers/ldap.c: + When iterating over returned LDAP entries, keep looking at remaining + matches even if we have a positive match. This catches negative + matches that may exist in other entries and more closely match the + sudoers file behavior. + [f47db6e609b0] + + * pp: + Add support for multiple package instances on Solaris. + [7f2a8b942545] + + * src/exec.c: + Add missing signal_pipe[0] to fdsr for the non-pty case. + [79d01e11b19c] + + * mkpkg: + Add --with-project for Solaris + [ffa4c2bb93f7] + + * README: + Need ar and ranlib too + [5c2f679172ef] + +2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Preserve ODMDIR environment variable by default on AIX. + [bd47cb1e804f] + +2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, + config.h.in, configure, configure.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c, + src/preload.c: + Add dlopen() emulation for systems without it. For HP-UX 10, emulate + using shl_load(). For others, link sudoers plugin statically and use + a lookup table to emulate dlsym(). + [e92edfb3c642] + +2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c, + compat/nanosleep.c, compat/utimes.c: + When including compat headers, use the compat dir as part of the + path so we are sure to get the correct header. + [6c2a45da6af5] + +2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/linux_audit.c: + Ignore ECONNREFUSED from audit_log_user_command() which will occur + if auditd is not running. + [d314fe4c8d03] + +2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Sync with git version + [1c0357744222] + +2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/fileops.c, plugins/sudoers/defaults.c: + Cast isblank argument to unsigned char. + [c822dbb3ca54] + +2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c: + Implement --with-umask-override configure flag. + [863e3047df22] + + * plugins/sudoers/env.c: + Take MODE_LOGIN_SHELL into account when initially setting reset_home + instead of special-casing it later. + [5d6b16480fd6] + + * plugins/sudoers/sudoers.c: + In login mode, make a copy of the runas user's pw_shell for + NewArgv[0] because 1) we modify it and 2) it will runas_pw gets + freed before exec. + [1d1ccb568dfa] + + * plugins/sudoers/env.c: + Reset HOME for "sudo -i" even if HOME was listed in env_keep. + [c1c1c65a2d63] + + * src/sudo.c: + Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. + [7443454e5f88] + + * src/sudo.c: + Reset signal mask at sudo startup time; we need to be able to rely + on normal signal delivery to control the child process. + [95800163ff94] + +2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + Use sed instead of expr to split a flag from its argument. Fixes a + problem with expr interpreting its arguments as a flag when they + start with a dash. + [736065e14301] + + * common/lbuf.c: + Do not need sys/time.h after all + [91f6f668ccda] + + * common/lbuf.c: + Include sys/time.h for utimes() and struct timeval. No longer need + ioctl.h or termios.h + [2d75273d3213] + + * compat/snprintf.c: + Quiet bogus compiler warnings. + [fe252e1968f5] + + * include/missing.h: + Declare innetgr() for HP-UX which is missing a declaration. Declare + domainname() for HP-UX and Solaris which are missing a declaration. + [b37c50751138] + + * plugins/sudoers/bsm_audit.c: + Use __sun for consistency with the rest of the sources. + [6b086b61ccb6] + + * plugins/sudoers/group_plugin.c: + Quiet a bogus compiler warning. + [ebc069842c4a] + + * plugins/sudoers/pwutil.c: + Don't try to delref a NULL group. + [f6ff0838be21] + + * common/alloc.c, common/lbuf.c: + Include memory.h on systems that need it. + [4e676da81c6f] + +2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2). + [0532da0b7cf7] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + sudo_plugin is in section 8; from Ted Percival + [b4506a0de87e] + + * plugins/sudoers/Makefile.in: + testsudoers depends on libsudoers.la, not sudoreplay + [cdb1cc3bf06a] + +2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + Read as many signals on the signal pipe as we can before returning. + [b181671da047] + + * src/exec.c, src/exec_pty.c, src/sudo_exec.h: + Instead of using a array to store received signals, open a pipe and + have the signal handler write the signal number to one end and + select() on the other end. This makes it possible to handle signals + similar to I/O without race conditions. + [ee84d65c16b6] + +2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/visudo.pod, plugins/sudoers/visudo.c: + Make "visudo -c -f -" check the standard input. + [195a3d2a9a26] + + * doc/sudoers.pod: + set_home and always_set_home have an effect if HOME is present in + the env_keep list. + [159d0b9dc5c8] + + * plugins/sudoers/env.c: + Make -H flag work when HOME is listed in env_keep. Also makes + "set_home" and "always_set_home" override override HOME in env_keep. + [a3e5b966193f] + +2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/match.c, + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c, src/net_ifs.c: + Convert sudoers plugin to use interface list passed in settings. + [87d9b5f4f586] + + * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c, + src/parse_args.c, src/sudo.h: + Query local network interfaces in the main sudo driver and pass to + the plugin as "network_addrs" in the settings list. + [7f35bcfe77a7] + + * plugins/sudoers/bsm_audit.c: + Solaris BSM audit return EINVAL when auditing is not enabled, + whereas OpenBSM returns ENOSYS. + [411b980ec58b] + +2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/fnmatch.c: + missing.h should come before most local includes + [53921a7b8b5b] + + * plugins/sudoers/sudoreplay.c: + missing.h should come before most local includes + [e9abb0db1aac] + + * plugins/sudoers/sudoers.h: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. + [09de4faa9547] + + * plugins/sudoers/sudoers.c: + Always fill in NewArgv for audit code. + [7c3aca60519f] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. + [007cf6560f92] + + * common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c, + common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, + plugins/sample_group/plugin_test.c, + plugins/sample_group/sample_group.c, plugins/sudoers/audit.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/match.c, + plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h, + src/sudo_noexec.c, src/ttysize.c: + Make local includes consistent; use double quotes for local includes + except for generated ones where we use angle brackets. Also g/c + unused compat.h. + [e57070dc8f04] + +2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/match.c: + When matching the runas user and runas group (-u and -g command line + options), keep track of runas group and runas user matches + separately. Only return a positive match if we have a match for both + runas user and runas group (if specified). + [815219e04cc8] + +2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple URI lines by joining the contents and + passing the result to ldap_initialize. + [a47cae3b72e8] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: + Do not return -1 on error from the display functions; the caller + expects a return value >= 0. + [101456a7dd00] + + * plugins/sudoers/sudoers.c: + Do not set both MODE_EDIT and MODE_RUN + [8faa36694d54] + +2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Move includes to the top of the file. + [a51436798e8c] + +2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Add missing definition of timedir + [458a749c2c5e] + + * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c, + compat/mksiglist.c, compat/strsignal.c, + plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c: + Add #include of sys/types.h for .c files that include missing.h to + be sure that size_t and ssize_t are defined. + [08e3132dbf4f] + + * plugins/sudoers/Makefile.in: + Install sudoers file from the build dir not hte src dir. + [ca89e962dbf4] + +2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/set_perms.c: + If runas_pw changes, reset the stashed runas aux group vector. + Otherwise, if runas_default is set in a per-command Defaults + statement, the command runs with root's aux group vector (i.e. the + one that was used when locating the command). + [24f9107cedd2] + + * plugins/sudoers/Makefile.in: + Add target to generate sudoers file Remove generated sudoers file as + part of distclean + [fb7422e90f03] + +2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/exec.c: + When not logging I/O install a handler for SIGCONT and deliver it to + the command upon resume. Fixes bugzilla #431 + [495dce52a5aa] + +2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.h: + g/c unused auth_pw extern definition + [40eb7477ba17] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c: + Move get_auth() into check.c where it is actually used. + [e31db0ce3a61] + +2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * common/lbuf.c: + Convert a remaining puts() and putchar() to use the output function. + [d69e363a506b] + + * plugins/sudoers/plugin_error.c: + Plug memory leak + [68895469ea8d] + +2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c: + Set dupcheck to TRUE when setting new HOME value if !env_reset but + always_set_home is true. Prevents a duplicate HOME in the + environment (old value plus the new one) introduced in f421f8827340. + [9ca19183794f] + + * configure, configure.in, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.in: + Substitute sysconfdir in the installed sudoers file to get the + correct path for sudoers.d. + [86072b6cd55d] + +2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/get_pty.c: + Fix typo that prevented compilation on Irix; Friedrich Haubensak + [b48be51b65fc] + +2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c, + compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c, + compat/getcwd.c, compat/getgrouplist.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/isblank.c, + compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c, + compat/nanosleep.c, compat/setenv.c, compat/snprintf.c, + compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, + compat/unsetenv.c, compat/utimes.c, include/compat.h, + include/missing.h, plugins/sample/sample_plugin.c, + plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/audit.c, plugins/sudoers/boottime.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c, + src/sudo.h, src/sudo_noexec.c, src/ttysize.c: + Merge compat.h and missing.h into missing.h + [572909ae9716] + +2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + If the user hits ^C while a password is being read, error out before + reading any further passwords in the pam conversation function. + Otherwise, if multiple PAM auth methods are required, the user will + have to hit ^C for each one. + [23782631748c] + +2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Update comment + [a5296cb3a20a] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudo_conv_t function and sudo_printf_t return values. + [745c0017814c] + + * src/conversation.c: + Make _sudo_printf return the number of characters printed on success + like printf(3). + [8eeefe8d7e77] + +2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + sudoers.h includes sudo_plugin.h for us + [cabe68e07807] + + * common/Makefile.in, common/gettime.c, compat/mkstemps.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h, + src/sudo_edit.c: + Use gettimeofday() directly instead of via the gettime() wrapper. + [7490426c99ae] + + * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c, + compat/strerror.c, config.h.in, configure, configure.in, + include/compat.h, include/missing.h, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c: + Remove some obsolete configure tests, ancient Unix systems are no + longer supported. + [2be6218c3a36] + +2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Set pp_kit_version and strip off patch level + [aacfda1b676d] + + * sudo.pp: + Better handling of versions with a patchlevel. For rpm and deb, use + the patchlevel+1 as the release. For AIX, use the patchlevel as the + 4th version number. For the rest, just leave the patchlevel in the + version string. + [638bd35f2346] + +2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sudo_auth.c: + For non-standalone auth methods, stop reading the password if the + user enters ^C at the prompt. + [82c2911bb264] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/pwutil.c: + No need to look up shadow password unless we are doing password- + style authentication. This moves the shadow password lookup to the + auth functions that need it. + [ba9e3eba2b72] + + * plugins/sudoers/sudoers.c: + Retain final passwd/group refs until the policy close() function. + Note that this doesn't get called in all cases so putting this in a + cleanup function is probably better. + [bbe214cb4119] + + * plugins/sudoers/check.c: + Fix mismerge + [395115f89dd6] + + * plugins/sudoers/check.c: + When removing/resetting the timestamp file ignore the tty ticket + contents. + [b709f5667a0b] + + * plugins/sudoers/sudoers.c: + delref sudo_user.pw, runas_pw and runas_gr immediately before we + return. + [4d67d15dfd3b] + +2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/ldap.c, + plugins/sudoers/match.c, plugins/sudoers/pwutil.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Reference count cached passwd and group structs. The cache holds one + reference itself and another is added by sudo_getgr{gid,nam} and + sudo_getpw{uid,nam}. The final ref on the runas and user passwd and + group structs are persistent for now. + [e544685523c3] + + * doc/UPGRADE: + fix typo + [e32f2d35e6c9] + +2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Do not produce a warning for "sudo -k" if the ticket file does not + exist. + [1598f6061b75] + + * plugins/sudoers/pwutil.c: + Instead of caching struct passwd and struct group in the red-black + tree, store a struct cache_item which includes both the key and + datum. This allows us to user the actual name that was looked up as + the key instead of the contents of struct passwd or struct group. + This matters because the name in the database may not match what we + looked up, due either to case folding or truncation (historically at + 8 characters). Also mark the disabled calls to sudo_freepwcache() + and sudo_freegrcache() as broken since we use cached data for things + like set_perms() and the logging functions. Fixing this would + require making a copy of the structs for user and runas or adding a + reference count (better). + [225d4a22f60e] + + * plugins/sudoers/Makefile.in: + Fix path to mkinstalldirs + [b4968379b12d] + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, + src/exec_pty.c, src/get_pty.c, src/tgetpass.c: + Quiet gcc warnings on glibc systems that use warn_unused_result for + write(2) and others. + [c99f138960e0] + +2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add %option noinput + [72b9cd49b4f1] + + * aclocal.m4, configure, configure.in: + Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add + back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when + cross-compiling. + [e385c176d0ee] + +2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in: + Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT + and AC_CHECK_SIZEOF([long int]) instead of rolling our own. + [cf3e60d9c440] + +2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Update to latest version + [32f93be33961] + +2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Let pp determine pp_aix_version itself. + [7cf0245d84ed] + + * INSTALL, config.h.in, configure, configure.in, mkpkg, + plugins/sudoers/sudoers.c: + Add support for Ubuntu admin flag file and enable it when building + Ubuntu packages. + [00e27cff2dfb] + + * plugins/sudoers/sudoers, sudo.pp: + Add commented out SuSE-like targetpw settings + [4605d47b7413] + + * configure, configure.in: + Only try to use +DAportable for non-GCC on hppa + [75d0f284ccf7] + + * configure, configure.in: + Prevent configure from adding the -g flag unless in devel mode + [b1fd3f8d45c0] + +2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pp: + Go back to sudo-flavor to match existing packages and only use an + underscore for those that need it. + [d737069d1e1c] + + * sudo.pp: + Use sudo_$flavor instead of sudo-$flavor since that causes the least + amount of trouble for the various package managers. + [71f547af35fc] + + * mkpkg: + Fix handling of the ldap flavor Remove destdir unless --debug was + specified Make distclean before running configure if there is a + Makefile present + [6316f08de7d3] + + * sudo.pp: + Add back include file. + [195627bf68b8] + + * mkpkg: + Pass extra args on to configure on HP-UX, if we don't have the HP C + compiler, disable zlib to prevent gcc from finding it in + /usr/local/lib. + [473efa0e2bac] + + * mkpkg: + Use the HP ANSI C compiler on HP-UX if possible + [fb249b6b175d] + + * plugins/sudoers/sudoreplay.c: + Some getline() implementations (FreeBSD 8.0) do not ignore the + length pointer when the line pointer is NULL as they should. + [2410a1a3543c] + + * plugins/sudoers/sudoreplay.c: + Don't need to check for *cp being non-zero, isdigit() will do that. + [7df11ea8a487] + + * plugins/sudoers/sudoreplay.c: + Add setlocale() so the command line arguments that use floating + point work in different locales. Since sudo now logs the timing data + in the C locale we must Parse the seconds in the timing file + manually instead of using strtod(). Furthermore, sudo 1.7.3 logged + the number of seconds with the user's locale so if the decimal point + is not '.' try using the locale-specific version. + [4d385765f23b] + + * src/exec.c: + Do I/O logging in the C locale so the floating point numbers in the + timing file are not locale-dependent. + [5961cec044ec] + + * plugins/sudoers/sudoreplay.c: + Use errorx() not error() for thingsthat don't set errno. + [0fe5e692af84] + +2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + Better support for 1.2.3 style versions in Tru64 kits + [997c549bb777] + + * sudo.pp: + Add Tru64 kit support + [e273a954f981] + + * pp: + Remove apparently unnecessary use of sudo + [be8840d85125] + + * Makefile.in, plugins/sudoers/Makefile.in: + Create timedir as part of install-dirs target. + [c736bc2fb14f] + + * src/exec_pty.c: + Handle ENXIO from read/write which can occur when reading/writing a + pty that has gone away. + [fa2e8059879f] + + * plugins/sudoers/pwutil.c: + sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL + [3a045475d5ee] + + * mkpkg: + platform is a pp flag not a variable + [12eba39a47c1] + + * Makefile.in, mkpkg, sudo.pp: + Add simple arg parsing for mkpkg so we can set debug, flavor or + platform. + [ada839fe252d] + + * pp: + Make rpm backend work on AIX 5.x + [549a76d11393] + +2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers: + Add commented out Defaults entry for log_output + [7e67d7588900] + +2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/Makefile.in: + Remove sudo docdir completely + [dce8e82878ef] + + * doc/sample.sudo.conf: + Add sample sudo.conf + [aafdba3fc411] + + * src/Makefile.in: + Pass install-sh -b~ here too. + [c3f5eb446c38] + + * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install binary files with -b~ to make a backup. Fixes "text file + busy" error on HP-UX during install. + [81f306f54f8c] + + * install-sh: + "mv -f" on HP-UX doesn't unlink the destination first so add an + explicit rm before moving the temporary into place. + [fb719a79582d] + + * configure, configure.in: + Some more ${foo} -> $(foo) conversion for consistent Makefiles. + [0aa098770074] + + * doc/Makefile.in, plugins/sudoers/Makefile.in: + Install sudoers2ldif in the doc dir + [33ac3b53d7f5] + +2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * pathnames.h.in: + Add missing include of maillock.h for Solaris + [5a58883be23a] + + * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE, + doc/sample.syslog.conf, doc/sudoers.cat: + Change the default syslog facility from local2 to authpriv (or auth + if the operating system doesn't support authpriv). + [3b70ba514f49] + + * Makefile.in, sudo.pp: + Install sudoers as /etc/sudoers on RPM and debian systems where the + package manager will not replace a user-modified configuration file. + This fixes upgrades from the vendor sudo packages. + [d886b6d60b5b] + + * pp: + RPM: use %config(noreplace) instead of %config for volatile This + results in the new file being installed with a .rpmnew suffix + instead of the file being replaced and the old one renamed with a + .rpmsave suffix. + [58be2119f8e8] + + * plugins/sudoers/Makefile.in: + Add PACKAGE_TARNAME for docdir + [930c92b8f8f0] + +2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/mkstemps.c, plugins/sudoers/boottime.c: + Include time.h for struct timeval + [ddf8b04f0276] + + * src/exec_pty.c: + The return value of strsignal() may be const and should be treated + as const regardless. + [620074ae1e77] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Mention that 127.0.0.1 will not match, nor will localhost unless + that is the actual host name. + [8b574122eb8f] + + * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE: + Rename WHATSNEW -> NEWS + [d1a2c8c47d89] + + * pp: + Updated pp with latest patches + [98e16b9b8f62] + + * WHATSNEW: + Sync with 1.7.4 + [65ac4dafeef7] + + * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/sudoers: + Add commented out line to add HOME to env_keep and add a warning to + the note about the HOME change in UPGRADE. + [0d6a775bb6c8] + +2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c: + Add LINE_MAX define for those without it. + [446d9dbe7859] + + * INSTALL, WHATSNEW, config.h.in, configure, configure.in, + doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/defaults.c: + The tty_tickets option is now on by default. + [a01c48206d80] + + * WHATSNEW: + Mention that AIX authdb support has been fixed. + [87bd7f4eba6a] + + * common/aix.c: + setauthdb() only sets the "old" registry if it was set by a previous + call to setauthdb(). To restore the original value, passing NULL (or + an empty string) to setauthdb() is sufficient. + [470da190a254] + +2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, + doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/env.c: + Reset HOME when env_reset is enabled unless it is in env_keep + [f421f8827340] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The default for set_logname has been "true" for some time now. + [f489da5674c3] + + * plugins/sudoers/boottime.c: + Add missing include of time.h + [624d7014932f] + + * plugins/sudoers/logging.c: + Fix check for dup2() return value. + [140ea2d50d20] + + * plugins/sudoers/env.c: + Add PYTHONUSERBASE to initial_badenv_table + [3149aae5b12c] + + * plugins/sudoers/visudo.c: + Treat an unknown defaults entry as a parse error. + [b3ebad73efb2] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Check return value of setdefs() but don't stop setting defaults if + we hit an unknown one. + [945e752239ab] + + * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, + doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in, + plugins/sudoers/env.c: + If env_reset is enabled, set the MAIL environment variable based on + the target user unless MAIL is explicitly preserved in sudoers. + [a1b03e2e0e96] + +2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * pp: + decode debian code names + [8741280d9960] + + * WHATSNEW: + fix typo + [a8a19451110b] + +2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + Merge with 1.7.4 + [9348fa7e15b8] + + * src/sudo.c: + Restore RLIMIT_NPROC after the uid switch if it appears that + runas_setup() did not do it for us. Fixes a bash script problem on + SuSE with RLIMIT_NPROC set to RLIM_INFINITY. + [786fb272e5fd] + + * INSTALL: + document --with-pam-login + [ea93e4c6873c] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + The tag is NOSETENV, not UNSETENV. From Petr Uzel. + [2ac90d8de36e] + +2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, pp, sudo.pp: + Restore the dot removal in the os version reported by polypkg. Adapt + mkpkg and sudo.pp to the change. + [dcafdd53b88f] + + * sudo.pp: + Include flavor in solaris package name + [e605f6364c9f] + + * mkpkg: + Older shells don't support IFS= so set explictly to space, tab, + newline. + [7773960bc8a0] + + * mkpkg: + Use '=' not '==' in test + [c99d42bc48e6] + + * mkpkg: + Fix typo that prevented debian from matching + [84421078fcb7] + + * mkpkg: + Add missing prefix setting for debian + [6466f23de4aa] + + * sudo.pp: + Use tab indents to reduce the chance of problem with <<- Fix the + debian %set section, pp does not set pp_deb_distro Uncomment %sudo + line in sudoers for debian Uncomment some env_keep lines for RHEL, + SLES and debian to more closely match the vendor sudoers files. Add + /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on + debian for ldap flavor + [c5b49feb1a0c] + + * plugins/sudoers/sudoers: + Add commented out env_keep entries, sample Aliases and a %sudo line + for debian. + [387719e52d0f] + + * configure, configure.in: + Move zlib check later on in the script to avoid a strange shell + problem on SLES11. + [1a3153bb1291] + + * configure.in: + Remove check for egrep; configure has its own + [a3b9d98cb5d2] + +2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg: + Enable zlib for linux distros + [8fa51a1405a4] + + * mkpkg: + Add ldap flavor to default build + [97644f5a555f] + + * mkpkg, sudo.pp: + Simplify rpm linux distro settings + [b9dcf10cdf20] + + * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat: + Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo. + [2c549c1acde9] + + * Makefile.in: + Fix ChangeLog creation from build dir + [3d0c7904f173] + + * plugins/sudoers/sudoers.c: + Handle getcwd() failure. + [aef7bef87394] + + * doc/Makefile.in, mkpkg, sudo.pp: + Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR + environment variable. + [be6ed611b7a8] + + * sudo.pp: + Create sudo group on debian + [6ed6c032042e] + + * mkpkg, sudo.pp: + Add debian 4/5/6 and use the dot when doing version matches + [6bcb664d1f4f] + + * aclocal.m4, configure: + Use a loop when searching for mv, sendmail and sh + [d5e9369f8d13] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Remove spurious "and"; from debian + [a21e6f7c5b99] + + * aclocal.m4, configure, configure.in, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat, + doc/visudo.man.in, doc/visudo.pod: + Substitute the value of EDITOR into the sudoers and visudo manuals. + [cd79e587dd7f] + +2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkpkg, pp, sudo.pp: + Initial support for debian 4.0 + [ac6707915fa8] + + * mkpkg: + Some platforms need -fPIE instead of -fpie + [fd6be19e5bc2] + + * plugins/sudoers/auth/pam.c: + Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. + On Linux it causes a DNS lookup via libaudit. + [1e10105ade5b] + + * MANIFEST: + Update MANIFEST to match packaging changes + [ef86ee557b5b] + + * sudo.psf: + We now use pp to generate HP-UX packages + [f7aa8da7844e] + + * INSTALL.binary, plugins/sudoers/Makefile.binary.in: + Remove vestiges of old binary package bits. + [afffd005452f] + + * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + install-man -> install-doc + [99b5fa05567c] + + * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg, + plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp: + Use http://rc.quest.com/topics/polypkg/ for packaging + [5ca8eb75b223] + + * install-sh: + Just ignore the -c option, it is the default Add support for -d + option + [a8b6b0a131e8] + +2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c: + Use _PATH_STDPATH instead of _PATH_DEFPATH + [137fa911908e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Do not strip binaries. + [20166e287176] + + * INSTALL, configure, configure.in: + Add --insults=disabled configure option to allow people to build in + insult support but have the insults disabled unless explicitly + enabled in sudoers. + [523b8c552e90] + + * compat/mkstemps.c: + Add prototype for gettime() + [275eee40473b] + + * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c, + plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for a sudo-i pam.d file to be used for "sudo -i". + Adapted from a RedHat patch. + [06d34f16520b] + +2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Fix mkstemps() prototype + [2421841e815b] + + * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c, + config.h.in, configure, configure.in, include/missing.h, + src/sudo_edit.c: + Use mkstemps() instead of mkstemp() in sudoedit. This allows + sudoedit to preserve the file extension (if any) which may be used + by the editor (like emacs) to choose the editing mode. + [d33172d2c086] + +2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + plugins/sudoers/ldap.c: + TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses + TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client + code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you + should avoid disabling TLS_CHECKPEER is possible. + [196622436212] + +2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Make sudo_plugin format a bit more like a man page + [048d596e32da] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Add suport for negated user/host/command lists in a Defaults entry. + E.g. Defaults:!baduser noexec + [d41112cf0342] + + * Makefile.in, common/Makefile.in, compat/Makefile.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Add uninstall target + [fea66ebf136a] + + * common/Makefile.in, compat/Makefile.in: + Remove unused AR, SED and RANLIB variables + [2ff9928bfdb3] + + * Makefile.in: + Do not install sample plugins + [5443b87bd1c3] + +2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure, + configure.in, plugins/sudoers/env.c: + Now that sudoers is a dynamically loaded module we cannot override + the libc environment functions because the symbols may already have + been resolved via libc. Remove getenv/putenv/setenv/unsetenv + replacements from sudoers and add replacements for setenv/unsetenv + for systems that lack them. + [3f2b43cb8851] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Link testsudoers with -ldl when needed + [f79606f9fcd7] + + * plugins/sample_group/plugin_test.c: + Remove unused time.h and add limits.h for PATH_MAX + [3f5d0074d621] + + * doc/sudoers.ldap.pod: + Fix typo. + [bc855fd57397] + +2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sample_group/plugin_test.c: + Do not depend on strlcpy/strlcat + [6e7e2b5af051] + + * plugins/sample_group/plugin_test.c: + Standalone test driver for sudoers group plugin. + [eb1235fc3b8e] + +2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/group_plugin.c, src/load_plugins.c: + Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging + aid. + [2a34e616229b] + + * plugins/sample_group/sample_group.c: + Fix style nit in function declarations + [ab87c7c76bf9] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Document group_plugin syntax. + [ed1faf72ddcb] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document the sudoers group plugin. + [f19a62dc8cfc] + + * INSTALL, MANIFEST, Makefile.in, config.h.in, configure, + configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h, + plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c, + plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c, + plugins/sudoers/match.c, plugins/sudoers/nonunix.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c: + Replace built-in non-unix group support with a sudoers group plugin. + Include a sample plugin that can read Unix-format group files. + [8fc58ce0b1a8] + + * configure, configure.in, src/load_plugins.c: + Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage. + [5c491dddb8ef] + +2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.man.in, doc/sudoers.pod: + Move sudoers-specific bits out of sudo(8) and into sudoers(5) + [e8a5a5830cfe] + + * aclocal.m4, configure, configure.in: + Substitute @io_logdir@ for the sudoers I/O log directory. + [21a75ca7b0ab] + +2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, + common/atobool.c, common/fileops.c, common/fmt_string.c, + common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c, + compat/getgrouplist.c, compat/getline.c, compat/glob.c, + compat/snprintf.c, config.h.in, configure, configure.in, + include/fileops.h, plugins/sample/sample_plugin.c, + plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, + plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, + plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, + plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, + plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, + plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, + plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, + src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c, + src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c, + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Set usrinfo for AIX Set adminstrative domain for the process when + looking up user's password or group info and when preparing for + execve(). Include strings.h even if string.h exists since they may + define different things. Fixes warnings on AIX and others. + [cf8b93e872c9] + + * Makefile.in: + Add a separate all target for AIX make which was using the entire + LHS (not just the first entry) of the first target as the implicit + target. + [a45b980a01ef] + + * plugins/sudoers/env.c: + Do not rely on env.env_len when unsetting a variable, just use the + NULL terminator. + [ca6eb239c829] + + * plugins/sudoers/env.c: + In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008 + [7046ba7caa4e] + +2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/vasgroups.c: + Use warningx() instead of log_error() since the latter is not + available to visudo or testsudoers. This does mean that they don't + end up in syslog. + [152b7c50f426] + + * plugins/sudoers/sudoers.c: + Defer call to sudo_nonunix_groupcheck_cleanup() until after we have + closed the sudoers sources. From Quest sudo. + [c1cd573bab94] + + * plugins/sudoers/pwutil.c: + Ignore case when matching user/group names in the cache. From Quest + sudo. + [2aa4ecc7d7f5] + +2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, src/selinux.c: + Add check for setkeycreatecon() when --with-selinux is specified. + [affae247b4e0] + + * configure, configure.in: + Error out if libaudit.h is missing or ununable when --with-linux- + audit was specified + [d82e743fac04] + + * doc/HISTORY, doc/history.pod: + Add =head3 entries, mostly for the html version + [ee93112d0308] + +2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/HISTORY, doc/history.pod: + Mention when LDAP was incorporate. + [2923dc17f79c] + +2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is + not covered by _ALL_SOURCE. + [c92fd69809d0] + +2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Add a cast to quiet a compiler warning. + [a200e07ee1bc] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [c9acfc927cea] + + * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c: + Call set_fqdn() after sudoers has parsed instead of inline as a + callback. + [5f4e5d075f2d] + + * WHATSNEW, plugins/sudoers/sudoers.c: + Do not call set_fqdn() until sudoers parses (where is gets run as a + callback). + [09040fca6d40] + + * WHATSNEW: + mention the change in tty ticket behavior when there is no tty + [575a1fd98f05] + + * plugins/sudoers/check.c: + Do not update tty ticket if there is no tty. + [63f9c33ce6a7] + + * doc/LICENSE, doc/license.pod: + Update copyright year + [0722ab5d404b] + + * doc/Makefile.in: + Do not rely on BSD make's $> + [936a86398bd9] + + * configure, configure.in: + Set timedir to /var/db/sudo for darwin to match Apple sudo's + location + [d5b9b03096f1] + +2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.h: + Add stub declarations for struct stat and struct timeval + [f6d90551a4fd] + + * MANIFEST: + Remove compat/sigaction.c + [d0ed6d9a770e] + + * config.h.in, configure, configure.in, plugins/sudoers/defaults.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Check for zlib.h in addition to libz. + [6e191b4a6065] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h, + src/sudo_exec.h: + Move functions and symbols shared between exec.c and exec_pty.c into + sudo_exec.h. + [14ae63403544] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [3cf7e5606a85] + + * doc/Makefile.in: + Comment out rules to build .man.in and .cat files unless --with- + devel + [d30495b0e29e] + + * src/parse_args.c: + Quote any non-alphanumeric characters other than '_' or '-' when + passing a command to be run via the shell for the -s and -i options. + [d633f74fe2d9] + + * doc/Makefile.in: + Add back .man suffix + [6e63b60a2739] + + * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in, + plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c, + plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, + src/selinux.c: + Add Linux audit support. + [5a2f445e0bd4] + +2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Remove an XXX + [a170cbe651d1] + + * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + plugins/sudoers/sudoreplay.c: + Add -f (filter) option to sudoreplay to allow certain streams to be + replayed and others ignored. + [62e51b432ea1] + + * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h, + src/tgetpass.c: + Fix -A flag when askpass is specified in sudo.conf or if sudo + doesn't need to read a password. + [2e401e4a00e3] + + * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c, src/tgetpass.c: + Clean up some XXXs + [689f0b002d3d] + + * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: + Add support for multiple sudoers_base entries in ldap.conf. From + Joachim Henke + [e3e4a3c2bd5b] + + * config.h.in, configure, configure.in, plugins/sudoers/logging.c, + src/exec_pty.c: + remove setsid check, we require a POSIX system + [cc73cb9e22c0] + + * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c, + src/sudo.c, src/tgetpass.c: + Check for dup2() failure. + [5d46d66794f5] + + * config.h.in, configure, configure.in: + Remove dup2() check, it is not optional. + [5f1d56de4384] + +2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + sync with sudo 1.7.3 + [88e5c0bd6d59] + + * INSTALL: + SunOS does not ship with an ANSI compiler + [f13c85c67069] + + * INSTALL: + Update OS specific notes. Delete some really ancient ones and move + older ones to the end of the list. + [59ce592c4c52] + + * README: + Sudo can be downloaded from the web site too Mention "OS dependent + notes" section in INSTALL + [191871538984] + + * src/exec_pty.c, src/selinux.c: + Call selinux_restore_tty() as part of cleanup() so it gets called + from error()/errorx() + [bb017da6b6da] + + * MANIFEST, doc/PORTING: + Remove obsolete porting guide + [321e35591344] + + * plugins/sudoers/interfaces.h, plugins/sudoers/match.c: + Move union sudo_in_addr_un into interfaces.h + [b2c8b19ee094] + + * doc/Makefile.in: + Remove useless circular dependencies + [5682181b59cf] + + * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c: + Convert to ANSI C function declarations + [a4f76927d034] + + * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c, + common/zero_bytes.c, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c, + compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/timespec.h, compat/utime.h, + compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod, + include/alloc.h, include/error.h, include/lbuf.h, include/list.h, + include/missing.h, pathnames.h.in, plugins/sudoers/alias.c, + plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c, + plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c, + src/conversation.c, src/error.c, src/load_plugins.c, + src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c: + Update copyright year + [26ac7991f7d8] + + * doc/Makefile.in: + Fix commented DEVDOCS when not in devel mode. + [e0a97eaf3793] + + * plugins/sudoers/match.c: + Quiet a compiler warning. + [b2a17ebd5d38] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: + Quiet a compiler warning. + [687843bc593d] + + * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h: + Make all functions in ldap.c static + [b2111e89eeba] + + * doc/schema.ActiveDirectory: + Updates from Alain Roy to provide better examples for importing the + schema and to fix problems caused by Windows validating attributes + which have not yet been added before committing the changes. + [69f4c5ccaf89] + +2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, doc/Makefile.in, doc/sudo.cat, + doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, + doc/visudo.cat, doc/visudo.man.in: + Leave rules to build .man.in and .cat files uncommented but only + make them part of the "all" rule in devel mode. Generate .cat files + directly from .man.in instead of .man using default values in + configure.in + [c3054a44f6a5] + + * configure, configure.in: + Bump sudo version to 1.8.0b1 + [8f79c85135e1] + + * configure, configure.in, src/sudo.c, src/sudo_usage.h.in: + Print configure args with verbose version information. + [1ce690660ed2] + + * TODO, plugins/sudoers/visudo.c: + Remove tfd from struct sudoersfile; it is not used. Add prev pointer + to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE. + Use tq_append to append sudoers entries to the tail queue. + [1743f9a286e4] + +2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + Describe tty timestamp improvements + [e214e863a313] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + A comment character may not be part of a command line argument + unless it is quoted with a backslash. Fixes parsing of: testuser + ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 + [ea2e990f85ed] + + * doc/sudoers.pod: + Make this read a little bit better when passwd_timeout is 0. + [39d362757f31] + + * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod: + Attempt to handle a default password prompt timeout of zero more + gracefully. + [ea47d43acf5b] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + Do not override value of keepopen global, instead restore it to the + value we pushed onto the stack when popping. + [fe282e5a3402] + + * plugins/sudoers/Makefile.in: + Add dependency for utility programs on libreplace and libcommon + [2339aba64928] + + * compat/sigaction.c, config.h.in, configure.in, include/compat.h, + plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Remove sigaction emulation Use SA_INTERRUPT in sa_flags + [7dd61f1bd8d2] + + * MANIFEST, config.h.in, configure, configure.in, include/missing.h: + We don't use getgrouplist() at the moment so there's no need to + provide a compat version. + [1597536fbada] + + * TODO: + sync with reality + [9e1a874e7885] + + * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Fix visiblepw sudoers option; the plugin API portion still needs + documenting + [60b6933ef5e0] + + * src/sudo.c: + Print sudo version as well. + [987ed459b459] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Use sudo_printf for I/O log version Clarify policy plugin version + string + [5a58b7e8c80b] + + * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c: + Silence some compiler warnings + [afb1eba90915] + + * src/load_plugins.c, src/tgetpass.c: + Store askpass path in a global instead of uses setenv() which many + systems lack. + [b440bcc0e660] + +2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/check.c, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c, + src/tgetpass.c: + Move askpass path specification from sudoers to sudo.conf. + [5507ab867c26] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Use a flag bit in struct command_details for selinux instead of a + separate field. + [c59ca4acded9] + + * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h: + Implement background mode. If I/O logging we use pipes instead of a + pty. + [c07a4b356cbd] + + * compat/mksiglist.c, compat/strsignal.c, include/compat.h, + src/exec.c, src/exec_pty.c, src/tgetpass.c: + Move compat definition of NSIG to compat.h + [ab0385467f25] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention plugins in the sudo manual and add some missing path + substitution in the sudo_plugin manual. + [570f831f47a3] + + * src/Makefile.in: + Set _PATH_SUDO_CONF based on $(sysconfdir) + [fde51869cf07] + + * common/lbuf.c, common/term.c, config.h.in, configure, configure.in, + src/exec.c, src/exec_pty.c, src/ttysize.c: + Require POSIX termios to build sudo + [9ec6b41f3f95] + + * src/tgetpass.c: + Ignore SIGPIPE for "sudo -S" + [7ad27fde0c06] + + * src/tgetpass.c: + Fix uninitialized variable in TGP_ECHO case and print a newline if + the user interrupted password input. + [ce19204d8dd4] + + * src/tgetpass.c: + Make TGP_ECHO override TGP_MASK and don't try to restore the + terminal if we didn't modify it. + [a7e11abfe7e4] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, + src/conversation.c, src/sudo.h, src/tgetpass.c: + Add SUDO_CONV_PROMPT_MASK define which corresponds to the + "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set. + [e0550590cabe] + + * src/exec_pty.c: + Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl + [762448182fe3] + + * src/exec_pty.c: + Remove commented out copy of old sudo_execve() function. + [9c5e21380472] + +2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/compat.h: + No longer need NGROUPS_MAX define + [cae4c49d7077] + + * compat/nanosleep.c, config.h.in, configure, configure.in, + include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c, + plugins/sudoers/visudo.c, src/sudo_edit.c: + Replace timerfoo macros with timevalfoo since the timer macros are + known to be busted on some systems. + [4f97d79f2d41] + + * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h: + Add selinux_enabled flag into struct command_details and set it in + command_info_to_details(). Return an error from selinux_setup() + instead of exiting. Call selinux_setup() from exec_setup(). + [011bea23a5a0] + + * plugins/sudoers/sudoers.c: + Fix setting selinux type on command line. + [814b20a0b3be] + + * plugins/sudoers/iolog.c: + In sudoers_io_close(), skip NULL io_fds[] elements. + [4011ff7d4daf] + + * plugins/sudoers/auth/pam.c: + If pam_open_session() fails, pass its status to pam_end. + [1d8de4cf8ff3] + + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: + If a file in a #includedir has improper permissions or owner just + skip it. This prevents packages that incorrectly install a file into + /etc/sudoers.d from breaking sudo so easily. Syntax errors in + #includedir files still result in a parse error (for now). + [ade99a4549a4] + + * src/exec_pty.c: + Remove duplicate call to selinux_setup(). + [82bd52764e21] + + * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/iolog.c: + Add use_pty sudoers option to force use of a pty even when not + logging I/O. + [b280a8972a79] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Make env_init() void as it never fails. + [d3890e55daa7] + + * plugins/sudoers/env.c: + No longer use _NSGetEnviron so don't need crt_externs.h + [9b4e0e139881] + + * plugins/sudoers/env.c: + Remove unused VNULL define + [a42cacb263e3] + +2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Add #define for maximum session id + [9e18c17a28c2] + + * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h: + Split exec.c into exec.c and exec_pty.c + [d52376327332] + + * MANIFEST: + Sync with source file moves. + [4a62c6c9e846] + + * src/Makefile.in, src/get_pty.c, src/pty.c: + Rename pty.c -> get_pty.c + [5696a12bd29b] + +2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Only use I/O input log file if def_log_input is set and output file + if def_log_output is set. + [d866992f1681] + +2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/strsignal.c: + Update copyright year + [a96f2593fd4e] + + * src/pty.c: + uid -> ttyuid + [c3454d74ebcb] + + * plugins/sudoers/sudoers.c: + For sudoedit, make a local copy of editor string si become part of + argv. If no editor environment variable, split def_editor on ':' + since it may be a colon-delimited path. + [2ee298506a6e] + + * src/sudo_edit.c: + Remove unneeded endpwent()/endgrent() + [623f6743d101] + + * doc/Makefile.in: + Use value of nroff from configure + [b2ce649125ab] + + * src/exec.c: + Add missing const to I/O log action function + [d764a3955e04] + + * plugins/sudoers/check.c: + Update copyright year and fix whitespace + [e648c35b16be] + + * configure, configure.in: + Fix typo + [8e0bdfc47da4] + + * plugins/sudoers/iolog.c: + Remove redundant tty signal blocking in log function. + [f17f575dabd4] + +2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Place static keyword where it belongs + [b01aec7c86b4] + + * plugins/sudoers/logging.c: + Always use a printf format string for send_mail() + [13b1ada644c9] + + * common/atobool.c, plugins/sudoers/ldap.c: + Extend atobool() so we can use it in the LDAP code. + [73f8e6807044] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Sudo now stashes tty ctime for tty_tickets on Solaris too. + [e82df13ad3fd] + + * plugins/sudoers/boottime.c: + Fix dummy version of get_boottime() + [01d69c06013b] + +2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Enable tty_is_devpts() support for Solaris with the "devices" + filesystem. + [237c6b25fa84] + + * src/exec.c: + Unbreak the non-io logging case. + [4822b9f709fb] + + * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Fix symbol name conflict with sudo_printf. + [0d44eab0a8f6] + + * plugins/sudoers/auth/pam.c: + Fix OpenPAM detection for newer versions. + [1b2abed232d8] + + * plugins/sudoers/vasgroups.c: + Sync with Quest sudo git repo + [f1d98b3cba02] + + * aclocal.m4, configure, configure.in: + HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check + Add missing template for ENV_DEBUG Adapted from Quest sudo + [695dbd7b28f4] + + * README.LDAP: + Fix typos; from Quest Sudo + [4eba9da33b8e] + +2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Add back -I$(top_srcdir); we need it for including compat/foo.h + since we cannot rely on "foo.h" being found relative to the source + file when the cwd is different. + [bbf24695f325] + + * src/exec.c: + Fix a bug where we could treat EAGAIN as a permanent error. Also set + cstat if perform_io() returns an error. + [200475c4326f] + + * common/alloc.c, plugins/sudoers/boottime.c, + plugins/sudoers/sudoers.c: + Add casts to quiet compiler warnings. + [85eb1c336697] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Fix typo in ternary operator usage. + [6492ac1450e2] + +2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in: + Add --enable-warnings and fix typo in SUDO_IO_LOGDIR + [92121d693b30] + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: + Update docs to match sudoers I/O logging changes + [18d651989e49] + + * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in, + pathnames.h.in, plugins/sudoers/def_data.c, + plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, + plugins/sudoers/defaults.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.h, plugins/sudoers/gram.y, + plugins/sudoers/iolog.c, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c: + Break sudoers transcript feature up into log_input and log_output. + [db3c1248d2ad] + + * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/visudo.c: + Use setprogname() as needed. + [6beee63a4553] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c: + Adapt sudoreplay to iolog changes. + [581f52c05f0f] + +2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/iolog.c: + Log all input and output into separate files and store a number on + each timing file line to indicate which file the data is in. + [fb460c5273dd] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Make sudoers_io functions static to iolog.c + [b2df3cc3eecb] + +2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c, + src/sudo_usage.h.in: + Completely remove the -L flag from the sudo front end. + [3d220030b720] + + * plugins/sudoers/sudoreplay.c: + Fix EAGAIN handling when writing to stdout. + [4766d77cea49] + + * plugins/sudoers/sudoers.c: + Eliminate unused variables + [83bd711e79c4] + + * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c: + Re-enable cleanup functions in sudoers plugin and sudo driver for + error()/errorx(). + [43093f937dd8] + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, + plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, + plugins/sudoers/parse.c, plugins/sudoers/sudoers.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: + Use sudo_printf to display verbose version information. + [435cc9f8d4a2] + + * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Minor Makefile cleanup: fix a typo, change the removal order in the + clean targets, and remove a superfluous include path for the sudoers + plugin. + [6e3b2d6b4437] + + * plugins/sudoers/env.c: + Handle duplicate variables in the environment. For unsetenv(), keep + looking even after remove the first instance. For sudo_putenv(), + check for and remove dupes after we replace an existing value. + [c1bbb88d0435] + +2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Use explicit path to source file instead of $< for files that live + in devdir and top_srcdir. + [358ab7f6cc64] + + * plugins/sudoers/Makefile.in: + Add explicit rules to compile gram.c and toke.c for HP-UX Pevent + ending LIBSUDOERS_OBJS with a backslash + [481a5c96d47e] + + * plugins/sudoers/Makefile.in, src/Makefile.in: + Link libcommon before libreplace since libcommon may use functions + only present in libreplace. + [1847c496ff5b] + + * common/Makefile.in: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [4c8986352937] + + * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c, + common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c, + common/term.c, common/zero_bytes.c, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c, + src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c, + src/zero_bytes.c: + Move code common to sudo and the sudoers plugin to a convenience + library, libcommon. Removes the need to make links in the sudoers + plugin dir and reduces re-compilation of duplicate object files. + [1d1d98bd55b9] + + * src/exec.c, src/sudo.c, src/sudo.h: + Rename script_execve to sudo_execve and rename script_foo in exec.c + [a35ec80de96a] + + * MANIFEST, src/Makefile.in, src/exec.c, src/script.c: + rename script.c exec.c and fix up the MANIFEST file + [36bc3bff9578] + + * src/script.c, src/sudo.c, src/sudo.h: + Rename script_setup() to pty_setup() and call from script_execve() + directly. + [899b0fb2a14d] + + * configure, configure.in: + bump version to 1.8.0a2 + [0b1c1ca9d4e5] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document init_session + [b5324785a406] + + * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h: + Clean up the sudoers auth API a bit and update the docs. + [c40fd4cb6e68] + + * include/sudo_plugin.h, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, src/script.c, src/sudo.c: + Add init_session function to struct policy_plugin that gets called + before the uid/gid/etc changes. A struct passwd pointer is passed + in,which may be NULL if the user does not exist in the passwd + database.The sudoers module uses init_session to open the pam + session as needed. + [d71723320ee8] + +2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Add open/close session to sudo auth, only used by PAM. This allows + us to open (and close) the PAM session from sudoers. + [2665e2920d0d] + + * plugins/sudoers/Makefile.in: + Add explicit rule to build getdate.o for HP-UX make. + [7f049e989956] + + * plugins/sudoers/Makefile.in: + Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c + rules as an alternate way to prevent HP-UX make (and others) from + trying to rebuild the parser in non-dev mode. + [f84badad98c5] + + * plugins/sudoers/sudoers.c: + Re-enable PATH_MAX check for command + [40d8a50da136] + + * Makefile.in: + For distclean, clean the main directory last since the subdirs need + to be able to run libtool to clean things. + [8949a9861634] + + * compat/Makefile.in: + Fix generation of mksiglist.h + [b7cdc9b36650] + + * src/script.c: + Now that we defer sending cstat until the end of script_child() we + cannot reuse cstat when reading command status from parent. + [25c882643466] + +2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl, + doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat, + doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: + Use numeric registers to handle conditionals instead of trying to do + it all with text processing. + [478079c3fd4b] + + * doc/sudoers.pod: + Document per-command SELinux settings + [13840d566805] + + * plugins/sudoers/sudoers.c: + Repair "sudo -l -U username" + [10a0dcdf2ddf] + + * plugins/sudoers/sudoers.c: + Set selinux role and type in command details. + [8ae6d35a126d] + + * src/script.c, src/selinux.c, src/sudo.h: + Rework SELinux support. + [83279cc94bf2] + +2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c, src/selinux.c, src/sudo.h: + Make SELinux support compile again. Needs more work to be complete. + [3d3addebcf82] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c, + src/sudo.h: + Bring back closefrom settings. + [b1c6257d4bbb] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + If running a command or sudoedit in transcript mode, call + io_nextid() before log_allowed() so the session id is logged. + [c42f3ae40150] + + * configure, configure.in: + Use mandoc(1) if nroff(1) is not present. + [daad4bbd04af] + + * doc/Makefile.in: + Use the --file argument to config.status instead of setting + CONFIG_FILES in the environment. + [c89411a8bf70] + + * plugins/sudoers/Makefile.in: + We cannot conditionally update gram.h or the dependency ordering + gets messed up in devel mode. + [c938953231d9] + +2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Substitute @SHELL@ into Makefiles + [36aa6a095335] + + * config.sub: + Fix typo + [16d294d26b58] + + * config.guess, config.sub, configure, configure.in: + Update to autoconf 2.65 + [4fa6ea8caea3] + + * Makefile.in: + Fix libtool target (space vs. tabs) + [755cf3892618] + + * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c: + Remove use of RETSIGTYPE; all modern systems have signal handlers + that return void. + [42b4e3aee668] + + * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in, + ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4, + m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Update to libtool-2.2.6b. I haven't made any local modifications + this time, which should be OK since we install sudo_noexec.so by + hand now. + [6f79ced593bb] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Use libtool to clean objects + [1581057d6472] + + * include/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [aaaeb027d774] + + * configure, configure.in: + regen with autoupdate to eliminate AC_TRY_LINK + [5d5541c230f5] + + * Makefile.in, compat/Makefile.in, configure, configure.in, + doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Install sudo_plugin.h as part of "make install" and make other + install targets callable from the top-level Makefile + [b258b8401b1c] + + * plugins/sample/sample_plugin.c: + The sample plugin doesn't support being run with no args so return a + usage error in this case. + [473b3cf965be] + + * plugins/sudoers/iolog.c: + Set close on exec flag for descriptors used for I/O logging so they + are not present in the command being run. + [2c7e8708df76] + + * plugins/sudoers/tsgetgrpw.c: + Set close on exec flag in private versions of setpwent() and + setgrent(). + [64fef78cb833] + + * src/script.c: + Close the I/O pipes aftering dup2()ing them to std{in,out,err}. + Fixes extra fds being present in the command when it is part of a + pipeline. + [060451617713] + + * plugins/sudoers/sudoers.c: + Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it + is used when logging). Note that user_ttypath will still be NULL if + there is no tty. + [31b69a6ecda7] + + * src/script.c, src/sudo.h: + Cosmetic changes: add comments, remove orphaned prototype and make a + global static. + [f7851af0143e] + +2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Move check for maxfd == -1 to flush_output where it belongs. + [b826a95b4491] + + * src/script.c: + Break out of select loop if all the fds we want to select on are -1. + [f5b387024238] + + * src/sudo.c: + Avoid possible malloc(0) if plugin returns an empty groups list. + [9765a8fe5ce7] + + * src/sudo.c: + Add debugging info when calling plugin close function + [95a273c7ff66] + + * src/script.c: + Avoid closing stdin/stdout/stderr when we are piping output. + [330e76423caf] + + * src/script.c: + When execve() of the command fails, it is possible to receive + SIGCHLD before we've read the error status from the pipe. Re-order + things such that we send the final status at the very end and prefer + error status over wait status. + [b0dcf825244f] + +2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sudo_auth.c: + Fix compilation for non PAM/BSD auth/AIX auth + [e382b39d2e4f] + +2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Additional checks to make sure we don't close /dev/tty by mistake. + When flushing, sleep in select as long as we have buffers that need + to be written out. + [8139cbd3dd54] + + * src/script.c: + Now that we can use pipes for stdin/stdout/stderr there is no longer + a need to error out when there is no tty. We just need to make sure + we don't try to use the tty fd if it is -1. + [666621635d26] + +2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c: + Add argc and argv to I/O logger open function. + [0d7faa007d27] + + * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c, src/sudo_edit.c: + Remove check_sudoedit function pointer in struct sudo_policy. + Instead, sudo will set sudoedit=true in the settings array. The + plugin should check for this and modify argv_out as appropriate in + check_policy. + [c0328e3276b8] + +2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, + src/sudo_edit.c: + If plugin sets "sudoedit=true" in the command info, enable sudoedit + mode even if not invoked as sudoedit. This allows a plugin to enable + sudoedit when the user runs an editor. + [96d67b99e42e] + +2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + gram.h must not depend on gram.y if we want to avoid unnecessary + rebuilding of targets dependent on gram.h when gram.y changes. + [9db4b767fdca] + + * plugins/sample/sample_plugin.c: + Refactor common bits of check_policy and check_edit + [ac4d366a04cf] + + * plugins/sample/sample_plugin.c: + Add sudoedit support + [a1a6cc4c0cef] + +2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in: + Rely more on VPATH; fixes a dependency issue with the parser. + [45e406ebdea2] + + * include/compat.h: + Fix typo introduced in last commit + [3ccb0f853d11] + + * include/compat.h: + Emulate seteuid using setreuid() or setresuid() as needed. There are + still a few places that call seteuid() directly. + [36e8efa3a99d] + + * src/parse_args.c, src/sudo_edit.c: + Attempt to fix building on systems that only have setuid. + [8e9ba4083318] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Clarify sudoedit a tad. + [d39dfaa14ade] + +2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo_edit.c: + Fix compilation on HP-UX + [f6e47843d139] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document sudoedit + [4cbf5196d993] + + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: + Change how we handle the sudoedit argv. We now require that there be + a "--" in argv to separate the editor and any command line arguments + from the files to be edited. + [20623d549a3c] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c, + src/sudo.h, src/sudo_edit.c: + Work in progress support for sudoedit. The actual interface used by + the plugin for sudoedit is likely to change. + [c31262a31997] + + * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c: + Make find_path() a little more generic by not checking def_foo + variables inside it. Instead, pass in ignore_dot as a function + argument. + [9c23101a094d] + + * plugins/sudoers/env.c: + Add version of getenv(3) that uses our own environ pointer. + [0e3783e63534] + +2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Avoid a potential race condition if SIGCHLD is received immediately + before we call select(). + [99adc5ea7f0a] + + * plugins/sudoers/sudoers.c: + Call env_init() before we open the sudoers sources as those may call + our setenv() replacement. + [5f82601f5ab0] + + * plugins/sudoers/env.c: + Initialize env_len in env_init() + [7ae02b3029b5] + +2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: + Document time stamp shortcomings under SECURITY NOTES Use "time + stamp" instead of timestamp. + [2b86120815b2] + + * doc/Makefile.in: + Make sed substitution of mansectsu and mansectform global. + [94588632dba0] + + * plugins/sudoers/check.c: + If the tty lives on a devpts filesystem, stash the ctime in the tty + ticket file, as it is not updated when the tty is written to. This + helps us determine when a tty has been reused without the user + authenticating again with sudo. + [0e62a31bceb0] + + * src/tgetpass.c: + Fix pasto in mulitple signal fix and use _NSIG not NSIG since that + is what our compat checks set. + [df50f0a040c9] + + * configure, configure.in: + Add check for whether sudo need to link with -ldl to get dlopen(). + This is a bit of a hack that will get reworked when libtool is + updated. + [63bdcf579533] + + * plugins/sudoers/check.c: + Fix timestamp removal with -k/-K + [6b4639fef973] + + * plugins/sudoers/Makefile.in: + audit.c is now private to the sudoers plugin + [1974f342ae0b] + + * configure, configure.in: + Link with -lpthread on HP-UX since a plugin may be linked with + -lpthread and dlopen() will fail if the shared object has a + dependency on -lpthread but the main program is not linked with it. + [d42139391263] + + * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c: + Add separate test for getresuid() since HP-UX has setresuid() but no + getresuid(). + [910fe727a374] + + * doc/Makefile.in: + Remove errant backslash + [dd5464257c69] + + * src/script.c: + Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout + we need to pass any SIGPIPE we receive to the running command. + [3f6b1991f4fd] + + * src/script.c: + Also start the command in the background if stdin is not a tty. + [d93bc33a3740] + +2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c: + No need to use pseudo-cbreak mode now that we use pipes when stdout + is not a tty. Instead, check whether stdin is a tty and if not, + delay setting the tty to raw mode until the command tries to access + it itself (and receives SIGTTIN or SIGTTOU). + [e68315cf8c6b] + + * src/tgetpass.c: + Use an array for signals received instead of a single variable so we + don't lose any when there are multiple different signals. + [2ac726dac864] + + * src/tgetpass.c: + Do signal setup after turning off echo, not before. If we are using + a tty but are not the foreground pgrp this will generate SIGTTOU so + we want the default action to be taken (suspend process). + [bebb6209c795] + +2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Flush the iobufs on suspend or child exit using the same logic as + the main event loop. + [c627feee1035] + + * src/script.c: + Free memory after we are done with it. + [8db9b611b45a] + +2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/HISTORY: + Quest now sponsors Sudo development + [6cc490083bc7] + +2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/Makefile.in: + Install sudo_plugin man page. + [c253729790b2] + + * src/script.c: + Go back to reseting io_buffer offset and length (and now also the + EOF handling) in the loop we do the FD_SET, not after we drain the + buffer after write() since we don't know what order reads and writes + will occur in. + [5f38bfa8497f] + + * MANIFEST: + audit files moved to sudoers plugin directory + [b1ead182428e] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document plugin_printf and new logging functions. + [fe9430b60ab5] + + * src/script.c: + Add support for logging stdin when it is not a tty. There is still a + bug where "cat | sudo cat" has problems because both cat and sudo + are trying to read from the tty. + [04c9c59fcfba] + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/sudoers.c, src/script.c: + Add separate I/O logging functions for tty in/out and + stdin/stdout/stderr. NOTE: stdin logging does not currently work and + is disabled for now. + [a36dfd4ca935] + +2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/sudo_plugin.h, plugins/sample/sample_plugin.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/conversation.c, src/sudo.c, src/sudo_plugin_int.h: + Add pointer to a printf like function to plugin open functon. This + can be used instead of the conversation function to display info and + error messages. + [98734eea8ef1] + + * Makefile.in: + Stop if make in a subdir fails + [228bb3ad2dbc] + + * src/script.c: + Only set user's tty to blocking mode when doing the final flush. + Flush pipes as well as pty master when the process is done. + [20ff67218666] + +2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/ldap.c: + Use print_error() when displaying ldap config info in debugging + mode. + [d142e0cacb22] + + * compat/Makefile.in, compat/strdup.c, compat/strndup.c: + No longer need strdup() or strndup() replacements. + [df53697174ec] + + * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, + plugins/sudoers/sudoers.h: + Add print_error() function that uses the conversation function to + print a variable number of error strings and use it in log_error(). + [b1fa2861b575] + + * src/script.c, src/sudo.h, src/term.c: + Do not need the opost flag to term_copy() now that we use pipes for + stdout/stderr when they are not a tty. + [f42811f70a19] + + * src/script.c: + Use pipes to the sudo process if stdout or stderr is not a tty. + Still needs some polishing and a decision as to whether it is + desirable to add additonal entry points for logging + stdout/stderr/stdin when they are not ttys. That would allow a + replay program to keep things separate and to know whether the + terminal needs to be in raw mode at replay time. + [1a945e0ab2da] + +2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c, + plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h, + src/audit.c, src/bsm_audit.c, src/bsm_audit.h: + Move audit sources into the sudoers plugin dir; the driver does not + use them. + [50ec36422cd0] + + * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c, + compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c, + plugins/sudoers/boottime.c, plugins/sudoers/getdate.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c, + src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c, + src/term.c, src/ttysize.c: + Use angle brackets when including headers that can only be found + when an -I flag is specified. The files in the compat dir could get + away with double quotes here but I've converted all the source files + to use angle brackets for consistency. + [9e30a8fc6d4b] + + * plugins/sudoers/Makefile.in: + Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat + dir can be found when building outside the source tree. + [1150934b79dd] + + * plugins/sudoers/Makefile.in: + Clean up links in distclean + [78595028be8b] + + * plugins/sudoers/Makefile.in: + Hack around VPATH semantic differences by symlinking files we need + from ../../src into the current directory and build those. A better + fix would be to either make a .a or .la file with those files in it + or simply use a single, flat, Makefile instead of per-subdirs + Makefiles. + [892c332d3f05] + + * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c: + fmt_string is used by the sudoers plugin too so do not include + sudo.h (which is not really needed here anyway) + [231c35e3941f] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix building with non-BSD versions of make such as GNU make. + Requires VPATH support, which should be in any non-neolithic make. + [dc174f135919] + + * configure, configure.in, plugins/sudoers/Makefile.in, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c, + src/Makefile.in: + Re-enable bsm audit. Currently auditing is done within the sudoers + plugin itself. If possible, this should really be done in the main + driver but we don't presently have the needed data to do that. This + will be re-evaluated when Linux audit support is added. + [1d05a3236bfe] + + * compat/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Remove extraneous $srcdir and use more .c.lo and .c.o rules instead + of explicit rules in the dependency. + [88f80efd25f0] + + * plugins/sudoers/visudo.c: + Fix mismerge; alias_remove_recursive() now returns int + [6257a4849641] + +2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/visudo.c: + Fix a crash when checking a sudoers file that has aliases that + reference themselves. Based on a diff from David Wood. + [545d194484a7] + + * src/script.c: + Print signal info after restoring the tty mode, not before. + [a68618e67435] + + * src/script.c: + Defer call to alarm() until after we fork the child. Pass correct + pid to terminate_child() If the command exits due to signal, set + alive to false like we do when it exits normally. Add missing check + for errpipe[0] != -1 before using it in FD_ISSET + [22f0a1549391] + +2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/boottime.c: + Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h + [0e627170c6e8] + +2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/Makefile.in: + Simplify dependencies by using .c.o and .c.lo rules. + [6abcaef5d1ac] + + * configure, configure.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Substitute in @PROGS@ into src/Makefile to add sesh + [cc46d3b6208f] + +2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Add back calls to log_denial() if sudoers does not allow the + command. + [9783316207f0] + + * plugins/sudoers/sudoers.c: + Pass in correct pwflag for list and validate. + [973dd56d4b81] + + * plugins/sudoers/env.c: + Add missing check for NULL in validate_env_vars + [1d6eb6957824] + + * src/Makefile.in: + Add sudo_noexec.la to "all" target, otherwise it only gets built at + install time. + [644a9694d2ef] + + * plugins/sudoers/sudoers.c: + Only set sudo_user.env_vars if the env_add list is empty. + [fccdf6f0e0e2] + + * plugins/sudoers/sudoers.c: + Set sudo_user.env_vars so that environment variables specified on + the command line get logged correctly. + [9b51012c491e] + + * plugins/sudoers/env.c, plugins/sudoers/logging.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Re-enable environment files and setting environment variables on the + command line. + [5662d5645dbd] + +2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c: + Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime() + a pointer to time_t as tv_sec in struct timeval may be long. + [4de0c46e788e] + + * plugins/sudoers/check.c: + Don't stash ctime in on-disk tty ticket info for now; on many + (most?) systems the ctime is updated when the tty is written to. + Once I have a better idea of what systems do not update ctime on + ttys (and have a way to test for this) the ctime stash will be + conditionally re-enabled. + [a90eeec0f648] + +2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * MANIFEST, Makefile.in: + Add back "dist" target, this time using a MANIFEST file + [29277c05499f] + + * Makefile.in: + Remove Makefile in distclean target + [83d695f4f450] + + * Makefile.in, src/Makefile.in: + Update clean and cleandir targets + [ad7b2afeb9c1] + + * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c, + src/sudo.h: + Move fileops.c defines and prototypes to filesops.h + [4545e9b6892d] + + * plugins/sudoers/check.c: + Lock the tty timestamp when writing. We shouldn't have to lock when + reading since the file is updated via a single write system call. + [0c7276f02696] + +2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/alias.c, plugins/sudoers/check.c, + plugins/sudoers/defaults.c, plugins/sudoers/find_path.c, + plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c, + plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c, + plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/match.c, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Convert to ANSI C function declarations + [9c45def57cf7] + + * plugins/sudoers/sudoers.h: + Remove extraneous bits and classify by source file. + [e8ea9f109ebb] + + * include/compat.h: + Add timercmp macro for systems without it + [d3bf87b1d08e] + + * plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/sudoers.h: + get_boottime() now fills in a timeval struct + [3573c3f44e11] + + * plugins/sudoers/check.c: + Store info from stat(2)ing the tty in the tty ticket when tty + tickets are in use. On most systems, this closes the loophole + whereby a user can log out of a tty, log back in and still have the + timestamp be valid. + [53380f9f5242] + + * config.h.in, configure.in: + Add timespec2timeval and use it when getting ctime/mtime + [4cb7f7caec2c] + +2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/testsudoers.c: + Convert perm setting to push/pop model; still needs some work Use + the stashed runas groups instead of using getgrouplist() Reset perms + to the initial value on error + [09c072ebde8b] + + * config.h.in, configure.in: + fix ctim_get and mtim_get macros + [58773dc1e360] + + * config.h.in, configure, configure.in, include/compat.h, + plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c: + Use timeval directly instead of converting to timespec when dealing + with file times and time of day. + [a0ce1ae00a67] + + * plugins/sudoers/Makefile.in: + Don't like sudoreplay with libsudoers.la due to a yacc symbol + conflict. + [f1a59cc63a15] + +2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Darwin >= 9.x has real setreuid(2) + [7ec942a64275] + +2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.h: + Ansify env.c + [f58551bad10a] + + * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Remove remaining references to the environ pointer. + [96faa530816a] + +2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Don't change the environ directly in the sudoers plugin + [6db48ed3f7e0] + +2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Fix typo + [4aa452b07f8f] + + * plugins/sudoers/alias.c: + Fix use after free in error message when a duplicate alias exists. + [ce1d2812ee34] + +2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c: + Add a "noninteractive" boolean to the settings passed in to the + plugin's open function that is set when the user specifies the -n + flag. + [68f8d9d6d4d0] + + * config.h.in, configure, configure.in, plugins/sudoers/env.c: + Add workaround for the lack of the environ pointer on Mac OS X in + dlopen()ed modules. Use of environ in the sudoers plugin should + ultimately be removed but this will do for the moment. + [80c61647434f] + + * plugins/sudoers/visudo.c: + Set errorfile to the sudoers path if we set parse_error manually. + This prevents a NULL dereference in printf() when checking a sudoers + file in strict mode when alias errors are present. + [45e249ca99f7] + + * plugins/sudoers/sudoers.c: + Main sudo no longer print "unable to execute" on exec failure so do + it here. + [50aaf62b43b5] + +2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Use a pipe to pass back errno to the parent if execve() fails. If we + get an error in script_child(), kill the command and exit. + [dc3bf870f91b] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + src/parse_args.c, src/sudo.c: + Handle plugin's open function returning -2 (usage error). + [aadf900c1de8] + + * src/script.c: + If execve() fails, leave it to the plugin to print an error string. + [e25748f2d5b9] + + * src/script.c: + If execve fails in logging mode, pass the errno directly to the + grandparent on the backchannel and exit. The immediate parent will + get SIGCHLD and try to report that status but its parent will no + longer be listening. It would probably be cleaner to pass this over + a pipe in script_child(). + [cb122acc81a8] + + * plugins/sudoers/sudoers.c: + Don't override rval with results of check_user() unless it failed. + [46fb7e87ac7d] + +2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Fix typo + [ccd0b693f3da] + + * src/parse_args.c: + NULL-terminate env_add + [2c534368a0c3] + +2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c: + Call the I/O log open function before the I/O version function. + [e88bf898990b] + + * plugins/sudoers/iolog.c: + Remove io_conv and just use sudo_conv + [a280052468eb] + + * plugins/sudoers/set_perms.c: + Fix set/restore perms for systems w/o setresuid + [4160517f6666] + +2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/logging.c, + plugins/sudoers/parse.