summaryrefslogtreecommitdiffstats
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ChangeLog78828
1 files changed, 78828 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..cf97cea
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,78828 @@
+2023-12-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_15p5 for changeset 4418cfdc5b2a
+ [c1df7aef0fa8] [tip] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.15p5
+ [4418cfdc5b2a] [SUDO_1_9_15p5] <1.9>
+
+2023-12-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c:
+ Properly handle sysconf(_SC_LOGIN_NAME_MAX) returning -1 on failure.
+
+ The cast to size_t needs to be outside the MAX() macro or the -1
+ will get cast to unsigned.
+ [343b22c1fc59] <1.9>
+
+2023-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/timestamp.c:
+ Automatically migrate lecture file path from name-based to uid-
+ based.
+
+ GitHub issue #342.
+ [cfa82cf5ac29] <1.9>
+
+2023-12-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap_conf.c:
+ Disable netgroup_query when netgroup_base is not set.
+
+ The logic was inverted when support for netgroup_query was added.
+ This supercedes PR #341.
+ [a575b106220e] <1.9>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ In the NOEXEC example make it clear that "shanty" is a host. Bug
+ #1064
+ [18e3b6a981d4] <1.9>
+
+2023-12-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c:
+ Fix printing of warning when a Defaults setting is missing a value.
+
+ This is a bug in parse_default_entry() introduced in sudo 1.8.19
+ when support for using the default syslog facility was added at the
+ wrong place in a switch().
+ [f9de87a2f501] <1.9>
+
+2023-12-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c:
+ Fix evaluation of a tuple used in "true" boolean context.
+
+ Previously, a tuple in boolean context was always treated as a
+ negated entry, which doesn't match the documentation. We assume that
+ there are at least two tuple entries where the first maps to boolean
+ false and the second maps to boolean true.
+ [39a6e634c9d6] <1.9>
+
+ * .hgtags:
+ Added tag SUDO_1_9_15p4 for changeset cc9d22d261de
+ [382e15393814] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.15p4
+ [cc9d22d261de] [SUDO_1_9_15p4] <1.9>
+
+ * plugins/sudoers/lookup.c:
+ sudoers_lookup_pseudo: init match to UNSPEC for
+ sudo_nss_can_continue().
+
+ Otherwise, processing will stop after the first sudoers nsswitch
+ service specification where [SUCCESS=return] is present.
+ [053be548771c] <1.9>
+
+2023-12-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_15p3 for changeset 20d368229c6a
+ [e01ee9945d11] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.15p3
+ [20d368229c6a] [SUDO_1_9_15p3] <1.9>
+
+2023-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Pass back Solaris privs as "runas_privs" and "runas_limitprivs".
+
+ The "runas_" prefix got inadvertantly removed in the big
+ sudoers_context refactor.
+ [25f183bdd61e] <1.9>
+
+2023-12-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_util.h, lib/util/term.c, lib/util/ttysize.c,
+ lib/util/util.exp.in, src/sudo.h, src/ttyname.c:
+ sudo_term_is_raw: only try to lock the fd if it is a tty
+
+ This moves sudo_isatty() to libsudo_util so sudo_term_is_raw() can
+ use it. Fixes GitHub issue #335
+ [5e7dd2580c9b] <1.9>
+
+2023-12-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoreplay.c:
+ setup_terminal: fix an editing error introduced in 1.9.15.
+ [690c82d4ebd4] <1.9>
+
+2023-12-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sethost.c:
+ Fall back to "localhost" if gethostname() fails.
+
+ GitHub issue #332
+ [c6993fd61aac] <1.9>
+
+ * plugins/sudoers/match_command.c:
+ command_matches_glob: fix comparison of canonicalized parent
+ directories
+
+ Bug #1062
+ [78b789de1df8] <1.9>
+
+2023-11-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo.c:
+ Always disable core dumps when sudo sends itself a fatal signal.
+
+ When a command exits due to a fatal signal, sudo will re-send that
+ signal to itself so the shell does not ignore keyboard-generated
+ signals. However, now that sudo disables core dumps by default for
+ the command, we cannot rely on WCOREDUMP() telling us whether or not
+ the signal will lead to a core dump. It is safest to always disable
+ core dumps before sending the signal to ourself.
+ [4ce4bedf84fe] <1.9>
+
+ * .hgtags:
+ Added tag SUDO_1_9_15p2 for changeset 4d03c1608a23
+ [b46c7b3c67b4] <1.9>
+
+2023-11-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac, lib/util/term.c:
+ Merge sudo 1.9.15p2 from tip.
+ [4d03c1608a23] [SUDO_1_9_15p2] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.15p2
+ [7a5afe66a935]
+
+ * scripts/pp:
+ Update PolyPkg from upstream.
+ [fef8f49977c3]
+
+ * lib/util/term.c:
+ sudo_term_restore: don't check c_cflag on systems with TCSASOFT.
+
+ If TCSASOFT is present, tcsetattr() will ignore c_cflag. Fixes a bug
+ where sudo_term_restore() would refuse to change the terminal
+ settings back if the PARENB control flag was set. GitHub issue #326.
+ [bcd3c9f5736a]
+
+ * scripts/mkpkg:
+ Quote $osversion since it may include whitespace.
+ [fb4aac7003c6]
+
+2023-11-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.h:
+ Use C99 designated struct initializers.
+
+ This is less error-prone and would have avoided GitHub issue #325.
+ [f7fad7f54d1b]
+
+ * .hgtags:
+ Added tag SUDO_1_9_15p1 for changeset d23f72517e07
+ [f67d129d3e36] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Merge sudo 1.9.15p1 from tip.
+ [d23f72517e07] [SUDO_1_9_15p1] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.15p1
+ [9aae361b70ef]
+
+ * plugins/sudoers/sudoers.h:
+ Correct the order of the strings in SUDOERS_CONTEXT_INITIALIZER.
+
+ Fixes GitHub issue #325, a bug introduced in sudo 1.9.15.
+ [0266ed6c95f9]
+
+2023-11-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ In the sudo 1.9.14p3 section, "Python python" should be "Python
+ plugin".
+ [dee39187deda]
+
+ * .hgtags:
+ Added tag SUDO_1_9_15 for changeset 277833c12efb
+ [3517bf78fcf5] <1.9>
+
+ * MANIFEST, NEWS, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, include/sudo_util.h, lib/util/hexchar.c,
+ lib/util/regress/hexchar/hexchar_test.c, lib/util/term.c,
+ logsrvd/iolog_writer.c, logsrvd/tls_init.c,
+ plugins/python/pyhelpers.c, plugins/python/python_convmessage.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/sudo_python_module.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
+ plugins/sudoers/lookup.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/cvtsudoers/test31.sh,
+ plugins/sudoers/regress/cvtsudoers/test32.sh,
+ plugins/sudoers/regress/cvtsudoers/test35.sh,
+ plugins/sudoers/regress/cvtsudoers/test36.sh,
+ plugins/sudoers/regress/cvtsudoers/test39.sh,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/testsudoers/test20.sh,
+ plugins/sudoers/regress/testsudoers/test21.sh,
+ plugins/sudoers/regress/testsudoers/test22.sh,
+ plugins/sudoers/regress/testsudoers/test23.sh,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_ptrace.c,
+ src/exec_pty.c:
+ Merge sudo 1.9.15 from tip.
+ [277833c12efb] [SUDO_1_9_15] <1.9>
+
+ * NEWS:
+ Sudo now logs the submitenv in the JSON logs.
+ [c1a5e609352f]
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in:
+ Document special cases for AIX-style shared libraries.
+
+ The shared object is a member of an archive file that is specified
+ in parentheses.
+ [bb9a50249072]
+
+2023-11-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in:
+ Add sudoers plugin Debug example and x-ref sudoers man page for
+ details.
+ [ef23f00ac8ad]
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in:
+ The HP-UX getgrouplist() code has been disabled due to bugs.
+ [0bc060c69389]
+
+2023-11-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_conf.c:
+ sudo_conf_debug_files: special handling of DSO members for AIX
+
+ When matching debug files for AIX-style DSOs like
+ sudoers.a(sudoers.so) we want to match on the full name, the name
+ without the member and on the member itself. This makes it possible
+ to use the existing examples in the sudo.conf fiile on AIX.
+ [2ec138dbc507]
+
+ * plugins/sudoers/pwutil.c:
+ sudo_set_grlist and sudo_set_gidlist: set auth registry based on
+ username
+
+ Previously we used the global registry but since we have the user's
+ passwd info we should use that when storing the group and gid lists.
+ [71b6647d4cb0]
+
+2023-11-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse_ldif.c:
+ role_to_sudoers: only try to reuse a privilege if one is present
+ [91207af2554c]
+
+ * plugins/sudoers/defaults.c:
+ store_plugin: avoid potential NULL deref in boolean context
+
+ Coverity CID 330466
+ [5c7ebbaf83c4]
+
+ * plugins/sudoers/sudoreplay.c, src/conversation.c:
+ Avoid passing sudo_term_is_raw() -1 for the fd.
+
+ Coverity CID 330472 Coverity CID 330468
+ [b28a472152ab]
+
+ * logsrvd/sendlog.c:
+ fmt_info_messages: bump info_msgs_size for submitenv
+ [e36bfd74abb9]
+
+ * NEWS:
+ Better log message when rejecting a setid command in intercept mode.
+ [06d161998e22]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/lookup.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Move the check for running setid commands in intercept mode to
+ later.
+
+ Checking for setid commands in intercept mode after command matching
+ allows us to log a proper error message. Previously, we simply
+ ignored setid commands when matching and the only indication of why
+ was in the debug logs.
+ [b07b8fcff911]
+
+ * plugins/sudoers/timestamp.c:
+ timestamp_open: add some debugging
+ [dc7070cbadd9]
+
+2023-10-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/sia.c:
+ sudo_sia_begin_session: add missing struct sudoers_context * arg.
+ [4caf619af53b]
+
+ * plugins/sudoers/auth/kerb5.c:
+ verify_krb_v5_tgt: auth name must be const to match struct
+ sudo_auth.
+ [e4d6a0b15003]
+
+ * .circleci/config.yml:
+ Disable PAM before enabling Kerberos V.
+ [55523956e9ff]
+
+ * .circleci/config.yml, docker/debian/latest/Dockerfile,
+ docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile,
+ docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile,
+ docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
+ Add Kerberos V build and test to CI.
+ [7cf8ab128064]
+
+2023-10-31 Renato Botelho <garga@FreeBSD.org>
+
+ * plugins/sudoers/auth/kerb5.c:
+ Add missing sudoers_context to verify_krb_v5_tgt()
+
+ Commit 244017495421 added ctx variable to log_warningx() call but
+ that variable was not declared in that context, breaking the build.
+ [7b89c1b61e19]
+
+2023-10-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po:
+ Updated translations from translationproject.org
+ [2a5a4f1350ee]
+
+2023-10-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Set the open file descriptor limit to the maximum allowed value.
+
+ Each connection can require up to 9 descriptors.
+ [72b6593b631d]
+
+2023-10-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention new Indonesian translation and sudo_logsrvd fd limit change.
+ [753002967fc0]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
+ plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo,
+ po/hr.po, po/ja.mo, po/ja.po, po/sr.mo, po/sr.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ Updated translations from translationproject.org
+ [619098603afe]
+
+ * docs/CONTRIBUTORS.md:
+ Add Andika Triwidada
+ [7e6293a4a00a]
+
+ * MANIFEST, po/id.mo, po/id.po:
+ New Indonesian translation from translationproject.org
+ [568e33cb694c]
+
+2023-10-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention GitHub issue #318
+ [4b4c1d8da478]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Avoid a double-free in fuzz_policy caused by the early
+ env_init(NULL).
+
+ This adds an env_free() function to explicitly free both the old and
+ new copies of the environment. It is really only needed by
+ fuzz_policy, which calls the policy module multiple times.
+ [9cb4400fe76c]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c,
+ logsrvd/iolog_writer.c, logsrvd/sendlog.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Store submitenv in eventlog and pass it to sudo_logsrvd.
+ [3ef684a6f888]
+
+2023-10-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c,
+ lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c,
+ logsrvd/sendlog.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c:
+ struct eventlog: rename argv/env to runargv/runenv.
+
+ This matches the JSON logs.
+ [df2ac695bcf7]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ struct sudoers_user_context: rename env_vars to env_add
+ [f57859bca061]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c:
+ Only log the run environment for commands that are allowed.
+
+ It may not be available otherwise and unless the command is being
+ run it has no real meaning.
+ [98b79f16e06e]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Free the private copy of the environment in sudoers_check_cmnd().
+
+ This reverts 5118eb5797fb, which had the side-effect of the PAM
+ session code running with the run environment instead of the
+ invoking user's environment. Issue #318
+ [6b4abada2e55]
+
+2023-10-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_swapids.c:
+ iolog_swapids: short circuit if effective ids match iolog ids.
+ [6871a2a50eae]
+
+ * lib/iolog/iolog_mkdirs.c, logsrvd/iolog_writer.c:
+ logsrvd: display error string in message if iolog_mkpath() fails
+ [4a601c7e1248]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.15
+ [39ac757a80c9]
+
+2023-10-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.in:
+ Add example for disabling intercept/log_subcmds for certain
+ commands.
+ [52d01bcd6e3a]
+
+ * lib/util/mksiglist.c, lib/util/mksigname.c:
+ Use NSIG instead of nitems(array) for the loop bound.
+
+ This matches the sudo_sys_siglist[] and sudo_sys_signame[]
+ declarations.
+ [d515abb232ae]
+
+ * plugins/sudoers/tsdump.c:
+ tsdump: fix compiler warnings
+ [4e5d80f29845]
+
+2023-10-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/regress/logwrap/check_wrap.c, lib/util/mksiglist.c,
+ lib/util/mksigname.c, logsrvd/sendlog.c,
+ plugins/python/regress/iohelpers.c, plugins/sudoers/tsdump.c:
+ Avoid using %zu or %zd with printf() and fprintf().
+
+ This prevents problems on systems where the system printf(3) is not
+ C99-compliant. We use our own snprintf() on such systems so that is
+ safe.
+ [7ff250c66e05]
+
+ * plugins/sudoers/sudo_printf.c, src/conversation.c:
+ Use vsnprintf() instead of vfprintf() for sudo_printf() to avoid
+ problems on systems where the system printf(3) is not C99-compliant.
+ We use our own snprintf() on such systems.
+ [053c94c3db03]
+
+ * include/sudo_compat.h, lib/util/getdelim.c, lib/util/realpath.c,
+ lib/util/regress/getdelim/getdelim_test.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ strlcpy_expand_host, sudo_getdelim, sudo_realpath: add restrict
+ qualifier
+ [8669d4d9b4d9]
+
+ * NEWS:
+ Fixed GitHub issue #312.
+ [b6e269e7eeaa]
+
+2023-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/term.c:
+ Better handling of multiple sudo processes modifying terminal
+ settings. 1. Lock the terminal before tcgetattr/tcsetattr 2. Don't
+ restore terminal settings if changed by another process 3. Don't set
+ terminal to raw mode if it is already raw GitHub issue #312
+ [8d5664300c7e]
+
+2023-10-16 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * plugins/sudoers/prompt.c, plugins/sudoers/strlcpy_unesc.c,
+ plugins/sudoers/sudoers.h:
+ Add restrict to strlcpy and expand_prompt
+ [b26d50f82d2f]
+
+2023-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Add a little extra debugging info.
+ [b2533548f50b]
+
+2023-10-15 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/util/regress/hexchar/hexchar_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c, lib/util/sudo_conf.c:
+ Swap calloc arguments to use them properly.
+ [1d4877da5233]
+
+2023-10-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ ptrace_intercept_execve: make flags unsigned to match
+ command_details
+ [97ee796e74ec]
+
+2023-10-13 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * include/sudo_util.h, src/exec_ptrace.h:
+ Specify 1U over 1 for bitmaps
+ [8eaecce2e3c6]
+
+2023-10-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/parse.h,
+ plugins/sudoers/sudoers.h:
+ Fix spelling: resistent -> resistant
+ [df6b986b8d31]
+
+2023-10-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .gitignore, .hgignore:
+ Add plugins/sudoers/tsgetusershell.c to ignore files.
+ [5e9538b2aaae]
+
+2023-10-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/mkdefaults:
+ Fix compatibility with older versions of (new) awk.
+
+ Do not rely on awk supporting "-f -" to read the program from stdin.
+ Avoid using POSIX character classes in regular expressions.
+ [0e67e9ba4ddf]
+
+2023-10-02 Alexander F. Rødseth <alexander.fet.rodseth@schibsted.com>
+
+ * plugins/sudoers/visudo.c:
+ Add Orbiton ("o") to the list of editors that supports +lineno
+ [28e192d4be9b]
+
+ * plugins/sudoers/visudo.c:
+ Sort the list of editors that supports +lineno
+ [6467309f5ac3]
+
+2023-09-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Mention potential problems with log_subcmds and intercept.
+ [9c93f9315924]
+
+ * src/sudo.c:
+ Add more user info to the list of objects to be garbage-collected at
+ exit.
+ [caeb35967cd2]
+
+2023-09-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h:
+ Use long, not long long, when getting/setting numeric attributes.
+
+ We use int or long, not long long, in the Python plugin.
+ [d1008ce69cf6]
+
+ * plugins/sudoers/file.c:
+ sudo_file_open: initialize parser before calling open_sudoers().
+
+ Otherwise, the parser_conf settings in the context passed to
+ sudo_file_open() will not be honored by open_sudoers(). Affected
+ settings include ignore_perms, sudoers mode, uid and gid.
+ [21e56d49521a]
+
+ * lib/eventlog/parse_json.c, lib/iolog/iolog_legacy.c,
+ lib/iolog/iolog_timing.c, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_local.c, logsrvd/sendlog.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/log_client.c:
+ Add casts when storing values in a struct timespec.
+
+ Fixes -Wconversion warnings on some 32-bit systems where time_t is
+ still 32-bit.
+ [b090ed40a1d0]
+
+2023-09-27 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/util/roundup.c:
+ Use U, not UL, for 32-bit platforms
+
+ size_t is an unsigned int on 32-bit platforms, not an unsigned long.
+ [9f4a9b73c954]
+
+2023-09-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match_digest.c:
+ digest_matches: actually use fd2 in place of fd as needed.
+ [9db51e4a8521]
+
+ * plugins/sudoers/match_digest.c:
+ digest_matches: if fd argument is -1, try to open path before
+ failing
+ [5b323859cbd0]
+
+ * plugins/sudoers/regress/cvtsudoers/test31.sh,
+ plugins/sudoers/regress/cvtsudoers/test32.sh,
+ plugins/sudoers/regress/cvtsudoers/test35.sh,
+ plugins/sudoers/regress/cvtsudoers/test36.sh,
+ plugins/sudoers/regress/cvtsudoers/test39.sh,
+ plugins/sudoers/regress/testsudoers/test20.sh,
+ plugins/sudoers/regress/testsudoers/test21.sh,
+ plugins/sudoers/regress/testsudoers/test22.sh,
+ plugins/sudoers/regress/testsudoers/test23.sh,
+ plugins/sudoers/regress/testsudoers/test24.sh,
+ plugins/sudoers/regress/testsudoers/test25.sh,
+ plugins/sudoers/regress/testsudoers/test26.sh,
+ plugins/sudoers/regress/testsudoers/test27.sh,
+ plugins/sudoers/regress/testsudoers/test28.sh,
+ plugins/sudoers/regress/testsudoers/test29.sh,
+ plugins/sudoers/regress/testsudoers/test30.sh,
+ plugins/sudoers/regress/testsudoers/test31.sh:
+ Add missing execute bit on some test scripts.
+ [07af3341fc1a]
+
+2023-09-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.h:
+ max_groups in sudoers_plugin_settings is no longer used.
+ [99848d0ee951]
+
+ * include/sudo_conf.h, include/sudo_debug.h, include/sudo_event.h,
+ include/sudo_eventlog.h, include/sudo_fatal.h, include/sudo_json.h,
+ include/sudo_util.h, lib/eventlog/eventlog.c,
+ lib/eventlog/eventlog_conf.c, lib/eventlog/eventlog_free.c,
+ lib/eventlog/logwrap.c, lib/eventlog/parse_json.c,
+ lib/eventlog/parse_json.h,
+ lib/eventlog/regress/eventlog_store/store_json_test.c,
+ lib/eventlog/regress/eventlog_store/store_sudo_test.c,
+ lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/eventlog/regress/parse_json/check_parse_json.c,
+ lib/fuzzstub/fuzzstub.c, lib/iolog/host_port.c,
+ lib/iolog/hostcheck.c, lib/iolog/iolog_clearerr.c,
+ lib/iolog/iolog_close.c, lib/iolog/iolog_conf.c,
+ lib/iolog/iolog_eof.c, lib/iolog/iolog_filter.c,
+ lib/iolog/iolog_flush.c, lib/iolog/iolog_gets.c,
+ lib/iolog/iolog_json.c, lib/iolog/iolog_legacy.c,
+ lib/iolog/iolog_loginfo.c, lib/iolog/iolog_mkdirs.c,
+ lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c,
+ lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c,
+ lib/iolog/iolog_openat.c, lib/iolog/iolog_path.c,
+ lib/iolog/iolog_read.c, lib/iolog/iolog_seek.c,
+ lib/iolog/iolog_swapids.c, lib/iolog/iolog_timing.c,
+ lib/iolog/iolog_util.c, lib/iolog/iolog_write.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/iolog/regress/host_port/host_port_test.c,
+ lib/iolog/regress/iolog_filter/check_iolog_filter.c,
+ lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_timing/check_iolog_timing.c,
+ lib/logsrv/log_server.pb-c.c, lib/protobuf-c/protobuf-c.c,
+ lib/ssl_compat/ssl_compat.c, lib/util/aix.c, lib/util/arc4random.c,
+ lib/util/arc4random_buf.c, lib/util/arc4random_uniform.c,
+ lib/util/basename.c, lib/util/cfmakeraw.c, lib/util/closefrom.c,
+ lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c,
+ lib/util/explicit_bzero.c, lib/util/fatal.c, lib/util/fchmodat.c,
+ lib/util/fchownat.c, lib/util/fnmatch.c, lib/util/freezero.c,
+ lib/util/fstatat.c, lib/util/getaddrinfo.c, lib/util/getdelim.c,
+ lib/util/getentropy.c, lib/util/getgrouplist.c,
+ lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c,
+ lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c,
+ lib/util/gmtime_r.c, lib/util/hexchar.c, lib/util/inet_ntop.c,
+ lib/util/inet_pton.c, lib/util/isblank.c, lib/util/json.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/localtime_r.c,
+ lib/util/locking.c, lib/util/logfac.c, lib/util/logpri.c,
+ lib/util/memrchr.c, lib/util/mkdir_parents.c, lib/util/mkdirat.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
+ lib/util/mmap_alloc.c, lib/util/multiarch.c, lib/util/nanosleep.c,
+ lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c,
+ lib/util/pread.c, lib/util/progname.c, lib/util/pw_dup.c,
+ lib/util/pwrite.c, lib/util/rcstr.c, lib/util/reallocarray.c,
+ lib/util/regex.c, lib/util/regress/closefrom/closefrom_test.c,
+ lib/util/regress/digest/digest_test.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/getgrouplist/getgids.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/hexchar/hexchar_test.c,
+ lib/util/regress/json/json_test.c,
+ lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/regress/multiarch/multiarch_test.c,
+ lib/util/regress/open_parent_dir/open_parent_dir_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/regex/regex_test.c,
+ lib/util/regress/strsig/strsig_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/uuid/uuid_test.c, lib/util/roundup.c,
+ lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c,
+ lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c,
+ lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
+ lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c,
+ lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
+ lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
+ lib/util/sudo_dso.c, lib/util/sys_siglist.h, lib/util/sys_signame.h,
+ lib/util/term.c, lib/util/timegm.c, lib/util/ttyname_dev.c,
+ lib/util/ttysize.c, lib/util/unlinkat.c, lib/util/utimens.c,
+ lib/util/uuid.c, logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_journal.c, logsrvd/logsrvd_local.c,
+ logsrvd/logsrvd_queue.c, logsrvd/logsrvd_relay.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, logsrvd/sendlog.c,
+ logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
+ logsrvd/tls_init.c, plugins/audit_json/audit_json.c,
+ plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
+ plugins/group_file/plugin_test.c, plugins/python/pyhelpers.c,
+ plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/iohelpers.h,
+ plugins/python/regress/testhelpers.h,
+ plugins/python/sudo_python_debug.c,
+ plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c,
+ plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/b64_decode.c, plugins/sudoers/b64_encode.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/canon_path.c, plugins/sudoers/check.c,
+ plugins/sudoers/check_aliases.c, plugins/sudoers/check_util.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/digestname.c,
+ plugins/sudoers/display.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
+ plugins/sudoers/exptilde.c, plugins/sudoers/file.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/fmtsudoers_cvt.c,
+ plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/insults.h,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_innetgr.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/locale.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/log_client.h, plugins/sudoers/logging.c,
+ plugins/sudoers/lookup.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/match_digest.c, plugins/sudoers/parse.h,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/parser_warnx.c,
+ plugins/sudoers/pivot.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/serialize_list/check_serialize_list.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/regress/unescape/check_unesc.c,
+ plugins/sudoers/resolve_cmnd.c, plugins/sudoers/serialize_list.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sethost.c,
+ plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/strlcpy_unesc.c,
+ plugins/sudoers/strlist.c, plugins/sudoers/strvec_join.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_cb.c,
+ plugins/sudoers/sudoers_ctx_free.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_hooks.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/testsudoers_pwutil.c,
+ plugins/sudoers/testsudoers_pwutil.h, plugins/sudoers/timeout.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/unesc_str.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_cb.c,
+ plugins/system_group/system_group.c, src/apparmor.c,
+ src/conversation.c, src/copy_file.c, src/edit_open.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c,
+ src/exec_intercept.c, src/exec_iolog.c, src/exec_monitor.c,
+ src/exec_nopty.c, src/exec_preload.c, src/exec_ptrace.c,
+ src/exec_pty.c, src/get_pty.c, src/hooks.c, src/intercept.pb-c.c,
+ src/limits.c, src/load_plugins.c, src/openbsd.c, src/parse_args.c,
+ src/preload.c, src/preserve_fds.c,
+ src/regress/net_ifs/check_net_ifs.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c, src/sudo_intercept.c, src/sudo_intercept_common.c,
+ src/sudo_noexec.c, src/suspend_parent.c, src/tgetpass.c,
+ src/ttyname.c, src/utmp.c:
+ Use #include <foo.h> instead of #include "foo.h" in most cases.
+
+ We rely on the include path to find many of these headers. It
+ especially doesn't make sense to use #include "foo.h" for headers in
+ the top-level include directory.
+ [4a7d27e429e9]
+
+ * .circleci/config.yml:
+ Bump xcode to 14.2.0
+ [f4775577c9b0]
+
+2023-09-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/mkdefaults:
+ Add support for "plugin" defaults type.
+ [423dc640d220]
+
+ * plugins/sudoers/mkdefaults:
+ Support multiple input files.
+ [1fff41f962f5]
+
+2023-09-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_monitor.c, src/exec_pty.c:
+ No need to loop reading from/writing to a blocking socketpair.
+
+ This removes some infinite loops that can cause static analyzer
+ warnings. The fds are not in non-blocking mode and we use
+ restartable system calls so there is no need to loop.
+ [132aad609392]
+
+ * plugins/sudoers/check.c:
+ check_user: fix return value for intercept mode
+
+ Also use early return on error to quiet a PVS-Studio warning.
+ [ecd721208013]
+
+2023-09-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Set ec->term_raw to false even if sudo_term_restore() fails.
+
+ Either the fd is not a terminal or we don't have the controlling
+ terminal. Either way, we can't know the current status of the
+ terminal and will need to set to raw mode again (if possible). Also
+ make sure to set ec->term_raw to false if sudo_term_raw() fails.
+ [6287218771a9]
+
+2023-09-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/sudoers.c:
+ Only define _PATH_ENVIRONMENT on systems where we use
+ /etc/environment.
+ [5a3752401dc9]
+
+ * config.h.in, configure, configure.ac:
+ Sudo assumes that a uid_t can be cast to unsigned int without
+ problems.
+
+ Add a configure check and error out if sizeof(uid_t) > 4.
+ [4b7657e4ce3d]
+
+ * docs/UPGRADE.md:
+ Mention the time stamp and lecture file name changes in 1.9.15.
+ [8c23b36928ad]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Replace '/' with '_' in paths using the user, group or host name.
+ [2862df9bcab7]
+
+2023-09-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, m4/sudo.m4,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/policy.c, src/sudo.c, src/sudo_edit.c:
+ Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED.
+ [f2f1ee9c5a16]
+
+ * include/sudo_util.h, lib/eventlog/eventlog.c,
+ lib/iolog/iolog_timing.c, lib/util/json.c, lib/util/lbuf.c,
+ lib/util/sudo_debug.c, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/display.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/logging.c, src/exec_preload.c, src/limits.c:
+ Add macros to determine the length of an integer type in string
+ form.
+
+ Adapted from answer #6 in:
+ https://stackoverflow.com/questions/10536207/ansi-c-maximum-number-
+ of-characters-printing-a-decimal-int
+ [e62734abe89c]
+
+2023-09-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ visudo: use verbose and strict in parser_conf
+
+ Where the sudoers_context is available we can use the values of
+ verbose and strict instead of passing around quiet and strict flags.
+ [bc7a60ce0e36]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/callbacks.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_cb.c:
+ Rename callbacks.c -> sudoers_cb.c.
+ [558d6896ebfa]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_cb.c:
+ Add a separate file for visudo callbacks.
+ [72e491607a4e]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check_aliases.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/parse.h, plugins/sudoers/parser_warnx.c:
+ Add parser_warnx() and parser_vwarnx() that displays file:line:col
+
+ Used by defaults.c and check_aliases.c.
+ [1b4eff914e92]
+
+ * plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
+ Promote strict field in sudoers_parser_config from bool to int.
+
+ This will be used by visudo to indicate when "visudo -s" is run.
+ [d0f6c8c37e4a]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/find_path.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/resolve_cmnd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add resolve_cmnd(), a wrapper around find_path().
+
+ This is a convenience function that sets PERM_RUNAS and calls
+ find_path(). If the command is not found it will retry with
+ PERM_USER instead.
+ [c7831c462fb9]
+
+ * src/exec_monitor.c:
+ Wait on a socketpair for the parent to grant child the controlling
+ tty.
+
+ This upgrades the error pipe to a bi-directional socketpair that the
+ parent will write to after it has granted the child process the
+ controlling terminal. That fixes an issue where the child could end
+ up in a tight CPU loop waiting on the parent which may not be
+ scheduled immediately.
+ [36e87999dae1]
+
+2023-09-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.h:
+ Undefine AUTH_{SUCCESS,FAILURE,ERROR} before defining them.
+
+ Quiets a warning on AIX where usersec.h defines AUTH_SUCCESS and
+ AUTH_FAILURE. We avoided this problem in the past because the old
+ values for AUTH_SUCCESS and AUTH_FAILURE match what AIX defines.
+ [c37c51f861f1]
+
+ * config.h.in, configure, configure.ac, lib/util/term.c, m4/sudo.m4,
+ src/exec_pty.c:
+ Only cast TIOCSWINSZ to int on systems that might require it (AIX).
+
+ Otherwise we end up with a -Wconversion warning on systems where the
+ ioctl() request argument is unsigned long.
+ [a467e228981f]
+
+ * plugins/sudoers/display.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Promote verbose flag to int for display_privs and display_cmnd.
+
+ A negative verbosity will prevent non-error output from being
+ displayed.
+ [c7646497b580]
+
+2023-09-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/stubs.c:
+ No need to include cvtsudoers.h here.
+ [d838f2ed5483]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/pivot.c,
+ plugins/sudoers/pivot.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c:
+ Remove pivot_get_root() and pivot_get_cwd().
+
+ They are unnecessary since struct sudoers_pivot is not opaque. The
+ implementation details are private to match_command.c.
+ [ca522bffdf37]
+
+ * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Quiet some -Wconversion warnings in the tests.
+ [ebe02fc397e7]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/editor.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.h:
+ Make flag in union sudo_defs_val bool to match how it is used.
+
+ Adjust find_path()'s ignore_dot function argument to match.
+ [52d5311ca360]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h:
+ Parse euid and egid from sudo front-end.
+
+ These are needed by bsm_audit.c.
+ [ca240f519b46]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c:
+ Parse pid and ppid from sudo front-end.
+
+ We can now use the stored ppid in ts_init_key().
+ [4955c478f849]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/pivot.c,
+ plugins/sudoers/pivot.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Use struct sudoers_pivot instead of defining sudoers_pivot_t.
+
+ We want to pass around a pointer, not the struct itself.
+ [8c6806cee428]
+
+2023-09-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/pivot.h:
+ Don't expose the implementation of the pivot_root state.
+ [1d1696c7ad78]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/pivot.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Don't expose the implementation of the pivot_root state.
+ [efaa8955cbf0]
+
+ * src/exec_ptrace.c:
+ Only call ptrace_verify_post_exec() for intercept, not log_subcmds.
+
+ This fixes a logic goof introduced in sudo 1.9.14.
+ [49df34bb0494]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in,
+ plugins/sudoers/check.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestamp.h:
+ Use the user-ID instead of user-name for the timestamp and lecture
+ file.
+
+ This avoids problems if the user name itself contains a path
+ separator.
+ [c93459e59f30]
+
+2023-09-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in:
+ tsgetusershell.c: don't rely on GNU sed extensions.
+ [65e7d8099122]
+
+ * plugins/sudoers/testsudoers.c:
+ testsudoers: add -S option to specify /etc/shells path.
+ [2efe9b01120a]
+
+ * Makefile.in, lib/util/getusershell.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/tsgetgrpw.h:
+ Add testsudoers_setshellfile() and use it in testsudoers.
+ [4065e0f1c9ac]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [044181c21564]
+
+ * lib/util/Makefile.in, lib/util/getusershell.c:
+ Remove unnecessary sudo_gettext.h include and add missing const.
+ [ca4266370ff6]
+
+2023-09-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.h:
+ Return AUTH_* flags from check_user() instead of 1/0/-1.
+ [824e8943fa47]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/testsudoers_pwutil.h:
+ Wrap valid_shell and add to sudo_pwutil_set_backend().
+
+ This will make it possible to support a different getusershell()
+ implementation for testsudoers in the future.
+ [03da23d61efe]
+
+ * plugins/sudoers/check_util.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Move check_user_shell() to pwutil.c as user_shell_valid()
+
+ This will make it possible to support a different backend which may
+ be used by testsudoers in the future.
+ [44a7540fb761]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/timestamp.h:
+ Merge check_user() and check_user_interactive(), move getpass
+ callbacks.
+
+ The getpass callbacks are now defined in sudo_auth.c, which
+ implements auth_getpass(). As a result, struct getpass_closure is
+ now public and defined in timestamp.h.
+ [1babbb56de42]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/timestamp.h:
+ Make most sudo_auth functions return AUTH_{SUCCESS,FAILURE,FATAL}.
+ [54471c0a890d]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/lookup.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c:
+ Make all match functions return ALLOW/DENY not true/false.
+ [d22f1dc85b40]
+
+ * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/lookup.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ Try to make sudo less vulnerable to ROWHAMMER attacks.
+
+ We now use ROWHAMMER-resistent values for ALLOW, DENY, AUTH_SUCCESS,
+ AUTH_FAILURE, AUTH_ERROR and AUTH_NONINTERACTIVE. In addition, we
+ explicitly test for expected values instead of using a negated test
+ against an error value. In the parser match functions this means
+ explicitly checking for ALLOW or DENY instead of accepting anything
+ that is not set to UNSPEC.
+
+ Thanks to Andrew J. Adiletta, M. Caner Tol, Yarkin Doroz, and Berk
+ Sunar, all affiliated with the Vernam Applied Cryptography and
+ Cybersecurity Lab at Worcester Polytechnic Institute, for the
+ report. Paper preprint: https://arxiv.org/abs/2309.02545
+ [df81a335db65]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Honor ignore_perms plugin argument for @include and @includedir.
+ [55307bdf721d]
+
+2023-09-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check.c:
+ Don't set on_suspend and on_resume twice.
+ [f1db05f66740]
+
+2023-09-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sethost.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ sudoers_sethost: refactor code to set host names in sudoers_context.
+
+ The sudoers_sethost() function can be shared by the sudoers plugin,
+ visudo, cvtsudoers and testsudoers.
+ [6cece4f67add]
+
+2023-09-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ sudoers_trace_print: use debug_decl_vars instead of doing it by
+ hand.
+ [0baf94e3e380]
+
+ * include/sudo_compat.h:
+ sudo_realpath() returns char *, not void *.
+ [96746a992f65]
+
+2023-08-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Only print "no valid sudoers sources found, quitting" for multiple
+ sources.
+
+ If there is only a single source (usually the sudoers file), the
+ open function provide enough of an error message. Printing two error
+ messages is just confusing.
+ [99a282277084]
+
+2023-08-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/pwutil.c:
+ user_in_group: the user's group vector already includes the primary
+ group.
+
+ There's no need to look up the name of user's primary group
+ (pw_gid), we always include the primary group ID in the group
+ vector.
+ [53f36984ebc8]
+
+2023-08-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.h:
+ Move sudoers_debug.c prototypes to sudoers_debug.h.
+ [3d4c971912a3]
+
+ * plugins/sudoers/sudoers.h:
+ sudo_conv, sudo_printf and plugin_event_alloc live in policy.c.
+ [52bced1bff2a]
+
+ * include/sudo_iolog.h, plugins/sudoers/defaults.c:
+ Move default value for "iolog_file" to sudo_iolog.h.
+ [489101c36995]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/callbacks.c, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/starttime.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h,
+ plugins/sudoers/tsdump.c:
+ Rename check.h -> timestamp.h and add remaining timestamp.c
+ prototypes.
+ [402c837776df]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h:
+ Restore AUTH_INTR support, it is still needed.
+
+ We still need AUTH_INTR to know when to break out of the password
+ prompt loop.
+ [618807782033]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add ignore_perms plugin argument to skip the sudoers file security
+ checks.
+
+ This is not intended to be used in a production environment.
+ [92ae0335ee5b]
+
+2023-08-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, m4/sudo.m4:
+ Fix test for unsetenv() returning void with clang 16.
+
+ Clang has dropped support for K&R function definitions so rewrite
+ the test to require a unsetenv() prototype in stdlib.h. Fixes GitHub
+ issue #302.
+ [1a0ce3a79ee2]
+
+ * plugins/sudoers/defaults.c:
+ Disable fast_glob and fdexec if SUDOERS_NAME_MATCH is defined.
+
+ We use SUDOERS_NAME_MATCH for fuzzing when we want to avoid
+ searching the file system for commands.
+ [2e6bc1f8fb22]
+
+2023-08-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Rename AUTH_FATAL -> AUTH_ERROR.
+ [1da161db2f0f]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c:
+ Do not rely on the definition of ALLOW/DENY being true/false.
+
+ We now explicitly check for ALLOW and DENY when checking return
+ values and negating values.
+ [1e4420b64b5d]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h:
+ Replace AUTH_INTR return with AUTH_FAILURE.
+
+ The two were treated identically by the caller.
+ [e54b06561de1]
+
+2023-08-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Move tty_present() into policy.c as sudoers_tty_present().
+
+ This function is policy-dependent. For the modern sudo front-end it
+ will simply check tcpgid and/or ttypath.
+ [36a5ece4027a]
+
+ * plugins/sudoers/callbacks.c:
+ Only set I/O logging callbacks if SESSID_MAX is defined.
+ [3cec54b1fe9a]
+
+ * plugins/sudoers/defaults.c:
+ Don't set defaults values for features that are not present.
+
+ This means that lecture_status_dir and timestampdir are only set if
+ _PATH_SUDO_LECTURE_DIR and _PATH_SUDO_TIMEDIR respectively are set.
+ Also, the log server defaults are only set when SUDOERS_LOG_CLIENT
+ is defined.
+ [bb328fffe142]
+
+ * plugins/sudoers/audit.c:
+ Call log_allowed() even when "log_allowed" is disabled.
+
+ Otherwise, sudo will not send mail if "mail_always" or
+ "mail_all_cmnds" is set.
+ [71d3f06fbee5]
+
+2023-08-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac:
+ sudo 1.9.15
+ [9e7aa0238aca]
+
+2023-08-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/event_poll.c, lib/util/getentropy.c,
+ plugins/sudoers/ldap.c:
+ Silence a few remaining -Wconversion warnings.
+ [8f1180e72c0b]
+
+ * plugins/sudoers/sudoers.c:
+ No need to inclue auth/sudo_auth.h
+ [61ec4a47c885]
+
+ * configure, m4/sudo.m4:
+ --enable-pvs-studio: check for license file in the default location
+ [35e596d1fdb7]
+
+2023-08-23 ken <41325712+rtczza@users.noreply.github.com>
+
+ * plugins/sudoers/timestamp.c:
+ modify ret type from int to bool (#298)
+
+ * modify ret type from int to bool
+
+ * change debug_return_int to debug_return_bool
+
+ * modify ret type
+ [cf8c33ecdce0]
+
+2023-08-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/callbacks.c, plugins/sudoers/check.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
+ Move timestampowner sudoers callback to timestamp.c.
+ [34520a083145]
+
+ * plugins/sudoers/set_perms.c:
+ Quiet a PVS-Studio false positive about possible NULL dereference.
+
+ set_perms() is only called with a NULL ctx for PERM_ROOT,
+ PERM_SUDOERS and PERM_TIMESTAMP.
+ [0ec4b81df902]
+
+2023-08-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/set_perms.c:
+ set_perms: ctx may be NULL for PERM_ROOT, PERM_SUDOERS,
+ PERM_TIMESTAMP.
+ [299c5cacb05a]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers_ctx_free.c:
+ Move a few fields from sudoers_user_contect to sudoers_context.
+
+ They are not really specific to the user or user-specified.
+ [0e166cff8c3b]
+
+ * plugins/sudoers/policy.c:
+ Remove dead code dealing with unknown user and MODE_INVALIDATE.
+
+ The timestamp unlink code does not need the user's struct passwd
+ pointer, just the user name (which we already have). Found by PVS-
+ Studio.
+ [dd41395692e5]
+
+ * lib/iolog/iolog_read.c, lib/iolog/iolog_write.c,
+ lib/util/sudo_dso.c:
+ Suppress some other PVS-Studio false positives.
+ [36d0f8d41e6e]
+
+ * plugins/sudoers/set_perms.c:
+ Quiet a PVS-Studio false positive about possible NULL dereference.
+
+ set_perms() is only called with a NULL ctx for PERM_ROOT,
+ PERM_SUDOERS and PERM_TIMESTAMP.
+ [a6f38a82c80c]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ MODE_KILL is never set in the sudoers plugin, remove it.
+ [5a64ba098c4f]
+
+ * plugins/sample/sample_plugin.c, plugins/sudoers/editor.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoreplay.c, src/exec_ptrace.c:
+ Cast int to size_t before adding instead of casting the result.
+
+ Quiets PVS-Studio warning V1028.
+ [39b9d54ae277]
+
+ * plugins/sudoers/audit.c:
+ Fix log_server_accept() definition for --disable-log-client builds.
+ [9ef55e556801]
+
+ * src/exec_pty.c:
+ Use a global static struct exec_closure for the cleanup hook.
+
+ This is safer than storing a pointer to a stack variable in the
+ cleanup function since we don't need to worry about it ever going
+ out of scope. Quiets a clang 15 analyzer warning.
+ [bfb06721d43f]
+
+ * lib/eventlog/eventlog.c, plugins/sudoers/testsudoers.c:
+ Eliminate some clang analyzer false positives.
+ [ded09455af48]
+
+ * plugins/sudoers/logging.c:
+ Plug memory leak if journal_parse_error() fails.
+
+ Found by the clang 15 analyzer.
+ [0d7e0567187e]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Move sudoedit_nfiles into struct sudoers_context.
+ [0f67b3c5c5b2]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/lookup.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Move sudo_mode into struct sudoers_context.
+ [649e74125300]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_ctx_free.c:
+ Move NewArgv, NewArgc and saved_argv into struct sudoers_context.
+ [46db0662eaf7]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add struct sudoers_conf to struct sudoers_plugin_context.
+
+ There's now no need to pass this directly to init_parser() since we
+ already pass in a pointer to a sudoers_context struct.
+ [4a60e7b19a1a]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/sudo_ldap_conf.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Store policy paths in struct sudoers_context.
+
+ This removes the need for the getters in policy.c.
+ [8ff3016dc8ad]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_ctx_free.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add sudoers_ctx_free() and use it for freeing struct sudoers
+ context.
+
+ This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
+ [ba25344753c3]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/callbacks.c,
+ plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_pwutil.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/display.c, plugins/sudoers/env.c,
+ plugins/sudoers/file.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/lookup.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/parse.h,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c:
+ Make struct sudoers_context private to sudoers.c.
+
+ We now pass a pointer to the context where necessary. There are a
+ few cases where we need to request the context from sudoers via
+ sudoers_get_context() for the plugin API functions. If the plugin
+ API was able to pass around a closure pointer this would not be
+ necessary.
+ [534d55781084]
+
+2023-08-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/callbacks.c,
+ plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/display.c,
+ plugins/sudoers/env.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/lookup.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c:
+ Add a sudoers_context struct that embeds the user and runas structs.
+ [7c72e0c26dc0]
+
+2023-08-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ free_parse_tree: clear the nss pointer when freeing.
+ [658fef1bd3c0]
+
+ * plugins/sudoers/parse_ldif.c:
+ sudoers_parse_ldif: do not free parse_tree before using
+
+ The user is expected to pass in an initialized and empty parse_tree
+ so there is no need to free it first.
+ [4d6371e98087]
+
+ * lib/zlib/adler32.c, lib/zlib/compress.c, lib/zlib/crc32.c,
+ lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzclose.c,
+ lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
+ lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c,
+ lib/zlib/inffast.h, lib/zlib/inflate.c, lib/zlib/inftrees.c,
+ lib/zlib/inftrees.h, lib/zlib/trees.c, lib/zlib/uncompr.c,
+ lib/zlib/zconf.h.in, lib/zlib/zlib.h, lib/zlib/zutil.c,
+ lib/zlib/zutil.h:
+ Update embedded copy of zlib to version 1.3.
+ [bfd6de199f8a]
+
+2023-08-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/pwutil_impl.c:
+ We still need to clamp ngids if getgrouplist2() returns -1.
+
+ Otherwise, we end up with ngids set to the number of gids the user
+ belongs to which may be larger than what the front-end specified.
+ Fixes a regression introduced in the last commit here.
+ [4a2aeaf67236]
+
+2023-08-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ No need to clear errno when using sudo_strtonum().
+ [f62f2580c6a5]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
+ Move max_groups out of sudoers_user_context and into pwutil.c.
+
+ It is only used by the local password pwutil implementation.
+ [c33497cc3291]
+
+ * plugins/sudoers/check_util.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Pass in directory to check_user_runchroot() and check_user_runcwd().
+
+ This way we do not rely on the runas_ctx global.
+ [f70888bdedf6]
+
+ * plugins/sudoers/regress/exptilde/check_exptilde.c:
+ check_exptilde: don't need runas_ctx here
+ [520483cdb2ae]
+
+ * plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct
+ sudoers_runas_context.
+ [2024629414ed]
+
+2023-08-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ Make path_plugin_dir private to policy.c and add getter.
+ [2bf12c839083]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/logging.c, plugins/sudoers/lookup.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Move list_pw global into struct runas_context.
+ [32faa515c324]
+
+2023-08-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/callbacks.c,
+ plugins/sudoers/check.c, plugins/sudoers/check_util.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/display.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/lookup.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Add struct sudoers_runas_context and move runas-specific bits into
+ it.
+ [d6a5f5b3c136]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/callbacks.c, plugins/sudoers/check.c,
+ plugins/sudoers/check_util.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/display.c, plugins/sudoers/env.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/lookup.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c:
+ Expand the user_* (and more) macros to user_ctx.foo.
+ [b62e24d53e3f]
+
+ * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Pass explicit struct passwd * to create_admin_success_flag().
+ [120bb08f53bb]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Make sudoers_user_ctx_free() private to sudoers.c
+ [ed512916a444]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/callbacks.c,
+ plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/display.c,
+ plugins/sudoers/logging.c, plugins/sudoers/lookup.c,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c:
+ Rename struct sudo_user -> struct sudo_user_context.
+
+ Also rename the sudo_user global to user_ctx.
+ [d4b68657a430]
+
+ * src/exec.c:
+ fd_matches_tty: only zero out fd_sb if fstat(2) fails.
+
+ We need to preserve the contents of the struct stat if the fd is
+ some other type so the check for piped output works correctly. Bug
+ #1057
+ [ac80d75699d1]
+
+2023-08-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/callbacks.c:
+ Leave the I/O log callbacks in iolog.c
+
+ Otherwise, check_iolog_plugin will not link.
+ [4e2304f22e89]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/callbacks.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Move sudoers parser callbacks to callbacks.c.
+ [396d1dcdb35a]
+
+2023-08-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/sendlog.c:
+ Bump info_msgs_size to make room for the source.
+ [627f659fc180]
+
+ * .circleci/config.yml:
+ Update Xcode version from 13.2.1 to 13.4.1.
+ [6c32e86975be]
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/util.exp.in:
+ Use int, not short for events in the event API.
+
+ This fixes some -Wconversion warnings and fixes an inconsistency
+ between the libsudo_util event API and the plugin event API. The
+ actual struct internals still use shorts to avoid changing the ABI.
+ [2d7fcd66f7e7]
+
+ * plugins/sudoers/display.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Use const pointers where possible in the display code.
+ [87fd1def96b6]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Document "sudo -ll command" output.
+ [3e837165e978]
+
+ * plugins/sudoers/display.c, plugins/sudoers/lookup.c,
+ plugins/sudoers/parse.h, plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Add verbose version of "sudo -l command" by using an extra -l.
+
+ The output of "sudo -ll command" consists of the matching sudoers
+ rule (in long form) with the addition of a "Matched" entry that
+ shows the fully-qualfied path along with any arguments.
+ [038d8555e50c]
+
+ * plugins/sudoers/display.c:
+ Move code to display a cmndspec in long form to
+ display_cmndspec_long().
+ [a9887101de7c]
+
+ * plugins/sudoers/display.c:
+ sudo -ll: display the sudoers file the rule came from.
+ [ca6d31966f5c]
+
+2023-08-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/ssl_compat/ssl_compat.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/sudoers/log_client.c:
+ Fix checking of SSL_{read,write}_ex() return value.
+
+ These have a boolean-style return value. However, our emulated
+ versions can return -1 on error, which we need to preserve for older
+ versions of SSL_get_error() which expect it.
+ [4e812f2456f1]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Store the source of the matching rule and store in the event log.
+
+ The JSON logs will store the matching rule source.
+ [c7ee4ab87610]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c,
+ lib/eventlog/regress/eventlog_store/test1.json.in,
+ lib/eventlog/regress/eventlog_store/test1.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test2.json.in,
+ lib/eventlog/regress/eventlog_store/test2.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test3.json.in,
+ lib/eventlog/regress/eventlog_store/test3.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test4.json.in,
+ lib/eventlog/regress/eventlog_store/test4.json.out.ok,
+ logsrvd/iolog_writer.c, logsrvd/sendlog.c:
+ Log source in JSON logs
+
+ This makes it possible to tell which rule resulted in a match.
+ [a2573ce8ce3f]
+
+2023-08-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/lookup.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Use a single callback for sudoers_lookup() and add a closure
+ pointer.
+
+ The single callback now receives all the match info (or UNSPEC if no
+ match was attempted). This makes it possible to use the callback for
+ more than just printing testsudoers output.
+ [547d0256f22a]
+
+ * lib/util/regress/digest/digest_test.c:
+ Fix printf format string mismatch now that 'i' is size_t.
+ [366084860303]
+
+ * include/sudo_digest.h, lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/getentropy.c,
+ lib/util/regress/digest/digest_test.c, lib/util/util.exp.in,
+ plugins/sudoers/filedigest.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ sudo_digest_getlen: return size_t, and 0 on error instead of -1
+
+ This is an API change, sudo_digest_getlen_v1 remains for binary
+ compatibility.
+ [5866df2f4aab]
+
+ * logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/sudoers/log_client.c:
+ ERR_get_error() returns unsigned long, not int.
+ [94b2d963f279]
+
+ * plugins/sudoers/log_client.c:
+ We now must pass "err" SSL_get_error(), not "nread".
+ [b4cc206a2cf8]
+
+2023-08-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/hostcheck.h, lib/iolog/hostcheck.c:
+ Move compat definition of ASN1_STRING_get0_data to hostcheck.c. It
+ is not used anywhere else.
+ [39984513eb00]
+
+2023-08-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/hostcheck.h, include/sudo_compat.h,
+ include/sudo_ssl_compat.h:
+ Move OpenSSL compat defines to sudo_ssl_compat.h
+ [ad6b8bc3f054]
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ include/sudo_ssl_compat.h, lib/ssl_compat/Makefile.in,
+ lib/ssl_compat/ssl_compat.c, logsrvd/Makefile.in,
+ logsrvd/tls_common.h, m4/openssl.m4, plugins/sudoers/Makefile.in,
+ plugins/sudoers/log_client.h, src/Makefile.in:
+ Add implementation of SSL_read_ex/SSL_write_ex for those without.
+ [9456c3c5c91c]
+
+ * config.h.in, configure, logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c,
+ logsrvd/sendlog.c, m4/openssl.m4, plugins/sudoers/log_client.c:
+ Use SSL_read_ex() and SSL_write_ex() instead of SSL_read() and
+ SSL_write().
+ [5ac82bf78109]
+
+2023-08-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
+ Don't use sudo when building AIX packages
+
+ PolyPkg uses "sudo installp -l" to list the built package by default
+ but we may not have sudo privileges on the build host.
+ [e8ed6064193d]
+
+ * scripts/mkpkg:
+ Add --configure-only option to quit after the configure run.
+
+ This will be used to avoid building the entire package when we just
+ want the 32 or 64 bit sudo_intercept.so and sudo_noexec.so.
+ [22c7cec5a6a1]
+
+ * scripts/mkpkg:
+ Parse --disable-python in mkpkg and don't override -m32 for Solaris.
+
+ We want to be able to build without python and to specify the memory
+ model when building 32-bit .so's for Solaris.
+ [bf21f6e67ff5]
+
+2023-07-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md, Makefile.in, configure, configure.ac:
+ Add --enable-postinstall, an optional phase when building packages.
+
+ This makes it possible to run an arbitrary script between "make
+ install" and the polypkg run. This will be used to copy different
+ word size versions of sudo_intercept.so and sudo_noexec.so.
+ [d4e84fa16ccf]
+
+ * INSTALL.md, config.h.in, configure, configure.ac,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, src/exec_preload.c:
+ Add basic support for 32-bit and 64-bit LD_PRELOAD equivalents.
+
+ The noexec and intercept DSO settings may now include both a 32-bit
+ DSO and a 64-bit DSO specified by a colon. For example: /usr/libexe
+ c/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so.
+ [9489d8625acb]
+
+ * lib/util/term.c, src/exec_pty.c:
+ Cast TIOCSWINSZ to int to avoid overflow warning on 64-bit AIX.
+ [20919db351c1]
+
+2023-07-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_intercept_common.c:
+ Read path section of sudo.conf for sudo_conf_intercept_path().
+ [d5748f68b9cb]
+
+2023-07-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/visudo.man.in, docs/visudo.mdoc.in:
+ visudo: document that a new file is only created if the editor
+ writes it.
+
+ If visudo is used to create a new file, the file will only be
+ created if the user writes to the file via the editor. Simply
+ running visudo and exiting the editor will no longer cause the file
+ to be created. There is an exception for file created due to the
+ addition of a @include directive, which need to be present for the
+ sudoers file to parse properly. GitHub issue #294.
+ [21e4d5cc5f43]
+
+ * plugins/sudoers/visudo.c:
+ visudo: do not create a new file if the user made no changes
+
+ This prevents visudo from creating a new zero-length sudoers file if
+ the user exited the editor without making any changes. Files created
+ via a @include directive are preserved, even if empty, to avoid a
+ parse error. GitHub issue #294.
+ [4f086bb7ecdd]
+
+ * README.md, docs/CONTRIBUTING.md:
+ Make the sections on bug reporting consistent with each other.
+
+ GitHub issue #292
+ [d02253b4533d]
+
+2023-07-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec.c:
+ Remove unused variable introduced in last commit.
+ [94e0708ad331]
+
+ * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
+ Don't assume that if std{in,out,err} is a tty, it is the user's tty.
+
+ Previously, sudo only checked that the fd was a terminal, not that
+ it matched sudo's idea of the user's terminal. This matters when
+ input or output is redirected to a different terminal. In that case
+ we want to interpose the fd with a pipe even if it refers to a
+ terminal. Bug #1056.
+ [42838100b526]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test29.out.ok,
+ plugins/sudoers/regress/testsudoers/test29.sh,
+ plugins/sudoers/regress/testsudoers/test30.out.ok,
+ plugins/sudoers/regress/testsudoers/test30.sh,
+ plugins/sudoers/regress/testsudoers/test31.out.ok,
+ plugins/sudoers/regress/testsudoers/test31.sh:
+ testsudoers: add -L, -l and -v tests
+ [250e9abba14e]
+
+ * plugins/sudoers/regress/testsudoers/test1.out.ok,
+ plugins/sudoers/regress/testsudoers/test10.out.ok,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/regress/testsudoers/test15.out.ok,
+ plugins/sudoers/regress/testsudoers/test16.out.ok,
+ plugins/sudoers/regress/testsudoers/test17.out.ok,
+ plugins/sudoers/regress/testsudoers/test18.out.ok,
+ plugins/sudoers/regress/testsudoers/test19.out.ok,
+ plugins/sudoers/regress/testsudoers/test2.out.ok,
+ plugins/sudoers/regress/testsudoers/test20.out.ok,
+ plugins/sudoers/regress/testsudoers/test21.out.ok,
+ plugins/sudoers/regress/testsudoers/test22.out.ok,
+ plugins/sudoers/regress/testsudoers/test23.out.ok,
+ plugins/sudoers/regress/testsudoers/test24.out.ok,
+ plugins/sudoers/regress/testsudoers/test25.out.ok,
+ plugins/sudoers/regress/testsudoers/test26.out.ok,
+ plugins/sudoers/regress/testsudoers/test27.out.ok,
+ plugins/sudoers/regress/testsudoers/test28.out.ok,
+ plugins/sudoers/regress/testsudoers/test3.out.ok,
+ plugins/sudoers/regress/testsudoers/test4.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test6.out.ok,
+ plugins/sudoers/regress/testsudoers/test7.out.ok,
+ plugins/sudoers/regress/testsudoers/test8.out.ok,
+ plugins/sudoers/regress/testsudoers/test9.out.ok,
+ plugins/sudoers/testsudoers.c:
+ testsudoers: display when a password is required
+ [bf540275b47d]
+
+ * plugins/sudoers/testsudoers.c:
+ testsudoers: add -L, -l and -v options.
+
+ This makes it possible to test "sudo -l" and "sudo -v" using
+ testsudoers.
+ [871563fd71f0]
+
+2023-07-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/lookup.c:
+ sudoers_lookup_pseudo: sync with sudoers_lookup_check
+
+ This makes sudoers_lookup_pseudo(), which is used for pseudo-command
+ like "list" and "validate" a bit more like sudoers_lookup_check().
+ Time of day checks are performed, and callbacks are supported. We
+ cannot use the same code for regular commands and pseudo-commands
+ due to the "pwcheck == all" case.
+ [534b5e02dc34]
+
+ * plugins/sudoers/logging.c:
+ Fix user warning message for "sudo -l command" when not allowed.
+ Reported by the sudo-rs project.
+
+ There was a missing space between "list" and the actual command.
+ This also changes the output to include the command as specified by
+ the user, not the path found in the path. Previously, if the command
+ did not exist it would not be included in the message.
+ [f509188ce041]
+
+ * plugins/python/python_convmessage.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ Add free function for sudo Python module.
+
+ This reduces the amount of memory leaked on unload.
+ [71e459d071be]
+
+2023-07-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_14p3 for changeset 6902151970b6
+ [0083fdf4fc08] <1.9>
+
+ * configure, configure.ac:
+ sudo 1.9.14p3
+ [6902151970b6] [SUDO_1_9_14p3] <1.9>
+
+ * NEWS:
+ Document bug fixes in 1.9.14p3.
+ [538b0d8db69d] <1.9>
+
+ * NEWS:
+ Document bug fixes in 1.9.14p3.
+ [01b3a5943678]
+
+ * plugins/python/python_loghandler.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ Merge sudo_module_register_loghandler and
+ sudo_module_set_default_loghandler.
+
+ We now create the LogHandler class for each interpreter in
+ python_plugin_init() instead of just once in sudo_module_init().
+ This fixes the crash seen in Py_EndInterpreter() with Python 3.12
+ and significantly reduces the number of leaked objects tracked by
+ MemorySanitizer.
+ [92156e042c81] <1.9>
+
+ * plugins/python/python_loghandler.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ Merge sudo_module_register_loghandler and
+ sudo_module_set_default_loghandler.
+
+ We now create the LogHandler class for each interpreter in
+ python_plugin_init() instead of just once in sudo_module_init().
+ This fixes the crash seen in Py_EndInterpreter() with Python 3.12
+ and significantly reduces the number of leaked objects tracked by
+ MemorySanitizer.
+ [d257e01240c1]
+
+ * plugins/python/python_convmessage.c:
+ sudo_module_register_conv_message: fix copy pasta in debug_decl
+ [de399cdf465c]
+
+2023-07-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/python_baseplugin.c,
+ plugins/python/python_convmessage.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/sudo_python_module.c:
+ sudo_module_register_loghandler: clear sudo_type_LogHandler on error
+ Also add comments about PyModule_AddObject stealing a ref on
+ success.
+ [8f500926c894] <1.9>
+
+ * plugins/python/python_baseplugin.c,
+ plugins/python/python_convmessage.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/sudo_python_module.c:
+ sudo_module_register_loghandler: clear sudo_type_LogHandler on error
+ Also add comments about PyModule_AddObject stealing a ref on
+ success.
+ [cd6ffb5ec1be]
+
+ * plugins/python/pyhelpers.c:
+ Use Py_XDECREF instead of manual NULL check + Py_DECREF
+ [9dababbb90ab]
+
+2023-07-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/python_loghandler.c:
+ Work around a crash with Python 3.12.
+
+ In sudo_module_set_default_loghandler() if we don't leak the
+ reference to py_loghandler we get a crash in Py_EndInterpreter()
+ with Python 3.12. This probably indicates a reference counting bug
+ elsewhere.
+ [77e8641b7b40] <1.9>
+
+ * plugins/python/python_loghandler.c:
+ Work around a crash with Python 3.12.
+
+ In sudo_module_set_default_loghandler() if we don't leak the
+ reference to py_loghandler we get a crash in Py_EndInterpreter()
+ with Python 3.12. This probably indicates a reference counting bug
+ elsewhere.
+ [89fb0311367c]
+
+ * plugins/python/regress/check_python_examples.c:
+ Unbuffer stdout so we don't miss output during a crash.
+ [07222dfccfe2]
+
+ * plugins/python/python_loghandler.c:
+ Use PyObject_CallNoArgs() where possible.
+ [abd4dcbee072] <1.9>
+
+ * plugins/python/python_loghandler.c:
+ Use PyObject_CallNoArgs() where possible.
+ [5a1bef07358a]
+
+ * plugins/python/python_convmessage.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/sudo_python_module.h:
+ Make sudo_type_ConvMessage and sudo_type_LogHandler static.
+
+ They are not used outside their respective compilation units.
+ [c8dfb695dba1] <1.9>
+
+ * plugins/python/python_convmessage.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/sudo_python_module.h:
+ Make sudo_type_ConvMessage and sudo_type_LogHandler static.
+
+ They are not used outside their respective compilation units.
+ [9ec37d3a2f64]
+
+2023-07-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, plugins/python/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Pass TEST_VERBOSE to all test programs.