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: + Primitive set/restore permissions. Will be replaced by a push/pop + model. + [aae102290866] + + * src/script.c: + Only need to take action on SIGCHLD in parent if no I/O logger. If + there is an I/O logger we will receive ECONNRESET or EPIPE when we + try to read from the socketpair. + [e1e4560401f6] + +2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in, + doc/sudoers.pod, plugins/sudoers/find_path.c: + Merge fb4d571495fa from the 1.7 branch to trunk. + [c8fb424ad4d2] + + * find_path.c: + Qualify the command even if it is in the current working directory, + e.g. "./foo" instead of just returning "foo". This removes an + ambiguity between real commands and possible pseudo-commands in + command matching. + [fb4d571495fa] <1.7> + +2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Don't set SA_RESTART when registering SIGALRM handler. Do set + SA_RESTART when registering SIGWINCH handler. + [173472b76525] + + * doc/Makefile.in: + Add dev targets for *.man.in and *.cat that don't specfify the + $(srcdir) prefix. + [b62f425da2e4] + + * src/script.c: + If log_input or log_output returns false, terminate the command. + [074f4c0c34a0] + + * src/script.c: + Better signal handling. Instead of using a single variable to store + the received signal, use an array so we can't lose a signal when + multiple are sent. Fix process termination by SIGALRM in non-I/O + logger mode. Fix relaying terminal signals to the child in non-I/O + logger mode. + [7a4723aca99d] + + * src/script.c: + Fix a race between when we get the child pid in the parent and when + the child process exits. The problem exhibited as a hang after a + short-lived process, e.g. "sudo id" when no IO logger was enabled. + [80bcc0aca70b] + +2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: + Add a note about the security implications of the fast_glob option. + [c37a92ab7c93] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Add a note about the security implications of the fast_glob option. + [84f8097553d9] <1.7> + + * memrchr.c: + Remove duplicate includes + [3e8d90f4c30f] <1.7> + +2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + Fix up some AC_DEFINE descriptions and regen config.h.in + [f4655adc0db3] + +2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + No longer check for strdup or strndup for LIBOBJ replacement. + [fdc764ee8109] + + * src/script.c: + Avoid installing signal handlers that are io-logger specific. Fixes + job control when no io logger is enabled. + [0853dd0906d4] + + * doc/Makefile.in: + Only regen man pages from pod when configured with --with-devel + [ab1995f8103d] + +2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile, Makefile.in, configure, configure.in: + Top-level Makefile.in. Nothing is currently substituted but this is + needed for separate build dirs. + [e80873cbd201] + + * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in, + plugins/sudoers/Makefile.in, src/Makefile.in: + Fix out-of-tree builds + [59a35bef07b8] + + * Merge + [386b848047e9] + + * doc/Makefile.in: + We always install sudoreplay in 1.8 + [ce52ba6617c9] + + * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: + Free str after using it in the version method. Use sudo_conv, not + io_conv since we don't have the IO conversation function pointer in + the I/O version method anymore now that io_open is delayed. + [f2ed132adeb0] + +2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/siglist.in: + SIGPOLL is sometimes the same as SIGIO (like on HP-UX) + [6d69e1b05faf] + +2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + No need to provide strdup() or strndup(), sudo uses estrdup() and + estrndup() + [57ec23b72958] + + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in: + Add license to mksiglist.c and note that the bits from pdksh are + public domain + [d8121a2467e8] + + * compat/Makefile.in: + Fix LIBOBJDIR vs. srcdir wrt the siglist bits + [164160148421] + + * plugins/sudoers/Makefile.in: + Add sudoreplay testsudoers and visudo to clean target + [138a17e51c0c] + + * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h, + compat/siglist.in, compat/strsignal.c, configure, configure.in, + include/missing.h, src/script.c: + Create our own sys_siglist for systems without it for use by + strsignal() + [2e5da011ebc3] + + * compat/Makefile.in: + Remove duplicate $(LIBOBJDIR) + [adf9abc9432f] + +2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c: + Main sudo should not block signals; the plugin should do this in + check_policy. + [3f3736a7c5ed] + +2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Fix a sizeof(ptr) vs. sizeof(*ptr) + [aa1bcf5afcce] + + * src/script.c: + Unlike most operating systems, HP-UX select() is not interrupted by + SIGCHLD when the signal is registered with SA_RESTART. If we clear + SA_RESTART when calling sigaction() for SIGCHLD we get the expected + behavior and the code in the select() loops already handles EINTR + correctly. + [9eba0115e35a] + + * compat/getprogname.c: + progname should be const + [130228f062b7] + + * plugins/sudoers/Makefile.in: + Move --tag=disable-static to when we link sudoers.la, not when we + install. + [ceb5e6c3b78b] + + * src/load_plugins.c: + Load the sudoers I/O plugin by default too now that it is hooked up. + [ea38befd0742] + +2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/pty.c: + It looks like AIX doesn't need to push STREAMS modules for ptys. + [22da618ba0a1] + +2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/parse_args.c, src/sudo.c: + Delay calling the I/O plugin open function until the policy plugin + returns success. + [f3297c325b48] + +2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c, + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add back io logging (transcript) support. Currently, the open + function runs too early and it is not possible to use the io module + independently of the policy module. + [9bd932f66226] + + * plugins/sudoers/set_perms.c: + Comment out dead code; will be removed when set_perms is rewritten. + [af7a995284f8] + +2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Fix off by one error when allocating user_groups. + [6281fcf9c3bb] + +2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, plugins/sudoers/Makefile.in: + Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris. + [fbce3e9eda3a] + + * plugins/sudoers/sudoers.c: + Fix typo in preserve groups case + [1fd72024fb5a] + + * plugins/sudoers/sudoers.c: + In command_info it is "runas_groups" not "groups". + [5c64dce4f285] + + * src/sudo.c: + Fix iteration over runas_groups list. + [b3c45a0cd643] + + * configure, configure.in, plugins/sudoers/env.c, + plugins/sudoers/match.c, src/script.c: + Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. + [a8108a0776c2] + + * compat/getgrouplist.c: + getgrouplist(3) for those without it + [4ab4d21e3b16] + + * configure, configure.in: + Fix installation of sudoers.ldap in "make install" when --with-ldap + was specified without a directory. From Prof. Dr. Andreas Mueller + [5177a284b9ff] <1.7> + + * plugins/sudoers/sudoers.c: + Set preserve_groups or groups list in command_info + [1266119ad654] + + * src/sudo.c: + Fix setting of groups list + [e75315e40bd4] + + * config.h.in, configure, configure.in, include/compat.h, + include/missing.h: + Add checks for getgrset and getgrouplist and use replacement + getgrouplist if the system doesn't support it. + [a62b8ba50863] + + * src/parse_args.c: + Pass in preserve_groups when the -P flag is specified as per the + design + [7420c5d15474] + + * plugins/sudoers/sudoers.c: + Check preserve_groups and ignore_ticket args with atobool instead of + assuming they are true if present. + [71c905702697] + +2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/Makefile.in, plugins/sudoers/error.c, + plugins/sudoers/plugin_error.c: + Rename plugin-specific error.c to plugin_error.c Wire up visudo, + sudoreplay and testsudoers in the build + [9d581d5fa4d4] + + * src/Makefile.in, src/term.c: + term.c does not needto include sudo.h + [f6683cdcd2dd] + + * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod: + Document the -2 return in the check_policy section too + [e9cb4c34bbcf] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + src/parse_args.c, src/sudo.c, src/sudo.h: + Fix the -s and -i flags and add support for the "implied_shell" + option. If the user does not specify a command, sudo will now pass + in the path to the user's shell and set impied_shell=true. The + plugin can them either check the command normally or return -2 to + cause sudo to print a usage message and exit. + [bf889c38f229] + +2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, src/load_plugins.c: + Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for + Darwin where libraries end in .dylib but modules end in .so + [2c56aaa38e21] + + * plugins/sudoers/parse.c: + Better prefix determination now that we can't rely on len==0 to tell + the beginning on an entry. + [622bf18179e9] + + * plugins/sudoers/ldap.c: + display_bound_defaults() stub should return 0, not 1 since it is a + count, not a boolean. + [0327a6c3d55d] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document progname in settings + [42031d56a2e3] + + * compat/getprogname.c, include/compat.h, + plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c, + src/parse_args.c, src/sudo.c: + Rewrite compat/getprogname.c and add setprogname(). The progname is + now passed to the plugin via the settings array. + [25d8663e6006] + + * configure, configure.in, plugins/sudoers/Makefile.in: + Fix --with-ldap + [b64b633f426d] + + * plugins/sudoers/sudo_nss.c: + Add missing whitespace for Runas and Command-specific defaults + [65f4ddf5545e] + + * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, + plugins/sudoers/sudo_nss.c: + Use embedded newlines in lbuf instead of multiple calls to + lbuf_print. + [eed3af9cc3e1] + + * src/lbuf.c: + Add support for embedded newlines. + [e11f79b18deb] + +2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/getprogname.c: + If system doesn't support getprogname or __programe and we are + building a shared object don't bother with Argc/Argv, just return + "sudo" + [aebde9062be7] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool + appears to always install a shared object with the .so suffix. + [f9bbd0c0e9d3] + + * compat/Makefile.in, configure, configure.in, + plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, + src/Makefile.in: + Play more nicely with libtool and let it build libreplace (was + libmissing) for us. + [a4c6ebb2495c] + + * include/missing.h: + Include stdarg.h for va_list rather than requiring all consumers of + missing.h to include stdarg.h themselves. + [37382df948de] + + * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c, + plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c: + Pass in output function to lbuf_init() instead of writing to stdout. + A side effect is that the usage info can now go to stderr as it + should. + [6d261261a072] + +2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/lbuf.h, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c, + src/parse_args.c, src/sudo.c: + Use number of tty columns that is passed in user_info instead of + getting it directly in the lbuf code. + [8a16635c2638] + + * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, + plugins/sudoers/gram.c, plugins/sudoers/gram.y, + plugins/sudoers/interfaces.h, plugins/sudoers/logging.c, + plugins/sudoers/logging.h, plugins/sudoers/match.c, + plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, + plugins/sudoers/timestr.c, plugins/sudoers/toke.c, + plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/visudo.c: + Kill __P in sudoers + [63601e6cb171] + + * config.h.in, configure, configure.in, src/load_plugins.c: + Set the sudoers plugin name in configure so we get the extension + right. + [edad89924cd1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document lines/cols in user_info + [a808872394f3] + + * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c: + Add tty size to user info + [23f3d27e77a7] + + * src/script.c: + Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ + [a2208dd09051] + +2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c: + Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error + out if we fail to lookup the user's name that is passed in + [e4e3728ed482] + + * plugins/sudoers/error.c: + Pass the error value back via siglongjmp. + [667b8ad575ce] + + * plugins/sudoers/check.c: + Use conversation function for lecture. + [1ab4719f509b] + + * plugins/sudoers/check.c: + Don't update ticket file if verify_user returns FALSE. + [2bbc46a39a2b] + +2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/sudoers.c, src/sudo.c: + Wire up invalidate and validate methods for sudoers + [c0630c7bca47] + + * plugins/sudoers/check.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h: + Add support for -k flag with a command. + [edad239b098b] + + * src/parse_args.c: + Allow -k to be specified with a command. + [43a45add9974] + + * plugins/sudoers/sudoers.c: + Wire up policy_list + [27cc35699eca] + + * plugins/sudoers/error.c: + Add newline at the end of message and space after the colon in + warning message + [5a591aa8e744] + + * plugins/sudoers/auth/sudo_auth.c: + Add missing newline after pass password warning + [337dba3870a7] + + * plugins/sudoers/sudoers.c: + Set user_groups and user_ngroups based on user_info + [61bee85128c8] + + * plugins/sudoers/error.c: + Make this compile + [7041c441e1c8] + + * Makefile: + Build sudoers plugin + [5cdf06e66978] + + * plugins/sudoers/gram.c, plugins/sudoers/gram.y: + Use warningx in yyerror() so the conversation function gets used + when built as part of sudoers. + [85f964215eef] + + * plugins/sudoers/error.c, plugins/sudoers/sudoers.c: + Make _warning in error.c use the conversation function and remove + commented out warning/warningx in sudoers.c. + [7c9b09024b63] + + * plugins/sudoers/logging.c: + Use siglongjmp() in log_error for fatal errors + [b50e26f1c73f] + + * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in: + Quiet a libtool warning + [b2331fb006bc] + +2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sudoers/auth/pam.c: + Rename sudo_conv to conversation to avoid a namespace conflict. + [1ad359d36be9] + + * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/check.c, plugins/sudoers/defaults.c, + plugins/sudoers/env.c, plugins/sudoers/error.c, + plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, + plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, + plugins/sudoers/gram.y, plugins/sudoers/interfaces.c, + plugins/sudoers/ldap.c, plugins/sudoers/logging.c, + plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c, + plugins/sudoers/parse.c, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c, + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, + plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c, + plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c: + Initial bits of sudoers plugin; still needs work. + [af2a2c59a952] + + * config.h.in: + Add HAVE_STRDUP and HAVE_STRNDUP + [50a3c0dd510f] + + * compat/Makefile.in, configure, configure.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [b62f411a4c18] + + * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in: + Build libmissing in two flavors (one PIC one non-PIC) and link with + the appropriate one. + [e1e04972b5fe] + +2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * include/missing.h: + Add strdup and strndup and fix strsignal + [c159babe2896] + +2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat/strdup.c, compat/strndup.c, configure, configure.in, + plugins/sample/Makefile.in, src/Makefile.in: + Add strdup and strndup to compat + [25c9fd399a4d] + + * plugins/sample/sample_plugin.c: + Need to include compat.h before missing.h + [c94f7aad380f] + + * compat/strsignal.c: + Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if + it doesn't exist configure will set it to 0. + [384580566389] + + * compat/glob.c: + Fix botched ANSI C coversion of globexp2() + [4a344b8cbe49] + + * configure, configure.in: + Remove redundant getgroups check + [0b16ec210c81] + + * configure, configure.in, src/lbuf.c, src/script.c, src/term.c: + Require either termios or termio, no more sgtty. + [9b2fa2f17a1c] + + * compat/strsignal.c, config.h.in, configure, configure.in: + Change the sys_siglist check to use AC_CHECK_DECLS and also check + for _sys_siglist and__sys_siglist + [2e078fed2408] + +2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, src/Makefile.in: + Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now + use SUDO_OBJS for the main driver as part of OBJS. + [9ae4a80a5ade] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Mention in the conversation function section that a newline is not + implicit. + [04a233b6c491] + + * include/compat.h: + Add definition of WCOREDUMP for systems without it. This is known to + work on AIX and SunOS 4, but may be incorrect on other systems that + lack WCOREDUMP. + [c85b3ce6b77d] + +2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sample/sample_plugin.c, src/conversation.c: + conversation function no longer puts a newline at the end of info or + error messages. + [c534cae1ac4a] + + * match.c: + When doing a glob match, short circuit if gl.gl_pathc is 0. From + Mark Kettenis. + [549f8f7c2463] <1.7> + +2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Use parent process group id instead of parent process id when + checking foreground status and suspending parent. Fixes an issue + when running commands under /usr/bin/time and others. + [eac86126e335] <1.7> + + * env.c: + In setenv(), if the var is empty, return 1 and set errno to EINVAL + instead of returning EINVAL directly. + [d202091ec15e] <1.7> + +2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Use parent process group id instead of parent process id when + checking foreground status and suspending parent. Fixes an issue + when running commands under /usr/bin/time and others. + [564f528c3bb7] + +2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4: + transcript option is now --with not --enable + [0646fac4cf93] + + * plugins/sample/sample_plugin.c: + Add support to -u and -g flags Check fmt_string retval Add timeout + for debugging purposes + [cfefa4fa60b5] + + * src/script.c, src/sudo.c: + Wire up SIGALRM handler Set close on exec flag for child side of the + socketpair Fix signal handling when not doing I/O logging + [379581ec7272] + + * src/sudo.c: + g/c unused SIGCHLD handler + [0afa03912dce] + + * src/fmt_string.c, src/parse_args.c, src/sudo.c: + Don't use emalloc() in fmt_string(); we want to be able to use it + from a plugin. + [ade64d368147] + + * include/list.h: + tq_remove not list_remove + [0e0e1fd5c31c] + + * configure, configure.in: + AUTH_OBJS should contain .lo files not .o files. + [c64c82c9d5a2] + +2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/parse_args.c: + Simplify conversion of command line args to name=value pairs. + [75ab127c6a94] + + * plugins/sample/sample_plugin.c: + Handle NULL reply from conversation function + [6ce09b6cb204] + + * compat/getline.c: + Don't depend on emalloc/erealloc + [73df09e2109f] + + * plugins/sample/Makefile.in: + Use $(OBJS) instead of sample_plugin.lo + [2d995db9aa99] + + * plugins/sample/sample_plugin.c: + runas_user is in settings not user_info + [7ee12068bc57] + + * src/parse_args.c: + Fix a mismatch between sudo_settings and settings_pairs that causes + some settings to get the wrong values. + [b1bc6d81a65f] + +2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c, + src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c, + src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c: + Convert to ANSI C + [d03b6e4a3b75] + + * src/load_plugins.c: + Fix strlcpy() return value check. + [7cd66999a374] + + * INSTALL, configure, configure.in: + No longer need to substitute in script.o and pty.o; I/O logging + support is always built. + [45250024c5dc] + +2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Add fallback to /bin/sh when execve() fails with ENOEXEC. + [7684a15a1352] + + * include/alloc.h, src/alloc.c: + Add estrndup() + [47621c83bed9] + +2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c, src/sudo.c: + Refactor script_execve() a bit so that it can be used in non-script + mode. Needs more cleanup. + [f09e022d547c] + + * src/sudo.c: + Ignore empty entries in command_info list + [1eea9a8de21c] + + * include/list.h, src/list.c: + Add tq_remove + [40908a617cb2] + + * src/conversation.c: + Pass timeout to tgetpass() + [9e66c918b771] + + * Makefile: + Add ChangeLog target + [da4a39150838] + + * README, WHATSNEW: + Bump version and update things slightly for sudo 1.8.0 + [4b73cc45e2d4] + + * configure, configure.in: + Sudo now requires an ANSI/ISO C compiler + [1e51f72e6964] + + * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c, + src/sudo_noexec.c: + Convert to ANSI C + [5cbd315dbde8] + + * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h: + Convert to ANSI C + [3f5016ff64f4] + + * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c, + compat/fnmatch.h, compat/getcwd.c, compat/getline.c, + compat/getprogname.c, compat/glob.c, compat/glob.h, + compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/utime.h, + compat/utimes.c: + Convert to ANSI C + [0d635c85461c] + +2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/sudo.c, src/tgetpass.c: + Make user_details extern so tgetpass can get at the uid and gid. Set + uid/gid to user before executing askpass program. Check environment + for SUDO_ASKPASS and use that if set. TODO: a way for the policy to + set the askpass program itself + [d33606396176] + + * src/sudo.c: + No longer need sudo_usage.h in sudo.c + [063e2946c382] + + * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in, + doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c, + src/sudo_usage.h.in: + Document -D level command line flag which maps to the debug_level + setting. + [61f1e2ab3ac1] + + * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Document debug_level in plugin doc. Still need to document the -D + flag in sudo itself. + [8c62daea3e9b] + +2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Check for pseudo-command by looking at the first character of the + command in sudoers instead of checking the user-supplied command for + a slash. + [88f3181692fe] <1.7> + +2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * plugins/sample/sample_plugin.c: + include missing,h for vasprintf + [92503de49b39] + + * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat, + doc/sudo_plugin.man.in, doc/sudo_plugin.pod: + Rename plugin.pod -> sudo_plugin.pod and wire into Makefile + [14cfb4775238] + + * plugins/sample/sample_plugin.c: + Need to include limits.h + [bda7f74343d2] + + * compat/glob.c: + No more sudo_getpw* + [232e52907634] + + * plugins/sample/Makefile.in, src/Makefile.in: + Add missing compat bits + [4843dd000e08] + + * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in: + compat files should not include sudo.h wire up compat in sample + plugin + [a175b8185e0f] + + * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in: + Fix up compat dependencies. Fix distclean target in doc/Makefile.in + [57e49bc20857] + + * configure, configure.in: + Fix typo + [333655e3d5fe] + + * plugins/sample/sample_plugin.c: + Log input and output to temp files for proof of concept. + [ae1dfc34f7d6] + + * Makefile, configure, configure.in, doc/Makefile.in: + Add doc Makefile.in and wire it up + [6a310443c87d] + + * src/script.c: + Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with + suspending a shell with the "suspend" builtint. + [3d65f182819a] + + * src/script.c: + In child, handle parent side of the pipe going away. + [a29c14d78cd9] + + * src/script.c: + No longer need to check for explicit death of the child (process #2) + since if it dies we will get EPIPE from the socketpair. Fix a + sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to + sudo_debug. + [24c55dd4ff60] + + * src/sudo.c: + Make sudo_debug do a single vfprintf() which will result in a single + write call on most systems. Avoids problems with interleaved debug + printf from different processes. Also remove an extraneous error + case since recv() can't return a short read and add some more XXX. + [b37a8533ef1e] + +2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * src/script.c: + Fix uninitialized variable. + [e012a0a30890] + + * src/Makefile.in: + Fix sudo install target + [1417fa4b4ab9] + + * src/parse_args.c, src/sudo.c, src/sudo.h: + Wire up debug_level + [144fab289c73] + + * src/Makefile.in: + Fix dependencies + [5170940af2ce] + + * configure, configure.in: + Fix setting of plugin dir + [144eda170a72] + + * Makefile: + add clean targets + [d53f6f6f5c3a] + + * src/atobool.c: + Add missing source for sudo front end + [42487de9c489] + + * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c: + Sample plugin demonstrating the sudo plugin API + [f1fd62d7644f] + + * Makefile, configure, configure.in, install-sh, pathnames.h.in, + plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c, + src/fileops.c, src/fmt_string.c, src/load_plugins.c, + src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h, + src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c, + sudo_usage.h.in: + Modular sudo front-end which loads policy and I/O plugins that do + most the actual work. Currently relies on dynamic loading using + dlopen(). See doc/plugin.pod for the plugin API. + [924f6eb2fbba] + + * doc/plugin.pod, include/sudo_plugin.h: + Sudo plugin API + [374ccbbd24ae] + + * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c, + compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c, + plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, + src/fileops.c, src/sudo_edit.c: + Replace emul/include.h with compat/include.h to match new source + tree layout. + [7eccd10449a1] + + * src/lbuf.c: + Include missing.h for memrchr() proto + [03abd63a8a33] + + * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING, + TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c, + alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, + auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c, + closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c, + compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c, + compat/getline.c, compat/getprogname.c, compat/glob.c, + compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c, + compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c, + compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c, + compat/strlcpy.c, compat/strsignal.c, compat/timespec.h, + compat/utime.h, compat/utimes.c, def_data.c, def_data.h, + def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE, + doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod, + doc/license.pod, doc/sample.pam, doc/sample.sudoers, + doc/sample.syslog.conf, doc/schema.ActiveDirectory, + doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat, + doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat, + doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, + doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod, + doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, + doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h, + emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c, + error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c, + getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c, + gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod, + include/alloc.h, include/compat.h, include/error.h, include/lbuf.h, + include/list.h, include/missing.h, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c, + interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod, + list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h, + mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c, + nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in, + plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp, + plugins/sudoers/alias.c, plugins/sudoers/auth/API, + plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, + plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, + plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, + plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, + plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, + plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, + plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, + plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, + plugins/sudoers/boottime.c, plugins/sudoers/check.c, + plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, + plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, + plugins/sudoers/defaults.h, plugins/sudoers/env.c, + plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, + plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c, + plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c, + plugins/sudoers/gram.c, plugins/sudoers/gram.h, + plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h, + plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h, + plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh, + plugins/sudoers/insults.h, plugins/sudoers/interfaces.c, + plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, + plugins/sudoers/logging.c, plugins/sudoers/logging.h, + plugins/sudoers/match.c, plugins/sudoers/mkdefaults, + plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h, + plugins/sudoers/nonunix.h, plugins/sudoers/parse.c, + plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, + plugins/sudoers/redblack.c, plugins/sudoers/redblack.h, + plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, + plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers, + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, + plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c, + plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c, + plugins/sudoers/toke.c, plugins/sudoers/toke.l, + plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c, + plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h, + sample.pam, sample.sudoers, sample.syslog.conf, + schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c, + selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c, + src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h, + src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, + src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c, + src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c, + sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c, + sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif, + sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat, + visudo.man.in, visudo.pod, zero_bytes.c: + Rework source layout in preparation for modular sudo. + [7fc1978c6ad5] + +2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * Avoid a duplicate fclose() of the sudoers file. + [5dba851088c1] + + * Fix size arg when realloc()ing include stack. From Daniel Kopecek + [0a2935061e33] + + * Use setrlimit64(), if available, instead of setrlimit() when setting + AIX resource limits since rlim_t is 32bits. + [353db89bac61] + + * Fix use after free when sending error messages. From Timo Juhani + Lindfors + [e50dbd902382] + + * ChangeLog, Makefile.in: + Generate the ChangeLog as part of "make dist" instead of having it + in the repo. + [251b70964673] + +2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.l: + Avoid a duplicate fclose() of the sudoers file. + [164d39108dde] <1.7> + + * toke.l: + Fix size arg when realloc()ing include stack. From Daniel Kopecek + [8900bccef219] <1.7> + +2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * aix.c, config.h.in, configure, configure.in: + Use setrlimit64(), if available, instead of setrlimit() when setting + AIX resource limits since rlim_t is 32bits. + [2cbb14d98fc1] <1.7> + + * logging.c: + Fix use after free when sending error messages. From Timo Juhani + Lindfors + [caf183fd9d94] <1.7> + +2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog, Makefile.in: + Generate the ChangeLog as part of "make dist" instead of having it + in the repo. + [836c31615859] <1.7> + +2010-01-18 convert-repo <convert-repo> + + * .hgtags: + update tags + [9b7aa44ae436] + +2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Generate correct ChangeLog for 1.7 branch. + [586dd90b8878] <1.7> + + * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h, + auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, + auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, + closefrom.c, compat.h, configure.in, defaults.c, defaults.h, + emul/charclass.h, emul/timespec.h, env.c, error.c, error.h, + fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c, + gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h, + isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c, + logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c, + mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in, + pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers, + sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c, + sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, + strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in, + sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, + sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod, + term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l, + utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c: + Remove CVS $Sudo$ tags. + [de683a8b31f5] + +2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_usage.h.in: + make this match sudoers SYNOPSIS + [c74ba66944c2] + + * lbuf.c, parse.c: + Print a newline between Runas and Command-specific defaults in sudo + -l. + [b5bdfcc9ce4b] + + * term.c: + Use SET and CLR macros in term_raw + [50ca42609d6c] + + * sudoreplay.c: + Set stdin to non-blocking mode early instead of in check_input. Use + term_raw instead of term_cbreak since the data we get has already + been expanded via OPOST. + [51c47e803d62] + +2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c, term.c: + Enable/disable all postprocessing instead of just nl->crnl + processing since things like tab expansion matter too. However, if + stdout is a tty leave postprocessing on in the pty since we run into + problems doing it only on the real stdout with .e.g nvi. + [62666e309673] + +2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + If tty_tickets is enabled and there is no tty, prompt for a + password. Do not lecture user for "sudo -k command" if user has a + timestamp. + [5880200c5f6b] + + * INSTALL: + Document missing options: --with-efence and --with-bsm-audit + [d83afcdf9ff3] + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod, + sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat, + visudo.man.in, visudo.pod: + username -> user name groupname -> group name hostname -> host name + [10c85646f45d] + + * INSTALL, README.LDAP, sudoers.pod: + filename -> file name like the rest of the docs + [1ef8ab5a9018] + +2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Fix printing of entries with multiple host entries on a single line. + [226ceaf91d8d] + +2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Mention that targetpw affects the timestamp file name. + [a26e22e4f72e] + + * def_data.c, def_data.h, def_data.in, defaults.c, script.c, + sudoers.pod: + Add compress_transcript option. + [6e94f8cb9dfb] + +2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + bump to 1.7.3b2 + [906d7e347d15] + + * pwutil.c, set_perms.c, sudo.c, sudo_nss.c: + Better split of membership vs. traditional group check in + user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails. + [6ebc55d4716b] + +2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + Fix pasto and add default return value. + [7973b5e4599c] + + * check.c, match.c, pwutil.c, sudo.h: + refactor group member checking into user_in_group() + [48ca8c2eddf8] + + * check.c, config.h.in, configure, configure.in, match.c, sudo.c, + sudo.h: + Add support for mbr_check_membership() as present in darwin. + [5501aed02b9f] + +2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Rename label to be accurate + [3af17dd960f7] + + * Makefile.in, boottime.c, check.c, config.h.in, configure, + configure.in, sudo.h: + Treat timestamp files from before we booted as old. Idea from and + Apple patch. + [5c96e484c05a] + +2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudo.pod, sudo_usage.h.in: + Allow the -u flag to be used in conjunction with the -v flag as per + older versions of sudo. + [591e9fc13c1a] + + * logging.c: + fix typo in last commit + [4fd0c692dcf0] + +2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + Convert fmt_first and fmt_confd into macros. + [32e870158b29] + + * sudoers.pod: + timeouts can be floats now + [89de639a9679] + + * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c, + defaults.h, mkdefaults: + Add support for floating point timeout values (e.g. 2.5 minutes). + [210ffa291733] + +2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + The -L flag will be removed in sudo 1.7.4 + [ffd026084333] + +2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Fix a bug due to order of operators. + [938d34464283] + +2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + cmnd_matches() already deals with negation so _cmndlist_matches() + does not need to do so itself. Fixes a bug with negated entries in a + Cmnd_List. + [71c845f6ce73] + +2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Don't exit() from open_sudoers, just return NULL for all errors. + [8cfa832f972a] + + * script.c: + Can't rely on the shell sending us SIGCONT when transitioning from + backgroup to foreground process. + [3c6c5b6cb4b3] + + * toke.c, toke.l: + Add missing extern def for parse_error + [45b7b59d03b7] + +2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Avoid a parse error when #includedir doesn't find any files. Closes + bug #375 + [1ce1b850e9e6] + + * Makefile.in: + Include sudo.man.pl and sudoers.man.pl in the distribution tarball. + [6a22e32da108] + +2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Start command out in foreground mode if stdout is a tty. Works + around issues with some curses-based programs that don't handle + tcsetattr getting interrupted by a signal. Still allows us to avoid + hogging the tty if the command is part of a pipeline. + [1c32f2b94769] + + * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c: + Use a socketpair to pass signals from parent to child. Child will + now pass command status change info back via the socketpair. This + allows the parent to distinguish between signals it has been sent + directly and signals the command has received. It also means the + parent can once again print the signal notifications to the tty so + all writes to the pty master occur in the parent. The command is now + always started in background mode with tty signals handled by the + parent. + [c6790b82986d] + +2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix a few typos in the descriptions; from Jeff Makey Only do the + check for krb5_get_init_creds_opt_free() taking two arguments if we + find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false + positive when using our own krb5_get_init_creds_opt_free which takes + only a single argument. + [845a9ff6f93d] + +2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Remove a spurious comma in the kerb5 bits. + [3433eab083db] + + * auth/kerb5.c: + Call krb5_get_init_creds_opt_init() in our emulated + krb5_get_init_creds_opt_alloc() for MIT kerberos. + [7ffb40bf43e9] + +2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + Add HAVE_ZLIB + [9297bde61ecc] + + * script.c: + Need to ignore SIGTT{IN,OU} in child when running the command in the + background. Also some minor cleanup. + [dc208d982319] + +2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Instead of calling sigsuspend when waiting for SIGUSR[12] from + parent, install the signal handlers w/o SA_RESTART and let them + interrupt waitpid(). + [759c7d18203b] + + * script.c: + Pass along SIGHUP and SIGTERM from parent to child. + [035b0e254568] + + * script.c: + Close unused bits of script_fds in processes that don't need them. + Restore default SIGCONT handler in child. + [e037378ab0c1] + + * script.c: + Update foreground/background status in SIGCONT handler in parent + process. + [3f7f91333264] + +2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Defer setting terminal into raw mode until just before we fork() and + only do it if sudo is the foreground process. If we get SIGTT{IN,OU} + and sudo is already in the foreground be sure to set raw mode before + continuing the child. + [1102ef40832c] + +2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Fix handling of SIGTTOU/SIGTTIN in program being run. We now only + give the command the controlling tty if the main sudo process is the + foreground process. + [cf3a91cb5682] + + * script.c: + Don't bother with sudo_waitpid() here for now. + [9086de480c2d] + + * script.c: + fix non-zlib case + [a258bff0f9a6] + +2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Remove non-wroking code that crept into rev 1.55 + [2802dd55cff5] + +2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in, script.c, sudoreplay.c: + First pass at zlib support for transcript data files + [5d10260807da] + + * Makefile.in: + remove vestiges of ZLDFLAGS + [1fa0caf1c0fb] + + * script.c: + Add missing variable declaration for when TIOCSCTTY is not defined. + Need to include sys/termio.h for TIOCSCTTY on some systems. + [ee7f41ac2709] + + * script.c: + when resuming command, send SIGCONT to its pgrp not just pid + [5cd63c1d565b] + + * selinux.c: + remove unused variable + [df67df4be228] + + * script.c: + include selinux.h for is_selinux_enabled() proto + [85ebaa880cc1] + + * script.c: + Don't use log_error() in the child process. + [def65fe2a433] + + * script.c: + Do I/O in parent instead of child since the parent can have both + /dev/tty as well as the pty fds open. The child just sets things up + and waits for its grandchild and writes the signal description to + the pty master if the command was killed by a signal. + [95e473208982] + +2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * missing.h, sudo.h: + Move two struct forward declarations from sudo.h to missing.h + [90ad28294a8c] + + * script.c: + Make comment at the top of script_exec() match reality. + [c5042d27dbe0] + + * sudo.c: + if neither stdin nor stdout is a tty, check stderr + [c532ff20c8d8] + + * Makefile.in: + Add back dependecy of gram.h on gram.y + [c58382b7fcca] + + * script.c: + Make transcript mode work as long as we can figure out our tty, even + if it is not stdin. We'd like to use /dev/tty but that won't be + valid after the setsid(). + [7b8bba8d99e7] + +2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, pty.c: + Add support for IRIX-style dynamic ptys + [bedc9bac44c1] + + * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c: + Move alloc.c protos into alloc.h + [b6a90649617d] + + * missing.h: + Move prototypes for missing libc functions to missing.h + [dda9ae1ccaf8] + + * Makefile.in, sudo.h, sudoreplay.c: + Move prototypes for missing libc functions to missing.h + [7483166b577b] + +2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + Disable transcript support if no tcsetpgrp until we support older + BSD-style job control. + [27ac1d8163df] + + * configure, configure.in, pty.c, script.c: + Break out pty code into pty.c + [e85509b25d41] + + * compat.h, config.h.in, configure, configure.in: + add killpg macro if no killpg function + [3a125f4a51f0] + + * config.h.in, configure, configure.in, script.c: + Push ptem and ldterm for STERAMS-based systems when allocating a + pty. + [36bb39b30ff2] + +2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Sprinkle some more O_NOCTTY and call grantpt() before unlockpt() + [d94bd5c9bf4e] + + * script.c: + Call tcgetpgrp() in the parent, not the child and have the child + spin until it is granted. Fixes a race on darwin. + [6e8d435339ce] + + * script.c: + Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just + reopen slave. + [0bdc63c019ca] + +2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + In script mode, if the command is killed by a signal, print the + signal description as well as a core dump notification like the + shell does. + [9df61738df07] + + * Makefile.in, config.h.in, configure, configure.in, strsignal.c, + sudo.h: + Add check for strsignal() and a simple implementation if it is not + there but sys_siglist is + [61421a188ef4] + + * script.c: + Add missing WUNTRACED and store the signal that stopped the + grandchild in suspended, not signo. + [df65042b200e] + + * script.c: + g/c unused code + [40d8cb5c9203] + + * script.c: + Associate the grandchild's pgrp with the tty instead of the child's + and just get suspend notifications via SIGCHLD instead of directly. + This fixes a hang with programs that try to set terminal attributes + and is more consistent with how the shell handles things. + [6865abff7e94] + +2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Move setpgid() of child into the parent side of the fork() where it + belongs. + [3defa782777c] + +2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + fix typo + [b6a612b3622c] + + * script.c: + Run command in its own pgrp (like the shell does) for easier + signalling. No need to relay SIGINT or SIGQUIT to parent, just send + to grandchild. Don't want grandchild stopped events in the child + (only termination). Flush output after suspending grandchild before + signalling parent. + [db556bf2176f] + + * script.c: + Back out revision 1.34; the problem lies elsewhere. + [85f590a03275] + + * script.c: + Don't set stdout to blocking mode when flushing remaining output. It + can cause us to hang when trying to exit. Need to investigate why. + [6f803a3e33ca] + + * script.c: + Handle SIGTTOU and remove some debugging. + [52d17279053e] + + * term.c: + Back out revision 1.10 as the signal that interrupts us may be + SIGTTOU or SIGTTIN which the caller must handle. + [7e2fa9107975] + + * script.c: + Apparently we need to send SIGSTOP to the command as well as ourself + when we get SIGTSTP, the kernel doesn't automatically stop the + process for us. + [1a936e9309c4] + + * script.c: + Use an extra process to act as the glue bewteen the sessions + associated with the user's controlling tty (what the shell uses) and + the tty that sudo is using to do its logging. Basically, this means + that if we get, e.g. SIGTSTP from the process sudo is running, we + relay the signal to the parent so it's shell can do the job control. + [6dd296988060] + + * term.c: + Handle getting/setting terminal attributes when the fd is in non- + blocking mode. + [ae5ae535ea7b] + +2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + Add support for pausing and changing the speed in interactive mode. + [72a2063780a7] + + * script.c: + Already define O_NOCTTY in compat.h, don't need it here + [b5d80ed3e5ce] + +2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Add missing protos + [c4cb4e7f4d8a] + +2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Always update the stashed mtime of the temp file instead of using + what we have for the original because the time resolution of the + filesystem the temporary is on may not match that of the filesystem + that holds the original. Should fix bz #371 found by Philippe Levan. + [c86ca4bec60c] + + * sudoreplay.c: + Use cbreak mode instead of raw mode and add signal handlers to + restore the tty on interrupt. + [84dd283da41c] + + * script.c, sudo.h, term.c: + Retain NL to NLCR conversion on the real tty and skip it on the pty + we allocate. That way, if stdout is not a pty there are no extra + carriage returns. + [32e4f570414e] + + * script.c: + Fix log_output(); just pass in a string and a length. + [ca980cc0a3fb] + +2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + do not use errno when complaining out lack of a tty + [8f9b8c55ab8e] + +2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, sudoreplay.c, term.c: + Instead of messing with line endings, just set terminal to raw mode + in sudoreplay. + [90943fa87acb] + + * term.c: + When copying the terminal attributes to the pty, be sure not to set + ONLCR. This prevents extra carriage returns from ending up in the + script output file. + [e6b5475ac2aa] + + * script.c: + Convert a do {} while into a while + [e461310d2c77] + + * Makefile.in: + Use if then instead of test && when installing binaries that may not + exist. + [ad4f9490d971] + + * script.c: + Add O_NOCTTY when opening a tty device. Explicitly disconnect from + old tty before associatng with new one. + [0e0ca634b80c] + + * script.c, selinux.c, sudo.c, sudo.h: + First cut at refactoring some of the selinux code so it can be used + in conjunction with sudo's transcript support. + [779b0d8f9d29] + +2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure, configure.in: + Fix default case of transcript_enabled being unset. + [f8aa96186e6b] + + * script.c, sudoreplay.c: + Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR + [2844a7a851fa] + + * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c: + Hook up --disable-transcript and --enable-transcript=DIR + [b3fa7e6b2480] + +2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure, configure.in, pathnames.h.in: + _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable- + transcript=DIR option to specify the directory + [b0bb76d43cda] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [c7a8a0a9027c] + + * configure, configure.in, sudoers.man.pl, sudoers.pod: + Substitute in default value for secure_path + [c8f9ac6dbf93] + + * sudo.pod: + Mention that the password must be followed by a newline with the -S + option. + [2fc589a3ee7e] + +2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Go back to dropping out of the select() loop when the process dies; + Linux ptys apparently don't behave the same as BSD in regards to + select(). No need to flush remaining output to the transcript, only + to stdout. Add back code to check the master pty for additional data + when we exit the main select loop. + [abed9a9cbc6b] + +2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Add getline.o to COMMON_OBJS + [04ef7643cbc2] + + * Makefile.in: + sudoreplay depends on libsudo.a + [142bd0472631] + + * Makefile.in: + More pwutil.o into COMMON_OBJS + [4a016b933629] + + * pwutil.c, testsudoers.c, tsgetgrpw.c: + Remove my_* redirection in pwutil.c for testsudoers and just use the + normal libc get{pw,gr}* names. + [9b76d637d86b] + + * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + More time and date examples + [c6ee0175ec56] + + * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c: + Move nanosleep() emulation into its own file Check librt.a for + nanosleep if we don't find it in libc + [4da0cc26aad7] + + * Makefile.in, configure, configure.in: + Build libsudo with the common bits and link things against that. + [2b53bc0b081a] + + * script.c: + Fix final flush. + [6da287d833da] + + * script.c: + Keep reading from the pty master -> log file until read returns <= + 0. Do our best to write everything to stdout when flushing any + remaining bits. + [2a45d4ae280c] + + * sudoreplay.c: + Use unbuffered I/O when writing to stdout and make sure we write the + entire buffer. + [f39ef9844a47] + +2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Only use max_wait if it is non-zero + [f6c10604d2e8] + + * getdate.c, getdate.y, getline.c: + Need compat.h here + [5d6722e225a0] + + * sudoreplay.c: + Fix nanosleep emulation + [34e5e5d72a76] + + * script.c: + Fix comment after #endif + [bd1347718b25] + + * sudoreplay.c: + Add protos for missing libc bits + [644f496427a2] + + * configure, configure.in: + add missing line continuation char + [db13c0d402cd] + + * config.h.in, configure, configure.in, getline.c: + Implement getline() in terms of fgetln() if we have it. + [3ab786eaadc5] + + * sudoreplay.c: + Print year when formatting log line + [90be669e3443] + + * sudoreplay.pod: + Document cwd, attempt to document time/date formats. + [6290fb9b65c6] + + * sudoreplay.c: + Fix getline return value check. + [d696d6657261] + + * Makefile.in, config.h.in, configure, configure.in, getline.c, + sudoreplay.c: + Use getline() if the system has it, else use provide our own for + sudoreplay. + [afca1d6fbe5e] + + * script.c: + Refactor code to update output and timing files. + [361491332b1a] + +2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Make sudo_getln() behave more like glibc getline. + [40c9f2ea29e6] + + * script.c: + When flushing remaining output, also update timing file. + [5a9a5a627549] + + * sudoreplay.c: + Use get_timestr() and make the -l output look like the regular sudo + log. + [452ba9d436c9] + + * logging.c, sudo.h, timestr.c: + Make get_timestr() take a time_t so we can use it properly in + sudoreplay. + [82e67cc53c9c] + + * script.c: + Create session dir earlier now that we update the seq number early. + [797fe8d6dc61] + +2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Use fromdate and todate as the keywords instead of from and to; the + short forms will still be accepted. + [d14d9b116df4] + + * sudoreplay.c: + Fix reading long liensin sudo_getln() + [58dadd74118c] + + * script.c, sudoreplay.c: + Log the cwd in the script log file. Add sudo_getln() to read + arbitrarily long lines. + [faceb802ab8f] + + * Makefile.in, logging.c, sudo.h, timestr.c: + Move get_timestr() into its own source file so sudoreplay can use + it. + [99b054bfa20a] + +2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Add to and from perdicates (date ranges); needs documentation + [1d629174dcf4] + +2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, getdate.c, getdate.y: + Fix warning and add generated getdate.c + [b877a86b5a03] + + * Makefile.in, getdate.y: + Add getdate.y to be used for sudoreplay date parsing. + [b8e26fbb7a40] + +2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + Check more than just the first character of a predicate + [4fe53728adb1] + + * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod: + Add examples, sort predicates + [70f8075cbccc] + + * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, + sudoreplay.pod: + Implement search expressions in sudoreplay similar in concept to + what find or tcpdump uses. TODO: date ranges + [f7ce4fb4cf3a] + +2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Remove vhangup as it was hanging up the wrong tty. Should really + vhangup in the child after it as set its tty. + [2eed9df73010] + + * sudoers.pod: + Fix cut at documenting transcript support. + [e6c533a5568a] + + * logging.c: + ID= -> TSID= for transcript ID + [1bf755a35333] + +2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Move fast_glob description to where it belongs in sorted order + [5901cfb0d25f] + + * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, + parse.c, parse.h, sudo.c: + Rename script -> transcript + [e06cf823122c] + +2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + Add timeradd and timersub for those without them + [929f8aa06c2b] + + * script.c: + Sanity check sessid before using it. + [aa8ca5211d43] + + * sudo.c: + Only set the session id if we are running a command or editing a + file. + [7205d717c098] + + * script.c: + Actually. qsort is fine since most versions fal back to a cheaper + sort when the number of elements to sort is small (like in our + case). + [d11c7cd352fe] + + * config.h.in, configure, configure.in, script.c: + Check for dup2 and use dup instead if we don't have it. + [98bd89830f8a] + + * script.c, sudo.c, sudo.h: + Move the code to dup2 the script fds to low numbered descriptors + into script_duplow() and fix the fd sorting. + [9453fdc5fba6] + + * script.c, sudo.c, sudo.h: + Move script_setup() back to immediately before we drop privs and + call the new script_nextid() in its place, which will set + sudo_user.sessid for the logging functions. + [8434d0c8ff08] + +2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Install sudoreplay + [6acf2cdb4d3f] + + * sudoreplay.c: + remove unused variable + [2316360bb992] + +2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c, script.c, sudo.c, sudo.h: + Log the session ID, if there is one. Currently logs ID=XXXXXX, + perhaps should be SESSIONID or SESSID. + [53976905b0a6] + + * Makefile.in, configure, configure.in, sudoreplay.cat, + sudoreplay.man.in, sudoreplay.pod: + Add sudoreplay docs + [da4f14f0e64c] + + * sudoreplay.c: + add -V (version) flag + [b5e743639ee3] + + * sudoreplay.c: + Hook up max_wait. + [2ec5697a92ba] + + * script.c, sudoreplay.c: + Use base36 number for the ID and store script files with paths like + /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6 + (2,176,782,336) unique IDs. + [6aab019d07aa] + +2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure.in: + Add check for regcomp + [44c3ebd7ff34] + + * sudoreplay.c: + Add support for selecting by pattern and tty when listing. + [66189f840c52] + +2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoreplay.c: + The beginnings of a list mode. + [8d0150b4a52c] + +2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + fix pasto + [616b4640b8a8] + + * Makefile.in, config.h.in, configure.in: + Add scaffolding for building sudoreplay + [a32958505dbe] + + * sudoreplay.c: + include error.h first arg to nanotime is const + [fe5a7bb31bc5] + + * sudoreplay.c: + Initial cut at sudoreplay; replay a sudo session. + [f149fba372bd] + +2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * script.c: + Fix wait() usage and use correct wait status. + [f4745ed7ad05] + + * sudo.c, sudo.h, tgetpass.c: + Add protos for term_* to sudo.h + [14fe1abd7e7b] + + * script.c: + Fix detection of the child process exiting. Since the child is in + its own session we should only ever get SIGCHLD for that process but + better safe than sorry. + [7edfdadd8505] + + * config.h.in: + Add UNIX98 pty support. + [82f4b53a0e8f] + + * configure, configure.in, script.c: + Add UNIX98 pty support. + [795b8bb0a3a1] + +2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * term.c: + For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC + if it is defined. + [40f8b83baf69] + + * auth/pam.c: + Set PAM_RUSER and PAM_RHOST early so they can be used during + authentication. Based on a patch from Jamie Beverly. + [3d567b453a6a] + + * match.c: + Close dir before returning if strlcpy() reports overflow. From + Martynas Venckus. + [6a82f96473e5] + + * config.h.in, configure, configure.in, script.c: + On Linux, the openpty proto libes in pty.h + [98643a018d1c] + + * script.c: + Call vhangup on exit if the system has it Use setpgrp() if no + setsid() + [3a9e13149829] + +2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + Add checks for revoke and vhangup if we don't have openpty + [fcb04572e994] + + * script.c: + Session logging guts that got forgotten in the previous commit. + [c2af08a63ea9] + + * Makefile.in, aclocal.m4, compat.h, config.h.in, configure, + configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, + gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, + tgetpass.c: + First cut at session logging for sudo. Still need to write get_pty() + for Unix 98 and old-style BSD ptys. Also needs documentation and + general cleanup. + [77e3f5e25738] + +2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudo_edit.c: + Fix a bug introduced with def_closefrom. The value of def_closefrom + already includes the +1. + [7291c136300d] + +2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Generate sudo distributions with pax in ustar mode. No longer need + to use a temp file or have the source dir name match the version. + [9778177a8272] + +2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Fix expansion of %h in #include names. Fixes bugzilla 363 + [6e346879ba24] + +2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkdefaults: + If no arg assume def_data.in + [c1dd28c0e675] + + * README, WHATSNEW: + Update for 1.7.2 + [f5ad45f69f05] [SUDO_1_7_2] + + * ChangeLog: + sync + [6283549396ff] + +2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Add missing single quotes around a colon in Runas_Spec definition. + From Elias Benali. + [ccc6ee4fca83] + +2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man.in, sudoers.man.in: + regen + [546e75304ebf] + + * redblack.c: + In rbrepair, re-color the root or the first non-block node we find + to be black. Re-coloring the root is probably not needed but won't + hurt. + [34d01ebe241b] + + * sudo.cat, sudoers.cat: + regen + [bebf5a39f54f] + +2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * redblack.c: + When repairing the tree, don't touch the root node. + [9841f0d5d789] + +2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. + Reported by Josef Schmid. + [ed044b1eb879] + +2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Document that we accept env_pam-style environment files + [e3b545456352] + + * env.c: + Adapt to accept pam_env-style /etc/environment which allows shell- + style lines such as: export EDITOR="/usr/bin/vi" + [752eb75bf007] + + * sudoers.pod: + Make it clear that env_delete only works when !env_reset. From Loïc + Minier + [3bd3f8e351ba] + +2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudoers.pod: + Add non-unix group bits, adapted from Quest + [8ce427de8dea] + + * Makefile.in: + build the .cat page in the current working dir, not the src dir + [00e87a307674] + + * env.c: + Return EINVAL in setenv() if var is NULL or the empty string to + match glibc behavior. + [23fd7c247142] + +2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE + [fedd4a3e2a85] + +2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [7b9f461a40b3] + +2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Document --with-libvas and --with-libvas-rpath + [a071e6d96c89] + +2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c, sudoers.ldap.pod: + For netscape-derived LDAP SDKs the cert and key paths may be a + directory or a file. However, version 5.0 of the SDK only seems to + support using a directory. If ldapssl_clientauth_init fails and the + cert or key paths look like they could be files, strip off the last + path element and try again. + [ac4e49d83043] + + * Makefile.in: + Add non-Unix group .o to COMMON_OBJS and substitute in path to flex. + [4547cc1a335f] + +2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in, match.c, sudo.c, vasgroups.c: + Update non-Unix group support from Quest, as reworked by me. + [1abafce29dc6] + + * toke.c: + regen + [01bfca9148b7] + + * toke.l: + Add support for escaped hex chars in names, e.g. \x20 for space. + [3c7be8e58a39] + +2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c, + auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c, + fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c, + logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c, + set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h, + sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c, + tgetpass.c, toke.l, visudo.c: + Update copyright years. + [e615f676c764] + +2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c, lbuf.c: + Minor fixes for Minix-3 + [898c510d23f9] + +2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Handle getgroups() returning 0. Also add missing check for + HAVE_GETGROUPS. + [d73b958f9ffd] + +2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, config.h.in, configure, configure.in, sudo.c, + version.h, visudo.c: + Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. + [5050579a264d] + +2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Remove group setting code in setusercontext case, we will do it + ourselves later on in runas_setup. Set the gid after + initgroups/setgroups is called, since on Mac OS X it seems to change + the egid. + [09dc21d8b42d] + +2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c, + vasgroups.c: + Initial bits of non-unix group support using Quest Authentication + Services + [1eecab0ff27e] + + * toke.c, toke.l: + Accept %:foo as a non-Unix group + [4c4b5dd899a6] + + * toke.c, toke.l: + Allow user/group to be double quoted in the case of non-Unix groups + which contain spaces. + [47a3d568b7e8] + +2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Don't allow the user to specify the default runas user if their + sudoers entry only allows them to run as a group. + [4d726177227c] + +2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Must call audit_success before we change uids. + [04a9e6ce6e55] + + * logging.c, set_perms.c, sudo.h, testsudoers.c: + Add option for set_perm to not exit on failure and use this in the + logging routines. + [833dce7b7f42] + + * parse.c: + In -l mode, if the user is only allowed to run as a group, display + the user's name, not root's before the allowed group. + [ef92ff99d265] + + * sudo.c: + Fix -g mode, broken by rev 1.503 which had the side effect of + setting the runas user to root unilaterally. + [50a2f7df4385] + +2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * fileops.c: + When unlocking a file with fcntl, use F_SETLK, not F_SETLKW. + [30fbe832dcf3] + + * pwutil.c: + Only cache by the method we fetched for pwd and grp lookups. + Previously we cached both by namd and id but this can cause problems + for entries that share the same id. Also add more info in the error + message in case the insert fails (which should now be impossible). + [ef95a4f0bab5] + +2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Add a clarification from Nick Sieger + [1eadad329561] + +2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Inline the setting of the environment string. + [9515d11c6295] + +2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + setenv(3) in Linux treats a NUL value as the empty string setenv(3) + in BSD doesn't return an error if the name has '=' in it, it just + treats the '=' as end of string. + [941260bf94d2] + +2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Not all systems have d_namlen + [e377b18d8e2d] + +2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Fix up some pod2html issues. + [823a1f10ab60] + +2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from + Quest Software. + [73de36653131] + + * sudoers.pod: + Ignore files ending in '~' in sudo.d (emacs backup files) + [7871fad702db] + + * toke.c, toke.l: + Ignore files ending in '~' in sudo.d (emacs backup files) + [53fded2a469f] + +2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l: + For #includedir, ignore any file containing a dot + [a7daa1bce6c2] + + * Makefile.in, version.h: + Bump version + [ef60f14ffc44] + + * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l, + visudo.c: + Implement #includedir directive. Files in an includedir are not + edited by visudo unless they contain a syntax error. + [3923d85a6c79] + + * ChangeLog: + sync + [8741ed61a78b] [SUDO_1_7_1] + + * WHATSNEW: + Forgot umask_override + [7c86a21a5504] + + * ChangeLog, TODO: + sync + [57339ca6bccf] + +2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Rewind stream if we fdopen sudoers since it may not be at the + beginning. Set the keepopen flag on already-open files too so the + lexer doesn't close them out from under us. + [61292d819aff] + + * visudo.c: + Print the proper file name when there is a parse error in an include + file. + [b0e85d4aedde] + +2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + Sync + [997e5d485ea3] + +2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix a warning when --without-ldap is specified. + [d91fd9481b30] + +2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * alias.c, parse.h, visudo.c: + Store aliases that we remove during check_aliases in a freelist and + free them at the end so we don't leak memory. + [805e2272f6a3] + +2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Check aliases in -c mode too. + [9199e188d9f2] + + * alias.c, parse.h, visudo.c: + Make alias_remove return the alias struct instead of freeing it + directly. Fixes a use after free in alias_remove_recursive, the only + consumer. + [a04b61804800] + + * alias.c, match.c, parse.c, parse.h, visudo.c: + Rename find_alias -> alias_find for consistency. + [48b0a82924f3] + +2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + When checking for unused aliases, recurse if the alias points to + another alias. + [2d4d1a7f3a41] + +2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Back out rev 1.105 for now. Real ldapux_client.conf support will be + done later after some refactoring. + [8ad72e69b277] + +2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Treat ldap_hostport the same as "host" for ldapux. + [3281dcc66da8] + + * configure, configure.in: + Only check for ldap_sasl_interactive_bind_s if we can find sasl.h. + Fixes compilation with ldapux. + [ca1ed585ef0e] + +2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * fileops.c: + fix char subscript + [41e51f080d00] + +2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + remove errant carriage returns + [e9e258a31c7b] + + * audit.c, env.c: + fix K&R compilation + [d182e8920f13] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [791a5cbf04e5] + +2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + Add missing HAVE_BSM_AUDIT + [49ad1bb96f04] + + * WHATSNEW: + Add 1.7.1 features + [f107f1604c61] + + * INSTALL: + Mention --with-netsvc + [d1e90d147795] + + * sudoers.ldap.pod: + Document netsvc.conf support + [e78f8abce6af] + + * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c, + sudo_nss.h: + Add support for AIX netsvc.conf (like nsswitch.conf). + [1df56a84dee5] + +2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, env.c: + Add --enable-env-debug flag to enable environment sanity checks. + [128cdd8832e7] + + * sudoers.ldap.pod, sudoers.pod: + Work around some pod2html issue. + [e733b9609bd2] + +2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Only sync environ for putenv, setenv, and unsetenv. We need to make + sure that sudo_putenv and sudo_setenv only modify env.envp, not + environ. + [be3ac732243c] + +2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Really fix UNSETENV_VOID + [08ab7e882507] + + * env.c: + Fix unsetenv when UNSETENV_VOID + [d3038b3f2f15] + + * aclocal.m4, configure: + Fix SUDO_FUNC_PUTENV_CONST + [de35569c572b] + + * ldap.c: + tivoli-based ldap does not have ldapssl_err2string + [c63fd90d5e99] + + * configure: + regen + [f38f1ee828ad] + +2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, ldap.c: + Add support for Tivoli-based LDAP start TLS as seen in AIX. + Untested. + [8f8771829f85] + + * env.c: + Add sanity checks for setenv/unsetenv + [adbd1d95856b] + + * Makefile.in: + Include bsm_audit.h in the tarball + [4a4aa02b2c32] + + * Makefile.in, version.h: + bump version for sudo 1.7.1 + [362c71d21595] + + * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in, + env.c, ldap.c, sudo.h: + Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and + provide our own setenv/unsetenv/putenv that operates on own env + pointer. Make sync_env() inline in setenv/unsetenv/putenv functions. + [276edcd23032] + +2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Make "sudoedit -h" work as expected + [2bcbbb45d389] + + * auth/pam.c: + Make sure def_prompt is always defined. This is a workaround for pam + configs that prompt for a password in the session but don't have an + auth line. A better fix is to expand the sudo prompt earlier and set + def_prompt to that when initializing. + [ee073c04aec3] + + * sudo.pod: + Mention that the helper for -A may be graphical. + [b64a940c4082] + + * TROUBLESHOOTING: + Document what happens if there is no tty. + [313d58a856a5] + + * sudo.c: + cosmetic changes + [894f5e3b0c3e] + + * term.c: + Fix term_restore + [6c6315ff14bc] + + * sudo.c: + Fix "sudo -k" with no other args + [59e94dc419c6] + +2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, sudo.c, sudo.pod, sudo_usage.h.in: + Allow the -k flag to be specified in conjunction with a command or + another option that may require authentication. + [5960ff20355d] + +2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes' + [e86ab69c4a57] + + * Makefile.in: + Parallel make fix. From Diego E. 