+ [39c17a66b02e]
+
+ * lib/iolog/regress/host_port/host_port_test.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/serialize_list/check_serialize_list.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/regress/unescape/check_unesc.c:
+ All test programs should accept the -v option, even if it is
+ ignored.
+ [d4cb95054f73]
+
+ * plugins/python/python_plugin_common.c:
+ Revert last change, wrong diff committed.
+ [d266c05853ce]
+
+ * plugins/python/regress/testhelpers.c:
+ Adapt to changed formatting of a rejected result in Python 3.12
+ [2f89b9e6a104] <1.9>
+
+ * plugins/python/regress/testhelpers.c:
+ Adapt to changed formatting of a rejected result in Python 3.12
+ [138957911238]
+
+ * plugins/python/python_plugin_common.c:
+ _python_plugin_new_interpreter switches to the new interpreter
+
+ No need to do PyThreadState_Swap in the caller.
+ [c848e20f3e93]
+
+ * plugins/python/example_audit_plugin.py, plugins/python/pyhelpers.c,
+ p
+ lugins/python/regress/testdata/check_example_audit_plugin_receives_a
+ ccept.stdout, plugins/python/regress/testdata/check_example_audit_pl
+ ugin_receives_error.stdout, plugins/python/regress/testdata/check_ex
+ ample_audit_plugin_receives_reject.stdout, plugins/python/regress/te
+ stdata/check_example_audit_plugin_version_display.stdout, plugins/py
+ thon/regress/testdata/check_example_audit_plugin_workflow_multiple.s
+ tdout, plugins/python/regress/testdata/check_example_debugging_c_cal
+ ls@diag.log, plugins/python/regress/testdata/check_example_debugging
+ _c_calls@info.log, plugins/python/regress/testdata/check_example_gro
+ up_plugin_is_able_to_debug.log, plugins/python/regress/testdata/chec
+ k_example_policy_plugin_validate_invalidate.log:
+ Remove trailing whitespace from test output.
+ [11db46e923fc] <1.9>
+
+ * plugins/python/example_audit_plugin.py, plugins/python/pyhelpers.c,
+ p
+ lugins/python/regress/testdata/check_example_audit_plugin_receives_a
+ ccept.stdout, plugins/python/regress/testdata/check_example_audit_pl
+ ugin_receives_error.stdout, plugins/python/regress/testdata/check_ex
+ ample_audit_plugin_receives_reject.stdout, plugins/python/regress/te
+ stdata/check_example_audit_plugin_version_display.stdout, plugins/py
+ thon/regress/testdata/check_example_audit_plugin_workflow_multiple.s
+ tdout, plugins/python/regress/testdata/check_example_debugging_c_cal
+ ls@diag.log, plugins/python/regress/testdata/check_example_debugging
+ _c_calls@info.log, plugins/python/regress/testdata/check_example_gro
+ up_plugin_is_able_to_debug.log, plugins/python/regress/testdata/chec
+ k_example_policy_plugin_validate_invalidate.log:
+ Remove trailing whitespace from test output.
+ [38f03683001d]
+
+2023-07-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/python_plugin_common.c:
+ We can rely on Py_FinalizeEx() to free sub-interpreters.
+ [0c84c411a6a0]
+
+ * plugins/python/python_plugin_common.c:
+ Call PyImport_AppendInittab after pre-initialization.
+
+ Also remove redundant PyConfig settings.
+ [e4f463e1094a]
+
+2023-07-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/python_plugin_common.c:
+ Use Py_InitializeFromConfig() not Py_InitializeEx() for Python >=
+ 3.8.
+
+ Avoids deprecation warnings on Python 3.12.
+ [99dc5948416d] <1.9>
+
+ * plugins/python/python_plugin_common.c:
+ Use Py_InitializeFromConfig() not Py_InitializeEx() for Python >=
+ 3.8.
+
+ Avoids deprecation warnings on Python 3.12.
+ [56e4c7111744]
+
+2023-07-18 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/eventlog/regress/logwrap/check_wrap.c, lib/util/glob.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/regress/glob/globtest.c, logsrvd/sendlog.c,
+ plugins/group_file/plugin_test.c,
+ plugins/python/regress/check_python_examples.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/tsdump.c:
+ Prefer fputs over fprintf where possible
+
+ fprintf does extra work and meant for formatting strings.
+ [c31cdbe6f23f]
+
+2023-07-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ The sudoers option is "use_pty", not "log_pty"
+
+ GitHub issue #291
+ [08b582beb2c9] <1.9>
+
+ * NEWS:
+ The sudoers option is "use_pty", not "log_pty"
+
+ GitHub issue #291
+ [31cf599c73d5]
+
+2023-07-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/term.c:
+ Quiet a warning false positive with older versions of gcc.
+ [8556d6c1cd37]
+
+ * plugins/sudoers/sudoers.c:
+ sudoers_check_common: MODE_PRESERVE_ENV is not valid with
+ MODE_CHECK.
+
+ We should only check for MODE_PRESERVE_ENV when running a command.
+ [8fc6f392cc43]
+
+2023-07-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_14p2 for changeset 47c0bf9a7ebb
+ [6bbe51d30496] <1.9>
+
+ * configure, configure.ac:
+ sudo 1.9.14p2
+ [47c0bf9a7ebb] [SUDO_1_9_14p2] <1.9>
+
+ * plugins/sudoers/match.c:
+ runas_userlist_matches: fix matching a Runas_Spec with an empty
+ runas user.
+
+ We should only match a rule with an empty runas user if a group was
+ specified on the command line (sudo -g) without a user (no -u
+ option) or the user specified their own name on the command line.
+ GitHub issue #290
+ [164428126ee6] <1.9>
+
+ * MANIFEST, plugins/sudoers/match.c,
+ plugins/sudoers/regress/testsudoers/test28.out.ok,
+ plugins/sudoers/regress/testsudoers/test28.sh:
+ runas_userlist_matches: fix matching a Runas_Spec with an empty
+ runas user.
+
+ We should only match a rule with an empty runas user if a group was
+ specified on the command line (sudo -g) without a user (no -u
+ option) or the user specified their own name on the command line.
+ GitHub issue #290
+ [ba9da369370e]
+
+2023-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Document bug fixes in 1.9.14p2.
+ [e5cd975816b8] <1.9>
+
+ * NEWS:
+ Document bug fixes in 1.9.14p2.
+ [cb5ece49ad53]
+
+ * src/exec_pty.c:
+ Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped.
+
+ This fixes a problem with "stair-stepped" output when the sudo-run
+ command's output is piped to another program and the command reads
+ input from the terminal.
+ [17009f9817b0] <1.9>
+
+ * src/exec_pty.c:
+ Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped.
+
+ This fixes a problem with "stair-stepped" output when the sudo-run
+ command's output is piped to another program and the command reads
+ input from the terminal.
+ [faa06b1e8913]
+
+ * src/exec_monitor.c, src/exec_pty.c:
+ Simplify the exec_monitor() foreground flag.
+
+ Add cmnd_foreground flag that is only true if sudo is the foreground
+ process and the CD_EXEC_BG flag is not set and pass it to
+ exec_monitor(). This means exec_monitor() no longer needs to check
+ for CD_EXEC_BG.
+ [6cc420fea368] <1.9>
+
+ * src/exec_monitor.c, src/exec_pty.c:
+ Simplify the exec_monitor() foreground flag.
+
+ Add cmnd_foreground flag that is only true if sudo is the foreground
+ process and the CD_EXEC_BG flag is not set and pass it to
+ exec_monitor(). This means exec_monitor() no longer needs to check
+ for CD_EXEC_BG.
+ [65ac52524254]
+
+ * include/sudo_util.h, lib/util/term.c, plugins/sudoers/sudoreplay.c:
+ sudo_term_raw: change the isig argument into a flags field
+
+ There are current two flags: SUDO_TERM_ISIG (enable terminal
+ signals) and SUDO_TERM_OFLAG (preserve output flags).
+ [15fdaae9fa3b] <1.9>
+
+ * include/sudo_util.h, lib/util/term.c, plugins/sudoers/sudoreplay.c:
+ sudo_term_raw: change the isig argument into a flags field
+
+ There are current two flags: SUDO_TERM_ISIG (enable terminal
+ signals) and SUDO_TERM_OFLAG (preserve output flags).
+ [09eced2fb202]
+
+2023-07-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ Fix a crash in intercept mode running a command with NULL argv[0].
+
+ Newer Linux kernels replace a NULL argv[0] with the empty string, we
+ should as well.
+ [74e81e6d373a] <1.9>
+
+ * src/exec_ptrace.c:
+ Fix a crash in intercept mode running a command with NULL argv[0].
+
+ Newer Linux kernels replace a NULL argv[0] with the empty string, we
+ should as well.
+ [d1cb1882d7e8]
+
+ * src/conversation.c:
+ sudo_conversation_printf: simplify \n -> \r\n handling
+ [de2ddc08f262]
+
+ * src/conversation.c:
+ sudo_conversation: zero out reply even if no password is requested.
+
+ This avoids a potential invalid free in the err label and provides
+ more predictable behavior when mixing message types in a
+ conversation.
+ [79cc9efe3dbf]
+
+2023-07-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_14p1 for changeset fc033946b1a9
+ [ee6033290e91] <1.9>
+
+ * configure, configure.ac:
+ sudo 1.9.14p1
+ [fc033946b1a9] [SUDO_1_9_14p1] <1.9>
+
+ * NEWS:
+ Docume bug fixes in 1.9.14p1.
+ [f526fda905de] <1.9>
+
+ * NEWS:
+ Docume bug fixes in 1.9.14p1.
+ [7e4a4b7ed53b]
+
+ * plugins/sudoers/log_client.c:
+ fmt_info_messages: don't include ttyname if it is NULL
+
+ The NULL check was commented out for testing but should have been
+ restored. Fixes a potential protocol error message from
+ sudo_logsrvd.
+ [12cf2b87355a] <1.9>
+
+ * plugins/sudoers/log_client.c:
+ fmt_info_messages: don't include ttyname if it is NULL
+
+ The NULL check was commented out for testing but should have been
+ restored. Fixes a potential protocol error message from
+ sudo_logsrvd.
+ [c983428b3ad8]
+
+ * logsrvd/iolog_writer.c:
+ evlog_new: store a new copy of peeraddr, not a pointer to a buffer.
+
+ Starting in sudo 1.9.14, eventlog_free() will free the peeraddr
+ member too so it needs to be dynamically allocated.
+ [4c984e3e6aef] <1.9>
+
+ * logsrvd/iolog_writer.c:
+ evlog_new: store a new copy of peeraddr, not a pointer to a buffer.
+
+ Starting in sudo 1.9.14, eventlog_free() will free the peeraddr
+ member too so it needs to be dynamically allocated.
+ [846cf82b8eab]
+
+2023-07-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/realpath.c:
+ realpath.c: include limits.h and use sysconf(_SC_SYMLOOP_MAX)
+
+ This is more portable and eliminates the need to check for
+ SYMLOOP_MAX (and provide it if missing) in configure. Also quiet
+ some -Wconversion warnings.
+ [beabc1e73e11]
+
+ * plugins/sudoers/ldap_conf.c:
+ sudo_krb5_ccname_path: avoid gcc false positive for ccname being
+ NULL
+
+ The callers all verify that they don't pass a NULL ccname so I'm not
+ sure how the compiler is getting confused (and why now?).
+ [93043879e7f2]
+
+ * include/sudo_debug.h:
+ Work around unused variable warning when fuzzing in enabled.
+ [ac4bd3bfeb71]
+
+ * plugins/sudoers/check_util.c,
+ plugins/sudoers/regress/testsudoers/test25.out.ok,
+ plugins/sudoers/regress/testsudoers/test25.sh,
+ plugins/sudoers/regress/testsudoers/test26.out.ok,
+ plugins/sudoers/regress/testsudoers/test26.sh:
+ Only allow the user to specify -D or -R for the special "*" value.
+
+ The sudoers file must now explicitly allow the user to specify a
+ directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot to
+ "*". If a specific cwd or chroot value is set in sudoers, the user
+ may not use the -D or -R options, even if they match the value in
+ sudoers.
+ [790d60c6ed4b]
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
+ Add restrict keyword to sudo_printf_t in plugin docs.
+ [46c15d2647cc]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c:
+ Convert sudo_debug_enter and sudo_debug_exit into macros.
+
+ In most cases, these simply expand to a call to
+ sudo_debug_printf2(). We need to keep the function versions around
+ in libsudo_util for backwards compatibility.
+ [b76b35e12afa]
+
+ * lib/util/sudo_debug.c:
+ Fix sudo_debug_exit_uint_v1 declaration for fuzzers.
+ [d4edc2fb3299]
+
+ * lib/util/sudo_debug.c:
+ Add missing sudo_debug_exit_uint_v1 stub for fuzzers.
+ [71a4a37fbc90]
+
+ * src/conversation.c, src/edit_open.c, src/exec_common.c,
+ src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.h, src/sudo_exec.h, src/tgetpass.c:
+ sudo frontend: make more bit flags unsigned.
+ [f353bc889b26]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/lookup.c,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ sudoers plugin: make more bit flags unsigned.
+ [77a583ebe2e7]
+
+ * include/sudo_debug.h, include/sudo_event.h, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c,
+ lib/util/sudo_debug.c, lib/util/util.exp.in:
+ libsudo_util: make more bit flags unsigned.
+ [005d0be694f5]
+
+2023-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/timeout.c:
+ parse_timeout: move overflow check to the correct location
+
+ It was not covering all cases in its original location. Fixes oss-
+ fuzz issue 60454 with fuzz_sudoers.
+ [e40119f18e83]
+
+2023-07-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #287 from AtariDreams/restrict
+
+ Give every printf-like function restrict qualifiers
+ [4945ab27d6c4]
+
+ * src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
+ struct exec_closure: make rows and cols int, not short
+
+ There's no real space saved by using short and using int avoids a
+ few casts.
+ [8385add04ed2]
+
+ * plugins/sudoers/testsudoers.c:
+ testsudoers: avoid extern definitions where possible
+ [ef4bed9a6a41]
+
+ * include/sudo_json.h, include/sudo_lbuf.h, lib/util/closefrom.c,
+ lib/util/digest.c, lib/util/event_poll.c, lib/util/fatal.c,
+ lib/util/getentropy.c, lib/util/getgrouplist.c, lib/util/gidlist.c,
+ lib/util/json.c, lib/util/lbuf.c, lib/util/mkdir_parents.c,
+ lib/util/parseln.c, lib/util/regex.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ lib/util/regress/hexchar/hexchar_test.c,
+ lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sig2str.c, lib/util/str2sig.c,
+ lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strtoid.c,
+ lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
+ lib/util/ttysize.c:
+ libsudo_util: silence most -Wconversion warnings.
+ [420705f9796a]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ lib/eventlog/eventlog_conf.c, lib/eventlog/logwrap.c,
+ lib/eventlog/parse_json.c,
+ lib/eventlog/regress/eventlog_store/store_json_test.c,
+ lib/eventlog/regress/eventlog_store/store_sudo_test.c,
+ lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/eventlog/regress/parse_json/check_parse_json.c:
+ libevent: silence -Wconversion warnings.
+ [f00cb5679a19]
+
+ * lib/fuzzstub/fuzzstub.c:
+ libfuzzstub: silence -Wconversion warnings.
+ [164d2412d209]
+
+ * include/sudo_iolog.h, lib/iolog/hostcheck.c,
+ lib/iolog/iolog_filter.c, lib/iolog/iolog_legacy.c,
+ lib/iolog/iolog_mkdirs.c, lib/iolog/iolog_mkdtemp.c,
+ lib/iolog/iolog_read.c, lib/iolog/iolog_timing.c,
+ lib/iolog/iolog_write.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_timing/check_iolog_timing.c:
+ libiolog: silence -Wconversion warnings.
+ [d8c1a0869ef4]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
+ logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ logsrvd/sendlog.c:
+ sudo_logsrvd: silence most -Wconversion warnings.
+ [bf3f40ec4645]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/b64_encode.c,
+ plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/display.c,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/ldap_innetgr.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/parse.h,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c:
+ sudoers plugin: silence most -Wconversion warnings.
+ [074179cbc3a8]
+
+ * plugins/python/pyhelpers.c, plugins/python/python_convmessage.c,
+ plugins/python/regress/iohelpers.c,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/sudo_python_module.c:
+ python plugin: silence -Wconversion warnings.
+ [a59d980f2793]
+
+ * plugins/sample/sample_plugin.c, src/conversation.c, src/copy_file.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c,
+ src/exec_intercept.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_preload.c, src/exec_ptrace.c, src/exec_pty.c,
+ src/net_ifs.c, src/parse_args.c, src/preserve_fds.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_intercept.c,
+ src/sudo_intercept_common.c, src/tgetpass.c, src/ttyname.c:
+ sudo frontend: silence most -Wconversion warnings.
+ [0dbece7ccb47]
+
+ * config.h.in, configure, configure.ac:
+ Add configure check for restrict keyword.
+ [f02ab280d8df]
+
+ * plugins/sudoers/sudoers.c:
+ sudoers_check_common: remove extraneous return statement.
+ [0df4297873b9]
+
+2023-07-07 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * include/sudo_compat.h, include/sudo_debug.h, include/sudo_fatal.h,
+ include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_util.h,
+ lib/eventlog/logwrap.c, lib/util/fatal.c, lib/util/inet_ntop.c,
+ lib/util/lbuf.c, lib/util/snprintf.c, lib/util/strlcat.c,
+ lib/util/strlcpy.c, lib/util/sudo_debug.c, lib/util/ttyname_dev.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd_journal.c,
+ plugins/audit_json/audit_json.c, plugins/group_file/plugin_test.c,
+ plugins/python/pyhelpers.c, plugins/python/regress/iohelpers.c,
+ plugins/python/regress/iohelpers.h,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h, plugins/sudoers/audit.c,
+ plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.h, plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/conversation.c, src/exec_preload.c, src/parse_args.c,
+ src/sudo_plugin_int.h:
+ Give every printf-like function restrict qualifiers
+
+ The format value has to be a string literal, every time.
+
+ Otherwise, you are not using these functions correctly. To reinforce
+ this fact, I putrestrict over every non-contrib example of this I
+ could find.
+ [e0f8bc0d596a]
+
+2023-07-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_digest.h, lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/regress/digest/digest_test.c:
+ Make the remaining instances of digest_type unsigned.
+ [409adc30cce2]
+
+2023-07-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_path_escapes.c:
+ Copy, don't append group ID in fill_group() and fill_runas_group()
+
+ This only affects the case where a group ID cannot be resolved.
+ [74cc29b9f7f0]
+
+ * lib/iolog/Makefile.in:
+ Remove regress corpus directories correctly
+ [406b862a7f2f]
+
+ * include/sudo_debug.h, include/sudo_util.h, lib/util/strtomode.c,
+ lib/util/sudo_debug.c, lib/util/util.exp.in:
+ Change sudo_strtomode() to return mode_t.
+ [5dc42fb5c2ad]
+
+2023-07-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/sudoreplay.c:
+ Rename print_usage() to display_usage()
+ [9e8390bb1ed0]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Move display of usage text into display_usage() so usage() always
+ exits.
+ [ded72aceb6f4]
+
+ * lib/util/parseln.c, logsrvd/logsrvd_journal.c:
+ Fix some indentation.
+ [bb84e5596d9c]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/testsudoers.c:
+ Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes.
+ [8f494aca5cd9]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/testsudoers_pwutil.c,
+ plugins/sudoers/testsudoers_pwutil.h, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/tsgetgrpw.h:
+ Fix wrapping of libc getpwnam/getpwuid/getgrnam/getgrgid on NetBSD.
+ [be23d201add2]
+
+ * MANIFEST, aclocal.m4, config.h.in, configure, configure.ac,
+ lib/util/roundup.c, m4/ax_gcc_builtin.m4:
+ Add configure tests for __builtin_clz/__builtin_clzl
+ [d7b341700a0a]
+
+ * lib/util/roundup.c:
+ Add fallback for compilers without __builtin_clz/__builtin_clzl
+ [d9f23c7a8fc0]
+
+ * lib/util/roundup.c:
+ sudo_pow2_roundup: fix 64-bit version when shifting 31 or more
+ places
+
+ Shift 1UL instead of 1 to avoid overflowing an int.
+ [4d45af829af0]
+
+ * Merge pull request #286 from AtariDreams/one-more
+
+ Optimize sudo_pow2_roundup_v1
+ [5cff0594a45c]
+
+2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/util/roundup.c:
+ Optimize sudo_pow2_roundup_v1
+
+ No need to call sudo_pow2_roundup_v2.
+ [0bcd411174c0]
+
+2023-07-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/roundup.c:
+ Merge pull request #285 from AtariDreams/bug
+
+ Remove comment about algorithm being from bit-twiddling hacks
+ [869552550451]
+
+2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/util/roundup.c:
+ Remove comment about algorithm being from bit-twiddling hacks
+
+ Said comment no longer applies.
+ [e2fc0106c79f]
+
+2023-07-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #284 from AtariDreams/fix
+
+ Fix fuzzing errors
+ [4abff6645036]
+
+ * Merge pull request #283 from AtariDreams/bug
+
+ Fixed even more signedness and conversion issues
+ [bbf1887a5132]
+
+2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/util/parseln.c, lib/util/roundup.c, logsrvd/logsrvd_journal.c:
+ Fix fuzzing errors
+
+ We should be checking for integer overflow, rather than checking if
+ size is 0.
+
+ Additionally, we should set errno to ENOMEM when this overflow
+ happens.
+
+ Finally, the most efficient implementation of the round-up-to-2
+ algorithm involves the clz intrinsic.
+ [db08a808004d]
+
+2023-07-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/lbuf.c:
+ sudo_lbuf_expand: limit allocation to UINT_MAX
+ [1cb5a458baaa]
+
+ * lib/util/parseln.c:
+ sudo_parseln: use sudo_pow2_roundup() instead of hand-rolling it.
+ [0582d18df65a]
+
+ * logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
+ Promote length/size/offset in struct connection_buffer to size_t.
+ [5e5a2a39c8e5]
+
+ * include/sudo_util.h, lib/util/lbuf.c, lib/util/roundup.c,
+ lib/util/util.exp.in, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ plugins/sudoers/log_client.c:
+ Make sudo_pow2_roundup() operate on size_t.
+ [cbae7a651a94]
+
+2023-07-03 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/timestamp.c, plugins/sudoers/tsgetgrpw.c,
+ src/sudo.c:
+ Fixed even more signedness and conversion issues
+
+ This should be the last of them.
+ [ccd65d72c6ac]
+
+2023-07-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c,
+ plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/python_loghandler.c,
+ plugins/python/sudo_python_debug.c,
+ plugins/python/sudo_python_debug.h:
+ Make the debug subsystem unsigned.
+
+ It was already unsigned in sudoers but not in the front-end or the
+ python plugin. Making this consistent resolves a lot of -Wconversion
+ warnings. Also clean up some other -Wconversion warnings in
+ sudo_debug.c.
+ [c6d20404141c]
+
+ * lib/eventlog/eventlog.c,
+ lib/eventlog/regress/eventlog_store/store_json_test.c,
+ lib/eventlog/regress/eventlog_store/store_sudo_test.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/exec_monitor.c, src/sudo.c:
+ Fix up indentation.
+ [d4ed4eaf46bd]
+
+ * Merge pull request #280 from AtariDreams/bug
+
+ Mark functions not returning as sudo_noreturn
+ [eaa69a6d85c6]
+
+2023-07-01 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/eventlog/eventlog.c,
+ lib/eventlog/regress/eventlog_store/store_json_test.c,
+ lib/eventlog/regress/eventlog_store/store_sudo_test.c,
+ lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/eventlog/regress/parse_json/check_parse_json.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/util/regress/hexchar/hexchar_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c, logsrvd/logsrvd.c,
+ logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, logsrvd/sendlog.c,
+ plugins/group_file/plugin_test.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/sesh.c,
+ src/sudo.c:
+ Mark functions not returning as sudo_noreturn
+
+ We also put NOTREACHED where it applies.
+ [d688d55f3c4c]
+
+2023-07-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l, src/limits.c:
+ Avoid passing debug_return_size_t() a negative number.
+ [7876d918030c]
+
+ * Merge pull request #279 from AtariDreams/bison
+
+ Regenerate toke.c using updated flex
+ [3fc1517ec05d]
+
+2023-06-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/testsudoers.c:
+ Fix a few memory leaks in the tests.
+ [c76134b329b3]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/group,
+ plugins/sudoers/regress/testsudoers/passwd,
+ plugins/sudoers/regress/testsudoers/test27.out.ok,
+ plugins/sudoers/regress/testsudoers/test27.sh,
+ plugins/sudoers/testsudoers.c:
+ Add test for runas_check_shell and check_user_shell()
+ [8e220e34840d]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test25.out.ok,
+ plugins/sudoers/regress/testsudoers/test25.sh,
+ plugins/sudoers/regress/testsudoers/test26.out.ok,
+ plugins/sudoers/regress/testsudoers/test26.sh,
+ plugins/sudoers/testsudoers.c:
+ testsudoers: add -D and -R options to set cwd and chroot like sudo
+ [a34c5ca239ca]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/check_util.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Move check_user_* functions to check_util.c so testsudoers can use
+ them.
+ [109830a316ee]
+
+2023-06-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/testsudoers.c:
+ testsudoers: make lbuf private to dump_sudoers()
+
+ It is no longer used directly in main.
+ [c2c5e7b3db6b]
+
+ * plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/regress/testsudoers/test4.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/testsudoers.c:
+ testsudoers: display "Parse error" if there was a parse error.
+
+ Previously, we just printed "Command unmatched" which makes it
+ harder to see that an error occurred.
+ [099360b56cc6]
+
+ * plugins/sudoers/regress/testsudoers/test1.out.ok,
+ plugins/sudoers/regress/testsudoers/test10.out.ok,
+ plugins/sudoers/regress/testsudoers/test15.out.ok,
+ plugins/sudoers/regress/testsudoers/test16.out.ok,
+ plugins/sudoers/regress/testsudoers/test17.out.ok,
+ plugins/sudoers/regress/testsudoers/test18.out.ok,
+ plugins/sudoers/regress/testsudoers/test19.out.ok,
+ plugins/sudoers/regress/testsudoers/test2.out.ok,
+ plugins/sudoers/regress/testsudoers/test20.out.ok,
+ plugins/sudoers/regress/testsudoers/test21.out.ok,
+ plugins/sudoers/regress/testsudoers/test22.out.ok,
+ plugins/sudoers/regress/testsudoers/test23.out.ok,
+ plugins/sudoers/regress/testsudoers/test24.out.ok,
+ plugins/sudoers/regress/testsudoers/test3.out.ok,
+ plugins/sudoers/regress/testsudoers/test6.out.ok,
+ plugins/sudoers/regress/testsudoers/test7.out.ok,
+ plugins/sudoers/regress/testsudoers/test8.out.ok,
+ plugins/sudoers/regress/testsudoers/test9.out.ok,
+ plugins/sudoers/testsudoers.c:
+ testsudoers: use allowed/denied/unmatched instead of just
+ matched/unmatched
+
+ This makes it possible to tell whether an entry was rejected due to
+ a negative match (explicitly denied) as opposed to a non-match. Also
+ fixes a bug where the runas status was only printed for positive
+ matches.
+ [3e9fc5fd7bb9]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test20.out.ok,
+ plugins/sudoers/testsudoers.c:
+ testsudoers: use sudoers_lookup() instead of a custom loop.
+ [a0ca73d81fa4]
+
+ * plugins/sudoers/lookup.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c:
+ Add callbacks to sudoers_lookup() so we can use it in testsudoers.
+
+ Also pass in the time to be used for NOTBEFORE/NOTAFTER checks.
+ [bcd59528055a]
+
+2023-06-29 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Regenerate toke.c using updated flex
+
+ Use the current version of flex to generate toke.c
+ [118d001d189c]
+
+2023-06-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/testsudoers.c:
+ Merge pull request #278 from AtariDreams/types
+
+ Avoid compiler casting warnings Part 2
+ [894767f88afa]
+
+ * plugins/sudoers/sudoers.c:
+ check_user_runcwd: only allow sudo's -D option if sudoers specifies
+ a runcwd.
+
+ Previously, the user could specify the runas user's home dir for
+ "sudo -i" or the user's existing cwd when -i is not specified. This
+ behavior was never documented and is inconsistent with how the -R
+ option is handled.
+ [e79eddc35325]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test24.out.ok,
+ plugins/sudoers/regress/testsudoers/test24.sh,
+ plugins/sudoers/testsudoers.c:
+ testsudoers: add support for NOTBEFORE and NOTAFTER
+
+ Also adds -T option to set the value of "now".
+ [b2d95b4a131d]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/lookup.c,
+ plugins/sudoers/parse.c:
+ Rename parse.c -> lookup.c now that it only contains sudoers_lookup.
+ [141000ce5f24]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/display.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h:
+ Split display_privs() and display_cmnd() out of parse.c into
+ display.c
+ [d654dd871e43]
+
+ * lib/util/snprintf.c:
+ No need to round up to page size with sudo_mmap_alloc().
+ [a57803434010]
+
+ * logsrvd/logsrvd.c:
+ Merge pull request #265 from AtariDreams/types
+
+ Avoid compiler casting warnings by assigning to variables of the
+ same type where possible
+ [16d8e7383e3e]
+
+ * Merge pull request #277 from AtariDreams/debug_return_int(1);
+
+ We should be returning 0, not 1, when logservd finishes without
+ errors
+ [19289d607981]
+
+2023-06-28 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * logsrvd/logsrvd.c:
+ We should be returning 0, not 1, when logservd finishes without
+ errors
+
+ 1 is for failure, 0 is for no failure, and this does not look like a
+ failure.
+ [7a0d2f4bf5d3]
+
+2023-06-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, src/sudo_intercept.c,
+ src/sudo_intercept_common.c:
+ Fix undefined symbol on macOS for intercept mode and log_subcmds.
+
+ macOS does not support direct access to the environ pointer from a
+ shared object. We need to redirect through _NSGetEnviron() instead.
+ Fixes GitHub issue #276.
+ [2cbebcb8082c]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ check_user_runcwd: allow -D option if it matches the cwd in sudoers
+
+ Previously, check_user_runcwd() would return true if the runcwd
+ matched the user's cwd, even if sudoers specified a different one.
+ The user-specified runcwd was ignored but it is better to error out
+ in this case. It is now also possible to use "sudo -D" with the
+ directory specified in sudoers.
+ [d32e07966e0e]
+
+2023-06-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_14 for changeset 8010d7515347
+ [ff70094a18c0] <1.9>
+
+ * MANIFEST, NEWS, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/logging.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/exec_nopty.c:
+ Merge sudo 1.9.14 from tip.
+ [8010d7515347] [SUDO_1_9_14] <1.9>
+
+2023-06-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #275 from AtariDreams/emergency
+
+ Set command_info to NULL once it is freed
+ [6d1e55f4e7b9]
+
+2023-06-26 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * plugins/sudoers/policy.c:
+ Set command_info to NULL once it is freed
+
+ The lack of setting to NULL is a holdover from when command_info was
+ a local variable and not a global one. However, we given how other
+ global variables are set to NULL, it is best that we do the same
+ here to avoid potential issues should sudoers_policy_store_result be
+ called again after the first time failed, otherwise we could get a
+ double-free.
+ [a1a462a52a98]
+
+2023-06-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #274 from bin-ly/main
+
+ Modify the is_script function for match_command.c
+ [05675d16bd52]
+
+2023-06-25 binlingyu <binlingyu@uniontech.com>
+
+ * plugins/sudoers/match_command.c:
+ Modify the is_script function for match_command.c
+ [ce944a838c33]
+
+2023-06-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention C99 requirement.
+ [f12a7b68e0b2]
+
+2023-06-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Reference SETENV-related settings in the command environment
+ section.
+
+ Based on GitHub PR #273 from Ilya Kulakov.
+ [f8b5ef533800]
+
+ * INSTALL.md:
+ Sudo requires a C99 compiler due to the use of flexible array
+ members.
+ [bb80666c7382]
+
+ * Merge pull request #266 from AtariDreams/c99
+
+ Do variable length arrays the C99 way
+ [690561b17683]
+
+2023-06-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #269 from trackers-lover/main
+
+ correct the return value type of function alias_find_used
+ [30dc3eb4a59a]
+
+2023-06-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Clarify that use_pty is on by default starting with 1.9.14.
+ [984048215229]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Sudo runs the command in a pty by default in 1.9.14 and above.
+ [92ec41fdf7c9]
+
+ * plugins/sudoers/sudoers.in:
+ Add commented out example for disabling use_pty.
+ [9a59b831f363]
+
+2023-06-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .circleci/config.yml:
+ Update Xcode version from 13.2.1 to 13.4.1.
+ [10bbb25b415e]
+
+2023-06-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST:
+ Add plugins/sudoers/regress/testsudoers/passwd to MANIFEST.
+ [016644afd8ae]
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, po/eo.mo,
+ po/eo.po, po/pl.mo, po/pl.po:
+ Updated translations from translationproject.org
+ [97167b63ffbd]
+
+ * NEWS:
+ Document recent bug fixes.
+ [34d8ffa919c6]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/group,
+ plugins/sudoers/regress/testsudoers/passwd,
+ plugins/sudoers/regress/testsudoers/test22.out.ok,
+ plugins/sudoers/regress/testsudoers/test22.sh,
+ plugins/sudoers/regress/testsudoers/test23.out.ok,
+ plugins/sudoers/regress/testsudoers/test23.sh:
+ Add tests to exercise recent runas user and group bug fixes.
+ [20f19831ed34]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/passwd,
+ plugins/sudoers/regress/testsudoers/test21.out.ok,
+ plugins/sudoers/regress/testsudoers/test21.sh:
+ Add test to exercise the bug that prevented the group specified via
+ "sudo -g" from matching when a Runas_Alias was used in the user or
+ group portion of a Runas_Spec.
+ [16c0668b5c4b]
+
+2023-06-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ runaslist_matches: split out user_list and group_list matching.
+
+ This makes it possible to call the appropriate runas user or group
+ list match function when resolving aliases instead of calling
+ runaslist_matches() itself. Fixes a bug that prevented the group
+ specified via "sudo -g" from matching when a Runas_Alias was used in
+ the user or group portion of a Runas_Spec.
+ [3e0885e96418]
+
+ * plugins/sudoers/match.c:
+ runaslist_matches: remove special case to handle "sudo -g group"
+
+ Now that we are guaranteed to have a runas user list for all sudoers
+ rules that contain a runas list, we can remove support for the
+ special case where user_matched is set in the runas group matching
+ conditional. This fixes a bug where "sudo -u myuser -g mygroup" was
+ permitted by a rule like "myuser ALL = (root) ALL".
+ [d80e907efe77]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/sudoers/test27.json.ok,
+ plugins/sudoers/regress/sudoers/test27.ldif.ok,
+ plugins/sudoers/regress/sudoers/test27.out.ok:
+ Populate runasusers even when only a grouplist is specified.
+
+ When a sudoers rule permits the user to run commands as a group, not
+ a user, we should set the runasusers to single member with the
+ special MYSELF token. This guarantees that the only time runasusers
+ will be NULL is when no runaslist is present.
+ [25c293ae5053]
+
+ * plugins/sudoers/match.c:
+ runaslist_matches: fix bug when no runas list is specified in
+ sudoers.
+
+ If a sudoers rule has no runas list, a user-specified runas group
+ should only be allowed if it matches a group that the default runas
+ user belongs to. Instead, a missing group check allowed the user run
+ commands as the default runas user with an arbitrary group.
+
+ This means that a rule like "somebody host = ALL", which should be
+ equivalent to "somebody host = (root) ALL", had the same effect as
+ "somebody host = (root:ALL) ALL".
+ [eeb075b3b79c]
+
+2023-06-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.h:
+ Python may be built with 32-bit time_t support on 32-bit platforms.
+ We need to undef the SIZEOF_TIME_T from pyconfig.h so it does not
+ conflict with our own.
+ [c8bf985eb777]
+
+2023-06-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #272 from millert/main
+
+ Avoid use of variable length arrays and add ctype(3) casts.
+ [806b2266f6ab]
+
+ * lib/util/lbuf.c:
+ Avoid use of variable length arrays and add ctype(3) casts.
+ [d8c80d4905b3]
+
+ * Merge pull request #270 from moehanabi/main
+
+ Add %n$s support for sudo_lbuf_append_v1
+ [53ad2cdaaabe]
+
+2023-06-09 Brilliant Hanabi <130747944+moehanabi@users.noreply.github.com>
+
+ * lib/util/lbuf.c:
+ Add %n$s support for sudo_lbuf_append_v1
+ [f48fa0250fdc]
+
+2023-06-09 bianguangze <bianguangze@uniontech.com>
+
+ * plugins/sudoers/alias.c:
+ correct the return value type of function alias_find_used
+ [f689f55fef3f]
+
+2023-06-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
+ plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo,
+ po/fr.po, po/hr.mo, po/hr.po, po/ko.mo, po/ko.po, po/ro.mo,
+ po/ro.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo,
+ po/uk.po, po/vi.mo, po/vi.po:
+ Updated translations from translationproject.org
+ [966147718ed3]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.14
+ [b79b44520c46]
+
+ * NEWS:
+ Mention Bug #1050 fix.
+ [c4af7e56a515]
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/sudo_ldap_conf.h:
+ Add NETGROUP_QUERY option for servers that can't match
+ nisNetgroupTriple. This can be used to support netgroup queries on
+ systems that lack the innetgr() function and where the LDAP server
+ cannot query the nisNetgroup by nisNetgroupTriple.
+ [98b293bee424]
+
+2023-06-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ sudo_ldap_check_non_unix_group: pass nss pointer to netgr_matches()
+ This allows us to use the LDAP-specific version of innetgr() when
+ possible. Also enable "use_netgroups" by default even on systems
+ without innetgr() since we can now query netgroups directly via
+ LDAP.
+ [a443919be48c]
+
+2023-06-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ Only call ptrace_verify_post_exec() for intercept, not log_subcmds.
+ [9f55dcdd66cd]
+
+ * NEWS, configure, configure.ac:
+ sudo 1.9.14
+ [73c25828ffc8]
+
+2023-06-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ run_command: back out changes to run editor in its own process
+ group. It unnecessarily complicates things to work around bugs in an
+ OS almost no one runs.
+ [8790d32a4f99]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/suspend_parent.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in, src/sudo_exec.h,
+ src/suspend_parent.c:
+ Make suspend_parent.c out of lib/util and into src. Nothing else
+ uses it now.
+ [69eda3d690e4]
+
+2023-06-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/digestname.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Initialize digest_type to SUDO_DIGEST_INVALID, not -1 and make it
+ unsigned. This makes the digest type consistently unsigned instead
+ of a mix of signed (for the -1 value in the tokenizer) and unsigned.
+ [49ef7c33450f]
+
+2023-05-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
+ etc/codespell.exclude, etc/codespell.ignore,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/pivot.c, plugins/sudoers/visudo.c:
+ Fix typos and update excluded/ignored codespell lists.
+ [bdb70620b4e4]
+
+2023-05-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ run_command: check that ttyfd is not -1 before using it
+ [990cbd169a37]
+
+2023-05-18 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/rcstr.c,
+ plugins/sudoers/canon_path.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/sudo_ldap_conf.h:
+ Do variable length arrays the C99 way
+
+ Variable length arrays are supported by C99, but having it denoted
+ as "1" confused the compiler and is not defined.
+
+ Note that because we don't get the inferred NULL terminator, we have
+ to increase the malloc size by one.
+ [4e33419e940e]
+
+ * lib/eventlog/eventlog.c, lib/eventlog/eventlog_free.c,
+ lib/eventlog/parse_json.c, lib/iolog/hostcheck.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c, lib/util/event.c,
+ lib/util/explicit_bzero.c, lib/util/fatal.c, lib/util/getaddrinfo.c,
+ lib/util/getentropy.c, lib/util/hexchar.c, lib/util/inet_ntop.c,
+ lib/util/json.c, lib/util/lbuf.c, lib/util/mksiglist.c,
+ lib/util/mksigname.c, lib/util/multiarch.c, lib/util/progname.c,
+ lib/util/sig2str.c, lib/util/snprintf.c, lib/util/sudo_conf.c,
+ lib/util/term.c, lib/util/uuid.c, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/editor.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/visudo.c, src/conversation.c, src/exec_monitor.c,
+ src/limits.c, src/parse_args.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Avoid compiler casting warnings by assigning to the same type where
+ possible
+
+ This saves instructions that are related to casting as well as
+ compiler warnings.
+ [d47033551fca]
+
+ * lib/util/mktemp.c, lib/util/regress/tailq/hltq_test.c,
+ lib/util/sudo_debug.c, lib/util/ttyname_dev.c,
+ plugins/group_file/plugin_test.c, plugins/sudoers/editor.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/match_digest.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c,
+ src/exec_monitor.c, src/limits.c, src/sesh.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Avoid compiler casting warnings Part 2
+
+ This saves instructions that are related to casting as well as
+ compiler warnings.
+ [685a954b019f]
+
+2023-05-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ Work around a macOS a kernel bug where tcsetpgrp() does not restart.
+
+ I reported this bug to Apple over 12 years ago.
+ [77871464e563]
+
+ * plugins/sudoers/visudo.c:
+ run_command: run editor in foreground if visudo is the foreground
+ process
+
+ The command is now always run in its own process group. If visudo is
+ run in the foreground, the command is run in the foreground too.
+ Otherwise, run the command in the background. There is a race
+ between the tcsetpgrp() call in the parent and the execve() in the
+ child. If we lose the race and the command needs the controlling
+ terminal, it will be stopped with SIGTTOU or SIGTTIN, which the
+ waitpid() loop will handle.
+ [e8e14e0024da]
+
+ * plugins/sudoers/visudo.c:
+ Accept carriage return for EOL in addition to newline.
+
+ Since visudo doesn't alter the terminal settings it is possible for
+ the terminal to have the ONLCR bit set in the output control flags.
+ In that case, we will get a CR, not a NL when the user presses
+ enter/return. One way this can happen is if visudo is run in the
+ background from a shell that supports line editing and the editor
+ restores the (cbreak-style) terminal mode when it finishes.
+ [14538e74fd02]
+
+2023-05-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/parser/check_fill.c:
+ check_fill: sudoers_strict() is now a function, not a global
+ variable
+ [8b8e72d283df]
+
+ * plugins/sudoers/parse.h, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.h:
+ Move parser prototypes / externs from sudoers.h to parse.h or
+ toke.h.
+ [79a52390c46b]
+
+ * plugins/sudoers/file.c, plugins/sudoers/sudoers.c:
+ parse.h is already included by sudoers.h.
+ [f6faa3f782a2]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Rename parser_conf -> sudoers_conf in all but the parser itself.
+ [61614621341e]
+
+2023-05-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Move sudoers search path to struct sudoers_parser_config.
+
+ That way we can avoid passing it to init_parser() directly. We still
+ need sudoers_search_path to be shared between the lexer and the
+ parser.
+ [5e6c6a08aded]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
+ Add struct sudoers_parser_config and pass it to init_parser().
+
+ This struct contains parser configuration such as the sudoers file
+ uid/gid/mode and parse flags such as verbose, strict and recovery.
+ [ed8042e7a49a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ push_include_int: Avoid passing close(2) a negative value on error.
+ Coverity CID 314108
+ [bbbdfa87543e]
+
+ * plugins/sudoers/ldap.c:
+ Eliminate dead store. Coverity CID 315032.
+ [6b48998e4db1]
+
+2023-05-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_iolog.h, lib/iolog/iolog_gets.c:
+ iolog_gets: change size parameter to int to match fgets/gzgets
+
+ Return an error, setting errno to EINVAL, for negative sizes.
+ [27534bcb58a7]
+
+2023-05-05 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * plugins/sudoers/sudoers_hooks.c:
+ Redundant cast removal in sudoers_hooks
+
+ def_sudoers_locale is already a char*
+ [2f79add9136d]
+
+2023-05-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Rename force_umask to override_umask and make it private to
+ sudoers.c.
+
+ Add getter for policy.c.
+ [1c8a56c767f3]
+
+ * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
+ Make timestamp_uid and timestamp_gid private to timestamp.c.
+
+ Add getter (for set_perms.c) and setter (for sudoers.c).
+ [ad49d0ee7e6f]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.h:
+ Make login_style private to bsdauth.c
+
+ Add a setter for policy.c to handle auth_type from the front-end.
+ [962af1d3d0fd]
+
+2023-05-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_debug.c:
+ Back out last change, len must be int, not size_t, for %.*s.
+ [a82bbd86fa29]
+
+ * src/exec_pty.c:
+ Use a "%s" format instead of using a translated string as the
+ format.
+ [1a73a1b4fa94]
+
+ * Merge pull request #260 from AtariDreams/size_t
+
+ Prefer size_t over int, as casting can take extra instructions
+ [c0fd1027e105]
+
+2023-05-03 Rose <83477269+AtariDreams@users.noreply.github.com>
+
+ * lib/eventlog/parse_json.c, lib/util/sudo_debug.c,
+ plugins/sudoers/fmtsudoers.c:
+ Prefer size_t over int, as casting can take extra instructions
+ [96fc138b2009]
+
+2023-05-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Rename init_parser_ext() to init_parser() and remove old wrapper.
+
+ There was only one consumer of the init_parser() wrapper now that
+ reset_parser() has been introduced.
+ [4be1b8965ce6]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c:
+ Add reset_parser() and use in place of init_parser(NULL).
+ [f85227ac1182]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ Make path_ldap_conf and path_ldap_secret private to policy.c.
+
+ Add getters for both so the ldap code can access them.
+ [90a2107d6ec7]
+
+ * plugins/sudoers/file.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
+ Make sudoers_file private to policy.c and visudo.c.
+
+ We just need a way for the policy (and visudo) to override the
+ default sudoers path. This adds a getter to be used in file.c when
+ sudoers is first opened.
+ [657aa80f3af8]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c:
+ Support adminconfdir for relative include paths in sudoers.
+ [7ebdbd46b47b]
+
+ * plugins/sudoers/visudo.c:
+ Track the destination sudoers path for each parsed file.
+
+ When adminconfdir is enabled, the destination pathh may be different
+ from the path we opened. We always store an edited file in the
+ adminconfdir (if enabled). This makes it possible to use visudo when
+ /etc/sudoers is located on a read-only file system.
+ [de896a012d81]
+
+ * INSTALL.md, Makefile.in, configure, configure.ac, docs/Makefile.in,
+ examples/Makefile.in, include/Makefile.in, lib/util/Makefile.in,
+ lib/zlib/Makefile.in, logsrvd/Makefile.in, m4/sudo.m4,
+ plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/python/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add adminconfdir and --enable-adminconf to set it. Configuration
+ paths in sudo are now a colon-separated list of files with the
+ adminconfdir instance first (if enabled), followed by a sysconfdir
+ instance.
+ [be1f672878ae]
+
+ * configure, configure.ac, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/secure_path.c, lib/util/sudo_conf.c, lib/util/util.exp.in,
+ logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/sudoers.c, src/Makefile.in:
+ Convert config file paths to colon-separated path list. This means
+ that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and
+ _PATH_CVTSUDOERS_CONF can now specify multiple files. The first file
+ that exists is used.
+ [902d9da6a941]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
+ Support sudoers_file being a colon-separated path of files. The
+ first file found is used.
+ [bebe005e2d32]
+
+2023-05-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure:
+ Regenerate with latest autoconf from git.
+ [0996570205bf]
+
+2023-04-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_conf.c:
+ No longer need to set AI_NUMERICSERV while fuzzing.
+
+ Now that getaddrinfo() is stubbed out while fuzzing we can remove
+ the hack that set AI_NUMERICSERV.
+ [8e3deb584c1c]
+
+2023-04-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ getaddrinfo stub: set sin_port
+ [019eb2da9944]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Avoid NULL deref in stub getaddrinfo() when nodename is NULL. Also
+ add support for parsing servname. We only need to support a subset
+ of getaddrinfo() functionality in the fuzzer.
+ [a605cc43bbaf]
+
+ * configure, m4/hardening.m4:
+ Add missing stdio.h include for the _FORTIFY_SOURCE=2 check.
+ Implementations of _FORTIFY_SOURCE require the header file to be
+ included. Also remove the useless test of an empty program with
+ _FORTIFY_SOURCE defined. Pointed out by Florian Weimer.
+ [511b9bdddbdc]
+
+ * configure, m4/ldap.m4:
+ Use ldap_msgfree() instead of ldap_init() for the lber.h test. The
+ ldap_init() function is marked as deprecated and not defined by
+ default on some systems. This can cause an error for compilers that
+ do not support implicit function declarations. From Florian Weimer.
+ [1b1ce2072403]
+
+2023-04-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Include arpa/inet.h for inet_pton() prototype.
+ [50d3b09376f7]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Add netdb.h for struct addrinfo and EAI_* error codes.
+ [92d33c6f8a23]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Stub out getaddrinfo() and freeaddrinfo(). We may not be able have
+ access to DNS in the fuzzing environment.
+ [b3d2e6c04076]
+
+ * lib/eventlog/regress/eventlog_store/store_sudo_test.c:
+ Plug memory leaks in store_sudo_test found by LSAN.
+ [5f1d68d01c0c]
+
+2023-04-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/limits.c:
+ disable_coredump: only change the soft limit, leave the hard limit
+ as-is This should avoid problems on Linux in cases where sudo does
+ not have CAP_SYS_RESOURCE which may be the case in an unprivileged
+ container. GitHub issue #42
+ [4e65c3923119]
+
+2023-04-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/build_pkgs:
+ Add basic support for remote power on/off via net-snmp.
+ [ca021941fd58]
+
+ * src/exec.c:
+ More accurate description of what happens for "sudo -b".
+ [a9158169fcac]
+
+ * src/exec_pty.c:
+ Better support for "sudo -b" when running the command in a pty.
+
+ When a command is run via "sudo -b" it has no access to terminal
+ input. In non-pty mode, the command runs in an orphaned process
+ group and reads from the controlling terminal fail with EIO. We
+ cannot do the same while running in a pty but if we set stdin to a
+ half-closed pipe, reads from it will get EOF. That is close enough.
+ [a284611a18fd]
+
+2023-04-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_nopty.c, src/exec_pty.c, src/selinux.c, src/sudo.h,
+ src/ttyname.c:
+ Avoid calling isatty()/ttyname() on std{in,out,err} if not a char
+ dev.
+
+ The user controls these fds so we should avoid calling ioctl(2) on
+ them unless they correspond to actual character device files.
+ [745430b563db]
+
+ * src/parse_args.c, src/sudo_usage.h.in:
+ Hard-code usage() and help() for an 80-column terminal.
+
+ Trying to tailor the help and usage output to the terminal width is
+ simply not worth it and could be abused to mark a socket as
+ "trusted" on Linux if there are additional kernel bugs like
+ CVE-2023-2002.
+ [d06fa6322ffb]
+
+ * config.h.in, configure, configure.ac, src/sudo.c,
+ src/sudo_usage.h.in:
+ Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in.
+ [e3149b6f4392]
+
+2023-04-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/ttysize.c, src/sudo.c:
+ get_user_info: call sudo_get_ttysize() even if no /dev/tty We still
+ want to initialize rows and cols based on the environment if
+ possible.
+ [4f3801c2f264]
+
+2023-04-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/parse_args.c:
+ Get the tty size using stdout, not stderr, when printing help
+ output. While usage() prints to stderr, help() prints to stdout.
+ [0bdf411ebc7f]
+
+ * src/sudo.c:
+ get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not
+ stderr. Both the plugin API and the main event loop expect
+ lines/cols to refer to the user's terminal, so using /dev/tty is
+ better here.
+ [2e7ba199f4c7]
+
+ * include/sudo_util.h, lib/util/ttysize.c, lib/util/util.exp.in,
+ plugins/sudoers/sudoreplay.c, src/parse_args.c, src/sudo.c:
+ Add an fd argument to sudo_get_ttysize() instead of always using
+ stderr.
+
+ For sudoreplay we open /dev/tty, so use that instead of stderr when
+ determining the terminal size.
+ [4afc292d3cf4]
+
+ * lib/util/ttysize.c:
+ Check whether stderr is a tty before trying TIOCGWINSZ.
+ [4a0d367e49c6]
+
+2023-04-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Use -no-undefined on macOS to avoid "-undefined dynamic_lookup"
+ warnings.
+
+ Starting with macOS 13, the linker warns when "-undefined
+ dynamic_lookup" is used. This is added by libtool by default on
+ macOS but we can suppress it by passing -no-undefined to libtool.
+ [afeb9acd894c]
+
+2023-04-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
+ docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
+ docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
+ docker/ubuntu/rolling/Dockerfile:
+ Add make to Dockerfile and sort packages.
+ [fa937cbf8a23]
+
+2023-04-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/UPGRADE.md, docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/defaults.c:
+ Enable the use_pty option by default for sudo 1.9.14.
+
+ GitHub issue #258
+ [86a1a6da1878]
+
+2023-04-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Split up the monolithic sudoers_policy_main() function.
+
+ This splits the code to find the command, perform a sudoers lookup,
+ ask for a password as needed, and perform post-lokup checks out into
+ sudoers_check_common(). The old sudoers_policy_main() has been
+ replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
+ sudoers_validate_user() (called by sudoers_policy_validate()) and
+ sudoers_list() (called by sudoers_policy_list()). The list_user
+ lookup is now performed in sudoers_list().
+ [59e0b245c776]
+
+ * plugins/sudoers/sudoers.c:
+ Move the root_sudo check until after we apply per-command Defaults.
+
+ It is possible, though unlikely, for "root_sudo" to be used in a
+ per-command Defaults statement.
+ [ca1903576e0d]
+
+2023-04-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ sudoers_policy_main: restore locale if sudoers_lookup() fails.
+
+ Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
+ locale would still be in effect instead of the original locale.
+ [24df4eebbfc8]
+
+ * plugins/sudoers/parse.c:
+ sudoers_lookup_pseudo: remove validated function argument
+
+ This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
+ at the top of the fuction. Make validated a local variables,
+ initialized to 0, instead. No change in behavior.
+ [72e6207850fc]
+
+2023-03-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/iolog.c:
+ The I/O log file name is not just the basename of the full
+ iolog_path. The audit plugin already has the correct value for
+ iolog_file, don't overwrite it with basename(iolog_path). In the
+ future we may wish to pass in iolog_file and iolog_dir in addition
+ to iolog_path. Fixes Bug #1046.
+ [f272de885273]
+
+2023-03-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Warn with "unknown user" not "unknown uid" if user cannot be
+ resolved. Prior to sudo 1.8 this was after a getpwuid() but now we
+ use getpwnam().
+ [9a523881df41]
+
+ * plugins/sudoers/sudoers.c:
+ Set timestamp_uid and timestamp_gid via a callback. This also makes
+ it possible to include the location of the line in the sudoers file
+ in the warning message (and mail).
+ [5588cf3cb55b]
+
+2023-03-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
+ Fix display of escape sequencees in ldapsearch example.
+ [08dc98162160]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ White space is not allowed between Defaults and '@', ':', '!', '>'.
+ The EBNF made it appear that this is allowed when it really is not.
+ [74bba755afaf]
+
+2023-03-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/edit_open.c, src/exec.c, src/exec_intercept.c,
+ src/exec_intercept.h, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/sudo_edit.h, src/sudo_exec.h, src/tgetpass.c:
+ Make struct {command,user}_details pointers const where possible.
+ [dcfa95a24789]
+
+ * src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Make user_details private to main.
+ [43477263455b]
+
+ * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/parse_args.c,
+ src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h,
+ src/tgetpass.c:
+ Make user_details private to sudo.c.
+ [fec5df7605dc]
+
+ * configure, scripts/config.sub:
+ Regenerate with the autoconf 2.72c snapshot.
+ [6dda0f9323b1]
+
+2023-03-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/parse_args.c:
+ Use sudo_get_ttysize() in help() and usage(). This eliminates a
+ dependency on the user_details global.
+ [ecbc8afc1630]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Store submitcwd (from user_details) in struct command_details. This
+ eliminates use of the user_details global from exec_setup().
+ [ed37b2a451f8]
+
+2023-03-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/utmp.c:
+ utmp_fill: user is now always non-NULL, no need for user_details.
+ [76bdecaaad07]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Remove list_user global.
+ [fd397db04688]
+
+ * src/conversation.c:
+ No need to declare tgetpass_flags, it is already in sudo.h.
+ [c7e1b8ef75c8]
+
+ * src/sudo.c:
+ No need for sudo_mode to be global anymore.
+ [f746eba12bd9]
+
+ * src/sudo.c:
+ Make command_details private to main().
+ [311fd705cce4]
+
+ * src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
+ Make iobufs private to exec_iolog.c.
+ [80861a209ddd]
+
+ * src/sudo_exec.h:
+ Remove ttymode and its associated values.
+ [efb4e04097ab]
+
+ * src/exec.c, src/exec_pty.c, src/get_pty.c, src/sudo.h,
+ src/sudo_exec.h:
+ Move ptyname to struct exec_closure
+ [d4080a4262bd]
+
+ * src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h:
+ Move pty_make_controlling() to exec_monitor.c where it is called. We
+ can use details->tty to access the pty follower path.
+ [9875f0b136f4]
+
+ * src/exec_pty.c, src/sudo.c:
+ Eliminate utmp_user global, just use the value in struct command
+ details.
+ [95b28adcb0f3]
+
+ * src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
+ Replace tty_mode global with term_raw flag in struct exec_closure.
+
+ The pty_cleanup hook needs access to the closure so add
+ pty_cleanup_init() to store a pointer to the closure for use by
+ pty_cleanup_hook().
+ [cc01f0da46d9]
+
+ * src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h:
+ Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). We
+ want it to execute in the main sudo process, not the monitor.
+ [279e370adc01]
+
+ * src/exec_iolog.c:
+ Make ttyblock private to exec_iolog.c
+ [61243eba350d]
+
+2023-03-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c, src/sudo_exec.h:
+ exec_pty.c: move foreground flag to struct exec_closure. Also make
+ pipeline flag private to exec_pty() and remove the unneeded
+ check_foreground() prototype.
+ [dd25f1d91008]
+
+ * src/exec_pty.c:
+ On resume, always sync the pty terminal settings with /dev/tty.
+
+ Changes made to the terminal settings while the command is suspended
+ are now reflected in the pty when the command is resumed. This is
+ more consistent with the non-pty behavior and allows for the removal
+ of the "tty_initialized" global. One downside to this change is that
+ if a terminal-based program using the pty is stopped with SIGSTOP it
+ may have the wrong terminal settings on resume. However, this is no
+ different from the non-pty case.
+ [3e59765dea31]
+
+ * lib/util/suspend_parent.c, lib/util/term.c:
+ Correct a comment.
+ [393a4d472507]
+
+2023-03-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .github/FUNDING.yml:
+ GitHub sponsor settings.
+ [7bd778b9adef]
+
+ * config.h.in, configure, configure.ac:
+ Use built-in tests for bit types instead of using AC_CHECK_TYPES.
+ This should be more portable as it handles the quirks of some older
+ systems.
+ [7e471f2a914d]
+
+ * plugins/sudoers/visudo.c, src/regress/intercept/test_ptrace.c:
+ Quiet compiler warnings on systems where pid_t is not an int.
+ Historically, pid_t was a long on some 32-bit systems like Solaris.
+ [c31393da893d]
+
+ * plugins/sudoers/visudo.c:
+ Silence "used uninitialized" false positives with older gcc
+ versions.
+ [40f0ee142249]
+
+ * src/exec_pty.c:
+ exec_pty: always copy the terminal settings from /dev/tty the pty.
+ Previously, we only did this when running in the foreground but this
+ can cause problems when running a program that reads the terminal
+ settings or window size in the background. If sudo is running in the
+ background, the terminal settings will be updated if it transitions
+ to the foreground process. Based on a suggestion from From Duncan
+ Overbruck.
+ [51a70eadc7fc]
+
+ * src/exec_pty.c:
+ check_foreground: use SFD_LEADER not SFD_FOLLOWER (which was
+ closed). Also use SFD_LEADER for sudo_term_copy() in exec_pty() for
+ consistency. From Duncan Overbruck.
+ [172962b90aa6]
+
+ * src/exec_pty.c:
+ suspend_sudo_pty: fix cut & pasto in last commit to catch SIGCONT.
+ Also set sa.sa_handler to SIG_DFL instead of SIG_IGN. There is no
+ difference for SIGCONT but it means we can re-use sa as-is later.
+ [e07725c8c939]
+
+2023-03-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Catch SIGCONT and restore terminal settings on resume from SIGSTOP.
+ While we cannot catch SIGSTOP, we _can_ catch SIGCONT and set
+ /dev/tty to raw mode when running in the foreground. Ignore SIGCONT
+ in suspend_sudo_pty() so we don't call resume_terminal() twice.
+ [b5b2d739e44d]
+
+ * src/exec_monitor.c, src/exec_pty.c:
+ Only convert a signal number to a name if we are going to use it. It
+ is mostly used for debug logging.
+ [225c3630ffff]
+
+ * src/exec_monitor.c, src/exec_pty.c, src/sudo.h:
+ Move updating of the window size back to the main sudo process. We
+ can use the leader file descriptor with TIOCGWINSZ to set the window
+ size of the pty. Thanks to Duncan Overbruck for the hint.
+ [6e3f7622038a]
+
+ * plugins/sudoers/visudo.c:
+ visudo: restore controlling terminal after running the editor.
+ Otherwise, visudo will get SIGTTOU if it tries to write to the
+ terminal after the editor finishes. Also avoid races by setting the
+ process group ID in both the parent and child, and grant the
+ controlling terminal in the parent, not the child.
+ [c0f339a84be8]
+
+2023-03-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/visudo.man.in, docs/visudo.mdoc.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Warn about ignored files in sudoers.d in visudo.
+ [61f8def2d666]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
+ Replace sudoers_warnings with sudoers_verbose. This is now an int,
+ with values > 1 reserved for visudo.
+ [d1d7b559b904]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Split push_include() into push_include() and push_includedir(). This
+ moves the "isdir" function argument to the internal version.
+ [d454beb6eebf]
+
+2023-03-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/file.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h:
+ Pass around const struct sudo_nss pointers where possible.
+ [d13437078d19]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h:
+ Pass around const struct sudoers_parse_tree pointers where possible.
+ [1aa8b9069b39]
+
+ * plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h:
+ Move non-config-related macros to from sudo_ldap_conf.h to
+ sudo_ldap.h.
+ [16e67a765a30]
+
+2023-03-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/getcwd.c,
+ scripts/mkdep.pl:
+ Remove portable getcwd.c, nothing uses it anymore. Any operating
+ system supported by sudo already includes getcwd(3).
+ [8f0584066f6f]
+
+ * src/Makefile.in:
+ Use LIBPROTOBUF_C and LIBUTIL variables and use them.
+ [062142fa5ae8]
+
+2023-03-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_util.h:
+ Remove now-unused sudo_timeval* macros.
+ [3448dce21b9c]
+
+ * lib/util/nanosleep.c:
+ nanosleep: clear remainder on successful completion Also switch to
+ doing everything in terms of struct timespec except for the actual
+ select(2) call.
+ [d67451eb618e]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in:
+ Add lib dependencies for fuzzer and test targets.
+ [60605bcc3905]
+
+ * lib/eventlog/eventlog_free.c:
+ eventlog_free: free peeraddr
+ [42670e45e57f]
+
+ * plugins/sudoers/ldap_innetgr.c:
+ sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. We
+ already check for a NULL value above so "str == NULL" is always
+ false. Found by PVS-Studio.
+ [c9cfdd013e92]
+
+2023-03-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/Makefile.in:
+ Fix static compilation.
+ [5a18337c03d3]
+
+ * MANIFEST:
+ Replace eventlog_json.h with parse_json.h.
+ [cc68fe24ee0d]
+
+ * lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c:
+ Add support for parsing all fields of struct eventlog.