'Flameeyes' + [1289d7ee27db] + +2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: + Implement umask_override + [8b87a3f7c5aa] + + * toke.c: + regen + [79d7ca9ac873] + + * sudoers.pod, toke.l, visudo.c: + Implement %h escape in sudoers include filenames. + [a7f288dd64f0] + + * audit.c: + Need to include compat.h + [c0dc07ce2f70] + + * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c: + Make audit_success and audit_failure generic functions in + preparation for integrating linux audit support. + [7df020a8fd6f] + + * term.c: + remove duplicate include + [1dfcd01a7e46] + +2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * bsm_audit.c: + Add missing include + [fb56e08c37ee] + + * sudo.c: + May need to update the runas user after parsing command-based + defaults. + [246f130d7802] + +2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * glob.c: + Add missing pair of braces introduced with character class support. + [0e2afa2e03e9] + +2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c: + Rename pwstars to pwfeedback + [a9f85a57ebac] + +2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * bsm_audit.c, bsm_audit.h: + Add const to make MacOS happy. + [4274432d6627] + + * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure, + configure.in, sudo.c: + Add bsm audit support from Christian S.J. Peron + [bef61cd8693d] + + * term.c: + This is new code, no DARPA notice. + [ec6ad09b9c23] + +2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: + Rename simple_glob -> fast_glob + [68d9ed803cc1] + + * match.c: + g/c unused var + [693fa0464eb6] + + * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod: + Add simple_glob option to use fnmatch() instead of glob(). This is + useful when you need to specify patterns that reference network file + systems. + [77ba634f6949] + + * tgetpass.c: + add term_* proto + [520f5149d073] + + * sudoers.pod: + mention glob() + [ddaab8e03c52] + +2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Delete any pwstars we wrote after the user hits return. That way + there is no record on screen as to the user's password length. + [fae25cda762b] + +2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * term.c: + Move terminal setting bits from tgetpass.c to term.c + [03d43325ee99] + + * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod, + tgetpass.c: + Add pwstars sudoers option that causes sudo to print a star every + time the user presses a key. + [7aab417e184d] + +2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in. + [64f70e879816] + +2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + For ldap_search_ext_s() the sizelimit param should be 0, not -1, to + indicate no limit. From Mark Janssen. + [e2c5732d54f5] + +2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Comments that begin with #- should not be parsed as uids. + [a72a50f12f41] + +2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Do not try to set the close on exec flag if we didn't actually open + sudoers. + [ece3ca256904] + +2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog: + regen + [e11f0e4c1bdd] [SUDO_1_7_0] + +2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + sync + [5b8954462bb3] + +2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the + password prompt. + [8563601cb3de] + + * configure, configure.in: + Don't try to build sudo_noexec.so on HP-UX with the bundled compiler + as it cannot generate shared objects. + [6d4262ef9669] + + * emul/charclass.h, glob.c, lbuf.c, tgetpass.c: + K&R compilation fixes + [77921678d17c] + + * parse.c: + Use tq_foreach_fwd when checking pseudo-commands to make it clear + that we are not short-circuiting on last match. When pwcheck is + 'all', initialize nopass to TRUE and override it with the first non- + TRUE entry. + [96b209f4778f] + +2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Do not short circuit pseudo commands when we get a match since, + depending on the settings, we may need to examine all commands for + tags. + [fdbaf89d6f35] + +2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in: + regen + [1ecce7c1b841] + + * sudoers.pod: + hostnames may also contain wildcards + [82b76695601c] + + * Makefile.in: + remove stamp-* files and linux core files in clean target + [22003f091467] + +2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/sudo_auth.h, config.h.in, configure, configure.in: + Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX + [6905bede8410] + +2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + correctly enable SIA on Digital UNIX + [a51881d13995] + + * TODO: + checkpoint + [af0fe8d94d42] + + * ChangeLog: + sync + [831f623cf99c] + +2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, sudo.h, tgetpass.c: + Even if neither stdin nor stdout are ttys we may still have /dev/tty + available to us. + [20f306ba883b] + +2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in: + regen + [76d97c4c318f] + + * sudoers.pod: + fix typos; Markus Lude + [bff8bc1e2066] + + * ChangeLog: + sync + [f108552531cd] + + * toke.c: + regen + [de828413c67e] + + * toke.l: + Fix matching of a line that only consists of a comment char + [09c953d8d5ca] + +2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + MacOS pam will retry conversation function if it fails so just treat + ^C as an empty password. + [d056058930bc] + + * visudo.c: + When checking for alias use, also check defaults bindings. + [2647f82c7dbd] + + * redblack.c: + unused var + [b7ff71c17c18] + + * redblack.c: + Replace my rbdelete with Emin's version (which actually works ;-) + [21b133dd0c72] + +2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * testsudoers.c: + malloc debugging + [0fb446fa3279] + + * visudo.c: + malloc options in devel mode for visudo too + [98d06c6afeef] + +2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + fix compilation on non-C99; from Theo + [7c304e16c536] + + * visudo.c: + fix check_aliases + [83f30a3b1765] + + * alias.c: + when destroying an alias, free the correct data pointer + [6e1a8bd86c01] + + * auth/sudo_auth.h: + add proto for aixauth_cleanup; from Dale King + [eba94ffc8f63] + +2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [409fa57fff83] + + * sudo.pod, sudoers.pod, visudo.pod: + standardize on the term 'option' for command line options (not flag) + [228caefc2e36] + +2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Add note on configuring HP-UX pam + [f7674a581baf] + +2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, sudo.c: + Move tty checks into check_user() so we only do them if we actually + need a password. + [7d997d7106d6] + + * sudo.c: + Don't error out if no tty or askpass unless we actually need to + authenticate. + [9f23b83ed66c] + +2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog: + regen + [23f9aef32da6] + + * pathnames.h.in, sudo.c: + s/overriden/overridden/; from Tobias Stoeckmann + [9f7459a8fac5] + +2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW, visudo.c: + check sudoers owner and mode in strict mode + [a3468c5ac1c4] + + * gram.c, toke.c: + regen + [7d6b515a5443] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + Update copyright years. + [52d340cb8cba] + + * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, + auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h, + closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c, + gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c, + interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h, + parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, + sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod, + testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c, + visudo.pod, zero_bytes.c: + Update copyright years. + [b4e6bf2beafa] + + * emul/charclass.h, fnmatch.c, glob.c: + add my copyright + [28681385014a] + +2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + The loop in fill_cmnd() was going one byte too far past the end, + resulting in a NUL being written immediately after the buffer end. + [a5a49d603cd7] + + * UPGRADE, WHATSNEW: + add sections on tgetpass changes + [2e6929b6a102] + + * tgetpass.c: + Treat EOF w/o newline as an error. + [aa02b1db9240] + +2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Fix "sudo -v" when NOPASSWD is set. + [f4914711ea80] + + * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c, + auth/sudo_auth.h: + No longer treat an empty password at the prompt as special. To quit + out of sudo you now need to hit ^C at the password prompt. + [980f760ad419] + + * sudoers.cat, sudoers.man.in: + regen + [6ca21a2cd869] + + * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod: + Sudo will now refuse to run if no tty is present unless the new + visiblepw sudoers flag is set. + [0cc56943252e] + +2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * aix.c: + just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not + defined + [24fc6f712d5c] + + * aix.c: + fix fallback value for RLIM_SAVED_MAX + [e09e04e1af89] + + * auth/aix_auth.c, auth/sudo_auth.h: + Move clearing of AUTHSTATE into aixauth_cleanup. + [e14ae7bd259c] + + * auth/aix_auth.c, env.c: + Unset AUTHSTATE after calling authenticate() as it may not be + correct for the user we are running the command as. + [d14f68f1b0ab] + + * isblank.c: + Add isblank() function for systems without it. Needed for POSIX + character class matching in fnmatch.c and glob.c. + [16cba30b283f] + +2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + expound on sudo and cd + [8e0fa9033637] + +2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog: + regen + [40cf320a10fc] + + * sudoers.cat, sudoers.man.in: + regen + [7cac761ae2c6] + + * sudoers.pod: + mention defauts parse order + [4e2ce86d1394] + +2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, aclocal.m4, compat.h, configure: + Add isblank() function for systems without it. Needed for POSIX + character class matching in fnmatch.c and glob.c. + [a1ab55da8424] + + * Makefile.in: + add emul/charclass.h to HDRS + [7e8a019dcaa4] + +2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + checkpoint + [afeb9bc1baed] + + * defaults.c, parse.c, testsudoers.c, visudo.c: + Move update_defaults into defaults.c and call it properly from + visudo and testsudoers. + [f4dbb369461f] + + * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c, + tsgetgrpw.c: + use zero_bytes() instead of memset() for consistency + [4cee0465f4a8] + + * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c, + visudo.c: + Zero out sigaction_t before use in case it has non-standard entries. + [120092225459] + + * match.c: + quiet gcc + [098a1df49b23] + + * match.c: + Short circuit glob() checks if basename(pattern) != + basename(command). Refactor code that checks for a command in a + directory and use it in the glob case if the resolved pattern ends + in a '/'. + [3c46fd317acb] + +2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c: + Defer setting runas defaults until after runaspw/gr is setup. + [12e75ee49c0c] + +2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c, sudo.c, testsudoers.c: + Use MAXHOSTNAMELEN+1 when allocating host/domain name since some + systems do not include space for the NUL in the size. Also manually + NUL-terminate buffer from gethostname() since POSIX is wishy-washy + on this. + [7266ab3296a3] + +2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudoers.pod: + When setting the umask, use the union of the user's umask and the + default value set in sudoers so that we never lower the user's umask + when running a command. + [4e804b004e38] + + * sudo.c: + Don't try to read from a zero-length sudoers file. Remove the bogus + Solaris work-around for EAGAIN. Since we now use fgetc() it should + not be a problem. + [bb8e5f68d944] + +2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + In update_defaults() check the return value of user*_matches against + ALLOW so we don't inadvertantly match on UNSPEC. + [4e422fa1527e] + +2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen man pages; no more hyphenation + [15de4fe2fe01] + + * sudo.c: + Don't error out on a zero-length sudoers file. With the advent of + #include the user could create a situation where sudo is unusable. + [6eb461319fa5] + +2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c, config.h.in, configure, configure.in: + Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT + krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at + all. Add configure tests to handle all the cases. + [4b554a98470d] + +2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + resort ENVIRONMENT + [f4f20f40653e] + + * sudoers.pod: + document sudoers_locale + [0bffd2dbe806] + + * sudo.pod, sudo_edit.c: + add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL + or EDITOR + [0ef8cb248cee] + + * toke.c, toke.l: + In fill_cmnd(), collapse any escaped sudo-specific characters. + Allows character classes to be used in pathnames. + [5685244c8e44] + +2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * lbuf.c: + fix typo in non-C89 function declaration + [99a7113b3a05] + + * sudoers.pod: + Mention POSIX characters classes now that out fnmatch() and glob() + support them. + [9c916f1230c3] + + * sample.sudoers, sudoers.pod: + Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is + locale agnostic. + [a60a62bec244] + + * parse.h: + use __signed char if we are going to assign a negative value since + on Power, char is unsigned by default + [2877b319df17] + + * config.h.in, configure, configure.in: + Add tests for __signed char and signed char. + [5eb874fdf1d4] + + * aix.c: + Fix AIX limit setting. getuserattr() returns values in disk blocks + rather than bytes. The default hard stack size in newer AIX is + RLIM_SAVED_MAX. From Dale King. + [3db67415ecc3] + +2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * emul/charclass.h, fnmatch.c, glob.c: + Add character class support to included glob(3) and fnmatch(3). + [6b5b4ad77899] + +2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * emul/fnmatch.h: + Remove UCB advertising clause and some compatibility defines. + [2ade7bee74e1] + +2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself + or sudo. This allows one to set EDITOR to sudoedit without getting + into an infinite loop of sudoedit running itself until the path gets + too big. + [aa49ab68f82d] + + * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c: + Add sudoers_locale Defaults option to override the default sudoers + locale of "C". + [0639886a35bf] + +2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Set locale to system default except for during sudoers parse. + [016dd2736728] + +2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Redo change in 1.34 to use pointer arithmetic. + [f9e7b63bb450] + +2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Fix a dereference (read) of a freed pointer. Reported by Patrick + Williams. + [69877b633753] + +2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Set locale to "C" to avoid interpretation issues with character + ranges in sudoers. May want to make the locale a sudoers option in + the future. + [098a95de1746] + +2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + we no longer use setproctitle + [c7f20fb747ea] + + * sudo.h: + remove #if 1 + [a368ee6816c6] + + * LICENSE, mkstemp.c: + Use my replacement mkstemp() from the mktemp package. + [d07c2beb0f9e] + +2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c: + regen with yacc skeleton bug fixed + [24784571cbb8] + + * sudoers.pod: + Remove duplicate "as root". From Martin Toft. + [97241acfee5e] + +2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c, sudo.c, sudo.h, testsudoers.c: + Flesh out the fake passwd entry used for running commands as a uid + not listed in the passwd database. Fixes an issue with some PAM + modules. + [a6648227f3f2] + +2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Error out in -i mode if the user has no shell. This can happen when + running commands as a uid with no password entry. + [0c174bef36ff] + +2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Better fix for line continuation inside double quotes. Now accepts + whitespace between the backslash and the newline like the main + lexer. + [64efcdf86d31] + +2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Fix line continuation in strings. It was only being honored if + preceded by whitespace. + [96c21271a3e4] + +2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, logging.c: + Replace the double fork with a fork + daemonize. + [328505441e67] + +2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, sudo.c: + The -i flag should imply env_reset. This got broken in sudo 1.6.9. + [3caedfeaec87] + + * logging.c, sudo.c, sudo_edit.c, visudo.c: + Change how the mailer is waited for. Instead of having a SIGCHLD + handler, use the double fork trick to orphan the child that opens + the pipe to sendmail. Fixes a problem running su on some Linux + distros. + [b59ce60a393d] + +2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix configure test for dirfd() on Linux where DIR is opaque. + [b8f729cdfecc] + +2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has + this problem we'll need to revisit this again. + [c17fee8ad530] + +2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + Ignore SIGPIPE instead of blocking it when piping to the mailer. If + we only block the signal it may be delivered later when we unblock. + Also, there is no need to block SIGCHLD since we no longer do the + double fork. The normal SIGCHLD handler is sufficient. + [e94a49e992e5] + +2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add description for NO_PAM_SESSION, from a redhat patch. + [b9e4c939ec09] + +2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudo.pod: + Fix typos in -i usage + [2d7ce5de0235] + +2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Redo the test for dgettext() in a way that hopefully will work + around the libintl_dgettext() undefined problem. + [d27beb0cf85e] + +2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * schema.ActiveDirectory: + change filename in comment + [733da4ee9ac5] + +2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in, + sudoers.ldap.pod: + Reference schema.ActiveDirectory + [d6aec537800e] + +2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * schema.OpenLDAP, schema.iPlanet: + Mark sudoRunAs as deprecated. + [00c50df807af] + + * schema.ActiveDirectory: + add sudoRunAsUser and sudoRunAsGroup + [19bcce6f72fb] + + * schema.ActiveDirectory: + Active Directory schema by Chantal Paradis and Eric Paquet + [06a09c92c6a5] + +2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + remove an XXX that was fixed + [b88038062fa2] + + * ChangeLog: + sync + [8fc27c17270e] + + * parse.c: + Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This + fixes a problem where the tag value printed was influenced by + defaults set in the first pass through the parser. + [588ccd630367] + +2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, sudo.psf: + No point in packaging the TODO file + [9590248fffe1] + + * ChangeLog: + sync + [152acf4c6813] + +2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c, + sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod: + Add env_file Defaults option that is similar to /etc/environment on + some systems. + [1daf53d51e18] + +2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in, + sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in, + version.h, visudo.cat, visudo.man.in: + change version to 1.7.0 + [d41d126b9bd8] + + * UPGRADE: + initial valgrind pass done + [c59c3876d8ca] + +2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Fix typo/think in sudo_ldap_read_secret() when storing the secret. + [830d246c09b0] + +2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + define LDAPS_PORT if the system headers do not + [247b12325701] + +2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c, gram.y: + Fix another memory leak in init_parser(). + [7bba47deba11] + + * configure, configure.in: + There was a missing space before the ldap libs in SUDO_LIBS for some + configurations. + [7524cfc93759] + + * alias.c, gram.c, gram.y, toke.c, toke.l: + Clean up some memory leaks pointed out by valgrind. + [a965866ece1a] + +2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + fix "sudo -s" broken by mode/flags breakout + [acffe984d408] + + * configure, configure.in: + remove duplicate check for dgettext + [58145529133c] + +2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * aix.c: + Fall back to default stanza if no user-specific limit is found. + [7b8cb29123ee] + +2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * snprintf.c: + include stdint.h if present + [f0ec38529306] + + * snprintf.c: + Use LLONG_MAX, not the old QUAD_MAX + [01041ce508fb] + +2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.ldap.pod: + fix cut and pasto + [34240fdef5ab] + +2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + Add #ifdef PURITY + [ce1b571ad526] + +2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/bsdauth.c: + remove useless cast + [494f8a862e1d] + +2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog: + sync + [f5c97ffaabcc] + + * TODO: + sync + [96ff1c44c182] + + * sudo.h: + Split MODE_* defines into primary and flags. + [c02ee3027cb9] + +2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * aix.c: + It turns out the logic for getting AIX limits is more convoluted + than I realized and differs depending on whether the soft and/or + hard limits are defined. + [cf8d3f85d395] + +2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, configure, configure.in: + Back out AIX-specific change to set the sudo_noexec path to the .a + file, we do really want to use the .so file. Since libtool doesn't + do that correctly, just install the .so file ourselves in the + Makefile. + [05c6f33177d9] + + * install-sh: + If the file given to install is a path, only use the basename of the + file when building the destination path. + [695ba4e429ce] + +2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + parse_args() cleanup: Sort command line options in the getopt() + switch The -U option requires a parameter Normalize a few ISSET + calls Split mode into mode and flags and retire the now-obsolete + excl variable + [0d156835f861] + + * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, + sudo_usage.h.in: + Add -n (non-interactive) flag. + [e3e50400d32d] + + * sudo.c: + Move version printing, etc. into a separate function. + [18c91b476e2c] + + * sudo.c: + Don't try to cleanup nsswitch if it has not been initialized. + [aeb1ca1b399d] + +2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + Block SIGPIPE in send_mail() so sudo is not killed by a problem + executing the mailer. + [f130e7924cca] + +2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + AIX shared libs end in .a, not .so. + [a5deb07020d8] + +2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Preserve HOME by default too. Matches documentation and previous + behavior. + [c16f17f1047c] + +2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Use getopt() to parse the command line. We need to be able to + intersperse env variables and options yet still honor "--"" which + complicates things slightly. + [60f271ce5c16] + +2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog: + sync + [685e67964eda] + + * acsite.m4, configure, ltmain.sh: + update to libtool-1.5.26 + [4c9a8c3d3b40] + + * config.guess, config.sub: + update from libtool-1.5.26 distribution + [c6641aef2527] + + * aix.c, sudo.h: + attempt to fix compilation errors on AIX + [edb13e5b2184] + + * Makefile.in: + fix typo in last commit + [25ba7f7ceae4] + + * Makefile.in: + Add WHATSNEW file to the distribution + [213f4115de8f] + + * visudo.c: + use warningx instead of fprintf(stderr, ...) + [a3494b8ccb19] + + * list.c: + add DEBUG to list2tq + [115d24a3000c] + + * ChangeLog, TODO: + sync + [60e6f4d1fac0] + + * WHATSNEW: + mention mailfrom + [e2498f9e18d6] + + * Makefile.in, aix.c, config.h.in, configure, configure.in, + set_perms.c, sudo.h: + Add aix_setlimits() to set resource limits on AIX using a + combination of getuserattr() and setrlimit(). Currently untested. + [9b1441fd89ca] + +2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat, + sudoers.man.in, sudoers.pod: + Add mailfrom Defaults option that sets the value of the From: field + in the warning/error mail. If unset the login name of the invoking + user is used. + [029b9f05d3d9] + + * defaults.c: + store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable + [a90e407d5e00] + + * gram.c, gram.y: + When adding a default, only call list2tq() once to do the list to tq + conversion. It is not legal to call list2tq multiple times on the + same list since list2tq consumes and modifies the list argument. + [fbc25d245c4a] + + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + comment out XXXs for now + [595a1d43309d] + + * WHATSNEW: + mention askpass + [b993e0837c22] + +2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Error out if both -A and -S are specified Error out if -A is + specified but no askpass is configured + [24f1df2638f6] + + * configure, configure.in: + we are not going to ship a sudo-specific askpass + [61949e7a3943] + +2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + fix definition of TGP_ASKPASS + [0447c57ba4c3] + + * def_data.c, def_data.in: + make askpass boolean-capable + [e0885893a325] + + * INSTALL: + document --with-askpass + [c76e15ba97cf] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.man.in, visudo.cat: + regen + [8d16242980b7] + +2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudo_usage.h.in, sudoers.pod: + document -A and askpass + [02c07505a78c] + + * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c, + def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h, + sudo_usage.h.in, tgetpass.c: + Add support for running a helper program to read the password when + no tty is present (or when specified with the -A flag). TODO: docs. + [05780f5f71fd] + + * def_data.c, def_data.in: + add missing printf format to SELinux role and type strings + [2b32774715e7] + +2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in: + Disable use of gss_krb5_ccache_name() by default and add + --enable-gss-krb5-ccache-name configure option to enable it. It seems + that gss_krb5_ccache_name() doesn't work properly with some + combinations of Heimdal and OpenLDAP. + [f61ebd3b19bd] + +2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * selinux.c: + Ignore setexeccon() failing in permissive mode. Also add a call to + setkeycreatecon() (though this is probably insufficient). From Dan + Walsh. + [52564fc1c069] + + * auth/pam.c: + Only set std_prompt for the PAM_PROMPT_* cases. The conversation + function may be called for non-password reading purposes so we must + be careful not to use def_prompt in cases where it may not be set. + [29d88ca575ba] + +2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * selinux.c: + Don't free the new tty context, we need to keep it around when we + restore the tty context after the command completes + [5b4bd39b6ea8] + +2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * selinux.c: + s/newrole/sudo/ + [21b8a96ff8df] + + * sudo.man.pl, sudo.pod: + Only put login_cap(3) in SEE ALSO section if we have login.conf + support + [05250ddff2c0] + +2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [301e5c5ccdbe] + + * Makefile.in, configure, configure.in: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [9a02bd6a6658] + + * sudo.man.pl: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [0c56d4750ac3] + + * sudo.pod: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [acdbdfd24e1d] + + * sudoers.man.pl: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [6c88f30b878a] + + * sudoers.pod: + Substitute in comment characters for lines partaining to login.conf, + BSD auth and SELinux and only enable them if pertinent. + [c1c98fa163ce] + + * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: + Remove the =cut on the first line (above the copyright notice) to + quiet pod2man. Also remove the hackery in the FILES section and just + deal with the fact that there will a newline between each pathname. + [2ac1ab191835] + +2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + run sudo.man.pl when generating sudo.man.in + [859727369168] + + * configure, configure.in, sudo.man.pl: + comment out SELinux manual bits unless --with-selinux was specified + [97ff4212b649] + + * sudoers.pod: + document role and type defaults for SELinux + [870f303366b3] + + * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in: + Document "sudo -ll" and make "sudo -l -l" be equivalent. + [3ce6dc429ea3] + +2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on + Debian GNU/kFreeBSD. + [c4efa567a328] + +2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + Avoid Heimdal'isms introduced in the rev 1.32 rewrite of + verify_krb_v5_tgt() + [f80538e5a6fa] + + * logging.c, logging.h, sudo.c: + Remove dependence on VALIDATE_NOT_OK in logging functions. Split + log_auth() into log_allowed() and log_denial() Replace mail_auth() + with should_mail() and a call to send_mail() + [58aac9997557] + +2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Add debugging so we can tell if the krb5 ccache is accessible + [c679322527bb] + + * INSTALL: + mention --with-selinux + [9efbe0b52194] + +2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [467a834f867c] + + * selinux.c: + add Sudo tag + [d004ee669bed] + + * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, + sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, + testsudoers.c, toke.c, toke.l: + Add support for SELinux RBAC. Sudoers entries may specify a role and + type. There are also role and type defaults that may be used. To + make sure a transition occurs, when using RBAC commands are executed + via the new sesh binary. Based on initial changes from Dan Walsh. + [1d4abfe2c004] + + * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, + def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, + pathnames.h.in, selinux.c: + Add support for SELinux RBAC. Sudoers entries may specify a role and + type. There are also role and type defaults that may be used. To + make sure a transition occurs, when using RBAC commands are executed + via the new sesh binary. Based on initial changes from Dan Walsh. + [6b421948286e] + + * sesh.c: + Add support for SELinux RBAC. Sudoers entries may specify a role and + type. There are also role and type defaults that may be used. To + make sure a transition occurs, when using RBAC commands are executed + via the new sesh binary. Based on initial changes from Dan Walsh. + [1e3b395ce049] + +2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c: + Add long list (sudo -ll) support for printing verbose LDAP and + sudoers file entries. Still need to update manual. + [2875be37935c] + +2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h: + Unify the -l output for file and ldap based sudoers and use lbufs + for both. The ldap output does not currently include options that + cannot be represented as tags. This will be remedied in a long list + output mode to come. + [b2e429456596] + +2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Use a specific error message for errno == EAGAIN when setuid() et al + fails. On Linux systems setuid() will fail with errno set to EAGAIN + if changing to the new uid would result in a resource limit + violation. + [08d0aecd9f03] + + * sudo.c: + Unlimit nproc on Linux systems where calling the setuid() family of + syscalls causes the nroc resource limit to be checked. The limits + will be reset by pam_limits.so when PAM is used. In the non-PAM case + the nproc limit will remain unlimited but there doesn't seem to be a + way around that other than having sudo parse + /etc/security/limits.conf directly. + [df024b415a8d] + + * env.c, sudo.c, sudo.pod: + Only read /etc/environment on Linux and AIX + [90669e2aefdb] + +2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent + ldap.conf and ldap.secret paths from going into config.h. Avoid + single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED + since in some versions of bash they will end up literally in the + resulting define. + [25390f3ef10a] + +2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + mention --with-nsswitch=no + [c509df927263] + + * configure, configure.in: + ldap_ssl.h depends on ldap.h being included first + [d96d90e9b21f] + + * config.h.in, configure, configure.in, ldap.c: + Include ldap_ssl.h if we can find it. Needed for the + ldapssl_set_strength defines on HP-UX at least. + [9e530470948a] + + * sudoers.ldap.pod: + sync + [b9d101f4673a] + + * TODO: + sync + [2ce951b2ecd0] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat, + sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in: + regen + [b61d793987e0] + + * Makefile.in: + Use 78n line length when formatting cat pages. + [761bee9d5759] + + * README.LDAP: + Remove redundant info that is now in sudoers.ldap.pod + [01828dcce59e] + +2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Reorganize the first section a bit. Substitute the proper path for + /etc/sudoers. + [11ae165e065d] + + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move + schema into EXAMPLES + [ab6509d1dde7] + + * configure, configure.in: + Substitute values for ldap.conf, ldap.secret and nsswitch.conf into + sudoers.ldap.man. + [6e689972f465] + + * configure, configure.in: + substitute for sudoers.ldap.man + [5a4a25766dee] + + * Makefile.in: + Fix cut & pasto introduced when adding sudoers.ldap man page. + [a7b069af8894] + + * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod: + Fill in some of the missing pieces. Still needs some reorganization + and editing. + [5e7331722166] + +2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in, + sudoers.ldap.pod: + Beginnings of a sudoers.ldap man page. Currently, much of the + information is adapted from README.LDAP. + [aad28c8a922d] + +2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + When copying gr_mem we must guarantee that the storage space for + gr_mem is properly aligned. The simplest way to do this is to simply + store gr_mem directly after struct group. This is not a problem for + gr_passwd or gr_name as they are simple strings. + [af58fc76f1ed] + + * ldap.c: + Fix a typo/thinko in one of the calls to + sudo_ldap_check_user_netgroup(). From Marco van Wieringen. + [70b2eb8097f5] + +2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, ldap.c: + include <mps/ldap_ssl.h> in ldap.c if available + [34346206ef16] + +2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c, gram.y: + Make sure we define SIZE_MAX for yacc's skeleton.c + [d8a45c7a3c42] + + * tgetpass.c: + Use TCSAFLUSH when restoring terminal settings (and echo) to + guarantee that any pending output is discarded + [549a184479e5] + +2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers: + no longer need to specify SETENV when user has sudo ALL + [3051b41f8032] + + * testsudoers.c: + sync user_args size calculation with sudo.c Add -g group option, + renaming old -g to -G Add set_runasgr() and set_runaspw() and use + them + [0850325180f0] + + * sudo.c, sudo.h: + Make set_runaspw static void + [5d44d7a340ce] + + * testsudoers.c, visudo.c: + g/c set_runaspw stub + [79ebb5e2cc38] + + * configure, configure.in: + Don't add -llber twice. + [4356d302eef4] + +2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + fix typo + [249cecc557e9] + +2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c: + regen + [2f94ea375b67] + + * configure, configure.in: + Fix check that determines whether -llber is required. + [6afa99523379] + + * README.LDAP, config.h.in, configure, configure.in, ldap.c: + For netscape-based LDAP, use ldapssl_set_strength() to implement the + checkpeer ldap.conf option. + [16ae24d73795] + + * auth/kerb5.c: + Delay krb5_cc_initialize() until we actually need to use the cred + cache, which is what krb5_verify_user() does. Better cleanup on + failure. + [d12e5f1695b8] + +2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + Rewrite verify_krb_v5_tgt() based on what heimdal's + krb5_verify_user() does. + [05b5815f86c9] + +2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c: + The U suffix on constants is an ANSI feature + [c6dfce3167f1] + + * configure, configure.in: + Add check for ber_set_option() in -llber + [43d0c0566074] + +2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + default if no nsswitch.conf is files only + [c13001d9c998] + +2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + don't tell people to mail aaron about LDAP stuff + [8165ec1ef0c6] + + * README.LDAP: + timelimit and bind_timelimit + [44f74cbed167] + + * ChangeLog: + sync + [aba1a0ab02bd] + + * ldap.c: + Move ldap.secret reading into a separate function. + [1948acc9f7a4] + + * check.c: + user_runas -> runas_pw + [334490fc2bae] + +2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + sync + [c7b165cc47c6] + + * check.c, sudo.pod, sudoers.pod: + Add and document the %p escape in the password prompt. Based on a + patch from Patrick Schoenfeld. + [3972d4f31ffa] + + * ldap.c: + Check strlcpy() return values. + [9b42f3ae8ff1] + + * ldap.c: + refactor ldap binding code into sudo_ldap_bind_s() + [cb0c66a4d955] + + * README.LDAP: + Make it clear that host and uri can take multiple parameters. URI is + now supported for more than just openldap nsswitch.conf does't + accept "compat" + [f610dea656d6] + + * sudo.c: + comment cleanup and update (c) year + [6cd69c810ca5] + + * parse.c, sudo_nss.c: + Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. + This should make it possible to build an LDAP-only sudo binary. + [61c3f27066a0] + + * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h: + Improve chaining of multiple sudoers sources by passing in the + previous return value to the next in the chain + [2c0b722b1b2d] + + * gram.y: + Free up parser data structures in sudo_file_close(). + [2251531d4519] + + * gram.c, parse.c: + Free up parser data structures in sudo_file_close(). + [8371f130f401] + + * ldap.c: + Parse uri ourself if no ldap_initialize() is present Use + ldap_create() instead of deprecated ldap_init() Use + ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s() + [85d3825b1953] + + * config.h.in, configure, configure.in: + Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from + CFLAGS + [240524512bc5] + +2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + add check for ldap_create + [3089badd73b8] + +2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, ldap.c: + Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's + dn using the mechanism appropriate for the LDAP SDK in use. Use + ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate + ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them. + [6deeca3d00cc] + + * lbuf.c: + include unistd.h + [8419ed0bae7f] + + * config.h.in, configure.in: + fix typo in mtim_getnsec + [2d5f21230a60] + +2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + add check for st__tim in struct stat as used by SCO + [587060ea2a89] + + * ldap.c: + use ldap_search_ext_s instead of deprecated ldap_search_s + [5fc44fe3b44c] + + * Makefile.in, TODO, sudo.cat, sudo.man.in: + add sudo_nss.h to HDRS + [86f01a70ff29] + + * ldap.c: + Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and + ldap_rdn2str(). + [aa217002cfae] + +2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Use ldap_get_values_len()/ldap_value_free_len() instead of the + deprecated ldap_get_values()/ldap_value_free(). + [e22dceb85e57] + + * ChangeLog: + sync + [adad27b36107] + + * TODO: + sync + [c449eb47e0ef] + + * gettime.c, sudo.c: + Remove some already fixed XXXs + [532788d0e6da] + + * ldap.c: + Same return value as non-existent sudoers if LDAP was unable to + connect. + [5819810e8e4e] + + * sudo.pod: + mention /etc/environment + [ea8e6102f853] + + * README.LDAP, UPGRADE, WHATSNEW: + Update to reflect recent developments. + [ed1fb026fe77] + + * sudo.c: + Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. + [55b68a58260d] + + * ldap.c: + When building up a query don't list groups in the aux group vector + that are the same as the passwd file group. On most systems the + first gid in the group vector is the same as the passwd entry gid. + [4bb51e297e0d] + + * env.c, ldap.c: + Define LDAPNOINIT before calling ldap_init(), etc. to disable user + ldaprc and system defaults that could affect how LDAP works. + [ce5036440db2] + + * INSTALL, configure, configure.in, pathnames.h.in, sudo.c, + sudo_nss.c, sudo_nss.h: + Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users + to specify nsswitch.conf path or disable it. If --with-nsswitch=no + but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf- + file and --with-ldap-secret-file + [ea5d7704381f] + + * parse.c: + Honor def_ignore_local_sudoers + [f38e1121fae1] + +2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + no longer need to check def_ignore_local_sudoers here + [fce2a72f96fb] + + * parse.c: + Refactor group vector resetting into a function and also call it + from display_cmnd. Stop after the first sucessful match in + display_cmnd. Print a newline between each display_privs method. + [981b37b5adff] + + * parse.c: + fix double free introduced in rev 1.218 + [c574b02d8747] + + * ldap.c: + belt and suspenders; zero out result after freeing it + [7732988d4620] + + * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c: + Refactor line reading into a separate function, sudo_parseln(), + which removes comments, leading/trailing whitespace and newlines. + May want to rethink the use of sudo_parseln() for /etc/ldap.secret + [61d9068f0645] + + * parse.c, sudo.c: + Make the inability to read the sudoers file a non-fatal error if + there are other sudoers sources available. sudoers_file_lookup now + returns "not OK" if sudoers was not present + [643babf597a8] + + * ldap.c: + make it clear that the global options are from LDAP + [9ff950349463] + + * logging.c: + allocate proper amount of space for error string + [8bebb7d46d19] + + * sudo_nss.c, sudo_nss.h: + actual sudo nss code + [5bd7d52d7738] + + * ldap.c, parse.c, sudo.c, sudo.h: + nss-ify display_privs and display_cmnd. + [cccfdd3253f2] + + * defaults.c, parse.c, testsudoers.c, visudo.c: + move update_defaults() to parse.c + [ace144b958a9] + + * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h: + Use nsswitch to hide some sudoers vs. ldap implementation details + and reduce the number of #ifdef LDAP TODO: fix display routines and + error handling + [6225edde89a6] + +2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h: + First cut at nsswitch.conf support. Further reorganizaton and + related changes are forthcoming. + [717f59d0790b] + +2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, pathnames.h.in, sudo.c, sudo.h: + Add support for reading and /etc/environment file. Still needs to be + documented and should probably only applies to OSes that have it + (AIX and Linux, maybe others). + [15d3edae27e4] + + * ldap.c: + include limits.h + [e19875ef0f82] + +2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + reword LDAP SASL + [7ec3c4ec31b5] + +2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + sync + [87c5a7aea7bf] + + * README.LDAP: + Add an example sudoRole, clarify netscape vs. openldap a bit more + [6f96c0ca8107] + + * README.LDAP: + Be clear on what is OpenLDAP vs. Netscape-derived + [a33c8314dec5] + + * config.h.in, configure, configure.in, ldap.c: + Use ldapssl_init() for ldaps support instead of trying to do it + manually with ldap_init() + ldapssl_install_routines(). Use tls_cert + and tls_key for cert7.db and key3.db respectively. Don't print + debugging info for options that are not set. Add warning if + start_tls specified when not supported. + [abb62dc7e4a3] + + * ldap.c: + fix compilation on solaris + [03d449684e80] + + * Makefile.in: + add missing .h and .c files for missing lib objs + [8b37825bdfc7] + +2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + fix LDAP_OPT_NETWORK_TIMEOUT setting + [226eba89c0ad] + + * ldap.c: + fix compilation on Solaris + [917d47639eb6] + +2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + fix typo + [009d5c81b225] + + * README.LDAP: + try to clear up which variables are for OpenLDAP and which are for + netscape-derived SDKs + [f8d9823ee73c] + + * config.h.in, configure, configure.in, ldap.c: + Add support for "ssl on" in both netscape and openldap flavors. Only + the OpenLDAP flavor has been tested. + [952745829ec5] + + * logging.c, sudo.c, sudo.h: + Call cleanup() before exit in log_error() instead of calling + sudo_ldap_close() directly. ldap_conn can now be static to sudo.c + [da02d1b67a2c] + + * sudo.c: + ld -> ldap_conn + [01afa6d927cc] + +2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c, sudo.c, sudo.h: + Better ldap cleanup. + [25b9abe2d617] + + * ldap.c: + Distinguish between LDAP conf settings that are connection-specific + (which take an ld pointer) and those that are default settings + (which do not). + [d48dc6c9c3b4] + +2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Improved warnings on error. + [c8dce7b4feb4] + + * ldap.c: + Make ldap config table driven and set the config *after* we open the + connection. + [d9698b5a2681] + +2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + fix LDAP_OPT_X_CONNECT_TIMEOUT compat define + [598c6df06660] + + * configure, configure.in: + some operating systems need to link with -lkrb5support when using + krb5 + [8896365dde9e] + +2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + minor update + [acfeeb7f4886] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [a3c6699674f9] + +2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog, TODO: + sync + [138e99b925ee] + + * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif: + add -g support for LDAP + [8fc27dbe9287] + +2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in: + The -i and -s flags can now take an optional command. + [6afec104ee77] + +2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod, + sudoers.pod: + Add passprompt_override flag to sudoers that will cause the prompt + to be overridden in all cases. This flag is also set when the user + specifies the -p flag. + [e4c5402131a6] + + * sudo.c: + Move setting of login class until after sudoers has been parsed. Set + NewArgv[0] for -i after runas_pw has been set. + [62a48c8c56fa] + + * configure, configure.in: + Move the dgettext check. + [5fd8a4712d1c] + +2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c, config.h.in, configure, configure.in: + Add basic support for looking up the string "Password: " in the PAM + localized text db. This allows us to determine whether the PAM + prompt is the default "Password: " one even if it has been + localized. + + TODO: concatenate non-std PAM prompts and user-specified sudo + prompts. + [81c25a415d41] + +2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, config.h.in, configure, configure.in, parse.c, + set_perms.c, sudo.c, sudo.h: + Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was + insufficient. + [1cce6ec1a91e] + + * acsite.m4, configure, interfaces.c, memrchr.c: + Fix typos; Martynas Venckus + [be1233cca11a] + +2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Don't assume runas_pw is set; it may not be in the -g case. + [aa11bd2193ac] + +2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c, set_perms.c: + Set aux group vector for PERM_RUNAS and restore group vector for + PERM_ROOT if we previously changed it. Stash the runas group vector + so we don't have to call initgroups more than once. Also add no-op + check to check_perms. + [53837fc755f7] + +2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y, + ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h, + pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod, + testsudoers.c, visudo.c, visudo.cat, visudo.man.in: + Add support for runas groups. This allows the user to run a command + with a different effective group. If the -g option is specified + without -u the command will be run as the current user (only the + group will change). the -g and -u options may be used together. + TODO: implement runas group for ldap improve runas group + documentation add testsudoers support + [9019309df6d0] + + * configure, configure.in: + fix setting of mandir + [2c60f269399f] + + * sudo.pod, sudoers.pod: + document that ALL implies SETENV + [bcc8e5b703b9] + + * ldap.c: + s/setenv_ok/setenv_implied/g + [f005df2c2eea] + + * ldap.c: + hostname_matches() returns TRUE on match in sudo 1.7. + [c3d4377b6e8b] + + * ldap.c: + use strcmp, not strcasecmp when comparing ALL + [e486024574a1] + + * ldap.c: + Make sudo ALL imply setenv. Note that unlike with file-based sudoers + this does affect all the commands in the sudoRole. + [bc12f54321d1] + + * gram.c, gram.y, parse.c, parse.h: + sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, + it is not passed on to other commands in the list. + [026e2cb40680] + + * visudo.c: + Add missing sudo_setpwent() and sudo_setgrent() calls. Also use + sudo_getpwuid() instead of getpwuid(). + [86f30a8fbd49] + +2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers: + Expand on the dangers of not using visudo to edit sudoers. + [e434e8057d02] + +2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Don't quote *?[]! on output since the lexer does not strip off the + backslash when reading those in. + [561da4a13afa] + +2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * glob.c: + expand "u_foo" types to "unsigned foo" to avoid compatibility + issues. + [b0d7c64d78c3] + +2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + Refactor log line generation in to new_logline(). + [6a9b9730615d] + +2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + fix typo + [9e19d4f86e47] + +2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, interfaces.c, interfaces.h, + match.c: + Add configure check for struct in6_addr instead of relying on + AF_INET6 since some systems define AF_INET6 but do not include IPv6 + support. + [e24082c416bd] + +2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix block to add -lutil for FreeBSD and NetBSD when logincap is in + use. + [76a9df4a63be] + +2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + POSIX states that struct timespec be declared in time.h so check + there regardless of the value of TIME_WITH_SYS_TIME. + [e42c55ec9daf] + +2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Instead of defining a macro to call the appropriate method for + turning on/off echo, just define tc[gs]etattr() and the related + defines that use the correct terminal ioctls if needed. Also go back + to using TCSAFLUSH instead of TCSADRAIN on all but QNX. + [5dfb2379d995] + +2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + g/c @ALLOCA@ + [e6946c2e3820] + + * configure: + regen + [9bac7159a138] + + * INSTALL, auth/pam.c, config.h.in, configure.in: + Add --disable-pam-session configure option to disable calling + pam_{open,close}_session. May work around bugs in some PAM + implementations. + [273d0fdb4a9d] + +2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + quiet gcc warnings + [325565c5a579] + + * tgetpass.c: + Avoid printing the prompt if we are already backgrounded. E.g. if + the user runs "sudo foo &" from the shell. In this case, the call to + tcsetattr() will cause SIGTTOU to be delivered. + [db2139a8d8b8] + +2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in: + Reorder things such that the definition of env_reset come right + before the env variable lists. + [e0d8e22a581a] + + * parse.h: + Shrink type and seqno in struct alias from int to u_short + [9425263dd565] + + * alias.c, match.c, parse.c, parse.h: + Add a sequence number in the aliases for loop detection. If we find + an alias with the seqno already set to the current (global) value we + know we've visited it before so ignore it. + [301a0548ffff] + +2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO, auth/pam.c, sudo.c, sudo.h: + PAM wants the full tty path so add user_ttypath which holds the full + path to the tty or is NULL if no tty was present. + [c7c1dd4b36c8] + + * auth/pam.c: + Set PAM_RHOST to work around a bug in Solaris 7 and lower that + results in a segv. + [3a8865b3a357] + +2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c: + regen + [5647be127950] + + * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c, + parse.h, testsudoers.c, visudo.c: + rename lh_ -> tq_ + [8f500c542c4a] + +2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * alloc.c: + remove some useless casts + [409a448b23f5] + + * alloc.c: + pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h + predates the final C99 spec and the standard specifies that it shall + include stdint.h anyway + [ae478fdef61a] + +2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, alloca.c, configure.in: + Since we ship with a pre-generated parser there is no need to ship a + bogus alloca implementation. + [3f611a7cc0e5] + + * configure: + regen + [771eccf5269c] + + * configure.in: + remove initial setting of CHECKSIA, we require that it be unset if + not used + [a2e91adc5aa2] + + * Makefile.in: + add list.c to SRCS + [7db0e56cf5b9] + + * configure: + regen + [3716ec30172e] + + * configure.in: + only do SIA checks on Digital Unix + [6a96e1af2597] + +2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in: + regen + [ac1dc29de72b] + + * ChangeLog, TODO: + sync + [781effce0a2d] + + * auth/kerb5.c: + Remove call to krb5_cc_register() as it is not needed for modern + kerb5. + [351b8b764f16] + + * configure: + regen + [ac21dbcc9c2c] + + * aclocal.m4, configure.in: + New method for setting the default authentication type and avoiding + conflicts in auth types. + [5fb15be11f78] + + * match.c, parse.c, testsudoers.c: + Each entry in a cmndlist now has an associated runaslist so no need + to keep track of the most recent non-NULL one. + [582e015786b0] + +2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + back out partial ldaps support mistakenly committed + [357703e94b2d] + + * ldap.c: + Add support for unix groups and netgroups in sudoRunas + [2f04eb91c6d0] + +2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Fix sudoedit of a non-existent file. From Tilo Stritzky. + [a5488a03bddd] + +2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [541177376ee1] + + * INSTALL: + update --passprompt escape info + [6d57db4cd538] + + * configure.in: + remove now-bogus comment and update copyright date + [6a4af45fa331] + + * configure.in: + Fix up use of with_passwd + [7c79d8640f77] + + * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh: + Update to autoconf-2.61 andf libtool-1.5.24 + [045259b0b439] + + * Makefile.in: + "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61 + [f5b6a7afb817] + +2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * gram.c: + regen + [b5b78e71d2cb] + + * gram.y: + move tags and runaslist propagation to be earlier + [94f7805f4489] + + * visudo.c: + If -f flag given use the permissions of the original file as a + template + [9303d22bddb0] + + * gram.y: + prevent a double free() when re-initing the parser + [5b3907c4de5a] + +2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [49a90b19a17d] + + * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in, + configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c, + parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c, + sudo.h, testsudoers.c, visudo.c, zero_bytes.c: + Remove support for compilers that don't support void * + [35e1d01ae197] + + * gram.c: + regen + [70ce412a458a] + + * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c, + parse.c, parse.h, testsudoers.c, visudo.c: + Move list manipulation macros to list.h and create C versions of the + more complex ones in list.c. The names have been down-cased so they + appear more like normal functions. + [9cea0e281148] + + * Makefile.in: + Fix cmp command when regenerating parser. Make gram.o the first + dependency for all programs so gram.h will be generated before + anything that needs it. + [429ea065abf1] + + * gram.y, parse.h: + Convert NEW_DEFAULT anf NEW_MEMBER into static functions. + [2f3433833589] + + * match.c, parse.c, testsudoers.c: + Use LH_FOREACH_REV when checking permission and short-circuit on the + first non-UNSPEC hit we get for the command. This means that instead + of cycling through the all the parsed sudoers entries we start at + the end and work backwards and quit after the first positive or + negative match. + [881474532f3e] + + * gram.c: + regen + [9152a19d4188] + + * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c: + Change list head macros to take a pointer, not a struct. + [054f1dcce4cc] + + * gram.c: + regen + [be154aae6235] + + * gram.y: + Propagate the runasspec from one command to the next in a cmndspec. + [4957b1cb03a3] + +2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Replace has_meta() with a macro that calls strpbrk(). + [a2e58846a542] + + * regen + [5a932a5c9451] + + * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, + testsudoers.c, visudo.c: + Use a list head struct when storing the semi-circular lists and + convert to tail queues in the process. This will allow us to reverse + foreach loops more easily and it makes it clearer which functions + expect a list as opposed to a single member. + + Add macros for manipulating lists. Some of these should become + functions. + + When freeing up a list, just pop off the last item in the queue + instead of going from head to tail. This is simpler since we don't + have to stash a pointer to the next member, we always just use the + last one in the queue until the queue is empty. + + Rename match functions that take a list to have list in the name. + Break cmnd_matches() into cmnd_matches() and cmndlist_matches. + [7c37b271607a] + + * parse.c: + Fix pasto, append "!" not negated (which is an int) for sudo -l + output. + [93a444c3997f] + + * Makefile.in: + Remove the dependency of gram .h on gram.y, the .c dependency is + enough. Only move y.tab.h to gram.h if it is different; avoids + needless rebuilding. + [67bf4ea2a2e5] + +2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Defaults lines may be associated with lists of users, hosts, + commands and runas users, not just single entries. + [795effacb6be] + +2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Revert the "cmp" portion of the last diff, it doesn't make sense. + [26f34bf4e2e3] + + * Makefile.in: + Remove *.lo for clean: When generating the parser, only move the + generated files into place if they differ from the existing ones. + [84673fea371b] + +2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Replace IPV6 regexp with a much simpler (readable) one and add an + extra check when it matches to make sure we have a valid address. + [592e9f690556] + + * match.c: + Fix thinko introduced when merging IPV6 support. + [da38cd5eb8c7] + +2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY, LICENSE: + regen + [0d7b27b90634] + + * license.pod: + add 2007 + [510e5048ae1a] + + * UPGRADE: + mention #uid vs. comment pitfall + [4d2861898bcc] + + * acsite.m4: + Merge in a patch from the libtool cvs that fixes a problem with the + latest autoconf. From Stepan Kasal. + [0c279ae7df3e] + + * parse.h: + Back out he XOR swap trick, it is slower than a temp variable on + modern CPUs. + [91c4b024e317] + + * gram.c: + regen + [cb6d4106fb74] + + * gram.y, parse.h: + Convert the tail queue to a semi-circle queue and use the XOR swap + trick to swap the prev pointers during append. + [8bf4d9fbee58] + +2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.h: + remove useless statement + [421ec1dd73e6] + + * toke.c, toke.l: + Refactor #include parsing into a separate function and return + unparsed chars (such as newline or comment) back to the lexer. + [64166917aa3d] + +2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * WHATSNEW: + mention better uid support + [56f510e7f2ec] + + * sudoers.pod: + Users may now consist of a uid. + [5fd31b2c55ed] + + * gram.c, gram.h, toke.c: + regen + [599e58af6dc1] + + * parse.c: + Use lbuf_append_quoted() for sudo -l output to quote characters that + would require quoting in sudoers. + [3132d05c990a] + + * lbuf.c, lbuf.h: + Add lbuf_append_quoted() which takes a set of characters which + should be quoted with a backslash when displayed. + [ab09bebb1d65] + + * toke.l: + Require that the first character after a comment not be a digit or a + dash. This allows us to remove the GOTRUNAS state and treat uid/gids + similar to other words. It also means that we can now specify uids + in User_Lists and a User_Spec may now contain a uid. + [461fe01f8392] + + * gram.y, toke.l: + Replace RUNAS token with '(' and ')' tokens to make the runas + portion of the grammar more natural. + [e0c383b4684d] + + * BUGS: + The BUGS file is history + [4d9a809585c7] + + * Makefile.in, README: + The BUGS file is history + [d9500e261172] + +2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + Allow comments after a RunasAlias as long as the character after the + pound sign isn't a digit or a dash. + [d7f3bd94eeda] + + * WHATSNEW: + Glob support was back-ported to 1.6.9 + [d1d5cfd46228] + +2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + remove sudo_usage.h in distclean + [df05ce9c4127] + + * parse.c: + If a Defaults value contains a blank, double-quote the string. + [9057a910daad] + + * toke.c, toke.l: + Properly deal with Defaults double-quoted strings that span multiple + lines using the line continuation char. Previously, the entire + thing, including the continuation char, newline, and spaces was + stored as-is. + [4a4e8eacefe6] + + * sudo.c: + Be consistent when using single quotes and backticks. + [d010b83a0fa1] + +2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c, + sudo.c, sudo_usage.h.in: + Add new linebuf code to do appends of dynamically allocated strings + and word-wrapped output. Currently used for sudo's usage() and sudo + -l output. Sudo usage strings are now in sudo_usage.h which is + generated at configure time. + [4dfd0ee8d961] + +2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, sudo.c, sudo.h: + Fix line wrapping in usage() and use the actual tty width instead of + assuming 80. + [700eab37c5a6] + +2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * history.pod: + some more info + [8140112a8ae1] + + * history.pod: + Mentioned Chris Jepeway's parser and also the new one that is in + sudo 1.7. + [2132d00f0597] + +2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, visudo.pod: + For the options list, add flag args where appropriate and increase + the indent level so there is room for them. + [2b60fb572e12] + +2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Fix some spacing in "sudo -l" and add a comment about some bogosity + in the line wrapping. + [b59b056f5ee2] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [5fb719f18ebc] + + * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in, + def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y, + parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod, + testsudoers.c, toke.c, toke.l: + Remove monitor support until there is a versino of systrace that + uses a lookaside buffer (or we have a better mechanism to use). + [61ff76878e4a] + + * config.h.in, configure, configure.in, sudo.c: + use getaddrinfo() instead of gethostbyname() if it is available + [cc33c136aa6a] + +2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, sudo.c: + Deal with OSes where sizeof(gid_t) < sizeof(int). + [130a89cbdfba] + + * interfaces.c: + repair non-getifaddrs() code after ipv6 integration + [7ae7a89e2236] + + * sudo.c: + If we can open sudoers but fail to read the first byte, close the + file stream before trying again. + [6f31272fae7b] + +2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c: + regen + [4d7afe0aa6fa] + + * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l: + Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki + [4e6ff2965a42] + + * sudo.pod, sudoers.pod, visudo.pod: + Add some missing markup Update copyright + [7e6d3c686b5e] + +2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + fix sudo_noexec extension which got broken in the libtool update + [3a5b447df861] + +2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + explicitly specify -Tascii to nroff + [45c8da4cbefe] + +2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + remove an ANSI-ism that crept in + [29086f87b2ca] + +2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + Adjust list indents Prevent -- from being turned into an em dash Use + a list for the environment instead of a literal paragraph + [c3abcd8f76f4] + + * visudo.pod: + Use a list for the environment instead of an indented literal + paragraph. + [0ffcfcb7349f] + + * sudoers.pod: + Adjust list indentation + [615c89e3123a] + + * license.pod: + add =head3 + [8b2e0d38c0bd] + +2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + mention that when specifying a uid for the -u option the shell may + require that the # be escaped + [3e3a17bff150] + +2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Fix off by one in group matching. + [b529602b7fba] + +2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause. + [ffbf8907c6e7] + +2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the + -lgssapi_krb5 case. + [2b85a89c2252] + + * aclocal.m4, configure, configure.in: + Fix link tests such that new gcc doesn't optimize away the test. + [83484ec95cba] + +2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudoers.pod, visudo.pod: + add missing over/back + [251a12c89b91] + + * sudo.pod, sudoers.pod, visudo.pod: + Change FILES section to use =item + [60b9efc3a0b2] + + * env.c: + Add back allocation of the env struct in rebuild_env but save a copy + of the old pointer and free it before returning. + [1100cd4fa997] + + * env.c: + Don't init the private environment in rebuild_env() since it may + have already been done implicitly sudo_setenv/sudo_unsetenv. + + Multiply length by sizeof(char *) in memcpy/memmove when copying the + environment so we copy the full thing. + + Add missing set of parens so we deref the right pointer in + sudo_unsetenv when searching for a matching variable. + [9086a8f756b1] + +2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudoers.pod, visudo.pod: + Use file markup for paths in the FILES section + [940d99f731f2] + + * sudo.pod, sudoers.pod, visudo.pod: + Don't capitalize sudo/visudo + [f067a455d44b] + + * sudoers.pod: + Sort sudoers options; based on a diff from Igor Sobrado. + [a9b9befe85ac] + +2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudoers.pod, visudo.pod: + Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the + latter confuses pod2man. The Makefile rules for the .man.in file + will add @mansectsu@ and @mansectform@ back in after pod2man is done + anyway. + [b50ea0db727c] + +2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, Makefile.in, license.pod: + Move license info to pod format + [25bdd82e592b] + + * configure, configure.in, sudoers.pod: + Substitute value of path_info into sudoers man page. + [9ba661a82798] + + * WHATSNEW: + remove features that were back-ported to 1.6.9 + [e76d756cbe65] + + * sudo.c, sudo.pod, visudo.c, visudo.pod: + Sort SYNOPSIS and sync usage. From Igor Sobrado. + [4970386c9e54] + + * env.c: + Only need sudo_setenv/sudo_unsetenv if we are going to use + ldap_sasl_interactive_bind_s() but don't have + gss_krb5_ccache_name(). + [f1a73d8b35c5] + + * ChangeLog: + rebuild without branch info + [5d5a33494677] + + * Makefile.in: + Add ChangeLog target + [a702034fdd89] + + * auth/pam.c: + Run cleanup code if the user hits ^C at the password prompt. + [9cf87768e921] + + * auth/pam.c: + Some versions of pam_lastlog have a bug that will cause a crash if + PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty + string. + [5b63f6c88866] + +2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + ChageLog not Changelog + [1243d8473ceb] + + * ChangeLog: + sync + [d887df98c6b0] + + * Makefile.in: + CHANGE -> Changelog + [917738df30dd] + + * TODO: + sync + [cd382f7d1948] + +2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, ldap.c: + Add configure hooks for gss_krb5_ccache_name() and the gssapi + headers. + [139606209991] + +2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, sudo.c: + rebuild_env() and insert_env_vars() no longer return environment + pointer, they set environ directly. + + No longer need to pass around an envp pointer since we just operate + on environ now. + + Add dosync argument to insert_env() that indicates whether it should + reset environ when realloc()ing env.envp. + + Use an initial size of 128 for the environment. + [4735fd5fddb8] + + * env.c: + Split sudo_setenv() into an external version and a version only for + use by rebuild_env(). + [fda7d655adb1] + +2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Add support for using gss_krb5_ccache_name() instead of setting + KRB5CCNAME. Also use sudo_unsetenv() in the non- + gss_krb5_ccache_name() case if there was no KRB5CCNAME in the + original environment. TODO: configure setup for + gss_krb5_ccache_name() + [fcafa5a49caf] + + * README.LDAP: + add krb5_ccname + [fceb8f883886] + + * README.LDAP, ldap.c: + Add support for sasl_secprops in ldap.conf + [1f06f4bf7347] + + * env.c, sudo.h: + Add sudo_unsetenv() and refactor private env syncing code into + sync_env(). + [045ecb3fd22b] + + * README.LDAP, ldap.c: + The ldap.conf variable is sasl_auth_id not sasl_authid. + [a5f98491311b] + +2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c, sudo.c, sudo.h: + Add support for krb5_ccname in ldap.conf. If specified, it will + override the default value of KRB5CCNAME in the environment for the + duration of the call to ldap_sasl_interactive_bind_s(). + [b08a10c3045b] + + * env.c, sudo.h: + Remove format_env() Add sudo_setenv() to replace most format_env() + + insert_env() combinations. insert_env() no longer takes a struct + environment * + [131da52f43f3] + + * ldap.c: + Fix use_sasl vs. rootuse_sasl logic. + [0c0417b6918c] + + * README.LDAP, config.h.in, configure, configure.in, ldap.c: + Add support for SASL auth when connecting to an LDAP server. Adapted + from a diff by Tom McLaughlin. + [a6285f1356ea] + +2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Only enable AIX or BSD auth if no other exclusive auth method has + been chosen. Allows people to e.g., use PAM on AIX without adding + --without-aixauth. A better solution is needed to deal with default + authentication since if a non-exclusive method is chosen we will + still get an error. + [83f7afdc0ec3] + +2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY, Makefile.in, history.pod: + Generate HISTORY from history.pod (which is also used for web pages) + [60bcd5164931] + +2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man.in, sudoers.man.in: + regen + [63956a366191] + + * sudo.pod: + Better explanation of environment handling in the sudo man page. + [6c247742f7ee] + + * env.c, sudo.c: + Defer setting user-specified env vars until after authentication. + [4750b79323ee] + + * env.c: + honor def_default_path for PATH set on the command line + [6db31d9b6d65] + + * env.c, sudo.c, sudo.pod, sudoers.pod: + Allow user to set environment variables on the command line as long + as they are allowed by env_keep and env_check. Ie: apply the same + restrictions as normal environment variables. TODO: deal with + secure_path + [26c0da3840cf] + +2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudo_edit.c: + Call rebuild_env() in call cases. Pass original envp to sudo_edit(). + Don't allow -E or env var setting in sudoedit mode. More accurate + usage() when called as sudoedit. + [a4af20658361] + + * ldap.c: + warn -> warning + [d87d1192b048] + + * sudo.pod: + add -c option to sudoedit synopsis + [15b596a7e2db] + + * TODO: + udpate to reality + [e2f8fde89db1] + + * parse.c: + Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return + value from {user,host,runas,cmnd}_matches(). Rename *matches + variables -> *match. Purely cosmetic. + [e54a44c00a88] + + * parse.c: + Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change + in behavior. + [c6272b4f2127] + + * sudoers: + add SETENV tag + [3a3066bb6788] + +2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Make pwcheck local to the pwflag block. Use pwcheck even if user + didn't match since Defaults options may still apply. + [45da9efbbafd] + + * check.c, sudo.c: + Do not update timestamp if user not validated by sudoers. + [a4a9d4364827] + + * set_perms.c: + for PERM_RUNAS, set the egid to the runas user's gid and restore to + the user's original in PERM_ROOT + [1514bfb32847] + + * logging.c, mon_systrace.c, set_perms.c, sudo.h: + PERM_FULL_ROOT is now no different than PERM_ROOT so remove + PERM_FULL_ROOT + [b9d047a3178c] + + * check.c: + don't check timestamp mtime if we are just going to remove it + [5d2470bc6cbd] + + * sudoers.pod: + Move sudoers defaults parameters into their own section. + [54701fbc0ff3] + + * testsudoers.c: + Reduce a level of indent by a few placed continue statements. + [5d5a9838c8ef] + + * parse.c: + Make matching but negated commands/hosts/runas entries override a + previous match as expected. Also reduce some levels of indent by a + few placed continue statements. + [dd59fa4b91a1] + +2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Print default runas in "sudo -l" if sudoers don't specify one. + [07d408c400bd] + + * match.c: + Less hacky way of testing whether the domain was set. + [a537059776e5] + +2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Mention pam-devel and openldap-devel for Linux + [9e708c54ecc3] + +2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + or vs. are + [abe8c0f3a410] + +2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + fix typo in Solaris project support + [2ffeb2d80959] + + * HISTORY: + update + [df162b36f120] + + * sudo.c: + Make -- on the command line match the manual page. The implied shell + case has been simplified as a result. + [cd217a1f6694] + +2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers2ldif: + add simplistic support for sudoRunas; note that if a sudoers entry + contains multiple Runas users, all will apply to the sudoRole + [65b11421f5c8] + + * sudoers2ldif: + honor SETENV and NOSETENV tags + [2c0d5ba7a09b] + +2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + Redo setting of user_args. We now build up a private copy of argv + first and then replace the NULs with spaces. + [ccbba72ea112] + + * mon_systrace.c: + getcwd() returns NULL on failure, not 0 on success + [88cd9e66e530] + + * mon_systrace.c: + allow chunksiz to reach 1 before erroring out + [619d68f14964] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [8db512d3caf0] + +2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y, + logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod, + toke.c, toke.l: + Add support for setting environment variables on the command line. + This is only allowed if the setenv sudoers options is enabled or if + the command is prefixed with the SETENV tag. + [5744caebd969] + + * README.LDAP: + replace Aaron's email address with the sudo-workers list + [2ffce5f9afc0] + + * configure: + regen + [8013dff82c0c] + +2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, README.LDAP: + Break schema out into separate files. + [1a53966ca1fa] + + * schema.OpenLDAP, schema.iPlanet: + Break schema out into separate files. + [15e598e4c60b] + +2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/aix_auth.c: + free message if set by authenticate() + [849c220c1236] + + * match.c: + deal with NULL gr_mem + [49e4d74f0bbe] + +2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + regen + [fead999ad3e9] + + * configure.in: + add template for HAVE_PROJECT_H + [e6c42c2eaad1] + + * closefrom.c: + include fcntl.h + [54d98b382f03] + +2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention --with-project + [d3ea3baad7c5] + + * config.h.in, configure.in, sudo.c: + Add Solaris 10 "project" support. From Michael Brantley. + [f14f3c8c6554] + + * sudoers.pod: + fix typo + [50db81a19787] + + * configure: + regen + [ea71afd3e564] + + * configure.in: + Fix preservation of LDFLAGS in the LDAP case. + [40a3a47e8059] + + * memrchr.c: + Remove dependecy on NULL + [c957ae5e1733] + + * configure: + regen + [4955ce0c6912] + + * aclocal.m4, configure.in: + Can't use the regular autoconf fnmatch() check since we need + FNM_CASEFOLD so go back to our custom one. + [f10d76237486] + + * env.c: + Fix preserving of variables in env_keep. + [d040049d6b84] + + * env.c: + add XAUTHORIZATION + [0d589a5fe015] + + * UPGRADE: + expand upon env resetting and mention that it began in 1.6.9 not + 1.7. + [dba251655c76] + + * sudoers.pod: + Update descriptions of env_keep and env_check to match current + reality. + [dba77357954b] + +2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME, + LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table. + [eec4632bd190] + + * env.c, logging.c: + Treat USERNAME environemnt variable like LOGNAME/USER + [09f52dcfd70c] + + * env.c: + Don't need to populate keepenv table with the contents of the + checkenv table. + [527a14afd973] + + * sudo.c: + Don't force sudo into the C locale. + [8a5bd301ef96] + + * env.c: + Make env_check apply when env_reset it true. Environment variables + are passed through unless they contain '/' or '%'. There is no need + to have a variable in both env_check and env_keep. + [840c802721e4] + +2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Remove an duplicate lock_file() call and add a comment. + [5af9dcdf0eb6] + + * UPGRADE: + Add sudo 1.6.9 upgrade note. + [1585149f2914] + +2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too + small. From Klaus Wagner. + [d6899fc44f77] + + * logging.c, sudo.h: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [66a50e8d553a] + + * Makefile.in, config.h.in, configure, configure.in: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [407a46190921] + + * memrchr.c: + Redo the long syslog line splitting based on a patch from Eygene + Ryabinkin. Include memrchr() for systems without it. + [2f6702b7d41b] + + * configure.in: + Since we need to be able to convert timespec to timeval for utimes() + the last 3 digits in the tv_nsec are not significant. This makes the + sudoedit file date comparison work again. + [9d0258849fa9] + +2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure, configure.in: + Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. + This deals with exclusive authentication methods in a simple way. + [7d70072c0f35] + +2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE: + mkstemp.c is BSD code too. + [29e236d98162] + + * sudo.pod, sudoers.pod, visudo.pod: + No commercial support for now. + [7c76b3e192dd] + +2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + cleanenv() is no more. + [518080514408] + +2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * ChangeLog: + Display branch info in Changelog + [44e3b27427c7] + + * utimes.c: + Include config.h early so we have it for TIME_WITH_SYS_TIME + [4bf1a00d0703] + + * ChangeLog: + Fix Changelog generation and update. + [6e960dbcbece] + +2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * closefrom.c: + Use /proc/self/fd instead of /proc/$$/fd + + Move old-style fd closing into closefrom_fallback() and call that if + /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails + [faa7e4810758] + + * auth/kerb5.c, config.h.in, configure.in: + o use krb5_verify_user() if available instead of doing it by hand o + use krb5_init_secure_context() if we have it o pass an encryption + type of 0 to krb5_kt_read_service_key() instead of + ENCTYPE_DES_CBC_MD5 to let kerberos choose. + [df7acf72bd7c] + + * env.c: + Check TERM and COLORTERM for '%' and '/' characters. From Debian. + [f92d05197e40] + + * configure.in: + Fix closefrom() substitution in the Makefile + [b642b13fcc5c] + + * TROUBLESHOOTING: + Mention alternate sudo pronunciation. + [7c71dc73409f] + +2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Remove KRB5_KTNAME from environment. Allow COLORTERM. + [70f35a79f780] + + * auth/kerb5.c: + If we cannot get a valid service key using the default keytab it is + a fatal error. Fixes a bug where sudo could be tricked into allowing + access when it should not by a fake KDC. From Thor Lancelot Simon. + [a3ae6a47cb23] + +2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure, configure.in: + Update long long checks to use AC_CHECK_TYPES and to cache values. + [047318eaaeb2] + + * aclocal.m4, configure.in: + Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't + use AC_REPLACE_FNMATCH since that assumes replacing with GNU + fnmatch. + [80513a1003ea] + +2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we + need it for visudo now too. + [50837c7c2b5e] + +2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Attempt to clarify the bit talking about network numbers w/o + netmasks. + [211e68c1d034] + + * sudo.pod: + Clarify timestamp dir ownership sentence. + [9178f132c7f7] + +2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From + Dmitry V. Levin. + [81fce91667bc] + +2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + -i is also one of the mutually exclusive options to list it in the + warning message. Noted by Chris Pepper. + [7da73fb248e9] + +2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.pod: + The sudoers variable is env_editor, not enveditor. From Jean- + Francois Saucier. + [2a86ec09a6db] + +2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * redblack.c: + I tracked down the original author so credit him and include his + license info. + [3733553a1bba] + +2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod: + Fix typos; from Jason McIntyre. + [1ee4ce2512f2] + + * logging.c: + Restore signal mask before calling reapchild(). Fixes a possible + race condition that could prevent sudo from properly waiting for the + child. + [9ee4192385dc] + +2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + Don't declare pw_free() if we are not going to use it. + [adb79a4289ca] + + * env.c: + Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and + LDR_PRELOAD64. The 64-bit version is not currently supported. Remove + zero_env() prototype as it no longer exists. + [b4fe65027fb6] + +2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834. + [78002ad90f7b] + +2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + If the user enters ^C at the password prompt, abort instead of + trying to authenticate with an empty password (which causes an + annoying delay). + [da3f27b747c7] + +2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * closefrom.c, config.h.in, configure, configure.in: + Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by + Darren Tucker. + [0331b7780759] + + * pwutil.c: + pw_free() is only used by sudo_freepwcache() so ifdef it out too. + [0014c0d9eeba] + +2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess, config.sub: + Update to latest versions from cvs.savannah.gnu.org + [aa0143101c20] + +2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c, sudo_edit.c: + Move password/group cache cleaning out of sudo_end{pw,grp}ent() so + we can close the passwd/group files early. + [559074bd7eb7] + + * config.h.in, configure, configure.in, set_perms.c: + Add seteuid() flavor of set_perms() for systems without setreuid() + or setresuid() that have a working seteuid(). Tested on Darwin. + [508d8da99189] + +2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + systrace_read() returns ssize_t + [9f97d1d1a59d] + + * configure, configure.in: + Fix typo, -lldap vs. -ldap; from Tim Knox. + [a8cc43c3bb2a] + +2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY: + Fix typo; Matt Ackeret + [86964ee3dfbd] + +2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Print sudoers path in -V mode for root. + [dc43f2d75bd9] + +2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Do a sub tree search instead of a base search (one level in the tree + only) for sudo right objects. This allows system administrators to + categorize the rights in a tree to make them easier to manage. + [6d2d9abf996e] + +2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + fix typo + [1473413bcbda] + +2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and + bind_timelimit support; adapted from gentoo. + [afc816093026] + +2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Support comments that start in the middle of a line + [c25df6ee3db8] + + * configure, configure.in: + Define LDAP_DEPRECATED until we start using ldap_get_values_len() + [ee249bfe230a] + +2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * closefrom.c: + Silence gcc -Wsign-compare; djm@openbsd.org + [28769ce6418d] + + * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c: + cleanup() now takes an int as an arg so it can be used as a signal + handler too. + [2bb0df34d09c] + + * sudo.c: + Make a copy of the shell field in the passwd struct for NewArgv to + avoid a use after free situation after sudo_endpwent() is called. + [5dcc9ffd362e] + +2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in: + Add mkstemp() for those poor souls without it. + [5fdd02e863e0] + + * Makefile.in: + Add mkstemp() for those poor souls without it. + [9c1cf2678f24] + + * mkstemp.c: + Add mkstemp() for those poor souls without it. + [c99401207860] + +2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Add PERL5DB to list of environment variables to remove. + [7375c27ecf75] + +2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c, mon_systrace.h: + Instead of calling the check function twice with a state cookie use + separate check/log functions. + + Check more ioctl() calls for failure. + + systrace_{read,write} now return the number of bytes read/written or + -1 on error. + [3dc8946d90e9] + + * env.c: + Add more environment variables to remove; from gentoo linux Add some + comments about what bad env variables go to what (more to do) + [6918110a6b82] + +2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudo_edit.c: + Move sudo_end{gr,pw}ent() until just before the exec since they free + up our cached copy of the passwd structs, including sudo_user and + sudo_runas. Fixes a use-after-free bug. + [54de3778bad0] + + * visudo.c: + Close all fd's before executing editor. + [4fcc05e1bec8] + + * sudo.c: + Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. + [ef0e8ffa5c9f] + + * check.c: + Fix fd leak when lecture file option is enabled. From Jerry Brown + [ce97f9207cd8] + +2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Add PERLLIB, PERL5LIB and PERL5OPT to the default list of + environment variables to remove. From Charles Morris + [c96e1367d1c1] + +2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 + [72a6a1571226] + +2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + add PS4 and SHELLOPTS to initial_badenv_table for bash + [89dfb3f318f3] + +2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Fix typo; Toby Peterson + [b7a3222b23f4] + +2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * tsgetgrpw.c: + Make return buffers static so they don't get clobbered + [13323a39b9f5] + +2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/securid5.c: + Fix securid5 authentication, was not checking for ACM_OK. Also add + default cases for the two switch()es. Problem noted by ccon at + worldbank + [14091e418333] + +2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Remove ncat() in favor of just counting bytes and pre-allocating + what is needed. + [25b8712adb61] + +2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Fix up some comments Add missing fclose() for the rootbinddn case + [ae95c8a89711] + + * ldap.c: + align struct ldap_config + [35d0d64c76f8] + + * ldap.c: + use LINE_MAX for max conf file line size + [da116cb8853d] + + * pathnames.h.in: + add _PATH_LDAP_SECRET + [128b04ecfab7] + + * README.LDAP: + Mention rootbinddn Give example ou=SUDOers container + [852edc69bd1c] + +2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, configure, configure.in, ldap.c: + Support rootbinddn in ldap.conf + [1615c91522a1] + + * env.c, sudo.pod, sudoers.pod: + Preserve DISPLAY environment variable by default. + [05f503d5f438] + + * acsite.m4, configure: + set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD + [18a04dea8d05] + + * acsite.m4, configure: + set need_version=no for all cases; this is safe for LD_PRELOAD + [b542560e1a73] + + * aclocal.m4: + typo + [c040df0fcd5a] + + * configure, configure.in: + Add dragonfly + [f13794618636] + + * auth/pam.c: + Fix call to pam_end() when pam_open_session() fails. + [0be47cdfdef1] + + * configure: + regen + [7f5c13b4b800] + + * acsite.m4: + rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4 + ltsugar.m4 ltversion.m4 + [a7ba9fd1a2ab] + + * config.guess, config.sub, ltmain.sh: + merge in local changes: config.guess: o better openbsd support + config.sub: o hiuxmpp support ltmain.sh o remove requirement that + libs must begin with "lib" o don't print a bunch of crap about + library installs o don't run ldconfig + [f4149f2c720f] + + * config.guess, config.sub, ltmain.sh: + libtool 1.9f + [82a534e7121f] + + * configure.in: + Update with autoupdate and make minor changes for libtool 1.9f + [11b5ae5c1428] + +2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + don't call sudo_ldap_display_cmnd if ldap not setup + [8bcf6c094ffe] + + * check.c, compat.h: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [2ef2ace8fe85] + + * emul/timespec.h: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [f95137771564] + + * fileops.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [dd8573b2ee7d] + + * gettime.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [021b4569cc0c] + + * sudo_edit.c, visudo.c: + Move declatation of struct timespec to its own include files for + systems without it since it needs time_t defined. + [b95c333299a0] + + * ldap.c: + Don't set safe_cmnd for the "sudo ALL" case. + [ad7fa9e07da0] + +2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Call pam_open_session() and pam_close_session() to give pam_limits a + chance to run. Idea from Karel Zak. + [fed46d471350] + +2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, sudo.c: + Add explicit cast from mode_t -> u_int in printf to silence warnings + on Solaris + [17bb961fe22d] + + * parse.c: + include grp.h to silence a warning on Solaris + [14386fbab640] + +2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Fix printing of += and -= defaults. + [a667604c56cd] + +2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + Sanity check number of syscall args with argsize. Not really needed + but a little paranoia never hurts. + [6bb455a2c2d6] + + * mon_systrace.c, mon_systrace.h: + Don't do pointer arithmetic on void * Use int, not size_t/ssize_t + for systrace lengths (since it uses int) + [3cafccffcffd] + +2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + Add some memsets for paranoia Fix namespace collsion w/ error Check + rval of decode_args() and update_env() Remove improper setting of + validated variable + [3d385158354d] + +2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, sudo.c, sudo.h: + In -l mode, only check local sudoers file if def_ignore_sudoers is + not set and call LDAP versions from display_privs() and + display_cmnd() instead of directly from main(). Because of this we + need to defer closing the ldap connection until after -l processing + has ocurred and we must pass in the ldap pointer to display_privs() + and display_cmnd(). + [1dfc2e8c9f2b] + + * ldap.c: + Reorganize LDAP code to better match normal sudoers parsing. Instead + of storing strings for later printing in -l mode we do another query + since the authenticating user and the user being listed may not be + the same (the new -U flag). Also add support for "sudo -l command". + + There is still a fair bit if duplicated code that can probably be + refactored. + [e9568f19bde5] + +2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Replace pass variable with do_netgr for better readability. + [1bba841b6e79] + + * ldap.c: + use DPRINTF macro + [02b159b66bb5] + + * ldap.c: + estrdup, not strdup + [22cdee7973c1] + +2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Add macro to test if the tag changed to improve readability. + [4e11b4819556] + + * parse.c: + Avoid printing defaults header if there are no defaults to print... + [41a28627df03] + + * glob.c: + Fix a warning on systems without strlcpy(). + [6814e0f0e4f4] + + * pwutil.c: + Use macros where possible for sudo_grdup() like sudo_pwdup(). + [30f201ff35cd] + +2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * utimes.c: + It is possible for tv_usec to hold >= 1000000 usecs so add in + tv_usec / 1000000. + [794ac4d53a65] + +2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + The component in krb5_principal_get_comp_string() should be 1, not 0 + for Heimdal. From Alex Plotnick. + [fefa351c5044] + +2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y, + interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c, + redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c: + Add efree() for consistency with emalloc() et al. Allows us to rely + on C89 behavior (free(NULL) is valid) even on K&R. + [7876bb80d87c] + + * parse.c, sudo.c: + Move initgroups() for -U option into display_privs() so group + matching in sudoers works correctly. + [b074428ad2ca] + +2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Removed duplicate call to ldap_unbind_s introduced along with + sudo_ldap_close. + [19acc1c20f7c] + + * parse.c: + Add missing space in Defaults printing + [95d2935bf6d4] + +2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + Sync sudo_pwdup with OpenBSD changes: use macros for size computaton + and string copies. + [6b6b241495e5] + +2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + Zero old pw_passwd before replacing with version from shadow file. + [3251b349dfe1] + + * configure, configure.in: + Only attempt shadow password detection if PAM is not being used Add + shadow_* variables to make shadow password detection more generic. + [d498a3423ac9] + + * configure.in: + Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS + [04d55bbd5e35] + +2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + use a non-breaking space to avoid a double space after e.g. + [11cdb54bdf7b] + + * sudo.pod: + commna, not colon after e.g. + [8d5875ff72e0] + +2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_noexec.c: + Add __ variants of the exec functions. GNU libc at least uses + __execve() internally. + [d1880473d790] + + * indent.pro: + Match reality a bit more. + [633e3fa875a7] + + * pwutil.c: + Missed piece from rev. 1.6, fix sudo_getpwnam() too. + [128f7b21c2ee] + + * pwutil.c: + Store shadow password after making a local copy of struct passwd in + case normal and shadow routines use the same internal buffer in + libc. + [f806052a6ffc] + +2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * alloc.c, logging.c: + Make varargs usage consistent with the rest of the code. + [3d45affc9851] + +2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_noexec.c: + Wrap more of the exec family since on Linux the others do not appear + to go through the normal execve() path. + [8167769b4e19] + + * visudo.c: + make print_unused static like proto says + [ecf10e1bae55] + + * glob.c: + silence a warning on K&R systems + [2e00425f1a5c] + + * alias.c, error.c: + make this build in K&R land + [156f65f8525a] + + * parse.c: + make this build in K&R land + [6fc9276889cb] + +2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c: + regen + [3b349748cd21] + +2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + return(foo) not return foo optimize _atobool() slightly + [11d09d154ed5] + + * ldap.c: + Use TRUE/FALSE + [53999320d98f] + + * ldap.c: + Reformat to match the rest of sudo's code. + [1bd0f2afa0e7] + + * sudo.pod: + I am the primary author + [5d311ecd85c6] + +2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, README, RUNSON: + The RUNSON file is toast--it confused too many people and really + isn't needed in a configure-oriented world. + [96a6ef7bbc08] + + * INSTALL: + alternate -> alternative + [b65015c5d0a2] + + * tgetpass.c: + Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with + TCSAFLUSH. + [c66b4763ffdc] + + * toke.l: + Allow leading blanks before Defaults and Foo_Alias definitions + [2add513d9277] + + * Makefile.in: + fix rules to build toke.o and gram.o in devel mode + [96cbb414ebd3] + +2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + env_keep overrides set_logname + [401877193a15] + + * env.c: + Fix disabling set_logname and make env_keep override set_logname. + [0906e7a5ed93] + + * compat.h, config.h.in, configure, configure.in: + No longer need memmove() + [43bdb6efe3f2] + + * env.c, sudo.c: + Just clean the environment once. This assumes that any further + setenv/putenv will be able to handle the fact that we replaced + environ with our own malloc'd copy but all the implementations I've + checked do. + [11658fe92ba2] + +2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, sudo.c: + In -i mode, base the value of insert_env()'s dupcheck flag on + DID_FOO flags. Move checks for $HOME resetting into rebuild_env() + [8365b0bd0c71] + +2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, sudo.c: + Move setting of user_path, user_shell, user_prompt and prev_user + into init_vars() since user_shell at least is needed there. + [37e22dce66e9] + +2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + fix devel builds + [9fbb15ef164c] + + * sudo.c: + Fix some printf format mismatches on error. + [ffc1c3f11740] + + * check.c: + Fix some printf format mismatches on error. + [7b3b508adf50] + + * configure, gram.c, toke.c: + regen + [aa76f9d8b02a] + + * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c, + auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c, + auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, + closefrom.c, compat.h, configure.in, defaults.c, defaults.h, + emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c, + getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c, + interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c, + parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c, + snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, + sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod, + testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c, + visudo.pod, zero_bytes.c: + Update copyright years. + [0610c3654739] + + * LICENSE: + Update copyright years. + [f60473bca4b1] + + * Makefile.binary.in: + Update copyright years. + [d78ffc9f2e2b] + + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.7 + [aa977a544ca1] + + * WHATSNEW: + What's new in sudo 1.7, based on the 1.7 CHANGES entries. + [ecfcf7269c14] + +2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h, logging.h, sudo.h: + Add __printflike and use it with gcc to warn about printf-like + format mismatches + [b192ad4a0548] + +2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, ChangeLog: + Replaced CHANGES file with ChangeLog generated from cvs logs + [d9ace9dab98f] + + * set_perms.c: + Use warning/error instead of perror/fatal. + [e33259df7738] + + * config.guess: + Update OpenBSD section + [9d2c23de6801] + + * UPGRADE: + Add upgrading noted for 1.7 + [1fb6b6d6df07] + + * env.c, sudo.c, sudoers.pod: + Instead of zeroing out the environment, just prune out entries based + on the env_delete and env_check lists. Base building up the new + environment on the current environment and the variables we removed + initially. + [fc192df8fd15] + + * config.h.in, configure, configure.in, sudo.c: + Set locale to "C" if locales are supported, just to be safe. + [91fbaa98f02e] + + * toke.c, toke.l: + Cast argument to ctype functions to unsigned char. + [e096b4d65796] + +2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + correct value for DID_USER + [b5b05d36ec15] + + * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c: + #include <compat.h> not "compat.h" + [7a0ad9a0ccd7] + + * defaults.c: + Reset the environment by default. + [4ecc6423e0f0] + + * sudo.c: + Alloc an extra slot in NewArgv. Removes the need to malloc an new + vector if execve() fails. + [83dfb6f584a7] + +2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, config.h.in, configure, configure.in, sudo.c: + Use execve(2) and wrap the command in sh if we get ENOEXEC. + [c0c6af4e2a21] + +2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_noexec.c: + Only include time.h on systems that lack struct timespec which gets + defind in compat.h (using time_t). + [e373e518b4cb] + + * sudo_noexec.c: + Include time.h for time_t in compat.h for systems w/o struct + timespec. + [a34b5637e458] + + * compat.h, config.h.in, configure, configure.in: + use bcopy on systems w/o memmove + [f835eafd78c6] + + * compat.h: + __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its + use to gcc >= 2.8. + [1cb9a4e58566] + + * Makefile.in: + Add explicit rule to build sudo_noexec.lo + [df1dfcf8dd77] + +2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL.configure, Makefile.in: + No longer depend on VPATH; pointed out a bunch of missed + dependencies. + [601a45d4af6b] + + * TROUBLESHOOTING: + Help for PAM when account section is missing + [9b8221256756] + + * auth/pam.c: + Give user a clue when there is a missing "account" section in the + PAM config. + [2529625c0495] + + * auth/pam.c: + Better error handling. + [518c9bda23d8] + + * config.h.in, configure, configure.in: + Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as + possible. Silences a warning about isblank() on linux. + [19c94d7ecdc8] + + * auth/pam.c: + Fix typo (missing comma) that caused an incorrect number of args to + be passed to log_error(). + [0099dfec560f] + +2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c: + Don't try to destroy a tree we didn't create. + [d43c4fe03aa4] + +2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, + compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c, + fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c, + goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c, + match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c, + sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c, + strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c, + tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c: + Add __unused to rcsids + [ad6b4ac45705] + +2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix error message when mixing invalid auth types + [68069b3ff5bc] + + * INSTALL: + PAM, AIX auth, BSD auth and login_cap are now on by default if the + OS supports them. + [4e44e9098cf0] + + * auth/sudo_auth.h, config.h.in: + s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g + [2d569b43b23e] + + * configure.in: + Better checking for conflicting authentication methods Display the + authentication methods used at the end of configure Rename --with- + authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth, + --with-pam, --with-logincap by default on systems that support them + unless disabled. Add OSMAJOR variable that replaces old OSREV; now + OSREV has full version number + [a21115b6fe9f] + +2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.in, sudo.c, sudoers.pod: + s/-O/-C/ + [ee73f1b81923] + +2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + Replace: test -n "$FOO" || FOO="bar" + + With: : ${FOO='bar'} + [37552d9054fc] + +2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * pwutil.c, testsudoers.c, tsgetgrpw.c: + Use function pointers to only call private passwd/group routines + when using a nonstandard passwd/group file. + [215908681dfb] + +2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + sync + [2e55c03f5790] + + * tsgetgrpw.c: + Can't use strtok() since it doesn't handle empty fields so add + getpwent()/getgrent() functions and call those. + [bdaa5b0db70e] + +2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Fix dummied out toke.c and gram.c dependencies. + [4b909c8b2ebe] + + * Makefile.in: + Rename PARSESRCS -> GENERATED since it is only used in the clean + target Add devdir variable and use it to specify the path to parser + sources + [f27b3f41ca23] + + * configure: + regen + [22c6435dbd46] + + * configure.in: + Add a devdir variables that defaults to $(srcdir) and is set to . if + --devel was specified. Allows for proper dependecies building the + parser. + [a36d694c6d21] + + * testsudoers.c: + Add support for custom passwd/group files. + [296549ff4b87] + + * Makefile.in: + Build private copy of pwutil.o for testsudoers with MYPW defined so + it uses our own passwd/group routines. + [bafa54ec78ca] + + * visudo.c: + Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent + stubs instead. We can now just use the caching sudo_*{pw,gr}* + functions in pwutil.c Add comment about wanting to call + sudo_endpwent/sudo_endgrent in cleanup() + [7e59d6b5510d] + + * tsgetgrpw.c: + Remove caching; we will just use what is in pwutil.c Use global + buffers for passwd/group structs Rename functions from sudo_* to + my_* + [8c1e068f574c] + + * logging.c, sudo.c: + g/c pwcache_init/pwcache_destroy + [60a24909b947] + + * sudo.h: + Undo last commit and add sudo_setspent and sudo_endspent instead. + [bac80db08296] + + * getspwuid.c, pwutil.c: + Move all but the shadow stuff from getspwuid.c to pwutil.c and + pwcache_get and pwcache_put as they are no longer needed. Also add + preprocessor magic to use private versions of the passwd and group + routines if MYPW is defined (for use by testsudoers). + [a16b8678a426] + + * tsgetgrpw.c: + zero out struct passwd/group before filling it in so if there are + fields we don't handle they end up as 0. + [274cb6a93301] + + * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c: + Adapt to pwutil.c + [43ebd04c8b82] + + * Makefile.in: + Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better + readability. + [7f88c6061e2d] + + * tsgetgrpw.c: + Passwd and group lookup routines for testsudoers that support + alternate passwd and group files. + [d7803101d34e] + + * getspwuid.c, pwutil.c: + Split off pw/gr cache and dup code into its own file. This allows + visudo and testsudoers to use the pw/gr cache too. + [ef333d3ffedf] + +2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Print Defaults info in "sudo -l" output and wrap lines based on the + terminal width. + [e559eae4250e] + +2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c, testsudoers.c, visudo.c: + Only check group vector in usergr_matches() if we are matching the + invoking or list user. Always check the group members, even if there + was a group vector. + [d0c7ceb2a041] + +2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, Makefile.in, fnmatch.3: + No longer bundle fnmatch.3 + [72db4a4ff4e1] + + * CHANGES, TODO: + checkpoint + [e92781bfd99c] + +2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + sort usage + [15e3b876ec2c] + + * sudo.pod: + Sort command line options + [c1fa56584bc4] + + * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c, + sudo.pod, sudoers.pod: + Add closefrom sudoers option to start closing at a point other than + 3. Add closefrom_override sudoers option and -C sudo flag to allow + the user to specify a different closefrom starting point. + [370652b099d1] + + * pathnames.h.in: + Add _PATH_DEVNULL for those without it. + [0c4c3e0ceb8b] + + * LICENSE: + no more UCB strcasecmp + [397a6298e07f] + + * strcasecmp.c: + replace BSD licensed one with version derived from pdksh + [d7cfda8c57a2] + +2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Fix last commit. + [7afb9a180532] + + * sudo.c: + Make sure stdin, stdout and stderr are open and dup them to + /dev/null if not. + [590f387068bd] + +2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c, mon_systrace.c, sudo.c, sudo.h: + add sudo_ldap_close + [4273a36765a7] + + * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c: + Use TIME_WITH_SYS_TIME + [c32b59bf15fb] + + * config.h.in, configure, configure.in: + Add TIME_WITH_SYS_TIME_H + [57cb146f451d] + +2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set + unconditionally on darwin. From Toby Peterson. + [d69959681c87] + + * getspwuid.c: + Check rbinsert() return value. In the case of faked up entries there + is usually a negative response cached that we need to overwrite. + + In pwfree() don't try to zero out a NULL pw_passwd pointer. + [00b32d1a48c1] + + * mon_systrace.c: + Use the double fork trick to avoid the monitor process being waited + for by the main program run through sudo. + [e0ce556712ff] + +2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Call initgroups() in -U mode so group matches work normally. + [2235bea15283] + + * def_data.h, mkdefaults: + Don't print a trailing comma for the last entry in enum def_tupple + [c43a96bb31df] + +2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Mention values when lecture, listpw and verifypw are used in boolean + context. + [a0b5c0abaccf] + + * def_data.c, def_data.in: + verifypw when used in a boolean TRUE context should be "all", not + "any". + [2eb076ddd5e2] + +2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.in, defaults.c: + Allow tuples that can be used as booleans to be used as boolean + TRUE. In this case the 2nd possible value of the tuple is used for + TRUE. + [bd99aa77e88b] + +2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Correct the test for 2-parameter timespecsub + [d41c9cb26b97] + + * sudo.h: + Add strub struct definitions for passwd, timeval and timespec + [c4ce5c43d8c5] + + * config.h.in, configure, configure.in, sudo_edit.c, visudo.c: + Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS) + and fix a typo in the gettimeofday check. + [8ac9893057ce] + +2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c, testsudoers.c: + Deal with user_stat being NULL as it is for visudo and testsudoers. + [3605a6ff64d0] + + * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod: + Add -U option to use in conjunction with -l instead of -u. Add + support for "sudo -l command" to test a specific command. + [99638789d415] + + * gram.c, gram.y, sudo.c: + Set safe_cmnd after sudoers_lookup() if it has not been set. + Previously it was set by sudo "ALL" in the parser but at that point + the fully-qualified pathname has not yet been found. + [ac30d98f8225] + +2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, testsudoers.c: + Correctly handle multiple privileges per userspec and runas + inheritence. + [a98a965181af] + +2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + Zero out sd_un for each entry in sudo_defs_table in init_defaults. + [031d3cd4a848] + +2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * toke.c, toke.l: + make per-command defaults work with sudoedit + [e56fe33db916] + + * ldap.c, parse.c, sudo.c, sudo.h: + Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, + we just set the approriate defaults variable. + [756eeecc1d86] + + * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: + Document per-command Defaults. + [92a0f84b91c1] + + * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c, + sudo.c, testsudoers.c, toke.c, toke.l, visudo.c: + Add support for command-specific Defaults entries. E.g. + Defaults!/usr/bin/vi noexec + [be3d52bf01cf] + + * defaults.c, match.c, parse.c, parse.h, testsudoers.c: + Change an occurence of user_matches() -> runas_matches() missed + previously runas_matches(), host_matches() and cmnd_matches() only + really need to pass in a list of members. user_matches() still needs + to pass in a passwd struct because of "sudo -l" + [833b22fc6fa0] + + * parse.c: + Check def_authenticate, def_noexec and def_monitor when setting + return flags. XXX May be better to just set the defaults directly + and get rid of those flags. + [b6db22b59d69] + + * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, + auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, + auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c, + defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c, + getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c, + gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c, + mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c, + strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, + sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c, + visudo.c, zero_bytes.c: + Use: #include <config.h> Not: #include "config.h" That way we get + the correct config.h when build dir != src dir + [97e5670a442b] + + * Makefile.in: + Back out part of rev 1.263; fix -I order + [197ea01cad5d] + + * toke.c, toke.l: + More robust parsing if #include; could be much better still. + [31bc3cd8f045] + + * sudo_edit.c, visudo.c: + Make arg splitting in visudo and sudoedit consistent. + [7bc74485f246] + + * Makefile.in, alias.c, gram.c, gram.y, parse.h: + Split alias routines out into their own file. + [d90f633cf9ae] + + * error.h: + __attribute__ is already defined in compat.h + [676ed3fe9203] + + * visudo.c: + quit() should not be __noreturn__ as it is non-void on some + platforms. + [e528c2b6ba10] + + * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c: + Add local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. + [e78e8aae882e] + + * parse.h: + Clarify comments about the data structures + [ae894e266701] + +2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Add support for VISUAL and EDITOR containing command line args. If + env_editor is not set any args in VISUAL and EDITOR are ignored. + Arguments are also now supported in def_editor. + [ff7303b8e298] + +2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.h: + alias_matches() is no more + [b59825e28084] + + * CHANGES, TODO: + sync + [2b8f5f63c1de] + + * Makefile.in: + When regenerating the parser, don't replace gram.h unless it has + changed. + [819949668018] + + * Makefile.in: + remove Makefile.binary for distclean + [351eec8d00b2] + + * env.c: + Preserve KRB5CCNAME in zero_env() and add a paranoia check to make + sure we can't overflow new_env. + [3284d17b9c6d] + + * sudo_edit.c: + paranoia when stripping trailing slashes from tempdir. + [012f1aa2b81f] + + * sudo.c: + Set user_ngroups to 0 if getgroups() returns an error. + [c46d43e9449a] + +2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, sudo.c: + Add configure check for getgroups() + [5d8a214e2cef] + + * ldap.c: + Use supplementary group vector in struct sudo_user. + [3d0c463c034d] + + * match.c: + Only do string comparisons on the group members if there is no + supplemental group list. + [be1c8362f7ef] + + * CHANGES, TODO: + sync + [db188bc5b975] + + * sudo_edit.c: + On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so + chop off any trailing slashes we see and add an explicit one. + [e1b477dafee1] + + * match.c: + remove bogus XXX comment + [8aecb8a28d40] + + * match.c: + Get rid of alias_matches and correctly fall through to the non-alias + cases when there is no alias with the specified name. + [2cd555246f09] + + * getspwuid.c: + Cache non-existent passwd/group entries too. + [8de9a467d271] + + * gram.c: + regen + [9ece18c58f36] + + * getspwuid.c: + fix typo + [9a7ae371eac1] + + * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c, + mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c: + Implement group caching and use the passwd and group caches + throughout. + [f1d8c5015169] + +2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * match.c: + Properly negate the return value of alias_matches() when + appropriate. + [ce59c4ce77ad] + + * match.c: + Make hostname_matches() return TRUE for a match, else FALSE like the + caller expects. + [1dc03902d3a2] + + * Makefile.in: + Add missing dependencies on gram.h + [4f94bbb1d50c] + + * match.c: + Use runas_matches in alias_matches() now that we have it. + [284d22e91178] + + * parse.c, parse.h: + Expand aliases in "sudo -l" mode + [f67a38b79c44] + + * gram.y, match.c: + Use ALIAS for the member type when storing an alias instead of + HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the + more generic type. Expand runas_matches instead of calling + user_matches() inside of it since user_matches() looks up + USERALIASes, not RUNASALIASes. + [52004d75232b] + + * CHANGES, getspwuid.c: + Paranoia; zero out pw_passwd before freeing passwd entry. + [bd1b22638f00] + + * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure, + configure.in, defaults.c, emul/err.h, env.c, err.c, error.c, + error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c, + sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c: + Add local error/warning functions like err/warn but that call an + additional cleanup routine in the error case. This means we no + longer need to compile a special version of alloc.o for visudo. + [25000b676cfe] + + * match.c: + Use userpw_matches() to compare usernames, not strcmp(), since the + latter checks for "#uid". + [fcbe4b859f66] + + * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c: + Cache passwd db entries in 2 reb-black trees; one indexed by uid, + the other by user name. The data returned from the cache should be + considered read-only and is destroyed by sudo_endpwent(). + [ee2418ff3f86] + + * match.c: + add cast to uid_t + [eb6415302d84] + + * gram.y: + missing free in alias_destroy + [572ecb680ad8] + + * redblack.c: + Can't use rbapply() for rbdestroy since the destructor is passed a + data pointer, not a node pointer. + [11ce713830c0] + + * getspwuid.c, logging.c, sudo.c, sudo.h: + Create and use private versions of setpwent() and endpwent() that + set/end the shadow password file too. + [616bc76d23bf] + + * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c: + Store aliases in a red-black tree. + [ce017d540416] + + * Makefile.in, redblack.c, redblack.h: + red-black tree implementation + [cd5586e8f48b] + + * visudo.c: + Edit all sudoers file if there were unused or undefined aliases and + we are in strict mode. + [b6d5f5bb7262] + +2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c, + find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c: + Bring back the "secure_path" Defaults option now that Defaults take + effect before the path is searched. + [2e52c0e27606] + +2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c, parse.c: + A user can always list their own entries, even with -u. Better error + message when failing to list another user's entries. + [e2e24deb0071] + + * parse.c, sudo.c, sudo.h: + The syntax to list another user's entries is now "-u otheruser -l". + Only root or users with sudo "ALL" may list other user's entries. + [3c0657e8f5fe] + + * sudo.cat, sudo.man.in, sudo.pod: + Update env variable info in SECURITY NOTES + [299716071024] + + * env.c: + strip CDPATH too + [9b97643b26f9] + + * env.c: + strip exported bash functions from the environment. + [9e5090c8284f] + +2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Only reset sudo_user.pw based on SUDO_USER environment variables for + real commands and sudoedit. This avoids a confusing message when a + user tries "sudo -l" or "sudo -v" and is denied. + [3ea6d0053274] + + * gram.c, gram.y, parse.h: + Extend LIST_APPEND to deal with appending lists too + [d963e42f622f] + +2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + Convert some bitwise AND to ISSET + [130dc40d268e] + + * lex.yy.c, toke.c: + toke.c replaces lex.yy.c + [048858df79e7] + + * CHANGES, TODO: + sync + [d19e7abf251c] + + * BUGS: + new parser fixes most of the outstanding bugs + [0891f66e3758] + + * configure: + regen + [1a3358cc7283] + + * visudo.c: + Rework for the new parser. Now checks for unused aliases in sudoers. + [ad462ede3094] + + * testsudoers.c: + Rewrite for the new parser. Now supports a -d flag (dump) and adds a + -h flag (host). It now defaults to the local hostname unless + otherwise specified. + [1b69685cc601] + + * sudo.h: + Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h) + [2e4fb3abfef0] + + * sudo.c: + Update for new parse. We now call find_path() *after* we have + updated the global defaults based on sudoers. Also adds support for + listing other user's privs if you are root. + [cf3db9fc3024] + + * mon_systrace.c: + Working LDAP support; also remove a now-unneeded rewind(). + [649ecf1baf6b] + + * logging.c, logging.h: + Add NO_STDERR flag. + [6cb935af94e0] + + * ldap.c: + Split sudo_ldap_check() into three pieces: sudo_ldap_open(), + udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to + connecto to LDAP, apply the default options, find the command in the + user's path, and then check whether the user is allowed to run it. + The important thing here is that the default runas user may be + specified as a default option and that needs to be set before we + search for the command. + [fc0426abc6f1] + + * ldap.c: + Add casts to unsigned char for isspace() to quiet a gcc warning. + [e5358e3df439] + + * defaults.h: + Add prototype for update_defaults() + [564dac3db74e] + + * defaults.c: + Don't warn about line numbers now that we operate on a set of data + structures (or LDAP) and not a file. + [bcd9ffb9b67c] + + * config.h.in: + No long use lsearch() + [9d048c587319] + + * Makefile.in: + Update for new and changed file names. + [6f424a7c4515] + + * LICENSE: + no more BSD lsearch.c + [463a96d89026] + + * match.c: + foo_matches() routines now live in match.c Added user_matches(), + runas_matches(), host_matches(), cmnd_matches() and alias_matches() + that operate on the parsed sudoers file. + [b14da8a0567e] + + * parse.lex, toke.l: + Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer() + WORD no longer needs to exclude '@' kill yywrap() + [a922294eb7b7] + + * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c, + sudo.tab.h: + Rewritten parser that converts sudoers into a set of data + structures. This eliminates ordering issues and makes it possible to + apply sudoers Defaults entries before searching for the command. + [30d2ec4d203c] + + * configure.in, emul/search.h, lsearch.c: + We won't be using lsearch() any longer. + [29c4d54bfac0] + + * ldap.c: + sudo should not send mail if someone who runs 'sudo -l' has no + entry. + [6fc27a69fd9c] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [8166347917f3] + + * visudo.pod: + Update warnings to match new visudo + [004c0766798f] + + * sudoers.pod: + The new parser doesn't have the old ordering constraints. + [ffd43bd08661] + + * sudo.pod: + Document that -l now takes an optional username argument + [278f9557de8b] + +2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + AIX 5.2.0.0 works + [523acd29d858] + + * ldap.c: + If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes + a compilation problem with Solaris 9's native LDAP. + + Set FLAG_MONITOR when needed. + [35824ade672d] + +2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + Call sudo_goodpath() *after* changing the cwd to match the traced + process. Fixes relative paths. + [12ee111d0ad7] + +2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * testsudoers.c: + Kill set_perms() stub--it is no longer needed. + [116ed702935d] + +2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in, sudoers.pod: + stay_setuid now requires set_reuid() or setresuid() + [8511f67e25d5] + + * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure, + configure.in, set_perms.c, sudo.c, sudo.h: + Kill use of POSIX saved uids; they aren't worth bothering with. + [b3b1f19f18c1] + +2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * glob.c: + remove call to issetugid() + [63f2e492c08f] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Remove warning about wildcards. Now that we use glob() the bug is + fixed. + [b15729d32266] + + * parse.c: + Use glob(3) instead of fnmatch(3) for matching pathnames and stat + each result that matches the basename of the user's command. This + makes "cd /usr/bin ; sudo ./blah" work when sudoers allows + /usr/bin/blah. Fixes bug #143. + [e31eb6310340] + + * config.h.in, configure, configure.in: + Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and + GLOB_BRACE) + [677ed6661e17] + + * config.h.in, configure, configure.in: + Check for a glob() that supports GLOB_BRACE and GLOB_TILDE + [aaa2329dd266] + + * LICENSE: + reference glob + [bedc9a923423] + + * emul/glob.h: + 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions + removed. + [0335cf31fb1e] + + * glob.c: + 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions + removed. + [81799451473c] + +2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means + we are out of space in the stack gap... + [5b02b702021e] + + * CHANGES: + sync + [be3826273e56] + + * mon_systrace.c: + Take a stab at ldap sudoers support here. + [9d023695b0de] + + * mon_systrace.c, mon_systrace.h: + Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" + doesn't cause reboot to inadvertanly kill itself. + [d4aab2365610] + + * mon_systrace.c: + put "monitor" in the proctitle, not "systrace" + [9a9025767d86] + + * mon_systrace.c: + When modifying the environment, don't replace envp when we can get + away with just rewriting pointers in the traced process. + [c03622f7a2e2] + + * mon_systrace.c, mon_systrace.h: + Add environment updating via STRIOCINJECT (if available). + [037291016870] + + * sudoers.cat, sudoers.man.in: + regen + [869acc511046] + +2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c: + regen + [4e61a9bd3c97] + + * parse.lex: + Fix bug introduced in unput() removal; want yyless(0) not yyless(1) + [b70d7bd6e147] + + * mon_systrace.c: + Include file is now mon_systrace.h + [ead4e36d92ae] + + * Makefile.in, configure, configure.in, def_data.c, def_data.h, + def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc, + sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod: + No longer call it tracing, it is now "monitoring" which should be + more a obvious name to non-hackers. + [aa811ded0789] + +2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c, mon_systrace.h: + Fix some XXX + [a271072dacc6] + + * mon_systrace.c, mon_systrace.h: + No need to include syscall.h, use 1024 as the max # of entries (the + max that systrace(4) allows). + + Only need to use SYSTR_POLICY_ASSIGN once + + Change check_syscall() -> find_handler() and have it return the + handler instead of just running it. We need this since handler now + have two parts: one part that generates and answer and another that + gets called after the answer is accepted (to do logging). + + Add some missing check_exec for emul execv + [a89d243f0525] + + * sample.pam, sample.sudoers, sample.syslog.conf, sudoers: + Add $Sudo$ tags. + [6f3fedb0daba] + + * config.h.in: + Add missing HAVE_LINUX_SYSTRACE_H + [ff75ab7bfc53] + + * Makefile.in: + add trace_systrace.o dependency + [88a408668ab2] + +2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Also look for systrace.h in /usr/include/linux + [98b98b436cf3] + + * mon_systrace.c, mon_systrace.h: + Move all struct defs and prototypes into trace_systrace.h and mark + all but systace_attach() static. + [85511253b570] + + * mon_systrace.c, mon_systrace.h: + Add support for tracing emulations. At the moment, all emulations + are compiled in. It might make sense to #ifdef them in the future, + though this impeeds readability. + [87bb50abf277] + + * Makefile.in, configure, configure.in: + rename systrace.c -> trace_systrace.c + [31cfa4407d93] + + * parse.yacc, sudo.tab.c: + Allow this to build with a K&R compiler again + [32876af5bb98] + + * TODO: + sync + [46865bd70f7c] + + * compat.h, sudo.c, visudo.c: + Use __attribute__((__noreturn__)) + [65bbad71fe89] + + * visudo.c: + Exit() takes a negative value to indicate it was not called via + signal. + [b93032ed7b60] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [45bcf4661558] + + * Makefile.in, visudo.c: + Define Err() and Errx() that are like err() and errx() but call + Exit() instead of exit(). Build private copy of alloc.o for visudo + that calls Err() and Errx(). + [c6d02bf42edd] + +2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c, sudo.tab.c: + regen + [39de7e7c59da] + + * CHANGES: + sync + [ba481d9ed1aa] + + * visudo.c: + Overhaul visudo for editing multiple files: o visudo has been broken + out into functions (more work needed here) o each file is now edited + before sudoers is re-parsed o if a #include line is added that file + will be edited too + + TODO: o cleanup temp files when exiting via err() or errx() o + continue breaking things out into separate functions + [80c35cf534eb] + + * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c: + Add keepopen arg to open_sudoers that open_sudoers can use to + indicate to the caller that the fd should not be closed when it is + done with it. To be used by visudo to keep locked fds from being + closed prematurely (and thus losing the lock). + [f330fe632470] + + * parse.yacc, sudo.c: + Add errorfile global that contains the name of the file that caused + the error. + [98079c7a37ed] + + * parse.lex: + return COMMENT to yacc grammar for a #include line + [2024a8de4fa8] + + * parse.lex: + Remove us of unput() in favor of yyless() which is cheaper. + [c61291902beb] + + * parse.yacc: + Allow an empty sudoers file. + [62fb111db2e7] + +2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us. + [9e15869ef597] + + * lex.yy.c, sudo.tab.c: + regen + [c29bdd43bfad] + + * visudo.c: + Do signal setup before calling edit_sudoers(). Don't shadow the + "quiet" global. + [74252efd09ff] + + * visudo.c: + If a sudoers file includes other files, edit those too. Does not yes + deal with creating the new includes files itself. + [06af7b9c173f] + + * testsudoers.c: + init_parser now takes a path + [b5ee186eb192] + + * parse.c, parse.h, parse.lex, parse.yacc: + More scaffolding for dealing with multiple sudoers files: o + init_parser() now takes a path used to populate the sudoers global o + the sudoers global is used to print the correct file in yyerror() o + when switching to a new sudoers file, perserve old file name and + line number + [d9be4970b8bd] + + * Makefile.in, pathnames.h.in: + Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have + multiple sudoers files. + [6ccc4e921c43] + + * parse.c, sudo.c: + Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so + we start at the right file position when reading include files. + [91fcb961e7a4] + + * sudoers.pod: + document #include + [fbb92a25a726] + + * lex.yy.c: + regen + [50cd7a4c9dff] + + * parse.lex: + Add max depth of 128 for the include stack to avoid loops. + + Since yyerror() doesn't stop parsing, pass return values back to + yylex and call yyterminate() on error. + [e79dbffb729d] + +2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + document tracing + [165a467eadd8] + + * sudo.pod: + Mention PREVENTING SHELL ESCAPES section of sudoers man page + [3217ccecd834] + + * lex.yy.c, sudo.tab.c: + regen + [fbd58d1d3a76] + + * parse.lex: + Add support for #include in sudoers (visudo support TBD) + [a78015ca81af] + + * parse.yacc: + make yyerror()'s argument const + [7d8e168c019a] + + * testsudoers.c, visudo.c: + Add open_sudoers() stubs. + [087466787198] + + * sudo.c, sudo.h: + Rename check_sudoers() open_sudoers() and make it return a FILE * + [142fc511fc65] + +2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: + Crank version + [1adc3f839480] + + * Makefile.in, sudo.psf: + Better HP-UX depot construction + [2d952b000e63] + +2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * mon_systrace.c: + o Made children global so check_exec() can lookup a child. o + Replaced uid in struct childinfo with struct passwd * (for runas) o + new_child() now takes a parent pid so the runas info can be + inherited o Added find_child() to lookup a child by its pid o + update_child() now fills in a struct passwd o Converted the big + if/else mess in set_policy to a switch o Syscalls that change uid + are now "ask" so we get SYSTR_MSG_UGID events + [29b9ea3f09a3] + + * getspwuid.c: + Add flag to sudo_pwdup that indicates whether or not to lookup the + shadow password. Will be used to a struct passwd that has the shadow + password already filled in. + [e19d43dd7238] + + * mon_systrace.c: + add missing increment of addr in read_string() + [f9eb0f060cb6] + + * mon_systrace.c: + Remove bogus call to update_child() and some cosmetic fixes + [701ab0b97fef] + + * mon_systrace.c: + Don't leak /dev/systrace fd to tracee Make initialized global for + simplicity If STRIOCATTACH returns EBUSY we are already being traced + Check for user_args == NULL in setproctitle() call Add missing calls + to STRIOCANSWER + [1956edf9bc3a] + + * sudo.c: + g/c sudo_pwdup proto + [b7c4d6249ecb] + + * Makefile.in, sudo.psf: + Add target for building a depot file + [357019efd99b] + + * mon_systrace.c: + trim includes + [501534428471] + +2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen + [52fd250c6986] + + * INSTALL: + document --with-systrace + [79623927c94e] + + * config.h.in, configure, configure.in: + Add check for setproctitle + [1730cf1c26ed] + + * mon_systrace.c: + pass struct str_msg_ask in to syscall checker so it can set the + error code + [1703fd2fdef6] + + * mon_systrace.c: + systrace(4) support for sudo. On systems with the systrace(4) kernel + facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec + calls and check the exec args against the sudoers file. In other + words, sudo can now control subcommands and shell escapes. + [928c9217c386] + + * sudo.c, sudo.h: + Call systrace_attach() if FLAG_TRACE is set. + [014ba9402fa5] + + * parse.c, parse.h, parse.lex, parse.yacc, sudo.h: + Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE + [a99904db5e56] + + * parse.c, sudo.c: + Don't close sudoers_fp, keep it open and set close on exec flag + instead. + [43a9fec60bee] + + * def_data.c, def_data.h, def_data.in: + Add trace option + [5b643b86730a] + + * Makefile.in: + Add systrace + [47a0519c427c] + + * INSTALL: + SunOS /bin/sh blows up with configure + [005a23cc5615] + + * configure, configure.in: + Include sys/param.h before systrace.h + [9345bc8efecf] + + * configure: + regen + [a8f53fcbb254] + + * pathnames.h.in: + _PATH_DEV_SYSTRACE + [d2ad1e492a00] + + * configure.in: + line up options in --help + [fa51f2821d09] + + * config.h.in, configure.in: + Add --with-systrace + [a264d54bc413] + +2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [a4dad0bcc523] + + * aclocal.m4, configure.in: + make this work with autoconf-2.59 + [c4a92b6a684a] + +2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Simplify logic around open & stat of files and do sanity on edited + file even if we lack fstat (still racable but worth doing). + [adda65ade70c] + +2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY: + Add support url + [bf6590fbde9f] + + * Makefile.in: + versino 1.6.8p1 + [b84ebfaf1552] [SUDO_1_6_8p1] + + * CHANGES: + more changes for 1.6.8p1 + [e23a9c0393b6] + + * version.h: + 1.6.8p1 + [872f14504b5f] + + * CHANGES, sudo_edit.c: + Add sanity check so we don't try to edit something other than a + regular file. + [350134ec6d4e] + +2004-09-15 Aaron Spangler <aaron777@gmail.com> + + * CHANGES: + sync + [3091ca9eae00] + + * INSTALL: + document --with-ldap-conf-file + [0e2cd6b896f1] + +2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, ins_csops.h: + political correctness strikes again + [428e8bc77f55] + + * RUNSON: + sync + [27f44bd423dc] + +2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.binary.in, Makefile.in: + Install sudoedit man link + [19a55234fc1f] + + * INSTALL: + Update PAM note and mention where HP-UX users can download gcc + binaries. + [d37cdbbabfd4] + + * Makefile.in: + libtool wants to install stuff from .libs so fake one up for binary + installations. + [a681bc6fcfba] + + * Makefile.binary.in: + rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly + [3e0c4b3372cc] + + * Makefile.in: + Deal with "uname -m" having slashes in it rm -f old sudoedit link + instead of using ln -f + [cff33fb97e5b] + + * Makefile.binary, Makefile.binary.in: + Makefile.binary -> Makefile.binary.in for config.status substitution + Add support for installing noexec bits + [37d8bb3483c6] + + * Makefile.in: + Copy noexec bits into binary dists too No longer use my old arch + script for making binary dists + [e7058bab9e33] + + * Makefile.binary: + Install sudoedit link. + [417d1e101711] + +2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * emul/utime.h: + avoid __P so there is no need for compat.h to be included + [6d8d1f1abf7d] + + * utimes.c: + Don't use HAVE_UTIME_H before including config.h. + [013b7bb61181] + +2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + Fix Solatis futimes macro + [d4eda2ca0d29] + +2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Rename ots -> omtim for improved readability. + [127ca5bb297c] + +2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Redo changes in revision 1.7. Don't really need to keep the temp + file open; re-opening it with the invoking user's euid is + sufficient. + [55a883165a95] + + * CHANGES: + sync + [9015b291170d] + + * sudo.cat, sudo.man.in: + regen + [c0313f6ed783] + + * sudo.pod: + back out revision 1.70; it is no long applicable + [b641d503aff6] + + * env.c: + Let the loader initialize nep + [bec192139b02] + + * config.h.in, configure, configure.in: + Removed unneed check for fchown Add check for gettimeofday Move + autoheader template stuff into separate AH_TEMPLATE lines + [bfc0edbd43f2] + + * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c: + Use timespec throughout. + [1a178a23b69b] + + * Makefile.in: + gettime.[co] + [6aeb48a7ab7f] + + * gettime.c: + function to return the current time in a struct timespec + [bf8eb12cb63f] + + * utimes.c: + Not a darpa-sponsored file. + [121ce5e2036c] + +2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h, config.h.in, configure, configure.in: + Add a check for struct timespec and provide it for those without. + [42124055030d] + + * config.h.in, configure, configure.in, sudo_edit.c: + Add checks for st_mtim and st_mtimespec and add macros for pulling + the mtime sec and nsec out of struct stat. These are used in + sudo_edit() to better tell whether or not the file has changed. + [23debfbb3fab] + + * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c: + Add an extra param to touch() for nsec + [56f7a4ba8ddb] + + * sudo_edit.c: + Call mkstemp() as the in invoking user so we don't have to chown the + file later. Only touch() the temp file if we can do it via the file + descriptor. Don't check for modification of the temp file if we lack + fstat(). Catch errors read()ing the temp file. + [665f52c70836] + + * fileops.c: + If path is NULL and fd == -1 return -1. + [757a518a824c] + + * sudo_edit.c: + closefrom() is overkill, the only extra fds are the ones we opened + so just close those in the child. + [f361c9d2a1f4] + + * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure, + configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c, + visudo.c: + Use utimes() and futimes() instead of utime() in touch(), emulating + as needed. Not all systems are able to support setting the times of + an fd so touch() takes both an fd and a file name as arguments. + [3d9276f29717] + +2004-09-07 Aaron Spangler <aaron777@gmail.com> + + * env.c: + Rare SEGV + [8995f828782d] + +2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [b8e9406711c5] + + * sudo.pod, sudoers.pod, visudo.pod: + Add SUPPORT section and re-order some of the sections to match the + order we use in OpenBSD. + [fa37bd917e2c] + +2004-09-06 Aaron Spangler <aaron777@gmail.com> + + * env.c: + Openldap ~/.ldaprc fix + [1a37afe6850f] + +2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + Talk about how the editor must write its changes to the original + file and not just use rename(2). + [c55ed91c5ee9] + + * CHANGES: + sync + [62af26bd37a2] + + * sudo_edit.c: + Keep the temp file open instead of re-opening after the editor has + exited. + [de41eeb6dcf2] + + * sample.pam: + Update for current redhat/fedora core. + [8cf083077333] + +2004-09-03 Aaron Spangler <aaron777@gmail.com> + + * README.LDAP: + tls_ examples + [ba783d88a034] + +2004-09-02 Aaron Spangler <aaron777@gmail.com> + + * ldap.c: + config tls_* options + [0b0e0797b3b9] + +2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + No need for -lcrypt when using pam. + [41fff3a53e68] + +2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [75820aecce2c] + +2004-08-27 Aaron Spangler <aaron777@gmail.com> + + * configure.in, ldap.c, pathnames.h.in: + Allow --with-ldap-conf-file option to override LDAP_CONF + [c9909bc484a5] + + * ldap.c: + cleanup debug message + [1f6ca4824d8d] + +2004-08-26 Aaron Spangler <aaron777@gmail.com> + + * README.LDAP: + more config info + [f2e7147fd507] + +2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c: + Add cmnd_base to struct sudo_user and set it in init_vars(). Add + cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No + longer use gross statics in command_matches(). Also rename some + variables for improved clarity. + [7169a6c7bea4] + +2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + document HP's crippled compiler deficiency. + [c405ea5a8d4c] + + * INSTALL: + Fix some thinkos in --with-editor and --with-env-editor + descriptions. Noticed by Norihiko Murase. + [dd781de1c985] + + * configure, configure.in: + --with-noexec takes an optional PATH argument. + [8f6ab77f22cc] + + * INSTALL: + document --with-noexec + [50cb1fc627ce] + +2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON, TODO: + sync + [f2503bd13373] [SUDO_1_6_8] + + * sudo_edit.c: + Better warning message when sudoedit is unable to write to the + destination file. + [f78c18f2ffa8] + + * sudo.cat, sudo.man.in: + regen + [7e2bf63d6d9a] + + * sudo.pod: + Don't italicize the string "sudoedit" + [c691643bd269] + +2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY: + Mention GratiSoft. + [dc53de581b2d] + +2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [8ae0484dfc38] + + * parse.yacc: + Reset used_runas to FALSE when re-intializing the parser. + [b7403f353a02] + +2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess: + Correct OpenBSD mips support + [314fc7afc165] + + * config.guess: + Add OpenBSD/mips + [ac87d0a773ef] + +2004-08-07 Aaron Spangler <aaron777@gmail.com> + + * README.LDAP: + More behavior notes + [13be1d212b47] + + * README.LDAP: + Updates on current behavior + [d498a8866d6f] + +2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + =back does not take an indentlevel (makes no difference to formatted + files). + [e5f479e24fa8] + + * sudoers.pod: + =back does not take an indentlevel (makes no difference to formatted + files). + [9c8523bb382a] + + * CHANGES: + new + [2dbd9aba8b33] + + * sudo.c: + Consistency. Use same error for bad -u #uid when targetpw is set as + we do when a bad -u username is specified. + [922961c4a9d6] + + * TODO: + Add checksum idea from Steve Mancini + [e6ece1b766ba] + + * sudo.cat, sudo.man.in: + regen + [f93d41fc38b1] + + * sudoers.cat, sudoers.man.in: + regen + [370d2317829f] + + * sudo.pod, sudoers.pod: + Document the restriction on uids specified via -u when targetpw is + set. + [878fedb455db] + + * sudo.c: + Error out when targetpw is enabled and sudo is run with -u #uid but + #uid does not exist in the passwd database. We can't do target + authentication when the target is not in passwd! + [27c5888c86eb] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + regen + [ceb65711050c] + + * TODO: + Some more todo for the next release. + [7b7417be7601] + + * INSTALL: + Make it clear that PAM should be used for DCE support when possible. + [7502029fd385] + + * sudoers.pod: + o Document problems with wildcards and relative paths. o Make the + order requirements more prominent. o Change a "set" to "reset" for + clarity. + [bacdd181b33f] + +2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + Mention --with-secure-path, not SECURE_PATH. + [41283ddde5e1] + +2004-08-03 Aaron Spangler <aaron777@gmail.com> + + * ldap.c: + reflect changes to parse.c + [8880fe9b724d] + +2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [a57658ca9177] + + * parse.yacc: + Don't pass user_cmnd and user_args to command_matches(), just use + the globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and cmnd_args + will work. + [a4910bf6032b] + + * parse.c, parse.h, testsudoers.c, visudo.c: + Don't pass user_cmnd and user_args to command_matches(), just use + the globals there. Since we keep state with statics anyway it is + misleading to pretend that passing in different cmnd and cmnd_args + will work. + [0a2544991fd6] + + * parse.c: + Fix a bug introduced in rev. 1.149. When checking for pseudo- + commands check for a '/' anywhere in cmnd, not just the first + character. + [ce98142f03ca] + +2004-07-31 Aaron Spangler <aaron777@gmail.com> + + * sudo.man.in, sudo.pod: + Clarification thanks to Olivier Blin <oblin@mandrakesoft.com> + [a91800e094b1] + + * sudoers.man.in, sudoers.pod: + Add ignore_local_sudoers + [741ddcbf7083] + + * README.LDAP: + Sun One schema definition by Andreas.Bussjaeger@t-systems.com and + janth@moldung.no + [742c02e07cd9] + +2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + typo + [e7cdefbd7a9a] + +2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + sync + [734dafc4a85e] + + * parse.c: + Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless + PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse. + [151b7f593568] + +2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + PAM change + [d8fb6d6a22d0] + +2004-07-08 Aaron Spangler <aaron777@gmail.com> + + * ldap.c: + Better debugging of ALL command + [9db3e84029dc] + +2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + When matching for "sudoedit" in sudoers check both the command the + user typed *and* the command that is listed in the sudoers entry. + [f36ca1f94095] + +2004-07-04 Aaron Spangler <aaron777@gmail.com> + + * ldap.c: + Added !command feature + [ed539574611b] + +2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell + [2be8e0e8813a] + +2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE: + License is ISC-style, not BSD-style + [ac0589e1dd5d] + + * CHANGES: + sync + [16058a30f404] + +2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in: + regen + [8820eb9c809b] + + * sudo.pod: + o Update some out of date bits to reality o Change the shell promt + in examples to bourne-shell style o Clarify some details o Add a + CAVEAT about "sudo cd /foo" + [b0af373214b6] + + * check.c: + Don't ask for a password if invoking user == target user. + [dd5c96141132] + + * sudo.c: + typo in comment + [278d20f9b249] + +2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in: + regen + [9036c6f39eff] + + * sudoers.pod: + Expand on NOEXEC a little. + [9a13756aebe4] + + * TODO: + sync + [8d2c1af48de8] + + * visudo.cat, visudo.man.in: + regen + [3921f01607c8] + + * sudo.tab.c: + regen + [9338c3d68250] + + * CHANGES, parse.yacc, visudo.c: + Add a check in visudo for runas_default being set after it has + already been used. + [803560986a8a] + + * visudo.pod: + Add a check in visudo for runas_default being set after it has + already been used. + [6700358d7ad8] + + * sudo.tab.c: + regen + [b60636e2cf63] + + * parse.yacc: + Add a MATCHED macro for testing whether foo_matches has been set to + TRUE or FALSE. This is more readable than checking for >=0 or < 0. + Doesn't change the actual code generated. + [f376da8ccdc8] + +2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat: + regen + [6cceb6d6c9bd] + + * sudoers.man.in: + regen + [5acd12b730b3] + + * sudoers: + Correct description of where Defaults specs should go. + [868db857630d] + + * sudoers.pod: + Correct description of where Defaults specs should go. + [6b11ff53d7ad] + + * auth/bsdauth.c, auth/kerb5.c: + update (c) year + [d72eb434c068] + + * auth/pam.c: + update (c) year + [87149e0eed50] + + * find_path.c: + update (c) year + [40c227af9227] + + * ldap.c: + update (c) year + [f264632488a0] + + * logging.h: + update (c) year + [3cec76d400ce] + + * testsudoers.c, visudo.c: + update (c) year + [272c8a53604c] + +2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [83408d9e9d2e] + + * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c: + Remove trailing spaces, no actual code changes. + [4c3bf2819293] + + * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c: + Remove trailing spaces, no actual code changes. + [c7075d1cbed5] + + * tgetpass.c: + Remove trailing spaces, no actual code changes. + [96f6e0a24c26] + + * compat.h, defaults.c, env.c: + Remove trailing spaces, no actual code changes. + [893e83c33795] + + * find_path.c: + Remove trailing spaces, no actual code changes. + [7ed7099f3c71] + + * getcwd.c: + Remove trailing spaces, no actual code changes. + [776cc0374547] + + * check.c: + Remove trailing spaces, no actual code changes. + [f77750f8803b] + + * sudo.tab.c: + regen + [62e0ed883b31] + + * parse.yacc: + Fix a >=0 that should be <0 that was improperly converted when + UNSPEC was added. + [ad1531a55a49] + + * parse.yacc: + Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not + NOMATCH when resetting it. + [ae017a12870a] + + * parse.yacc: + Fix pastos introduced in SETNMATCH addition. + [6ea1c9d80681] + +2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * README.LDAP: + Update for configure changes + [637a635da287] + + * sudo.tab.c: + regen + [4753c2788713] + + * parse.yacc: + Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use + these in parse.yacc. Also in parse.yacc initialize the *_matches + vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use + when setting *_matches to a value that may be + NOMATCH/UNSPEC/TRUE/FALSE. + [746b519e41a6] + + * sudo.h: + Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use + these in parse.yacc. Also in parse.yacc initialize the *_matches + vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use + when setting *_matches to a value that may be + NOMATCH/UNSPEC/TRUE/FALSE. + [2ba622e15a4d] + + * parse.yacc: + Initialize runas to -2, not -1 since we need to be able to + distinguish between the initialized value and the value of a non- + match when passing along the runas value to multiple commands. + + The result of this is that an unmatched runas is now set to -1, not + 0. This is required now that parse.c treats a FALSE value for runas + as being explicitly denied. + [7791ed3621f6] + +2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * getprogname.c: + Error out if argc < 1. + [c566cce8dc78] + + * sudo.c, visudo.c: + Error out if argc < 1. + [ce6b2a9eda3c] + + * configure, configure.in: + Add tests for what libs we need to link with for ldap and for + whether or not lber.h needs to be explicitly included. + [b2e9729cc4e7] + +2004-06-03 Aaron Spangler <aaron777@gmail.com> + + * ldap.c: + Solaris native LDAP build fix + [39929e40eb11] + +2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * ldap.c: + Set edn to NULL is ldap_get_dn() fails to avoid potential use of an + unset variable. + [6a4c20a66f98] + + * sudo.h: + Add prototype for sudo_ldap_list_matches + [443b007a8dab] + + * compat.h: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [8d50ff1bbf2a] + + * config.h.in: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [34eace4faec8] + + * configure, configure.in: + Better check for dirfd macro--we now set HAVE_DIRFD for the macro + version too. Added check for dd_fd in `DIR' if no dirfd is found; + this is now used to confitionally define the dirfd macro in + compat.h. + [567656978f7e] + + * closefrom.c: + Only check /proc/$$/fd if we have the dirfd function/macro. + [15e3ccce7553] + + * compat.h, config.h.in, configure, configure.in: + Add a check for a dirfd() function (like Linux) and add a dirfd + macro in compat.h if there is no dirfd() function or macro. + [1e95756edb50] + + * closefrom.c, getcwd.c: + dirfd() is now defined in compat.h as needed. + [bb1d79271188] + + * CHANGES: + Clarify closefrom() note. + [f4e4a5508dda] + + * parse.c: + When checking for a command in the directory, only copy the base dir + once. + [7a3276808b87] + + * closefrom.c: + If there is a /proc/$$/fd directory, behave like the Solaris + closefrom() and only close the descriptors listed therein. + [19de23779e84] + + * alloc.c: + compat.h guarantees INT_MAX is defined. + [1bf0c79d4606] + + * compat.h: + Add definitions of OPEN_MAX and INT_MAX for those without it and + remove definition of RLIM_INFINITY (now unused). + [f827d1ebf96e] + + * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c, + sudo.c, sudo.h, visudo.c: + Use PATH_MAX, not MAXPATHLEN since the former is standardized. + [59788f211c24] + +2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + sync + [d32fa124f1ad] + + * RUNSON: + Add some entries that were mailed in a while ago + [ff8d5bfec54e] + + * closefrom.c: + o sysconf returns a long, not an int. o check for negative return + value from sysconf/getdtablesize and use OPEN_MAX in this case. o + define OPEN_MAX to 256 for those without it (a fair guess...) + [ccf81ae6deb2] + +2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * UPGRADE: + Mention change in parse order for RunAs entries. + [dc73b0bca617] + + * configure: + regen + [07cce8e0534e] + +2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, README.LDAP, config.h.in, configure.in: + o --with-ldap now takes an optional dir as a parameter o added check + for ldap_initialize() and start_tls_s() + [2b846c7974c6] + + * README.LDAP: + Fix some typos, word choice and formatting issues. + [00dc8ca84b10] + +2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use + read/write as it is simpler. + [30f5446ee8b0] + + * configure, configure.in: + Remove hack overriding cross-compiler check. It should no longer be + needed. + [22a6cbd88608] + + * compat.h: + Remove select() compat bits since we no longer use select(). + [d7bbf7cd36f5] + + * CHANGES, tgetpass.c: + Use alarm() instead of select() for the timeout for systems that + don't fully/properly implement select(). + [d7cc60f15800] + +2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + synbc + [132a39788e07] + + * RUNSON: + update + [61ef508380c6] + + * set_perms.c: + Deal with systems that have no way of setting the effective uid such + as nsr-tandem-nsk. + [306e00e9b5a4] + + * configure, configure.in: + Define NO_SAVED_IDS if we don't find seteuid() + [8588f18345cf] + + * config.h.in, configure, configure.in: + Add back check for setreuid() since NSK doesn't have it. + [43127bd703d1] + + * sudoers.cat, sudoers.man.in: + regen + [af4f4b20e422] + + * BUGS: + sync + [3593f17f72ed] + + * CHANGES: + sync + [29ca3b699c24] + + * parse.c: + In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was + explicitly denied and the command matched. This fixes a long- + standing bug and makes: foo machine = (ALL) /usr/bin/blah foo + machine = (!bar) /usr/bin/blah + + equivalent to: foo machine = (ALL, !bar) /usr/bin/blah + [2f5ee244985a] + + * sudoers.pod: + Clarify mail_noperm + [3238b2d41989] + +2004-05-20 Aaron Spangler <aaron777@gmail.com> + + * Makefile.in: + Missing DESTDIR in make install for sudo_noexec.la + [91431e821525] + +2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + regen + [cdfde0dcb556] + + * TODO: + sync + [4799b7d8b62c] + + * sample.sudoers: + Remove fastboot/fasthalt (who still remembers these?) and add a + minimal sudoedit example. + [b1bca73d6250] + + * sudoers.pod: + Remove fastboot/fasthalt (who still remembers these?) and add a + minimal sudoedit example. + [19d299f233cd] + + * CHANGES, INSTALL: + filesystem -> file system + [85948b608ffe] + + * TROUBLESHOOTING: + filesystem -> file system + [39fb594e9338] + + * UPGRADE, sudo.c, visudo.c: + filesystem -> file system + [1e1afaf30469] + + * sudo.pod, sudoers.pod: + Fix some minor typos and formatting goofs + [e94d243a0b90] + + * lex.yy.c: + regen + [2eed0ab1f4c4] + + * visudo.pod: + remove my email addr + [b63262c0389b] + + * sudo.pod, sudoers.pod, visudo.pod: + Use @mansectform@ and @mansectsu@ everywhere Make man page + references links with L<> + [f459f4b9ddb9] + + * parse.lex: + Accept quoted globbing characters and pass them verbatim for + fnmatch() + [8248b86e9380] + + * UPGRADE: + Document that /tmp/.odus is gone. + [3667b66af5bb] + + * pathnames.h.in: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [48d94c9f9ad4] + + * CHANGES: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [6058c4cefcec] + + * aclocal.m4: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [cf52c4c2803f] + + * configure: + No longer use /tmp/.odus as a possible timestamp dir unless + specifically configured to do so. Instead, if no /var/run exists, + use /var/adm/sudo or /usr/adm/sudo. + [058d7b8cf07b] + + * check.c, compat.h: + Preliminary changes to support nsr-tandem-nsk. Based on patches from + Tom Bates. + [390b698b5924] + + * logging.c: + Preliminary changes to support nsr-tandem-nsk. Based on patches from + Tom Bates. + [934bbe6872b6] + + * set_perms.c, sudo.c, tgetpass.c, visudo.c: + Preliminary changes to support nsr-tandem-nsk. Based on patches from + Tom Bates. + [2e5f81834383] + +2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + There was no 1.6.7p6. + [8013d2e6b062] + + * BUGS, CHANGES: + sync + [c38b41f32857] + + * Makefile.in: + add missing files to DISTFILES + [e6a80ad03039] + + * sudo.cat, sudoers.cat, visudo.cat: + regen + [027bc9746dd5] + + * sudoers.man.in: + regen + [f5e85ef686cf] + + * Makefile.in: + Fix some line wrap and update (c) year + [bad1f46aa1ca] + +2004-04-28 Aaron Spangler <aaron777@gmail.com> + + * README.LDAP: + Build Note + [7a061248249b] + +2004-04-07 Aaron Spangler <aaron777@gmail.com> + + * Makefile.in: + Fix install-dirs + [be0726dd92e7] + +2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [3f4f0d1ab8b9] + + * visudo.c: + In Exit() when used as a signal handler, emsg is a pointer so + sizeof() is wrong so make it a #define instead. Also avoid using a + negative exit value. Found by Aaron Campbell + [78716a3a3fdc] + +2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Remove bogus sentence about uids in a User_List. Document usernames + vs. uid parsing in a Runas_List. + [7ca510b5031c] + + * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + If the user specified a uid with the -u flag and the uid exists in + the passwd file, set runas_user to the name, not the uid. + + When comparing usernames in sudoers, if a name is really a uid + (starts with '#') compare it numerically to pw_uid. + [8d6935d04673] + +2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + krb5_mcc_ops should be const; Johnny C. Lam + [aa8c753e426e] + +2004-02-28 Aaron Spangler <aaron777@gmail.com> + + * CHANGES, config.h.in, ldap.c: + Added start_tls support + [7ef864c15b69] + +2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Clean up libtool stuff for 'make distclean' and add def_data.c, + def_data.h to PARSESRCS. + [bf9bb6bb06ab] + +2004-02-14 Aaron Spangler <aaron777@gmail.com> + + * strlcat.c, strlcpy.c: + Un-Fix last license munge + [42654b77ac71] + +2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [e4de6b23a4dc] + + * CHANGES, RUNSON, TODO: + checkpoint + [94e1ace84d5c] + + * lex.yy.c, sudo.tab.c: + regen + [8ce784505643] + + * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, + emul/search.h, emul/utime.h: + More to a less restrictive, ISC-style license. + [a31b20e48003] + + * auth/afs.c, auth/aix_auth.c, zero_bytes.c: + More to a less restrictive, ISC-style license. + [6d234be91c5e] + + * auth/bsdauth.c: + More to a less restrictive, ISC-style license. + [e21be6594b58] + + * auth/dce.c, auth/fwtk.c, auth/kerb4.c: + More to a less restrictive, ISC-style license. + [87534c164a52] + + * auth/kerb5.c, auth/pam.c: + More to a less restrictive, ISC-style license. + [e41f92b41216] + + * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, + visudo.man.in, visudo.pod: + More to a less restrictive, ISC-style license. + [b02aea324fd6] + + * Makefile.binary: + More to a less restrictive, ISC-style license. + [1ed561734535] + + * parse.lex, parse.yacc: + More to a less restrictive, ISC-style license. + [2f5942e847a1] + + * utime.c, version.h: + More to a less restrictive, ISC-style license. + [e2e038ad8209] + + * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h, + defaults.c: + More to a less restrictive, ISC-style license. + [d8d7bfc8a18b] + + * defaults.h: + More to a less restrictive, ISC-style license. + [008f5d5743f5] + + * env.c: + More to a less restrictive, ISC-style license. + [d5bd859757de] + + * fileops.c: + More to a less restrictive, ISC-style license. + [4129a8b38a67] + + * find_path.c, getprogname.c: + More to a less restrictive, ISC-style license. + [f605d5eab6f1] + + * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, interfaces.h: + More to a less restrictive, ISC-style license. + [520381c60a54] + + * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in, + set_perms.c: + More to a less restrictive, ISC-style license. + [64d772d70ab3] + + * sigaction.c, strerror.c: + More to a less restrictive, ISC-style license. + [4bccdedca58a] + + * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudo_edit.c: + More to a less restrictive, ISC-style license. + [71cdcc241e94] + + * sudo_noexec.c: + More to a less restrictive, ISC-style license. + [a6da7631e0b2] + +2004-02-13 Aaron Spangler <aaron777@gmail.com> + + * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in: + Merged in LDAP Support + [1038092a161e] + + * def_data.c, def_data.h, def_data.in: + Merged in LDAP Support + [8fb255280e42] + + * ldap.c, sudo.c, sudo.h: + Merged in LDAP Support + [547eaa346fcc] + + * sudoers2ldif: + Merged in LDAP Support + [3994c4d05947] + +2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h, sudo_noexec.c: + Only do "extern int errno" if errno is not a macro. + [b2e02a08be8b] + +2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + setreuid(0, 0) fails on QNX if the euid is not already 0 so set the + euid first, then just call setuid(0) to set the real uid too. + [f08546e2e0ee] + + * set_perms.c: + Use setresuid() and setreuid() for PERM_RUNAS when appropriate + instead of seteuid() which may not exist. + [ba508581befb] + +2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE: + 2004 + [37425513a342] + + * INSTALL, config.h.in, configure, configure.in, ins_classic.h: + Add --with-pc-insults configure option + [7daa5294c17b] + + * visudo.man.in: + Prefer VISUAL over EDITOR like old vipw did. + [996252a4ab65] + +2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man.in, sudoers.man.in: + regen + [a247f1c52eb9] + + * sudoers.pod: + Add a note that noexec is not a cure-all. + [9e7fc535367d] + + * sudoers.pod: + Mention that disabling "root_sudo" is pretty pointless. + [f38a415afba0] + + * configure, configure.in: + Substitute for root_sudo in sudoers.pod + [ce483cfc86be] + + * sudo.pod: + Add sudoedit to the NAME section + [51bc453ec2f6] + + * sudoers.pod: + Document that fact that setting ignore_dot in sudoers has no effect + due to the fact that find_path() is called *before* sudoers is read. + [6808df7e417c] + +2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Do not require _PATH_USRTMP to be set. + [546f3270dd10] + + * BUGS, CHANGES, TODO: + sync + [4205ddeab781] + + * sudo.man.in: + regen + [e2143690a88a] + + * sudo.pod: + Clarify that when sudo is run by root with the SUDO_USER variable + set, the sudoers lookup happens for root and not the SUDO_USER user. + [47207bec1bdf] + +2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c, + set_perms.c, sigaction.c, sudo.c, tgetpass.c: + Use the SET, CLR and ISSET macros. + [a8b0d7f1e8fd] + + * defaults.c, env.c: + Use the SET, CLR and ISSET macros. + [2f39431e0a49] + + * fnmatch.c: + Use the SET, CLR and ISSET macros. + [1afbcba22ba6] + + * interfaces.h: + MAIN was replaced with _SUDO_MAIN some time ago. + [ea1b38f2ac9d] + + * sudo.c: + Don't look at prev_user until after we've parsed sudoers and done + the password check. That way, if sudo/sudoedit is run from a root + process that was invoked by sudo, we check sudoers for root, not the + previous user. This makes sudoedit much more useful and means that + for the sudo case, we get correct logging on who actually ran the + command. + [431dfbf20552] + +2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_edit.c: + Add a comment describing why we need to be notified about our child + stopping. + [0bec3ce4b49d] + +2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.in: + Update the noexec variable descriptions + [9cb7f1aa0e57] + + * sudoers.man.in, sudoers.pod: + noexec now replaces more than just execve() + [23cbdc0ee95c] + + * sudo_noexec.c: + Alas, all the world does not go through execve(2). Many systems + still have an execv(2) system call, Linux 2.6 provides fexecve(2) + and it is not uncommon for libc to have underscore ('_') versions of + the functions to be used internally by the library. Instead of + stubbing all these out by hand, define a macro and let it do the + work. Extra exec functions pointed out by Reznic Valery. + [9fa0cd871b0c] + + * sudo.c, sudo_edit.c: + Fix suspending the editor in -e mode. Because we do a fork() first + we need to be notified when the child has been stopped and then send + that same signal to ourself so the shell can do its job control + thing. + [773165eb6057] + + * visudo.c: + Use WIFEXITED and WEXITSTATUS macros. If there are systems out there + that want to run sudo that still don't support these we can try to + deal with that later. + [6af68e4aff60] + + * lex.yy.c: + regen + [403435317d5d] + + * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod: + Document sudo -e / sudoedit + [a80f6ea910af] + + * configure, configure.in: + fix typo + [5020fcdc27f4] + + * config.h.in, configure.in: + Add SET/CLR/ISSET + [03ff57286e7e] + +2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Allow non-exclusive flags when invoked as sudoedit. Pretty print the + long usage() line to not wrap (assumes 80 char display) + [3941fa4004bb] + + * Makefile.in, sudo.c: + If sudo is invoked as "sudoedit" the -e flag is implied and no other + flags are permitted. + [929670b01293] + + * sudo.h: + Add a new flag, -e, that makes it possible to give users the ability + to edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit and + the temp file is copied over the original after the editor is done. + [c4051414c1f4] + + * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: + Add a new flag, -e, that makes it possible to give users the ability + to edit files with the editor of their choice as the invoking user, + not the runas user. Temporary files are used for the actual edit and + the temp file is copied over the original after the editor is done. + [37ac05c8ac3c] + + * env.c, sudo.c: + If real uid == 0 and the SUDO_USER environment variables is set, use + that to determine the invoking user's true identity. That way the + proper info gets logged by someone who has done "sudo su" but still + uses sudo to as root. We can't do this for non-root users since that + would open up a security hole, though perhaps it would be acceptable + to use getlogin(2) on OSes where this a system call (and doesn't + just look in the utmp file). + [c2f9198708a1] + + * pathnames.h.in: + Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP + [7d9e5768df93] + + * config.h.in, configure, configure.in: + Add check for fchown(2) + [a85df18798ed] + +2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Back out portions of the -i commit that set NewArgv[0] in + set_runaspw. It is far to late to set NewArgv[0] there and will have + no effect anyway as cmnd and safe_cmnd have already been set. + [c2d343430c1c] + + * visudo.c, visudo.pod: + Prefer VISUAL over EDITOR like old vipw did. + [ae32f477cea3] + +2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, sudo.c: + In -i mode always set new environment based on the runas user's + passwd entry. + [fa653b7887a8] + +2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man.in, sudo.pod: + Document the new -i flag and sync SYNOPSIS section with usage() in + sudo.c. Also sort the flags in the OPTIONS section. + [6aabc0ffc47e] + + * sudo.c, sudo.h: + o Add -i that acts similar to "su -", based on patches from David J. + MacKenzie o Sort the flags in the usage message + [c0fe7d6beffd] + + * sudoers.man.in, sudoers.pod: + Add a missing @runas_default@ substitution. + [60516fe2d090] + +2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Change euid to runas user before calling find_path(). Unfortunately, + though runas_user can be modified in sudoers we haven't parsed + sudoers yet. + [f469fdf2e313] + + * sudoers.man.in, sudoers.pod: + Add missing defintion of Parameter_List and use single pipes in the + Defaults EBNF definition. + [f7bed6e909bf] + + * sudo.c: + Fix a bug when set_runaspw() is used as a callback. We don't want to + reset the contents of runas_pw if the user specified a user via the + -u flag. + + Avoid unnecessary passwd lookups in set_authpw(). In most cases we + already have the info in runas_pw. + [efc35623ba09] + +2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + Add Stan Lee / Uncle Ben quote to the lecture from RedHat + [ebd5a76ccd7e] + + * sudo.h: + Update sudo_getepw() proto and add one for set_runaspw() + [6ed65795c17f] + + * parse.c: + If we can't stat the command as root, try as the runas user instead. + [ae713fca0e15] + + * testsudoers.c, visudo.c: + Add stub set_runaspw() function + [42aa37050053] + + * sudo.c: + Add set_runaspw() function to fill in runas_pw. This will be used as + a callback to update runas_pw when the runas user changes. + [e570aa0088d0] + + * env.c, sudo.c: + PERM_RUNAS -> PERM_FULL_RUNAS + [51eec6f9e89a] + + * set_perms.c, sudo.h: + Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just + changes the euid. + [877c6fe4d12c] + + * getspwuid.c: + Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in + one chunk for easy free()ing. Also change it from static to extern. + [ab503260a7ec] + + * defaults.c, defaults.h: + Add callback support + [a61c4ca983fb] + + * def_data.c, def_data.in: + Add a callback field and use it for runas_default + [d3e9f06872b8] + + * mkdefaults: + Add a callback field and use it for runas_default + [96b69c27df5e] + +2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/fwtk.c: + Add support for chalnecho and display server responses used by fwtk + >= 2.0 + [b1870f7aaf0d] + +2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.man.in, sudoers.pod: + ld.so is ld.so.1 on solaris + [2bf9a123fa4c] + + * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h: + Use closefrom() instead of doing the equivalent inline. + [7e3ef6072884] + + * closefrom.c: + closefrom(3) for systems w/o it + [35caf58bb636] + +2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.man.in: + Update from .pod file. + [d4c94fc0e0c9] + + * configure, configure.in: + Substitute noexec_file for the sudoers man page + [203d3376a551] + + * sudo.man.in, sudo.pod: + Mention noexec + [014375ddbb06] + + * sudoers.man.in, sudoers.pod: + Document noexec + [49a65d06201f] + + * auth/pam.c, config.h.in, configure.in: + Move PAM_CONST macro definition from config.h to pam.c where it + belongs. We can't have this in config.h since that gets included too + early. + [e64748071637] + + * auth/pam.c, config.h.in, configure, configure.in: + Some PAM implementations put their headers in /usr/include/pam + instead of /usr/include/security. + [8cc749e9575c] + + * configure.in: + I missed changing the EXEC macro -> EXECV here when I changed this + in config.h.in and sudo.c a while ago. + [6f5afac7789f] + + * acsite.m4: + OpenBSD vax/m88k/hppa don't do shared libs + [e4901d958bb7] + + * configure, configure.in: + o merge the hpux case entries into a single entry w/ its own sub- + case statement. o HP-UX >= 11 support getspnam(), use it in + preference to getprpwuid() + [0caad428894e] + + * configure, configure.in: + eval $shrext so that it expands nicely on MacOS X + [40419343eef8] + + * Makefile.in: + Don't lie about making a module, it does the wrong thing on mach + [7629b28f5688] + + * ltmain.sh: + Remove requirement that libs must begin with "lib". They don't when + we point directly at the lib using LD_PRELOAD or its equivalent. + [d66f3de6ec85] + + * acsite.m4: + Disable support for c++, f77 and java. We don't need it, it takes a + lot of time, and it hosed our check for shared lib support. + [4f5749c52ce4] + + * configure: + regen + [160865e9d15f] + + * configure.in: + Call AC_ENABLE_SHARED and check the status of enable_shared to know + when shared libs are available. + [42504c1668fc] + + * acsite.m4: + Duh, OpenBSD suports shared libs too + [8e3cd9417475] + + * config.h.in, configure.in: + Only OpenPAM and Linux PAM use const qualifiers. + [b2f76476e866] + + * configure, configure.in: + o No need to check for sed, libtool config does that for us o move + check for --with-noexec until after libtool magic is run so we can + use $can_build_shared and $shrext + [668c656e89cc] + + * ltmain.sh: + Don't print a bunch of crap about library installs since we are not + really installing a library. + [83fbcad29fe4] + + * env.c: + Make format_env() varargs Add noexec support for Darwin, MacOS X, + Irix, and Tru64 + [468885d75d10] + + * acsite.m4, ltconfig, ltmain.sh: + Update to libtool 1.5 with local changes: o no ldconfig in the + finish step o assume no libprefix or version is needed + [4961cffc3797] + + * sudo_noexec.c: + Fix compilation under K&R + [8b309bf0b1b2] + +2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + checkpoint + [3c368badab32] + + * sudo_noexec.c: + stub execve() that just returns EACCES; used for noexec + functionality + [1297acae283a] + + * sudo.tab.c: + Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with + generated code. + [0a61c735eabe] + + * sudo.tab.h: + Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with + generated code. + [dcab78c49273] + +2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * def_data.c, def_data.h, def_data.in: + Move the environment defaults to the end and shorten a few of the + descriptions. + [66787b9c612c] + + * configure, configure.in: + no shared libs on ultris or convexos + [2c5f3c456e32] + + * Makefile.in, configure, configure.in: + Build sudo_noexec shared object using libtool; could use some + cleanup. + [373f483555dd] + + * acsite.m4, ltconfig, ltmain.sh: + libtool scaffolding + [c903a42e3d90] + + * parse.yacc, sudo.tab.c: + Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not + important. + [c6e8a34639a4] + + * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex, + parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c: + update copyright year + [a16372ae1711] + + * configure, configure.in, defaults.c, env.c, pathnames.h.in: + Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure + option. The default value of noexec_file is set to this. + [7d88e1d3c494] + + * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c, + parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, + sudo.tab.h: + Add support for preloading a shared object containing a dummy + execve() function that just sets error and returns -1. This adds a + "noexec_file" option to load the filename as well as a "noexec" flag + to enable it unconditionally. There is also a NOEXEC tag that can be + attached to specific commands and an EXEC tag to disable it. + [c8b6712feb91] + + * mkdefaults: + add missing newline to usage statement + [e84746618362] + + * config.h.in, sudo.c: + Rename EXEC macro -> EXECV + [ddaa0c027299] + + * logging.c: + Don't truncate usernames to 8 characters in the log message. + [f62a20f27075] + + * check.c, sudoers.man.in, sudoers.pod: + Update copyright year + [ca9964054085] + + * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in, + sudoers.pod: + Add a new option, lecture_file, that can be used to point to a + custom sudo lecture. + [940133231216] + +2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [161b6d74bfb4] + + * Makefile.in, sudo.h: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [ff136de3e255] + + * zero_bytes.c: + Add a zero_bytes() function to do the equivalent of bzero in such a + way that will heopfully not be optimized away by sneaky compilers. + [d035abf0af94] + + * err.c: + Use #ifdef __STDC__, not #if __STDC__. + [6889dd6bc51a] + +2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkdefaults: + Always put at least one space between the def_* macro name and its + definition. + [6b3ad0e6619a] + + * configure, configure.in: + Adjust code for --without-lecture to match new values. + [062aa788a6b9] + + * visudo.man.in: + regen after pasto fix + [3deec16906c0] + + * sudoers.man.in, sudoers.pod: + Document that "lecture" has changed from a flag to a tuple. + [e2c03062b533] + + * check.c, def_data.c, def_data.h, def_data.in, defaults.c, + defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h: + Add support for tuples in def_data.in; these are implemented as an + enum type. Currently there is only a single tuple enum but in the + future we may have one tuple enum per T_TUPLE entry in def_data.in. + Currently listpw, verifypw and lecture are tuples. This avoids the + need to have two entries (one ival, one str) for pwflags and syslog + values. + + lecture is now a tuple with the following values: never, once, + always + + We no longer use both an int and string entry for syslog facilities + and priorities. Instead, there are logfac2str() and logpri2str() + functions that get used when we need to print the string values. + [5293f946c836] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c, + check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c, + logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c, + sudo.tab.c, visudo.c: + Create def_* macros for each defaults value so we no longer need the + def_{flag,ival,str,list,mode} macros (which have been removed). This + is a step toward more flexible data types in def_data.in. + [009c02934106] + + * TODO: + checkpoint + [0a99a4bb5d15] + +2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + If we are in -k/-K mode, just spew to stderr. It is not unusual for + users to place "sudo -k" in a .logout file which can cause sudo to + be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. + Previously, this would result in useless mail and logging. + [d282e7ed63af] + +2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.pod: + fix pasto in VISUAL description + [1c6a6148b5f9] + +2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [f44312c63799] + + * CHANGES: + checkpoint + [0c42e38f78d5] + + * TROUBLESHOOTING: + Some OSes (like Solaris) allow export w/ nosuid too + [973ce85ffa12] + +2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + We don't use FD_ZERO anymore so just define FD_SET (if not already + there). + [d1c8c11905cd] + +2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Fix a core dump on Solaris by preserving the pam_handle_t we used + during authentication for pam_prep_user(). If we didn't authenticate + (ie: ticket still valid), we call pam_init() from pam_prep_user(). + This is something of a hack; it may be better to change the auth API + and add an auth_final() function that acts like pam_prep_user(). + [f787de49b175] + +2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Add explicit declaration of printerr variable in function header + (was defaulting to int which is OK but oh so K&R :-). From Theo. + [492c2358783f] + +2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure.in: + s/HAVE_STOW/USE_STOW/ + [4b99e1824ece] + + * logging.c: + Also exit waitpid() loop when pid == 0. Fixes a problem where the + sudo process would spin eating up CPU until sendmail finished when + it has to send mail. + [ec3d5792b9b4] + +2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * fnmatch.3: + Remove advertising clause, UCB has disavowed it + [3ff24291bcfa] + + * fnmatch.c: + Remove advertising clause, UCB has disavowed it + [43a26bbd6628] + +2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + Don't assume that getgrnam() calls don't modify contents of struct + passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen. + Based on a patch from Kirk Webb. + [5574c68f60f3] + +2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + missing ;; + [22378f2a9d31] + + * configure.in: + darwin has a broken setreuid() in at least some versions + [d572aed930d2] + + * env.c: + Fix an off by one error when reallocating the environment; Kevin Pye + [3d98e7cf097a] + +2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Fix User_Spec definition; SEKINE Tatsuo + [49b0da65e090] + +2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY: + More info on the early days from Coggs. + [9381ca10b06b] + +2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + remove errant semicolon that prevented compilation under heimdal + [d2f2bb73a598] + +2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c, + version.h: + add DARPA credit on affected files + [868d54cbddea] + + * auth/kerb5.c, auth/pam.c: + add DARPA credit on affected files + [15da3021b49c] + + * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, + auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c, + find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c, + interfaces.h: + add DARPA credit on affected files + [da66e28fb3f5] + + * logging.c, parse.c: + add DARPA credit on affected files + [8f75f822755b] + + * pathnames.h.in: + add DARPA credit on affected files + [e334cdda422f] + + * set_perms.c: + add DARPA credit on affected files + [3d79fdabb582] + + * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, + sudoers.man.in: + add DARPA credit on affected files + [d8adf1c2ba22] + + * sudoers.pod: + add DARPA credit on affected files + [83b46318750b] + + * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod: + add DARPA credit on affected files + [7020785ee50d] + + * Makefile.in, alloc.c, check.c: + add DARPA credit on affected files + [cd939e05c810] + + * compat.h: + add DARPA credit on affected files + [316a735783c4] + + * defaults.c, defaults.h: + add DARPA credit on affected files + [6a64205fd1eb] + + * env.c: + add DARPA credit on affected files + [90239f51ef0a] + + * LICENSE: + slightly different wording for the darpa credit + [e468909c4a21] + +2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE: + Add DARPA credit + [8eb20e2cd63e] + +2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + Use krb5_princ_component() instead of krb5_princ_realm() for MIT + Kerberos like we did before I messed things up ;-) + + Use krb5_principal_get_comp_string() to do the same thing w/ + Heimdal. I'm not sure if the component should be 0 or 1 in this + case. + + #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since + older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there + should be a configure check for this I guess. + [74919a3933fe] + +2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING, config.h.in, configure, configure.in: + builtin -> built-in; Jason McIntyre + [70b81ac48943] + + * sample.sudoers: + builtin -> built-in; Jason McIntyre + [027f2187923e] + + * sudoers.pod: + built in -> built-in; Jason McIntyre + [da658ef5138d] + +2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + checkpoint for 1.6.7p3 + [da85f989fadf] + + * HISTORY: + Update info on the early years @ SUNY-Buffalo from Cliff Spencer. + Amazingly, sudo source from 1985 is available via groups.google.com + [39e0fc85b89f] + + * sudo.c: + Don't change rl.rlim_max for RLIMIT_CORE. We need only set + rl.rlim_cur to 0 to turn off core dumps. This may be needed for the + RLIMIT_CORE restoration on some OSes. + [7e2c1a7adfd8] + +2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + Make this compile on Heimdal and MIT Kerberos 5 + [44c07d615868] + + * config.h.in, configure, configure.in: + Check for heimdal even if we found krb5-config and define + HAVE_HEIMDAL. + [aba0126f0059] + + * auth/kerb5.c: + Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no + longer defined by MIT kerb5 (though it used to be and indeed remains + so in Heimdal). + [e5a6c64d7cd5] + +2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkinstalldirs: + Remove newer stuff that passes multiple (possibly duplicate) + directories to "mkdir -p" since that seems to break on Tru64 Unix at + least. This basically brings back what shipped with sudo 1.6.6. + [f2a1abd872b3] + +2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/kerb5.c: + Correct number of args to krb5_principal_get_realm() and fix an + unclosed comment that hid the bug. + [0b37f8ce7824] + + * configure: + regen + [1876cb840fe0] + + * BUGS: + ++version + [ea3573432412] + + * CHANGES, version.h: + ++version + [f66985a64063] + + * INSTALL: + ++version + [555aeba5c2bf] + + * INSTALL.binary: + ++version + [a506204e77d0] + + * Makefile.in: + ++version + [97ef63cedc38] + + * README: + ++version + [488e0bbff613] + + * configure.in: + ++version + [480aff7c048e] + + * configure.in: + use krb5-config to determine Kerberos V details if it exists + [7b46bbdaf774] + + * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c, + auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c, + find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h, + testsudoers.c, visudo.c: + Use warn/err and getprogname() throughout. The main exception is + openlog(). Since the admin may be filtering logs based on the + program name in the log files, hard code this to "sudo". + [9f180d015cfa] + + * Makefile.in: + Add getprogname.c and err.c + [d411c54a07dc] + + * configure: + regen + [6d585d391acc] + + * config.h.in, configure.in: + Add checks for getprognam(), __progname and err.h + [bcbccf61d34a] + + * emul/err.h: + For systems withour err/warn functions. + [1b33118884d9] + + * err.c: + For systems withour err/warn functions. + [26721f6b041f] + + * getprogname.c: + For systems neither getprogname() nor __progname; uses Argv[0]. + [841cf42af1eb] + +2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + checkpoint for 1.6.7p1 + [5bfdaf441dce] + + * sudo.c, testsudoers.c: + fix strlcpy() rval check (innocuous) + [e05ac7e0d1f3] + + * check.c: + oflow detection in expand_prompt() was faulty (false positives). The + count was based on strlcat() return value which includes the length + of the entire string. + [086c5a0acb25] + +2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + checkpoint for the sudo 1.6.7 release + [87322187ed78] + + * RUNSON, TODO: + checkpoint for the sudo 1.6.7 release + [096bab4da29a] [SUDO_1_6_7] + +2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + g/c unused variable + [c57cd4a17765] + + * configure: + regen + [e7c1f581dfac] + + * configure.in: + use man sections 8 and 5 for csops + [87de581bda88] + +2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [cb1433a9c7a1] + + * configure.in: + Add -lskey or -lopie directly to SUDO_LIBS instead of having + AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage. + [ac5667978939] + + * configure: + regen + [638459118a2a] + + * INSTALL: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [4b4bbe5bbe1b] + + * aclocal.m4: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [37022e991575] + + * configure.in: + Add --with-blibpath for AIX. An alternate libpath may be specified + or + -blibpath support can be disabled. Also change conifgure such that + -blibpath is not specified if no -L libpaths were added to + SUDO_LDFLAGS. + [c7d17b480cad] + + * configure.in: + add AIX blibpath support + [16ba788bf086] + + * INSTALL, configure.in: + --with-skey and --with-opie now take an option directory argument + This obsoletes a --with-csops hack (/tools/cs/skey) + + Also remove the remaining direct uses of "echo" + [5b4986a90c03] + +2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + Detect KTH Kerberos IV and deal with it. Also make -lroken optional + for KTH Kerberos IV and V. + [119f97b48e18] + + * aclocal.m4: + Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and + -R/path/to/dir if $with_rpath) to the specified variable. + [e55e49d076ce] + + * INSTALL, configure.in: + Add -R/path/to/libs for Solaris and SVR4. There is a new configure + option, --with-rpath to control this behavior. + [d4730c5399ab] + + * configure.in: + for kerb4 put libdes after libkrb on the link line + [5c566100eab6] + + * auth/kerb4.c: + typo + [6541b72b64a3] + + * configure.in: + fix kerberos lib check when a path is specified + [ae833a914c6f] + + * logging.c: + Fix boolean thinko in SIGCHLD reaper and call reapchild after + sending mail instead of doing a conditional sudo_waitpid. + [86fa9a35df5a] + +2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [e6275cf528ba] + + * configure.in: + replace =DIR with [=DIR] where sensible + [c39a59173b38] + + * configure.in: + o Use AC_MSG_* instead of "echo" o New Kerberos include/lib + detection based on openssh's configure.in + [5b7a340912df] + + * INSTALL: + --with-kerb4 and --with-kerb5 now take an optional argument. + [71ed87fc9c64] + +2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/securid.c: + Kill remaining strcpy(), the programmer's guide says username is 32 + bytes. + [bdba70fcd08d] + + * auth/kerb4.c: + trat uid_t as unsigned long for printf and use snprintf, not sprintf + [8072f5f8966d] + + * auth/rfc1938.c: + use snprintf + [fc0c70c665fe] + +2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/sudo_auth.c: + update copyright year + [b0a10ccb1d0e] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + update copyright year + [8fce0034eb51] + + * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h, + configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c, + parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod, + sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod: + update copyright year + [d541e75fe520] + + * check.c, env.c, sudo.c: + Cast [ug]ids to unsigned long and printf with %lu + [2ede64d3592b] + + * configure: + regen + [c7c3245bdf3e] + + * configure.in: + correct error messages for --with-sudoers-{mode,uid,gid} + [77fc15b1c9db] + + * alloc.c: + make the malloc(0) error specific to each function to aid tracking + down bugs. + [a58c34374b4b] + + * alloc.c: + deal with platforms where size_t is signed and there is no SIZE_MAX + or SIZE_T_MAX + [7192abb4ab4e] + + * auth/kerb5.c: + Make this compile w/ Heimdal and fix some gcc warnings. + [f52f026f31c2] + + * sudo.c: + Use stat_sudoers macro so --with-stow can work + [c3674735c139] + + * INSTALL, config.h.in, configure, configure.in: + Add support for --with-stow based on patches from Robert Uhl + [b274cc1dd52c] + + * env.c: + fix indentation + [110d9f1721b1] + + * configure.in: + back out rev 1.352 + [1eee91c83f11] + + * lex.yy.c: + regen + [72fba1c9590b] + + * parse.lex: + use strlcpy, not strncpy + [4faccbaeccef] + + * set_perms.c: + Fix typo; check pw_uid, not pw_gid after setusercontext() failure. + [33bf0d18fdc1] + + * logging.c: + use pid_t + [3e0536993d2c] + +2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * strlcat.c, strlcpy.c: + Make gcc shutup about unused rcsid + [1669a0c74e9e] + + * interfaces.c: + Move the n == 0 check for the non-getifaddrs cas + [2460be061b2a] + + * auth/rfc1938.c: + skeychallenge() on NetBSD take a size parameter + [05acc2012801] + + * configure: + regen + [24bccf4749e8] + + * configure.in: + put -ldl after -lpam, not before; fixes static linking on Linux + [7f06b7b2b4d8] + + * interfaces.c: + Avoid malloc(0) and fix the loop invariant for the getifaddrs() + case. + [239a55068646] + + * sudo.cat, sudoers.cat, visudo.cat: + regen + [4a2eed3981ca] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + regen + [2c96ea2cf930] + + * Makefile.in: + Preserve copyright notice from .pod file in .man.in file + [519fbd09aebc] + + * visudo.pod: + Add sudoers(5) to SEE ALSO + [77ecfe3aedf1] + +2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c: + regen + [6f5751ce0b74] + + * parse.lex: + Don't assume libc can realloc() a NULL string. If malloc/realloc + fails, make sure we just return; yyerror() is not terminal. + [1b8618623708] + + * lex.yy.c: + regen + [5d31b46191c6] + + * parse.lex: + simplify fill_args a little and use strlcpy for paranoia + [0ea35a55542b] + + * sudo.tab.c: + regen + [5a8d508d708b] + + * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c, + testsudoers.c: + Use strlc{at,py} for paranoia's sake and exit on overflow. In all + cases the strings were either pre-allocated to the correct size of + length checks were done before the copy but a little paranoia can go + a long way. + [e73d28f1d14e] + + * sudo.h: + Add strlc{at,py} protos + [748ffc7fc7f4] + + * env.c, interfaces.c: + Use erealloc3() + [47f2cb46aba8] + + * configure: + regen + [e7e2fb79f935] + + * alloc.c: + Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use + memcpy() instead of strcpy() in estrdup() so this is strcpy()-free. + [7e0fa4d6fc1d] + + * sudo.c: + snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in + configure. + [09ea4d3959e9] + + * aclocal.m4: + In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned. + [31b4fdfdb8bf] + +2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Use snprintf() for paranoia + [a2659ceb46de] + + * parse.yacc: + Use emalloc2 and erealloc3 + [90a069842401] + + * Makefile.in: + strlc{at,py} for those w/o it + [bac82dc916ee] + + * strlcat.c, strlcpy.c: + stlc{at,py} for those w/o it. + [ce7254f5db09] + + * config.h.in, configure, configure.in: + Add stlc{at,py} for those w/o it. + [00f08219657a] + + * alloc.c, sudo.h: + Add erealloc3(), a realloc() version of emalloc2(). + [c96eaf08bbed] + + * interfaces.c, sudo.c: + Use emalloc2() to allocate N things of a certain size. + [1e0aba365555] + + * alloc.c, sudo.h: + Add emalloc2() -- like calloc() but w/o the bzero and with + error/oflow checking. + [292150bc4153] + + * alloc.c: + Error out on malloc(0); suggested by theo + [995279e81326] + +2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + fix a typo; David Krause + [f161213a17ab] + +2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + fix typo + [3ae5ad9a351a] + +2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Remove DYLD_ from the environment for MacOS X; from bbraun + [38caad5a3935] + +2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure.in: + not not; Anil Madhavapeddy + [d4f4f0bfc66b] + +2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudoers.pod, visudo.pod: + typos; jmc@openbsd.org + [868c0f09bf9e] + +2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + Add some missing ';' rule terminators that bison warns about. + [535b0b8dcce5] + + * config.sub: + fix typo I introduced in last merge + [81db4e4f43fe] + + * configure: + regenerate with autoconf 2.57 + [ca0c1e9564f8] + + * config.h.in: + Add missing "$HOME" + [209186197ad1] + + * configure.in: + Add some more square backets to make autoconf 2.57 happy + [b5639c14faf7] + + * config.guess: + Updates from autoconf-2.57 + [ea0f8ca622af] + + * config.sub, mkinstalldirs: + Updates from autoconf-2.57 + [36be35eb331b] + +2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c, sudo.tab.c: + regen + [0b529db7cb6d] + + * sudo.tab.h: + regen + [13a65a421567] + + * parse.lex, parse.yacc, sudoers.pod: + Add support for Defaults>RunasUser + [20d726373175] + +2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + fclose() yyin after each yyparse() is done and use fopen() instead + of using freopen(). + [587f8a2df857] + + * parse.lex: + Better fix for sudoers files w/o a newline before EOF. It looks like + the issue is that yyrestart() does not reset the start condition to + INITIAL which is an issue since we parse sudoers multiple times. + [920f8326968a] + +2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + Work around what appears to be a flex bug when dealing with files + that lack a final newline before EOF. This adds a rule to match EOF + in the non-initial states which resets the state to INITIAL and + throws an error. + [b94943bb1f81] + + * visudo.c: + o The parser needs sudoers to end with a newline but some editors + (emacs) may not add one. Check for a missing newline at EOF and add + one if needed. o Set quiet flag during initial sudoers parse (to get + options) o Move yyrestart() call and always use freopen() to open + yyin after initial sudoers parse. + [12d12f9b07aa] + +2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Fix pasto/thinko in setresgid()/setregid() usage. Want to set + effective gid, not real gid, when reading sudoers. + [c7d18b810fcd] + + * set_perms.c: + don't compile set_perms_posix if we have setreuid or setresuid + [b9cea7a81a29] + +2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, sudoers.pod: + document new prompt escapes + [2f088076b640] + + * check.c: + Add %U and %H escapes and redo prompt rewriting. "%%" now gets + collapsed to "%" as was originally intended. This also gets rid of + lastchar (does lookahead instead of lookback) which should simplify + the logic slightly. + [4b707b77b3c7] + +2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Write the prompt *after* turning off echo to avoid some password + characters being echoed on heavily-loaded machines with fast + typists. + [d38c57775915] + + * config.sub: + Add support for mipseb; wiz@danbala.tuwien.ac.at + [cfdac87ed5c8] + + * configure.in: + Fix IRIX fallout from name changes in man dir/sect Makefile + variables. Patch from erici AT motown DOT cc DOT utexas DOT edu + [9a7618755c23] + + * auth/pam.c: + Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to + the global copy. Problem noted by Peter Pentchev. + [d0a3e189cb06] + +2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [23b931359087] + + * parse.yacc: + Add missing yyerror() calls; YYERROR does not seem to call this for + us. + [0be7aeb3ac57] + +2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + fix typo in comment; Pedro Bastos + [d7406c460e99] + +2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + document --disable-setresuid + [fbd03d03a027] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Sprinkle some volatile qualifiers to prevent over-enthusiastic + optimizers from removing memset() calls. + [5370ac0e6129] + + * logging.c, parse.yacc: + minor sign fixes pointed out by gcc -Wsign-compare + [db872438337f] + + * set_perms.c, sudo.c, sudo.h: + Revamp set_perms. We now use a version based on setresuid() or + setreuid() when possible since that allows us to support the + stay_setuid option and we always know exactly what the semantics + will be (various Linux kernels have broken POSIX saved uid support). + [523bc212396c] + + * config.h.in, configure: + regen from configure.in + [351877ea2624] + + * configure.in: + Add checks for setresuid() and a way to disable using it + [a5b21653d169] + + * compat.h: + No long need to emulate set*[ug]id() via setres[ug]id() or + setre[ug]id(). The new set_perms stuff only uses things it knows are + there. + [47884bd5d1d9] + + * sudo.c: + Before exec, restore state of signal handlers to be the same as when + we were initialy invoked instead of just reseting to SIG_DFL. Fixes + a problem when using sudo with nohup. Based on a patch from Paul + Markham. + [f8f5a1484faa] + + * sudo.c: + o timestamp_uid should be uid_t, not int o clarify error message + when sudo is run by root and no_root_sudo is set + [19dda0734264] + +2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + update ftp link for bison + [98bc191016e3] + +2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Error out if setusercontext() fails and the runas user is not root. + [089f9ade4686] + +2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/securid5.c: + Fix rcsid + [07e9e85dcc2f] + + * configure.in: + Fix SecurID API test + [5ec201f454a5] + +2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + typo in comment + [9d385c9ac533] + + * configure.in: + securid5 stuff needs pthreads. Just adding -lpthread is suboptimal + but I don't see a better way at the moment. + [f89e55cbb313] + + * Makefile.in, auth/securid5.c: + SecurID API version 5 support from Michael Stroucken + [68500ac7e531] + + * configure.in: + Add check for SecurID 5.0 API + [1ee242e6de6b] + +2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * strerror.c: + We actually do still need config.h to get the 'const' definition for + K&R C. + [d9c982032d85] + +2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen with autoconf 2.5.3 + [c71fc086eef5] + + * configure.in: + Don't set sysconfdir to '/etc' if the user has specified a --prefix. + [d90da1efafd9] + + * configure.in: + Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST + LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug + [dd67afefa90d] + + * env.c, sudo.c, sudo.h: + No need for dump_badenv() now that dump_defaults() knows how to dump + lists. + [6bcda468501d] + + * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in, + version.h: + ++version + [44e3b8f95f0b] + + * sudoers.pod: + document timestampowner + [37ebd69e9dd1] + + * check.c: + Don't call set_perms() when doing timestamp stuff unless + timestamp_uid != 0. + [63a63d41d18c] + + * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c, + sudo.h, testsudoers.c: + g/c second arg to set_perms--it is no longer used + [7ac4ce50c612] + +2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, set_perms.c, sudo.c, sudo.h: + Add support for non-root timestamp dirs. This allows the timestamp + dir to be shared via NFS (though this is not recommended). + [faa83dd2b7fb] + + * def_data.c, def_data.h, def_data.in: + Add timestampowner, "Owner of the authentication timestamp dir" + [d47640d4c86a] + +2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Don't try to pre-compute the size of the new envp, just allocate + space up front and realloc as needed. Changes to the new env pointer + must all be made through insert_env() which now keeps track of + spaced used and allocates as needed. + [39bc934a9f2c] + +2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [0e12c09bb790] + + * configure.in: + Fix two typo/pastos; from jrj@purdue.edu + [b718a4bf1181] + +2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL.binary, README: + ++version + [a1e33027278c] [SUDO_1_6_6] + + * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, + visudo.cat, visudo.man.in: + regen + [19eb2be283ef] + + * CHANGES, RUNSON, TODO: + Sync with 1.6.6 + [2ff9a9087f63] + + * check.c: + The the loop used to expand %h and %u, the lastchar variable was not + being initialized. This means that if the last char in the prompt is + '%' and the first char is 'h' or 'u' a extra copy of the host or + user name would be copied, for which space had not been allocated. + [b2e27197857d] + +2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, Makefile.in, configure.in, version.h: + crank version to 1.6.6 + [cfd08689e597] + + * auth/afs.c: + #undef VOID to get rid of an AFS warning + [b40760564dc1] + + * env.c: + Use easprintf instead of emalloc + sprintf for some things. + [e7bfe2e69a03] + +2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c, sudo.tab.c: + regen + [35327104383d] + + * parse.c, parse.lex, parse.yacc, testsudoers.c: + Remove Chris Jepeway's email address so people don't bug him ;-) + [c03410747a69] + +2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call + endgrent() at the same time. + [28b6097d5d1a] + +2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Make it clear which configure options take arguments. + [38529e7efad0] + +2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no + RLIM_INFINITY, just pretend it is -1. This works because we only + check for RLIM_INFINITY and do not set anything to that value. + [53173d34e6eb] + +2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Zero and free allocated memory when there is a conversation error. + [e342133db579] + + * auth/bsdauth.c: + Use sigaction() not signal() + [126c2790561f] + + * INSTALL: + Mention that some linux kernels have broken POSIX saved ID support + [571ef1a893d3] + + * CHANGES: + checkpoint for 1.6.5p2 + [9e9e456f7f43] + + * configure: + regen + [d53703a46708] + + * configure.in: + Add --disable-setreuid flag + [3b9f2679cb55] + + * INSTALL: + Document new --disable-setreuid option and change description for + --disable-saved-ids to match new error message. + [14fd3e5f60a5] + + * set_perms.c: + fatal() now takes an argument that determines whether or not to call + perror(). + [d826b25e62ff] + + * PORTING: + Update for new error messages from set_perms() + [60c545a6bcff] + + * TROUBLESHOOTING: + Update for new error messages from set_perms() + [78007c3f76a9] + +2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Make this compile w/o warnings + [b90843a29af5] + + * auth/pam.c: + Mention that we can't use pam_acct_mgmt() + [1dfc5a6e0479] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c: + The user's password was not zeroed after use when AIX + authentication, BSD authentication, FWTK or PAM was in use. + [b18fff30b1e7] + +2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Avoid giving PAM a NULL password response, use the empty string + instead. This avoids a log warning when the user hits ^C at the + password prompt when PAM is in use. + [c3315805e4e4] + + * auth/pam.c: + Don't check the return value of pam_setcred(). In Linux-PAM 0.75 + pam_setcred() returns the last saved return code, not the return + code for the setcred module. Because we haven't called + pam_authenticate(), this is not set and so pam_setcred() returns + PAM_PERM_DENIED. + [73db145fa179] + + * Makefile.binary: + Don't need a '/' between $(DESTDIR) and a directory. + [cd7eb6098b87] + + * Makefile.in: + Don't need a '/' between $(DESTDIR) and a directory. + [0901ca618176] + +2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [41b12c039282] + + * configure.in: + o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus + setreuid() o new NetBSD has a real setreuid() o add check for + freeifaddrs() if getifaddrs() exists. + [a82ee3b01733] + + * config.h.in, interfaces.c: + Older BSDi releases lack freeifaddrs() so add a test for that and if + it is not present just use free(). + [6270671ea9d5] + +2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, RUNSON: + Checkpoint for 1.6.5p1 + [26134ecf9b36] + + * auth/passwd.c: + Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access + to normal passwords, not AUTH_FATAL (which just causes an exit). + [785e0f4bc0e2] + + * visudo.c: + Don't use memory after it has been freed. + [c60492739fdb] + + * auth/passwd.c: + skeyaccess() wants a struct passwd * not a char *; Patch from + Phillip E. Lobbes + [65a1d3806fcd] [SUDO_1_6_5] + + * BUGS: + ++version + [b2e1825e692e] + + * CHANGES, RUNSON, TODO: + checkpoint for sudo 1.6.5 + [d730945622e7] + +2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [49744c403ac9] + + * INSTALL, INSTALL.binary, Makefile.in, README, configure.in: + version 1.6.5 + [ec30a5f7fc45] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + sudo version 1.6.5 + [458a3bed535d] + + * logging.c: + o when invoking the mailer as root use a hard-coded environment that + doesn't include any info from the user's environment. Basically + paranoia. + + o Add support for the NO_ROOT_MAILER compile-time option and run the + mailer as the user and not root if NO_ROOT_MAILER is defined. + [4df351ec92ce] + + * set_perms.c, sudo.h: + Bring back PERM_FULL_USER + [edb6039bb284] + + * configure: + regen + [3eb2943afa03] + + * version.h: + version 1.6.5 + [044fc9a0c72b] + + * INSTALL, config.h.in, configure.in: + Add --disable-root-mailer option to run the mailer as the user and + not root. + [e9f805397963] + + * CHANGES: + checkpoint for 1.6.4p2 + [b58aae5aa98a] + + * PORTING: + Mention the "seteuid(0): Operation not permitted" problem here too + just for good measure. + [90135b37a691] + +2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c, getspwuid.c, sudo.c: + The SHELL environment variable was preserved from the user's + environment instead of being reset based on the passwd database when + the "env_reset" option was used. Now it is reset as it should be. + [300066ef3c71] + + * configure: + regen + [a47d779e6552] + + * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c, + sudo.c: + Add a configure option to turn off use of POSIX saved IDs + [fb18cc8e94d0] + + * configure: + regen + [d4f2f20025b6] + + * configure.in: + add --with-efence option + [45c4f33a8e88] + + * sudo.c: + Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where + "sudo -l" would not work if always_set_home was set. + [c3a6de6c4800] + + * lex.yy.c: + regen + [417424452998] + + * parse.lex: + Quoted commas were not being treated correctly in command line + arguments. + [753415541b37] + + * sudo.c: + o Move the call to rebuild_env() until after MODE_RESET_HOME is set. + Otherwise, the set_home option has no effect. + + o Fix use of freed memory when the "fqdn" flag is set. This was + introduced by the fix for the "segv when gethostbynam() fails" bug. + Also, we no longer call set_fqdn() if the "fqdn" flag is not set so + there is no need to check the "fqdn" flag in set_fqdn() itself. + [4b6a4245c04e] + + * env.c: + Add 'continue' statements to optimize the switch statement. From + Solar. + [a82c76975ae5] + +2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in: + Regen from new sudoers.pod + [6ecc07b3d0e1] [SUDO_1_6_4] + + * sudoers.pod: + Add caveat about stay_setuid flag + [9d228a7bea1b] + + * sudo.c: + If set_perms == set_perms_posix and the stay_setuid flag is not set, + set all uids to 0 and use set_perms_fallback(). + [c4e54d1ec86f] + + * set_perms.c, sudo.h: + Remove PERM_FULL_USER (which is no longer used) and add + PERM_FULL_ROOT (used when exec'ing the mailer). + [15406c522ea2] + + * logging.c: + Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we + never want to run the mailer setuid. + [2294853e0666] + +2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in, + visudo.pod: + Use sudo.ws instead of courtesan.com in URLs + [55204002a308] + + * Makefile.binary, Makefile.in: + Fix mansect substitution + [b7b5cbc3aa91] + + * Makefile.in: + Substitute man sections in Makefile.binary + [040deb785e56] + + * Makefile.binary: + Sync install targets with Makefile.in and substitute in man + sections. + [77882a275281] + + * INSTALL, INSTALL.binary: + version is 1.6.4 + [0f87aabbcb70] + + * Makefile.in: + Repair bindist target + [8d43bfe7e2d1] + + * CHANGES: + sync for 1.6.4 + [13ca3d4a0a72] + +2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + Fix case where neither whoami nor id are found + [424dd270bc47] + +2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + If neither whoami nor id exists, just assume we are root. + [2d2644e42c53] + + * alloc.c: + Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed + on AIX which for some reason isn't pulling in the malloc prototype. + [231440d2ee3b] + +2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c: + (c) 2002 + [700e3b41a68e] + + * CHANGES: + checkpoint + [33e604bd8d5b] + + * sudo.c: + Defer assigning new environment until right before the exec. + [f13c49e75c1c] + + * parse.c: + kill extra blank line + [12ef22e9dae3] + +2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [a6cd2d788f74] + + * configure.in: + Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived + compiler doesn't recognise -O2. + [5234aa543692] + + * HISTORY: + Clarify origins of Root Group sudo a bit based on info from + billp@rootgroup.com + [4deef01c4208] + +2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE: + 2002 + [6c8e089dbd1a] + + * CHANGES: + checkpoint for 1.6.4rc1 + [3349eb87a49f] + +2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + now generated via autoheader + [84657d303cb9] + + * configure: + regen + [207bfa6a13f6] + + * compat.h: + Move in some stuff that was previously in config.h. + [e576d8b6480f] + + * aclocal.m4, configure.in: + Add info for autoheader. + [0549cd5da27c] + +2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g + to facilitate non-root installs + [619216038f56] + + * install-sh: + Add -M option (like -m but only for root) If we can't find "whoami", + use "id" w/ some sed. + [b39121c8b792] + + * configure: + regen + [b39b93ff9804] + + * configure.in: + allow user to always override mansectsu and mansectform + [0fca5e63bd90] + +2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkinstalldirs: + update from autoconf 2.52 + [07bd75a508c3] + + * config.guess, config.sub: + Update from autoconf 2.52 + [857b90fe31b7] + + * configure: + regen with autoconf 2.52 + [08e7d1ea2aeb] + + * configure.in: + o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI + mode o Remove compiler-specific checks for HP-UX now that we use + AC_PROG_CC_STDC + [d433a70b6208] + + * RUNSON: + Checkpoint + [babf6d2235d1] + + * auth/pam.c: + o Add pam_prep_user function to call pam_setcred() for the target + user; on Linux this often sets resource limits. o When calling + pam_end(), try to convert the auth->result to a PAM_FOO value. This + is a hack--we really need to stash the last PAM_FOO value received + and use that instead. + [6ad6f340dd2a] + + * set_perms.c, sudo.h: + o Add pam_prep_user function to call pam_setcred() for the target + user; on Linux this often sets resource limits. + [67795421ac82] + + * env.c: + Fix off by one error in number of bytes allocated via malloc (does + not affected any released version of sudo). + [5f5915360111] + +2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c: + regen + [8208c0277775] + + * parse.lex: + Allow '@', '(', ')', ':' in arguments to a defaults variable w/o + requiring that they be quoted. + [ae59bc8f68dd] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Mention that no double quotes are needed when + adding/deleting/assigning a single value to a list. + [25efc940a1f0] + + * Makefile.in: + Don't rely on mkdefaults being executable, call perl explicitly. + [6edc97ba5f1d] + + * sudo.tab.c: + regen + [49130b2e7e4d] + + * parse.yacc: + Remove some XXX that are no longer relevant. + [d460ac0d3767] + + * defaults.c: + o Roll our own loop instead of using strpbrk() for better + grokability o When adding to a list we must malloc() and use + memcpy(), not strdup() since we must only copy len bytes from str. + [649bef08e1f0] + +2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [f0bbf2c38c0e] + + * parse.yacc: + typo in comment + [2563711ff593] + +2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + checkpoint + [a6d8a29fb30e] + + * configure: + regen + [bdfcaaf3bd13] + + * configure.in: + avoid the -g flag unless --with-devel was specified + [a976707bef30] + + * Makefile.in: + mkdefaults, def_data.in and sigaction.c were missing from the + tarball + [6917ffbaa412] + + * Makefile.in: + def_data.c was missing + [87c78b11453d] + +2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + Fix setting of $USER and $LOGNAME in the non-reset_env case. Also + allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env + [fc8698e6a45e] + + * TODO: + Another TODO item + [6f251d6cd466] + + * sudoers: + Add comment for Default section so folks know where it should go. + [7edba626f392] + +2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Use TCSETAF, not TCSETA to set terminal in termio case + [fbd172f6c5d3] + + * sudoers.cat, sudoers.man.in: + regen from sudoers.pod + [64edd2de816e] + + * sudoers.pod: + o Typo, Runas_User_List should be Runas_List o a User_List can not + contain a uid o mention that the Defaults section should come after + Alias definitions but before the user specifications + [54070ba2092b] + +2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man.in: + regen + [e62d1d97693c] + + * sudoers.pod: + Fix listpw and verifypw sections, they were not being formatted + properly. + [123868c2f3e9] + + * sudoers.cat, sudoers.man.in: + regen + [f94841f8b374] + + * sudoers.pod: + fix typos + [f278f1c1184e] + + * configure: + regen + [d2270049ba9f] + + * config.h.in, configure.in: + use AC_SYS_POSIX_TERMIOS instead of rolling our own + [c1a13f1354b9] + + * README: + Reference sudo.ws not courtesan.com + [ca13be67ebd7] + + * PORTING: + Add notes on shadow passwords + [aa13863f2314] + + * BUGS: + In list mode (sudo -l), characters escaped with a backslash are + shown verbatim with the backslash. + [1a75a2858be2] + + * sudoers: + Add simple examples from OpenBSD (Marc Espie) + [3ae9a9ae4125] + + * tgetpass.c: + Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP. + [f8817699ee10] + + * CHANGES: + minor prettyification + [f523587929b9] + + * CHANGES: + Updated change log + [39d9010ee7a8] + + * testsudoers.c: + Fix CIDR handling here too. + [c91db8344c32] + + * auth/pam.c: + Apparently a NULL response is OK + [83bae61078d9] + + * TODO: + Checkpoint for upcoming beta release + [efb95c09df2a] + + * TROUBLESHOOTING: + Many people believe that adding a runas spec should obviate the need + for the -u flag. It does not. + [c698bad85b0e] + + * RUNSON: + checkpoint update for upcoming 1.6.4 beta + [009e465a0a45] + + * config.h.in: + o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even + if HAVE_STRING_H is defined -- this is safe now + [d27c035f4e14] + + * PORTING: + Add signals section + [2d24c13cb3c8] + + * configure: + regen + [2b80a939e2ed] + + * configure.in: + Fix check for sigaction_t + [6fa41c89ab20] + + * sudo.c: + XXX - should call find_path() as runas user, not root. Can't do that + until the parser changes though. + [f0b4f85651bd] + + * sudo.c: + If find_path() fails as root, try again as the invoking user (useful + for NFS). Idea from Chip Capelik. + [e03fa7872692] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in: + Regenerate after pod file changes + [48e4bd75ec21] + + * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h, + sudo.pod, sudoers.pod: + Add new sudoers option "preserve_groups". Previously sudo would not + call initgroups() if the target user was root. Now it always calls + initgroups() unless the -P command line option or the + "preserve_groups" sudoers option is set. Idea from TJ Saunders. + [4f730359f101] + +2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h, config.h.in: + Use new HAVE_SIGACTION_T define + [dfb25f3cae5b] + + * logging.c: + Fix compilation on K&C + [7355e3275e34] + + * configure: + regen + [a710584f92f0] + + * configure.in: + Add check for sigaction_t -- IRIX already defines this so don't + redefine it. + [df9c5737f6da] + + * snprintf.c: + fix typo + [3d782b8134c8] + + * interfaces.c: + need stdlib.h here too + [c789d8973ab2] + + * configure: + regen + [44822856bf46] + + * configure.in: + Remove redundant checks for string.h, strings.h and unistd.h + [933c94f8bbf4] + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + Regen from pod files + [ad18c590f638] + + * BUGS: + Update for 1.6.4 + [26bc88b69d22] + + * configure, lex.yy.c, sudo.tab.c: + regen + [bef89fd6fa2d] + + * strerror.c: + Return EINVAL if errnum > sys_nerr + [0512374e6661] + + * auth/sudo_auth.h: + o Update copyright year + [a877016db6e2] + + * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h, + config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h, + sudo.pod: + o Update copyright year + [e15a1b39039f] + + * configure.in: + o Don't define STDC_HEADERS unconditionally for IRIX o Update + copyright year + [82a8cb819e07] + + * README: + update version + [d82e523a16b4] + + * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, + auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc, + set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [fe39f76b3795] + + * lsearch.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [764ba3d4fa13] + + * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c, + fnmatch.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [dab8f192a3ed] + + * getcwd.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [b199d70ac7ab] + + * getspwuid.c, goodpath.c, interfaces.c: + o Reorder some headers and use STDC_HEADERS define properly o Update + copyright year + [fb46d46140d4] + + * configure: + regen + [156658f25cea] + + * tgetpass.c: + flags set in signal handlers should be volatile sig_atomic_t + [c22931a5535e] + + * config.h.in, configure.in: + Add checks for volatile and sig_atomic_t + [b03b3341381d] + + * configure, lex.yy.c: + regen + [ed9daba88217] + + * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c, + sudo.c, sudoers.pod: + Remove "secure_path" Defaults option since it cannot work with the + existing parser. + [c9e54a0f5971] + + * find_path.c, sudo.c: + Unset "secure_path" if user_is_exempt() + [fb7544565ae8] + + * env.c, pathnames.h.in: + o Remove assumption that PATH and TERM are not listed in env_keep o + If no PATH is in the environment use a default value o If TERM is + not set in the non-reset case also give it a default value. + [c987eb7df268] + + * aclocal.m4, configure.in, defaults.c, pathnames.h.in: + _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on + systems that define in paths.h + [51865b0cdebf] + + * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h: + Add support for skeyaccess(3) if it is present in libskey. + [8add77c7d3e7] + +2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Only need to do 'lc = login_getclass(NULL)' if lc == NULL + [5a3d3cbf2c6d] + + * parse.lex: + '\\' is a perfectly legal character to have in a command line + argument. + [c15a466ef00e] + + * sudo.c: + o Defer call to set_fqdn() until it is safe to use log_error() o + Don't print errno string value if gethostbyname fails, it is not + relevant + [c0c6bcf08bcb] + + * parse.c: + Fix CIDR -> in_addr_t conversion. + [2f307ebeb63f] + +2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Remove an extra "User_List" in the User_Spec definition From + ybertrand AT snoopymail.com + [97bde59ea280] + + * parse.c: + Make 'listpw=never' work for users who are not explicitly mentioned + in sudoers. + [258f0f30a428] + + * sudoers.pod: + Remove gratuitous '=' in EBNF grammar; era AT iki.fi + [4b0f03872ee1] + + * sudoers.pod: + Document new list Defaults type and convert env_keep and env_delete + to lists. Document new env_check option. + [a07f1f079fe3] + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen parser + [e39ac6c6581b] + + * parse.lex: + Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec + to #[0-9-]+. + [69c5388908f3] + + * configure: + regen + [0f1877b88cb3] + + * aclocal.m4: + Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK + [6545503ae361] + + * config.h.in, configure.in: + Add check for skeyaccess(3) + [6caf69fe6359] + + * visudo.pod: + Document new -c, -f, and -q options + [13d0203c21d3] + + * visudo.c: + o Add -f option (alternate sudoers file) o Convert to use getopt(3) + [4c2b664d617d] + + * configure: + regen + [6d5bd932e7b5] + + * aclocal.m4, config.h.in, configure.in: + Add check for isblank and a replacement macro if it doesn't exist. + [b524f5e4f953] + +2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + In check-only mode, don't create sudoers if it does not already + exist. + [c748a2d5acad] + + * parse.yacc: + o Add a new token, DEFVAR, to indicate a Defaults variable name o + Add support for "+=" and "-=" list operators o replace some 1 and 0 + with TRUE and FALSE for greater legibility. + [554cb174b37e] + + * parse.lex: + o Use exclusive start conditions to remove some ambiguity in the + lexer. Also reorder some things for clarity. o Add support for "+=" + and "-=" list operators. o Use the new DEFVAR token to denote a + Defaults variable name. + [3a2cf8323e26] + + * sudo.h: + Prototype init_envtables() + [b74916469dab] + + * env.c: + o Convert environment handling to use lists instead of strings. This + greatly simplifies routines that need to do "foreach" type + operations. o Add new init_envtables() function to set env_check and + env_delete defaults based on initial_badenv_table and + initial_checkenv_table (formerly sudo_badenv_table). + [0a8b404658b6] + + * defaults.c, defaults.h: + o Add a new LIST type and functions to manipulate it. o This is for + use with environment handling variables. o Call new init_envtables() + routine inside init_defaults() to initialize the environment lists. + [ae73e64f0902] + + * def_data.c, def_data.h, def_data.in: + Convert environment options to use the new LIST type and add a new + one, env_check that only deletes if the sanity check fails. + [3019503936de] + + * testsudoers.c: + Add dummy version of init_envtables() + [9d9e3ee609d9] + + * parse.yacc: + honor quiet mode + [8330fba6167c] + + * visudo.c: + Add check-only mode + [dab411bc8c35] + + * mkdefaults: + Fix generation of entries with NULL descriptions. + [ea75b9fed02e] + +2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Use sigaction_t and quiet a gcc warning. + [6f67d719c452] + + * sudo.c: + Must reset signal handlers before we exec + [300418120e1a] + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c: + Be carefule now that tgetpass() can return NULL (user hit ^C). PAM + version needs testing. Set SIGTSTP to SIG_DFL during password entry + so user can suspend us. + [00304aa58747] + + * tgetpass.c: + Add support for interrupting/suspending tgetpass via keyboard input. + If you suspend sudo from the password prompt and resume it will re- + prompt you. + [4af2b5101d32] + + * sudo.c: + Don't block keyboard interrupt signals, just set them to SIG_IGN. + [d46d7f67ef6b] + +2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + add back HAVE_SIGACTION + [c9c7702c603e] + + * configure: + regen + [09fe669d337f] + + * config.h.in, configure.in, logging.c, sudo.c, visudo.c: + Kill POSIX_SIGNALS define and old signal support now that we emulate + POSIX ones Also be sure to correctly initialize struct sigaction. + [4bc2a6dbb2be] + + * strerror.c: + Don't need config.h or "#ifndef HAVE_STRERROR" wrapper. + [1ad64a19f328] + + * compat.h: + Add scaffolding for POSIX signal emulation + [945861d4c93b] + + * sigaction.c: + o Add missing ';' so this compiles o Can't use NULL since we don't + include stdio.h + [04d0cac7438f] + + * sigaction.c: + Emulate sigaction() using sigvec() + [d0b54a989875] + +2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Document new behavior of negative values of timestamp_timeout Fix a + typo + [4c0716570d01] + + * sudo.pod: + Add security note about command not being logged after 'sudo su' and + friends. + [43294851a33c] + + * sudo.pod: + Mention that -V prints default values when run as root, including + the list of environment variables to clear. + [d9e5e550a8c3] + + * Makefile.in: + Run pod2man with --quotes=none to avoid stupid quoting of C<> + entries. + [997b23c35dbe] + +2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod: + Add mail_badpass option Also modify mail_always behavior to also + send mail when the password is wrong + [838d40ccafce] + + * env.c, sudo.c, sudo.h: + Dump default bad env table when 'sudo -V' is run by root. + [f67f1b8048b0] + + * sudoers.pod: + document env_delete + [d74f893663a2] + + * env.c: + Add support for '*' in env_keep when not resetting the environment + (ie: the normal case). + [fd4fb62ea8fd] + + * env.c: + Add env_delete variable that lets the user replace/add to the + bad_env_table. Allow '*' wildcard in env_keep entries. + [aa728bc35e29] + +2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkinstalldirs: + Force umask to 022 to guarantee sane directory permissions. + [9ab3cfe70569] + +2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency + [671010465e6f] + + * mkdefaults: + fix breakage in last commit + [8318f8851e56] + + * Makefile.in: + acsite.m4 -> aclocal.m4 + [30c146873a01] + + * check.c: + fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit + [4dc8b39954da] + + * def_data.c: + regenerated from def_data.in + [915ea16ce1eb] + + * check.c, defaults.c, defaults.h: + Add new T_UINT type that most things use instead of T_INT If + timestamp_timeout is < 0 then treat the ticket as never expiring (to + be expired manually by the user). + [3a3a636a2a5d] + + * def_data.in: + change most T_INT -> T_UINT + [a2228d2457af] + + * mkdefaults: + fix warning when no args + [ca70a5394af5] + + * visudo.c: + Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if + we are a signal handler. We no longer print the signal number but + the user can just check the exit value for that. + [dc424f631fef] + +2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + when setting up pipes in child process check for case where stdin == + pipe fd 0 + [518112d76184] + +2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Ignore editor exit value since XPG4 says vi's exit value is the + count of editing errors made (failed searches, etc). + [b9d952284865] + +2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [cb3aa586f03b] + + * configure.in: + sco now is identified by config.guess as *-sco-* + [46664bbdea61] + + * configure.in: + Check for getspnam() in -lgen if not in -lc for UnixWare. + [0f152ad1ba93] + +2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod, visudo.pod: + "upper case" -> "uppercase" + [f9151f232326] + + * sudoers.pod: + fix typos and grammar; pjanzen@foatdi.harvard.edu + [2855d73d0237] + +2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Missing word (specify); krapht@secureops.com + [65523eb37a2c] + +2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + If we fail to lookup a login class, apply the default one. + [d4869faa6816] + + * logging.c: + In log_error() free message, not logline unconditionally, then free + logline if it is not the same as message. No function change but + this mirrors how they are allocated. + [565e5f6cc643] + +2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regenerate + [834a48f548a2] + + * configure.in: + remove some backslash quotes that are unneeded + [50d401d6e2ca] + + * configure.in: + o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ + instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we + can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have + to AC_DEFINE things manually. + [f502c5f15f92] + + * config.guess, config.sub: + Updated from autoconf-2.50 + [6140205915ef] + +2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + Update mailing list section. We use mailman now, not majordomo. + [b9a8ca45e6dc] + +2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * getspwuid.c, logging.c, sudo.c: + Use setpwent()/endpwent() + all the shadow variants to make sure we + don't inadvertantly leak an fd to the child. Apparently Linux's + shadow routines leave the fd open even if you don't call setspent(). + Reported by mike@gistnet.com; different patch used. + [d33792ef6c01] + +2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + s/eg./e.g./ + [bd32a0acaf93] + + * tgetpass.c: + select() may return EAGAIN. If so, continue like we do for EINTR. + [5f202c943818] + + * logging.c: + Fix a non-exploitable buffer overflow in the word splitting code. + This should really be rewritten. + [4c724363863a] + + * Makefile.in: + FAQ link goes away + [1d26dd6c8972] + + * INSTALL: + Tell people to look in sample.syslog.conf for examples, not FAQ + [affcae3f43ca] + + * TROUBLESHOOTING: + Update list of env vars that are cleared + [234e56f1435a] + + * sudo.c: + remove struct env_table decl since that stuff has all moved to env.c + [5dd923148777] + +2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * fileops.c: + Fix a pasto in flock-style unlocking and include <sys/file.h> for + flock on older systems; twetzel@gwdg.de + [d5420d9d2861] + + * configure: + regen to get NeXT lockf/flock fix + [d3ba6ed70e15] + + * configure.in: + force NeXT to use flock since lockf is broken + [bd5391dca1bb] + +2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + Use stashed user_gid when checking against exempt gid since sudo + sets its gid to a a value that makes sudoers readable. Previously if + you used gid 0 as the exempt group everyone would be exempt. From + Paul Kranenburg <pk@cs.few.eur.nl> + [0b140cc3a817] + +2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [cc455408f32b] + + * aclocal.m4: + #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines + some types (such as ssize_t) therein. + [b6aee85ca331] + +2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + Fix negation of paths in a boolean context. Problem found by + apt@UH.EDU + [8aee217a7cdf] + +2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + pasto + [ad32b277bf68] + +2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + SA_RESETHAND means the opposite of what I was thinking--oops To + block all signals in old-style signals use ~0, not 0xffffffff + [6ecdd793590a] + +2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + coerce difference of pointers to int when used in a string length + printf format; deraadt@openbsd.org + [a9d10f07180d] + +2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Block all signals in Exit() to avoid a signal race. There is still a + tiny window but I'm not going to worry about it. + [6661805c0458] + +2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: + glibc uses the LANGUAGE env var so clear that too; Solar Designer + [d4ba95628afb] + + * lex.yy.c: + Regenerate with a fix to flex.skl that preserves errno from + clobbering by isatty(). + [607eec736e19] + +2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c, + auth/sia.c, auth/sudo_auth.c: + Some defaults I_ defines got renamed. + [ec19b23caaf3] + + * Makefile.in, check.c, def_data.c, def_data.h, def_data.in, + defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc, + set_perms.c, sudo.c, sudo.tab.c: + Move defaults info into its own files from which we generate .h and + .c files. This makes adding or rearranging variables much simpler. + [e91b880b5043] + +2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + fix typo in last commit + [10a6ee2bae71] + + * compat.h, config.h.in, configure, configure.in: + Add check + emulation for setegid (like seteuid). + [29492092bd2f] + + * env.c: + Make env_keep override badenv_table as documented Fix traversal of + badenv_table (broken in last commit) + [37c9f0d22673] + + * set_perms.c, sudo.c, sudo.h: + Don't try and build saved uid version of set_perms on systems w/o + them. Rename set_perms_saved_uid() -> set_perms_posix() Make + set_perms_setreuid simply be set_perms_fallback() and simply include + the appropriate function at compile time (setreuid() vs. setuid()). + [3107333c062c] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + PATH is also preserved when env_reset is in effect + [90e45c5711ff] + + * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure, + configure.in, defaults.c, defaults.h, env.c, find_path.c, + getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c, + visudo.c, visudo.cat, visudo.man.in: + New Defaults options: o stay_setuid - sudo will remain setuid if + system has saved uids or setreuid(2) o env_reset - reset the + environment to a sane default o env_keep - preserve environment + variables that would otherwise be cleared + + No longer use getenv/putenv/setenv functions--do environment munging + by hand. Potentially dangerous environment variables can be cleared + only if they contain '/' pr '%' characters to protect buggy + programs. Moved environment routines into env.c (new file) + [c2f97651db4c] + + * INSTALL: + Clear up --without-passwd description + [2f336dab6733] + + * putenv.c, sudo_setenv.c: + We now build up a new environment from scratch and assign it to + "environ". + [6ae6152f2238] + +2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, visudo.pod: + Grammatical fixes from Paul Janzen + [e03ead2e56f8] + +2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + If there was a syntax error and the user just wants to quit, unlink + sudoers if it is zero length. + [74ba7921f520] + + * visudo.c: + 'Q' means ignore parse error, not 'q' + [e8d0e4491fe6] + + * visudo.c: + Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric + <dim@xs4all.nl> + [b24990a72491] + +2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * set_perms.c: + Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org + [41a8db10e076] + +2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess, config.sub: + Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com> + [6052da895d2e] + +2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, visudo.c: + Use exit(127), not exit(-1) + [9ff0c3eada34] + + * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c: + Move set_perms() to its own file and use POSIX saved uid or + setreuid() if available. + + Added stay_setuid option for systems that have libraries that + perform extra paranoia checks in system libraries for setuid + programs (ie: anything with issetugid(2)). + [28960f842698] + + * sudo.c: + strip more bits from the environment and add a facility for + stripping things only if they contain '/' or '%' to address printf + format string vulnerabilities in other programs. + [b98d6375f299] + +2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [7e74e5c91049] + + * configure.in: + For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of + strcasecmp(). + [a418e9e70442] + + * configure: + regen + [bbff244a52bc] + + * configure.in: + Check for strcasecmp(3) in -lc89 for NCR Unix + [361c99576681] + +2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + Define HAVE_INNETGR #ifdef HAVE__INNETGR + [473cdb92b6db] + + * configure: + regen + [4e6364a195e0] + + * compat.h, config.h.in, configure.in: + Add check for _innetgr(3) since NCR systems have that instead of + innetgr(3). + [25e6852e7494] + +2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/securid.c: + check return value of creadcfg() call sd_close() after sd_auth() + store username in sd->username so we don't rely on the USER env + variable + [d106b4f42722] + +2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + document --with-bsdauth + [f1518ecc2ee9] + + * configure: + regen + [dceb35071ea8] + + * configure.in: + --with-bsdauth assumes --with-logincap + [4200778083fd] + + * auth/bsdauth.c, auth/fwtk.c: + When prompting for a response to a challenge, if the user just hits + return then reprompt with echo turned on. + [a539b6474a97] + +2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Remove debugging code that should not have been committed, oops. + [9862607b77a7] + + * auth/bsdauth.c: + Use lower-level routines and get the password ourselves. Checks for + a challenge and if there is one echo is not turned off. + [2d8fcd166baa] + + * auth/pam.c, auth/sudo_auth.h: + minor housekeeping, no real code changes + [d0074a277fb4] + +2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Fix a coredump in the logging functions if gethostname(2) fails by + deferring the call to log_error() until things are better setup. + + Fix return value of set_loginclass() in non-BSD-auth case. + + Hard-code 'sudo' in the usage message so we can fit more options on + a line + [d9d1b7579818] + + * logging.c: + Fix errant ';' (typo) that broken MSG_ONLY + [849b2276a470] + +2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in: + regen + [bb3c8c6704d1] + + * sudo.pod: + Document -a flag + [e18316cebaac] + + * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in, + configure, configure.in, getspwuid.c, sudo.c: + Add support for BSD authentication. + [f374cfd9ca0d] + +2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Fix typo; from sato@complex.eng.hokudai.ac.jp + [3085fee9766e] + +2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + Mention negating umask + [c9e410294dae] + + * defaults.c: + Allow user to specify umask of 0777 (same as !umask) + [bb771daa96fe] + +2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, visudo.pod: + Fix a typo and give a URL for the sudo history. + [77f73199aedb] + +2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c, sudo.pod: + fix typos; pepper@reppep.com + [5532c7421340] + +2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudo.h, sudo_setenv.c: + sudo_setenv() now exits on memory alloc failure instead of returning + -1. + [71f1cf18f47b] + +2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD + and possibly others. + [b69d985b0d22] + + * logging.c: + Don't use vsyslog(3) since HP-UX (and others?) lack it. This means + that "%m" won't be expanded but we don't use that anyway since the + logging routines may splat to stderr as well. + [8d37a544d0c0] + + * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in, + sudoers.pod: + Add always_set_home variable + [dbcaff646e07] + + * configure, configure.in: + Have to hard code default values in help since the defaults are set + _after_ the help stuff. + [7b5d6d72f55c] + +2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * lex.yy.c, parse.lex: + Allow special characters (including '#') to be embedded in pathnames + if quoted by a '\\'. The quoted chars will be dealt with by + fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. + [3ed33cf09977] + +2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + Better path searching for programs we need. + [60517cb1f0d6] + + * TROUBLESHOOTING: + Add section on "C compiler cannot create executables" errors. + [e4ada6eaee59] + + * Makefile.binary, Makefile.in, version.h: + Crank version + [93d1bd5b7f5e] + + * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in, + sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat, + visudo.man.in, visudo.pod: + Substitute values from configure into man pages. + [619854c356c1] + +2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, sudo.c: + The listpw and verifypw sudoers options would not take effect + because the value of the default was checked *before* sudoers was + parsed. Instead of passing in the value of PWCHECK_* to + sudoers_lookup(), pass in the arg for def_ival() so the check can be + deferred until after sudoers is parsed. + [4f596e358f72] + +2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + When writing prompt, no need to write the NUL as well; + hag@linnaean.org + [fbcdd7b431ee] + +2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + When looking for chown, check in /sbin too + [657ba6653f8c] + +2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Remove extraneous call to init_defaults() and set runas_user to NULL + betweem parses so init_defaults will reset it each time, thus + avoiding a reference to free()d data. + [7421fcd692af] + +2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, interfaces.c, interfaces.h, sudo.c: + Add support for using getifaddrs() to get the list of ip addr / + netmask pairs. Currently IPv4-only. + [a35bc4f7306d] + + * visudo.c: + Add a missing check for UserEditor == NULL Add missing '+' before + line number when invoking editor to fix a syntax error + [f0d4635f6082] + +2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Call clean_env very early in main() for paranoia's sake. Idea from + Marc Esipovich. + [f8d72ebd0115] + +2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + Update proto for evasprintf and easprintf + [d147d6e58419] + + * alloc.c: + Make easprintf() and evasprintf() return an int. + [b2ca5d089667] + + * check.c: + If the targetpw flag is set, use target username as part of the + timestamp path. If tty tickets are in effect cat the tty and the + target username with a ':' as the separator. + [de11abc693c2] + +2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + Backout part of last change; setting PAM_USER to the invoking user + breaks things like targetpw. + [427218a7387f] + + * auth/pam.c: + set tty and username via pam_set_item + [85d1922dbcc9] + + * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h: + Fix root, runas, and target authentication for non-passwd file auth + methods. + [a14535e7b30c] + +2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: + Use B<-Z> not C<-Z> for command line flags in all places. This is + more consistent and works around a bug in Pod::Man. + [64b5a05f30c5] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Fix an occurence of 'semicolon' that should be 'colon' + [4ea5aacae3fb] + +2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix --with-badpri help line + [3cc40977c043] + +2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c, logging.c, sudo.c: + Bracket calls to syslog with an openlog() and closelog() since some + authentication methods (like PAM) may do their own logging via + syslog. Since we don't use syslog much (usually just once per + session) this doesn't really incur a performance penalty. It also + Fixes a SEGV with pam_kafs. + [fe1cc28529f6] + +2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS, + mode) + [ce9b1c6f68a6] + +2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Clarify the fact that insults are not enabled just by including them + in the binary. + [d5a31d48320c] + +2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, + visudo.man.in: + Regenerated with perl 5.6.0 pod2man + [21751433768b] + + * Makefile.in: + Give date string to pod2man since its default is ugly and it ain't + got no alibi. + [0080b2f6298f] + + * Makefile.in: + Do section substitution on the output of pod2man and remove hack + needed for old pod2man. + [1ef843d5c78b] + + * sudo.pod, sudoers.pod, visudo.pod: + Put back real man sections, we will do the substitution later. + [f728c1abad7e] + +2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Don't bother checking for the path to vi if user specified --with- + editor + [bf698487e0d5] + +2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, visudo.c: + Visudo now does its own fork/exec instead of calling system(3). + [99bbcd88863b] + + * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.c: + Visudo now checks for the existence of an editor and gives a + sensible error if it does not exist. + + The path to the editor for visudo is now a colon-separated list of + allowable editors. If the user has $EDITOR set and it matches one of + the allowed editors that editor will be used. If not, the first + editor in the list that actually exists is used. + [cc86eb9f5440] + + * sudo.cat, sudo.man.in, sudo.pod: + Clear up confusion wrt sudo's return value. + [9385b12d8e79] + +2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Strip sudo and visudo for bindist target + [a995ddd79177] + + * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, + sudoers.pod, visudo.cat, visudo.man.in, visudo.pod: + Use @mansectsu@ and @mansectform@ in the man page bodies as well. + [5eb9e60a726f] [SUDO_1_6_3] + + * visudo.cat, visudo.man.in, visudo.pod: + Typo: @sysconf@ -> @sysconfdir@ + [f07f52fcd099] + + * Makefile.in: + 'make dist' should not cause any files to be modified so remove its + dependencies. + [7f44a2666a9c] + + * CHANGES: + Whoops, forgot to add release marker + [16c0f16b35b8] + +2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + Final change for 1.6.3 (or so I hope) + [473c89da6123] + + * sudo.cat, sudoers.cat, visudo.cat: + Use SYSV man sections since BSD systems will have nroff... + [0a6bd154324e] + +2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.tab.c: + When checking to see if the host/user matches in a defaults spec, + check against TRUE, not just non-zero since it might be -1. + [41f2b7ad3fdd] + + * configure, configure.in: + OSF/1 puts file formats in section 4, not 5. + [d77c1301afa9] + + * CHANGES, INSTALL, sudo.c: + Make login class support work on BSD/OS + [e9bbe3c08ade] + + * RUNSON: + Update for 1.6.3 + [c40ce1d76c4d] + + * configure, configure.in: + If there is no inet_addr but there *is* an __inet_addr that's ok + since inet_addr is probably just a macro then. The better thing to + do would be to look for the macro, but this is fine for now. + [1b8865ae4d68] + + * configure, configure.in: + Don't use shlicc for BSD/OS 4.x + [83fbf6dedd2c] + + * Makefile.in, configure, configure.in: + *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@ + configure variable so we can deal with this. Also, only remove *.man + for 'distclean' not 'clean'. + [30d56e6de214] + + * sudo.c: + set_loginclass() should be static like the proto says + [d570a2d55fb8] + +2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * fnmatch.c: + Add #ifdef __STDC__ around the rangematch function header to avoid + promotion of test to int, thus violating the prototype. Gcc handles + this gracefully but more std ANSI compilers will complain. + [7d98c3e332b2] + + * emul/fnmatch.h: + Pull in newer fnmatch(3) that supports FNM_CASEFOLD + [4e1320852f8b] + + * aclocal.m4, configure, fnmatch.3, fnmatch.c: + Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for + FNM_CASEFOLD in configure + [9ef952bf1896] + + * CHANGES, TODO: + update for 1.6.3 + [e4ba6368a0c5] + + * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [fbd2887d9811] + + * lex.yy.c, parse.c, parse.lex, parse.yacc: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [630d9d205397] + + * parse.h: + Fully qualified hosts w/ wildcards were not matching the FQHOST + token type. There's really no need for a separate token for fully- + qualified vs. unqualified anymore so FQHOST is now history and + hostname_matches now decides which hostname (short or long) to check + based on whether or not the pattern contains a '.'