+ [3828e55bdaff]
+
+2023-03-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, lib/eventlog/Makefile.in,
+ lib/eventlog/regress/eventlog_store/store_json_test.c,
+ lib/eventlog/regress/eventlog_store/store_sudo_test.c,
+ lib/eventlog/regress/eventlog_store/test1.json.in,
+ lib/eventlog/regress/eventlog_store/test1.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test1.sudo.out.ok,
+ lib/eventlog/regress/eventlog_store/test2.json.in,
+ lib/eventlog/regress/eventlog_store/test2.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test2.sudo.out.ok,
+ lib/eventlog/regress/eventlog_store/test3.json.in,
+ lib/eventlog/regress/eventlog_store/test3.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test3.sudo.out.ok,
+ lib/eventlog/regress/eventlog_store/test4.json.in,
+ lib/eventlog/regress/eventlog_store/test4.json.out.ok,
+ lib/eventlog/regress/eventlog_store/test4.sudo.out.ok,
+ lib/eventlog/regress/parse_json/check_parse_json.c:
+ Add tests for JSON and sudo-style log output.
+ [3a923f86fff2]
+
+ * plugins/sudoers/match.c:
+ Declare domain even if the system lacks innetgr(). Fixes a build
+ error on musl-based systems like Alpine.
+ [34cfa5ad4cdc]
+
+ * lib/eventlog/Makefile.in:
+ Add missing definition of $(SED).
+ [9a614b90c852]
+
+ * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
+ lib/eventlog/parse_json.c, lib/eventlog/parse_json.h,
+ lib/eventlog/regress/parse_json/check_parse_json.c,
+ lib/eventlog/regress/parse_json/test1.in,
+ lib/eventlog/regress/parse_json/test2.in,
+ lib/eventlog/regress/parse_json/test2.out.ok,
+ lib/eventlog/regress/parse_json/test3.in,
+ lib/eventlog/regress/parse_json/test3.out.ok, lib/iolog/Makefile.in,
+ lib/iolog/iolog_json.c, lib/iolog/iolog_json.h,
+ lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_json/test1.in,
+ lib/iolog/regress/iolog_json/test2.in,
+ lib/iolog/regress/iolog_json/test2.out.ok,
+ lib/iolog/regress/iolog_json/test3.in,
+ lib/iolog/regress/iolog_json/test3.out.ok:
+ Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la
+ It will be used in the upcoming log output tests.
+ [1a8dd741b666]
+
+ * lib/eventlog/eventlog.c:
+ Add missing " ; " separator between environment variables and
+ command. This is a regression introduced in sudo 1.9.13. GitHub
+ issue #254.
+ [a3c09b724b7a]
+
+2023-03-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
+ Add example to verify support for searching by nisNetgroupTriple.
+ [090ffa785e56]
+
+2023-03-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gc.c:
+ Remove unused sudoers_gc_init() function.
+ [b2ee61f8f11d]
+
+2023-03-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
+ Sudo now does its own netgroup lookups if NETGROUP_BASE is set.
+ Previously, it only performed netgroup queries to determine the list
+ of netgroups a user was a member of.
+ [932613f6868a]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c:
+ sudoers_cleanup: free cached environment before running g/c. Avoids
+ a double free in fuzz_policy.
+ [e616d4a038b6]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ sudoers_cleanup: run the garbage collector at the end
+ [cbc28a012f8b]
+
+ * plugins/sudoers/sudoers.c:
+ Plugin a memory leak in intercept mode.
+ [f63fb51ff972]
+
+ * src/exec_intercept.c:
+ Sync non-intercept version of intercept_cleanup() declaration.
+ [712ff6c2f6bd]
+
+ * plugins/sudoers/ldap_innetgr.c:
+ Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY.
+ [0be36e3e9473]
+
+ * src/exec.c, src/exec_intercept.c, src/sudo_exec.h:
+ Plug a memory leak with ptrace-based intercept.
+ [3b411be9fe37]
+
+ * src/exec_intercept.c:
+ Plug memory leak when log_subcmds is enabled.
+ [1d5b21665ced]
+
+ * lib/util/suspend_parent.c:
+ Pass closure to callback, not the callback pointer itself.
+ [a4e433840f16]
+
+ * MANIFEST, configure, m4/ldap.m4, plugins/sudoers/Makefile.in,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_innetgr.c,
+ plugins/sudoers/sudo_ldap.h, scripts/mkdep.pl:
+ Add LDAP-specific innetgr() implementation. Wheh netgroup_base is
+ set we now do out own netgroup lookups using LDAP. Previously, LDAP
+ was queried directly to get a list of the netgroups the user belongs
+ to but other netgroups queries went through innetgr(3). This makes
+ it possible to use netgroups in LDAP sudoers on systems that don't
+ have an innetgr() function. GitHub issue #251.
+ [aa7304a533e0]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/sudo_ldap.h:
+ Move some functions from ldap.c to ldap_util.c. These will be used
+ by the LDAP innetgr() implementation.
+ [70fd74041c5d]
+
+2023-03-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/Makefile.in:
+ fix typo in uninstall target
+ [e3c1b8427d01]
+
+ * Merge pull request #252 from bin-ly/main
+
+ fix typo in uninstall target
+ [4a1d3542345c]
+
+2023-03-09 bin-ly <binlingyu@uniontech.com>
+
+ * lib/util/Makefile.in:
+ fix command error for lib/util/Makefile.in
+ [7dd4e9e6d976]
+
+2023-03-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h:
+ Add per-source innetgr function pointer and use it in
+ netgr_matches(). This will be used to implement LDAP-specific
+ netgroup lookups when netgroup_base is set in ldap.conf.
+ [f7c89d6e8d6b]
+
+2023-03-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, lib/util/Makefile.in,
+ lib/util/regress/digest/digest_test.c:
+ Add tests for SHA2 digest support. This uses the NIST byte-oriented
+ short message test vectors.
+ [06e01abf7943]
+
+2023-03-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_13p3 for changeset 0bdd0b8469e3
+ [fc4e872d6d89] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.13p3
+ [0bdd0b8469e3] [SUDO_1_9_13p3] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.13p3
+ [0c4b7112dde9]
+
+2023-03-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h:
+ A user with "list" privs for root may not list all users. A user
+ with "sudo ALL" for root _is_ allowed to list any user.
+ [a3f7301ba4d3] <1.9>
+
+ * plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h:
+ A user with "list" privs for root may not list all users. A user
+ with "sudo ALL" for root _is_ allowed to list any user.
+ [fe758ae9d0bb]
+
+ * plugins/sudoers/policy.c:
+ sudoers_policy_list: do not set runas_pw to list_pw when listing
+ This change introduced in sudo 1.9.13 is not actually needed. The
+ "list" pseudo-command checks are performed via runas_matches_pw()
+ which does not use runas_pw. GitHub issue #248
+ [84effa5ffaa1] <1.9>
+
+ * plugins/sudoers/policy.c:
+ sudoers_policy_list: do not set runas_pw to list_pw when listing
+ This change introduced in sudo 1.9.13 is not actually needed. The
+ "list" pseudo-command checks are performed via runas_matches_pw()
+ which does not use runas_pw. GitHub issue #248
+ [94c1f6d9bc6d]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c:
+ Fix "sudo -l command args", broken in sudo 1.9.13. The value of
+ user_args should not contain the command to be run in "sudo -l
+ command args", only the arguments of the command being checked. This
+ restores the pre-1.9.13 behavior. GitHub issue #249
+ [3e1225e7bf33] <1.9>
+
+ * plugins/sudoers/logging.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c:
+ Fix "sudo -l command args", broken in sudo 1.9.13. The value of
+ user_args should not contain the command to be run in "sudo -l
+ command args", only the arguments of the command being checked. This
+ restores the pre-1.9.13 behavior. GitHub issue #249
+ [2773b6d91cf1]
+
+2023-03-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c,
+ logsrvd/sendlog.c, plugins/sudoers/log_client.c:
+ Check for sudo_pow2_roundup() overflow. Calling
+ sudo_pow2_roundup(INT_MAX+2) will return since there is no power of
+ 2 larger than INT_MAX+1 that fits in an unsigned int. This is not an
+ issue in practice since we restrict messages to 2Mib.
+ [d76de48704d0]
+
+ * src/exec_nopty.c, src/exec_pty.c:
+ write_callback: only enable /dev/tty reader if the command is
+ running This fixes a hang when there is /dev/tty data in a buffer to
+ be flushed by the final call to del_io_events(). We do not want to
+ re-enable the reader when flushing the buffers as part of
+ pty_finish(). See PR #247 for analysis of the problem and how to
+ reproduce it.
+ [b7ea5b5e6a88] <1.9>
+
+ * src/exec_nopty.c, src/exec_pty.c:
+ write_callback: only enable /dev/tty reader if the command is
+ running This fixes a hang when there is /dev/tty data in a buffer to
+ be flushed by the final call to del_io_events(). We do not want to
+ re-enable the reader when flushing the buffers as part of
+ pty_finish(). See PR #247 for analysis of the problem and how to
+ reproduce it.
+ [2cf041ccbd98]
+
+2023-02-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/testsudoers/test12.out.ok,
+ plugins/sudoers/regress/testsudoers/test12.sh:
+ Test non-fully qualified path name.
+ [0a9e6e83fe15] <1.9>
+
+ * plugins/sudoers/regress/testsudoers/test12.out.ok,
+ plugins/sudoers/regress/testsudoers/test12.sh:
+ Test non-fully qualified path name.
+ [b653458b1758]
+
+ * plugins/sudoers/Makefile.in:
+ Fix removal of y.tab.[ch] when generating gram.[ch].
+ [f69c86ecae66] <1.9>
+
+ * plugins/sudoers/Makefile.in:
+ Fix removal of y.tab.[ch] when generating gram.[ch].
+ [9c5f5be26ad0]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test30.in,
+ plugins/sudoers/regress/sudoers/test30.json.ok,
+ plugins/sudoers/regress/sudoers/test30.ldif.ok,
+ plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test30.out.ok,
+ plugins/sudoers/regress/sudoers/test30.sudo.ok,
+ plugins/sudoers/regress/sudoers/test30.toke.ok:
+ Add test for using "list" as user, runas and host.
+ [ae2c84c73371] <1.9>
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test30.in,
+ plugins/sudoers/regress/sudoers/test30.json.ok,
+ plugins/sudoers/regress/sudoers/test30.ldif.ok,
+ plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test30.out.ok,
+ plugins/sudoers/regress/sudoers/test30.sudo.ok,
+ plugins/sudoers/regress/sudoers/test30.toke.ok:
+ Add test for using "list" as user, runas and host.
+ [712c96af942d]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Move handling of the "list" pseudo-command from lexer to parser. The
+ special handling of "list" in the lexer meant it could not be used
+ as a user, group or host, which was unintentional. GitHub issue
+ #246.
+ [efb3a4dea1da] <1.9>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Move handling of the "list" pseudo-command from lexer to parser. The
+ special handling of "list" in the lexer meant it could not be used
+ as a user, group or host, which was unintentional. GitHub issue
+ #246.
+ [d36f1d686343]
+
+2023-02-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_compat.h:
+ Make the check for HAVE_DECL_NSIG consistent with other decl checks.
+ [616c42c4adce] <1.9>
+
+ * include/sudo_compat.h:
+ Make the check for HAVE_DECL_NSIG consistent with other decl checks.
+ [4e6e627062af]
+
+ * plugins/sudoers/match_command.c:
+ Plug memory leak with multiple matching CHROOT= entries. Found by
+ oss-fuzz.
+ [a4982b468985]
+
+2023-02-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_13p2 for changeset 2db7cee1cb77
+ [b0af73801130] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.13p2.
+ [2db7cee1cb77] [SUDO_1_9_13p2] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.13p2.
+ [251788b2308b]
+
+2023-02-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ Include error string when formatting a SLOG_PARSE_ERROR message if
+ present.
+ [b4254bf84300]
+
+ * lib/util/lbuf.c:
+ Add missing include of errno.h.
+ [65ddd70d0c18] <1.9>
+
+ * lib/util/lbuf.c:
+ Add missing include of errno.h.
+ [669e4a4ab3ad]
+
+ * lib/util/lbuf.c:
+ sudo_lbuf_expand: check for overflow when rounding to the nearest
+ power of 2. Problem deteced by oss-fuzz using the fuzz_sudoers
+ fuzzer.
+ [9357396fdaa0] <1.9>
+
+ * lib/util/lbuf.c:
+ sudo_lbuf_expand: check for overflow when rounding to the nearest
+ power of 2. Problem deteced by oss-fuzz using the fuzz_sudoers
+ fuzzer.
+ [7d433e75c858]
+
+ * src/load_plugins.c:
+ Fix --enable-static-sudoers, broken in sudo 1.9.13.
+ sudo_qualify_plugin() should not try to fully-qualify the path to a
+ statically-compiled plugin. GitHub issue #245
+ [eca5f1f6555e] <1.9>
+
+ * src/load_plugins.c:
+ Fix --enable-static-sudoers, broken in sudo 1.9.13.
+ sudo_qualify_plugin() should not try to fully-qualify the path to a
+ statically-compiled plugin. GitHub issue #245
+ [f323e3f0a5c0]
+
+2023-02-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c:
+ Add sudoers open errors to the list of parse errors sent via mail.
+ Previously there would be one email for the open failure and a
+ separate one describing the parse error. Now a single email message
+ contains everything.
+ [b81299ccdad8]
+
+ * plugins/sudoers/visudo.c:
+ visudo: quiet a compiler warning on Solaris 10. Also explicitly
+ close /dev/tty fd instead of relying on closefrom() in case the fd
+ ends up being a value 0-2.
+ [d839cc458245]
+
+ * Merge pull request #244 from ffontaine/main
+
+ configure.ac: fix openssl static build
+ [af40f67e9771]
+
+ * configure, configure.ac, lib/util/Makefile.in:
+ Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary. We
+ can only have one of either -lmd, -lgcrypt or -lcrypto so there is
+ no need to have more than one variable.
+ [da65125af8c6]
+
+2023-02-22 Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+ * m4/openssl.m4:
+ configure.ac: fix openssl static build
+
+ Do not use AX_APPEND_FLAG as it will break static builds by removing
+ duplicates such as -lz or -latomic which are needed by -lssl and
+ -lcrypto. This will fix the following build failure with sparc which
+ needs -latomic:
+
+ Checking for X509_STORE_CTX_get0_cert configure:21215:
+ /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot-
+ linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE
+ -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static
+ -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+ -DZLIB_CONST -static conftest.c
+ -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-
+ buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic
+ -lcrypto >&5
+ /home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc-
+ buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-
+ uclibc/bin/ld:
+ /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-
+ buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in
+ function `X509_CRL_up_ref': x509cset.c:(.text+0x108): undefined
+ reference to `__atomic_fetch_add_4'
+
+ [...]
+
+ In file included from ./hostcheck.c:38:
+ ../../include/sudo_compat.h:342:41: error: conflicting types for
+ 'ASN1_STRING_data' 342 | # define ASN1_STRING_get0_data(x)
+ ASN1_STRING_data(x) | ^~~~~~~~~~~~~~~~
+
+ Fixes:
+ - http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e3
+ 6e62a28373b
+
+ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+ [487cfc17c742]
+
+2023-02-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/match_command.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/testsudoers/test20.out.ok,
+ plugins/sudoers/regress/testsudoers/test20.sh,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Fix potential double free for rules that include a CHROOT= option.
+ If a rule with a CHROOT= option matches the user, host and runas,
+ the user_cmnd variable could be freed twice.
+ [2c1477233f48] <1.9>
+
+ * MANIFEST, plugins/sudoers/match_command.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/testsudoers/test20.out.ok,
+ plugins/sudoers/regress/testsudoers/test20.sh,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Fix potential double free for rules that include a CHROOT= option.
+ If a rule with a CHROOT= option matches the user, host and runas,
+ the user_cmnd variable could be freed twice.
+ [a988ae0045a2]
+
+ * plugins/sudoers/visudo.c:
+ Check tcsetpgrp() return value.
+ [5d9bdb2fea15]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/suspend_parent.c, lib/util/util.exp.in,
+ plugins/sudoers/visudo.c, src/Makefile.in, src/exec_iolog.c,
+ src/exec_nopty.c, src/regress/intercept/test_ptrace.c, src/sudo.h,
+ src/sudo_exec.h, src/suspend_nopty.c, src/tcsetpgrp_nobg.c:
+ Run the editor in its own process group. This fixes suspending the
+ editor on GNU Hurd which doesn't seem to have proper process group
+ signal handling.
+ [210e058101af]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/testsudoers.c:
+ Stub out pivot_root() and unpivot_root() for all but the sudoers
+ module.
+ [967f706e6bff]
+
+ * plugins/sudoers/match_command.c:
+ Fix build when SUDOERS_NAME_MATCH is defined.
+ [79e4613fbd85]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pivot.c,
+ plugins/sudoers/sudoers.h:
+ Add pivot_root() and unpivot_root() to switch the root dir and
+ restore it. This will be used to more accurately handling command
+ resolution and path matching when a new root directory is specified.
+ [77300a0e1537]
+
+ * plugins/sudoers/editor.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/goodpath.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ set_cmnd_path: apply runchroot if set when finding the command path
+ Previously we would prepend runchroot to the path we were checking
+ but that does not properly handle symbolic links.
+ [3fb7ca4631c0]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h:
+ match_command: apply runchroot if set when matching the command
+ Previously we would prepend runchroot to the path we were checking
+ but that does not properly handle symbolic links.
+ [41dc8f445f78]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/canon_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add canon_path(), a realpath() wrapper that performs caching. This
+ also adds a new user_cmnd_dir variable that stores the canonicalized
+ parent directory of the command to be run.
+ [6065f5e76387]
+
+ * plugins/sudoers/match_command.c:
+ Match using canonicalized directories where possible.
+ [020d4ad53d07]
+
+ * src/exec_ptrace.c:
+ ptrace_intercept_execve: preserve old argv[0] after policy check. We
+ have to replace argv[0] with the pathname for the policy check but
+ want to restore it afterwards if the policy has not changed the
+ command's path name to avoid a mismatch later on.
+ [5dcd96a5c369]
+
+ * configure, configure.ac:
+ Move initial values into AC_SUBST() where possible.
+ [3db7feb16577]
+
+ * configure, configure.ac:
+ No need to AC_SUBST() standard autoconf variables.
+ [48ce145c9e40]
+
+2023-02-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md:
+ Document --disable-largefile and --disable-year2038.
+ [424d17d1b83d]
+
+ * configure, configure.ac:
+ Fix indentation of intercept file in summary output.
+ [3cf0104bd2e5]
+
+ * plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/starttime.c:
+ get_starttime: add support for GNU Hurd using the mach task_info
+ call. This is currently Hurd-specific but could be made Mach-generic
+ as long as the equivalent of pid2task() is available.
+ [a81de7fb1f83]
+
+2023-02-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/starttime/check_starttime.c:
+ Only test get_starttime() on platforms where we support it. Fixes a
+ test failure on systems where we have no way to determine a
+ process's start time.
+ [bf8dbe59b2c6]
+
+2023-02-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_13p1 for changeset 49e64402924f
+ [97ae12488007] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Merge sudo 1.9.13p1 from tip.
+ [49e64402924f] [SUDO_1_9_13p1] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.13p1
+ [0a9817096e03]
+
+ * configure.ac:
+ Use m4_bmatch, m4_case does not support shell-style globbing.
+ [b7a743baf22e]
+
+ * configure, configure.ac:
+ Allow configure.ac to be processed by autoconf 2.69. AC_PROG_CC_STDC
+ is deprecated in autoconf 2.70 and above but it is necessary for
+ autoconf 2.69.
+ [324ba83acd63]
+
+ * configure.ac:
+ Only use AC_SYS_YEAR2038 if it is defined. Otherwise, use the method
+ from 1.9.12. GitHub issue #242
+ [16fcec5264cc]
+
+2023-02-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Sudo-specific executables moved to /usr/libexec/sudo starting in
+ Debian 12 (Bookworm) and Ubuntu 22.04 (Jammy Jellyfish). Previously,
+ they were stored in /usr/lib/sudo.
+ [a2aa15b72312]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Handle "locale -a" returning both C.UTF-8 and C.utf8. It is possible
+ to have mutiple matches from the output of "locale
+ -a". Just take the first one. Fixes GitHub issue #241.
+ [aeba71610439]
+
+ * lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Add some missing files to the clean and distclean targets.
+ [5dedbe519db1]
+
+ * Merge pull request #240 from thesamesam/c23
+
+ sudo_fatal: Fix build where compiler recognises [[noreturn]]
+ attribut…
+ [22ae0d4402ac]
+
+2023-02-15 Sam James <sam@gentoo.org>
+
+ * include/sudo_fatal.h:
+ sudo_fatal: Fix build where compiler recognises [[noreturn]]
+ attribute (C23)
+
+ If the compiler supports [[noreturn]] as a attribute as in C23, then
+ we define sudo_noreturn to be it. When that's the case, we must
+ place it at the beginning of the declaration, before any other
+ *extension* attributes (__attribute(...)).
+
+ A bug has been filed with GCC regarding rejecting/accepting mixed
+ attribute styles.
+
+ sudo_dso_public is always an extension attribute, while
+ sudo_noreturn only might be, so put it first.
+
+ This only shows up with GCC 13 so far (see the linked GCC bug for a
+ bit more exploration). Clang 16 does support the attribute but
+ doesn't let you use it for earlier language versions (need to pass
+ explicit -std=c2x, unlike with GCC here).
+
+ This is essentially a followup to
+ e707ffe58b3ccfe5c72f54c38eac1d7069d5021e.
+
+ Tested with GCC 13.0.1 20230212 (unreleased), GCC 12.2.1 20230211,
+ Clang 16.0.0_rc2, and Clang 15.0.7.
+
+ Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796 Closes:
+ https://github.com/sudo-project/sudo/issues/239 Fixes:
+ e707ffe58b3ccfe5c72f54c38eac1d7069d5021e Fixes:
+ 16ae61dcd7d3cd8bf6eb10a22fa742d4505da4e9
+ [806b5f3a6485]
+
+2023-02-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Add missing '[' to AS_IF() call. Fixes GitHub issue #238.
+ [48372d73d4bb]
+
+ * .hgtags:
+ Added tag SUDO_1_9_13 for changeset 813f6addf7cf
+ [8df54fde3b7a] <1.9>
+
+ * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/hexchar.c, lib/util/regress/hexchar/hexchar_test.c,
+ plugins/sudoers/parse.c, plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c:
+ Merge sudo 1.9.13 from tip.
+ [813f6addf7cf] [SUDO_1_9_13] <1.9>
+
+ * MANIFEST, plugins/sudoers/po/ka.mo:
+ Add compiled version of the sudoers Georgian translation.
+ [35007cc1c867]
+
+ * .gitignore, .hgignore:
+ Do not ignore .mo files. Otherwise we are likely to miss uncommitted
+ changes in them.
+ [d76a98baaf15]
+
+ * plugins/sudoers/po/ru.mo, plugins/sudoers/po/zh_CN.mo, po/zh_CN.mo:
+ Regenerate .mo files.
+ [a7a708d8bf34]
+
+2023-02-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/realpath.c,
+ scripts/mkdep.pl:
+ Add checks for realpath(3) and a version from NetBSD for those
+ without it.
+ [121fb2ed88de]
+
+2023-02-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ No longer need to define sudoers_recovery here.
+ [11a365a8a218]
+
+ * NEWS:
+ Mention that a missing include file is no longer fatal.
+ [ba0bd554435e]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/policy.c:
+ Recover from missing include file unless error_recovery is disabled.
+ It is still treated as an error from a logging perspective, and mail
+ is still sent.
+ [e1cac68917cc]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ plugins/sudoers/logging.c:
+ Add eventlog_mail() to send a log message via mail. This is used by
+ mail_parse_errors() to send multi-line messages. Previously, the
+ newlines would be escaped as control characters.
+ [97e516576212]
+
+ * lib/eventlog/eventlog.c:
+ send_mail: pass a single string instead of using varargs These days
+ we only ever pass in a const string.
+ [700e72ca42c0]
+
+2023-02-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, m4/sudo.m4, pathnames.h.in,
+ plugins/sudoers/visudo.c:
+ Substitute for _PATH_SUDO* variables in pathnames.h. Previously
+ these were hard-coded with Makefile overrides.
+ [53c8be4b6af3]
+
+2023-02-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Use AS_IF instead of if; then where possible.
+ [56946f4ac23a]
+
+2023-02-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention the fix for GitHub #237.
+ [70aafdaced09]
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/fur.mo,
+ po/fur.po, po/ja.mo, po/ja.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [c3be19c34043]
+
+ * src/exec_pty.c, src/tgetpass.c:
+ Display error in error message if we can't restore the terminal.
+ [aa2c60802b33]
+
+2023-02-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c, src/tgetpass.c:
+ Display an error message if unable to restore terminal settings.
+ [a1efb1dca169]
+
+ * Makefile.in, etc/sudo.pp, plugins/sudoers/Makefile.in:
+ Get rid of sudoersdir and just use sysconfdir. There is no need for
+ sudoersdir when it is always just set to sysconfdir.
+ [690b44edcec2]
+
+ * src/exec_pty.c:
+ pty_finish: only restore the terminal if sudo is the foreground
+ process
+ [357d90f11750]
+
+ * src/exec_pty.c:
+ Better background job detection when running a command in a pty. If
+ sudo is not the process group leader and stdin is not a tty, we may
+ be running as a background job via a shell script. Start the command
+ in the background to avoid changing the terminal mode from a
+ background process. GitHub issue #237
+ [6c74910ea869]
+
+ * src/exec_pty.c:
+ suspend_sudo_pty: stop the process group even if sudo is not the
+ leader. When sudo is not the process group leader, we still need to
+ stop sudo's process group and not just the sudo process itself. If
+ we only send the signal to sudo itself, the shell will not notice if
+ it is not in monitor mode. This can happen when sudo is run from a
+ shell script, for example. In this case we need to signal the shell
+ itself. If the process group leader is no longer present, we must
+ kill the command since there will be no one to resume us.
+ [44bb3267a55e]
+
+ * lib/util/term.c:
+ Add debug tracing to tcsetattr_nobg().
+ [b7a17174f1cf]
+
+2023-01-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Avoid compilation errors if getaddrinfo() or freeaddrinfo() are
+ macros. If this is the case we probably can't stub out the functions
+ but at least the fuzzer will compile.
+ [2482db79d3b9]
+
+ * src/net_ifs.c:
+ Initialize the integer result parameter passed to SIOCGIFANUM. It
+ appears that passing in a non-zero value causes the ioctl() to fail.
+ From Tim Rice.
+ [071633f9929c]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c,
+ plugins/sudoers/log_client.c:
+ Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. From Tim
+ Rice.
+ [661c26064544]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Add configure test for NSIG, _NSIG or __NSIG. This is better than
+ just defining NSIG in sudo_compat.h if it is not defined since
+ signal.h may not have been included.
+ [f1c94c5f825b]
+
+ * logsrvd/logsrvd_conf.c:
+ Avoid DNS lookups when fuzzing.
+ [384ffdead655]
+
+2023-01-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/mkpkg,
+ scripts/pp:
+ No longer need to treat Rocky or Alma Linux specially. We now treat
+ them the same as RHEL.
+ [190afa102ca6]
+
+2023-01-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #230 from trackers-lover/main
+
+ Return value does not match
+ [1dc4317beaf7]
+
+2023-01-29 bianguangze@uniontech.com <bianguangze@uniontech.com>
+
+ * lib/util/sudo_conf.c:
+ Modify return value parameter
+ [eb1e78bb2f91]
+
+2023-01-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/build_pkgs:
+ Store conf hash in vm_servers instead of vmid. Add a shutdown
+ command fallback to the conf file.
+ [2f7eeb5c3f04]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
+ plugins/sudoers/po/ru.po, plugins/sudoers/po/sv.mo,
+ plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po,
+ po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po,
+ po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo, po/ro.po,
+ po/sv.mo, po/sv.po, po/uk.mo, po/uk.po, po/zh_CN.po, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [fa9569203e16]
+
+ * configure, m4/hardening.m4:
+ Fix a typo.
+ [ebf4c16e0079]
+
+ * config.h.in, configure, scripts/config.guess, scripts/config.sub:
+ Regen with latest autoconf git.
+ [9a0bbbb682fc]
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp, scripts/mkpkg,
+ scripts/pp:
+ Recognize Alma Linux and Rocky Linux (Open Source RHEL clones)
+ [b1dbb7b75824]
+
+ * NEWS:
+ Mention the recent intercept/log_subcmds fix.
+ [cbd60701de52]
+
+ * scripts/mkpkg:
+ Fix determination of the number of CPU cores on Linux.
+ [6ac6a9b074bf]
+
+2023-01-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/po/ka.po:
+ New Georgian translation from translationproject.org
+ [17681b870666]
+
+ * Merge pull request #235 from kernelmethod/apparmor_dependencies
+
+ Replace the Debian libselinux1 dependency with libapparmor1
+ [ca29638c5c34]
+
+2023-01-26 kernelmethod <17100608+kernelmethod@users.noreply.github.com>
+
+ * etc/sudo.pp:
+ Replace the Debian libselinux1 dependency with libapparmor1
+
+ Debian >= 10 uses AppArmor by default instead of SELinux, so
+ SELinux-related sudo features are typically going to be unusable in
+ Debian installs. This changes the dependency on libselinux1 to be a
+ dependency on libapparmor1 for .deb packages built with `make
+ package`.
+ [5779ce23a161]
+
+2023-01-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ get_execve_info: defer setting pathname until argbuf is finalized If
+ we reallocate the buffer (via growbuf()) in ptrace_read_vec(), the
+ address of argbuf may change. If so, the value stored in pathname
+ will no longer be valid. GitHub issue #194.
+ [f75aa1eb5d95]
+
+ * src/exec_intercept.c, src/exec_ptrace.c:
+ Correct error message when command doesn't exist in intercept mode.
+ Previously, we would always use EACCES, even when ENOENT was
+ appropriate. This also affected log_subcmds.
+ [5bc0ecd5d4e6]
+
+2023-01-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.13
+ [c6a247e05a91]
+
+2023-01-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Update for 1.9.13.
+ [c9c5b6af5ea5]
+
+ * src/exec_ptrace.h:
+ Include elf.h, not linux/elf.h but define NT_ARM_SYSTEM_CALL if
+ missing. Older kernel headers are missing the definition of EM_ARM
+ in linux/elf.h. GitHub issue #232
+ [8bed5e7f8857]
+
+ * lib/util/regress/regex/regex_test.c:
+ Add tests for escaped digits.
+ [7e5b7e5e2409]
+
+ * lib/util/regex.c:
+ check_pattern: handle escaped digits since GNU libc accepts them.
+ [a20d5a047963]
+
+2023-01-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ plugins/sudoers/sudoreplay.c:
+ Add eventlog_store_sudo() and use it in sudoreplay. This replaces
+ the custom log formatting used by "sudoreplay -l".
+ [26dd2367fbdd]
+
+2023-01-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/build_pkgs, scripts/mkpkg:
+ Add --build-only flag to skip building packages.
+ [46c0213b2668]
+
+2023-01-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg, scripts/pp:
+ Suport building packages on DragonFly BSD.
+ [65920923add2]
+
+ * configure, configure.ac, m4/visibility.m4:
+ Try to link a simple shared object with -Wl,--no-undefined. This
+ only works for gcc-style compilers, which should not be a problem.
+ The source uses environ (FreeBSD) and errno (OpenBSD).
+ [1c2d9f90bc6d]
+
+ * scripts/build_pkgs:
+ Pass the name to the config.cache file to the build script. If
+ --cache-file is not specified, no config.cache file will be used.
+ Add an "omit_artifacts" setting for platforms where we don't publish
+ artifacts.
+ [c87221f36bf4]
+
+2023-01-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/regex.c:
+ check_pattern: accept a backslash before the numeric bound like
+ glibc. This helps avoid out-of-memory conditions when fuzzing on
+ Linux.
+ [07f14dba22ed]
+
+ * configure, configure.ac:
+ Don't use -Wl,--no-undefined with the sanitizers/fuzzers. It breaks
+ linking when using -fsanitize with clang at least.
+ [a6331135bd73]
+
+ * docs/SECURITY.md:
+ Add a link to the sudo security advisories archive.
+ [7137d1d214e5]
+
+ * config.h.in, configure, configure.ac:
+ Eliminate usage of obsolete 2-argument AC_CHECK_TYPE macro.
+ [96b37c574fc2]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/starttime.c,
+ src/regress/ttyname/check_ttyname.c, src/ttyname.c:
+ Add support for the struct kinfo_proc on Dragonfly BSD.
+ [4c1a7d223d66]
+
+ * configure, configure.ac:
+ Need to link sudo and sudoers with -lutil on Dragonfly BSD. It is
+ safer to just search for setusercontext() in libc and libutil
+ instead of matching on the operating system.
+ [b91a288c9968]
+
+ * configure, configure.ac:
+ Elminate the $OS variable, we can just use $host_os instead.
+ [0293bf9d4dd4]
+
+ * plugins/sudoers/editor.c:
+ Restore the line that set errno to ENOENT when find_path() fails.
+ This was inadvertently removed when the "goto bad" was added.
+ [b957909a1a75]
+
+ * configure, configure.ac, m4/ldap.m4:
+ Add -Wl,--no-undefined to LDFLAGS if it is supported. This will find
+ missing symbols at build-time instead of run-time. Don't use it on
+ FreeBSD where environ is filled in by the dynamic loader. We also
+ need to pull in -llber with -lldap where possible (instead of
+ relying on DT_NEEDED) to avoid undefined symbol errors when building
+ with LDAP support.
+ [c88bd9fd05c9]
+
+ * plugins/sample/README:
+ The sample plugin is now built by default to avoid bit rot. GitHub
+ issue #234.
+ [aac2a29136e1]
+
+ * plugins/sample/sample_plugin.c:
+ The change from sudo_printf -> sudo_plugin_printf was incomplete.
+ Fixes GitHub issue #234.
+ [4f8333e3f7b8]
+
+2023-01-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, m4/pie.m4:
+ Solaris: use lt_prog_compiler_pic instead of assuming -KPIC
+ [36b94699ad63]
+
+ * configure, m4/hardening.m4, m4/pie.m4:
+ Solaris: the aslr, nxheap and nxstack link options are only for
+ executables. Move them back to PIE_LDFLAGS, which is only used when
+ linking a binary.
+ [970d533cd9b2]
+
+ * configure, m4/hardening.m4, m4/pie.m4:
+ Solaris: move aslr linker option to hardening and try to build real
+ PIEs These flags are specific to the Solaris linker.
+ [c5439fec5cb3]
+
+ * configure, m4/hardening.m4, m4/pie.m4:
+ Enable non-executable heap and stack options for Solaris ld.
+ [5be638b9bd79]
+
+ * configure, configure.ac, m4/hardening.m4:
+ Limit some of the hardening tests to compilers that define __GNUC__.
+ This should avoid false positives on other compilers.
+ [1b3b36a2ff2b]
+
+ * plugins/python/regress/testdata/check_multiple_approval_plugin_and_a
+ rguments.stdout:
+ Update expected plugin version.
+ [19b2963008a2]
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Pass back the number of files to edit when using sudoedit. The sudo
+ front-end can use this to determine where the list of files to edit
+ begins.
+ [c9c1e6e81438]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, include/sudo_lbuf.h,
+ lib/eventlog/eventlog.c, lib/iolog/iolog_json.c, lib/util/lbuf.c,
+ lib/util/util.exp.in, plugins/sudoers/sudoreplay.c:
+ Escape control characters in log messages and "sudoreplay -l"
+ output. The log message contains user-controlled strings that could
+ include things like terminal control characters. Space characters in
+ the command path are now also escaped.
+
+ Command line arguments that contain spaces are surrounded with
+ single quotes and any literal single quote or backslash characters
+ are escaped with a backslash. This makes it possible to distinguish
+ multiple command line arguments from a single argument that contains
+ spaces.
+
+ Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
+ (https://synacktiv.com).
+ [1cd37144190c]
+
+ * NEWS:
+ Merge in sudo 1.9.12p2 changes.
+ [d5a2cd780f27]
+
+ * .hgtags:
+ Added tag SUDO_1_9_12p2 for changeset 05149e3ee7db
+ [8763a9e70ddd] <1.9>
+
+2023-01-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Add back the linker check for -fstack-clash-protection. This is
+ expected to fix GitHub issue #231.
+ [40bda374ae08] <1.9>
+
+ * configure, m4/hardening.m4:
+ Add back the linker check for -fstack-clash-protection. This is
+ expected to fix GitHub issue #231.
+ [c08c0a7c8613]
+
+2023-01-17 trackers-love <bianguangze@uniontech.com>
+
+ * lib/util/sudo_conf.c:
+ Return value does not match
+ [2c7c350c3d97]
+
+2023-01-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in,
+ docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
+ docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
+ docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in,
+ docs/visudo.mdoc.in:
+ Stop using 8n width in tagged lists. Use either 4n, when the body is
+ expected to wrap or the width of the longest tag when no wrapping is
+ expected.
+ [2b1bc5d31250]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/sudo.man.in,
+ docs/sudo.mdoc.in, docs/sudo_logsrvd.man.in,
+ docs/sudo_logsrvd.mdoc.in, docs/sudo_sendlog.man.in,
+ docs/sudo_sendlog.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
+ Use -width Ds for the options list, not -width Fl.
+ [598dbf3d2fea]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in:
+ Reduce the offset of bullet lists to 1n.
+ [893b6fd25564]
+
+ * INSTALL.md:
+ Shorten --with-passprompt and --with-mailsubject arguments to a
+ single word. The script that generates the web version of this file
+ doesn't expect options to include whitespace.
+ [063dc2c168aa]
+
+2023-01-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md:
+ Shorten --with-badpass-message argument to a single word. The
+ fix_install script can't deal with whitespace in options.
+ [17761c19a4b8]
+
+ * LICENSE.md:
+ Make numbered lists more markdown-friendly. Also add line breaks
+ when there are multiple authors.
+ [d22146e06e27]
+
+ * INSTALL.md:
+ Make lists of directories more markdown-friendly.
+ [b3295e422b33]
+
+2023-01-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c:
+ Check for errors when removing the temp directory. If we cannot
+ remove the directory tree that may indicate a file or directory mode
+ problem.
+ [4a162644b61f]
+
+ * lib/iolog/iolog_mkdtemp.c:
+ iolog_mkdtemp: fix pasto in last commit Set mode to iolog_dirmode,
+ not iolog_filemode
+ [9926f1c92729] <1.9>
+
+ * lib/iolog/iolog_mkdtemp.c:
+ iolog_mkdtemp: fix pasto in last commit Set mode to iolog_dirmode,
+ not iolog_filemode
+ [713773e23472]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.2p2
+ [05149e3ee7db] [SUDO_1_9_12p2] <1.9>
+
+ * plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/visudo.c:
+ sudoedit: do not permit editor arguments to include "--"
+ (CVE-2023-22809) We use "--" to separate the editor and arguments
+ from the files to edit. If the editor arguments include "--", sudo
+ can be tricked into allowing the user to edit a file not permitted
+ by the security policy. Thanks to Matthieu Barjole and Victor
+ Cutillas of Synacktiv (https://synacktiv.com) for finding this bug.
+ [eb7f573a4a92] <1.9>
+
+ * plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/visudo.c:
+ sudoedit: do not permit editor arguments to include "--"
+ (CVE-2023-22809) We use "--" to separate the editor and arguments
+ from the files to edit. If the editor arguments include "--", sudo
+ can be tricked into allowing the user to edit a file not permitted
+ by the security policy. Thanks to Matthieu Barjole and Victor
+ Cutillas of Synacktiv (https://synacktiv.com) for finding this bug.
+ [2ca90805f471]
+
+2023-01-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sha2.c:
+ In SHA256Pad and SHA512Pad use 511 and 1023 respectively for bitwise
+ AND. Previously we were using 504 and 1016 which still produces the
+ correct result since padding is done in 8-bit bytes. However, using
+ size-1 for the bitwise AND makes the intent clearer and likely would
+ have prevented the previous bug in SHA512Pad. From Matthieu Barjole
+ and Victor Cutillas of Synacktiv (https://synacktiv.com)
+ [4b6a50800ecd]
+
+ * plugins/sudoers/env.c:
+ env_file_next_local: change the order of the val_len check. It makes
+ more sense to verify that val_len > 1 before using it. This is not a
+ problem in practice because val[val_len - 1] is guaranteed not to
+ underflow but it can confuse reviewers and static analyzers.
+ [9d6bed4e3fd0]
+
+ * plugins/sudoers/env.c:
+ Fix typo in check for environment variables that start with '='.
+ [6dc466c8bf82]
+
+ * lib/util/lbuf.c:
+ sudo_lbuf_print: no longer need to check for lbuf->len > 0. Now that
+ lbuf length is unsigned the earlier check for len == 0 is
+ sufficient.
+ [bdfc863f5b5c]
+
+ * lib/util/lbuf.c:
+ Increase minimum allocation size from 256 to 1024 bytes.
+ [0f49c8728151]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix IS_IDLOG macro, it was testing the wrong byte for the NUL. This
+ causes the macro to evaluate to false even for valid TSIDs.
+ [77686e4508d3]
+
+2023-01-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ sudoers_trace_print: this is a no-op if not debugging
+ [df34de2e60f4]
+
+ * lib/util/lbuf.c:
+ sudo_lbuf_expand: don't allocate less than 256 bytes at a time.
+ [a747682156e6]
+
+2023-01-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/lbuf.c:
+ sudo_lbuf_expand: round nearest power of two instead of multiple of
+ 256.
+ [840855b501de]
+
+ * LICENSE.md:
+ Update copyright year.
+ [5ff97b5e6bcd]
+
+ * include/sudo_lbuf.h, lib/util/lbuf.c:
+ sudo_lbuf_expand: check for possible integer overflow The numeric
+ fields in struct sudo_lbuf are now unsigned so that wraparound is
+ defined, this make the overflow checks simpler. Problem deteced by
+ oss-fuzz using the fuzz_sudoers fuzzer.
+ [6dc670d15276]
+
+ * MANIFEST, lib/iolog/iolog_json.c,
+ lib/iolog/regress/iolog_json/test3.in,
+ lib/iolog/regress/iolog_json/test3.out.ok:
+ Decode \u00XX in a JSON string now that we escape control chars. We
+ don't write Unicode to the log.json file, only 8-bit ASCII.
+ [83dcacb35309]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/hexchar.c, lib/util/regress/hexchar/hexchar_test.c,
+ lib/util/util.exp.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/hexchar.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/toke_util.c:
+ Move hexchar() from the sudoers plugin to lib/util.
+ [4a6c57c1b66a]
+
+ * lib/util/mkdir_parents.c:
+ sudo_open_parent_dir: adjust loop terminating condition Checking for
+ ep < pathend should be a bit clearer than ep != '\0' and has the
+ advantage of working when pathend doesn't point to a NUL byte. No
+ intended change in behavior.
+ [cee4e0c71070]
+
+ * lib/iolog/iolog_mkdtemp.c:
+ iolog_mkdtemp: fix failure when the specified path contains
+ subdirectories. This fixes a bug introduced in sudo 1.9.12.
+ [ac86f3b0d94b] <1.9>
+
+ * lib/iolog/iolog_mkdtemp.c:
+ iolog_mkdtemp: fix failure when the specified path contains
+ subdirectories. This fixes a bug introduced in sudo 1.9.12.
+ [3a1d5b01b446]
+
+ * lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c:
+ check_iolog_mkpath: fix exit value
+ [9ac13d6657f6]
+
+2023-01-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #227 from sohomdatta1/integer_underflow
+
+ Prevent integer underflow due to environment variable
+ [c6c716352077]
+
+2023-01-02 Sohom <sohomdatta1+git@gmail.com>
+
+ * plugins/sudoers/env.c:
+ Prevent integer underflow due to environment variable
+
+ Gaurd against replacing quotes when the environment variable val_len
+ is 1.
+ [1b926824dcf8]
+
+2023-01-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/regex.c:
+ glibc allows the ',' in {low,high} to be escaped with a backslash.
+ Adjust bound parsing to match this.
+ [b2bbac2bab6a]
+
+2022-12-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Fix logic goof in 05781ba6f1f3, disable replacements when fuzzing.
+ Not the other way around.
+ [abcf2deb9d0e]
+
+2022-12-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in:
+ Substitute python plugin file name in sudo_plugin_python
+ documentation. Also use prefix for group plugin fallback path
+ section in sudoers manual.
+ [e245808fbe74]
+
+ * lib/iolog/Makefile.in,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.dict,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.dict:
+ Use correct dictionary file format. Also use the new dictionaries in
+ the Makefile fuzz target.
+ [c39e699cb9b6]
+
+ * MANIFEST, lib/iolog/regress/corpus/seed/log_legacy/less.log,
+ lib/iolog/regress/corpus/seed/log_legacy/smtpctl.log,
+ lib/iolog/regress/corpus/seed/log_legacy/vi.log,
+ lib/iolog/regress/corpus/seed/timing/timing.5,
+ lib/iolog/regress/corpus/seed/timing/timing.6,
+ lib/iolog/regress/corpus/seed/timing/timing.7,
+ lib/iolog/regress/corpus/seed/timing/timing.8,
+ lib/iolog/regress/corpus/seed/timing/timing.9:
+ Add some addition entries for the I/O log fuzzer seed corpus.
+ [51d4bf5f014c]
+
+ * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_legacy.dict,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.dict:
+ Add dictionaries for fuzz_iolog_legacy and fuzz_iolog_timing.
+ [84d1e53ea8eb]
+
+ * include/sudo_fatal.h:
+ Don't send warn/fatal output to the debug file when fuzzing.
+ [968fedf79f23]
+
+ * lib/util/getentropy.c:
+ Back out the genentropy.c portion of c648cfe9ff0f We don't need to
+ special-case FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION now that we
+ use the glibc arc4random() where available.
+ [7d69e44e3e9b]
+
+2022-12-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Use initprogname(), not setprogname() in the fuzzers. This results
+ in better coverage for progname.c.
+ [dede53f4b0db]
+
+ * lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_conf/test1.out.ok,
+ lib/util/regress/sudo_conf/test2.out.ok,
+ lib/util/regress/sudo_conf/test3.out.ok,
+ lib/util/regress/sudo_conf/test4.out.ok,
+ lib/util/regress/sudo_conf/test5.out.ok,
+ lib/util/regress/sudo_conf/test6.out.ok,
+ lib/util/regress/sudo_conf/test7.out.ok:
+ Add probe_interfaces and intercept_path.
+ [f00ecf67a5e1]
+
+ * lib/util/regress/fuzz/fuzz_sudo_conf.c:
+ Exercise getter functions.
+ [3208a9508724]
+
+ * configure, configure.ac:
+ Avoid using our function replacements when fuzzing (where possible).
+ We don't want to fuzz the function replacements themselves as this
+ can skew the coverage reports.
+ [05781ba6f1f3]
+
+ * plugins/python/regress/check_python_examples.c:
+ Disable sudo_debug tests when fuzzing. The debug code is disable
+ when fuzzing is enabled to avoid coverage issues.
+ [2c90549a0918]
+
+ * lib/util/fatal.c, lib/util/getentropy.c, lib/util/sudo_conf.c:
+ Avoid compiling some code paths that are unreachable when fuzzing.
+ [c648cfe9ff0f]
+
+ * plugins/sudoers/regress/serialize_list/check_serialize_list.c:
+ Plug memory leak.
+ [6189ff1db193]
+
+2022-12-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.dict:
+ Update fuzz_policy keywords to match current policy settings.
+ [0db960f83cf1]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.dict:
+ Add example users and groups to the dictionary.
+ [6fd8ad758aed]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, src/parse_args.c:
+ parse_args: an environment variable may not start with '='. Also
+ check VAR=val format in validate_env_vars() and add an error message
+ if insert_env_vars() fails.
+ [b9b9acae1671]
+
+ * plugins/sudoers/env.c:
+ rebuild_env: avoid a potential NULL dereference in fuzz_policy
+ [90f5d579dd69]
+
+ * plugins/sudoers/sudoers.c:
+ sudoers_policy_main: plug memory leak of iolog_path on error.
+ [99cbe3d513e6]
+
+ * plugins/sudoers/env.c:
+ rebuild_env: avoid a potential NULL dereference in fuzz_policy
+ [de05b4f00f35]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ The contents of the env_add array should not include the leading
+ "env=" prefix. The previous fix for this was incomplete.
+ [849fee26133a]
+
+ * plugins/sudoers/env.c:
+ validate_env_vars: more efficient errbuf handling Also avoid
+ appending to errbuf if it is already full.
+ [1ffd174fa0ea]
+
+2022-12-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Document that -k does not interfere with sudo on other terminals.
+ This should help clarify the difference between "sudo -k" and "sudo
+ -K".
+ [589d750faf30]
+
+ * lib/util/regex.c, lib/util/regress/regex/regex_test.c:
+ Check for bound values larger than 255 and reject them. This is to
+ prevent the fuzzers from running out of memory.
+ [f172a6d64a34]
+
+ * scripts/pp:
+ Use the POSIX shell "command -v" instead of "which" to find
+ programs. Fix false detection of init.d/service status.
+ [aee53eddfc18]
+
+ * etc/sudo.pp:
+ Fix example dir mode on RedHat/Fedora.
+ [f5fd86f35bc5]
+
+ * etc/sudo.pp:
+ Use sed instead of ed to modify the packaged sudoers file. Some
+ Linux distros do not include /bin/ed by default.
+ [217ef1afaacb]
+
+2022-12-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in:
+ Use @intercept_file@ and @noexec_file@ like the example file.
+ [726e060da20e]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ There is a @pam_login_service@ substitution but no @pam_service@.
+ Just use sudo instead of @pam_service@.
+ [b16f28ccc847]
+
+ * examples/sudo.conf.in:
+ Use @sudoers_plugin@ instead of @sudoers_module@.
+ [4c92b9ef93b5]
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
+ Use @sudoers_plugin@ instead of @sudoers_module@.
+ [3c50a97c1bbd]
+
+ * INSTALL.md, NEWS, config.h.in, configure, configure.ac,
+ docs/UPGRADE.md, scripts/config.guess, scripts/config.sub:
+ sudo 1.9.13 Document the changes to AIX plugins in docs/UPGRADE.md
+ and regenerate configure using the latest autoconf from git.
+ [b897ca965a0f]
+
+ * scripts/build_pkgs:
+ Remove anything after whitespace in MANIFEST when building tarball.
+ This is consistent with how sudo's Makefile builds the tarball.
+ [db48ecf91964]
+
+ * MANIFEST:
+ Zap trailing whitespace.
+ [7be2d953e0ca]
+
+ * configure, configure.ac, docs/sudo.conf.man.in,
+ docs/sudo.conf.mdoc.in, docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ docs/visudo.man.in, docs/visudo.mdoc.in, examples/sudo.conf.in,
+ pathnames.h.in, src/load_plugins.c, src/preload.c:
+ Use AIX-style shared libraries on AIX by default instead of
+ SVR4-style. This removes the need to use the -brtl linker flag which
+ can cause problems when there are both a .so and .a version of the
+ same library but with different versions. This was particularly
+ problematic when using the AIX freeware version of OpenSSL. The
+ --with-aix-soname=svr4 option can be used to build SVR4-style shared
+ libs instead.
+ [268bd3bc7717]
+
+ * lib/util/sudo_dso.c, src/load_plugins.c:
+ sudo_dso_load: add AIX fallback path from shlib.so to
+ shlib.a(shlib.so). If the .so file is missing but the .a file
+ exists, try to dlopen() the AIX .a file using the .so name as the
+ member. We need to avoid breaking existing configurations if the
+ type of AIX shared library changes when sudo is upgraded.
+ [f64cf05bb2c2]
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Remove the owner and mode checks when loading a sudo plugin. The
+ sudo.conf file is considered a trusted source of information and
+ these checks suffer from TOCTOU issues anyway. The checks complicate
+ loading of shared objects since we need to perform fallback
+ processing twice.
+ [60a811d58138]
+
+ * MANIFEST, plugins/python/Makefile.in,
+ plugins/python/python_importblocker.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/testdata/sudo.conf.developer_mode,
+ plugins/python/regress/testdata/sudo.conf.normal_mode,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h,
+ plugins/python/sudo_python_module.h:
+ Remove the Python plugin import blocker code. The sudo.conf file is
+ considered a trusted source of information and these checks suffer
+ from TOCTOU issues anyway.
+ [1d261d802b82]
+
+ * MANIFEST, docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in,
+ docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
+ examples/sudo.conf.in,
+ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1,
+ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2,
+ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3,
+ lib/util/regress/fuzz/fuzz_sudo_conf.dict,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_conf/test1.in,
+ lib/util/regress/sudo_conf/test1.out.ok,
+ lib/util/regress/sudo_conf/test2.out.ok,
+ lib/util/regress/sudo_conf/test3.out.ok,
+ lib/util/regress/sudo_conf/test4.out.ok,
+ lib/util/regress/sudo_conf/test5.out.ok,
+ lib/util/regress/sudo_conf/test6.out.ok,
+ lib/util/regress/sudo_conf/test7.out.ok,
+ lib/util/regress/sudo_conf/test8.err.ok,
+ lib/util/regress/sudo_conf/test8.in,
+ lib/util/regress/sudo_conf/test8.out.ok, lib/util/sudo_conf.c:
+ Remove developer mode from sudo.conf, it is no longer used.
+ [2b350bfe4d7c]
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump SUDOERS_GRAMMAR_VERSION to 50 for the new list pseudo-command.
+ [60e6e3b59b1e]
+
+2022-12-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/Makefile.in, docs/sudo.man.in, docs/sudo.mdoc.in,
+ docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
+ docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in:
+ Use ".Sy root" instead of ".Em root" when talking about the root
+ user. Replace MANDOCPROG with "mandoc" now that MANDOCPROG has been
+ removed.
+ [a0b80a88eb7c]
+
+2022-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #226 from rtczza/main
+
+ debug_return_int use error
+ [7743f67838ae]
+
+2022-12-23 wanglujun <wanglujun@uniontech.com>
+
+ * src/exec_pty.c:
+ debug_return_int use error
+ [b69796b9b10b]
+
+2022-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_dso.c, src/load_plugins.c:
+ Fix support for AIX-style path(module) syntax in sudo.conf Plugin
+ lines.
+ [b8666283d2f2]
+
+2022-12-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Mention the "list" privilege in the description of the -U option.
+ [f5416004ef2e]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Add [arg ...] after command in SYNOPSIS and usage output. Use Ar
+ markup when referring to the command and args.
+ [40fca0824680]
+
+2022-12-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_preload.c:
+ fmtstr: call va_arg() for %c when computing length. Even though we
+ don't need to read the actual char to know its length, we do need to
+ consume it to get the correct value for the next format.
+ [fadd0047868b]
+
+ * configure, m4/sanitizer.m4:
+ SUDO_CHECK_SANITIZER: quote "$3" in awk script so m4 doesn't eat it.
+ [fcf1661bfebd]
+
+ * lib/util/regress/json/json_test.c:
+ Add missing sudo_json_free().
+ [fa5e5af55927]
+
+ * MANIFEST, lib/util/Makefile.in, lib/util/regex.c,
+ lib/util/regress/regex/regex_test.c:
+ check_pattern: check bounds as a repetition operator too. Add regess
+ to verify check_pattern() via sudo_regex_compile().
+ [48cbddf476a5]
+
+ * lib/util/regex.c:
+ Instead of collapsing duplicate repetition characters, reject them.
+ This is implementation-specific behavior--some regcomp(3) will
+ reject duplicate repetition characters (BSD), others will try to
+ support them (Glibc) but may allocate excessive amounts of memory.
+ [a0cb75d9b5e5]
+
+ * MANIFEST, docs/CONTRIBUTORS.md, po/sq.mo, po/sq.po:
+ New Albanian translation from translationproject.org
+ [4a8dedc6500d]
+
+2022-12-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, include/sudo_json.h, lib/eventlog/eventlog.c,
+ lib/iolog/iolog_loginfo.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/util/Makefile.in, lib/util/json.c,
+ lib/util/regress/json/json_test.c, lib/util/util.exp.in,
+ logsrvd/logsrvd_local.c, plugins/audit_json/audit_json.c,
+ plugins/sudoers/cvtsudoers_json.c:
+ Add basic regress for JSON functions. Fix a bug in escaped control
+ character handling. Roll back changes to buffer if
+ sudo_json_add_value() fails.
+ [8b61266511fe]
+
+ * plugins/python/regress/iohelpers.c,
+ plugins/python/regress/testhelpers.c:
+ Add missing memory allocation failure checks. Inspired by GitHub PR
+ #221
+ [9f09479191e9]
+
+2022-12-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/json.c:
+ Escape control characters in strings.
+ [9668cd68daee]
+
+2022-12-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Mention the audit plugin in the "Process model" section. Remove
+ extraneous information describing how sudo may exec the command
+ directly, this is already included in the non-pty section.
+ [9d01a9682ed2]
+
+2022-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c:
+ Plug a memory leak of list_cmnd in the fuzzers.
+ [b413becfb8db]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Suppress PVS Studio watning about reassigning a variable the same
+ value. Working around the warning would result in more fragile code.
+ [b4227e531fb7]
+
+ * lib/util/regress/multiarch/multiarch_test.c:
+ Fix memory leak in multiarch_test to quiet leak sanitizer.
+ [1491ce67725c]
+
+ * plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ Fix some dead stores noted by PVS Studio. Since rc is initialized to
+ SUDO_RC_ERROR there is no need to set it to SUDO_RC_ERROR again on
+ failure if rc has not been changed since initialization.
+ [f6c075dedfe3]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/logging.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Add "list" pseudo-command to allow a user to list another user's
+ privs. Previously, only root or a user with the ability to run any
+ command as either root or the target user on the current host could
+ use the -U option. For "sudo -l [-U otheruser] command", NewArgv[0]
+ is now set to "list" (just like "sudo -l") and the actual command to
+ be checked starts with NewArgv[1].
+ [225eac96d11f]
+
+2022-12-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/codespell.exclude:
+ Adjust a line to quiet codespell warning.
+ [f920076a902d]
+
+2022-12-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in:
+ Only build ChangeLog from a repo checkout, not a release tarball.
+ The CODEOWNERS file is not present in the release tarball so we can
+ use that when determining what is (or is not) a repo checkout.
+ [290ce43f0f66]
+
+ * docs/CODEOWNERS:
+ Add CODEOWNERS file, currently all owned by @millert.
+ [3becb02b5cd6]
+
+ * .gitignore, .hgignore, Makefile.in:
+ Only regenerate ChangeLog if there have been changes. Also check
+ that "hg --version" or "git --version" works before using hg or git.
+ Bug #1043.
+ [d9a28bb02621]
+
+2022-12-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c:
+ Fix potential crash introduced in the fix for GitHub issue #134. If
+ a user's sudoers entry did not have any RunAs user's set, running
+ "sudo -U otheruser -l" would dereference a NULL pointer. We need to
+ compare the default RunAs user if the sudoers entry does not specify
+ one explicitly. Problem reported by Andreas Mueller who also
+ suggested a different solution in PR #219.
+ [360e04f13024] <1.9>
+
+ * plugins/sudoers/parse.c:
+ Fix potential crash introduced in the fix for GitHub issue #134. If
+ a user's sudoers entry did not have any RunAs user's set, running
+ "sudo -U otheruser -l" would dereference a NULL pointer. We need to
+ compare the default RunAs user if the sudoers entry does not specify
+ one explicitly. Problem reported by Andreas Mueller who also
+ suggested a different solution in PR #219.
+ [3d12dfeef26b]
+
+ * scripts/build_pkgs:
+ Defer installing the SIGCHLD handler until after non-job commands
+ run. Lock the socket dir to avoid races in
+ open_persistent_connection(). Also avoid using "ssh -f" since that
+ may return before the socket is created. Strip carriage returns from
+ log when running in a pty.
+ [d0da1a261fbc]
+
+2022-12-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, m4/sudo.m4:
+ Fix a typo in SUDO_CHECK_NET_FUNC.
+ [08cb2ba84897]
+
+ * lib/util/inet_ntop.c:
+ Fix -Wsign-compare warning.
+ [45e2716ece56]
+
+ * configure, m4/sudo.m4:
+ Initialize "found" in SUDO_CHECK_NET_FUNC.
+ [a5daeb77e6bb]
+
+ * configure, m4/sudo.m4:
+ Fix pasto introduced in last commit.
+ [7e1b09977be3]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Fix failure in check targets when there is no UTF-8 C locale.
+ [721c8bdff28f]
+
+ * configure, configure.ac, m4/sudo.m4:
+ Add SUDO_CHECK_NET_FUNC to check functions in the network libraries.
+ If a function is not found, check again with "-lsocket", "-linet",
+ "-lsocket -lnsl", or "-lresolv". Also display network libs in final
+ summary as well as the different linker flags.
+ [a0ce3347cd8d]
+
+ * configure, m4/sudo.m4:
+ Make sure HAVE_MAILLOCK_H is defined on Solaris 10.
+ [bb9f3a1beff5]
+
+ * configure, configure.ac:
+ Remove extraneous "(cached)" line when the -C option is used. We do
+ not need to call AC_CACHE_VAL() to ensure that a variable is cached,
+ its name just needs to match the pattern *_cv_*.
+ [b8ffa09d0cd7]
+
+ * configure, m4/sudo.m4:
+ Make path checks in sudo.m4 cachable.
+ [0bcfa73702d3]
+
+ * configure, configure.ac:
+ Use AC_PATH_PROGS_FEATURE_CHECK to find mandoc/nroff. We don't use
+ the NROFFPROG or MANDOCPROG any longer so no need to set those.
+ [7d96680046a6]
+
+ * configure, configure.ac:
+ Don't check for _sys_siglist if sys_siglist is found.
+ [2c70aba3935c]
+
+ * configure, configure.ac:
+ Fix check for sys_sigabbrev.
+ [b8537a76815f]
+
+2022-12-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Skip test for __func__ on C99 and above, avoid extra _sys_signame
+ test.
+ [71f3497a6a3a]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/gettext.m4:
+ Move gettext checks to m4/gettext.m4
+ [693029542e06]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/ldap.m4:
+ Move LDAP library checks to m4/ldap.m4 and make more tests
+ cacheable.
+ [85fa1f49298a]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/openssl.m4:
+ Move OpenSSL/wolfSSL checks to m4/openssl.m4
+ [08b90f3cef52]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/pie.m4:
+ Move PIE executable checks to m4/pie.m4
+ [6b5cac6cecd5]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/sanitizer.m4:
+ Move address sanitizer and fuzzer checks to m4/sanitizer.m4
+ [a6372917d53b]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/visibility.m4:
+ Move symbol visibility checks to m4/visibility.m4
+ [4684049c2d2c]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/hardening.m4:
+ Move hardening checks to m4/hardening.m4
+ [c03abb3c9f55]
+
+ * configure, configure.ac, m4/sudo.m4:
+ Make cpp variadic arguments check into a macro and move to sudo.m4.
+ Also move the PVS-Studio.cfg generation to sudo.m4.
+ [c1a8d3b46be1]
+
+2022-12-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/snprintf.c:
+ Sync with OpenBSD.
+ [157439118867]
+
+ * Merge pull request #218 from sohomdatta1/snprintf
+
+ [snprintf] Check for '\0' to prevent undef memory read
+ [050882923c98]
+
+2022-12-03 Sohom <sohomdatta1+git@gmail.com>
+
+ * lib/util/snprintf.c:
+ [snprintf] Check for '\0' to prevent undef memory read
+ [aff60c479c10]
+
+2022-12-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c,
+ src/parse_args.c, src/regress/noexec/check_noexec.c:
+ Place C23 attributes before keywords in function declarations. In
+ practice this means we must use "sudo_noreturn static foo(void)"
+ instead of "static sudo_noreturn foo(void)".
+ [6c1836dcb2d6]
+
+2022-11-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/build_pkgs:
+ Convert from using IPC::Open3 to IPC::Run. Run tests in a pty so
+ check_ttyname works as expected. Explicitly set short command line
+ options letters in GetOptions(). Add a debug flag to help see what
+ is going on internally. Add hook for die() to kill running jobs when
+ we are dying. SSH_AGENT_PID will not be present if the agent is
+ forwarded. In close_persistent_connections() only close active
+ connections.
+ [d49e1ac7e2f2]
+
+2022-11-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure.ac, include/sudo_compat.h:
+ Use C23 [[__fallthrough__]] and [[__noreturn__]] attributes if
+ supported. If the C23 attributes are not supported, use gcc-style
+ attributes where possible.
+ [57676068e9a9]
+
+ * configure, configure.ac:
+ Move the check for the fallthrough attribute outside the warnings
+ block. Use AX_APPEND_FLAG instead of addind to CFLAGS directly.