. + [dd7bbe223461] + + * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat, + sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c: + Add support for wildcards in the hostname. + [d8d821ed4238] + + * Makefile.in: + Add targets for *.man.in, using config.status to generate *.man from + *.man.in + [640e50ede485] + + * sudoers.cat, sudoers.man.in, sudoers.pod: + Document set_logname option and enbolden refs to sudo and visudo. + [9622b3a48707] + + * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat, + sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, + visudo.cat, visudo.man.in, visudo.pod: + Add FreeBSD login.conf support (untested on BSD/OS) based on a patch + from Michael D. Marchionna. configure now does substitution on the + man pages, allowing us to fix up the paths and set the section + correctly. Based on an idea from Michael D. Marchionna. + [463e928a0a2f] + + * auth/passwd.c: + Better fix for handling HP-UX aging info. + [3950f42d8549] + + * sudo.c: + Add support for set_logname run-time default + [c6a7cc76b8b4] + + * sudo.man.in, sudoers.man.in, visudo.man.in: + configure does substitution on these to produce *.man + [b83fc3c1bfc9] + + * sudo.man, sudoers.man, visudo.man: + These files now get generated from *.man.in at configure time. + [c499061f79e0] + +2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c, defaults.h: + Add set_logname option so users can turn off setting of LOGNAME/USER + environment variables. + [6316869180b8] + + * lsearch.c, parse.c, testsudoers.c: + kill register + [6e104e653748] + +2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/passwd.c: + HP-UX adds extra info at the end for password aging so when + comparing the result of crypt to pw_passwd we only compare the first + len(epass) bytes *unless* the user entered an empty string for a + password. + [3d24d4e4e889] + + * logging.c: + Get rid of grandchild hack, it was causing problems and there is + really no need for it. This fixes a bug where we spin eating up CPU + when the user runs a long-running process like a shell. + [5743b10b1e81] + +2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + User can always specify a login class if he/she is already root. + [710d160cef9f] + + * config.h.in, configure, configure.in, defaults.c, defaults.h, + sudo.c, sudo.h: + FreeBSD login class (login.conf) support. + [026b981d6328] + +2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/sudo_auth.c: + HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support + [9cd4929f1a78] + +2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/passwd.c: + Truncate unencrypted password to 8 chars if encrypted password is + exactly 13 characters (indicateing standard a DES password). Many + versions of crypt() do this for you, but not all (like HP-UX's). + [a9d0259cb193] + +2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, RUNSON: + Mention that gcc on dynix may have problems + [77b97fa5bf1b] + +2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + Link visudo with NET_LIBS since we now call syslog via defaults.c + [9e3830b277cc] + + * defaults.c: + Use Argv[0] as the first arg to openlog() since visudo uses this + too. + [e61078f328ec] + +2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Stash coredumpsize resource limit and retsore it before the exec() + Otherwise the child ends up with a coredumpsize of 0. + [f6a4783835a3] + +2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man, sudo.pod: + document -S flag + [3ebd805b7142] + + * sudo.c: + fix usage string + [66b2dfa47fe8] + + * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, + auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c: + Added -S flag (read passwd from stdin) and tgetpass_flags global + that holds flags to be passed in to tgetpass(). Change echo_off + param to tgetpass() into a flags field. There are currently 2 + possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In + tgetpass(), abstract the echo set/clear via macros and if (flags & + TGP_ECHO) but echo is not set on the terminal, but sure to set it. + [a4fcbb712cd0] + + * tgetpass.c: + Fixed a bug that caused an infinite loop when the password timeout + was disabled. + [2be1ffc5a39f] + +2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h, + sudoers.cat, sudoers.man, sudoers.pod, visudo.c: + Add rootpw, runaspw, and targetpw options. + [2d4563e46df7] + + * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod, + visudo.c: + enveditor -> env_editor + [ddc5f856e583] + +2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, Makefile.in, README, configure, configure.in, + sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat, + visudo.man: + crank versino to 1.6.3 + [a5f7d3e74360] + + * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man, + sudoers.pod, visudo.c: + Add 'editor' and 'enveditor' sudoers defaults and make visudo honor + them. This means that visudo will now parse the sudoers file + *before* it is edited so a bogus sudoers file will cause a warning + to go to stderr. Also, visudo checks the variables once--it does not + check them after each editor run since that could be confusing. + [9f5af18e9212] + +2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + 1.6.2 -> 1.6.2p1 + [e25b74f1d1af] + + * check.c, sudo.c, sudo.h: + Move user_is_exempt prototype into sudo.h + [daf26a6ded8a] + +2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + Fix thinko, some && should have been || in the last commit + [4b9b2d487ded] + + * configure, configure.in: + Don't initialized Makefile variables to be NULL since the user may + want to import variables from their environment. + [7be019f4422c] + +2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + typo + [38f4d8971f0a] + +2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + fix a yacc (skeleton.c) warning + [a2da228a937b] + +2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, RUNSON, configure, configure.in: + Make pam work on HP-UX 11.0;jaearick@colby.edu + [b94de0ff6f42] + + * CHANGES: + recent changes; prepare for 1.6.2p1 + [b291635ea141] + + * find_path.c: + Don't apply SECURE_PATH if user is example; jmknoble@pobox.com + [4306285c4f6e] + +2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + Regen with yacc that has a memory leak plugged. + [e26383a04eb7] + + * sudoers.cat, sudoers.man, sudoers.pod: + Expanded docs on sudoers 'defaults' options based on INSTALL file + info. + [54c3d62d6c74] + + * INSTALL: + Fix some while lies + [d15311782150] + +2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + When making a bindist, link FAQ to TROUBLESHOOTING instead of + copying. + [2d88a6ac88cf] + + * sudoers.cat, sudoers.man, sudoers.pod: + Add netgroup caveat + [28d119f466e3] [SUDO_1_6_2] + + * RUNSON: + Last minute updates + [89fb4ed22d52] + + * TROUBLESHOOTING: + PAM entry + [a9fd59f39457] + + * auth/pam.c: + correct a comment + [a29627225ba9] + + * CHANGES, RUNSON: + update for 1.6.2 + [b7f1c40ea732] + + * auth/pam.c: + Better detection of PAM errors and fix custom prompts with PAM. + Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org> + [ff69234b94a5] + +2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * snprintf.c: + Cast ULONG_MAX to unsigned long long when comparing to an unsigned + long long value. + [9d918c3a2ecd] + +2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, config.h.in, configure, configure.in, visudo.c: + Fix sudoers locking in visudo. We now lock the sudoers file itself, + not the temp file (since locking the temp file can foul up editors). + The previous locking scheme didn't work because the fd was closed + too early. + [de2011bb11ed] + + * config.h.in, configure, configure.in: + Don't need test for ftruncate() any more. + [e5f71c848104] + + * configure, configure.in: + Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with + the unbundled HP-UX cc. + [2c373612c644] + +2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.man, sudoers.pod: + "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca> + [05360d2c314e] + +2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h, + parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c, + version.h, visudo.c: + update copyright year on changed files + [5792a2a28a4c] + + * RUNSON: + updates + [edf8f19aa403] + + * CHANGES: + aix fix + [4d4a243b31e2] + + * INSTALL: + Crank version to 1.6.2 + [bcb5cb411624] + + * configure: + Crank version to 1.6.2 + [32a19f33427f] + + * sudo.c: + When using rlimit check for RLIM_INFINITY When computing the value + of maxfd, use min(getdtablesize(), RLIMIT_NOFILE) + [8c16166802e5] + + * CHANGES: + recent changes + [09fc7112e44d] + + * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man, + sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man: + Crank version to 1.6.2 + [055fa61a7c61] + + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: + Add 'shell_noargs' runtime option back in. We have to defer checking + until after the sudoers file has been parsed but since there are now + other options that operate that way this one can too. Based on a + patch from bguillory@email.com. + [231db7a007a6] + + * defaults.c, defaults.h, parse.c, sudo.c, sudo.h: + Add "listpw" and "verifypw" options. + [190683bac878] + + * sudoers.cat, sudoers.man, sudoers.pod: + o Fix some typos/omissions o Add section on verifypw and listpw o + Define how NOPASSWD interacts with the -v and -l flags + [6feb7350eb79] + +2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add + -D_HPUX_SOURCE to CPPFLAGS. + [06cc35d89dc8] + + * defaults.c, defaults.h: + In struct sudo_defs_types, move the union to the end and don't + initialize the union member since that only works with an ANSI + compiler. We set the value of the union by hand in init_defaults() + anyway. This allows sudo to compile on a K&R compiler again. + [623487e1fcfa] + +2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c: + netgr_matches needs to check shost as well as host since they may be + different. + [3f43ace23d3e] + + * tgetpass.c: + End on \r as well as \n + [cb7c6e6f4202] + +2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Update statbuf.st_mode based on SUDOERS_MODE when we are chaning + from 0400 to whatever SUDOERS_MODE is (converting from the old + sudoers mode). Assumes that SUDOERS_MODE is less restrictive than + 0400 which should always be the case. + [34cd83d49d20] + + * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: + Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l + w/o a passwd if there is *any* entry for the user on the host with a + NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for + the user on the host w/ the specified runas user have the NOPASSWD + flag set. + [4b3b85697653] + + * Makefile.in: + add check target + [3d24d34a76fd] + +1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Treat EOF at whatnow prompt like 'x' instead of looping. + [5deffc27114c] + +1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + recent changes + [5836a9452568] [SUDO_1_6_1] + +1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure, configure.in, sudo.c: + Add check for initgroups() since old SYSV lacks this. + [657a6005a569] + + * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in, + parse.c, testsudoers.c: + o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h> + exists. + [17d081e917d6] + +1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/sudo_auth.c: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [b20c14db6029] + + * CHANGES, RUNSON: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [974f4780254b] + + * insults.h: + Don't allow insults to be enabled if the insults[] array is empty. + Otherwise there would be division by zero. + [028f130204b0] + + * insults.h: + Don't care about USE_INSULTS #define since the insult stuff may be + overridden at runtime. + [b873df8b299c] + + * auth/sudo_auth.c: + Honor insults flag. + [756111640fdc] + + * CHANGES, parse.c: + Don't ask the user for a password if the user is not allowed to run + the command and the authenticate flag (in sudoers) is false. + [cea9fdc09c76] + + * CHANGES, RUNSON, lex.yy.c, parse.lex: + o Whenever we get a bare newline we change to the INITIAL state. o + Enter GOTRUNAS when we see Runas_Alias + + This allows #uid to work in a RunasAlias. + [a475513e7c7a] + +1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, parse.yacc, sudo.tab.c: + fix parsing of runas lists: o oprunasuser and runaslist now return a + value o in a runasspec, if a runaslist does not return TRUE, set + runas_matches to FALSE. Normally, a runaslist only returns FALSE for + explicitly denied users. o since runaslist does not modify the stack + there is no need for a push/pop in runasalias. + [82b305b34a8c] + + * check.c, sudo.c: + Don't kill the user's tickets until after sudoers has been parsed + since tty_tickets and ticket_dir could be set in sudoers. + [f43e25367f3a] + + * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON, + configure, configure.in, sudo.cat, sudo.man, sudoers.cat, + sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man: + crank version to 1.6 + [95f8bdcf9bb2] + + * testsudoers.c: + add set_fqdn() stub + [bbc81af5b41a] + +1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat, + sudoers.man, sudoers.pod, visudo.c: + o Kill shell_noargs option, it cannot work since the command needs + to be set before sudoers is parsed. o Fix the "set_home" sudoers + option (only worked at compile time). o Fix "fqdn" sudoers option. + We now set host/shost via set_fqdn which gets called when the "fqdn" + option is set in sudoers. o Move the openlog() to store_syslogfac() + so this gets overridden correctly from the sudoers file. + [3dca861f0f5d] + + * auth/securid.c: + SecurID support should compile now. + [a544e5c6ea34] + +1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat, + visudo.man, visudo.pod: + fix some syntactic goofs + [b3451f0d5239] + +1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, sudo.html, sudoers.html, visudo.html: + No longer need the .html files as they are generated automatically + on the web site. + [1b4aa4204584] + + * CHANGES, LICENSE: + kill characters that made wml unhappy + [b988fbc6da56] + + * HISTORY: + typo + [a418963f7fce] + +1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + majordomo@cs.colorado.edu -> majordomo@courtesan.com + [5d151e8ffd3b] + + * Makefile.in, configure: + Wrap script execution w/ /bin/sh for the benefit of ctm + [3a9c4766b2c3] + +1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Make the -s flag be exclusive too. Also reorder the flags in the + exclusive usage message so they are alphabetical. + [4c7af200db34] + +1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + make pam errors other than PAM_PERM_DENIED fatal + [64bcb3fd2baf] + + * auth/API: + fix typo + [f3134c88b12e] + + * INSTALL: + make it clear that /etc/pam.d/sudo is required on linux + [213cc3eaad82] + + * auth/pam.c: + fix a warning on redhat and spew an error if pam_authenticate() + returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED + [7e46dd19da89] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Be very clear that the password required is the user's not root's + [a6da127347e5] + +1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + add sample.syslog.conf to DISTFILES and BINFILES + [8661c27c007e] + +1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updates from Brian Jackson + some formatting + [6d31c6fa63f8] + +1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL.binary, Makefile.binary, README, RUNSON: + o One RUNSon update o Changes for automating real binary releases + [dd9585f4406c] + + * Makefile.in: + Add bindist target + [546ed3fa94bb] + +1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + talk about run-time options in addition to compile-time options + [1eb813ff0a9a] [SUDO_1_6_0] + + * CHANGES: + fix typos + [65e92bb70a7b] + + * sudo.c: + need sys/time.h if HAVE_SETRLIMIT + [ce31655a8a60] + + * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man, + sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod: + get rid of references to sudo-bugs. Now mention the web site or the + sudo@ alias + [a9db861fd8c6] + + * sudoers.html: + repair pod2html damage + [62ece4277f1f] + + * RUNSON, TODO: + Update for 1.6 release + [98569c57ba2a] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + Add warning about using ALL in a command context. + [6c77685ab280] + +1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + Call yyrestart() on a parse error to reset the lexer state. + [1370a27acdb2] + + * lex.yy.c, parse.lex: + Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c + since it might not get called in yywrap if we get a parse error (and + we only reread the file on error anyway). + [37f4b449e28e] + + * lex.yy.c, parse.lex: + Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that + might still exist. Call yyrestart() instead of using the deprecated + YY_NEW_FILE macro. + [7d0d873046c6] + + * lex.yy.c, parse.lex: + flex doesn't need %N table size declarations + [268b020fd60a] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + Mention what characters need to be escaped in names. + [72ccbb6b0f31] + +1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure: + regen + [65827abb5c7b] + + * INSTALL: + clarify Mac OS X entry + [8da1549a71f5] + + * RUNSON: + update + [0cff8df7459f] + + * configure.in: + o Use AC_MSG_ERROR throughout o Check syslog configure options for + danity + [4cb81e642e5c] + +1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + Fix printing of type T_MODE in dump_defaults() + [a868bb6f5515] + + * strcasecmp.c: + missing sys/types.h + [ca694ca325b6] + + * INSTALL: + Break out options that may be overridden at run time into their own + section. Add a not about Max OS X and correct some lies. + [d8bcfd120593] + +1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, config.h.in, configure, configure.in, sudo.c: + o Now use getrlimit to find the highest fd when closing all non-std + fd's o Turn off core dumps via setrlimit for the sake of paranoia + [dd9f651b6def] + + * RUNSON: + updates + [f581841fe615] + +1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updates + [553baa1d44c7] + + * tgetpass.c: + When read()'ing, do a single character at a time to be sure we don't + go oast the newline. + [907d33f55bb4] + + * sudo.c: + For the sudo_root option, check against user_uid, not getuid() since + at this point, ruid == euid == 0. + [92d5c51939b4] + + * RUNSON: + some updates + [e3ed0c1f312b] + + * logging.h: + Fix compilation problem when --with-logging=file was specified. This + means that syslog is now required to build sudo but that should not + be a problem. If it is it can be fixed trivially with a configure + check for syslog() or syslog.h. + [839a4b069190] + + * tgetpass.c: + Make this work again for things like "sudo echo hi | more" where the + tty gets put into character at a time mode. We read until we read + end of line or we run out of space (similar to fgets(3)). + [c8f746df2e63] + +1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + change ital to bold + [f860978e530a] + + * RUNSON: + update + [9bcfbb405568] + +1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + Error out if syslog parameters are given without a value. For Ultrix + or 4.2BSD "syslog" is allowed without a value since there are no + facilities in the 4.2BSD syslog. + [69e7a686f5f0] + +1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + Ignore the syslog facility for systems w/ old syslog like Ultrix. + [5c250adbbb84] + + * TROUBLESHOOTING: + people with "." early in their path can have problems running sudo + from the build dir ;-) + [20a1744a24a4] + +1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Remove -r realm option + [127caa537f95] + + * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure, + configure.in, sudo.c: + New krb5 code from Frank Cusack <fcusack@iconnet.net>. + [7177a3893a62] + + * CHANGES: + update to reality + [766cfbb512d6] + +1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/fwtk.c: + include <auth.h> to get function prototypes. + [d6c7c12d09fe] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + document -L flag + [dc803e1ce0d7] + +1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + in set_perms(), always call setuid(0) before changing the ruid/euid + so we always know it will succeed. + [8cced1b862bf] + + * defaults.h: + #undef T_FOO to avoid conflicts with system defines (like on + ULTRIX). + [d9f0aac092b0] + + * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man, + sudoers.pod: + Docuement "Defaults" lines in /etc/sudoers. Still needs some + fleshing out but this is a start. + [521a1e629bbc] + +1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * use strtol, not strtoul since not everyone has not strtoul + [988462f093cc] + + * defaults.c: + use strtol, not strtoul since not everyone has not strtoul + [fce835ce62e3] + + * lex.yy.c, parse.lex: + last {WORD} rule should only apply in the INITIAL state + [9b57570bfa83] + + * lex.yy.c, parse.lex: + o Add support for escaped characters in the WORD macro o Modify + fill() to squash escape chars + [87572d59e4e0] + + * defaults.c, defaults.h: + o Add T_PATH flag to allow simple sanity checks for default values + that are supposed to be pathnames. o Fix a duplicate free when + visudo finds an error. + [bdc6855a6c6d] + +1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c, defaults.h, logging.c: + mail_if_foo -> mail_foo + [cbee9415875d] + +1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c: + o Add requiretty option o Move O_NOCTTY to compat.h + [65b8bf0e1795] + + * logging.c: + The exit() in log_error() was mistakenly removed in a previous + version. Put it back... + [9473449130a4] + +1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c, + auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in, + configure, configure.in, defaults.c, defaults.h, find_path.c, + getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: + o Change defaults stuff to put the value right in the struct. o + Implement mailer_flags o Store syslog stuff both in int and string + form. Setting the string form magically updates the int version. o + Add boolean attribute to strings where it makes sense to say !foo + [4698953f9a36] + + * tgetpass.c: + add O_NOCTTY when opening /dev/tty just in case + [4c6d1d1bb300] + +1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/API: + cleanup function no longer takes a status arg + [0819edbfe7f8] + + * INSTALL: + the the + [19aadb65ea28] + +1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO, config.h.in, configure, configure.in, logging.c: + Use strftime() instead of ctime() if it is available. + [fb60ea63b514] + +1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * defaults.c: + fix copyright date + [4a53b54aa72f] + + * RUNSON: + update ReliantUNIX entry + [de618a4f67d9] + + * defaults.c, defaults.h, logging.c: + add log_year option + [251a9e20568a] + + * configure, configure.in: + add --without-sendmail to help output + [93162f199902] + + * configure, configure.in: + enforce an otctal arg for --with-suoders-mode + [45e1b04ccad3] + +1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c, + auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c, + auth/sudo_auth.c, check.c, config.h.in, configure, configure.in, + defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h, + parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, + testsudoers.c, version.c, visudo.c: + Add support for "Defaults" line in sudoers to make configuration + variables changable at runtime (and on a global, per-host and per- + user basis). Both the names and the internal representation are + still subject to change. It was necessary to make sudo_user.runas + but a char ** instead of a char * since this value can be changed by + a Defaults line. There is a similar (but more complicated) issue + with sudo_user.prompt but it is handled differently at the moment. + + Add a "-L" flag to list the name of options with their descriptions. + This may only be temporary. + + Move some prototypes to parse.h + + Be much less restrictive on what is allowed for a username. + [f71abf7ba80c] + + * sample.syslog.conf: + Add more info + [e952e6f42d4d] + +1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c, + strcasecmp.c: + UCB has dropped the advertising clause from their license. + [a5602b36a341] + +1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/sudo_auth.h: + move dce_verofy proto to correct section + [972c815af558] + + * auth/dce.c: + remove XXX + [820631855be0] + +1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * emul/fnmatch.h: + Add fnmatch() prototype + [79e84576d92a] + + * fnmatch.c, parse.c, testsudoers.c: + Move inclusion of emul/fnmatch.h to be after sudo.h for __P + [1182c89fa811] + + * sudo.h: + add strcasecmp proto + [512d1d8a6a0c] + + * auth/sudo_auth.c: + add check for case where there are no auth methods + [e4af2b91b43e] + + * configure, configure.in: + Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on + SunOS4 w/ gcc + [746ce8bcec23] + + * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c: + include strings.h everywhere we include string.h + [6f7d5d437e7b] + + * version.c: + nicer output when showing auth methods + [0eac4b977f9d] + + * version.c: + Add support for SEND_MAIL_WHEN_NO_HOST + [9f20a3a3fae6] + + * config.h.in, configure, configure.in: + Add _GNU_SOURCE for Linux + [c7bd8c511847] + + * lex.yy.c, parse.lex: + fix definition of OCTECT + [4af30e63244d] + + * configure, configure.in: + aix_auth.o not authenticate.o + [fe95dfb08df4] + +1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the + keyboard). Since we run with ruid/euid == 0 the user can't really + signal us in nasty ways. + [a7f6487c0f48] + + * visudo.c: + Don't need to worry about catching too many signals since we do + locking on the tmp file. If a lockfile is really stale, it will be + detected and overwritten. + [28983db3e749] + + * INSTALL, Makefile.in: + include auth/API in tarball + [014991600252] + + * auth/sudo_auth.c: + move memset() of plaintext pw outside of verify loop and only do the + memset if we are *not* in standalone mode. + [66f8e87567e2] + + * auth/sudo_auth.c, auth/sudo_auth.h: + DCE is not a standalone method + [34963e2d8a1b] + + * sudo.c: + fix --enable-noargs-shell + [4234062abbb0] + + * snprintf.c: + "#ifdef __STDC__" not "#if __STDC__" (I missed one) + [c430b80454c6] + + * auth/fwtk.c, auth/sia.c: + _cleanup() function returns an int. + [d1a1cc071ec1] + + * auth/dce.c: + there were still some return(0)'s hanging around, make them + AUTH_FAILURE + [1002aa1962c3] + + * parse.c: + typo in comment + [5abc410dbfd2] + + * version.c: + add missing semicolon + [a262283b52a5] + + * auth/sudo_auth.h: + missing backslash + [bf89f6bd2900] + +1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, config.h.in, configure, configure.in: + Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes + [f1a9bca0cf67] + + * Makefile.in: + add parse.h to HDRS + [a3d054987766] + + * Makefile.in, configure, configure.in: + Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and + LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and + network libs like -lsocket, -lnsl go in NET_LIBS. This allows + testsudoers to build on Solaris and is a bit cleaner in general. + [4e6239e97002] + + * UPGRADE: + mention ptmp -> sudoers.tmp + [ec3baa0fe8a1] + + * config.h.in, configure, configure.in: + Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE + [6f93dc7f39f5] + + * RUNSON: + add 2 reports + [ce0fcc00ee4e] + + * auth/kerb5.c: + Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to + return a value more like a system function + [0dd56aa21424] + + * auth/dce.c: + Add an XXX + [58fc8562c212] + + * TODO: + more things todo! + [5a459d0cf339] + + * sample.sudoers: + update based on what is in the man page + [1a0477db96fa] + + * parse.yacc, sudo.tab.c: + minor change to first line printed in -l mode + [69eb57d96952] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard and add "EXAMPLES" section + [7e543335ebe1] + + * visudo.cat, visudo.html, visudo.man, visudo.pod: + rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more + standard + [f82d87ed65c2] + + * logging.c, parse.c, sudo.h: + add FLAG_NO_CHECK + [c7d69176a2d7] + + * lex.yy.c, parse.lex: + make an OCTET really be limited to 0-255 + [6ee568dd6a02] + + * UPGRADE: + mention timestamp changes + [e44d5302bf60] + + * PORTING: + cosmetic cleanup + [36fa3a2664dd] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + new sudoers(8) man page + [e674d06283d0] + +1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.c: + Update comments about syslog name tables + [63830a782dcb] + + * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc, + strcasecmp.c, sudo.tab.c: + include strcasecmp() for those without it + [a0d8e2488bbc] + + * sample.sudoers: + Use the : operator some more and fix a typo + [18804c70da86] + + * HISTORY: + update the history of sudo + [9d9b3d5279b3] + + * parse.c, parse.lex, testsudoers.c: + CIDR-style netmask support + [768644467353] + + * CHANGES: + recent changes + [a4319e9d07cb] + + * sudo.tab.c, sudo.tab.h: + these should be generated with byacc, not bison + [f57b9489b752] + + * lex.yy.c: + regen + [522461f95dfa] + + * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: + In "sudo -l" mode, the type of the stored (expanded) alias was not + stored with the contents. This could lead to incorrect output if the + sudoers file had different alias types with the same name. Normal + parsing (ie: not in '-l' mode) is unaffected. + [823fe2bc4b79] + +1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + define _XOPEN_SOURCE to get at crypt() proto on some systems + [1b3769b86fb9] + +1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * snprintf.c: + fix comment + [fc1264df00f7] + + * tgetpass.c: + don't need limits.h + [f1631829af45] + + * snprintf.c: + kill bogus reference to vfprintf + [a0b99b25d389] + + * sample.sudoers, sudoers: + better examples + [b4d87ea64cc8] + + * snprintf.c: + Add some const in the K&R defs. This is safe since we define const + away if the compiler doesn't grok it. + [614d6e83d45e] + + * aclocal.m4, configure: + Better test for working long long support. Ultrix compiler supports + basic long long but not all operations on them. + [5da1508710ed] + + * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c, + snprintf.c, sudo.c: + Add check for LONG_IS_QUAD #undef MAXINT before including + hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX + in snprintf.c and use LONG_IS_QUAD + [a1f7993367fc] + +1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * LICENSE, aclocal.m4, config.h.in, configure, configure.in, + snprintf.c: + UCB-derived snprintf + asprintf support. Supports quads if the + compiler does. No floating point yet, perhaps later... + [0caf05aba945] + +1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c, + goodpath.c, logging.c, parse.c, sudo.c: + Run most of the code as root, not the invoking user. It doesn't + really gain us anything to run as the user since an attacker can + just have an setuid(0) in their egg. Running as root solves + potential problems wrt signalling. + [408e530dda01] + + * sudo.tab.c: + regen + [f8cfb37e37de] + +1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c, sudo.c: + Don't wait for child to finish in log_error(), let the signal + handler get it if we are still running, else let init reap it for + us. The extra time it takes to wait lets the user know that mail is + being sent. + + Install SIGCHLD handler in main() and for POSIX signals, block + everything + *except* SIGCHLD. + [d2b6ab0ef3be] + + * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c, + parse.yacc, sudo.c, sudo.h: + sudoers_lookup() now returns a bitmap instead of an int. This makes + it possible to express things like "failed to validate because user + not listed for this host". Some thigns that were previously + VALIDATE_FOO are now FLAG_FOO. This may change later on. + + Reorganized code in log_auth() and sudo.c to deal with above + changes. + + Safer versions of push/pushcp with in the do { ... } while (0) style + + parse.yacc now saves info on the stack to allow parse.c to determine + if a user was listed, but not for the host he/she tried to run on. + + Added --with-mail-if-no-host option + [63326cb01efc] + +1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html, + visudo.man, visudo.pod: + o NewArgv and NewArgc don't need to be externally visible. o If + pedantic > 1, it is a parse error. o Add -s (strict) option to + visudo which sets pedantic to 2. + [5d7d81b55cd5] + + * HISTORY, INSTALL: + Just have sudo-bugs contact info in one place + [e7f6588ea683] + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + Add BUGS section + [6607d96ea510] + + * Makefile.in, configure, configure.in: + Add testsudoers to default build target if --with-devel Don't clean + generated parser files unless "distclean". + [5827b769dc57] + + * parse.yacc, sudo.tab.c: + In pedantic mode we need to save *all* the aliases, not just those + that match, or we get spurious warnings. + [24f5b1f0e1de] + + * TROUBLESHOOTING: + reference samples.sylog.conf + [11841668380a] + +1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.syslog.conf: + Sample entries for syslog.conf + [0f7697d878a1] + + * CHANGES: + recent changes + [8bca8810c6bd] + + * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, + auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c, + auth/sudo_auth.c, auth/sudo_auth.h: + In struct sudo_auth, turn need_root and configured into flags and + add a flag to specify an auth method is running alone (the only + one). Pass auth methods their sudo_auth pointer, not the data + pointer. This allows us to get at the flags and tell if we are the + only auth method. That, in turn, allows the method to be able to + decide what should/should not be a fatal error. Currently only + rfc1938 uses it this way, which allows us to kill the OTP_ONLY + define and te hackery that went with it. With access to the + sudo_auth struct, methods can also get at a string holding their + cannonical name (useful in error messages). + [b7e320fc6511] + + * INSTALL, Makefile.in, README, config.h.in, configure, configure.in, + getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c, + sudo.tab.h: + o --with-otp deprecated, use --without-passwd instead o real + dependencies in the Makefile o --with-devel option to enable yacc, + lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes + back to being a token, not a string but don't leak memory o rename + hsotspec -> host in parse.yacc + [912c45226cb2] + +1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, CHANGES: + recent changes + [801fa6e55687] + + * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c, + sudo.c, sudo.h: + o Digital UNIX needs to check for *snprintf() before -ldb is added + to LIBS since -ldb includes a bogus snprintf(). o Add forward refs + for struct mbuf and struct rtentry for Digital UNIX. o Reorder some + functions in snprintf.c to fix -Wall o Add missing includes to fix + more -Wall + [8d207203e126] + + * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, + configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, + visudo.c: + o Add a "pedentic" flag to the parser. This makes sudo warn in cases + where an alias may be used before it is defined. Only turned on for + visudo and testsudoers. o Add --disable-authentication option that + makes sudo not require authentication by default. The PASSWD tag can + be used to require authentication for an entry. We no longer + overload --without-passwd. + [f307e09adf98] + + * lex.yy.c, parse.lex: + Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a + username can contain just about anything so be very permissive. Also + drop the unused \. punctuation. + [06a50614ff89] + +1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.tab.c: + o add a 'val' element to aliasinfo struct and move -> parse.h o + find_alias() now returns an aliasinfo * instead of boolean o + add_alias() now takes a value parameter to store in the + aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now + return: 1) positive match 0) negative match (due to '!') + -1) no match This means setting $$ explicitly in all cases, which I + should have done in the first place. It also means that we always + store a value that is != -1 and when we see a '!' we can set + *_matches to !rv if rv != -1. The upshot of all of this is that '!' + now works the way it should in lists and some of the rules are more + uniform and sensible. + [ad8e73b5d581] + + * Makefile.in: + add parse.h dependency + [4ccccd464d30] + + * parse.h: + kill unused *_matched macros + [02cba6dcb732] + + * parse.yacc: + Allow a list of users as the first thing in a user spec, not just a + single entry. This makes things more uniform, though it does allow + you to write user specs that are hard to read. + [3c4c91c508ca] + + * sudo.tab.c: + parse.yacc + [feca81881bb6] + + * configure: + regen + [6f247010bb3b] + + * configure.in: + fix check for crypt() in libufc + [82770736f4b0] + +1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + sudo-users list now exists + [4716d2bb0bbf] + + * INSTALL, PORTING, README, TODO, TROUBLESHOOTING: + Update to reality. + [1eda2d57e42a] + + * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h, + config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h, + version.c, visudo.c: + o Move lock_file() and touch() into fileops.c so visudo can use them + o Visudo now locks the sudoers temp file instead of bailing when the + temp file already exists. This fixes the problem of stale temp files + but it does *require* that you not try to put the temp file in a + world-writable directory. This shoud not be an issue as the temp + file should live in the same dir as sudoers. o Visudo now only + installs the temp file as sudoers if it changed. + [2517cd06c070] + +1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + add fcntl locking + [c304adeaf515] + + * config.h.in, configure, configure.in, logging.c: + Lock the log file. + [d8652704fbdf] + + * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: + o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow + temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP + -> _PATH_SUDOERS_TMP + [68cad8975807] + +1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, check.c, config.h.in, configure, configure.in, version.c: + o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to + root sudo -V config reporting + [cdd2613a9dcf] + + * configure, configure.in: + aix_auth.o not authenticate.o + [d972e35f6730] + + * config.h.in: + Add --with-goodpri and --with-badpri configure options to specify + the syslog priority to use. + [2595ae50ab86] + + * INSTALL, configure, configure.in, logging.h: + Add --with-goodpri and --with-badpri configure options to specify + the syslog priority to use. + [8276ee9b2b49] + + * compat.h: + kill crufty AIX stuff + [a4f35ef9854e] + + * Makefile.in: + Sigh, some versions of make (like Solaris's) don't deal with $< like + I would expect. Both GNU and BSD makes get this right but... So, we + just expand $< inline at the cost of some ugliness. + [b1b456f8801f] + + * version.c: + If the invoking user is root, sudo will now print configure info in + -V mode. Currently just prints logging info, to be expanded later. + [392f7ed99267] + + * logging.c, logging.h, sudo.c, sudo.h: + o new defines for syslog facility and priority o use new + print_version() functino for -V mode + [78abc5142985] + + * check.c: + Don't need version.c + [db9a830ad893] + + * aclocal.m4, config.h.in, configure, configure.in: + Add check for syslog facilities and priorities tables in syslog.h + [b86213e5fc5c] + + * Makefile.in: + o authenticate -> aix_auth o add version.c + [44b6b9a8d0f5] + + * auth/sudo_auth.c: + Missed a prompt -> user_prompt conversion + [e4c60b1f210c] + +1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + sudo should lock its logfile + [6d2830b28b07] + + * parse.yacc, sudo.tab.c: + o Add '!' correctly when expanding Aliases. o Add shortcut macros + for append() to make things more readable. o The separator in + append() is now a string instead of a char. o In append(), only + prepend the separator if the last char is not a '!'. This is a hack + but it greatly simplifies '!' handling. o In -l mode, Runas lists + and NOPASSWD/PASSWD tags are now inherited across entries in a list + (matches current behavior). o Fix formatting in -l mode such that + items in a list are separated by a space. Greatlt improves + readability. o Space for name field in struct aliasinfo is now + allocated dyanically instead of using a (big) buffer. o In + add_alias(), only search the list once (lsearch instead of lfind + + lsearch) + [51f7e07addb9] + + * lex.yy.c, sudo.tab.c, sudo.tab.h: + regen + [5c19bb05dc21] + + * configure, configure.in: + Solais pam doesn't require anye xtra setup + [a25ba03d91d1] + + * parse.yacc: + o Simpler '!' support now that the lexer deals with multiple !'s for + us. o In the case of opFOO, have FOO give a boolean return value and + set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since + it gets fill()'d in parse.lex--fixes a small memory leak. In the + long run it may be better to just fix parse.lex and make ALL back + into a token. However, having it be a string is useful since it can + be easily passed back to the parent rule if we so desire. + [b3c64b443018] + + * parse.lex: + o Remove some unnecessary backslashes o collapse multiple !'s by + using !+ and checking if yyleng is even or odd. this allows us to + simplify ! handling in parse.yacc + [76330e8da8e3] + + * sudo.c: + -u flag was being ignored + [e30283207585] + +1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + correct fix + [a0e2377dec8f] + + * Makefile.in: + work around pod2man stupididy + [7c755640b67f] + + * Makefile.in: + correct dependencies for .cat + [5ed7b0653b68] + + * sudo.cat, sudo.man, visudo.cat, visudo.man: + regen + [b74510dd6a0a] + + * sudo.pod, visudo.pod: + Add copyright Update to reality + [188e9b046c15] + + * parse.c, sudo.c, sudo.h: + rename validate() to the more descriptive sudoers_lookup() + [7a1cb652f379] + + * auth/aix_auth.c: + use tgetpass + [b8ba5daec40a] + +1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updates + [e61460cdf4a0] + + * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING, + configure, configure.in, sudo.c: + Sudo, not CU Sudo + [9061b3573c0c] + + * LICENSE: + add 4th term to license similar to term 5 in the apache license + [92712e895afb] + + * emul/search.h, emul/utime.h: + add 4th term to license similar to term 5 in the apache license + [4f93a8b9396e] + + * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, + auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c, + auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, + auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c, + logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + add 4th term to license similar to term 5 in the apache license + [afae9f2bf9ec] + + * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c, + getspwuid.c, goodpath.c: + add 4th term to license similar to term 5 in the apache license + [969e63dbd38e] + + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: + add 4th term to license similar to term 5 in the apache license + [c389d3fdafac] + + * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in, + insults.h, logging.c, sudo.c, sudo.h: + there was a 1995 release too + [5963fd89457a] + +1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updates + [254b794f16ab] + + * check.c: + Use dirs instead of files for timestamp. This allows tty and non- + tty schemes to coexist reasonably. Note, however, that when you + update a tty ticket, the mtime on the user dir gets updated as well. + [44bfac32f799] + + * configure, configure.in: + Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx" + when linking test program, not just -lprot. Also add check for + getspnam(). The SCO docs indicate that /etc/shadow can be used but + this may be a lie. + [2ba21d36cc1e] + +1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/API: + first cut at auth API description + [3d10df021eb8] + +1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, + auth/secureware.c, auth/securid.c, auth/sudo_auth.c, + auth/sudo_auth.h: + auth API change. There is now an init method that gets run before + the main loop. This allows auth routines to differentiate between + initialization that happens once vs. setup that needs to run each + time through the loop. + [76df1c0d3478] + + * auth/kerb5.c, logging.c: + use easprintf() and evasprintf() + [fd97d96dc12f] + + * alloc.c, sudo.h: + add easprintf() and evasprintf(), error checking versions of + asprintf() and vasprintf() + [f54385de20b7] + + * TODO: + remove 2 items. One done, one won't do. + [64513b47bc7a] + + * lex.yy.c, sudo.tab.c: + regen + [4aa299de2752] + + * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat, + visudo.html, visudo.man: + regen + [553c0d1209be] + + * CHANGES: + new changes + [d7be00b7e36b] + + * sudo.pod: + o Document -K flag and update meaning of -k flag. o BSD-style + copyright o Document clearing of BIND resolver environment variables + o Clarify bit about shared libs o suggest rc files create /tmp/.odus + if your OS gives away files + [4a4092be1455] + + * visudo.pod: + BSD license + [ad0bfd0a4630] + + * version.h: + BSD-style copyright + [ecc6479325be] + + * tgetpass.c: + o BSD copyright o no need to block signals, we now do that in main() + o cosmetic changes + [61958beda7ab] + + * testsudoers.c, visudo.c: + o BSD-style copyright o Use "struct sudo_user" instead of old + globals. o some cometic cleanup + [88c0c6924082] + + * sudo_setenv.c: + BSD-style copyright + [df20290129a0] + + * sudo.h: + o BSD copyright o logging and parser bits moved to their own .h + files o new "struct sudo_user" to encapsulate many of the old + globals. + [50fc86bf25cb] + + * sudo.c: + o no longer contains sudo 1.1/1.2 code o BSD copyright o use new + logging routines o simplified flow of control o BIND resolver + additions to badenv_table + [8c53f15bfcb0] + + * strerror.c: + BSD-style copyright + [7c906c3a82ac] + + * snprintf.c: + Now compiles on more K&R compilers + [07ab1d3231c7] + + * putenv.c: + BSD-style copyright, cosmetic changes + [c42371295881] + + * pathnames.h.in: + BSD-style copyright + [e5c34ebd4cf1] + + * parse.c, parse.h, parse.lex, parse.yacc: + BSD-style copyright. Move parser-specific defines and structs into + parse.h + other cosmetic changes + [d3088efb6228] + + * logging.h: + defines for logging routines + [13147941c02d] + + * find_path.c, getspwuid.c, goodpath.c, interfaces.c: + BSD-style copyright, cosmetic changes + [e8205e91a4fa] + + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.h: + BSD-style copyright + [b9499da7cdce] + + * configure.in: + o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o + kill --disable-tgetpass o add --without-passwd o changes to fill in + AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and + v?asprintf() o replace --with-AuthSRV with --with-fwtk + [9a3f39b9c128] + + * config.h.in: + BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add + HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF, + HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD + [9a09054db53a] + + * compat.h: + BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing. + [25509c566975] + + * alloc.c: + BSD-style copyright + [4967be892363] + + * TROUBLESHOOTING: + no more --with-getpass + [afd5b670c196] + + * TODO: + Take out things I've done... + [375420c8270e] + + * README: + Refer to LICENSE + [c486c8db30f6] + + * PORTING: + --with-getpass no longer exists + [db48202df1bb] + + * Makefile.in: + BSD-style copyright. Update to reflect reality wrt new files and new + auth modules. + [61a2ca7940fb] + + * INSTALL: + Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and + --without-passwd. + [64e8f9e1c05e] + + * HISTORY: + Update history a bit + [df60c0a871b8] + + * COPYING, LICENSE: + Now distributed under a BSD-style license + [d1a184ccabe1] + + * auth/sudo_auth.c: + o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD + options. o skey/opie replaced by rfc1938 code o new struct sudo_user + global + [891b57060868] + + * auth/pam.c, auth/sia.c: + BSD-style copyright and use new log functions + [65c44445ea84] + + * auth/kerb5.c: + o BSD-style copyright o Use new log functiongs o Use asprintf() and + snprintf() where sensible. + [1ff0feaacf95] + + * check.c: + Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now + done more reasonably--better sanity checks and tty-based stamps are + now done as files in a directory with the same name as the invoking + user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible + to mix tty and non-tty based ticket schemes but this may change in + the future (it requires sudo to use a directory instead of a file in + the non-tty case). Also, ``sudo -k'' now sets the ticket back to the + epoch and ``sudo -K'' really deletes the file. That way you don't + get the lecture again just because you killed your ticket in + .logout. BSD-style copyright now. + [ec3460f85be8] + + * logging.c: + o rewritten logging routines. log_error() now takes printf-style + varargs and log_auth() for the return value of validate(). o BSD- + style copyright + [438292025c4e] + + * auth.c, check_sia.c, dce_pwent.c, secureware.c: + superceded by new auth API + [412060590da7] + + * auth/kerb4.c: + BSD-style copyright + [cc4e800833c7] + + * auth/fwtk.c: + Use snprintf() where it makes sense and add a BSD-style copyright + [1b7502388a74] + + * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c, + auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h: + BSD-style copyright + [42583bedae5c] + + * emul/utime.h, utime.c: + BSD-style copyright + [3985c90aba47] + + * emul/search.h: + this has been rewritten so use my BSD-style copyright + [176df1b0de6f] + +1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * snprintf.c: + include malloc.h if no stdlib.h + [7b123f1d1d03] + + * snprintf.c: + KTH snprintf()/asprintf() for systems w/o them + [3ca9aefb9d01] + + * strerror.c: + strerror() for systems w/o it + [7f0bd8a1c1b4] + +1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + stylistic changes + [6f99aceb7170] + + * parse.c, parse.lex, parse.yacc: + Add contribution info in the main comment + [e50cec10acd6] + +1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: + remove missed ref to PAM_nullpw + [a43e59692cdb] + + * auth/sudo_auth.h: + pasto + [891ff138ab89] + + * auth/kerb5.c: + more or less complete now--still untested + [21036732faa0] + + * auth/afs.c, auth/pam.c: + don't use user_name macro, it will go away + [def7cf727349] + + * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h: + combine skey/opie code into rfc1938.c + [44d88ca93d3e] + + * auth/dce.c, auth/sudo_auth.h: + DCE authentication method; basically unchanged from dce_pwent.c + [4d468473dd6f] + + * auth/aix_auth.c, auth/sudo_auth.h: + AIX authenticate() support. Could probably be much better + [000013321a33] + + * auth/sia.c: + Fix an uninitialized variable and some cleanup. Now works (tested) + [fd6ad88ff055] + + * auth/sia.c, auth/sudo_auth.h: + SIA support for digital unix + [5335f3e70eab] + + * auth/pam.c: + don't use prompt global, it will go away + [fadd22dd6ce4] + + * auth/secureware.c: + correct copyright years + [6aa07c49f51b] + + * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c, + auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c, + auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h: + New authentication API and methods + [9debe9b59c79] + +1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.tab.c: + regen + [84578e82c1a6] + + * parse.yacc: + only save an entry if user_matches && host_matches, even if the + stack is empty (fix for previous commit) + [00984b078d8a] + + * sudo.tab.c: + regen + [66acf160b4b7] + + * parse.yacc: + 1) Always save an entry on the stack if it is empty. This fixes the + -l and -v flags that were broken by earlier parser changes. + + 2) In a Runas list, don't negate FALSE -> TRUE since that would make + !foo match any time the user specified a runas user (via -u) other + than foo. + [f322eb54b015] + + * testsudoers.c: + interfaces and num_interfaces are now auto, not extern + [113add5c6518] + +1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth.c: + use a static global to keep stae about empty passwords + [bc02e30807d8] + + * check_sia.c: + make PASSWORD_NOT_CORRECT logging consistent with other modules + [21962549d5fd] + +1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth.c: + PAM prompt code was wrong, looks like we have to kludge it after + all. + [91f246155ead] + + * auth.c: + In the PAM code, when a user hits return at the first password + prompt, exit without a warning just like the normal auth code + [918f59bacdb7] + + * configure, configure.in: + kludge around cross-compiler false positives + [5e5fc8356400] + + * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c: + New (correct) PAM code Tgetpass now takes an echo flag for use with + PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a + useless umask setting Change error from BAD_ALLOCATION -> + BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c + for consistency + [e71397f09dd8] + + * sudo.c: + Some -Wall and kill some trailing spaces + [8229b43d5c4e] + + * configure.in: + define -D__EXTENSIONS__ for solaris so we get crypt() proto + [7533e4436cab] + +1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + add Dynix 4.4.4 + [b69f773efbce] + + * INSTALL, config.h.in, configure, configure.in: + for kerberos V < version, fall back on old kerb4 auth code + [d685ed3a1d8e] + + * INSTALL: + clarify some things + [2f5ba2e8e53a] + + * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod: + typos + [8925a109c093] + +1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + mention why DONT_LEAK_PATH_INFO is not the default + [0346260cb4ec] + +1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + Fix open(2) return value checking, was NULL for fopen, should be -1 + for open + [355878bf6d8a] + + * configure: + regen + [68bf82871862] + + * configure.in: + better wording for solaris pam notice + [04e88c7a6c42] + + * CHANGES: + document recent changes + [7c922c5622ef] + + * TROUBLESHOOTING: + Update shadow password section + [e8448bae7d66] + + * auth.c: + move authentication code from check.c to auth.c + [e9f6ecae2399] + + * Makefile.in, check.c, sudo.h: + move authentication code to auth.c + [124cded85f46] + +1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, check.c, check_sia.c, compat.h, find_path.c, + getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c, + sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c, + visudo.c: + Move interface-related defines to interfaces.h so we don't have to + include <netinet/in.h> everywhere. + [e7599d8ea0bf] + +1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c, + parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: + o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It + turns out the old DES crypt does the right thing with passwords + longert than 8 characters. o Fix common typo (necesary -> necessary) + o Update TODO list + [ad75007a6f13] + +1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + set $LOGNAME when we set $USER + [391596210fd7] + +1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + add comment about digital unix and interfaces.c warning with gcc + [e20f815901cc] + +1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.sudoers: + use modern paths and give examples for some of the new parser + features + [e7b2e507c695] + +1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + fix comment + [5eb0d005a65f] + + * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c, + getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c, + parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + Function names should be flush with the start of the line so they + can be found trivially in an editor and with grep + [3c400abde574] + + * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc, + sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c: + free(3) is already void, no need to cast it + [6981e1ebda0f] + + * logging.c, sudo.c, sudo.h: + catch case where cmnd_safe is not set (this should not be possible) + [3e1e3038546c] + + * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c, + testsudoers.c, visudo.c: + Stash the "safe" path (ie: the one listed in sudoers) to the command + instead of stashing the struct stat. Should be safer. + [aa2883fcf57e] + +1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, Makefile.in, UPGRADE: + notes on updating from an earlier release + [df9fffa4ab2c] + + * CHANGES: + updated + [574f5065d15a] + +1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html, + sudoers.man, sudoers.pod: + You can now specifiy a host list instead of just a host or alias. + Ie: user = host1,host2,ALIAS,!host3 my_command now works. + [e3942bb78021] + + * testsudoers.c: + Quiet -Wall + [a3edc8b08c3a] + + * parse.yacc, sudo.tab.c: + Move the push from the beginning of cmndspec to the end. This means + we no longer have to do a push at the end of privilege, just reset + some values. + [8ea66e5860c6] + + * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod: + runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can + use "!" most everywhere + [aadae4d1c9d5] + +1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + modernize paths and update su example based on sample.sudoers one + [3f6a37e16c83] + + * sample.sudoers: + New runas semantics + [756ee92865b7] + + * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in, + strdup.c, sudo.h: + In estrdup(), do the malloc ourselves so we don't need to rely on + the system strdup(3) which may or may not exist. There is now no + need to provide strdup() for those w/o it. Also, the prototype for + estrdup() was wrong, it returns char * and its param is const. + [5f1f984da8e3] + + * getcwd.c: + $Sudo tag + [e4188a35e68c] + + * check.c: + buf should be prompt; Michael Robokoff <mrobo@networkcs.com> + [2aec87c86cde] + + * CHANGES, TODO, parse.yacc, sudo.tab.c: + It is now possible to use the '!' operator in a runas list as well + as in a Cmnd_Alias, Host_Alias and User_Alias. + [a4fdaabda990] + + * logging.c, sudo.h: + Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM + [73d0376785ae] + + * sudo.h: + Definitions of *_matched were wrong--user top, not top-2 as + subscript. + [5f8350a57362] + + * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c: + Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a + command but the NOPASSWD flag was set. Make runasspec, runaslist, + runasuser, and nopasswd typeless in parse.yacc Add support for '!' + in the runas list Fix double printing of '%' and '+' for groups and + netgroups respectively Add *_matched macros (no need for local stack + variable). Should only be used directly after a pop (since top must + be >= 2). + [392b1400c4e6] + + * aclocal.m4, configure.in: + Add copyright, somewhat silly + [55c2cdd82dca] + +1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c, + compat.h, config.h.in, configure, configure.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, + sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat, + visudo.man: + Crank version to 1.6 and combine copyright statements + [0e1c791658ae] + + * sample.sudoers: + Use ! not ^ to do negation + [1480a0761730] + + * lex.yy.c, sudo.tab.c: + regen + [89ca5a46684b] + + * parse.lex, parse.yacc: + Make runas and NOPASSWD tags persistent across entris in a command + list. Add a PASSWD tag to reverse NOPASSWD. When you override a + runas or *PASSWD tag the value given becomes the new default for the + rest of the command list. + [f1bbb4066542] + +1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, RUNSON: + update for 1.5.9 + [a1ae9d4a7d54] [SUDO_1_5_9] + + * visudo.c: + Shift return value of system(3) by 8 to get real exit value and if + it is not 1 or 0 print the retval along with the error message. + [c1ff50d743fb] + +1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + testsudoers needs LIBOBJS too + [972571b4e4bf] + + * parse.c, parse.yacc, sudo.tab.c: + Fix another parser bug. For a sudoers entry like this: millert + ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls + as root. + [51968e1eb33d] + + * CHANGES: + new change + [271c6110bb62] + + * parse.yacc, sudo.tab.c: + Save entries that match a ! command on the matching stack too + [5afb5107116c] + + * sudo.c: + Make sudo's usage info better when mutually exclusive args are given + and don't rely on argument order to detect this; nick@zeta.org.au + [2422753c88fd] + +1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, Makefile.in, RUNSON: + updates from CU + [b37381e3dafb] + + * Makefile.in: + use gzip + [94a64e52a166] + + * parse.yacc, sudo.tab.c: + Fix off by one error introduced in *alloc changes + [95ede581153a] + + * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c, + check_sia.c, compat.h, config.h.in, configure, configure.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, + sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, + sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod: + ++version + [c6d88f024e37] + + * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c, + interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, + putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c, + sudo_setenv.c, testsudoers.c, utime.c, visudo.c: + Use emalloc/erealloc/estrdup + [44221d97361a] + + * alloc.c: + error checking memory allocation routines + [5f8c1e7bbc71] + + * parse.yacc, sudo.tab.c: + Still not right, this fixes it for real + [ad553b6f5339] + + * parse.yacc, sudo.tab.c: + Fix for previous commit + [4d6f989f9bf2] + + * CHANGES, INSTALL, parse.yacc: + Fix a parser bug that was exposed when mixing different runas specs + and ! commands. For example: millert ALL=(daemon) + /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root + as well as daemon when it should just allow daemon. The problem was + that comma-separated commands in a list shared the same entry on the + matching stack. Now they get their own entry iff there is a full + match. It may be better to just make the runas spec persistent + across all commands in a list like the user and host entries of the + matching stack. However, since that is a fairly major change it + should gets its own minor rev increase. + [c4b939cdcc8e] + +1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, config.h.in: + Simplify PAM code and fix a PAM-related warning on Linux + [2468399523b6] + +1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updates + [29d4a997769c] + + * sample.sudoers: + better su entry + [76d8285a72ba] + + * configure: + regen + [b7450cc6975d] + + * check.c, configure.in: + new pam code that works on solaris, should work on linux too; + aelberg@home.com + [84c16c0ff259] + +1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + more entries + [b6bef8660759] + + * config.h.in: + only include strings.h if there is no string.h + [b66054a32b00] + +1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess: + Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com + [c086d2fe63af] + +1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + shost must be set before log functions are called #ifdef HOST_IN_LOG + [d49a7944358f] + +1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, lex.yy.c, parse.lex: + Fix a bug wrt quoting characters in command args. Stop processing an + arg when you hit a backslash so the quoted-character detection can + catch it. + [2281438d7f41] + +1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru + [31118a9e9916] + +1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + add missing case statement so --without-sendmail works + [ca25614f7dd9] + +1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + more + [4d70e44f7f93] + +1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + only search for -lsun in irix <= 4.x + [e604238317b1] + + * configure, configure.in: + back out last configure.in change now that I've hacked autoconf to + fix the real problem and add a missing newline + [2dabf59a79b5] + + * CHANGES: + updated + [bb35d526552f] + + * getcwd.c: + add def of dirfd() for those without it + [95f0173d8441] + + * configure, configure.in: + When falling back to checking for socket() when linking with + "-lsocket -lnsl" check for main() instead since autoconf has already + cached the results of checking for socket() in -lsocket. This is + really an autoconf bug as it should use the extra libs as part of + the cache variable name. + [a845f8b710ad] + + * configure.in: + typo + [a7d62f62a478] + +1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fix occurrence of $with_timeout that should be + $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni- + bochum.de + [8c4da2cf73d1] + +1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.cat, sudo.html, sudo.man, sudo.pod: + fix grammar; espie@openbsd.org + [7031d9dfbc3e] [SUDO_1_5_8] + +1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.c, testsudoers.c: + add cast for strdup in places it does not have it + [7ce4478d3b0f] + +1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + define for_BSD_TYPES irix + [858337ff4af8] + +1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod: + Make it clear that it is the user's password, not root's, that we + want. + [ae0f51b35ee4] + + * check.c, sudo.h: + If the user enters an empty password and really has no password, + accept the empty password they entered. Perviously, they could enter + anything + *but* an empty password. Also, add GETPASS macro that calls either + tgetpass() or getpass() depending on how sudo was configured. + Problem noted by jdg@maths.qmw.ac.uk + [2fde21ce94c1] + +1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + add explicate copyright + [d3b4449834a5] + + * CHANGES: + mention -lsocket, -lnsl configure changes + [9140af4ad8ae] + +1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Don't clobber errno after calling check_sudoers(). + [59bd581b2654] + +1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + When linking with both -lsocket and -lnsl be sure to do so in that + order. Also, when we can't find socket() or inet_addr() and have to + try linking with both libs, issue a warning. + [0ee547163067] + + * sudo.cat, sudo.man, sudo.pod: + clarify bad timestamp and fmt + [70e42cf56c75] + +1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, RUNSON: + be clear that pam is linux-only and add a RUNSON entry + [7fdeab875e0d] + +1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, INSTALL, configure, configure.in: + fix and correctly document --with-umask; problem noted by + adap@adap.org + [11cd0481d63a] + +1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure, configure.in: + only use /usr/{man,catman}/local to store man pages if suer didn't + override prefix or mandir + [781ad2cbe9be] + + * INSTALL, configure, configure.in: + fix typo, make --with-SecurID take an arg + [026a9b4014fc] + +1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updates from users + [2286982b31e6] + + * CHANGES, INSTALL, check.c, configure, configure.in: + FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET> + [23aa4e5c6b02] + + * configure, configure.in: + better fix for the problem of unresolved symbols in -lnsl or + -lsocket + [82fe70fc287f] + + * configure, configure.in: + when checking for functions in -lnsl and -lsocket link with both of + them to avoid unresolved symbols on some weirdo systems + [1734a591808e] + +1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, CHANGES, RUNSON, TODO: + old changes that didn't make it into RCS before the RCS->CVS switch + [846eb2b8f9aa] + +1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, check.c, check_sia.c, compat.h, config.h.in, + configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c, + getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c, + lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c, + sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c, + visudo.pod: + add sudo tags + [962f81eaa5ab] + + * sudo.h: + testing Sudo tag + [e84cbc521129] + + * version.h: + testing Sudo tag + [a8c3a3998b88] + + * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h, + config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h, + find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c, + logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man, + sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c, + utime.c, version.h, visudo.c, visudo.cat, visudo.man: + crank version and regen files + [23eacf00a1a4] + + * Makefile.in: + kill rcs goop in update_version and fix now that version is a const + [e6e50bd8d1e1] + + * INSTALL, check.c, config.h.in, configure, configure.in, logging.c, + sudo.c, sudo.h, sudo.pod: + kerb5 support from fcusack@iconnet.net + [8134027986e2] + + * realpath.c, sudo_realpath.c: + we no longer use realpath + [0f5f64abc646] + + * qualify.c: + replaced by find_path.c + [9e32a87e09c4] + + * options.h: + all options are now configure flags + [ee6bd9610102] + + * lex.yy.c: + regen + [bdbf8a18161f] + + * getwd.c: + superceded by getcwd.c + [1e54ee0990b4] + + * getpass.c: + superceded by tgetpass.c + [4e0d1edc30e3] + + * SUPPORTED: + superceded by RUNSON + [854c5a21cb53] + + * OPTIONS: + No longer used now that we have configure options for everything. + [9b1ae1c89259] + + * configure: + regen based on configure.in + [3a4d73936973] + + * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html, + sudoers.man, visudo.cat, visudo.html, visudo.man: + regen based on sudo.pod, sudoers.pod, and visudo.pod + [c267beb90778] + +1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fix tty tickets in remove_timestamp (didn't use ':') + [fd964a74a32b] + +1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + close sock when we are done with it + [95de0380f8a4] + +1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + never say "error on line -1" + [361db1491121] + +1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + check for -lnsl before -lsocket + [8e966d6bbcb5] + + * configure.in: + quote '[', ']' used in ranges correctly + [fa4f9c6ff651] + +1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + add missing NO_ROOT_SUDO noted by drno@tsd.edu + [c969f25d1667] + +1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.h: + 1.5.7 + [7a22de0bc148] + + * INSTALL: + more info for 1.5.7 + [30ad9e784799] + + * README: + update for 1.5.7 + [cd03a0a27cd2] + + * parse.yacc: + make increases of cm_list_size and ga_list_size be similar to + increases of stacksize (ie: >= not > in initial compare). + [6bd450a896c7] + + * parse.yacc: + when we get a syntax error, report it for the previous line since + that's generally where the error occurred. + [c4ac84058f0b] + +1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in, configure.in, interfaces.c: + add back check for sys/sockio.h but only use it if SIOCGIFCONF is + not defined + [d197f31fd1e4] [SUDO_1_5_7] + + * config.h.in: + define BSD_COMP for svr4 + [87ac1147ff79] + + * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + more -Wall + [d98e2d32db2a] + + * configure.in: + kill check for sockio,h + [4399779014c1] + + * config.h.in: + no more HAVE_SYS_SOCKIO_H + [67484528e347] + + * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c, + goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex, + parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + -Wall + [2b7e83976788] + +1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + add missing inform_user() + [8689528c6d55] + +1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + return NOT_FOUND if given fully qualified path and it does not exist + previously it would perror(ENOENT) which bypasses the option to not + leak path info + [ccbc3d0130ae] + + * configure.in: + for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for + -ldes + [c77d3b484ece] + +1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + tty tickets are user:tty now + [a53a303a614d] + + * check.c: + when using tty tickets make it user:tty not user.tty as a username + could have a '.' in it + [3160b3f5c890] + +1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + add "ignoring foo found in ." for auth successful case + [24257169e0bd] + +1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + add missing printf param + [8c905124f777] + +1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h: + go back to printing "command not found" unless --disable-path-info + specified. Also, tell user when we ignore '.' in their path and it + would have been used but for --with-ignore-dot. + [066e118c11e4] + + * check.c, sudo.c: + Only one space after a colon, not two, in printf's + [38452f4c8007] + +1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + document setting $USER + [80557fe6aede] + + * check.c: + fix bugs with prompt expansion + [44c4fca5f009] + + * sudo.c: + set $USER for root too + [4b525e1c6269] + +1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * getspwuid.c: + typo + [5107446f43e0] + + * configure.in: + HP-UX's iscomsec is in -lsec, not libc + [03c9f700b795] + + * configure.in: + remove some entries in the OS case statement that did nothing + [ea96e7e0f624] + + * TROUBLESHOOTING: + add "cd" section and flush out syslog section + [5107f7363b78] + + * Makefile.in: + no more sudo-lex.yy.c + [ed50826efbbc] + + * check_sia.c: + add custom prompt support + [6a285cea10b7] + + * testsudoers.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity + [eee31052921e] + + * sudo.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity set $USER if -u specified + [9f3753461f8a] + + * parse.yacc: + kill perror("malloc") since we already have a good error messages + [849459088ac3] + + * parse.