+ [dc22d8238827]
+
+2022-11-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/build_pkgs:
+ The distributed package build script I use to build all sudo
+ packages. This is not included in the release tarball because it is
+ of limited use to other people.
+ [94c58cc272c8]
+
+2022-11-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in:
+ Pass the list of files to include in the tarball on stdin. This
+ avoids any limit on the size of argv.
+ [0af8578c89fe]
+
+2022-11-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #214 from BornThisWay/1124_repeated_invocation
+
+ check_syntax(): Remove duplicate calls to init_defaults()
+ [3383fb0a6f5f]
+
+2022-11-24 modric <pioneerbtw7@163.com>
+
+ * plugins/sudoers/visudo.c:
+ check_syntax(): Remove duplicate calls to init_defaults()
+ [048ccd968df9]
+
+2022-11-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sample/sample_plugin.c:
+ build_command_info: free command_info on failure. Once upon a time,
+ command_info was a stack variable, now it is dynamically allocated.
+ Coverity CID 299987.
+ [a80110e49952]
+
+ * plugins/sample/sample_plugin.c:
+ Better handling of out-of-memory conditions.
+ [ee3e47c4d272]
+
+ * plugins/group_file/group_file.c:
+ Keep group file open until the call to myendgrent(). This restores
+ the previous behavior.
+ [79751f7308d7]
+
+ * lib/util/json.c, plugins/group_file/getgrent.c,
+ plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/strvec_join.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Eliminate a few harmless dead stores. Quiets warnings from Infer.
+ [8bed7579b75d]
+
+ * plugins/sudoers/ldap_util.c:
+ sudo_ldap_parse_option: add explicit NULL check for strchr(). This
+ should not be needed since we only use the returned pointer if it is
+ larger than the string passed to strchr(). Quiets a warning from
+ Infer.
+ [852aec3e0450]
+
+ * logsrvd/logsrvd_journal.c:
+ journal_fdopen: free journal_path and close journal before setting
+ Fixes a potential resource leak that currently cannot happen. Quiets
+ a warning from Infer.
+ [bfe41e247c35]
+
+ * plugins/sudoers/ldap.c:
+ sudo_ldap_result_add_entry: check sudo_ldap_get_values_len() return
+ value. Previously, we just compared the error code with
+ LDAP_NO_MEMORY when checking for sudoOrder since this is the only
+ error we care about. We now return NULL for LDAP_NO_MEMORY and
+ ignore other errors. Quiets a warning from Infer.
+ [6e5a490b735c]
+
+ * plugins/group_file/getgrent.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/tsgetgrpw.h:
+ Refactor code to open passwd/group file and add
+ setpassent/setgroupent. This makes the "stayopen" semantics match
+ the system passwd/group functions. The getpwent/getgrent functions
+ now open the database if it is not already open.
+ [27bfa97ad47c]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/gram.h:
+ gram.h: #line directives should reference gram.h not y.tab.h.
+ [7a2d4a24d839]
+
+ * scripts/mkpkg:
+ Use clang, not /usr/bin/cc on FreeBSD and macOS. While /usr/bin/cc
+ _is_ clang on those platforms, some static analyzers get confused if
+ we don't run it as clang.
+ [d0c1f5940789]
+
+2022-11-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #212 from BornThisWay/1122_null_deref
+
+ sudo_rcstr_dup: Fix potential NULL pointer deref
+ [58fcefa888fa]
+
+2022-11-22 modric <pioneerbtw7@163.com>
+
+ * lib/util/rcstr.c:
+ sudo_rcstr_dup: Fix potential NULL pointer deref
+ [f45acaded1e5]
+
+2022-11-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check.c:
+ Add a reminder to the default lecture that the password will not
+ echo. This line is only displayed when the pwfeedback option is
+ disabled. GitHub issue #195.
+ [7bc25043c760]
+
+ * Merge pull request #210 from BornThisWay/1121_typo
+
+ Fix some typos
+ [9d1e9278effb]
+
+2022-11-21 modric <pioneerbtw7@163.com>
+
+ * plugins/python/regress/testhelpers.h, plugins/sudoers/parse.c:
+ Fix some typos
+ [d7d1c3ade748]
+
+2022-11-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #208 from BornThisWay/1121_return
+
+ intercept_read: Print and then return.
+ [615c2d5fca36]
+
+2022-11-21 modric <pioneerbtw7@163.com>
+
+ * src/exec_intercept.c:
+ intercept_read: Print and then return.
+ [049547eb7ac0]
+
+2022-11-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #205 from BornThisWay/1119_access_null_pointer
+
+ sudo_mmap_strdup_v1: Fix potential NULL pointer deref
+ [bad55afc72bb]
+
+2022-11-19 modric <pioneerbtw7@163.com>
+
+ * lib/util/mmap_alloc.c:
+ sudo_mmap_strdup_v1: Fix potential NULL pointer deref
+ [f8da23aff2ec]
+
+2022-11-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_intercept.c:
+ copy_vector: plug memory leak in error path Only the array was being
+ freed, not the contents. GitHub issue #202.
+ [cd1407dbe65f]
+
+2022-11-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Better matching of macOS version to SDK path.
+ [db7f2cbdb023]
+
+ * Merge pull request #200 from BornThisWay/fix_mem_leak_converse
+
+ Fix memory leak of pass in converse().
+ [b411801abdf7]
+
+ * plugins/sudoers/auth/passwd.c:
+ sudo_passwd_cleanup: Set auth->data to NULL after freeing. GitHub
+ issue #201
+ [e558188bd99d]
+
+2022-11-17 modric <pioneerbtw7@163.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Fix memory leak of pass in converse().
+ [052c99eaad8f]
+
+2022-11-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac:
+ Use AC_SYS_YEAR2038 instead of setting _TIME_BITS by hand.
+ [049113d798e9]
+
+ * configure, m4/ax_append_flag.m4, m4/ax_check_compile_flag.m4,
+ m4/ax_func_snprintf.m4, m4/ax_prog_cc_for_build.m4:
+ Update macros from autoconf-archive.
+ [48b960c883df]
+
+ * plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Fix typo; excerise -> exercise
+ [42cdb396b72b]
+
+ * config.h.in, configure, scripts/config.guess, scripts/config.sub:
+ Regenerate with the autoconf 2.72a pre-release.
+ [51d043878181]
+
+ * configure.ac:
+ Fix insufficient quoting in AC_CHECK_LIB() calls.
+ [78d37b60a912]
+
+ * autogen.sh:
+ If AUTOCONF_VERSION is unset, use version 2.71 not 2.69.
+ [108faf700aa7]
+
+ * configure.ac, m4/ax_func_getaddrinfo.m4, m4/sudo.m4:
+ Replace `foo` in descriptions with 'foo'
+ [ba63cef7bbe8]
+
+2022-11-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Add -Wvla and -Walloca to --enable-warnings
+ [7b9b59e35905]
+
+2022-11-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/pwutil.c:
+ sudo_debug_group_list: short-circuit if groups is NULL
+ [0f8f11ef82b6]
+
+ * configure, configure.ac:
+ configure: only check for getauxval() if getentropy() is missing.
+ [c056c2fc3898]
+
+ * config.h.in, configure, configure.ac:
+ Remove checks for random() and lrand48(), they are no longer used.
+ Also remove duplicate checks for arc4random() and getentropy().
+ [e3433874211d]
+
+ * configure, configure.ac:
+ Skip check for cpp variadic macro support if the compiler supports
+ C99.
+ [42efc9934ef5]
+
+ * configure, configure.ac:
+ HI-UX/MPP is based on OSF-1, not HP-UX Completely untested.
+ [c55ba59cd24d]
+
+ * configure, configure.ac:
+ Only check for utmps.h on HP-UX.
+ [682bb16545cf]
+
+ * configure, configure.ac:
+ Only check for sys/syscall.h on Linux. We only use it in the Linux-
+ specific getentropy() emulation code.
+ [eac313bfc142]
+
+ * config.h.in, configure, configure.ac:
+ configure: avoid running unnecessary tests on modern systems. Remove
+ AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T. Add missing
+ checks for int16_t, uint16_t, int32_t, and int64_t. Only check for
+ intmax_t, uintmax_t and bit-width types if missing both inttypes.h
+ and stdint.h. Remove unused clockid_t replacement.
+ [9f1f9d365f60]
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test40.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test40.sh:
+ Add a regress check for the cvtsudoers filter crash. GitHub issue
+ #198.
+ [f0abea1f10d0]
+
+ * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ The name of the C locale w/ UTF-8 support is not always C.UTF-8. Use
+ a pattern to find it (if present) and use that value instead of
+ hard-coding C.UTF-8. This works around a leak sanitizer crash on
+ certain inputs.
+ [99aeb5a875f7]
+
+2022-11-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse_ldif.c:
+ Fix a potential use-after-free bug with cvtsudoers filtering. In
+ role_to_sudoers() when merging a privilege to the previous one where
+ the runas lists are the same we need to re-use the runas lists of
+ the last command in the previous privilege, not the first.
+ Otherwise, the check in free_cmndspec() will not notice the re-used
+ runas lists. Reported/analyzed by Sohom Datta. GitHub issue #198.
+ [29d1380d2fe0]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif,
+ plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif,
+ plugins/sudoers/regress/corpus/seed/ldif/sample.ldif,
+ plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif,
+ plugins/sudoers/regress/cvtsudoers/test39.sh:
+ Copy some LDIF test data from the cvtsudoers tests to the seed
+ corpus. This includes a test to exercise the fix in PR #196.
+ [f74d65cf34d1]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Set LDAP base for sudoers_parse_ldif(). Without this set the fuzzer
+ will not exercise the dn parsing.
+ [c154b1a5d287]
+
+ * src/exec_ptrace.h:
+ Include linux/elf.h, not elf.h to make sure we get
+ NT_ARM_SYSTEM_CALL. The NT_PRSTATUS define is present in both files.
+ [161f41f644ca] <1.9>
+
+ * src/exec_ptrace.h:
+ Include linux/elf.h, not elf.h to make sure we get
+ NT_ARM_SYSTEM_CALL. The NT_PRSTATUS define is present in both files.
+ [4a4e3142381a]
+
+2022-11-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_compat.h:
+ Remove CMSG_* compatibility macros, they are no longer used.
+ [5914434ecb5c]
+
+ * lib/util/multiarch.c, lib/util/sudo_dso.c:
+ Add missing include of sys/stat.h
+ [d3b0f701c75f]
+
+ * include/sudo_util.h:
+ Move forward declaration of struct stat before its first use.
+ [f3cc645d197c]
+
+ * plugins/sudoers/regress/cvtsudoers/test28.sh,
+ plugins/sudoers/regress/cvtsudoers/test29.sh,
+ plugins/sudoers/regress/cvtsudoers/test33.sh,
+ plugins/sudoers/regress/cvtsudoers/test39.sh:
+ Use a consistent base when testing cvtsudoers conversion from ldif.
+ [a22cb486b2a3]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/cvtsudoers/test39.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test39.sh,
+ plugins/sudoers/regress/harness.in:
+ Test parsing LDIF when a backslash is the last char of the file. If
+ run with address sanitizer, this test will crash when the fix in
+ ceaf706ab74b is reverted.
+ [f50c78b7ed32]
+
+ * Merge pull request #196 from sohomdatta1/main
+
+ Prevent cvtsudoers from reading into undefined memory
+ [f21c417bbbb3]
+
+2022-11-09 Sohom <sohom.datta@learner.manipal.edu>
+
+ * plugins/sudoers/parse_ldif.c:
+ [cvtsudoers]: Prevent sudo from reading into undefined memory
+ [ceaf706ab74b]
+
+2022-11-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/passwd.c:
+ sudo_passwd_verify: zero out des_pass before returning.
+ [c809232fdb7d]
+
+2022-11-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Don't kill the parent process group on suspend if it is not sudo's
+ pid. If sudo is not the process group leader we must only send the
+ suspend signal to sudo itself. When sudo is run via a shell script,
+ it usually has the same process group as the shell script
+ interpreter. We do not want to suspend the script itself when the
+ command run by sudo is suspended.
+ [e6715ec62335]
+
+ * src/exec_nopty.c, src/regress/intercept/test_ptrace.c,
+ src/sudo_exec.h, src/suspend_nopty.c:
+ Pass sudo's process ID to suspend_sudo_nopty() since we already know
+ it. Saves an unnecessary getpid(2) call.
+ [1e12d9b0ce53]
+
+ * src/exec_nopty.c:
+ Call terminate_command() with use_pgrp = false when not running in a
+ pty. When sudo runs a command in the user's existing terminal the
+ command is run in the same process group as sudo itself. The proper
+ way to terminate it is to use kill(2), not killpg(3)
+ [3d9862963e92]
+
+ * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
+ src/sudo_exec.h:
+ Fix handling of signal forwarding when running commands in a script.
+ We need to forward signals from a process in the same pgrp if the
+ pgrp leader is not either sudo or the command itself.
+ [d1bf60eac57f]
+
+ * src/regress/intercept/test_ptrace.c:
+ Make test_ptrace compile again after recent changes.
+ [e766db5aa9d4]
+
+ * src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c:
+ Update the cwd for log_subcmds too. Fixes a problem for
+ intercept_method=trace when running a relative command from a
+ different directory than what sudo ws started from. GitHub issue
+ #194
+ [b831f2397d9f]
+
+2022-11-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_12p1 for changeset 39cf4d8052ff
+ [28ed2d994f40] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Merge sudo 1.9.12p1 from tip.
+ [39cf4d8052ff] [SUDO_1_9_12p1] <1.9>
+
+ * NEWS, aclocal.m4, configure, configure.ac:
+ sudo 1.9.12p1
+ [6268fbabdb16]
+
+2022-11-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/host_port.c:
+ Include time.h for struct timespec used by sudo_iolog.h.
+ [369c8e799652]
+
+ * src/sudo.c:
+ Display sudo_mode in hex in debug log. This makes it easier to match
+ against the MODE_ defines.
+ [971e8f88bc12]
+
+2022-11-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/bsdauth.c:
+ bsdauth_verify: do not write to prompt, it is now const
+ [1969a562cf14]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Store raw sudoers lines in the debug log. Also add a "sudoerslex"
+ prefix to the token debug info in sudoers_trace_print().
+ [be03aef496cb]
+
+2022-10-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ The line numbers in sudoers_trace_print() were off by one. The line
+ counter is incremented when a newline is seen so the output actually
+ refers to the previous line.
+ [a97182a63419]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h:
+ Make the second arg to the sudo auth verify function const. This may
+ be either a plaintext password or a password prompt. Either way it
+ should not be modified by the verify function.
+ [11aefc2bc3da]
+
+2022-10-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ Move debugging info from hostname_matches() to host_matches().
+ [2a53d2dcd1f5]
+
+2022-10-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/pwutil.c:
+ Add debugging to sudo_set_grlist() and sudo_set_gidlist().
+ [620d6f7fb4f8]
+
+ * plugins/sudoers/auth/passwd.c:
+ Fix CVE-2022-43995, potential heap overflow for passwords < 8
+ characters. Starting with sudo 1.8.0 the plaintext password buffer
+ is dynamically sized so it is not safe to assume that it is at least
+ 9 bytes in size. Found by Hugo Lefeuvre (University of Manchester)
+ with ConfFuzz.
+ [a6229aa26fbf]
+
+2022-10-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ configure: better test for -fstack-clash-protection The gcc front-
+ end may accept -fstack-clash-protection even if the machine-specific
+ code does not support it. We use a test program with a large stack
+ allocation to try to cause the compiler to insert the stack clash
+ protection code, or fail if not supported. GitHub issue #191
+ [bbfbe758258c]
+
+ * configure, configure.ac:
+ Check that compiler accepts -fstack-clash-protection and -fcf-
+ protection. Previously, we only checked that linker accepted them.
+ GitHub issue #191
+ [7d36b89b6e4d]
+
+2022-10-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ Fix compilation error on Linux/mips.
+ [ae4c28d8a050]
+
+2022-10-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_12 for changeset b53d725f7c88
+ [dd962ed18037] <1.9>
+
+ * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
+ logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Merge sudo 1.9.12 from tip.
+ [b53d725f7c88] [SUDO_1_9_12] <1.9>
+
+ * src/Makefile.in:
+ Regenerate dependencies for src/sesh.c.
+ [ada8f04afc6d]
+
+ * plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in:
+ Sync clean target with other Makefile.in files.
+ [8048628a554e]
+
+ * Makefile.in, plugins/sample/Makefile.in:
+ Build the sample plugin but do not install it by default. We no
+ longer install the sample approval plugin.
+ [a8644924b6a1]
+
+ * plugins/sample/sample_plugin.c:
+ Adapt to current plugin API and fix warnings.
+ [d822f1a10361]
+
+2022-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Disable admin_flag by setting to NULL, not false. Found by cppcheck.
+ [6e32481e0555]
+
+ * NEWS:
+ Bug #1042.
+ [85d508b6d5e5]
+
+ * include/sudo_util.h, lib/util/fatal.c, lib/util/term.c,
+ lib/util/util.exp.in, src/conversation.c:
+ Only add trailing carriage return to messages if output is a raw
+ tty. If output is being written to a terminal in "raw" mode, we need
+ to add a carriage return after the newline to avoid "stair-step"
+ output. However, we should not write the carriage return if the
+ terminal is in "cooked" mode, output to a pipe, or output redirected
+ to a file. Bug #1042.
+ [14f5bf04245f]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Make it clear that runas_default sets the default user for
+ Runas_Spec. Also use mention runas_default in other parts of the
+ manual, use @runas_default@ instead of root and add markup around
+ user names. GitHub issue #186.
+ [73f0b82a2b22]
+
+ * lib/util/multiarch.c, lib/util/sudo_dso.c:
+ Fix a typo, muti-arch -> multi-arch GitHub issue #185
+ [d88270b9e98f]
+
+2022-10-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention log_servers eventlog fix.
+ [484b76589309]
+
+ * plugins/sudoers/policy.c:
+ Don't NULL out the plugin close function when logging to a log
+ server. If sudo calls execve(2) directly the accept info will not be
+ sent. We also need the sudo front-end to wait until the command
+ finishes to send the exit status.
+ [11976aa84040]
+
+2022-10-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md:
+ Fix numbering in "Simple sudo installation"
+ [695bec2a6223]
+
+2022-10-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ zlib 1.2.13 update
+ [2119981787f0]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/ja.mo,
+ po/ja.po, po/ka.mo, po/ka.po, po/ko.mo, po/ko.po, po/pl.mo,
+ po/pl.po, po/ro.mo, po/ro.po, po/sr.mo, po/sr.po, po/sv.mo,
+ po/sv.po, po/uk.mo, po/uk.po:
+ Updated translations from translationproject.org
+ [b1f28405c58d]
+
+ * lib/zlib/zconf.h.in:
+ Don't define _LARGEFILE64_SOURCE or _LFS64_LARGEFILE. We don't need
+ them and the missing prototype for crc32_combine_gen64() issue has
+ been fixed upstream.
+ [39eb41f1dba4]
+
+2022-10-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/deflate.c,
+ lib/zlib/deflate.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
+ lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inflate.c,
+ lib/zlib/inftrees.c, lib/zlib/inftrees.h, lib/zlib/trees.c,
+ lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h,
+ lib/zlib/zutil.c, lib/zlib/zutil.h:
+ Update embedded copy of zlib to version 1.2.13. Fixes
+ CVE-2022-37434.
+ [737d6de5253c]
+
+ * lib/util/fchownat.c:
+ Add fchownat() for systems without it.
+ [7c4aeda51522]
+
+2022-10-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Update NEWS for 1.9.12.
+ [a4b090f3f6c8]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.12
+ [179fba83936d]
+
+ * src/selinux.c, src/sesh.c, src/sudo_edit.c:
+ Use getopt() and getopt_long() for sesh command line options.
+ [fbaa6c75e2ef]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Update the description of intercept_verify
+ [63f80a7cd4a6]
+
+2022-10-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/load_plugins.c:
+ Silence a warning from the Solaris Studio compiler.
+ [49a3c72cb539]
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
+ include/sudo_eventlog.h, include/sudo_json.h, include/sudo_plugin.h,
+ lib/eventlog/eventlog.c, lib/iolog/iolog_loginfo.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c, lib/util/json.c,
+ logsrvd/logsrvd_local.c, plugins/audit_json/audit_json.c,
+ plugins/sudoers/sudoers.h, src/env_hooks.c, src/exec_intercept.c,
+ src/net_ifs.c, src/sudo_intercept_common.c, src/sudo_plugin_int.h:
+ Avoid a -Wshadow warning on Solaris 9.
+ [e6bc419fa976]
+
+ * lib/util/mmap_alloc.c:
+ Fix a build error on Solaris 9.
+ [679b60caf5a3]
+
+2022-10-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c:
+ Fix display of command tags and options in "sudo -l" when RunAs
+ changes. A new line is started when RunAs changes which means we
+ need to display the command tags and options again. GitHub issue
+ #184
+ [3180777986de]
+
+ * plugins/sudoers/fmtsudoers.c:
+ Fix printing of MYSELF when listing another user's privileges. We
+ need to use list_pw if it is set instead of user_name. GitHub issue
+ #183
+ [268044635b44]
+
+ * NEWS:
+ Update NEWS file with recent changes.
+ [200ac32d330b]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/multiarch.c, lib/util/regress/multiarch/multiarch_test.c,
+ lib/util/sudo_dso.c, lib/util/util.exp.in, src/load_plugins.c:
+ Apply multiarch rules when loading plugins too.
+ [f53fe06fce06]
+
+2022-10-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_dso.c:
+ sudo_dso_load: try multi-arch on Linux if we can't load the path.
+ For example, if loading /usr/lib/libsss_sudo.so fails, try again
+ with /usr/lib/x86_64-linux-gnu/libsss_sudo.so.
+ [4eabffa486b5]
+
+ * MANIFEST, lib/util/Makefile.in,
+ lib/util/regress/open_parent_dir/open_parent_dir_test.c:
+ Add test for sudo open_parent_dir()
+ [2d6b1be616c9]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test19.out.ok,
+ plugins/sudoers/regress/testsudoers/test19.sh:
+ Add test for matching a literal "" command line argument as "" in
+ sudoers. GitHub issue #182.
+ [ccb5dc8b23ee]
+
+2022-10-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/visudo.man.in, docs/visudo.mdoc.in, plugins/sudoers/visudo.c:
+ Add -I flag to disable editing include files unless there is an
+ error. This can be used when you only want to edit a single sudoers
+ file unless there is a pre-existing syntax error.
+ [18fbf720fdbf]
+
+ * plugins/sudoers/match_command.c:
+ Do not match a literal "" command line argument as "" in sudoers. If
+ the empty string is specified in sudoers, no user args are allowed.
+ GitHub issue #182.
+ [5de0370eddcb]
+
+ * lib/util/sudo_conf.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c:
+ sudo_secure_open_{file,dir}: always check thatreturn value is not
+ -1. Avoids false positives from static analyzers that can't figure
+ out that the fd is always valid when error is SUDO_PATH_SECURE.
+ [f0ebb2b836b9]
+
+ * lib/iolog/iolog_mkdtemp.c:
+ Correct return value when mkdtempat() fails.
+ [5a491fac8f49]
+
+ * lib/util/mkdir_parents.c:
+ sudo_open_parent_dir: stop before creating the last path component
+ Fix a regression introduced in sudo 1.9.9 where the entire directory
+ path was created instead of just the parent directory.
+ [fdaa5aeb744b]
+
+2022-10-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, scripts/log2cl.pl:
+ Use "hg log --template" instead of "hg log --style".
+ [63f020404fbb]
+
+2022-09-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c:
+ Mark code that escapes/unescapes "sudo -s cmd args..." for removal.
+ A future version of the plugin API will defer any such escaping to
+ the policy plugin so it can be configurable.
+ [658d1bba4319]
+
+ * NEWS:
+ Update with recent changes.
+ [4a739e30c77f]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
+ Improve the description of JSON output.
+ [258b57ce22ab]
+
+2022-09-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md, etc/codespell.ignore, lib/eventlog/eventlog.c,
+ plugins/group_file/getgrent.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h,
+ src/exec_nopty.c:
+ Fix typos found by codespell 2.2.1.
+ [3beaf856c861]
+
+ * logsrvd/iolog_writer.c:
+ Change max user-ID and group-ID from INT_MAX to UINT_MAX.
+ [0971e5f9f398]
+
+ * logsrvd/logsrvd_local.c:
+ Add support for NumberList stored in an InfoMessage.
+ [a762fe45e5cc]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c,
+ plugins/sudoers/log_client.c:
+ Add missing NULL checks for mandatory fields in protobuf messages.
+ Also no longer reject an InfoMessage with an unknown value_case,
+ just log and ignore it.
+ [41c38e7f075b]
+
+2022-09-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/log_client.c:
+ Don't send ttyname to log server if it is NULL. Otherwise the log
+ server will reject the AcceptMessage because a NULL string is not
+ allowed.
+ [df7fea4bef26]
+
+ * src/exec_nopty.c:
+ HP-UX has struct winsize in termios.h.
+ [5827a1f234fe]
+
+ * plugins/python/Makefile.in, src/Makefile.in:
+ Regen dependencies
+ [817623addc62]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in, src/exec.c,
+ src/exec_nopty.c, src/exec_pty.c,
+ src/regress/intercept/test_ptrace.c, src/sudo_exec.h,
+ src/suspend_nopty.c:
+ Add support for logging stdin/stdout/stderr in the non-pty exec
+ path. If we are logging I/O but not terminal input/output (either
+ because no terminal is present or because that is what the plugin
+ requested), the non-pty exec path is now taken.
+ [205c68d452df]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_iolog.c,
+ src/exec_nopty.c, src/exec_pty.c, src/regress/noexec/check_noexec.c,
+ src/sudo_exec.h, src/sudo_intercept_common.c:
+ Move exec code to call into I/O log plugin to exec_iolog.c. This
+ will be shared with exec_nopty.c in the future to log
+ stdin/stdout/stderr without running the command in a pty. Both
+ exec_pty.c and exec_nopty.c now use the same closure.
+ [45a19e8e3721]
+
+ * plugins/python/python_importblocker.c:
+ Implement find_spec, not the deprecated find_module. Fixes a test
+ failure due to find_module having removed from setuptools.
+ [cc1e68c0ee1e]
+
+2022-09-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/editor.c,
+ plugins/sudoers/regress/editor/check_editor.c:
+ copy_arg: fix copying an escaped backslash GitHub issue #179
+ [d21d95ec5cb0]
+
+2022-09-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/mktemp.c:
+ Use mkdtempat_np() and mkostempsat_np() on macOS
+ [ad0cd430347e]
+
+2022-09-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_iolog.h, lib/iolog/iolog_mkdirs.c,
+ lib/iolog/iolog_mkdtemp.c, lib/util/mkdir_parents.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c:
+ Convert remaining uses of sudo_mkdir_parents() to
+ sudo_open_parent_dir().
+ [62fd9644a605]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl:
+ Add fchownat() systems without it.
+ [d51316f1026d]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/mktemp.c, plugins/python/regress/iohelpers.h:
+ Add mkdtempat() and mkostempsat() for systems without them.
+ [099468742d16]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in, include/sudo_util.h,
+ lib/util/secure_path.c, lib/util/sudo_conf.c,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c:
+ Use sudo_secure_open_file() instead of sudo_secure_file() where
+ possible. Both sudo_secure_open_file() and sudo_secure_open_dir()
+ are now passed a struct stat pointer like sudo_secure_file() and
+ sudo_secure_dir().
+ [c4e4c3f74ea4]
+
+ * include/sudo_util.h, lib/util/mkdir_parents.c,
+ lib/util/secure_path.c, lib/util/util.exp.in,
+ plugins/sudoers/timestamp.c:
+ Fix potential TOCTOU when creating time stamp directory and file.
+ [d36591f966c5]
+
+ * lib/util/mkdir_parents.c:
+ sudo_mkdir_parents: just use memcpy() to copy the path component.
+ Using snprintf() for this is overkill, we need to do the same length
+ check either way.
+ [8ea754871a54]
+
+ * lib/util/Makefile.in:
+ regen
+ [ab40def3376c]
+
+2022-09-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/digest_gcrypt.c:
+ Quiet libgcrypt run-time warning about not being initialized. Fixes
+ Debian bug #1019428 and Ubuntu bug #1397663.
+ [ebf9a6477d5d]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/audit.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.h,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Split log_{input,output} into log_{stdin,ttyin} and
+ log_{ttyout,stdout,stderr} If log_input is set, log_{stdin,ttyin}
+ will be set as well. If log_output is set,
+ log_{stdout,stderr,ttyout} will be set as well. This provides more
+ fine-grained control over I/O logging and makes it possible to
+ disable logging piped or redirected intput or output.
+ [5b7ea42ac63b]
+
+ * LICENSE.md, include/protobuf-c/protobuf-c.h,
+ lib/protobuf-c/protobuf-c.c:
+ Update to protobuf-c 1.4.1 We already had all the relevant fixes so
+ this is just cosmetic.
+ [aa51e48afe49]
+
+ * src/load_plugins.c:
+ new_container: no need to initialize container pointer in
+ declaration. From Li zeming.
+ [729a8a417d88]
+
+2022-09-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Use tcpgid if passed from sudo front-end and use it in
+ tty_present(). This can be used as another indicator that a terminal
+ is present without having to open /dev/tty.
+ [b804b8b7fc03]
+
+2022-09-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
+ docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
+ docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
+ docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
+ docs/sudo_plugin.mdoc.in, docs/sudo_sendlog.man.in,
+ docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
+ docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
+ docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
+ Remove most uses of the deprecated Li macro which has no effect.
+ Also fix some other incorrect markup.
+ [8f94cc555092]
+
+2022-09-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Use $(GREP) and $(EGREP) variables in Makefile.in files.
+ [cf8d7fb45169]
+
+ * Merge pull request #177 from a1346054/fixes
+
+ Makefile.in: replace `egrep` and fix target name
+ [751aa03eb470]
+
+2022-09-12 a1346054 <36859588+a1346054@users.noreply.github.com>
+
+ * Makefile.in:
+ Fix incorrect makefile target name
+ [318288fb712f]
+
+ * Makefile.in:
+ Use `grep -E` instead of `egrep`
+ [4a2d9543643c]
+
+2022-09-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
+ Document apparmor_profile, intercept_verify, and update_ticket.
+ [d55caa1af788]
+
+ * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
+ Fix some of the markup to be more consistent with
+ sudo_plugin.mdoc.in. Also reword a few awkward phrases.
+ [8682c067c38b]
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
+ Use correct markup of function arguments and struct members. Also
+ remove most uses of the deprecated Li macro which has no effect.
+ [59b01b9ff183]
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
+ Move the init_session() errstr description to where it belongs.
+ [8c1e7cb23d1f]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Fix a typo
+ [591b75013070]
+
+2022-09-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ log_parse_error: make errstr const to quiet a -Wwrite-strings
+ warning
+ [9827a2a01316]
+
+ * config.h.in, configure.ac, include/sudo_compat.h,
+ include/sudo_debug.h, include/sudo_fatal.h, include/sudo_lbuf.h,
+ include/sudo_util.h, lib/eventlog/eventlog.c,
+ plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.h,
+ plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c,
+ src/parse_args.c, src/regress/noexec/check_noexec.c, src/sudo.h:
+ Move gcc-style __attribute__ macros to config.h.in Renamed __malloc
+ -> sudo_malloclike, __printflike -> sudo_printflike, __printf0like
+ -> sudo_printf0like. Add sudo_noreturn instead of
+ __attribute__((__noreturn__)). We do not use stdnoreturn.h since it
+ has been deprecated in C23 in favor of the [[noreturn]] attribute.
+ [ad3c04a1bbb0]
+
+ * plugins/sudoers/visudo.c:
+ Add __printf0like to visudo_track_error().
+ [7a118c40d360]
+
+2022-09-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.y:
+ Back out unintended change in last commit.
+ [5d52c966212d]
+
+ * plugins/sudoers/gram.y, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ It is possibble for sudoerserrorf() to be called with a NULL format.
+ So log_parse_error() needs to check fmt for NULL before using it.
+ [5b779a6888c9]
+
+2022-09-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/UPGRADE.md:
+ Mention how to restore the historic core resource limit behavior.