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity when checking if %group matches, look up + user in password file so that %groups works in a RunAs spec. + [0489b4ecc59a] + + * logging.c: + kill perror("malloc") since we already have a good error messages + [3191a18b3526] + + * check.c, getspwuid.c, interfaces.c: + kill perror("malloc") since we already have a good error messages + pw_ent -> pw for brevity + [7193fdb38cf9] + +1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + the prompt is expanded before tgetpass is called + [0f408f508041] + + * sudo.h: + tgetpass now has the same args as getpass again + [b6778cd9d79f] + + * getspwuid.c: + add iscomsec, issecure support + [007be7ec7ae7] + + * check.c: + we now expand any %h or %u in the prompt before passing to tgetpass + [f3db8c9ee387] + + * configure.in: + add check for syslog(3) in -lsocket, -lnsl, -linet + [5a96f902ce00] + + * config.h.in: + add HAVE_ISCOMSEC and HAVE_ISSECURE + [f640b0d4cf05] + + * configure.in: + add check for iscomsec in HP-UX + [b28b249040f0] + + * configure.in: + check for issecure if we have getpwanam on SunOS some options are + incompatible with DUNIX SIA check for dispcrypt on DUNIX + [a49d05d9c913] + +1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + add HAVE_DISPCRYPT + [7376d543d8d6] + + * secureware.c: + add back support for non-dispcrypt based checking for older DUNIX + [977b98e936be] + + * INSTALL: + sia changes + [c5387c06e30f] + + * configure.in: + SIA becomes the default on Digital UNIX now havbe --disable-sia to + turn it off... + [3b647558ea13] + + * check.c: + move local includes after system ones + [b2abad4c4aef] + +1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, check_sia.c, sudo.h: + add pass_warn() which prints out INCORRECT_PASSWORD or an insult to + stderr + [547cbf299661] + + * check_sia.c: + fix while loop in sia_attempt_auth() that checks the password. Only + the first iteration was working. + [1886fd1ac831] + +1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4: + don't trust UID_MAX or MAXUID + [2aeddb1654d8] + + * configure.in: + fix two pastos + [c18f0a10b75d] + + * configure.in: + fix typo + [1eb3190ef12d] + + * getspwuid.c, secureware.c: + init crypt_type to INT_MAX since it is legal to be negative in DUNX + 5.0 + [cefbde04822d] + + * configure.in: + for secureware on dunix, use -lsecurity -ldb -laud -lm but check for + -ldb since DUNX < 4.0 lacks it + [e6b11d971068] + +1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, compat.h, config.h.in, configure.in, getspwuid.c, + secureware.c, sudo.c, tgetpass.c: + getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2 + minutes if the shadow files don't exist). + [2f297d095004] + +1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + updated --with-editor blurb + [77d8a3ea7328] + + * TROUBLESHOOTING: + tell how to put sudoers in a different dir + [456cd20eb1d0] + + * configure.in: + add missing quotes around $with_editor + [22881748ab1b] + + * configure.in: + typo in --with-editor bits + [ab6964580681] + + * INSTALL: + I don't expect it to work on Solaris + [1c2fceaaf56e] + + * check.c: + add back security/pam_misc.h + [6ffd30033c1e] + +1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + remove dunix note since configure checks for this now + [e9904512b8e8] + + * configure.in: + add check for broken dunix prot.h (4.0 < 4.0D is bad) + [8a4c1e6aef3b] + + * getspwuid.c, secureware.c, tgetpass.c: + new dunix shadow code, use dispcrypt(3) + [1b936bc7268c] + + * config.h.in: + add HAVE_INITPRIVS + [4369f4c4f914] + + * sudo.c: + call initprivs() if we have it for getprpwuid later on + [11cf5915d826] + + * Makefile.in: + clean pathnames.h too + [5f1df3262613] + + * configure.in: + quote "Sorry, try again." with [] since it has a comma in it set + LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find + getprpwuid() so we can check for bigcrypt, set_auth_parameters, and + initprivs later. + [e226b0a3f250] + + * INSTALL: + update Digital UNIX note about acl.h + [80132b71d73a] + + * INSTALL: + add --with-sia + --without-root-sudo -> --disable-root-sudo some reordering + [198386358818] + + * secureware.c: + add whitespace + [4aadaf1a54b0] + + * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h: + add SIA support + [fa3ddbb9cc51] + + * check_sia.c: + Initial revision + [2968551d40e4] + +1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + when checking for -lsocket, -lnsl, and -linet, check for the + specific functions we need from them. + [8d33e64362a3] + + * config.h.in, sudo.h: + move Syslog_* defs into sudo.h + [03d1774f25c7] + + * Makefile.in, sudo.h: + added check_secureware + [e46e3cbb9a97] + + * configure.in: + finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits + [dbefe1856503] + + * insults.h: + don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets + defined. configure now does that for us + [e4520ea0581f] + + * configure.in: + move some --with options around change a bunch of echo's to + AC_MSG_CHECKING, AC_MSG_RESULT pairs + [ffdf6869fdd7] + + * configure.in: + change $with_foo-bar -> $with_foo_bar kill extra " that caused a + syntax error add some echo verbage + [3278c49bf74b] + +1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + moved SecureWare stuff into secureware.c + [42d3d3ac35dc] + + * secureware.c: + Initial revision + [aa7f72a249cf] + + * INSTALL: + update url to solaris gcc bins + [36a3eb668777] + + * INSTALL: + change option formatter and flesh out someentries + [6fbd1db4a8ad] + + * TROUBLESHOOTING, sudo.pod, visudo.pod: + environmental variable -> environment variable + [6f14d708e32d] + + * BUGS: + everything is now done via configure + [c217858f58ab] + + * README: + prev rev was 1.5.6 + [7b4177103c35] + + * Makefile.in: + passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly + [31c6b0a5e0e2] + + * config.h.in: + SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile + [d406a1ef6d25] + + * Makefile.in: + merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid, + sudoers_mode from configure + [1c509500655a] + + * configure.in: + SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into + the Makefile, not config.h + [d4482f1492fe] + + * INSTALL: + document all --with/--enable options + [22d81b312d7f] + +1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * insults.h: + options.h is no more + [560946a33f7f] + + * config.h.in: + assimilated options.h + [dd8ce74613c1] + + * configure.in: + moved options from options.h to configure + [d39662f71b4e] + + * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod, + sudo_setenv.c, visudo.c: + no more options.h + [43924bf0858d] + + * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING: + remove references to options.h + [ef3474295395] + + * dce_pwent.c, interfaces.c, sudo.c: + kill sys/time.h + [4d833f0034e4] + + * tgetpass.c: + if select return < -1 still prompt for pw + [e0009e5c93a2] + + * options.h: + convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into + configure options + [e60a1e546516] + + * parse.c: + FAST_MATCH is no longer an optino + [c448dbb3464b] + + * check.c: + remove_timestamp() if timestamp is preposterous + [70d9a86c6ecd] + + * options.h: + convert more options to --with/--enable + [34646d9b09dc] + + * INSTALL, aclocal.m4: + logfile -> logpath + [42de502bc637] + + * configure.in: + convert more options into --with and --enable + [92d0898c9844] + + * tgetpass.c: + catch EINTR in select and restart + [f045d2f234d7] + + * logging.c: + sys/errno -> errno + [7f0c5beab6f2] + +1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + UMASK -> SUDO_UMASK. + [48f308661514] + + * check.c, logging.c: + time.h, not sys/time.h + [91de049c79e4] + +1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + MAILER -> _PATH_SENDMAIL + [df65d6896639] + + * INSTALL, configure.in: + no more --with-C2, now it is --disable-shadow + [18bfcab3b9ab] + + * aclocal.m4, check.c, compat.h, config.h.in, configure.in, + getspwuid.c, sudo.c, tgetpass.c: + new shadow password scheme. Always include shadow support if the + platform supports it and the user did not disable it via configure + [2135d93bb4a9] + +1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + --with-getpass -> --{enable,disable}-tgetpass + [451b33fdd4c7] + + * Makefile.in: + pathnames.h -> pathnames.h.in + [b109022eca69] + + * check.c: + fix version string + [761b25c314ea] + + * check.c: + move pam_conv to be static to auth function remove pam_misc.h + (solaris doesn't have one) + [a682e4da987a] + + * aclocal.m4: + _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD + [e6005d0599b5] + + * configure.in: + munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD + [24c0ac2155ef] + + * pathnames.h.in: + convert to pathnames.h.in + [013bddf7f684] + +1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fix typo in sysv4 matching case /. + [2994c4f88cf5] + +1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + pam stuff needs to run as root, not user, for shadow passwords + [d94ff75de503] + +1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, README, configure.in: + updated version + [775adc7de7ac] + + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [5ca599fb6b93] + + * check.c: + user version.h for long message + [47a52ac7e542] + + * check.c: + this is version 1.5.6 + [8451ac79eee2] + +1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + remove errant backslash + [0222a8a650ff] + +1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * options.h, parse.yacc, pathnames.h.in: + fix version string + [fdee73255d64] [SUDO_1_5_6] + + * BUGS, CHANGES, TODO: + updtaed for 1.5.6 + [752443bf7f26] + + * RUNSON: + updated for 1.5.6 + [0f878123fe6a] + +1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + kill unused localhost_mask var copy if name to ifr_tmp after we zero + it + [8e89c364cef2] + +1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + Better description of new vs. old sudoers modes fix some typos + better description of /usr/ucb/cc gotchas on slowaris + [c00b2a6fc1e8] + + * Makefile.in: + add sample.pam + [ec7f6cc19b00] + + * sudo.c: + set NewArgv[0] to user_shell, not basename(user_shell) + [1e907cbc9f7b] + +1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + mention TROUBLESHOOTING more fix some typos + [2c2e6907d4a4] + + * configure.in: + move --enable/--disable to be after --with + [9b30097f76c1] + + * INSTALL: + document --enable/--disable + [c522362e38a8] + + * INSTALL: + document --with-pam + [7e38932c78ac] + +1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + Add message for pam users + [d224f277e3cd] + + * sample.pam: + Initial revision + [3a84d7045f54] + + * config.h.in: + fix HAVE_PAM + [2f0f303ebd88] + + * check.c, config.h.in, configure.in: + pam support, from Gary Calvin <GCalvin@kenwoodusa.com> + [ea3e0a72d707] + +1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + add HOST_IN_LOG and WRAP_LOG + [822c36eeb6a8] + + * logging.c: + add WRAP_LOG and HOST_IN_LOG + [3cf6052bd27e] + + * configure.in: + add --enable-log-host and --enable-log-wrap + [c968cc12b353] + + * aclocal.m4: + use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir + [915fef7e11a1] + +1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + add howmany macro + [9107a057a7c8] + + * tgetpass.c: + include sys/param.h to get howmany macro + [7e908b5e1f32] + +1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c: + add RUNAS_DEFAULT + [1e76398ea3fd] + +1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * fnmatch.c: + bring in stdio.h for NULL + [69c016610cbb] + + * aclocal.m4: + allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh + [15ab2972f8d0] + + * sudo.c: + use HAVE_SET_AUTH_PARAMETERS + [8abfdc8c80f7] + + * config.h.in: + add HAVE_SET_AUTH_PARAMETERS + [673a5ebd5539] + + * configure.in: + add *-*-hiuxmpp* add test for set_auth_parameters() if secureware + [a401f5a7469a] + + * config.sub: + add support for HI-UX/MPP SR220001 02-03 0 SR2201 + [cb657b7acaae] + + * interfaces.c: + initialize previfname + [26a1902f56dc] + + * interfaces.c: + Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have + it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of + kludging it + [fa5c890c313b] + + * configure.in: + typo + [bff579fbe95c] + + * Makefile.in: + don't need special build line for sudo.tab.o + [10c0a0a912e4] + + * Makefile.in: + don't clean sudo.tab.[ch] + [c40d5968efbb] + + * sudo.c: + Sudo should prompt for a password before telling the user that a + command could not be found. + [d718c85a0047] + + * BUGS: + for 1.5.6 + [0cc1fe5b9129] + + * INSTALL, README: + no longer require yacc + [d9096fc5b8b6] + + * Makefile.in: + typo + [70feb1aefbd5] + + * Makefile.in: + y.tab -> sudo.tab include pre-yacc'd parse.yacc + [cc802025fd44] + + * parse.lex: + include sudo.tab.h, not y.tab.h don't break out of command args if + you get a '=' + [728ad26dbda5] + + * insults.h: + fix version , + [242bbce1b2d4] + + * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h: + fix version + [2bb9086fea1e] + + * compat.h: + fix version + [7e634d498ce6] + + * getcwd.c: + getcwd(3) from OpenBSD for those without it. + [6c68d0df8f6c] + + * sudo.h: + HAVE_GETWD -> HAVE_GETCWD + [2ad1e64d60c0] + + * configure.in: + pretend sunos doesn't have getcwd(3) since it opens a pipe to + getpwd! + [677992ba5a6a] + + * parse.c: + use NAMLEN() macro + [8f5685aa3165] + + * fnmatch.c: + remove duplicate include of string.h + [6024f3051ac3] + + * configure.in: + call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + [3d82a9c22cc2] + + * aclocal.m4: + add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T + [53fbc47282f9] + + * config.h.in: + add dev_t and ino_t + [5929bb0c7e1a] + +1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fix OTP_ONLY for opie + [7edcfa78f2ec] + +1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * testsudoers.c, tgetpass.c: + include stdlib.h for malloc proto + [c9f4b99a2fe9] + +1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + make update_version saner + [d522f93ee04a] + + * config.h.in: + add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid() + [c9a2d21dc608] + + * configure.in: + check for waitpid and wait3 or no waitpid + [1f18c3224184] + + * logging.c: + used waitpid or wait3 if we have 'em + [391c3279ee65] + +1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon) + [fbf53b18178f] + +1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + don't need to explicately mention -lsocket -lnsl for sequent + [1898dc055352] + +1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + dynix should not link with -linet + [278a4b9cfe2a] + +1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention that HP-UX doesn't ship with yacc + [bde5147198c0] + +1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + ignore kerberos if we can't get the local realm + [1e311a091a27] + +1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, README, configure.in: + ++version + [499ffc746018] + + * version.h: + ++ + [35ba1ee01bd3] + + * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h, + find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [b4990a513f31] + + * check.c, sudo.h: + fix version + [5710795834e8] + + * getcwd.c: + don't use popen/pclose. Do it inline. + [29e57b0646a4] + + * lsearch.c: + add rcsid + [b2b55c39858d] + + * sudo.c: + typo + [d381ac39ed0f] + + * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in, + sudo.h: + updated version + [462d6e1a2d75] + + * check.c, find_path.c, parse.c, sudo.c, testsudoers.c: + MAX* + 1 -> MAX* + [2c2eeb78d34f] + + * Makefile.in: + getwd.c -> getcwd.c + [7d718c32fc02] + + * config.h.in: + kill HAVE_GETWD + [6ad3d702343f] + + * configure.in: + getcwd, not getwd + [33e5b9841f58] + + * getcwd.c: + use MAX* not MAX* + 1 always run pwd as using getwd() defeats the + purpose + [24e58d340161] + +1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS, options.h: + add STUB_LOAD_INTERFACES + [d747cb23ca83] + + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [0798229312cc] + + * configure.in: + support *-ccur-sysv4 and fix two typos + [24a823ad7cc9] + +1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + don't echo about with_logfile and with_timedir + [31e4a1e2d9ad] + + * INSTALL: + document --with-logfile and --with-timedir + [674f811a40e0] + + * aclocal.m4: + support --with-logfile and --with-timedir + [2fc36b35db12] + + * configure.in: + Add --with-logfile and --with-timedir + [09045bf07e29] + + * sudo.c: + change size computation of NewArgv for UNICOS + [b50df07da3a1] + +1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + treate -*-sysv4* like *-*-svr4 + [471b7ef4dbf2] + +1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fix spacing for --with-authenticate help + [8321cb37c410] + + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [dc1ab97312eb] + + * parse.yacc: + fix off by one error in push macro + [bece59c8c3a9] + +1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + removed bogus alloca hack + [a68dd720462d] + + * check.c: + added AIX 4.x authenticate() support + [12985eb448a0] + + * parse.yacc: + include alloca.h if using bison and not gcc and it exists. fixes an + alloca problem on hpux 10.x + [e3b5c4f26072] + + * INSTALL: + mention --with-authenticate + [78a1c96820e7] + + * configure.in: + added AIX authenticate() support + [c983193ec252] + + * config.h.in: + add HAVE_AUTHENTICATE + [7b0e5f5db5d9] + + * interfaces.c: + dynamically size ifconf buffer + [10afb0e9b2f9] + + * configure.in: + quote '[' and ']' + [8fc38a4defad] + + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [5f66de71ec61] + + * visudo.pod: + add ERRORS section + [3df3edb73cf6] + +1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + add busy stmp file explanation + [6c555d469b6f] + +1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + the name of the cached var that signals whether or not you are cross + compiling changed. It is now ac_cv_prog_cc_cross + [123911c0658c] + +1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention glibc 2.07 is fixed wrt lsearch()\. + [ded758524582] + +1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.sudoers, sudoers.pod: + better example of su but not root su + [b3199610be21] + +1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c, + emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + updated version + [46922b84e86b] + + * Makefile.in: + correct regexp for updating version + [8032728b2a8a] + + * tgetpass.c: + remove bogus flush of stderr spew prompt before turning off echo. + Seems to fix a weird problem where if sudo complained about a bogus + stamp file the user would sometimes not have a chance to enter a + password + [7aa1493cc141] + + * check.c: + fix bogus flush of stderr + [6d047871c5e8] + + * sudo.c: + close fd's <=2 not <=3 and move that chunk of code up + [553e4faac195] + + * configure.in: + support hpux1[0-9] not just hpux10 + [5a34a000ff8a] + +1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + set sudoers_fp to nil after closing + [221a8b4bbf34] + +1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess, config.sub: + updated from autoconf 2.12 + [6fc86a0fc61b] + + * configure.in: + add *-*-svr4 rule + [38f0427f7c9d] + +1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + fix select usage for high fd's (dynamically allocate readfds) + [c2d1f76e0321] + + * check.c: + kill extra whitespace + [d784b6c9c514] + + * sudo.c: + do an initgroups() before running a command, unless the target user + is root. + [4ca561287480] + +1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + tell people to use tabs, not spaces, in syslog.conf + [8ae90a205134] + +1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c, + parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c: + updated version + [4d855ff5de26] + + * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c, + logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c: + updated version + [8e007e178b33] + + * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h: + updated version + [9ddea5c8814d] + + * Makefile.in: + more tweaks to update_version + [047698752855] + + * Makefile.in: + fixed up update_version rule + [47b6fa34b77f] + + * configure.in: + ++version + [c1ca664e30b7] + + * Makefile.in: + removed supe of check.c + [8f340a05296a] + + * INSTALL: + ++version I missed + [a298e6c17491] + + * RUNSON: + updated + [a14f6057bc15] + + * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + updated version + [02231b1a3ab3] + + * CHANGES: + updated for 1.5.5 + [634e5fcaf40b] + + * Makefile.in: + add rules to update version stuff in files so I don't need to do it + by hand + [3620ad60485a] + + * sudo.h: + sudoers_fp is now extern + [88c6e9b9ea84] + + * sudo.c: + in check_sudoers, cache the sudoers file handle in sudoers_fp so we + don't have to open it again in the parse. This may help with weird + solaris problems where EAGAIN sometime occurrs. + [d3c26451ed1d] + + * parse.c: + sudoers file open is now done only in check_sudoers() so we just do + a rewind() instead of an open. May help people on solaris who were + getting EAGAIN. + [c8b8c7722fa5] + +1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention that newer glibc is fixed + [20f06f5d3ef3] + +1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore + _RLD* instead of _RLD_* + [1e22c588d602] + + * parse.c: + typo + [d0b7cb85f08a] + + * parse.c: + fix that bug for real + [5a6eeca6d04b] + + * INSTALL: + document Linux's libc6 brokenness. + [0246c1aa64ee] + + * parse.yacc: + -Wall + [d0e452fb1e2d] + + * RUNSON: + updated + [4949a1bbd0a9] [SUDO_1_5_4] + + * TROUBLESHOOTING: + remind people to HUP syslogd + [590962faa4f0] + + * Makefile.in: + add -O flag to tar + [622d02de339d] + + * RUNSON: + updated + [a72930d6e615] + + * TODO: + updated + [4a51bd458390] + + * sudo.pod: + remove author's email addr. people should mail sudo-bugs + [9b6bbdb3a6d9] + + * INSTALL: + fix version + [246274c6c8af] + + * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c, + find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h, + ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c, + logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [f532ff4ee766] + + * RUNSON: + updated + [62d5c71358b5] + + * INSTALL, Makefile.in: + ++version + [1a7c7628edfc] + + * CHANGES: + updated fort 1.5.4 + [7e4873508c99] + + * check.c: + exit(1) if user enters no passwd + [f382c0e35e4e] + + * BUGS: + ++version + [fab6a867ab67] + + * parse.c: + commands can start with ./* not just /* -- fixes a serious security + hole. + [244d2fe35ee3] + +1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + Don't set the tty variable to NULL when we lack a tty, leave it as + "unknown". + [193b26daba03] + +1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.sudoers: + fix usage of (username) in conjunction with , and ! + [7ae68607f68f] + + * visudo.c: + catch the case where the user is not in the passwd file + [31650258deb0] + + * tgetpass.c: + use fileno(input) + 1 instead of getdtablesize() as the nfds arg to + select(2) + [60ab2d9a9ee8] + + * sudo.c: + define tty global to an initial value to avoid dumping core in + logging functions when passwd file is unavailable. + [77056c7bc908] + + * sudo.c: + do the set_perms(PERM_USER, sudo_mode) after we have gotten the + passwd entry + [1fdb8e579a5a] + + * sudo.pod: + talk about problem of ALL + [1cd1905c9f6f] + +1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + new web location + [d24dc26f6da5] + + * INSTALL: + fdesc bug is fixed in Open/Net BSD + [7d4d81b08ac3] + + * HISTORY: + updates from Nieusma + [3a43769a1b78] + +1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * dce_pwent.c: + move compat.h after the system includes + [5ea43a5968ac] + +1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + save errno from being clobbered by wait(). From Theo + [f2d1c48cd592] + +1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + fix an occurence of setresuid -> setreuid (typo) + [394de35c9b1c] + +1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + check for path to strip + [2b7ef824bd55] + +1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + deal with maxfilelen < 0 case + [f0af095178d7] + + * OPTIONS: + fixed descriptin + [629f60bd4b5f] + +1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + correct error message if mode/owner wrong and not statable by owner + but is statable by root. + [cb631ce2e85e] + +1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.guess, config.sub: + autoconf 2.11 + [f3cbe59e0756] + +1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, RUNSON, TODO: + sudo 1.5.3. + [2be3229b8626] + +1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.h: + command_alias -> generic_alias + [c404ca8c510d] [SUDO_1_5_3] + + * sample.sudoers: + added Runas_Alias example and fixed syntax errors + [c304053f4a8a] + + * OPTIONS, options.h: + updated MAILSUBJECT + [18d1573fcd2a] + + * logging.c: + added %h expansion + [a4bff9b284fd] + + * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex, + parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, + sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h, + visudo.c: + ++version + [211ff20f956f] + + * BUGS, emul/utime.h: + ++version + [cde5376579e3] + + * sudoers.pod: + document Runas_Alias + [b1a58f28fb2c] + + * visudo.pod: + q (uid) -> Q + [d256649a0e6b] + + * visudo.c: + buffer oflow checking q (uit) -> Q if yyparse() fails drop into + whatnow + [1cb183d15626] + + * parse.yacc: + add size params to sprintf + [9228f698921f] + + * parse.lex: + allow trailing space after '\\' but before '\n' + [f51dbbf69fdf] + + * find_path.c: + off by one error in path size check + [a6d75ccd7632] + + * check.c: + sprintf paranoia + [3ffb12d198dd] + +1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + fixed more_aliases + [aab12f2a50af] + + * visudo.c: + now warns if killed by signal ./ + [310c186a0fd7] + +1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + fix Runas_Alias stuff Alias's in runas list now get expanded (but it + is gross) + [45590b83120f] + + * sudo.c: + Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400 + [d53e01c14c58] + + * parse.yacc: + add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS) + [7a4a040aae2d] + + * parse.lex: + Add Runas_Alias and simplify a rule. + [6f794a769a37] + + * parse.yacc: + always store User_Alias's since they can be used inside of a runas + list. Sigh. Really need a Runas_Alias instead. + [3bab058a873e] + +1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + deal with case where there is no sudoers file + [fa38b3bb244d] + +1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + added one + [e61346d06725] + +1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY, testsudoers.c: + developement -> development + [4df55e293941] + + * INSTALL: + added a note + [3845fb83dbc0] + + * RUNSON: + for 1.5.2 + [5489b7298942] + + * CHANGES: + updated + [0741834929e6] + +1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * PORTING: + removed seteuid() notes + [1010a60f281d] [SUDO_1_5_2] + +1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + better seteuid() emulatino + [e807623b662c] + + * configure.in: + added check for seteuid + [8cf9fabc6f4f] + + * config.h.in: + added HAVE_SETEUID + [596db46aa828] + +1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + first stab at sequent support + [b85a7bfcac76] + + * config.h.in: + added HAVE_SYS_SELECT_H + [93ecdd042463] + + * compat.h: + sequent -> _SEQUENT_ + [63a38b6da98c] + + * compat.h: + added seteuid() macro for DYNIX + [695bd63c5ea6] + + * tgetpass.c: + _AIX -> HAVE_SYS_SELECT_H + [b31221211bc2] + +1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c, + parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, visudo.c: + ++version + [8052992fd453] + + * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h, + pathnames.h.in, version.h: + ++version + [f7ad15e1598a] + + * sudo.pod: + added -H and SUDO_PS1 + [bb965241e30c] + + * configure.in: + use SUDO_FUNC_FNMATCH + [6a8350d85fb2] + + * aclocal.m4: + added SUDO_FUNC_FNMATCH + [45b32c91c4ba] + + * sudo.c: + added -H flag + [11ebc6872fd6] + + * sudo.h: + added MODE_RESET_HOME / + [67a7f8bcbbd6] + +1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + mention OPIE + [5723515d5bbd] + + * options.h: + SKEY -> OTP + [c1d268130bc4] + + * configure.in: + added opie support + [123872b41b20] + + * compat.h, config.h.in: + added HAVE_OPIE + [528c71afc1e5] + + * check.c: + added HAVE_OPIE and changed to *_OTP_* + [4c62f5db872a] + + * OPTIONS: + SKEY -> OTP + [bd858e5e9652] + +1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + moved fclose() in skey stuff. + [11f7dc8431a6] + +1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * putenv.c: + index -> strchr remove unnecesary stuff + [af2d05238062] + + * check.c: + now call skeychallenge() to get challenge instead of making one up + ourselves. this way, we get extra goodies in the prompt. + [49b770d98d3a] + +1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + added one + [3f5149357e2a] [SUDO_1_5_1] + + * parse.lex: + allow logins to start with a number (YUCK!) + [7ed7ef324741] + +1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + added soalris 2.5 vs 2.4 note + [16160a251aae] + + * configure.in: + DUNIX doesn't need -lnsl + [be924cc322c3] + + * CHANGES: + *** empty log message *** + [1b2937521981] + + * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c, + getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h, + ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c, + options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c, + strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, + utime.c, version.h, visudo.c: + courtesan + [5f203589bbfe] + + * PORTING, README, RUNSON: + courtesan + [d72517f4937e] + + * INSTALL, Makefile.in, TROUBLESHOOTING: + courtesan + [5c007e3c7a71] + + * visudo.pod: + *** empty log message *** + [37ebe85bd4e1] + + * sudo.pod, visudo.pod: + courtesan + [37f02e2130ea] + +1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * HISTORY: + added courtesan ./ + [b01435226276] + +1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + added $SUDO_PROMPT support + [cb1fa72c093d] + +1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + print long skey challemged to stderr, not stdout + [750fc775b3b2] + +1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated for 1.5.1 + [9b615f393057] + + * emul/utime.h: + ++version + [a94de18deafb] + +1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updated for 1.5.1 + [4092f20ab634] + +1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + use shost, not host for tgetpass + [6061c49ff9be] + + * sudo.pod: + documented %u and %h + [6d2922d29897] + + * OPTIONS: + documented %u and %h + [1a71da13a864] + + * configure.in: + fixed typo + [1230dec2b062] + + * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in, + dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [65ce8eabf77a] + + * BUGS: + ++version + [afecab53aab7] + +1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, configure.in, version.h: + ++version + [fb3ff940d672] + + * sudo.h: + new tgetpass() params + [9eccc5b0f8ae] + + * check.c: + pass use and host to tgetpass + [c56d9d13c401] + + * tgetpass.c: + added %u and %h escapes + [04ae775d3e5d] + + * OPTIONS, check.c, options.h: + added NO_MESSAGE + [3927dad19057] + + * configure.in: + added cray (unicos) support + [1122210c5fb1] + +1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS, options.h, sudo.c: + added SHELL_SETS_HOME + [0b26909b0929] + +1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + added note about "make install" + [7e56ea76d4b4] + + * parse.yacc: + changed length/size params from int to size_t + [5654e5ceb1b3] + + * OPTIONS: + now get CSOPS insults as well by default + [297323d0179a] + + * insults.h: + use csops insults too by default + [07fafc136169] + + * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h: + version = 1.5 + [4b8772b11e3b] + + * sudo.c: + added runas_homedir + [b0e0d4417a15] + + * TODO: + updated for 1.5 + [66259df825d5] + + * RUNSON: + updated for 1.5 + [e08bc9ebfe95] + + * CHANGES: + 1.5 release + [8c16942fea41] + + * INSTALL: + added "upgrading" notes + [210d968964ff] + +1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + now do chmod and chown after edit of temp file and before rename + [de174e34faa7] [SUDO_1_5_0] + +1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + ++version added INSTALL.configure + [c9e9214f52ae] + + * configure.in, version.h: + ++version + [5985abed3eb2] + + * TROUBLESHOOTING: + *** empty log message *** + [d65c540ec52e] + + * parse.yacc: + added missing cast + [e7247319a7d5] + + * sudo.c: + sets $HOME to pw_dir of runas user + [d3f7f4d05752] + + * sudo.pod: + document $HOME change + [854454d458c4] + +1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + fixed up some wording + [b0c8582f2c97] + + * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c, + interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c, + strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + ++version + [748be723fd8b] + + * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, options.h, pathnames.h.in, sudo.h: + ++version + [acdf8b1b2a1b] + + * emul/utime.h: + ++version + [b3f35298ab8d] + + * sudo.h: + name nad type changes + [db24ab3da141] + + * testsudoers.c: + now works with new sudo + [379346c42cc2] + + * parse.yacc: + fixed some XXX + [f5fe4c990052] + + * parse.yacc: + some variable name changes + comment headers for functions. + [3dc3bd9aa73d] + + * tgetpass.c: + added extra paren's to make compilers happy + [9e4968a34d56] + + * sudo.c: + *** empty log message *** + [70c924c1ed69] + + * parse.c: + now uses init_parser() if not in sudoers and tries "list" or + "validate" scold but don't be nasty. + [c0d8fb3f8c9e] + + * TROUBLESHOOTING: + now can use upper case login names + [c772fffcefe5] + + * visudo.c: + now uses init_parser() + [b9efae7243fd] + + * INSTALL, README: + updated + [27dc8283fdc8] + + * PORTING: + added info about PASSWORD_TIMEOUT + [980e15d892f8] + + * INSTALL.configure: + Initial revision + [8292e89a08d3] + + * BUGS: + fixed a bug , + [c6e46f5624f9] + + * parse.yacc: + now dynamically allocates memory for the stacks -- no more + overflows! + [8615c35b6ad3] + + * sudo.pod: + -l now explands command aliases + [39f45605935d] + + * parse.yacc: + hacks to expand command aliases for `sudo -l' + [e4eb752608f9] + + * sudo.c: + remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash) + [01327ca5084b] + + * sudo.h: + added struct command_alias + [dd2f32764082] + + * sudo.pod: + fixed a bug + [e708ff08d2eb] + + * lsearch.c: + in compar() key should be first arg + [fc14c3fa62ee] + +1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS: + fixed some bugs + [639dfe425bd5] + + * parse.yacc: + can now deal with upcase HOST and USER names + [c6aa7bcfb00d] + + * sudo.c: + don't yell too loudly at non-sudoers if they do "sudo -l" + [4ef146128d89] + + * sudo.pod: + fixed thinko + [830f2f0f22e7] + + * parse.c: + fix comment + [d20ce9e17ddc] + +1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c, parse.yacc: + added support for new `sudo -l' stuff + [7dceaef3c733] + + * sudo.c: + now uses list_matches() + [293364821b61] + + * sudo.h: + added struct sudo_match + [b2684179d179] + + * configure.in: + now more -lgnumalloc + [4f8ae42617d8] + +1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + added more paths for chown and whoami + [6e685a19426c] + +1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + typo + [3adfa01c04bc] + +1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4: + fixed DUNIX check for shadow pw + [c25324bcd27b] + + * tgetpass.c: + now only turn off echo if it is already on. this fixes a race when + you use sudo in a pipelin + [28388c2de21c] + + * INSTALL: + updated + [b45ac9366b7e] + + * configure.in: + changed "test -z $foo && do_this" to if; then construct + [2183c4426bca] + +1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added missing defines of SHADOW_TYPE + [be89ea68a7f3] + +1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are + only in dunix 4.x + [1e7c1c677263] + + * getspwuid.c: + added AUTH_CRYPT_C1CRYPT support + [88d6b0058b20] + + * parse.c: + no longer return VALIDATE_NOT_OK if there was a runas that didn't + match. Now we can have runas stuff on more than one line. + [52b68920d7b7] + + * getspwuid.c, sudo.c, tgetpass.c: + use SHADOW_TYPE instead of HAVE_C2_SECURITY + [cf401dfcbc06] + + * configure.in: + got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to + something + [c7a233c4dd93] + + * config.h.in: + removed HAVE_C2_SECURITY added SPW_BSD + [8314405e9754] + + * compat.h: + use SHADOW_TYPE instead of HAVE_C2_SECURITY + [6f94870df17f] + + * check.c: + SHADOW_TYPE is always defined so just against its value + [72c69a55d02f] + + * aclocal.m4: + added SUDO_CHECK_SHADOW_DUNIX + [ef025ae9d496] + +1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + * -> ?* in one example added another instance of (runas) and one of + NOPASSWD: + [d74fe1dcbe7d] + +1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added back check for config.cache from other host type + [0ba87871f585] + + * parse.lex: + removed an instance of \" + [1e008d3709f6] + + * sample.sudoers: + added an example + [dbfcf68ee330] + + * sudoers.pod: + updated wrt new wildcard matching + [193fa44a475b] + + * configure.in: + new check for shadow passwords if we don't know anything + [67465df7dc9a] + + * aclocal.m4: + new SUDO_CHECK_SHADOW_GENERIC + [3563b16a41b8] + + * configure.in: + added back check for -lsocket (oops) + [a80882ee1cb6] + + * configure.in: + better (working) check for shadow passwd type if we know to use C2. + [3cdd2a59a641] + + * configure.in: + now uses AC_CANONICAL_HOST to figure out os type + [80db7fe6e704] + + * Makefile.in: + added config.{guess,sub} + [c6be7e3ca384] + + * aclocal.m4: + removed unused stuff to figure out os type + [c9a0f3b57123] + + * config.sub: + added openbsd + [bfc6bfec3668] + + * config.sub: + Initial revision + [e6e06ce0d17d] + + * config.guess: + Initial revision + [99dd06f79199] + + * testsudoers.c: + don't call fnmatch() with FNM_PATHNAME flag unless it can only be a + pathname. need to check against sudoers_args even if user_args is + nil + [66e6cf77f5d6] + + * parse.c: + don't call fnmatch() with FNM_PATHNAME flag unless it can only be a + pathname need to check against sudoers_args even if user_args is nil + [74374df17311] + +1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2 + [cbb00261c415] + + * testsudoers.c: + now takes command line args and uses cmnd_args + [f0c2fd35a527] + + * parse.lex: + fill_args was adding an extra leading space + [692fc999b2e8] + +1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + fixed dummy command_matches() + [93d9543db6e2] + + * parse.yacc: + fixed prototype + [7b0addfbd429] + + * sudo.h: + added cmnd_args + [8f47c4ae65ef] + + * parse.yacc: + now uses flat args string + [016e65877da3] + + * parse.c, parse.lex: + now uses flat arg string + [5b5f2e3f4c09] + + * visudo.c: + added cmnd_args def + [876867134775] + + * sudo.c: + now sets cmnd_args global + [e6fee70cb59b] + + * logging.c: + cmnd_args is now exported from sudo.[ch] + [7a9cd36e356f] + +1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + can't rely on cmnd_matches as much as I thought -- added some $$ + stuff back in to prevent namespace pollution problems. + [3c45fedb5af3] + + * parse.yacc: + Simplified parse rules wrt runas and NOPASSWD (more consistent). + [e6d838c8a4c7] + +1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + NOPASSWD may now have blanks before the ':' '(' only starts a + 'runas' if in the initial state to avoid collision with command args + [c5c01172f499] + + * configure.in: + added checks for specific shadow passwd schemes + [b7e3d1f7b84f] + + * aclocal.m4: + added routines to check for specific shadow passwd types + [e5e1d19960a6] + +1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added support for ncr boxen + [bea9dc5aae7f] + + * aclocal.m4: + added support for detecting ncr boxen + [8653a158a924] + +1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added sinix support + [5de2b2173ee1] + +1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + added info about "config.cache from other other" error. + [845b10198e0b] + + * aclocal.m4: + now makes sure you don't have a config.cache file from another OS + [4fe32571c021] + + * configure.in: + now sets $LIBS when needed to configure links with libs when doing + tests hpux10 now uses SPW_SECUREWARE for C2 added check for + bigcrypt(3) if SPW_SECUREWARE + [2df6b8ca538f] + + * getspwuid.c: + fixed typo + [fe1cb1d792d6] + + * tgetpass.c: + now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH + [f71138372c07] + + * getspwuid.c: + no more SPW_HPUX10 + [cfdeb18bc16b] + + * config.h.in: + no more SPW_HPUX10 added HAVE_BIGCRYPT + [00d296479a61] + + * compat.h: + now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE + [6c6d9e680417] + + * check.c: + SPW_SECUREWARE now uses bigcrypt + [be71fc66690f] + +1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.sudoers: + fixed 2 syntax errors + [45eee19ef4ac] + + * sudoers: + root may now run ALL as ALL + [1b54c6b9b212] + +1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + fixed a typo/thinko that broke BSD's with sa_len + [603438360126] + +1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, configure.in: + updated AFS support + [e572eb8d177a] + + * TROUBLESHOOTING: + added entry about /usr/ucb/cc + [025b353aa9d3] + + * INSTALL: + prep no longer holds gcc binaries + [8b0942958049] + + * INSTALL: + updated AFS note + [7af6efd5abe4] + + * Makefile.in: + added @AFS_LIBS@ + [97b6fe6ad7d6] + + * compat.h: + AFS allows long passwords + [5fb17122c302] + + * testsudoers.c: + fixed -u user support + [b1a0c1648639] + + * parse.c: + sudo -v now groks VALIDATE_OK_NOPASS + [74fc03fffe7e] + + * parse.yacc: + fixed no_passwd vs. runas_matched + [549a9b791a6a] + + * TROUBLESHOOTING: + took out stuff about NFS-mounting since it is no longer an issue + [d95ab7fbbc61] + + * INSTALL: + added --with-libraries > --with-libpath --with-incpath + [d5d15a7a0f4c] + + * parse.yacc: + was setting runas_matches to -1 in wrong place + [db2b1deb8d33] + + * check.c: + removed usersec.h which is not present in new AFS versions + [618b016dd17f] + + * tgetpass.c: + now deals with timeout <= 0 + [ba53a1257255] + + * OPTIONS: + updated + [75093bd8fdca] + + * configure.in: + BSD/OS >= 2.0 now uses shlicc instead of just gcc + [ff6dbf7825c2] + + * sudo.c: + fixed backwards compatibility with sudo 1.4 sudoers mode for root + readable/writable filesystems + [2694ed627221] + + * Makefile.in: + now gives INSTALL -c flag + [63db055a2fd1] + + * parse.yacc: + slightly simpler initialization of no_passwd and runas_matches + [463a1b5fa323] + + * testsudoers.c: + added -u username support + [38b072fcd6b3] + + * configure.in: + improved --with-libraries support + [047dbc5f0af2] + +1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added --with-incpath, --with-libpath, --with-libraries + [20f20d6c718c] + + * parse.yacc: + now initializes some fields that weren't getting set to -1 pretty + gross -- need a rewrite. + [021c160390c6] + +1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * alloca.c: + removed emacs'isms + [9d4ec2efe057] + + * configure.in: + no longer add -lPW to *_LIBS since we include alloca.c + [a626d1bbea80] + + * config.h.in: + added HAVE_ALLOCA_H + [15491e2a6cff] + + * Makefile.in: + added alloca.c + [0400f25e1fe4] + + * alloca.c: + Initial revision + [06d033aa4882] + + * configure.in: + ++version + [f52c0fb98f90] + +1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is + not always set to a valid uid. + [c2669f77704d] + + * OPTIONS: + fixed entry for SUDO_MODE + [d7272f6035b8] + + * sudo.c: + Fixed NFS-mounted sudoers file under solaris both uid *and* gid were + being set to -2. Now beat NFS to the punch and set uid to "nobody" + ourselves, preserving group 0 to read sudoers. + [b1fbc5dd1e34] + + * parse.c: + moved set_perms(PERM_ROOT) to be before yyparse() + [7619d8080735] + + * logging.c: + fixed a typo + [318acc48cde0] + + * configure.in: + no longer need AC_PROG_INSTALL + [de01b1336dc8] + + * Makefile.in: + always use install-sh to avoid install(1)'s that use get{pw,gr}nam + [ea2351986406] + + * INSTALL: + make clean -> make distclean + [704a98e8ba10] + +1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + removed some unnecsary if's + [f00db6508132] + + * Makefile.in, version.h: + ++version + [bdb6740b24c8] + + * parse.c, testsudoers.c: + now includes netgroup.h + [93f5a06352bc] + + * interfaces.c: + removed cats of ioctl to int since they didn't shut up -Wall + [83e9f912cd7a] + + * interfaces.c: + explicately cast ioctl() to int since it it not always declared + [2ff9294e469e] + + * sudo.h: + added declarations for yyparse() and yylex() + [6071321ab771] + + * parse.yacc: + fixed an occurence of '==' -> '=' + [2c46d2e11d57] + + * config.h.in, configure.in: + added check for netgroup.h + [73403050f4e3] + + * sudo.c: + fixed 2 compiler warnings + [680929b0bd97] + + * sudo.c: + SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being + initialized + [18707ecd07c2] + +1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod: + fixed a typo + [e4b5c12aa130] + +1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + fixed a formatting thingie + [c79327b6f19b] + + * parse.c, parse.yacc: + fixed -u support with multiple user lists on a line + [e4d1066adca2] + + * configure.in: + unixware needs -lgen + [b5bf9bca63cc] + + * README: + updated ftp location + [b25a033f7921] + + * sudoers.pod: + add net_addr/netmask support + [674e83516d1e] + + * sample.sudoers: + added net_addr/mask example + [774878e89b28] + + * parse.c, parse.lex: + added support for net_addr/netmask + [e33de27325d8] + +1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + ^ -> ! + [1a084950d6ef] + +1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updated for 1.4.3 + [c82019025d09] + + * CHANGES: + udpated for 1.4.3 + [ceaa81adb8f0] + + * BUGS, TODO, TROUBLESHOOTING: + updated + [ff94fae4b853] + + * sample.sudoers: + updated with examples of new stuff + [99d0b4cb4c9c] + + * INSTALL, README: + ++version + [b763b80fe836] + + * sudoers.pod: + updated wrt -u and NOPASSWD + [0b5b722ea0f4] + + * sudo.pod: + updated wrt -u and CAVEATS + [71d5d53b5d18] + +1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + fixed usage() + [114c7d09b550] + + * parse.lex: + now use :foo: character classes (makes no diff for generated lexer) + [7b0aeb737a02] + +1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fixed LONG_SKEY_PROMPT stuff + [0efe78b4bdda] + +1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + fixed a comment + [3d289017104b] + + * lsearch.c: + make more like NetBSD one -- now compiles w/o warnings + [932206296a54] + + * emul/search.h: + fixed decls of lsearch() + [c58cf4584c45] + + * config.h.in, configure.in, getspwuid.c: + added SPW_HPUX10 + [d74e5eaa5f17] + + * check.c: + hpux 10 uses bigcrypt() if C2 + [359eb63f4021] + +1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + now always uses fnmatch to match args + [a9d91f35256a] + + * tgetpass.c: + back to using stdio instead of raw i/o since that caused some + problems + [e7ce2bc92974] + +1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now give usage warning if use -l,-v,-k with args + [6b48180c4fea] + +1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + NewArgc is now set to 1 for -l, -v, -k + [7497cb1416a8] + + * sudo.c: + now sets sudoers to correct group if mode is 0400 + [484c43d99718] + + * install-sh: + updated to version used by inn and bind + [28683ad8725a] + + * configure.in: + now uses -lgnumalloc if it exists + [3651ca4415a2] + + * Makefile.in: + "make install" now sets uid/gid and mode on sudoers if it exists + [1f5216191ae9] + + * sudo.c: + rmeoved debugging statements + [aeda278e2c26] + + * parse.yacc: + added a missing free() + [592c9482a159] + + * sudo.c: + now uses user_gid instead of getegid (which was wrong anyway) to set + SUDO_GID Now sets command line args in SUDO_COMMAND envariabled + (logging.c depends on args being in the environment) + [9f5328a3b942] + + * logging.c: + now uses SUDO_COMMAND envariable to get command args rather than + building it up again. + [7f8edc5bccb7] + + * parse.c: + now uses user_gid + [4b9303ae45fe] + + * sudo.c: + fixed off by one error in allocation NewArgv + [921ea1a4e7c6] + + * parse.c: + in sudoers, 'command ""' now means command with no args + [a5273648ace2] + + * configure.in: + added check for fnmatch(3) and fnmatch.h + [258916a7866f] + + * config.h.in: + added HAVE_FNMATCH + [b9860d361e93] + + * Makefile.in: + replaced wildcat.* with fnmatch.* + [03ad9ee21a1c] + + * testsudoers.c: + now uses fnmatch() + [5a7f7de987a9] + +1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + now uses fnmatch() instead of wildmat a trailing star (*) by itself + now matches multiple args added support for wildcards in the + pathname in sudoers + [1f7fb950b868] + +1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * fnmatch.c: + now includes compat.h and config.h + [090206b95cf8] + + * config.h.in: + added HAVE_FNMATCH_H + [90eb42150173] + + * configure.in: + now checks for alloca() (if needed by bison or dce) and links with + -lPW if it contains alloca() and libv and compiler do not. + [cfa2b3cef49a] + + * emul/fnmatch.h, fnmatch.3, fnmatch.c: + Initial revision + [20b1f762a32a] + +1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now fixes mode on sudoers if set to 0400 to aid in upgrade + [d4bdfd521820] + +1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + fixed pod2man usage + [5adf2ec77b27] + + * Makefile.in, configure.in, version.h: + ++version + [b4029de876d0] + + * testsudoers.c, visudo.c: + runas_user is now initialized to "root" + [8537d97bff39] + + * sudo.h: + removed PERM_FULL_ROOT + [241f8bbf647f] + + * sudo.c: + runas_user defaults to "root" so no more need to PERM_RUNAS + [fc0c0dfc72ba] + + * parse.c: + will now only running commands as root if there was no runas list + (or if root is in the runas list) + [40c587666c81] + + * logging.c: + now logs "USER=%s" + [b733504c87fd] + + * parse.yacc: + runas_matches is now set to false if we get a negative match + [5495b150b300] + + * parse.lex: + make #uid work + some minor cleanup + [07851bbce03a] + + * sample.sudoers: + added support for NOPASSWD and "runas" from garp@opustel.com / + [7a9c67b51fa5] + + * visudo.c: + added support for "runas" from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for + SUDOERS_MODE + [e714209b9885] + + * testsudoers.c: + added support for "runas" from garp@opustel.com + [b837f856da10] + + * sudo.h: + added support for NO_PASSWD and runas from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro + SUDOERS_MODE + [cea6f26679b7] + + * sudo.c: + added support for NO_PASSWD and runas from garp@opustel.com replaced + SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro + SUDOERS_MODE + [61b5434237c5] + + * parse.yacc: + added support for NO_PASSWD and runas from garp@opustel.com + [72ebd3056f22] + + * parse.c, parse.lex: + added support for NO_PASSWD and runas from garp@opustel.com + [fef6dbdd114d] + + * logging.c: + added support for SUDOERS_WRONG_MODE and "runas" + [e794efc2b443] + + * configure.in: + added --with-CC only link with -lshadow on linux (with shadow pw) if + libc lacks getspnam() + [3ecf4ae21002] + + * OPTIONS, options.h: + removed NO_PASSWD since it is not possible to do this in the sudoers + file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and + SUDOERS_GID. Added SUDOERS_MODE. + [2eaa4891ef48] + + * Makefile.in: + now uses SUDOERS_UID and SUDOERS_GID + [8d615f0fdb2a] + +1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + added --with-CC + [a1b8286a81b8] + +1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + added double quote support + [a5e4fc7e3a2b] + + * sudoers.pod: + documented double quoting + [c6ea47969a44] + +1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * mkinstalldirs: + Initial revision + [dcb86d65ad8f] + + * check.c: + fixed some indentation + [4d1c5ab8072b] + + * Makefile.in: + fixed a typo + [0d27eebc7227] + + * Makefile.in: + added install-dirs . + [f499b99b8be7] + +1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * dce_pwent.c: + new version from "Jeff A. Earickson" <jaearick@colby.edu> + [422481be5fbd] + +1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + $CSOPS -> $with_csops (whoops, missed one) + [b04c6948130e] + + * BUGS: + updated + [c4d5713e227d] + + * parse.lex: + FQHOST now has same constraints as non-FQHOST + [e1c3bf2381d1] + + * INSTALL: + added note about OS's w/ shadow passwords turned on by default + [166257f43be4] + +1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fixed a typo + [e5c3e2e9a359] + + * configure.in: + added support for --without-THING sanitized shadow pw situtation by + adding support for + --without-C2 + [65dc6bf64cce] + + * tgetpass.c: + fixed a typo wrt placement of an end paren + [a8780f818231] + + * check.c: + was closing an fd that may not have been opened + [760271c7bdc9] + +1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS, options.h, sudo.c: + added NO_PASSWD + [28ff1dc93d7a] + +1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now always use shadow pw on some arches + [069161ccffda] + +1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added pyramid support + [a0eb57a3a531] + + * configure.in: + no longer check for C2 if alternate passwd method is used no longer + check for some libs twice + [2d0c3c902b40] + + * parse.yacc: + moved fqdn stuff into parse.lex (FQHOST) + [d9c9abd481d8] + + * parse.lex: + added FQHOST rules + [4a1695acff6d] + + * tgetpass.c: + now define TCSASOFT in necesary + [3fac2e21c9ab] + + * tgetpass.c: + now uses read/write instead of stdio string goop to avoid problems + with select(2) + [67fd174e518c] + + * OPTIONS, find_path.c, options.h: + -DNO_DOT_PATH -> -DIGNORE_DOT_PATH + [d05ba5100d28] + +1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + added note about no shadow auto-detect if using alternate auth + schemes + [b425592232a3] + + * configure.in: + don't check for C2 if AFS or DCE (unless they said --with-C2) + [61342962171a] + + * testsudoers.c: + now groks shost + [85dda17303f6] + + * OPTIONS, find_path.c, options.h: + added NO_DOT_PATH + [c261ca1fb196] + +1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + checkdot now works correctly + [3bc4835bb3e9] + +1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + can't have DCE and C2 passwords both... + [fb9a8ab7ca66] + +1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc, sudo.c, sudo.h, visudo.c: + now uses shost even if not FQDN + [87f7498b3a1f] + + * configure.in: + now looks for skey in /usr/lib and doesn't require libskey to be in + /usr/local/lib just because skey.h is (for my netbsd box :-) + [ceb1763e37d2] + + * aclocal.m4, config.h.in, pathnames.h.in: + _SUDO_PATH_ -> _CONFIG_PATH_ + [84d97ad13d75] + + * aclocal.m4, sudo.pod: + /var/run/.odus -> /var/run/sudo + [922da220b8f5] + + * pathnames.h.in: + now uses _SUDO_PATH_TIMEDIR + [5ecab0155fdf] + + * OPTIONS: + udpated FQDN + [361b6f7440c0] + + * aclocal.m4, configure.in: + added SUDO_TIMEDIR + [368c95c8c950] + + * config.h.in: + added _SUDO_PATH_TIMEDIR + [3879864d808c] + + * sudo.pod: + updated wrt /var/run/sudo + [9e14f2a429d3] + + * sudo.c, sudo.h: + added support for shost if FQDN + [51a3f51a09a1] + + * parse.yacc, visudo.c: + now uses shost if FQDN + [d19da2e92b42] + + * check.c: + Now use skeylookup() instead off skeychallenge() + [4c7438bb2ae0] + +1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + mail_argv should not contain ALERTMAIL as it includes "-t" + [67ffaaa8f843] + +1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, Makefile.in, README, configure.in, version.h: + ++version + [e08fd4a809fc] + + * compat.h: + added more _PASSWD_LEN stuff -- now uses PASS_MAX too + [2f20c3153689] + + * tgetpass.c: + now includes limits.h moved _PASSWD_LEN -> compat.h + [b1ca3cafdacc] + +1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL, README: + ++version + [3eacf32803f5] + + * Makefile.in: + ++versoin + [3b91c317630a] + + * Makefile.in: + fixed a typo + [3661ac4a7803] + + * configure.in: + ++version + [60e842973745] + +1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updated + [def2c3c24195] + + * CHANGES: + done for 1.4.1 (I hope) + [2ab543769a40] + + * sudoers.pod: + added info on wildcards + [ce3bd41bc063] + + * sample.sudoers: + added wildcard example + [762feb0577bd] + + * Makefile.in: + now uses *.pod to build *.man and *.cat & *.html + [3ec14962028b] + + * configure.in: + addedSUDO_PROG_BSHELL !ll + [3c80b320bf16] + + * visudo.pod: + fixed up some formatting + [12166c434526] + + * sudoers.pod: + redid section describing sample sudoers stuff + [b8065cceec71] + + * sudo.pod: + fixed some formatting + [aa9a681add0f] + + * getspwuid.c: + now treats "" as bourne shell + [30194a72ad56] + + * Makefile.in: + TESTOBJS nwo includes wildmat.o + [86cc6500f84d] + + * testsudoers.c: + now works with NewArg[cv] + [2f72674ce942] + + * sudo.c: + removed an XXX (fixed it in getspwuid.c) + [e791ee0d1a68] + + * aclocal.m4: + added check for bourne shell + [a2fd51676b8a] + + * pathnames.h.in: + added _PATH_BSHELL + [e7c10011d47b] + + * config.h.in: + added _SUDO_PATH_BSHELL + [6a1182898de9] + +1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + unixware vi returns 256 instead of 0 + [234ffc7c6786] + + * INSTALL: + added Linux note + [5f85efcd2b58] + + * logging.c: + fixed up some XXX's. file log format now looks a little more like + real syslog(3) format. + [6df55707bfc3] + + * README, TROUBLESHOOTING: + updated wrt lex/flex + [eb787d69156b] + + * Makefile.in: + commented out rule to build lex.yy.c from parse.lex since we ship + with a pre-flex'd parser + [7507e2ce4a95] + + * parse.c, parse.yacc, visudo.c: + path_matches -> command_matches + [0bd469424f86] + + * logging.c: + eliminated some strcat()'s + [9878a79bc374] + + * configure.in: + no longer checks for lex/flex (now assumes flex) + [a086ccc73798] + + * configure.in: + now checks for $kerb_dir_candidate/krb.h instead of just + kerb_dir_candidate + [9133bc3c5208] + +1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + now use a 'hook' expression instead of an iffy one :-) + [9560df01b8c0] + +1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + now works with new sudo arg stuff + [310a0d43ddad] + + * parse.yacc: + fixed dereferencing deadbeef + [474ef8a8006b] + + * sudo.c: + changed an occurrence of Argv to NewArgv + [205b012b7691] + + * parse.lex: + took out support for quoted commands since there is no need... + [5c5036d353b1] + + * parse.c: + fixed a typo in a for() loop + [7e8d5283c43b] + + * logging.c: + protected against dereferencing rogue pointers + [56debd517717] + + * sudo.c: + now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this + also allows us to eliminate some kludges in parse_args() and + eliminate superfluous code. + [5122f66ad150] + + * logging.c: + no longer uses cmnd_args, now uses NewArgv instead. + [abddd23cf068] + + * sudo.h: + added struct sudo_command, NewArgc, and NewArgv removed cmnd_args + (no longer used) + [78410984fb05] + + * Makefile.in: + added wildmat.c to SRCS & SUDOBJS + [3800efb41794] + + * parse.yacc: + COMMAND is now a struct containing the path and args + [5c32822c5b94] + + * parse.lex: + replaced append() with fill_cmnd() and fill_args. command args from + a sudoers entry are now stored in an arrary for easy matching. + [a981d7f4eb0d] + + * parse.c: + command line args from sudoers file are now in an array like ones + passed in from the command line + [1d9e37e84519] + +1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + wildwat stuff now works + [49d16488531f] + +1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.h: + ++version + [53e55463ef89] + + * Makefile.in: + ++version added wildmat.* + [0508297a4711] + +1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + added support for quoted commands (w/ or w/o args) + [b9a637155673] + +1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.pod, visudo.pod: + cleaned up formatting + [4591d4195437] + + * sudo.pod, visudo.pod: + Initial revision + [7564a8242750] + +1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudoers.pod: + looks reasonable, could be mroe readable + [a5be2d19d9e0] + + * sudoers.pod: + Initial revision + [957888be31a6] + +1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updated + [633743aa924b] + + * OPTIONS: + updated NO_ROOT_SUDO entry + [f1c15b1dec9e] + +1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + *** empty log message *** + [5b63de579ff7] [SUDO_1_4_0] + + * sudo.c: + fixed SECURE_PATH + [6002889f606d] + + * RUNSON: + udpa`ted for 1.4 + [6014a8592815] + + * configure.in: + AIX aixcrypt.exp now uses $(srcdir) + [b0d57674fef4] + + * TROUBLESHOOTING: + added entry for anal ansi compilers + [4193cec1c6b1] + +1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + added info on libcrypt_i for SCO + [575497d56698] + + * TODO: + *** empty log message *** + [d0aaf67b9913] + + * sample.sudoers: + added comments + [a7773f7eda8d] + + * TODO: + 1.4 release + [1dade29e9fd9] + + * CHANGES: + ++version + [67241be40780] + + * INSTALL, OPTIONS, README, config.h.in, configure.in: + ++version + [2e0a37897f68] + + * BUGS: + ++version and fixed ISC + [78963f01a0e3] + + * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, + goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, + insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c, + sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + visudo.c: + ++version + [b6227f29b3d9] + + * interfaces.c: + added STUB_LOAD_INTERFACES ++version + [d8150a3fd577] + + * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc, + version.h: + ++version + [da9e90e69bdc] + + * PORTING: + added info about fd_set in tgetpass added info on interfaces.c + [a39902febd17] + +1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * dce_pwent.c: + added sudo header + [fc0f2c48682e] + + * tgetpass.c: + fixed a typo + [43d40b72ee8f] + + * Makefile.in: + tgetpass.o is now only linked in with sudo (not visudo) + [7407c5ff11f8] + +1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, + configure.in: + ++version + [9b82ad805d6b] + + * emul/utime.h: + added copyright notice + [4380f16cd075] + + * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c, + ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h, + interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc, + pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c, + testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c: + ++version + [32717fdb5d05] + + * tgetpass.c: + minor cleanup and now includes sys/bsdtypes for svr4'ish boxen + [326864428da2] + + * configure.in: + ISC now gets -lcrypt now check for sys/bsdtypes.h + [e064799c054b] + + * config.h.in: + added check for sys/bsdtypes.h + [9adb9533c363] + +1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + removed debugging stuff (setting freed ptr to NULL) + [02fe8eec63a0] + + * TROUBLESHOOTING: + added 2 entries + [02884e2733e2] + + * Makefile.in: + added FAQ + [074d8dfcf28d] + + * TROUBLESHOOTING: + added section on syslog + [e6bc02a22b86] + + * configure.in: + added AC_ISC_POSIX for better ISC support + [8436b3e12af2] + + * config.h.in: + fixed typo + [f1b3922babf4] + + * config.h.in: + added define for _POSIX_SOURCE + [ded6d92b34f9] + +1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fixed check for lsearch() + [75baa5bc28a3] + +1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + fixed for AIX now deal if num_interfaces == 0 (should not happen) + [ae450e859227] + +1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now only define HAVE_LSEARCH if there is a corresponding search.h + [8ce645c5d17f] + + * interfaces.c: + works on ISC again + [ccac920d424c] + +1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now define HAVE_LSEARCH if we find lsearch() in libcompat + [7343e4313a87] + + * lsearch.c: + char * -> const char * + [1c0b11c2300a] + + * configure.in: + now looks in -lcompat for lsearch() + [a1cc1d6fcd09] + + * Makefile.in: + remove sudo.core visudo.core for clan target + [b523456a85df] + + * aclocal.m4: + added UID_MAX support in check for MAX_UID_T_LEN + [7ab262b1173f] + + * Makefile.in: + fixed another occurence of sudo_getpwuid.* + [fb5809c07da2] + + * Makefile.in, getspwuid.c: + sudo_getpwuid.c -> getspwuid.c + [875f2ef808b4] + + * configure.in: + moved the "echo" + [ad7b8f966076] + + * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c, + compat.h, config.h.in, configure.in, find_path.c, getspwuid.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, + parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c: + ++version + [ee57c6410ffa] + + * testsudoers.c: + added group support + [54d8097df8bd] + + * sample.sudoers: + added group entry + [50994d31fd49] + + * sudoers.man: + documented group support + [0a16707f8fed] + + * parse.c, parse.lex, parse.yacc, visudo.c: + added group support + [427218c879c8] + +1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + tkfile was too short and overflowed the kerberos realm + [53823a1ff5af] + +1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now copy command args directly from Argv + [77408278b6fd] + + * sudo.c: + replaced code to copy cmnd_args so that is does not use realloc + since most realloc()'s really stink + [b29a0ff73fb6] + +1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + syslog() fixed in hpux 10.01 + [2648e6f0cdb0] + +1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate) + [8f108b8d8711] + + * configure.in: + better error if cannot find skey incs or libs + [5887662ee9d3] + + * aclocal.m4: + now use a temp file for determining max len of uid_t in string form. + the old hacky way broke on netbsd + [b68f470fa9f8] + + * sudo.c: + added set of parens and a space + [8a3d4826d022] + +1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * dce_pwent.c: + fixes from Jeff Earickson <jaearick@colby.edu> , + [bde0f0b756ec] + + * check.c: + modified a comment + [e2a97f1afbbe] + + * Makefile.in: + fixed up testsudoers target + [d39c4e7bb609] + + * configure.in: + DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS -> + SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS + [da7a1c433828] + + * Makefile.in: + LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS, + VISUDO_LDFLAGS + [4b69503e8487] + +1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fix for C2 on hpux 10 now uses -linet if it exists + [8d300112263d] + + * check.c: + LONG_SKEY_PROMPT is less of a klusge / + [dcc144abaac3] + + * configure.in: + fixed typos w/ dce stuff + [f7dfd6d4e149] + + * Makefile.in: + added dce_pwent.c + [79047acdc516] + +1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + amended section on combining authentication mechanisms + [dc5138c7c716] + + * PORTING: + minor updates for 1.3.6 + [fe80c13bd994] + + * TROUBLESHOOTING: + added 2 more entries + [c7201439a0f5] + + * BUGS: + updated for 1.3.6 + [979b414d2a2d] + + * README: + overhauled + [3af8b60eb594] + + * INSTALL: + rewrote for sudo 1.3.6 + [b16027b9c726] + + * TROUBLESHOOTING: + added 3 entries + [934c9ee3f153] + +1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c, getspwuid.c, sudo.c: + added explict casts for strdup since many includes don't prototype + it. gag me. + [3e19a11f2fcc] + + * sudo.h: + removed prototype for sudo_getpwuid() since convex C compiler choked + on it. + [c3ea74ca67b0] + + * sudo.c: + added prototype for sudo_getpwuid() + [4a8e3cdc2b98] + + * lsearch.c: + now compiles on strict ANSI compilers + [3ce5d72d0b08] + + * check.c: + added LONG_SKEY_PROMPT support + [48a18b8a2332] + + * Makefile.in: + added extra $'s for make to eat up, yum. + [2995b214e12b] + + * OPTIONS, options.h: + added LONG_SKEY_PROMPT + [f23ae799b5a4] + +1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + s/key support now works with normal s/key as well as logdaemon + [d67573f523bf] + + * OPTIONS, options.h: + added SKEY_ONLY + [bbf07654e0de] + + * compat.h: + set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY + [205895b96a36] + + * INSTALL: + added DCE note added more AIX notes + [6345403b3522] + + * sudo.c: + now include pthread.h for DCE support + [6fe02865f679] + + * check.c: + dce_pwent() is ok after all ., + [d26a8746a55d] + + * logging.c: + now uses SYSLOG() macro that equates to either syslog() or + syslog_wrapper + [42ac4cff8045] + + * dce_pwent.c: + minor formatting changes. renamed check() to somthing less generic + [71859f217be1] + + * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c, + visudo.c: + now uses user_pw_ent and simple macros to get at the contents + [f4cbf3e7145a] + +1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + simpler dec unix C2 support + [86bc8f75250e] + + * getspwuid.c: + now sets crypt_type for DEC unix C2 + [99aeadd18266] + +1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added csops paths for skey + [b8ca672e2117] + + * getspwuid.c: + now includes string.h for strdup() prototype + [3605259c3620] + + * getspwuid.c: + fixed a few typos + [46c97e4ea417] + + * check.c: + now includes skey.h + [11e611ce1b61] + + * getspwuid.c: + fixed up comments + [223dac56f0c8] + + * check.c: + moved a lot of the shadow passwd crap to sudo_getpwuid() + [97d8887fb7d3] + + * sudo.c: + now uses sudo_pw_ent + [d014dadbef48] + + * testsudoers.c: + now uses sudo_pw_ent + [d92936ed7e34] + + * visudo.c: + now sets sudo_pw_ent + [ff75cdfcf8b3] + + * getspwuid.c: + Initial revision + [6deb6df9d7bc] + + * tgetpass.c: + moved dce stuff into compat.h + [1124284396e7] + + * logging.c, sudo.h: + now uses sudo_pw_ent + [404ff20a5067] + + * Makefile.in: + added sudo_getpwuid.c + [6666d0644512] + + * compat.h: + added dce support + [3c3b36a7ce0e] + + * parse.yacc: + now uses sudo_pw_ent + [9f5e8d11bd68] + +1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fixed exempt_group stuff for OS's that don't put base gid in group + vector + [003f153bd396] + + * check.c: + S/Key support now works with sunos4 shadow passwords + [1eb64a5efff1] + + * Makefile.in: + fixed clean rule + [5695a2c62816] + + * config.h.in, configure.in: + added DCE support + [f53c766c1947] + + * tgetpass.c: + DCE & KERB support + [904cf436506a] + + * check.c: + first stab at dce support + [aea5ca07b1e3] + + * dce_pwent.c: + now smells like sudo + [8b3d609b49cd] + + * dce_pwent.c: + Initial revision + [b573555f2399] + + * check.c: + skey'd sudo now works w/ normal password as well + [8d038f9f6e94] + +1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c, + getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, + ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c, + parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, + sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, + version.h, visudo.c: + updated version number + [ba7e346d7904] + + * README: + updated to reflect version change + [1d15cf1d8cc8] + + * configure.in: + --with options now line up ++version + [08ebf625fbca] + + * sudo.h: + removed unecesary S/Key stuff + [68188cba90af] + + * configure.in: + fixed S/Key support + [f6d9cbc36618] + + * Makefile.in: + -I stuff now goes in CPPFLAGS + [7b8e53c5b046] + + * check.c: + fixed SKey support + [52c1a5cf4435] + + * README: + updated version + [bed6498a10bb] + + * OPTIONS: + fixed description of EXEMPTGROUP + [cfeead55edc2] + + * sudo.c: + more people use _RLD_ than just alphas... + [6a3c7090a6f6] + + * Makefile.in: + replaced $man_prefix with $mandir + [dc4b36a550e2] + + * configure.in: + fixed a typo + [a38a4acddcaf] + + * Makefile.in: + now use more GNU'ish dir names + [c5498391a520] + + * configure.in: + now set *dir correctly (can override from command line) + [523ff98fd438] + + * sudo.c: + now deal with situations where we getwd() fails + [88a9e61dccbb] + +1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + added etc_dir, bin_dir, sbin_dir + [75fd08d92842] + + * configure.in: + added sbin_dir + [3cb318c0d8d1] + + * Makefile.in: + now ship a flex-generated lex.yy.c + [4d083ed70dce] + + * Makefile.in: + now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER + [4d51dc9c3780] + + * pathnames.h.in: + _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile + [773fd163d52f] + + * options.h: + no more error for redefining SUDOERS_OWNER + [4ba336644c6a] + + * OPTIONS: + expanded SUDOERS_OWNER section + [12fae405759e] + +1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + now warn if chown(2) failed + [d0d1db6e3a1f] + + * logging.c: + better default warning for NO_SUDOERS_FILE + [5260b458ac64] + + * sudo.c: + added missing set_perms() no more cryptic message if the sudoers + file is zero length, now just give a parse error + [b81ea724838a] + + * logging.c: + better diagnostics if NO_SUDOERS_FILE + [877e878663c5] + + * sudo.c: + check_sudoers() now catches sudoers files that are not readable (but + are stat'able). + [fea05663b3de] + +1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now add -D__STDC__ for convex cc (not gcc) + [c80fc53ff51b] + + * configure.in: + MAN_PREFIX -> man_prefix now sets prefix and exec_prefix + [fe238226a057] + + * Makefile.in: + now uses exec_prefix & prefix from configure + [f62fca5f56bd] + + * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c, + parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c, + utime.c, visudo.c: + options.h is now <> instead of "" so shadow build trees can have a + custom copy of options.h + [e6782676099c] + + * check.c: + user_is_exempt() is no longer a hack, it now uses getgrnam() + [287f8d5356f7] + + * options.h: + EXEMPTGROUP is now "sudo" + [61487304dbe1] + + * configure.in: + MAN_POSTINSTALL now contains a leading space + [eaad4ac34012] + + * Makefile.in: + removed leading tab if @MAN_POSTINSTALL@ not defined now removes + testsudoers in clean: + [e01711baceb8] + + * tgetpass.c: + includes pwd.h to get _PASSWD_LEN definition + [8ec174f263f1] + +1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + unset the KRB_CONF envariable if using kerberos so we don't get + spoofed into using a bogus server + [2561a0274fca] + +1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + now explicately initialize match[] tp be FALSE + [0e45e5c47766] + +1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + removed unused variable now passes -Wall + [3452508bc16d] + + * parse.yacc: + yyerror and dumpaliases are now void's now passes -Wall + [2769dfb51993] + + * parse.lex: + added prototype for yyerror + [1f3f0c1b4ab4] + + * check.c, logging.c, parse.c: + now passes -Wall + [eab57e5e81d2] + + * interfaces.c: + rmeoved unused cruft now passes -Wall + [7a47e1866f4b] + + * Makefile.in: + fixed headers that moved to emul dir + [e680c1e5049b] + + * logging.c: + fixed deref of nil pointer if no args + [973b9bea432f] + +1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS: + added a caveat to FQDN section + [dcf6e2a5fff4] + +1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + more $srcdir support for install targets + [f6eac78436dd] + + * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c, + strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c: + don't include malloc.h if we include stdlib.h + [fca2ff307cd8] + + * parse.yacc: + local search.h now lives in emul + [51c458904424] + + * check.c, utime.c: + local utime.h now lives in emul dir + [f92fc9e8c8de] + + * lsearch.c: + local search.h now lives in emul + [579efc407439] + + * Makefile.in: + added support for building in other than the sourcedir + [2ab53a43f7d4] + +1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS: + annotated CSOPS_INSULTS option + [9e57d45a0afa] + + * TROUBLESHOOTING: + updated shadow passwords blurb + [39b785bc7253] + + * sudo.c: + if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and + passes along foo as the arguments + [a91077aa8fc5] + +1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + collapsed pathname and dir sections into one -- its now less + expensive + [89caa03bec25] + + * parse.lex: + fixed spacing quoting [,:\\=] now works correctly append() and + fill() now take args to make the above work + [09d023d9ef3a] + + * sudo.c: + fixed a typo that caused commands with no tty on fd 0 but a tty on + fd 1 to erroneously have "none" as their tty + [07d2c0e7977c] + +1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + timestampfile is now a global static removed decl of timestampfile + in remove_timestamp since we can just use the global one + [f0cbdc6aab1c] + + * check.c: + created touch() to update timestamps added USE_TTY_TICKETS support + (bit of a kludge) + [cee1dd0318f8] + + * compat.h: + added _S_IFDIR and S_ISDIR + [b4a51cc9628e] + + * OPTIONS, options.h: + added USE_TTY_TICKETS + [b4e22f81f25e] + + * parse.yacc: + removed const from casts for lsearch() & lfind() to placate irix 4.x + C compiler + [5003081f76ea] + +1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now only strip '/dev/' off of a tty if it starts with '/dev/' + [7f62bcd24039] + + * pathnames.h.in: + added _PATH_DEV + [6375f44d1910] + + * configure.in: + AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if + have termios.h + [9c60391235fd] + + * tgetpass.c: + fixed incorrect #ifdef termio uses "unsigned short" not int for + c_?flag + [d032e6a29845] + + * parse.lex, parse.yacc: + fixed a spelling error + [cad6a944c7b1] + + * Makefile.in: + fixed typo + [204a65403e7c] + +1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + fixed a comment + [268f760e57ad] + + * parse.yacc: + added dotcat() to cat 2 strings w/ a dot effeciently now that we + dynamically allocate strings they need to be free()'d + [ec2e2152f415] + + * parse.lex: + dynamically allocates space for strings + [d10ac3533d66] + + * sudo.h: + no more MAXCOMMANDLENGTH + [e2e1219bff8a] + + * sudo.h: + added decl of tty + [c8ae81303ee5] + + * logging.c, sudo.c: + moved tty stuff into sudo.c + [e028abefeb07] + +1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + fixed a logic bug. Was denying a command if user gave command line + args but there were none in the sudoers file which is wrong. + [7489a99b8e8a] + + * sudo.h: + MAXCOMMMANDLEN dropped down to 1K + [38ef54ba290b] + + * parse.lex: + return foo; -> return(foo); + [0e8be1b57001] + + * parse.yacc: + fixed netgr_matches() prototype + [e69f15910464] + + * parse.lex: + added support for escaping "termination" characters + [8bd4ef50f35c] + + * parse.c: + buf is now of size MAXPATHLEN+1 since it never holds command args + [2ce4b763058c] + + * sudo.c: + fixed comments + [0c74a3d2ebb0] + + * goodpath.c: + fixed negation problem (doh!) + [782814e3a2d1] + + * parse.yacc: + fixed 2nd parameter to lfind() + [63d7b1623c08] + + * parse.lex: + now do bounds checking in fill() and append() + [54381b563251] + + * sudo.c: + include netdb.h as we should added a missing void cast added + SHELL_IF_NO_ARGS support now use realloc() properly. would fail if + realloc actually moved the string instead of shrinking it + [897ccdec9c06] + + * sample.sudoers: + updated with examples of new features + [9b3ed00e8aa6] + + * goodpath.c: + now set errno to EACCES if not a regular file or not executable + [2d069548a5ea] + + * find_path.c: + if given a fully-qualified or relative path we now check it with + sudo_goodpath() and error out with the appropriate error message if + the file does not exist or is not executable + [590f89dd8dec] + + * emul/search.h, lsearch.c: + now use correct args for lfind + [fccdcdbf020e] + + * logging.c: + added a comment + [fab9f49708ea] + + * insults.h: + added in CSOps insults + [ad8eb1862adc] + + * ins_csops.h: + Initial revision + [de5a475ec018] + + * tgetpass.c: + added RCS id + [c3ffd550a482] + + * sudo.h: + increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD + [aba25c90d08a] + + * OPTIONS: + added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS + [e27bd62e9ccf] + + * sudo.c: + fixed -k load_interfaces() now gets called if FQDN is set + -p now works with -s + [07ca2a34bae8] + + * parse.c: + don't try to stat() "pseudo commands" like "validate" + [75527045984b] + + * options.h: + added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS + [07b157a0eafd] + + * configure.in: + added SecurID support added other insults to --with-csops + [6c992ceb244c] + + * config.h.in: + added HAVE_SECURID + [e734ff617fe8] + + * Makefile.in: + added clobber target added ins_csops.h now gets CFLAGS from + configure + [d1e29c7cec25] + + * aclocal.m4: + relaxed SUDO_FULL_VOID + [fb4084f27406] + + * visudo.c: + function comment blocks are now in same style as rest of code + [04a2931354c5] + + * testsudoers.c: + added support for command line args in /etc/sudoers + [bfe4e1bcc655] + + * sudoers.man: + updated to have command args in the sudoers file + [1cd34355e9ea] + + * sudo.man: + added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section + [930b48023b68] + +1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + PATH renamed to COMMAND + [4e109a6de3cd] + + * parse.lex: + it is now a parse error for directories to have args attached to + them + [2ab10a146b54] + + * logging.c: + now say command args if telling user to buzz off + [933de26ded8b] + + * sudo.c: + -s no longer indicates end of args sped up loading on cmnd_args in + load_cmnd() + [eac99a4da862] + + * parse.c: + removed an unreachable statement + [634302623c49] + + * parse.lex: + made more efficient by pulling out the terminators when in GOTCMND + state and making them their own rule + [80798f1e1166] + +1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + removed MAXLOGLEN since it is no longer used + [102824196b71] + + * parse.lex: + now allows command args + [d29dfa1e5254] + + * parse.c: + now groks command arguments + [6c414cb7f105] + + * logging.c: + now sets tty correctly when piped input + [de46a30c0406] + + * sudo.c: + fixed loading of cmnd_args (was including command name too) + [15319a425ea6] + + * logging.c: + fixed a core dump due to incorrect if construct + [582363c7d7fa] + +1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix + [da591fe9b931] + + * aclocal.m4: + fixed check for ISC + [52e59f2082a7] + + * sudo.c: + now sets cmnd_args used by log_error() and that will be used by the + parse to check against command args + [c6804389723b] + + * sudo.h: + added cmnd_args + [4d00446b4a8d] + + * logging.c: + now dynamically allocate logline since we can guess at its size + [4bed8c8446aa] + +1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove + "register" since the compiler knows more than I do now do a + "basename" of the tty + [3b1bbf0b3da1] + +1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + ++version + [5ce552f9a5f1] + + * sudo.h: + added shell extern changed MODE_* to be bit masks to allow for + several options together + [06f9dc4f400c] + + * sudo.c: + added -s (shell) option made MODE_* masks so we can do bitwise & and + | to see if multiple flags are set. + [01f8143010ad] + + * check.c: + added securid support + [909e078005fe] + +1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + removed a bunch of unnecesary strncpy()'s and replaced with strcat() + [644506b57d61] + +1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, version.h: + ++version + [3cd6f1fbc3d9] + +1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + fixed free() of an uninitialized pointer (yuck) + [8c404ee502ee] + + * testsudoers.c: + added netgr_matches + [e7c9fa2f774c] + + * parse.c: + cleaned up netgr_matches + [8108f00b810e] + +1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updated for 1.3.4 + [4741704310a1] + +1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + now installs sudoers.man -- really should clean this up though. + [455631d45a1d] + + * Makefile.in: + added sudoers.cat and sudoers.man + [0bdedd6c7363] + + * sudo.man: + pulled out stuff on the sudoers file format into a separate man page + [de215d999cb9] + + * sudoers.man: + Initial revision + [f25eafbb7095] + + * HISTORY: + fixed up my email address + [254fbf80be74] + + * configure.in: + added checks for innetgr and getdomainname + [24a99cb7e97e] + + * visudo.c: + added dummy netgr_matches function + [1841ff2c01da] + + * parse.c: + added netgr_matches + [ec90db6a97b8] + + * parse.lex, parse.yacc: + added NETGROUP support + [c9dd93e3bc4b] + + * config.h.in: + added HAVE_INNETGR & HAVE_GETDOMAINNAME + [14abd494d875] + +1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + rewrote clean_env() that has rm_env() builtin + [55cb43818a95] + +1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + now cast uid to long in sprintf + [b549eea40aeb] + + * OPTIONS: + added _INSULTS suffix to HAL & GOONS end + [ed620d0aad30] + + * options.h: + added _INSULTS suffix to HAL & GOONS + [9f72e9b83afd] + + * ins_2001.h, ins_classic.h, ins_goons.h, insults.h: + converted to new scheme of insult "unions" end + [2f6d2b412132] + + * sudo.c: + now uses MAX_UID_T_LEN + [c1df79e0f389] + + * configure.in: + added SUDO_UID_T_LEN !l + [195f0b9f5f84] + + * config.h.in: + added MAX_UID_T_LEN + [73f42ae4f14d] + + * check.c: + now use MAX_UID_T_LEN + [df9c063234cb] + + * aclocal.m4: + added check for max len of uid_t fixed sco vs. isc check + [d558f36d2223] + +1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + corrected version + [828dd1571e86] + + * configure.in: + added sco support + [af1e2f616638] + + * aclocal.m4: + hack to check for sco + [549ab99a9a43] + + * interfaces.c: + removed #include <net/route.h> since it was hosing some OS's + [ac78a7c04005] + +1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + fixed prreadlink() prototype + [b380fe1f2b11] + + * check.c: + added parens in #if's + [e96ade691b82] + + * configure.in: + added SPW_ prefix + [a302683a1483] + + * sudo.h: + moved SPW_* to config.h.in + [6b3be70e34cf] + + * sudo.c: + added a set of parens + [8188d735d695] + + * config.h.in: + added SPW_* + [5ead6371cf60] + + * sudo.h: + added SPW_* reordered error codes + [dead25b4ed0a] + + * check.c: + moved SPW_* to sudo.h + [ca51fb04caf4] + +1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + SPW_AUTH -> SPW_SECUREWARE + [6b512b2bc5dc] + + * logging.c: + GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT + [defdd0944e2f] + + * configure.in: + AUTH -> SECUREWARE + [d1f8a17001dd] + + * check.c: + SPW_AUTH -> SPW_SECUREWARE + [af0e8d8b89b2] + + * check.c: + now uses SHADOW_TYPE to make shadow pw support more readable and + modular. It's a start... + [8c2a59667014] + + * configure.in: + added autodetection of shadow passwords + [85f81fa54b1b] + + * sudo.c: + now uses SHADOW_TYPE define + [355e5dc09b07] + + * config.h.in: + added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines + [c0c06e83e483] + + * aclocal.m4: + added SUDO_CHECK_SHADOW + [464301301639] + +1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for + memmove() since we dno longer use it... + [8aefa87d7d31] + + * CHANGES: + updated + [ce97b3fd7182] + + * logging.c: + added BROKEN_SYSLOG support + [a45c3bca36f6] + + * config.h.in: + added BROKEN_SYSLOG + [6f6abf0a6268] + + * check.c: + now only bitch it timestamp > time_now + 2 * timeout to allow for a + machine udpating its time from a server + [546bc8d35325] + + * sudo.man: + added 2 security notes updated Nieusma's email addr + [616756c56977] + + * lsearch.c: + changed a memmove() to memcpy() since we don't have to worry about + overlapping segments. + [30baa478526b] + +1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + cleanup up the loop when interfaces are groped in so that it is + readable + [1fa39446bd69] + + * Makefile.in, version.h: + ++version + [b46bd2b1770f] + +1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + annotated 124-126 + [b82a2b3ec7ce] + +1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fixed permissions check on /tmp/.odus + [cc2431a65468] + +1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fixed some comments + [8896d09b4fda] + + * check.c: + now checks owner & mode of timedir also checks for bogus dates on + timestamp file + [a0fad5df5b0a] + + * OPTIONS: + updated TIMEOUT info + [033cc22d9e04] + + * logging.c, sudo.h: + added BAD_STAMPDIR and BAD_STAMPFILE + [31d9ce691101] + + * compat.h: + added definition of S_IRWXU + [ff2dab091a9b] + + * CHANGES: + updated + [a40df90284f1] + +1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * interfaces.c: + added #ifdef to make it compile on strange arches + [4a127f12afce] + +1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4: + fixed check for fulkl void impl. + [b6f2a4a361d8] + + * check.c: + added mssing "static" + [520552f2772b] + + * insults.h: + replaced #elif with #else #if constructs for ancient C compilers + [39ab2d365b57] + + * INSTALL: + updated irix c2 & kerb5 info + [ae79b99b4905] + + * configure.in: + added shadow pw support for irix + [632469d9c528] + +1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS, TODO: + updated + [2a96bb18ac30] + + * CHANGES: + last changes for sudo 1.3.3 + [c1c0cd1034b8] + + * configure.in: + now calls SUDO_SOCK_SA_LEN + [14ea78159d45] + + * config.h.in: + added HAVE_SA_LEN + [cc2a346aa905] + + * aclocal.m4: + added SUDO_SOCK_SA_LEN + [456a2025644a] + + * interfaces.c: + now works with ip implementations that use sa_len in sockaddr + [90be6e028077] + + * INSTALL: + added note about buggy AIX compiler + [c0f6d427e4e4] + + * interfaces.c: + now include sys/time.h for AIX + [2510858ab38b] + +1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + getcwd -> getwd + [66085ebca98e] + + * interfaces.c: + now works for ISC and others. yay. + [f336d4ffc927] + +1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, version.h: + version++ + [836cffc2078d] + +1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4: + fixed test for full void impl + [fb004107e7b9] + + * sudo.c: + now check to see that st_dev is non-zero before assuming that we are + being spoofed + [1b0e1c30c506] + +1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4, configure.in: + SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL + [4953379bfb01] + +1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * aclocal.m4: + fixed include file order for SUDO_FUNC_UTIME_POSIX + [ff64ab7df44f] + + * logging.c: + added cast for ttyname() + [444f05f56758] + + * configure.in: + fixed typo + [de068e748431] + + * check.c: + now deal correctly with all known variation of utime() -- yippe + [b778a4195a89] + + * configure.in: + added SUDO_FUNC_UTIME_POSIX + [cf635f2269d6] + + * aclocal.m4: + added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX + [d79593be4b73] + + * config.h.in: + added HAVE_UTIME_POSIX + [c67b4ac0dca5] + + * check.c: + fixed a typo + [b14df5680f59] + + * check.c: + no longer assume !HAVE_UTIME_NULL means old BSD utime() + [0aeaf4b2f38b] + + * check.c: + fixed fascist C compiler warning + [c61ddf2f1f93] + + * interfaces.c: + now set strioctl.ic_timout in STRSET() now initialize num_interfaces + to 0 (just to be anal) + [c54cc2ba0052] + +1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + increaed MAXLOGLEN by MAXPATHLEN to account for ttyname + [74cf585a54fb] + + * logging.c: + added tty logging + [e27d8dcfbd78] + + * interfaces.c: + reworked the ISC code + [bcf57ce8ae69] + + * Makefile.in, version.h: + updated version + [032941c9b94d] + + * check.c: + now expect old-style utime(3) if utime() can't take NULL as an arg + [018dd4a73030] + + * configure.in: + added check for utime.h + [0b76e8feb618] + + * config.h.in: + added HAVE_UTIME_H + [62ee42feda46] + + * Makefile.in: + added CPPFLAGS STATIC_FLAGS -> LDFLAGS + [fa3201d294e1] + + * configure.in: + now search for kerb libs and includes + [cc332401e571] + + * check.c: + added support for utime(2)'s that can't take a NULL parameter + [98797fedf69f] + + * utime.c: + moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs + [6ce6d825fb44] + + * configure.in: + added utime(s) stuff + [a2afb744403e] + + * check.c: + now use utime() + [48902240a51e] + + * config.h.in: + added HAVE_UTIME and HAVE_UTIME_NULL + [9a56ab65d4f4] + +1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * utime.c: + now use HAVE_UTIME_NULL + [e3944de09a92] + + * emul/utime.h, utime.c: + Initial revision + [a2cbf2ef3427] + + * check.c: + need to setuid(0) to make kerb4 stuff work. + [c6cfda4039d7] + + * tgetpass.c: + no more special case for kerberos + [4a5c33145be9] + + * config.h.in: + took out setreuid and setresuid stuff added kerb5 stuff (use kerb4 + emulation) + [a607ee43e650] + + * compat.h: + no longer need setreuid() emulation now set _PASSWD_LEN to 128 if + kerberos + [02fb274cc136] + + * check.c: + now use private ticket file for kerberos support to avoid trouncing + on system one + [28d8b6b812c7] + +1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + added SPOOF_ATTEMPT & cmnd_st + [d3b42a1f4d0d] + + * sudo.c: + added anti-spoofing support + [ab1e2aa44a57] + + * parse.c: + now use global cmnd_st + [47018265a1a6] + + * logging.c: + added SPOOF_ATTEMPT suypport + [7bbe9dd2a021] + + * testsudoers.c, visudo.c: + added void casts where appropriate + [f191441ba333] + + * parse.yacc: + fixed up spacing and added void casts where appropriate + [15d886fc809c] + + * sudo.c: + fixed problem with "-p prompt" but no args + [6fc048261a3e] + +1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man: + added BUGS and annotated -l description + [e5c506de2603] + + * sudo.h: + validate() now takes a flag + [26627becc60a] + + * sudo.c: + validate() now takes a flag added -l + [a4f7bb97fe54] + + * parse.yacc: + added support for -l + [e7a9b10b0ad3] + + * parse.c: + validate() now takes a flag that says whether or not to check the + command + [9e1e67f4e281] + +1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + now deals with Argv == 1 + [0acb637ab635] + + * sudo.man: + added -p option + [e60382fc0561] + + * sudo.c: + added prompt support reworked parse_args() + [2f605267ed4a] + + * sudo.h: + added prompt + [5ab021bdb419] + + * options.h: + added PASSPROMPT + [614727ff44a2] + + * check.c: + now use BUFSIZ as length of kerb password added kpass so pass is + always a char * now use prompt global when asking for a password + [76be09af784f] + + * tgetpass.c: + now use BUFSIZ as _PASSWD_LEN if using kerberos + [1e907eed312b] + + * OPTIONS: + added PASSPROMPT + [ddb2f405ce40] + +1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + only look for -lufc or -lcrypt if crypt() not in libc + [9717d315661f] + + * check.c: + don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN + (unknown user) silently fail + [2b48693d4ee9] + + * INSTALL: + added kerb4 note + [986e393f740c] + + * tgetpass.c: + HAVE_KERBEROS -> HAVE_KERB4 + [e438bfb5e6aa] + + * check.c: + removed debugging printf + [1cf9f5cbffa5] + + * configure.in: + KERBEROS -> KERB4 added checks for setreuid & setresuid + [01e9945beb1e] + + * config.h.in: + HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID + [0e0bb5b8ac3e] + + * compat.h: + added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation + with setresuid if applic + [9dae24c47696] + + * check.c: + HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if + no setreuid() or a broken one + [1fca642bdb8e] + +1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added kerberos support + [da5639b9b8e7] + + * config.h.in: + added HAVE_KERBEROS + [fcc5be550e65] + + * tgetpass.c: + added KERBEROS support (long passwords) + [303ba6924dd2] + + * check.c: + added kerberos support + [e40afe98fc1d] + +1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + added MODE_BACKGROUND + [9b483c932016] + + * sudo.man: + escaped dashes added -b option + [62e84f1a7714] + + * sudo.c: + added -b option + [7e78aaefeb95] + + * check.c: + added crypt() for osf/1 3.x enhanced secuiry + [e9aa5abdb7d5] + + * configure.in: + now check for -lcrypt + [5cb9c67e9fa2] + + * interfaces.c: + added ENXIO like EADDRNOTAVAIL + [74223bb1ba75] + +1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now emulate getwd(), not getcwd() + [3e5439d9a5f4] + + * sudo.c: + getcwd() -> getwd() + [6392a96a658e] + + * getwd.c: + getcwd -> getwd + [1b0ab9bae11e] + +1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * ins_2001.h, ins_classic.h, ins_goons.h: + Initial revision + [86db60d8cf00] + + * insults.h: + broke out insults into separate include files + [0a01993bd38a] + + * OPTIONS, options.h: + added GOONS + [e283203c6515] + + * Makefile.in: + added ins_2001.h ins_classic.h ins_goons.h + [2a39cd6a4cd2] + + * Makefile.in, version.h: + ++version + [05ebf4f5e41a] + + * visudo.c: + moved signal handler setup to setup_signals() + [3dd976c04540] + + * sudo.h: + added load_interfaces() + [af2d473b09e2] + + * sudo.c: + moved load_interfaces to interfaces.c + [5c8c138e5d4c] + + * parse.yacc: + added clearaliases + [aeb4ff301daa] + + * OPTIONS, options.h: + added FAST_MATCH + [f49ea3d1b525] + + * parse.lex: + now uses clearaliases variable + [a2dda415bf61] + + * interfaces.c: + Initial revision + [a1990e3f5c69] + + * Makefile.in: + added interfaces.[co] + [1e8e5984de97] + + * testsudoers.c: + now uses ip addrs and netmasks via load_interfaces() + [54b8f7a6835e] + + * sudo.c: + now remove IFS instead of setting to "sane" value + [ce7eec9f115e] + +1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.c: + added FAST_MATCH + [816d4f5fe81a] + +1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + sudo_goodpath.c-> goodpath.c + [a5072c4e1de2] + + * sudo.c: + added Andy's new ISC changes + [caa6bbee358e] + +1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS: + added a sentence to SECURE_PATH info + [cad6e1569d15] + + * BUGS: + added one + [4b35cf699a83] + + * CHANGES: + updated + [5fded9dc62f0] + + * RUNSON: + updated + [33cb993cfd39] + +1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * RUNSON: + updated for beta3 + [a05dc6a91995] + + * Makefile.in, version.h: + ++version + [54aaf3fadc75] + + * aclocal.m4: + sendmail is now looked for in /usr/ucblib + [231ac1a4662f] + + * sudo.c: + fixed indentation + [fb137400c8c2] + + * aclocal.m4: + fixed a typo + [e03f1acc468b] + + * sudo.c: + updated ISC mods + [070290d4754b] + + * configure.in: + added unixware case + [e90250bae0d9] + + * check.c: + user_is_exempt is no longer hidden + [1a341765b8af] + + * RUNSON: + updated + [a9c4898b26dd] + + * aclocal.m4: + isc and riscos changes + [98b5d86585d1] + + * OPTIONS: + added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH + [e1ecc464ce4b] + + * Makefile.in: + fixed a typo and added testsudoers stuff + [435d60e163dc] + + * testsudoers.c: + Initial revision + [6ce14a448662] + +1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + applied fixed patch from Chris + [cd6144203d13] + +1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + fixed a typo + [34f8a54ba041] + + * parse.yacc: + added a set of braces for bison + [f0e43b938914] + + * parse.yacc: + merged in Chris' changes to dekludge the parser. + [82d6e373ab1c] + + * logging.c: + send_mail() was calling find_path() which is wrong since find_path() + stores cmnd in a static var. Anyhow, it doesn't make much sense + since MAILER should always be fully qualified + [6eae6a0b8098] + +1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.sudoers: + added User_Alias stuff + [aaba8c8e918d] + + * aclocal.m4: + SUDO_NEXT now looks for /usr/lib/NextStep/software_version + [52bd81f34b32] + + * RUNSON: + added DEC UNIX 3.0 w/ gcc + [7daf570775b5] + + * visudo.c: + Exit was being used in places where exit should be used + [6026a89c07ed] + + * sudoers: + added "User alias specification" + [a487b6e234f8] + + * parse.yacc: + fixed probs caused by making nslots and naliases a size_t + [0be919384f3f] + + * RUNSON: + added KSR, upped rev to 1.3.1b2 + [ce04ee6faadf] + + * logging.c, parse.yacc: + 1024 -> BUFSIZ + [cd6dda45fa11] + + * parse.yacc: + void * -> VOID * naliases and nslots are now size_t to appease + lsearch on 64-bit machines + [bf2f807c0dc1] + +1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + did a bunch of things and added a bunch :-) + [42afd957b829] + + * PORTING: + updated + [972f95c85776] + + * visudo.man: + closer to BSD manpage style + [07ae88f50325] + + * sudo.man: + closer to standard BSD man format + [372c28dcc135] + + * compat.h, config.h.in, emul/search.h, insults.h, options.h, + pathnames.h.in, sudo.h, version.h: + added RCS id + [c0ec90b81002] + + * sudo.h: + removed crufty #defines that are no longer used + [35e2b4b477f0] + + * BUGS: + fixed a bug + [5bb3e1bee85e] + + * sudo.man: + updated based on sudo changes + [e65de1cae438] + + * parse.yacc: + now allow ALL keyword in User_Aliases now allow ALL keyword as well + as a NAME or ALIAS + [1fb31404dd0f] + + * CHANGES: + updated + [b24018ac610b] + + * sudo.c: + now sets SUDO_COMMAND and SUDO_GID envariables. + [e9d791557fb7] + + * aclocal.m4: + fixed bug with full void impl check + [35715301023c] + + * parse.yacc: + fixed User_Alias supoprt + [4c30dfbaaa07] + + * parse.yacc: + added stubs for User_Alias support + [f4afbd247edf] + + * sudo.c: + now sets removes # bogus interfaces from num_interfaces + [6f077fac9ab1] + + * parse.lex: + added User_Alias support + [bc7997e5df85] + +1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + removed extraneous TODO + [bc87a3b14d6d] + +1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + ntwk_matches -> addr_matches + [475044e288b8] + + * parse.yacc: + ntwk_matches -> addr_matches + [dd1f4093fd2d] + + * parse.c: + ntwk_matches -> addr_matches now use inet_addr() not inet_network() + (which expects octet boundaries) fixes for OSF (sizeof(int) != + sizeof(long)) + [acd2f556940f] + + * sudo.c: + took out debugging info + [044023063eca] + + * aclocal.m4: + OS was being set to unknown before non-uname based host checks. This + caused no checks to happen since $OS was not zero-length. + [335a7267479d] + + * sudo.c: + fixed loading of interfaces struct still has debugging info in + though + [2d1a18998c1e] + + * parse.c: + fixed typo + [175674a3a9fa] + +1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + ++version + [55d191b5daa3] + + * version.h: + ++ + [d7d1f115696a] + + * visudo.c: + removed extraneous extern decl of "top + [50355621047d] + + * visudo.c: + now zeros "top" + [4e683210345b] + + * parse.yacc: + removed parser_cleanup (no need for it now) + [afa59f222b6c] + + * parse.lex: + now calls reset_aliases() directly + [3a23cbd60fc0] + +1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * OPTIONS: + added a sentence to SECURE_PATH description + [c5bf75b85af0] + + * parse.c: + fixed my stupid bug where I used NAMLEN on something I wanted to + just get the name from. argh. + [111f460f6540] + +1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * lsearch.c: + fixed argument order of memmove() that i hosed when converting from + bcopy(). arghh. + [2f5336045c8b] + + * Makefile.in: + finally fixed DISTFILES line + [a1b419e73a63] + + * Makefile.in: + tabs -> spaces + [280fb03e5764] + + * Makefile.in: + added missing files to DISTFILES + [991fc1cd2263] + + * Makefile.in: + SUPPORTED -> RUNSON + [7580e65b05fb] + +1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + updated + [fe764a29c1cc] + + * RUNSON: + updated for pl5b1 release + [aefc35bd2291] + + * BUGS, TODO: + updated + [8f0ea249b687] + + * check.c: + fixed bug where if you hit return at first sudo prompt it would + still log as a failure + [24539c854692] + + * CHANGES: + updated + [251cc7b3ede4] + + * aclocal.m4: + better test for bogus void * implementation + [efe23180cb88] + + * logging.c: + added PASSWORDS_NOT_CORRECT + [bd12c73f83f7] + + * check.c: + added PASSWORDS_NOT_CORRECT stuff] + [90de391a979f] + + * sudo.h: + added PASSWORDS_NOT_CORRECT + [727fbeb76fc5] + + * tgetpass.c: + moved pathnames.h + [4f910e5a8df7] + + * sudo.c: + removed some unused vars and fixed up uid2str + [70e92c7f9076] + + * putenv.c: + moved compat.h + [b271091586f6] + + * getcwd.c, getwd.c: + added pathnames.h + [6f25218f133f] + +1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + fixed a typo I introduced in the last checkin :-( + [62c3af75c4fe] + + * parse.lex: + can't have #ifdef's where N is defined so just do this the broken + way for AIX + [c5648a5594e4] + + * parse.yacc: + better hack from Chris (but still a hack) + [6b6d8aed93f3] + + * parse.lex: + stupid hack for broken aix lex + [efc3f9e5280e] + + * tgetpass.c: + now includes compat.h + [401822173f77] + + * visudo.c: + now includes fcntl.h + [63865c2f8ac6] + + * compat.h: + added FD_SET and FD_ZERO for 4.2BSD + [00c5597c0bb0] + + * parse.yacc: + dirty hack to fix parser bug. i don't really like this but it works + for now... + [5b8bbdc81569] + + * sudo.c: + uid2str is now static like the prototype says + [f2a97b5cb870] + +1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING: + updated + [6f79c3e92716] + + * RUNSON: + Initial revision + [12a09ef9e884] + + * sudo.c: + check_sudoers now returns an error code and sudo calls inform_user + and log_error based on the return value. + [340eca188d9a] + + * logging.c, sudo.h: + added entries for new errors + [6050d8542e1f] + + * parse.c: + now set uid to that of SUDOERS_OWNER while parsing sudoers file + [3683c42bc9b0] + + * Makefile.in: + took out testsudoers + [65317d49db48] + + * sudo.c: + now explicately checks that it is setuid root + [2fe1be60ef6a] + + * sudo.c: + If a user has no passwd entry sudo would segv (writing to a garbage + pointer). Now allocate space before writing :-) + [d08e7eb5e5ef] + + * configure.in: + reordered AC_CHECK_FUNCS + [4c82e56c6f4f] + + * config.h.in: + fixed memset macro + [77ede6b714ab] + + * tgetpass.c, visudo.c: + bzero -> memset + [1a005bb322c8] + + * logging.c: + bzero -> memset when a parse error is logged the line number of the + error is now logged too + [a42d68047723] + + * INSTALL: + added Sunos to blurb about c2 security + [af750a1d131e] + + * configure.in: + added a SUN4 define for C2 security + [6ad5b23a3eb0] + + * config.h.in: + bcopy -> memmove bzero -> memset + [5494460c8464] + + * lsearch.c: + bcopy -> memmove char * -> VOID * + [a15f5c316e16] + + * check.c: + added support for sunos with C2 security + [03fea5bb21e6] + + * OPTIONS, options.h: + reordered + [1686265af3e1] + + * pathnames.h.in: + _PATH_SUDO_LOGFILE now set based on configure + [5867b58e4a04] + + * configure.in: + added SUDO_LOGFILE and SUDO_TYPE_SIZE_T + [1984d9fd1b5c] + + * config.h.in: + added _SUDO_PATH_LOGFILE + [dd3eebe62580] + + * aclocal.m4: + added SUDO_LOGFILE to find where to put sudo.log added + SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added + SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE) + [c589a515a99a] + +1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * TROUBLESHOOTING: + Initial revision + [f42f1baba3a8] + + * sudo.c: + now do set_perms(PERM_ROOT) before the getpwuid() in load_global() + to work around a problem is trusted hpux shadow passwords. yuck. + [ae1f13b54687] + + * parse.yacc: + backed out a change in malloc/realloc + [ab868db0ad69] + + * parse.yacc: + now include stdlib.h + [957eef0631eb] + + * visudo.c: + now do an freopen() of the stmp file so that yyin will always point + to the same thing. This is important for flex since we are doing a + YY_NEWFILE + [44558922fd3e] + + * parse.yacc: + replaced yywrap() with parser_cleanup() since yywrap() needs to be + in parse.lex to be able to use YY_NEW_FILE. sigh. + [12dd09921074] + + * parse.lex: + now have a rule that matches anything that doesn't match an + explicite rule. well, you know what i mean (. matches anything not + yet matched). However, this means that there is input still queued + up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved + into parse.lex and it calls parser_cleanup() which is most of the + old yywrap() sigh. + [7f4042bc48d6] + + * SUPPORTED: + no longer used + [8f220be4da94] + + * getcwd.c, getwd.c: + moved compat.h to be the last include file + [9f3a65e2d485] + + * parse.yacc: + fixed type of aliascmp() args + [1c27eb989bdf] + + * find_path.c: + NULL -> '\0' + [5c8d8cf1692e] + + * parse.yacc: + added casts to lfind and lsearch args for irix + [61027ddeecf8] + + * Makefile.in: + bsdinstall -> install-sh + [61de6612c5a5] + + * INSTALL: + added info about make realclean + [29c6324d727f] + + * Makefile.in: + updated VERSION added dependencies for visudo.cat + [09077d7229d4] + + * version.h: + -> pl5b1 + [5d21c7ad1a41] + + * sudo.c: + took out -l + [fc1478d81b38] + + * Makefile.in: + now there is a real visudo.man and visudo.cat + [58aeac43a6dd] + + * sudo.man: + took out visudo stuff + [4a6ac4393343] + + * visudo.man: + Initial revision + [cba348843db8] + + * parse.c, parse.lex, parse.yacc: + updated copyright + [ffa16b70944a] + + * README: + updated for pl5 + [a26e423e9e5f] + + * sudo.man: + updated Nieusma & Hieb email addresses + [f0083e71989d] + + * INSTALL: + updated to include options.h and OPTIONS + [ee59e2b76c94] + + * CHANGES, TODO: + updated + [51e011ad5220] + + * BUGS: + eliminated bug #1 (yay) + [e7e88515494e] + + * configure.in: + sunos no longer gets linked statically + [2e5b3ff3108f] + +1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + prototype now uses __P() + [68ecdcab4c70] + + * parse.lex: + make fill() non-ansi + [d6509972260b] + + * parse.c: + made -v (validate) work + [13c9d520638c] + + * logging.c: + now gives host + [f04859cdba5a] + + * find_path.c: + don't check for execute/statable if fq or relative path given + [4bbe851f3973] + + * parse.c: + added a cast + [345c308f72f3] + + * visudo.c: + now include ctype.h for islower and tolower macros + [582c0aa332d5] + + * goodpath.c: + moved _S_IFMT & _S_ISREG to compat.h + [828e4ca4e7b4] + + * sudo.c: + moved a set of parens + [5783474ecf37] + + * strdup.c: + now include compat.h + [75e2036b94af] + + * emul/search.h: + void * -> VOID * + [cedcfaf04161] + + * parse.yacc: + now cast malloc & realloc return vals added search for HAVE_LSEARCH + now use strcmp if no strcasecmp available + [d6a42bc3d4ae] + + * lsearch.c: + void * -> VOID * + [886adc44f607] + + * config.h.in: + removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H, + HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH + [3b50d7fb4349] + + * compat.h: + added _S_IFMT, _S_IFREG, and S_ISREG + [73d506c7d53c] + + * aclocal.m4: + took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results + to most SUDO_* macros + [8442155f5936] + + * Makefile.in: + no more -I. + [63462f195bd4] + + * configure.in: + various 1.x ro 2.x autoconf changes now check for strcasecmp now use + AC_INSTALL_PROG instead of custom one added check for fully woorking + void implementation + [5ac6b6e6230f] + + * Makefile.in: + added lsearch & search.h visudo links into $(LIBOBJS) + [bc119cda4598] + + * aclocal.m4: + partial 1.x to 2.x changes added SUDO_FULL_VOID + [1194d01fa5c5] + + * visudo.c: + whatnow_help was prototyped to be static be was not declared as such + [0f85489dd426] + + * configure.in: + autoconf 2.x changes took out HAVE_FLEX (no longer used) added check + for dirent/dir/ndir.h + [7408f3854948] + + * parse.c: + now use groovy gnu autoconf macro AC_HEADER_DIRENT + [e465db9f5dfa] + + * getcwd.c, getwd.c: + MAXPATHLEN -> MAXPATHLEN+1 + [714d87424e21] + + * emul/search.h, lsearch.c: + Initial revision + [55d79482c535] + +1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + eliminated bison warnings + [61ca0a96da22] + + * parse.lex: + added missing case + [6be0f849747c] + + * visudo.c: + now iincludes signal.h + [221e0fcc144f] + + * parse.yacc: + only clear data structures on a parse error + [7b1c0f1a4527] + + * visudo.c: + whatnow() now gives help on invalid input + [e5a4cd88c587] + + * visudo.c: + added a whatnow() function (sort of like mh) + [932d9b145f1c] + + * parse.yacc: + kill_aliases -> reset_aliases yywrap() now cleans up by calling + reset_aliases() and clearing top took reset stuff out of yyerror() + since it doesn't beling there (and doesn't work anyway). errorlineno + is now initially set to -1 so we can set it to the first error that + occurrs (it was getting set to the last) + [2f71f95a974c] + + * parse.lex: + added a void cast + [18ae6042dce4] + + * visudo.c: + rewrote from scratch based on 4.3BSD vipw.c + [2f6814f18576] + +1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c, sudo.h: + removed ocmnd + [a31735f41ad4] + + * sudo.h: + no more sudo_realpath() and find_path() changed params + [8e85c3b39159] + + * sudo.c: + find_path() changed since no more realpath() + [b25366c7f2ee] + + * parse.yacc: + on error, errorlineno is set to the line where the error occurred + added kill_aliases() to free the aliases struct now clean up in + yyerror() so we can reparse cleanly + [2342f578c27a] + + * options.h, parse.c: + no more USE_REALPATH + [cfc59babeaff] + + * logging.c: + changed to use new find_path() + [91c7a38e7751] + + * find_path.c: + removed all the realpath() stuff + [cc21a43a8562] + + * Makefile.in: + sudo_realpath.c -> sudo_goodpath.c + [03a9b1ddec2f] + + * visudo.c: + now works correctly with utk parser + [08aa554a0ce8] + + * goodpath.c: + Initial revision + [1ea607e1ffb2] + + * sudo_realpath.c: + eliminated a compiler warning + [198bcccc55b6] + + * sudo.c: + elinated compiler warning + [e2384f9a878b] + + * sudo_realpath.c: + added sudo_goodpath() + [43878c4cc540] + + * sudo.h: + added prototype for sudo_goodpath + [23e8627a2265] + + * parse.c: + added support for /sys/dir.h + [eca897087741] + + * options.h: + USE_REALPATH turned off + [620ac8b63d85] + + * find_path.c: + added calls to sudo_goodpath() + [ad170904fbcd] + + * configure.in: + added check for dirent.h + [7964a8c26855] + + * config.h.in: + added HAVE_DIRENT_H + [1f785fec7e19] + + * configure.in: + added in linux shadow pass stuff + [e585a5785f50] + +1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + added back host, user, cmnd, parse_error + [0ec19f3d64f4] + + * visudo.c: + added in utk changes plus some minor cosmetic changes + [c5c1921c8a58] + + * sudo.c, sudo_realpath.c: + added void casts for printf's + [9c6ff11c0082] + + * options.h: + added a define of USE_REALPATH + [db3711c9efc5] + + * configure.in: + there is no more visudoers/Makefile + [36e1bc1f78d0] + + * Makefile.in: + added in utk changes (visudo is now built from the toplevel) + [76203d4b345d] + + * find_path.c: + added (void) casts to printf's + [dd5cb1e060ac] + + * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c: + merged in utk changes + [35563307fd8e] + +1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + now check to see that what we are trying to run is a file (or a link + to a file, we do a stat(2) so there is no diff) + [05889c4bcace] + +1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated + [3e8047bb26fb] + + * Makefile.in: + aclocal.m4 -> acsite.m4 make realclean updated for new autoconf + [0bdbaa7c4c7d] + + * sudo.man: + added myself as maintainer + [77a9d75aab84] + +1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + changed setegid -> setgid + [7f4788d73b6f] + +1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + fixed the test for irix 5.x to skip bad libs + [bfef896de013] + + * aclocal.m4: + now initialize OS and OSREV + [cc302756e440] + +1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + irix5 changes + [ac985b23f5f2] + + * configure.in: + AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1 + compatibility + [0cf8c92a06d7] + +1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ + thing wrt yyrestart (grrrr) + [18e8eabfbb82] + +1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + added visudoers/compat.h to DISTFILES + [db23b574b034] + + * configure.in: + fixed an echo + [7cbc0462b89d] + + * sudo.c: + added ocmnd declaration adjusted for find_path()'s new parameters + [d929cd156474] + + * sudo.h: + added ocmnd extern adjusted find_path() prototype + [e0004daf5d3c] + + * parse.c: + cmndcmp() now takes 3 arguments and checks against the qualified as + well as the unqualified pathname. more code that should use + cmndcmp() but did not, now does + [6f70a8c17bee] + + * options.h: + added to a comment + [7a78680426b2] + + * logging.c: + changed to use new find_path() parameter passing + [840981d30db4] + + * find_path.c: + find_path() now takes 2 copyout parameters (one for the qualified + pathname and one for the unqualified pathname). The third parameter + may be NULL. + [851503b005e9] + + * configure.in: + no longer munge pathnames.h + [427d8796c5a9] + + * pathnames.h.in: + changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h) + as a result, pathnames.h does not need to be run through configure + and the user can override the configured values easily. + [2e378f2ebe88] + + * config.h.in: + added _SUDO_PATH_* entries + [0857de7cebab] + + * aclocal.m4: + _PATH* -> _SUDO_PATH_* + [7601193f56cc] + + * Makefile.in: + updated DISTFILES and HDRS .o's now depend on config.h + [39d8601965cf] + +1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * compat.h: + removed extraneous #endif + [27d4c5f2ce7e] + + * aclocal.m4: + added SUDO_PROG_MV + [76dda3bdd816] + + * configure.in: + added SUDO_PROG_MV added riscos and isc os types took out + -DSHORT_MESSAGE from --with-csops since it is now the default + [68c206ad976e] + + * sudo.c: + move the include of id.h to compat.h now includes options.h + [45a1eaafb3a8] + + * sudo.h: + moved compatibility #defines to compat.h + [0eee27057698] + + * pathnames.h.in: + added _PATH_MV + [e830797ab320] + + * config.h.in: + move __P to compat.h + [188e12e0ba93] + + * getcwd.c, getwd.c, putenv.c: + now includes compat.h + [c72cb6d73981] + + * compat.h: + Initial revision + [d4d2f359ae03] + +1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + pull user-configurable stuff out and put in options.h + [ef929467b070] + +1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex, parse.yacc, visudo.c: + now includes options.h + [e36d7c82add1] + + * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c, + sudo_setenv.c: + now includes options.h + [f186ba03de07] + + * Makefile.in: + added visudoers/options.h + [e5350c476494] + + * OPTIONS, options.h: + Initial revision + [9b6b5001e318] + + * Makefile.in: + added OPTIONS and options.h + [25448341e16a] + + * logging.c: + changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE + [5dd6385dd1d3] + + * check.c, sudo.h: + changed PASSWORD_TIMEOUT to minutes + [0ec6aab98738] + +1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + now only do Editor +line_num if line_num != 0 + [b69f04b5e3c7] + +1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + now use mv if rename(2) fails + [83210dca1bab] + + * BUGS: + added a visudo bug + [d61a806f9aa7] + + * check.c: + expanded comment + [641f2cba94cb] + +1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + fixed user_is_exempt to return 0 if EXEMPTGROUP is not set + [7a11135039a8] + +1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + added mips & isc support + [e258dc053119] + + * parse.c: + added support for non-root owned sudoers file + [fea07e65a0fc] + + * check.c: + added exempt group support + [928fb4bd9ad5] + + * sudo.h: + added set_perms() support added SUDOERS_OWNER so can have non-root + own sudoers file added exempt group support added isc support + [61c578d31fc1] + + * visudo.c: + now copy sudoers to temp file via read/write (not stdio) now chown + new sudoers file to SUDOERS_OWNER + [a5176c59df70] + +1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added skey support + [35a8d2fabdb7] + + * sudo_realpath.c: + be_* -> setperms() + [a1631d686e1c] + + * sudo.h: + fixed typo added set_perms support added skey support added + seteuid()/setegid() emulation for AIX + [c0c8d6771406] + + * sudo.c: + be_* -> setperms() now check to make sure sudoers file is owned by + root nread/write by only root + [13ab1e261f1a] + + * logging.c, parse.c: + be_* -> setperms() + [21499d845c8f] + + * check.c: + be_* -> set_perms() added skey support + [df51b56871c1] + +1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + ++version + [3c1abbe4e43c] + + * version.h: + ++ + [1d2f9b540a95] + +1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now sets IFS + [eabbb41b9f08] + + * insults.h: + fixed typo + [c7997f19216e] + +1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + added HAVE_SKEY + [da948ec4186b] + +1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated + [f4b55ab007ea] + + * Makefile.in: + ++version + [0489068b8c95] + + * version.h: + ++ + [d189faedf423] + + * sudo.c: + now bail if ARgv[1] > MAXPATHLEN + [0cea8ecc9dc2] + + * configure.in: + added function check for tcgetattr(3) + [e03289b22c2f] + + * config.h.in: + only define HAVE_TERMIOS_H if you have tcgetattr(3) + [757eab83d1a2] + + * config.h.in: + added check for tcgetattr + [c5ae92715930] + +1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated + [cbc419883108] + +1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + now only include unistd.h for linux + [e9adeab95ef0] + +1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + added visudo.8 generation + [d6a3f0f887f8] + + * configure.in: + added -Wl,-bI:./aixcrypt.exp to aix flags + [72594a21edcf] + +1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS: + added one + [9993a349e096] + + * CHANGES: + updated + [297b31ec4cdd] + + * README: + added mailing list info + [10372f94a2b2] + + * parse.yacc: + now use sudolineno instead of yylineno fixed bison warnings + [25a83e62057b] + + * configure.in: + now use -no_library_replacement for osf don't make a static binary + for hpux >= 9.0 + [1fa7b892f1a3] + + * tgetpass.c: + added string.h/strings.h inclusion + [71faa98fc0a1] + + * config.h.in: + added ssize_t def + [406284bd1ac0] + + * parse.lex: + added inclusion of string.h/strings.h + [6985b1df5d09] + + * aclocal.m4: + fixed uname | sed (needed to quote the '[') + [4cd2d3415c1a] + + * parse.lex: + replaced yylineno with sudolineno fixed bison syntax errors + [0bd31a5fab26] + + * visudo.c: + changed yylineno to sudolineno since yylineno cannot be counted + upon. + [38c30104d0ae] + + * TODO: + updated + [5d4746f1a752] + + * parse.c: + added code to support command listings + [030172e133fd] + + * sudo.c: + added code for -l flag + [801dbbc82778] + + * sudo.man: + fixed typo added info for -l flag + [8916ca945d65] + + * configure.in: + AC_SSIZE_T -> SUDO_SSIZE_T + [c61f7f47013f] + + * aclocal.m4: + added SUDO_SSIZE_T + [0ccdb77be84d] + + * sudo.h: + added MODE_LIST + [9b2bd844c76c] + + * configure.in: + added AC_SSIZE_T + [35cca208f9b5] + + * find_path.c, sudo_realpath.c: + readlink() is now declared as returning ssize~_t + [0640a08d1407] + + * configure.in: + added -laud for OSF c2 + [b7539c905efc] + +1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, visudo.c: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + [067fd9bcb5e1] + + * config.h.in, parse.lex, parse.yacc, pathnames.h.in: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu + [fc46e7c7110a] + + * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c, + parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c, + sudo_setenv.c, tgetpass.c, version.h: + changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed + [d1d4fbc53a98] + +1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in: + ++version + [b7066d97633f] + + * version.h: + ++ + [65ec69d88110] + + * logging.c: + added host to alertmail messages + [d973c19ce777] + + * CHANGES, TODO: + udpated + [5a65eb16faeb] + + * logging.c: + fixed logging problem where mail would not say which user it was + [35723edcc5d2] + + * configure.in: + added -laud for gcc if osf & c2 + [18f1e0ae5548] + + * check.c: + moved set_auth_parameters to sudo.c + [d23112fe01db] + + * sudo.c: + added set_auth_parameters for osf + [eb70f65214ac] + + * configure.in: + cleaned up -static stuff + [01e9575f0422] + + * Makefile.in: + ++version + [7ac3bff5c770] + + * version.h: + ++ + [10a4ff478469] + + * sudo.c: + changed setenv() to sudo_setenv() + [40a78abb9946] + + * check.c: + fixed osf problem + [3d69b118efb8] + + * configure.in: + added OSF C2 stuff + [38cff3ad4093] + + * CHANGES: + updated + [cd341dd0581a] + + * check.c: + added osf auth support & removed some extra spaces + [a448cdd81514] + + * INSTALL, SUPPORTED: + added osf C2 stuff + [f70484796146] + +1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + added 2 suggestions + [695fbdbd86e6] + + * Makefile.in: + removed README.v1.3.1 and added VERSION stuff + [f69403eb04c6] + + * version.h: + pl1 + [21580c0f8cb1] + +1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.h: + 1.3.1final + [630114970298] + + * Makefile.in: + added HISTORY + [901bff251614] + + * sudo.man: + mention HISTPRY file + [86dbcfd4326e] + + * sudo.c: + use sizeof instead of a constant in 1 place + [d819604c68ca] + + * parse.yacc: + added unistd.h + [6f9500f9fe7e] + + * parse.lex: + added unistd.h + [468b81a276eb] + + * README: + udpated + [7e275618923a] + + * HISTORY: + Initial revision + [5db1b0a3939b] + +1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.h: + ++ + [7dfbb4a810bb] [SUDO_1_3_1] + + * CHANGES: + updated + [7820ee610bf8] + + * sudo_setenv.c: + added unistd.h include + [30cf2b654525] + +1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + added sys/time.h for AIX + [199fc8caf3a3] + +1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added check for -lsocket and sys/sockio.h + [f9abfbb31031] + + * config.h.in: + took out libshadow check and added in sys/sockio.h check + [0c4b0393ac80] + + * sudo.c: + now include sockio.h instead of ioctl.h if it exists "sudo -" now + gets a better error message + [53041bea5483] + + * sample.sudoers: + now has a dir and subnet entry + [56b820f65438] + +1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + removed if_ether.h + [b4f64507493e] + + * TODO: + added an item + [ea2a1bb6922a] + + * sudo.man: + added network and ip addresses to man page + [01c85016511f] + + * sudo.c: + no error if can't get interfaces or netmask since networking may not + be in the kernel. + [50b8890e2134] + + * parse.c: + nwo check for interfaces == NULL + [dc1b3eef0db2] + + * parse.c: + fixed a bug that caused directory specs in a Cmnd_Alias to fail if + the last entry in the spec failed (ie: it was only looking at the + last entry). CLeaned things up by adding the cmndcmp() function--all + neat & tidy + [007e93578e5e] + + * CHANGES: + added one + [40e8a2cef497] + +1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now do two passes to skip bogus interfaces (lo0, etc) + [465e30aecaf7] + + * parse.lex, parse.yacc, visudo.c: + added include of netinet/in.h + [11e3816ed362] + + * logging.c, sudo_realpath.c, sudo_setenv.c: + added ninclude of netinet/in.h + [daccfa40fe1e] + + * check.c, find_path.c, getcwd.c, getwd.c: + added include of netinet/in.h + [0222f95e06ad] + + * version.h: + ++ + [d6b0cfa35a38] + + * sudo.h: + added interfaces global + [ba52fa8ad75e] + + * parse.c: + now uses new interfaces global + [17473ad5ecba] + + * sudo.c: + now ip addresses are gleaned fw/o dns + [8828bb2007e0] + +1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + added load_ip_addrs() to load the ip_addrs global var + [60c825f04238] + + * parse.c: + added hostcmp() to compare hostnames, ip addrs, and network addrs + [ab0e40e37537] + + * sudo.h: + added ip_addrs def added load_ip_addrs prototype + [c41c565d0777] + +1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated + [2a128dbe9bcb] + + * Makefile.in: + removed multiple entries in DISTFILES + [2490f4f371e6] + + * visudo.c: + ansified the !STDC_HEADERS decls + [646ba06d17ae] + + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c: + don't do malloc decl if gnuc + [f1bad1925f98] + + * sudo.c: + can't use getopt(3) since it munges args to the command to be run as + root don't do malloc decl if gnuc + [38e78f6da14e] + + * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c, + sudo_realpath.c, sudo_setenv.c: + ansi-fied !STDC_HEADER function prottypes + [51d8cad89976] + + * getcwd.c, getwd.c: + added missing paren + [6a1fae70e27e] + + * Makefile.in: + added putenv.c to DISTFILES + [a5e4523eabbb] + + * sudo_setenv.c: + added params to func decls when STDC_HEADERS is not defined now can + count on putenv() being there + [fd587796189b] + + * sudo_realpath.c: + took out errno decl since sudo.h does it for us fixed up a next cc + warning added params to func decls when STDC_HEADERS is not defined + [70fa5152ace6] + + * sudo.h: + took out environ extern added local declaratio of putenv() if local + version is needed + [a84bae6c020d] + + * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c: + added params to func decls when STDC_HEADERS is not defined + [f406f0e47ac0] + + * config.h.in: + added memcpy check check to see that ansi vs bsd macros are ntot + already defiend before defining (ie: avoid redefinition) + [879ae026e19f] + + * configure.in: + removed fluff setenv check plus check w/ replace for putenv if also + no setenv + [e3c03814ad4b] + + * putenv.c: + Initial revision + [3cff63e2dc1b] + +1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo_setenv.c: + Initial revision + [4d637631fa6b] + + * sudo.h: + rm'd s realp[ath added sudo_realpath and sudo_setenv + [07ba001ff57e] + + * sudo.c: + now use sudo_setenvc + [fd81e04d5ef0] + + * configure.in: + added puteenv and setenv, removed realpath + [27bfacfb513b] + + * config.h.in: + added putenv & setenv + [515f14eaf6e4] + + * Makefile.in: + added sudo_setenv + [217731a717c5] + + * version.h: + ++ + [eadb346d7129] + +1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added MAN_POSTINSTALL and /usr/share/catman for irix + [2a9496c1bdba] + + * Makefile.in: + added MAN_POSTINSTALL + [89b0d4695529] + + * CHANGES: + added + [48c021ba8a70] + + * sudo.man: + added SUDO_* plus new options + [c0759cff5683] + + * CHANGES: + added one + [7d44a3922d56] + + * configure.in: + took out shadow lib + [07cf3de18701] + + * TODO: + adde done + [a27a578e8afe] + + * visudo.c: + now use yyrestart() if flex now reset yylineno to 0 + [77d67ce0b677] + + * Makefile.in: + support for installing a cat page instead of a man page if no nroff + [44671c0fc0fa] + + * configure.in: + now defines HAVE_FLEX fixed up man stuff so that it looks for nroff + to determine whether or not to install a cat or man page + [0562d069c135] + + * config.h.in: + added HAVE_FLEX + [c5490bae39d3] + + * sudo.c: + not set ret to MODE_RUN initially + [88b4983c195b] + + * find_path.c: + made command (and therefor cmnd dynamically allocated) + [95b82e32b6de] + + * TODO: + did #8 + [fb6f41308cdf] + + * version.h: + ++ + [14112ecab5ae] + + * sudo_realpath.c: + changed bufs from MAXPATHLEN to MAXPATHLEN+1 + [0ad4f34e55c0] + + * sudo.h: + added MODE_ removed validate_only and added remove_timestamp() + [dd5f99c57728] + + * sudo.c: + usage() now takes an int (exit value) added parse_args() to parse + command line arguments moved call to find_path() from load_globals + to new function load_cmnd() removed validate_only global -- now use + the concept of "modes" added -h and -k options + [c3887090b28a] + + * parse.c: + no longer use global validate_only now checks for command called + "validate" removed check for non-fully qualified commands since that + is done by find_path + [7d56fbd26369] + + * find_path.c: + changed MAXPATHLEN r to MAXPATHLEN+1 + [a86e8664d971] + + * find_path.c: + fixed off by one error with MAXPATHLEN and fixed a comment + [58adcef8c981] + + * check.c: + check_timestamp no longer runs reminder(), it is implied in the + return val added remove_timestamp() + [42ab5a77066f] + + * CHANGES: + updated + [8e69b31df024] + +1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS: + fixed on + [bc34f1ac4280] + + * sudo_realpath.c: + took out old_errno + [a168d00a0768] + + * CHANGES: + updated + [04ba80922df7] + +1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + moved send_mail to after syslog + [4d4188087834] + + * sudo.c: + now set SUDO_ envariables + [e5963f1bd3bb] + +1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.h: + ++ + [2a4534845d8c] + + * sudo_realpath.c: + now print error if chdir fails + [0d75c8973d49] + + * find_path.c: + removed an XXX + [e2077bcb35aa] + +1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated + [e30a2b39b41a] + + * configure.in: + no more static binaries for aix + [77a0beb6bd80] + +1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * INSTALL: + fixed typo + [ba5e0d391bc4] + + * sudo_realpath.c: + took out stuff not needed for sudo now does be_root/be_user itself + now uses cwd global + [4f6d4641d793] + + * version.h: + +=2 + [97da927b297c] + + * logging.c, sudo.c: + be_root/be_user is now down in sudo_realpath() + [f331662fa50f] + + * logging.c, sudo.h: + now works with 4.2BSD syslog (blech) + [98e39d89dd36] + + * find_path.c: + now use sudo_realpath() + [ab436a8ebd02] + + * config.h.in: + took out realpth() stuff since we now use sudo_realpath() + [8de5ef9f6044] + + * configure.in: + ultrix enhanced sec + [815fb7fffcc0] + + * SUPPORTED: + added ultrix enhanced sec. + [6466766c8062] + + * INSTALL: + updated + [d681a634297a] + + * check.c: + ultrix enhanced security suport + [f10c8decbcc2] + + * Makefile.in: + added sudo_realpath.c + [6b9bcd3be022] + + * CHANGES: + updated + [2fa8084c1b53] + + * tgetpass.c: + increased passwd len to 24 for c2 security + [ec64838be62d] + + * BUGS: + updated BUGS + [ca00d8fec2ce] + +1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + now use user global var + [568769719013] + + * configure.in: + took out -ls + [490a44180d5f] + +1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added AFS libs + [4fb40c8c01ba] + + * sudo.h: + user is now a char * added epasswd + [27a919fafdfb] + + * sudo.c: + added tzset() to load_globals added epasswd (encrypted password) + global made user dynamically allocated + [b99ef9bdbfce] + + * configure.in: + added tzset test + [27592dd1214b] + + * config.h.in: + added HAVE_TZSET + [b13f4213f3d0] + + * check.c: + cleaned up encrypted passwd grab somewhat + [c8ba9a4db38a] + + * configure.in: + fixed AFS typo + [2bfcbce237b6] + + * INSTALL: + added AFS not + [80c67329393c] + + * CHANGES: + udpated + [2f09ecdd5d31] + + * logging.c: + can now log to both syslog & a file + [4d5c0932bc01] + + * sudo.h: + added BOTH_LOGS + [623c539be824] + + * CHANGES: + updated + [a1c7f5ef3616] + + * configure.in: + --with-AFS + [28718d8f5daf] + + * config.h.in: + added HAVE_AFS + [2e32bb4e63e4] + + * check.c: + added afs changes + [fe4d0ff320a2] + + * sudo.h: + removed AFS stuff :-) + [a40387e6fa27] + + * tgetpass.c: + include sys/select for AIX + [f32c5a8f2c84] + + * sudo.h: + added AFS + [da2ab3dd0348] + + * version.h: + ++ + [452d4dfe25af] + +1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES, SUPPORTED: + updated + [e7dfe6f23a37] + + * logging.c: + can now have MAILER undefined + [1d33b98b35e1] + + * INSTALL: + new sub-note about MAILER + [d35c636a0574] + + * sudo.man: + added blurb about password timeout + [70c2ee50de20] + + * configure.in: + convex c2 changes + [367138a6232e] + + * aclocal.m4: + took out duplicate define of _CONVEX_SOURCE + [647182138450] + + * Makefile.in: + added OSDEFS + [7fdcd50602d1] + + * config.h.in: + added spaces + [f2b8a05e48f3] + + * tgetpass.c: + added a goto if fgets fails + [68a6586d9c45] + + * sudo.h: + use __hpux not hpux convex c2 stuff + [5c377a8d5f34] + + * sudo.c: + use __hpux not hpux + [9363bc0f9f9e] + + * logging.c: + convex c2 stuff + [ea5630975ac4] + + * config.h.in: + define ansi-ish cpp os defines if non-ansi are defined for hpux & + convex + [664f53a5e786] + + * INSTALL: + updated to say we support sonvex C2 + [5f2f8b87013e] + + * check.c: + added convex c2 support + [9a665d4918fa] + +1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + no more ioctl never returns NULL uses fgets() and select() to + timeout + [b333e6d63e97] + +1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + things were testing -n "$GCC" instead of -z "$GCC" + [059a9b15ede2] + + * tgetpass.c: + now works + uses fgets() + [353d7ebcb7bb] + +1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + select doesn't seem to recognize a single '\n' as input waiting so + we can;t use it, sigh. + [f76e3218b835] + +1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * PORTING: + updated tgetpass() blurb + [95baac736b49] + + * configure.in: + added --with-getpass + [42ac0bdf58ed] + + * Makefile.in: + added tgetpass stuff + [e2b38c635663] + + * tgetpass.c: + now uses stdio + [36af8ff66e35] + + * version.h: + ++ + [4e81c9db19bd] + +1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * PORTING: + updated ,. + [54f523770a05] + + * config.h.in: + added USE_GETPASS && HAVE_C2_SECURITY + [86b355cb2953] + + * configure.in: + fixed a test aded --with-C2 and --with-tgetpass + [abf6181588ef] + + * check.c: + added hpux C2 shit + [20d4177ffa88] + + * Makefile.in: + took out tgetpass.* + [cc82fd9984b4] + + * INSTALL: + added C2 blurb + [1d2bfc35e4b6] + +1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + no termio(s) for ultrix since it is broken + [d3e82e835350] + + * check.c: + added a space (yeah, anal) + [05e4b31ca68c] + + * realpath.c, sudo_realpath.c: + fixed it (duh, rtfm) + [f13097cb8cb6] + +1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + took out bsd signal stuff for irix + [e179cdafc97a] + + * visudo.c: + comments in #endif + [e3a629190f5e] + + * configure.in: + don't define BSD signals for irix + [3ce57bffb7f0] + + * TODO: + did some... + [274241cd0f74] + + * CHANGES: + updated + [8f29fc755faf] + + * realpath.c, sudo_realpath.c: + took out unneeded code by changing where a strings was terminated + [b5564d62d30e] + +1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * realpath.c, sudo_realpath.c: + fix bug where /dirname would return NULL + [b85f470daf26] + + * sudo.h: + move __P to config.h + [7763c0ff3f28] + + * getcwd.c, getwd.c, realpath.c, sudo_realpath.c: + added errno definition + [4cc9d2d9782a] + + * config.h.in: + added __P + [ca06f5aa58f3] + + * config.h.in: + added HAVE_FCHDIR + [206d714641e0] + + * strdup.c: + now include stdio + [0d8458da0e1d] + + * realpath.c, sudo_realpath.c: + now works if no fchdir + [e035911b6722] + + * visudo.c: + define SA_RESETHAND to null if not defined + [afec03e84342] + + * configure.in: + added check & replace + [c1a65481441c] + + * configure.in: + took out -static for nextstep -- it doesn't work + [fa1a1a611743] + +1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + moved #endif to where it belongs + [07d3a8972097] + + * SUPPORTED: + correction + [0c1ecba3e5a3] + + * configure.in: + now checks for strdup realpath getcwd bzero + [f029a1917515] + + * config.h.in: + emulate bzero + [d792352e44a3] + + * visudo.c: + added posic signals + [2ed0005f90fc] + + * tgetpass.c: + bzero cast + [6d91b1a1526f] + + * logging.c: + added posix signals + [67ede9c22a05] + + * configure.in: + removed BROKEN_GETPASS added new srcs toreplace missing functions + [cf44274bb1c8] + + * config.h.in: + added posix signal stuff + [a3c1c98fe8ef] + + * Makefile.in: + added new srcs + [b6a079afee47] + + * visudo.c: + updated useag + [589ed091c44f] + + * tgetpass.c: + now uses posix signals + [30f74964074f] + + * PORTING: + updated sto reflect major changes + [bcfc309e017b] + + * CHANGES, TODO: + updated + [23aacbd54278] + + * tgetpass.c: + uses sysconf() if available + [a27431c90bab] + + * sudo.h: + added PASSWORD_TIMEOUT + prototypes for new functions + [d7473c2f77c4] + + * realpath.c, sudo_realpath.c: + for those w/o this in libc + [1e47aa7a9d46] + + * getcwd.c, getwd.c: + Initial revision + [c90dea57a84f] + + * find_path.c: + rewrote to use realpath(3) - nis now all my code + [d2c3bb8fb37d] + + * config.h.in: + added HAVE_REALPATH + [02c10352a8c7] + + * check.c: + now use tgetpass + [b5c021fc179f] + + * Makefile.in: + added LIBOBJS use tgetpass.c + [230a7b3eeaa3] + +1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * tgetpass.c: + works now :-) + [025e7a3875ba] + + * tgetpass.c: + Initial revision + [3316ab33b230] + + * pathnames.h.in: + added /dev/tty + [29242585e53f] + +1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * version.h: + incremented + [f2e54b48280f] + + * sudo.c: + always use getcwd + [c6068e8a4029] + + * config.h.in: + added check for getwd + [ab1e102ad673] + + * configure.in: + replace strdup & realpath & getcwd if missing + [b0eb14f2a1c3] + + * pathnames.h.in: + added _PATH_PWD + [309d2388f69a] + + * aclocal.m4: + added SUDO_PROG_PWD + [e16e85deb96c] + + * strdup.c: + Initial revision + [810efdc15007] + + * realpath.c, sudo_realpath.c: + Initial revision + [d85eee438e09] + +1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + quoted quare brackets + [d0e7ca111d98] + +1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + no need to strdup() a constant + [a8c44712df9a] + + * CHANGES: + updated + [71364129cca0] + + * sudo.man: + added validate + [0bb198095a26] + + * sudo.c: + added -v to usage + [31ea71f11dbb] + + * parse.c, sudo.c, sudo.h: + added validate_only stuff + [9bcd853d3c90] + +1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now finds sed + [6374bb0d3f28] + + * aclocal.m4: + $OSREV is now an int + [ace0666d66cf] + +1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + added mtxinu to caser + [73a776887b16] + + * sudo.h: + added EXEC macro + [2e8eb28b710a] + + * sudo.c: + now use the EXEC nmacro now only do a gethostbyname() if FQDN is set + [56afb4f658d5] + + * logging.c: + changed mail_argv[] def now use EXEC() macro + [ddcabd28edb1] + + * check.c: + took out crypt() definition + [0e657724cf5f] + + * version.h: + upped the version + [62c5d66119fc] + + * configure.in: + always look for -lnsl + [d7b594f0313b] + + * aclocal.m4: + added an echo + [1caae3491dc5] + + * sudo.h: + SHORT_MESSAGE is now the default + [cfce35c3119a] + + * config.h.in: + fixed typo + [6499a564bf75] + + * configure.in: + added missing AC_DEFINE(SVR4) for solaris + [feef0b17b94f] + + * sudo.man: + documented the -v flag + [a6429f2bc2cf] + + * SUPPORTED: + updated + [088886e79540] + + * check.c: + proto-ized crypt() + [801e4ff5b121] + + * config.h.in: + added LIBSHADOW undef + [8df588e9ee2b] + + * configure.in: + nwo set OS to be lowercase + [561ebed833e4] + +1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now use SUDO_OSTYPE to set $OS + [0e60aee23098] + + * aclocal.m4: + now use uname to determine os + [99705e58d400] + + * visudo.c: + added prototypes & moved sig handler around + [1f0bc8d23b51] + + * sudo.h: + added prototyppes + [be3935a2b163] + + * check.c, logging.c, sudo.c: + added prototypes + [2079b4605ab8] + + * parse.c: + added comment + [a34d147d8399] + + * config.h.in: + nwo use _BSD_SIGNALS not _BSD_COMPAT + [63663195f047] + + * aixcrypt.exp: + Initial revision + [890aed08357e] + + * Makefile.in: + added aixcrypt.exp + [1005a183105f] + + * parse.lex, parse.yacc: + moved config.h to top of includes + [9569c49aa5f3] + +1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + now don't bitch if get EACCESS (treat like EPERM) + [dbeffb638de4] + + * visudo.c: + added -v flag and usage() + [4d44ed60ed75] + + * version.h: + fixed a typo + [cf3f9347ae41] + + * sudo.c: + cast Argv to a const for exec added -v flag + [d11b6efc0e45] + + * logging.c: + mail_argv is now a const + [93bb5d90bb6f] + + * configure.in: + only set RETSIGTYPE if it is not set already + [c97aac260b77] + + * aclocal.m4: + now defines & STDC_HEADERS for Irix + [9c2b24ad1fc5] + + * Makefile.in: + added version.h + [9f79e880229a] + + * insults.h, sudo.h: + prevent multiple inclusion + [d68c8a9243ce] + + * version.h: + Initial revision + [dbb39c5ef8d9] + + * parse.lex, parse.yacc: + now includes config.h + [f117e036a56b] + + * aclocal.m4: + now talks about sunos 4.x + [c9054aa92d4e] + + * visudo.c: + calls to Exit now pass an arg + [a92104670551] + +1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + signal handler now takes an int argument + [26f480c41523] + + * CHANGES: + updated + [8c166a9d796b] + + * sudo.c: + ok, the getcwd() is now *really* done as the user + [ab86cf85134a] + + * configure.in: + changed AIX STATIC_FLAGS + [b9c0a3ba5663] + + * aclocal.m4: + solaris now defines SVR4 + [c3e20cac96f5] + + * sudo.h: + added cwd and fixed stupid core dump that makes no sense. sigh. + [7a9755436dbb] + + * sudo.c: + moved getcwd stuff into load_globals + [ec2bc90df1f3] + + * parse.c: + took out externs that are in suod.h + [93c4b3f856d7] + + * logging.c: + moved cwd into load_globals + [050de754d228] + + * find_path.c: + moved cwd stuff + [22f3f3b4c34d] + + * Makefile.in: + fixed make distclean & realclean + [c9964d89bcef] + + * TODO: + updated ., + [e513581ef0e3] + + * CHANGES: + added solaris changes + [505d930daf27] + + * aclocal.m4: + added solaris changes, need to rework + [33f20fb16c49] + + * configure.in: + cleaned up for solaris + [2fb8cfa05d0f] + + * logging.c: + reinstall reapchild signal handler for non-bsd signals + [3d1dc545113d] + + * sudo.h: + took out getdtablesize() emulation for HP-UX (no longer needed) + [1fc83d170f34] + + * sudo.c: + support for HAVE_SYSCONF + [50ca2a7a224a] + + * visudo.c: + added <fcntl.h> for solaris & reorg'd the includes + minor prettying + up / + [0a570e826dd4] + + * config.h.in: + added HAVE_SYSCONF + [2b9a9f3a4e94] + +1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now tells you what os you are running /. + [06c6332a895b] + + * aclocal.m4: + took out extra ',' + [e8c75ce59f4a] + +1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * config.h.in: + added _BSD_COMPAT + [73c5099806c2] + + * aclocal.m4: + fixed for irix5 + [1047d1f6c0eb] + + * CHANGES: + updated + [1bc4969fee96] + + * sudo.c: + uid seinitialized to -2 + [8d7812b1878b] + +1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + now removes LIBPATH for AIX + [075392eb1dd9] + +1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * configure.in: + now uses ufc if it finds it + [ab6ce30a5958] + +1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + no longer define yyval & yylval since yacc does it + [09d250aea50a] + + * parse.lex: + now defines yylval as extenr + [8ec2b88952bc] + + * configure.in: + BROKEN_GETPASS is now an OPTION + [3714f4bb8312] + + * config.h.in: + took out BROKEN_GETPASS + [9c4f6aa50137] + + * Makefile.in: + took out big comment + [4c13cff0e556] + + * README: + updated + [b8b9902b620d] + + * Makefile.in: + took out README.beta + [ed2cd861e82b] + + * SUPPORTED: + Initial revision + [2fffc51e6606] + + * INSTALL: + now reference SUPPORTED ., + [d112c30be1f2] + + * config.h.in: + now check for convex OR __convex__ + [a0e5701a3069] + + * aclocal.m4: + now check for convex or __convex__ + [5dae2bfbe3bc] + + * Makefile.in: + added dist target + [400a54de57db] + + * aclocal.m4: + use __convex__ + [58a19470ed0b] + + * find_path.c: + now use _S_* stat stuff to be ansi-like + [28cce560e048] + + * INSTALL: + updated for configure directions + [a034ccc7c30a] + + * Makefile.in: + distclean now removes config.h and pathnames.h + [300f2349b4ab] + + * CHANGES: + updated + [646f7e9430c1] + + * TODO: + fixed typoe + [70fd6361b2bc] + + * visudo.c: + updated version + [cf13d87d789f] + + * Makefile.in: + updated version + [8c5dacc27a7a] + + * config.h.in, pathnames.h.in: + added copyright header + [747ce3d3d6b7] + + * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex, + parse.yacc, sudo.c, sudo.h: + udpated version + [4751c39bad18] + + * visudo.c: + udpated to use configure + pathnames.h + [d45dff76a1cd] + + * aclocal.m4: + updated + [f05a367a55be] + + * Makefile.in, config.h.in, configure.in: + updated + [524778598879] + + * sudo.h: + now works with configure + [83fc40e533f4] + + * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c: + updated to work with configure + pathnames.h + [cb67fa6ab52d] + + * Makefile.in: + added LEXLIB + [f43cad4ab0a2] + +1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * COPYING: + updated gnu general licence to versio 2 + [2b0b56112ddc] + + * config.h.in, pathnames.h.in: + Initial revision + [4b586f39ec2d] + + * sudo.h: + changed to work with configure + [13f3506ddf16] + +1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * Makefile.in, aclocal.m4, configure.in: + Initial revision + [a8636ae77371] + + * visudo.c: + now uses defines used by configure + [de438d118993] + +1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + sudo won't bitch about EPERM now, for real + [ce26d9ef7e3f] + +1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * logging.c: + renamed exec_argv to eliminate a libc name clash with ksros + [bcb4350d8411] + + * CHANGES: + corrected + [dae68d422efd] + + * logging.c, sudo.c, sudo.h: + execve -> execv + [40cc2c4bdb15] + + * TODO: + upated + [9275a8b8fc45] + + * PORTING: + added 2 mroe items + [6cbb5c56993c] + + * CHANGES: + updated + [73f34f8e571a] + + * sudo.h: + added UMASK and mode_t declaration + [7c2015e1d171] + + * sudo.c: + added UMASK + [d37be7523680] + + * logging.c: + now opens log file with mode 077 + [0825cc3ee841] + + * check.c: + saved current umask ans restores it + [659c1aaae8e8] + + * sudo.h: + added MAXLOGFILELEN + [34331c7dee90] + + * logging.c: + split long log lines. FOr syslog, split into multiple entries, for a + log file, indent the extra for readability + [72c9e4cdba6e] + +1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + added changes + [81196833673d] + + * sudo.h: + MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be) + [1aa69e903840] + +1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + added input from Brett M Hogden <hogden@rge.com> + [80f01fc88ce9] + +1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + added rmenv() to remove stuff from environ. can now uses execvp() OR + execve() becuase of this. + [e7fc2535bd67] + + * logging.c: + now uses execvp() OR execve() + [56391aa1f99d] + + * sudo.h: + added USE_EXECVE + [f21f38050b95] + + * sudo.h: + added environ + [6b805e23c6f6] + + * find_path.c: + now ignore EPERM + [c8fd7117a1d7] + + * sudo.h: + moved some func decls out of sudo.h and into sudo.c as statics /. + [5f555c267d27] + + * CHANGES: + updated + [431f478af320] + + * sudo.h: + took out Envp + [6f722be7793d] + +1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * BUGS: + Initial revision + [4a8ecf0da95c] + +1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + added SECURE_PATH + [1c72cb222609] + + * sudo.c, sudo.h: + added SECURE_PATH + [5bf5357a63c5] + + * sudo.h: + added SECURE_PATH + [3976a74405ac] + + * INSTALL: + added sample.sudoers note + [1b395d29aaeb] + + * sudoers: + Initial revision + [485888d07477] + +1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + fixed typo + [bfc3cc4d41ca] + + * PORTING: + took out SAVED_UID garbage + [b7c2d3469661] [SUDO_1_3_0] + + * INSTALL: + mentioned HAL + [253d6695df90] + + * sudo.h: + added HAL line + [29ec1a4ac6de] + + * insults.h: + added HAL insults + [7d7c96d77c74] + + * TODO: + updated + [aa2ed9790586] + + * logging.c: + more verbose error if mailer not found + [fca47fd00cb6] + + * check.c: + now do getpwent as root for soem shadow password systems (bsdi) + [e0339e110d46] + +1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + took out SAVED_UID garbade + [fcb0e81dcdb5] + + * sudo.c: + took out SAVED_UID garbage since it don't work + [507e9513e9c2] + +1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + updated + [d2b6b253dae5] + + * insults.h: + added a missing space :-) + [8940ea991f87] + + * sudo.c, sudo.h: + took out multimax cruft + [c2606b365181] + + * INSTALL: + minor update + [05fb6ee73131] + + * PORTING: + finished + [c4ac47c84dc5] + + * sudo.c: + fixed a typo + indentation + [7eab40aae8fa] + +1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + took outumoved some defines to the config file ,. ,. + [defff05beb52] + + * PORTING: + Initial revision + [c803e9127959] + + * TODO: + did #6 + [c6fa1c946c31] + + * sudo.h: + added HAS_SAVED_UID + [6a88a39c0a07] + + * sudo.c: + put back AIX cruft + [a24d2507ddd4] + +1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + aix changes + [1663915f754a] + +1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * CHANGES: + updated + [a8cc73747cae] + + * check.c, logging.c, parse.c, sudo.c, sudo.h: + now is only root when abs necesary + [3c9d12c5cdfe] + + * check.c: + added missing %s\n + [609320b72d89] + +1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com> + + * install-sh: + Initial revision + [b5bba140a175] + + * TODO: + updated + [c9d2eba602af] + + * CHANGES: + updated + [932f1fc3bb14] + + * sudo.c: + now removed _RLD_* for alphas + [54a36e648158] + + * INSTALL: + updated for new config scheme + [61c8ae800444] + + * find_path.c: + more verbose eror messages + [b4fd123db42d] + +1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * TODO: + now have solaris + [371002fbf266] + + * sudo.h: + define __svr4__ for SOLARIS + [0b5cf5ed936d] + + * check.c: + added svr4 junk for shadow pws for solaris 2.x + [91ed58f21618] + + * check.c, sudo.c: + took out setuid(0) and setreuid(udi) garbage. Its not needed since + we start out setuid with the correct perms. + [07689e782b0b] + + * check.c, sudo.c, sudo.h: + now use setreuid() + [7d64d685d78e] + +1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man: + revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES + sectoin + [b26967b1e19b] + + * visudo.c: + now uses ENV_EDITOR if you want to use the EDITOR envar + [a4f8fcb9bd1d] + + * sudo.h: + now uses ENV_EDITOR if you want to use the EDITOR envar >> . + [028cc55c4328] + +1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com> + + * README: + minor update + spell fix + [a411717a7249] + + * INSTALL: + rewrote most of this + [a6750923f9c9] + + * sudo.h: + added all options that are in the Makefile + [6db3b3b841b3] + + * getpass.c: + now use USE_TERMIO #define for sgi & hpux + [b91f89ae6be1] + + * TODO: + todo: posix sigs + [4548a56eb2ef] + +1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c, find_path.c: + always include strings.h + [1fc20bda92c0] + + * visudo.c: + added STATICEDITOR + [0596f820716e] + + * sudo.h: + sgi has vi in /usr/bin too + [94203b62bfd9] + + * sudo.man: + added VISUAL + [87c2844c4cac] + +1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + sue /usr/bin/vi on some systems + [e3ad9190f35e] + + * sudo.c: + fixed warning (include strings.h) + [0b896de4d8a0] + + * sudo.man: + added John_Rouillard@dl5000.bc.edu's changes (new features) + [f41b4205a8cf] + + * CHANGES: + changes from John_Rouillard@dl5000.bc.edu + [6bdef8e948d5] + + * visudo.c: + added EDITOR envar + [5c4bf716de21] + + * check.c, find_path.c, parse.c, sudo.c: + added patches from John_Rouillard directory spec uses EDITOR + [f62a435f8c41] + +1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * getpass.c: + added flush for hpux + [07cfdd6a7b55] + +1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + no longer assume malloc returns a char * + [7480bd2756f3] + + * sudo.c: + alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now + gets removed correctly + [8587166c6ac8] + + * sudo.h: + added STD_HEADERS macro + [480f5a9a516c] + + * sudo.c: + now uses STD_HEADERS macor for ansi + [c5018806fd59] + + * find_path.c: + now uses STD_HEADERS macro + [ad821e0788ea] + + * check.c: + niceties for C compiler bitches -- no real change + [0fc0b1a5fb64] + +1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + now doesn't fclose a file never opened. + [ee888ec9427d] + +1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.man: + added visudo line + [698d51c66407] + + * sudo.man: + added error stuff added me in there... + [d202fd34b906] + + * CHANGES: + noted insults + [998a22c2230c] + + * INSTALL: + added blurb about reading stuff + [e71db100798f] + + * sudo.h: + added insults + [c110431cec56] + + * insults.h: + corrected somments and removed newlines + [493706fd488c] + + * check.c: + now uses insults + [6d23cf06a0ef] + + * insults.h: + Initial revision + [83153c26b4a3] + + * INSTALL: + added dec syslog note + [555437273237] + + * sample.sudoers: + added real stuff in there + [53442a7fba78] + + * TODO: + added a todo + [c630472bd4dc] + + * TODO: + added one + [806464453284] + +1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com> + + * sample.sudoers: + Initial revision + [7db0a9f1ca8f] + + * sudo.man: + updated with changes + [d9bf254c6c08] + + * sudo.man: + Initial revision + [dd6f11174ac6] + + * indent.pro: + Initial revision + [dbfbb494fad9] + + * CHANGES, COPYING, INSTALL, README, TODO: + Initial revision + [6d98f489a079] + + * visudo.c: + updated version number and took out jeff's old addr since it is no + good + [ee47c24818cb] + + * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc, + sudo.c, sudo.h: + updated version number and took out jeff's email (since it is + invalid) + [54616458a52e] + +1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + added fflush() + [145c881f4fb4] + +1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + now return NULL instead pfof exiting for nopnn-fatal errors + [8bc74f8cb1ae] + +1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com> + + * check.c: + new banner + [5387ab2af516] + + * parse.lex: + now sudo.h gets included first + [2acb01c18e18] + +1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.lex: + now can use flex + [164d3839adf0] + + * sudo.h: + linux patch + [f1b6b1b1a2ca] + + * sudo.c: + hpux 9 fix, removes SHLIB_PATH linux patch + [67611dc1737f] + + * check.c: + linux diff + [c24536682397] + +1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + stat now ignores EINVAL + [c7761a5dc642] + +1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c, sudo.c: + now declare strdup as extern + [6b7d6f8784b5] + +1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: + reformatted with indent + by hand + [9d43084e4990] + + * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h: + used indent to "fix" coding style + [489ffacbdc70] + + * find_path.c: + now checks '.' or '.' or '' in PATH -- but does it LAST should maybe + move the code that does this into the loop body. makes it messier + tho. hmmm. + [c4d22b48da9a] + +1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + redid the fix for non-executable files in an easier to read way plus + some minor aethetic changes + [84fe337f1426] + + * find_path.c: + fixed bug with non-executable tings of same name in path introduced + by checkig errno after stat(2). + [c2a812cfcbc1] + +1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + fixed off by one error + [fabb7cee0041] + + * find_path.c: + now handles decending below '/' correctly + [5d2ddfc0b220] + + * sudo.c: + now actually builds Envp instead of munging envp + [bdc4b08f6898] + +1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com> + + * parse.yacc: + now includes sys/param.h + [efbb494ab4de] + + * visudo.c: + now includes sys/param.h + [ad6c91d59958] + + * sudo.h: + fixed ifndef -> ifdef + [7aebe822d863] + + * qualify.c: + make more like find_path.c + [853b2dab2e03] + + * find_path.c: + rewritten by millert + [c6a043cc11b3] + + * sudo.h: + fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info + about new defines in the comment + [39ffefce3aec] + + * logging.c: + now uses USE_CWD + [fa0f3b118bb3] + + * sudo.h: + added delc for clean_envp() and Envp + [a12034e300c2] + + * sudo.c: + now rips LD_* env vars out of envp and passed sanitized Envp to exec + [d201a218e056] + + * logging.c: + now uses execve() + [f3e01032cd33] + + * find_path.c: + ENOTDIR is ok now too (in case part of the path is bogus) + [b5cbbb201bb5] + + * qualify.c: + now works correctly (ttaltotal rewrite) + [0c25d64a5c68] + + * parse.lex: + now includes sys/param.h didn't match trailing / -- fix from + rouilj@cs.umb.edu + [b6363ba110af] + +1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + moved around the #ifndef _AIX + [7d4330950c20] + + * check.c, logging.c, parse.c: + Initial revision + [c101e9572d7f] + +1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com> + + * qualify.c: + Initial revision + [5a5f21d0e0bf] + +1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com> + + * find_path.c: + now works if you do sudo bin/test + [07835120ce43] + + * find_path.c: + works + [c3da8b5efa20] + +1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.h: + Initial revision + [28a1caa38b72] + + * visudo.c: + Initial revision + [0e5cd7c3cdbe] + + * parse.lex, parse.yacc: + Initial revision + [5f2d0cccb06b] + +1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com> + + * sudo.c: + took out errno.h + [7466431a2655] + + * sudo.c: + now spews error if exec fails and exits with -1 + [e5c41ea725c1] + + * sudo.c: + Initial revision + [8aeabe39a0c2] + + * find_path.c: + now only execs files with (an) executable bit set. + [0a451f9c0e58] + + * find_path.c: + Initial revision + [02a534891a35] + +1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * getpass.c: + added nice comment + [ea8b2aaa9389] + + * getpass.c: + now works on sgi's + [bf2b7c6d0960] + + * getpass.c: + Initial revision + [9f4de251c1b5] + |