+ [bfd792bd9d07]
+
+ * plugins/sudoers/audit.c:
+ Set MODE_POLICY_INTERCEPTED for log_subcmds too. This fixes a
+ problem where sub-commands were not being logged to the remote log
+ server, if configured. Since we don't go through
+ sudoers_policy_main() again for log_subcmds, we set the flag in
+ sudoers_audit_accept() instead. The reason this is complicated is
+ that when I/O logging is enabled the initial accept message gets
+ sent as part of the remote logging handshake. GitHub issue #174
+ [297fa6bbd769]
+
+2022-09-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Update with latest changes.
+ [d7ca5db7adc7]
+
+ * docs/cvtsudoers.mdoc.in:
+ Fix typo.
+ [7629516758e2]
+
+ * plugins/sudoers/sudoers.c:
+ Only check the admin flag file once in intercept mode.
+ [c439914e08e1]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
+ Document cvtsudoers CSV output format
+ [c5164466cae2]
+
+2022-08-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
+ Document cvtsudoers JSON output format
+ [9fce227c2c61]
+
+2022-08-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ Zero out register struct before calling ptrace_getregs(). Quiets a
+ spurious valgrind warning.
+ [32f19e2e508f]
+
+2022-08-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ intercept_verify is fast, but the policy check is (relatively) slow.
+ [0a120a78bd37]
+
+ * src/exec_ptrace.c:
+ Realloc the buffer used to store argv and envp as needed. We now
+ store the vector immediately after the string table. It is possible
+ for argv and its contents to be invalidated by realloc() when
+ reading envp so we store the pointers as offsets until we are done
+ allocating.
+ [7620f3dceac4]
+
+2022-08-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c, src/exec_ptrace.h:
+ ptrace_verify_post_exec: use /proc/PID/cmdline and /proc/PID/environ
+ There is no reason to read these directly from the tracee when we
+ rely on /proc being mounted to access /proc/PID/exe.
+ [5da938210647]
+
+ * src/exec_ptrace.c:
+ Protect ptrace_readv_string() with #ifdef HAVE_PROCESS_VM_READV
+ [cc8e71c4c529]
+
+2022-08-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Rework the intercept section in "Preventing shell escapes".
+ [5e5b1ea90ce1]
+
+ * .github/workflows/codeql-analysis.yml:
+ Update CodeQL Action to v2 using current example config.
+ [d0aa8b4dda28]
+
+ * lib/util/arc4random.c:
+ Suppress PVS-Studio false positive.
+ [32fd02734378]
+
+ * src/exec_intercept.c:
+ intercept_check_policy_req: an empty argv[] is now supported
+ [a668708cc0a9]
+
+ * config.h.in, configure, configure.ac, src/exec_ptrace.c:
+ Use process_vm_readv(2) and process_vm_writev(2) if available. This
+ is faster than reading/writing from/to the remote process one word
+ at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA.
+ [d0c5ed82738c]
+
+ * plugins/sudoers/check.c:
+ Skip all of check_user() for intercept unless intercept_authenticate
+ set. Previously we were calling the PAM approval modules even in
+ intercept mode which can take a lot of time. We may wish to make PAM
+ approval configurable in intercept mode in the future.
+ [e06fbc7e4ca6]
+
+ * plugins/sudoers/sudoers.c:
+ Only set MODE_POLICY_INTERCEPTED on subsequent policy checks. This
+ fixes a bug where MODE_POLICY_INTERCEPTED was set too early if the
+ intercept option was set globally in sudoers. It should only be set
+ after the original command has executed.
+ [8f5d47c2635a]
+
+2022-08-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ intercept_verify also compares the environment. Also mention the
+ overhead involved in checking things.
+ [44da04558285]
+
+2022-08-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ ptrace_getregs: make compat check more generic No need to use
+ different checks for mips and non-mips, the compiler will optimize
+ away the superfluous check.
+ [0f2ff0f3f388]
+
+ * src/preload.c:
+ Correct type of sudoers_audit. GitHub issue #61
+ [17a7806ad3ba]
+
+2022-08-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sesh.c:
+ Fix shadowed variable warning.
+ [e200b6b5b4fd]
+
+2022-08-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.h:
+ Fix shadowed variable warning on aarch64.
+ [84169692bd1c]
+
+ * src/regress/intercept/test_ptrace.c:
+ Quiet another -Wwrite-strings warning.
+ [ff2860056976]
+
+ * src/exec_ptrace.c:
+ ptrace_getregs: try to determine compat mode if caller doesn't know.
+ In ptrace_verify_post_exec(), we don't know whether the executable
+ that is now running is a native or compat binary. In most cases
+ ptrace_getregs() will be able to figure it out for us.
+ [fb0fa29ff554]
+
+ * src/exec_ptrace.c:
+ ptrace_intercept_execve: fail syscall rather than killing process on
+ error. If the execve(2) args are bogus pointers, we should just
+ return an error instead of killing the process. For consistency with
+ the kernel, convert EIO from ptrace(2) to EFAULT. Also convert some
+ ptrace(2) warnings to debug printfs so sudo is less chatty.
+ [3d30c6d28005]
+
+2022-08-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ Treat argv and closure->run_argv of different sizes as a mismatch.
+ If argv and closure->run_argv match up to the point where we hit a
+ NULL but one of them has additional entries, we still need to
+ rewrite argv.
+ [91d522d9c3b6]
+
+ * src/exec_ptrace.c:
+ Handle the case where argc is 0 when allocating space for argv. We
+ need to pass the pathname to the policy plugin in argv[0] so we must
+ be sure to allocate space for it even if argc is 0.
+ [953f92c9e7a5]
+
+ * src/sudo_intercept.c:
+ copy_vector: treat a NULL pointer as an empty vector. Linux
+ execve(2) allows argv to be NULL so we must allocate an empty vector
+ in this case and not return an error.
+ [cf30608ed6cb]
+
+ * src/exec_preload.c:
+ Update debug_decl name for sudo_preload_dso ->
+ sudo_preload_dso_alloc change.
+ [b0db53a62c7a]
+
+ * src/exec_intercept.c:
+ Handle the case where argc is 0 when rebuilding argv. We need to
+ pass the pathname to the policy plugin in argv[0] so we must be sure
+ to allocate space for it even if argc is 0.
+ [10358fc408a1]
+
+ * src/exec_ptrace.c:
+ Handle sysconf(_SC_ARG_MAX) failure, Coverity CID 276504.
+ [ddb88da56bd7]
+
+ * plugins/sudoers/match_digest.c:
+ Avoid a Coverity false positive.
+ [dd9fd747bd7f]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Remove cast from time_t to int to avoid a Coverity false positive.
+ The cast should not be required.
+ [a305b10eb17e]
+
+2022-08-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/group_plugin.c:
+ Use multilib rules to look for a 64-bit group plugin on failure. If
+ sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
+ native version of the file using system-dependent multilib rules. If
+ we don't support multilib on the platform, check for a version of
+ the file that ends in "64" before the .so suffix.
+ [d36bcc89ee34]
+
+ * docs/sudo_plugin.man.in:
+ regen
+ [c14c0882a07d]
+
+2022-08-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/env.c, src/env_hooks.c:
+ In putenv(3) replacement reject a string with no '=' or that starts
+ with one.
+ [59c6e6e5232b]
+
+2022-08-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * LICENSE.md:
+ Update copyright year for embedded zlib.
+ [2c52d016e583]
+
+2022-08-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Use our own arc4random() in preference to the glibc version. The
+ glibc arc4random() may fail in chroot on older kernels and exit.
+ [9b4a62c9f468]
+
+ * lib/util/sudo_dso.c:
+ sudo_dso_load: restore original error for AIX on failure. For AIX,
+ if dlopen() fails we try again with RTLD_MEMBER set and a default
+ member (shr.o or shr_64.o). However, if that also fails, the user
+ will receive a useless error message that doesn't correspond to the
+ actual problem. We now retry the original dlopen() if the fallback
+ to RTLD_MEMBER fails, which has the effect of restoring the original
+ error message.
+ [ec539996a4aa]
+
+2022-08-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #165 from bdrung/xdg-current-desktop
+
+ Add XDG_CURRENT_DESKTOP to initial_keepenv_table
+ [3d2e82e32ea8]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.12.
+ [08c096ada8b2]
+
+ * docs/sudo_plugin.mdoc.in, include/sudo_plugin.h, plugins/python/regr
+ ess/testdata/check_multiple_approval_plugin_and_arguments.stdout,
+ src/exec.c:
+ Bump the sudo plugin minor version. The "update_ticket" entry was
+ added to the settings list and the "intercept_verify" entry was
+ added to the command_info list.
+ [3259f3199798]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/check.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_usage.h.in:
+ Add a way to run a command without updating the cached credentials.
+ This can also be used to test for whether or not the user's
+ credentials are currently cached.
+ [f5825a6f881b]
+
+ * Merge pull request #168 from likunyur/lky
+
+ Remove unnecessary initialization and casts.
+ [fcb251c895ce]
+
+ * Merge pull request #169 from kempstonjoystick/main
+
+ Fix incorrect SHA384/512 digest calculation.
+ [f016c3a37255]
+
+2022-08-02 Tim Shearer <timtimminz@gmail.com>
+
+ * lib/util/sha2.c:
+ Fix incorrect SHA384/512 digest calculation.
+
+ Resolves an issue where certain message sizes result in an incorrect
+ checksum. Specifically, when: (n*8) mod 1024 == 896 where n is the
+ file size in bytes.
+ [e9f235a8d432]
+
+2022-08-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Defer chdir(2) until sesh when running with SELinux. We need to be
+ running with the correct security context or the chdir(2) may fail.
+ GitHub issue #160.
+ [a8713dd21be9]
+
+2022-08-01 Li zeming <zeming@nfschina.com>
+
+ * lib/util/arc4random.c:
+ util/arc4random: (void*) type pointer passing address could remove
+ cast
+
+ Signed-off-by: Li zeming <zeming@nfschina.com>
+ [aa4e8c73f131]
+
+ * lib/iolog/hostcheck.c:
+ iolog/hostcheck: These two parameters do not need to be initialized
+ and assigned, the following code is directly assigned
+
+ Signed-off-by: Li zeming <zeming@nfschina.com>
+ [dd657435f277]
+
+2022-07-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #166 from c4rlo/patch-1
+
+ visudo.c: add nvim (Neovim) to lineno_editor list
+ [97e0a7b00daa]
+
+2022-07-31 Carlo Teubner <435950+c4rlo@users.noreply.github.com>
+
+ * plugins/sudoers/visudo.c:
+ visudo.c: add nvim (Neovim) to lineno_editor list
+
+ Neovim supports it: https://neovim.io/doc/user/starting.html#-+
+ [020b59cf0f6b]
+
+2022-07-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Document the TOCTOU issue with intercept mode. Describe how
+ intercept_verify attempts to reduce the risk.
+ [b118de8d4c66]
+
+ * etc/codespell.exclude, etc/codespell.ignore:
+ Update a codespell exclude pattern.
+ [3193ffb4c938]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/policy.c, src/exec_ptrace.c, src/sudo.c, src/sudo.h:
+ Add intercept_verify sudoers option to control execve(2) argument
+ checking.
+ [79131cfb0125]
+
+ * src/exec_ptrace.c:
+ Use PTRACE_EVENT_EXEC to stop execution before return from
+ execve(2). We can now verify that the arguments match what we
+ accepted before the command actually runs. If there is a mismatch,
+ the process is killed. Shell scripts must be handled specially since
+ the path executed will be the interpreter, not the script name.
+ Linux allows interpreters to be nested up to 4 deep.
+ [5e7b1828dbb0]
+
+ * plugins/sudoers/sudoers.c:
+ Only set MODE_POLICY_INTERCEPTED if we are running a command. Fixes
+ an error with "sudo -l" when intercept is enabled globally.
+ [7a1d0ff5a498]
+
+2022-07-29 Benjamin Drung <bdrung@ubuntu.com>
+
+ * plugins/sudoers/env.c:
+ Add XDG_CURRENT_DESKTOP to initial_keepenv_table
+
+ Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct
+ theme.
+
+ Since `DISPLAY` and `XAUTHORITY` are already in the default table of
+ variables to preserve in the environment, just add
+ `XDG_CURRENT_DESKTOP` to it.
+
+ Bug: https://launchpad.net/bugs/1958055 Signed-off-by: Benjamin
+ Drung <bdrung@ubuntu.com>
+ [aa5132684c89]
+
+2022-07-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ The length returned by ptrace_read_string() include the NUL. We were
+ wasting a extra byte in the string table for each entry.
+ [b1220aae7141]
+
+2022-07-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_compat.h, include/sudo_util.h:
+ Use gcc's malloc attribute for malloc-like allocation functions.
+ [bff3b0ab89c5]
+
+ * lib/util/mmap_alloc.c:
+ Avoid a Coverity positive.
+ [81f526688296]
+
+ * src/exec_preload.c:
+ fmtstr: add missing va_end() for the overflow case Coverity CID
+ 275335
+ [42a4f4467ca5]
+
+ * lib/util/sudo_debug.c:
+ Fix potential NULL pointer deference found by clang-analyzer.
+ [5b0a9c0f2e71]
+
+ * src/sudo.c, src/sudo_intercept_common.c:
+ Quiet some harmless PVS-Studio warnings.
+ [9b9cc92f0585]
+
+ * src/exec_intercept.c:
+ Reject relative command paths if runcwd is not set. This is now
+ treated as a policy rejection.
+ [bf35a6818c77]
+
+ * src/exec_intercept.c:
+ intercept_check_policy: close saved_dir before returning
+ [04adba5e85fa]
+
+ * src/exec_intercept.c:
+ Change to runcwd during the policy check where possible. Otherwise,
+ attempts to run "./command" from a shell with intercept set will
+ fail if the current working directory is different from the main
+ sudo process.
+ [cd218f081cf2]
+
+2022-07-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_util.h, lib/util/mmap_alloc.c, lib/util/util.exp.in,
+ src/sudo_intercept.c:
+ For preload DSO make copies of cmnd, argv, envp and map them read-
+ only.
+ [56a160c55e4c]
+
+ * src/exec_preload.c, src/sudo_exec.h, src/sudo_intercept.c,
+ src/sudo_intercept_common.c:
+ Use sudo_mmap_alloc functions in DSO-based intercept code.
+ [806dacd141ad]
+
+ * lib/util/snprintf.c:
+ Use sudo_mmap_alloc functions instead of private versions. We no
+ longer need to keep track of the allocation size.
+ [6f375ed7a927]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/mmap_alloc.c, lib/util/util.exp.in:
+ Add sudo_mmap_{alloc,allocarrary,strdup,free} functions. These
+ allocate memory via mmap anonymous regions and store the mapped size
+ immediately before the returned pointer as an unsigned long. They
+ are intended to be used in cases where malloc(3) and free(3) are
+ unsuitable due to concerns about corrupting global state in multi-
+ threaded programs or signal handlers.
+ [803b4a82bedd]
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
+ Sync with schema.OpenLDAP for user/group utf8 support.
+ [14705b52a4f9]
+
+ * Merge pull request #163 from Firstyear/20220725-sudo-ldap-schema
+
+ Update sudoUser to be utf8 in ldap schemas
+ [91354fc2ed23]
+
+ * src/sudo_intercept.c:
+ resolve_path: skip non-regular files
+ [2ed5efdb48ea]
+
+2022-07-25 William Brown <wbrown@suse.de>
+
+ * docs/schema.OpenLDAP, docs/schema.iPlanet, docs/schema.olcSudo:
+ Update sudoUser to be utf8 in ldap schemas
+
+ In most unix-style LDAP servers, uid is a utf8 string defined by OID
+ 1.3.6.1.4.1.1466.115.121.1.15. However, sudoUser was defined as an
+ IA5 String (OID 1.3.6.1.4.1.1466.115.121.1.26) which meant that
+ sudoUser could only represent a subset of possible values.
+
+ In some cases when using sudoers.ldap, the uid from the machine
+ which was utf8 was fed back into sudo which would then issue a
+ search for sudoUsers. If this uid contained utf8 characters, the
+ ldap server would refuse to match into sudoUsers because these were
+ limited to IA5.
+
+ This is a safe-forward upgrade as IA5 is a subset of UTF8 meaning
+ that this change will not impact existing deployments and their
+ rules.
+ [7a47e711ca88]
+
+2022-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_intercept.c, src/sudo.c:
+ Make sure the plugin provides a command, argv and envp.
+ [7e4e93118622]
+
+ * lib/util/sudo_debug.c, src/exec_intercept.c, src/exec_preload.c,
+ src/exec_ptrace.c, src/sudo_intercept.c,
+ src/sudo_intercept_common.c:
+ Linux execve(2) allows argv or envp to be NULL. Add checks to make
+ sure we don't deference a NULL pointer.
+ [be380b71df62]
+
+2022-07-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_intercept.c:
+ intercept_check_policy: add oom label and fix approval failure case.
+ If the approval plugin fails we need to set the state to
+ POLICY_REJECT just like we do if the policy rejected the command.
+ [e7ba37e32af7]
+
+2022-07-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/policy.c, src/apparmor.c:
+ Fix a few whitespace issues.
+ [deb6391a3ba0]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Increase the realloc increment from 128 to 1024. The contents of the
+ env_add array should not include the leading "env=" prefix.
+ [d8c0067fc3fd]
+
+ * plugins/sudoers/env.c:
+ sudo_putenv_nodebug: require that the environment string include a
+ '='
+ [fb200f301070]
+
+2022-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ If update_defaults() fails, treat it as a parse error.
+ [d9860eb2257a]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add additional PVS-studio suppression comments for generated code.
+ [dfb89944dcce]
+
+2022-07-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match_command.c:
+ Fix compilation error when SUDOERS_NAME_MATCH is defined.
+ [3b76707bc5fa]
+
+ * plugins/sudoers/match_command.c:
+ Fix a NOPASSWD issue with a non-existent command when fdexec=always
+ In command_matches_all(), if the command is fully-qualified and
+ open_cmnd() return false, only treat it as an error if we are able
+ to stat(2) the command. For "sudo ALL" a non-existent command is not
+ an error.
+ [e2d756137ce9]
+
+ * plugins/sudoers/regress/testsudoers/test18.sh:
+ Quote ^foo$ on command line to protect it from the shell.
+ [0f1274e0be93]
+
+2022-07-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/util/regress/closefrom/closefrom_test.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsig/strsig_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/uuid/uuid_test.c,
+ logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c,
+ plugins/python/regress/check_python_examples.c, src/exec_ptrace.c:
+ Add explicit include of unistd.h for getopt(3) and related
+ variables.
+ [e1c369cd5ae8]
+
+2022-07-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, src/sudo_intercept_common.c:
+ Merge pull request #161 from likunyur/lky
+
+ sudoers/cvtsudoers: Remove the repeated ';' from code
+ [9b961a3b9c86]
+
+2022-07-04 Li kunyu <kunyu@nfschina.com>
+
+ * src/sudo_intercept_common.c:
+ src/send: Remove the repeated ';' from code
+
+ Signed-off-by: Li kunyu <kunyu@nfschina.com>
+ [6fc809eac0b1]
+
+ * plugins/sudoers/cvtsudoers.c:
+ sudoers/cvtsudoers: Remove the repeated ';' from code
+
+ Signed-off-by: Li kunyu <kunyu@nfschina.com>
+ [75582c880c30]
+
+2022-07-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/timegm.c:
+ In timegm() initialize tm_isdst to 0 like tzcode does.
+ [d3f2d10c3559]
+
+2022-06-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/intercept.pb-c.h, include/sudo_event.h,
+ src/exec_intercept.c, src/exec_intercept.h, src/intercept.pb-c.c,
+ src/intercept.proto, src/sudo_intercept_common.c:
+ Stop sending an InterceptResponse to a PolicyCheckRequest for
+ log_subcmds. There's no real reason for the command to wait for sudo
+ send back a response that will always be a PolicyAcceptMessage.
+ [d2fe28a652d0]
+
+ * plugins/sudoers/sudoers.c:
+ sudoers_main: defer setting return value until the end when running
+ a command Otherwise, we could return success when there was an error
+ from a system call or memory allocation failure.
+ [bd993a2948ce]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Save the initial command run via sudo and use it when logging exit
+ status. Otherwise, if we are in intercept mode or logging sub-
+ commands the exit status will be logged with the wrong command.
+ [54e3494473ac]
+
+2022-06-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/zconf.h.in:
+ Define _LARGEFILE64_SOURCE if _FILE_OFFSET_BITS == 64. Fixes a
+ -Wwrite-strings warning on 32-bit systems.
+ [61eff691496f]
+
+ * lib/util/strsignal.c:
+ Quiet another -Wwrite-strings warning.
+ [a03bb85d581d]
+
+ * lib/protobuf-c/protobuf-c.c:
+ Fix a clang analyzer 14 warning about a possible NULL deref.
+ [4c0db4ac3e1d]
+
+ * lib/iolog/Makefile.in, lib/logsrv/Makefile.in,
+ lib/protobuf-c/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Regenerate dependencies
+ [ff7de2b59097]
+
+ * scripts/mkdep.pl:
+ Do not check files generated by protbuf-c with PVS-Studio
+ [86f56c21339f]
+
+ * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_queue.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
+ plugins/sudoers/log_client.c, src/sudo_intercept_common.c:
+ Quiet some harmless PVS Studio warnings.
+ [476fbef7a0c4]
+
+ * logsrvd/logsrvd_conf.c, logsrvd/sendlog.c:
+ Use "unable to allocate memory" warning on malloc failure. This is
+ consistent with the rest of the sudo source code.
+ [5954fc067647]
+
+ * lib/eventlog/Makefile.in, lib/fuzzstub/Makefile.in,
+ lib/iolog/Makefile.in, lib/iolog/host_port.c,
+ lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
+ lib/util/Makefile.in, lib/util/getentropy.c, lib/util/roundup.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
+ logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
+ logsrvd/tls_init.c, plugins/sudoers/log_client.c, src/Makefile.in,
+ src/apparmor.c:
+ Add missing PVS Studio Open Source comments. Also avoid checking
+ protobuf-c source and protobuf-c generated files.
+ [e1277c1f6585]
+
+ * lib/iolog/host_port.c, lib/iolog/hostcheck.c, lib/util/roundup.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_journal.c, logsrvd/logsrvd_local.c,
+ logsrvd/logsrvd_queue.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
+ logsrvd/tls_init.c, plugins/python/pyhelpers.h,
+ plugins/python/regress/iohelpers.h, plugins/sudoers/log_client.c:
+ Use #include <config.h> not #include "config.h" for consistency.
+ Otherwise, some compilers may do the wrong thing in a build dir if
+ there is a config.h file in the source dir too.
+ [79aaab18dc6d]
+
+2022-06-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/group_plugin.c:
+ Update group_plugin_load() stub to match its prototype.
+ [9ea7126e6d5c]
+
+ * configure, configure.ac, include/sudo_iolog.h,
+ lib/eventlog/eventlog.c, lib/eventlog/logwrap.c,
+ lib/iolog/host_port.c, lib/iolog/regress/host_port/host_port_test.c,
+ lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c, lib/util/aix.c,
+ lib/util/getgrouplist.c, lib/util/getopt_long.c, lib/util/lbuf.c,
+ lib/util/logfac.c, lib/util/logpri.c,
+ lib/util/regress/progname/progname_test.c, lib/util/snprintf.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_local.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/audit_json/audit_json.c,
+ plugins/python/python_convmessage.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/sudo_python_module.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_csv.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/exptilde.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/insults.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/serialize_list/check_serialize_list.c,
+ plugins/sudoers/regress/unescape/check_unesc.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers_hooks.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/edit_open.c, src/exec_common.c, src/parse_args.c,
+ src/regress/noexec/check_noexec.c, src/selinux.c, src/sudo.c,
+ src/sudo_edit.c, src/sudo_intercept.c:
+ Make sudo pass -Wwrite-strings
+ [7ac3dd7b1634]
+
+ * configure, configure.ac:
+ A typo prevented -Wno-deprecated-declarations from being used on
+ macOS.
+ [4d6d4b9e7191]
+
+2022-06-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/preload.c:
+ Fix missing prototype warning.
+ [66e460d3c1d2]
+
+ * lib/zlib/zconf.h.in:
+ Define _LFS64_LARGEFILE, _LARGEFILE64_SOURCE if 64-bit or
+ _LARGE_FILES set. autoconf does not define _LARGEFILE64_SOURCE by
+ default but zlib expects it (its own configure script will define
+ it). Fixes a missing prototype for crc32_combine_gen64() on AIX and
+ HP-UX.
+ [c5b314bebbcb]
+
+ * configure, configure.ac, include/sudo_iolog.h, include/sudo_util.h,
+ lib/iolog/host_port.c, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_timing/check_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/mktemp/mktemp_test.c, lib/util/strtoid.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, logsrvd/sendlog.c,
+ plugins/python/pyhelpers.c, plugins/python/python_plugin_approval.c,
+ plugins/python/python_plugin_approval_multi.inc,
+ plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_audit_multi.inc,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_group.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_io_multi.inc,
+ plugins/python/python_plugin_policy.c,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/sudo_python_module.c, plugins/sudoers/audit.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.h,
+ plugins/sudoers/unesc_str.c, src/copy_file.c, src/exec_ptrace.c,
+ src/load_plugins.c, src/net_ifs.c, src/sudo.h, src/sudo_intercept.c,
+ src/sudo_intercept_common.c, src/sudo_noexec.c:
+ Make sudo pass -Wmissing-prototypes
+ [195b024b9f54]
+
+ * src/exec_ptrace.c:
+ Include inttypes.h if stdint.h is not present. Bug #1035
+ [da6185c4c418]
+
+2022-06-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ readlink(2) does NUL-terminate the buffer, do it manually. Fixes a
+ bug where the current working directory could include garbage in
+ intercept mode using ptrace(2).
+ [dc7c547f518f]
+
+ * src/exec_preload.c, src/sudo_exec.h, src/sudo_intercept_common.c:
+ sudo_preload_dso: make the envp function argument const This lets us
+ fix an inappropriate cast in sudo_intercept_common.c.
+ [c2fa860b684e]
+
+ * src/exec_intercept.c:
+ intercept_write: remove unused CD_USE_PTRACE code. It is not
+ possible to end up in intercept_write when CD_USE_PTRACE is set.
+ [f8bdc5e37294]
+
+2022-06-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_11p3 for changeset 6e671475b373
+ [59e5766213e9] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Merge sudo 1.9.11p3 from tip.
+ [6e671475b373] [SUDO_1_9_11p3] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.11p3
+ [c96ded63ae46]
+
+ * src/exec_intercept.c, src/sudo_intercept_common.c:
+ Set TCP_NODELAY on the socket used for intercept IPC to reduce
+ latency. On some systems, Nagle's algorithm was delaying receipt of
+ the data, causing commands with intercept or log_subcmds to run
+ slowly. Related to Bug #1034.
+ [11b129850ac1]
+
+ * src/sudo_intercept_common.c:
+ Use blocking I/O when talking to the sudo process. Also check for
+ EAGAIN/EINTR when reading the message size. Fixes a problem seen on
+ AIX where recv_intercept_response() could fail unexpectedly. Bug
+ #1034.
+ [8554618665a2]
+
+ * src/exec_intercept.c:
+ Add debug printfs when send/recv return EAGAIN or EINTR. These are
+ not actually errors but can help gain insight into what is going on
+ and, in the case of EAGAIN, whether or not there may be a kernel
+ resource starvation problem.
+ [fd2dee906d2f]
+
+2022-06-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ log_exit_status: make local variables match struct evlog members.
+ [f93d5141e818]
+
+2022-06-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/getgrouplist.c:
+ Quiet a compiler warning on macOS. The getgrouplist() groups array
+ on macOS is int * instead of gid_t *.
+ [c64bf72a1416]
+
+2022-06-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_11p2 for changeset 9e4705cb1db5
+ [2a4b6b814432] <1.9>
+
+ * NEWS, configure, configure.ac, include/sudo_compat.h:
+ Merge sudo 1.9.11p2 from tip.
+ [9e4705cb1db5] [SUDO_1_9_11p2] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.11p2
+ [9505276e5c97]
+
+2022-06-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.h:
+ Fix compilation on Linux/x32; GitHub issue #158
+ [8cebfdd49205]
+
+2022-06-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Fix pasto in comment after HAVE_PRIV_SET #endif
+ [2275ab3b016d]
+
+ * include/sudo_compat.h:
+ Fix typo, we should define SSIZE_MAX if it is not defined.
+ [51c68f801479]
+
+2022-06-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/env.c:
+ Change black list -> blocklist This was missed in the previous
+ conversion.
+ [da610ebb5cb1]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoers.h:
+ Save a pointer to the event_alloc parameter in the plugin open
+ function. That way we don't need to pass event_alloc around to the
+ log client functions.
+ [a8a47f3770b3]
+
+ * lib/protobuf-c/protobuf-c.c:
+ Fix regression with zero-length messages introduced in protobuf-c PR
+ 500.
+ [42062b9f75d5]
+
+2022-06-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_11p1 for changeset 06b0f12fe91c
+ [feb8ae553833] <1.9>
+
+ * NEWS, config.h.in, configure, configure.ac:
+ Merge sudo 1.9.11p1 from tip.
+ [06b0f12fe91c] [SUDO_1_9_11p1] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.11p1
+ [7fcfdaacb15e]
+
+2022-06-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Make read and write events persistent and disable as needed. For the
+ read callback, disable reader when the buffer is full. For the write
+ callback, disable writer when the buffer is consumed.
+ [2b6953dc4224]
+
+ * config.h.in, configure, configure.ac, src/sudo_exec.h,
+ src/sudo_noexec.c:
+ Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. This
+ matches the actual prctl() call we use.
+ [4222768293d1]
+
+ * Merge pull request #157 from 0x2b3bfa0/improve-tag-spec-ebnf-docs
+
+ Improve Tag_Spec EBNF documentation
+ [f528335aded5]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c:
+ Treat EINTR in a callback like we do EAGAIN. We shouldn't get EINTR
+ in practice since we set SA_RESTART when registering signal handlers
+ but it doesn't hurt to be consistent.
+ [acf3394e2df2]
+
+ * Merge pull request #156 from delroth/aarch64-build
+
+ exec_ptrace: fix missing sudo_pt_regs on aarch64
+ [a7062c609a96]
+
+2022-06-07 Pierre Bourdon <delroth@gmail.com>
+
+ * src/exec_ptrace.h:
+ exec_ptrace: fix missing sudo_pt_regs on aarch64
+
+ AArch64 already had an existing "user_pt_regs" struct and didn't
+ need a struct alias before the renaming to "sudo_pt_regs". Make the
+ code build again by adding the now missing alias.
+
+ Fixes: 2eb8ff17
+ [3b55f40e9b83]
+
+2022-06-07 Helio Machado <0x2b3bfa0+git@googlemail.com>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Improve Tag_Spec EBNF documentation
+ [7e23ec31d124]
+
+2022-06-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #154 from 0x2b3bfa0/fix-tag-spec-docs
+
+ Add missing colon in Tag_Spec documentation
+ [ec8f4610b677]
+
+ * Merge pull request #152 from particleflux/fix-sudoers-typo
+
+ Fix typo in sudoers comment
+ [bbbcff4c14ba]
+
+2022-06-07 Helio Machado <0x2b3bfa0+git@googlemail.com>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Add missing colon in Tag_Spec documentation
+ [e6f4c612e22a]
+
+2022-06-07 Stefan Linke <particleflux@gmail.com>
+
+ * plugins/sudoers/sudoers.in:
+ Fix typo in sudoers comment
+
+ Fix a typo in the sudoers comment about `maxseq` param.
+
+ Introduced by 906eb19ece47023c659b4b3db2e7a6bb57dff0d9 in 1.9.11.
+ [b38fae41b3eb]
+
+2022-06-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/protobuf-c/protobuf-c.c:
+ Only shift unsigned values to avoid implementation-specific
+ behavior. This converts the arithmetic shifts to logical shifts.
+ [e25aa8e9891a]
+
+ * lib/protobuf-c/protobuf-c.c:
+ Fix issue protobuf-c#499: unsigned integer overflow Signed-off-by:
+ 10054172 <hui.zhang@thalesgroup.com>
+ [f3637be4df4f]
+
+ * include/sudo_event.h, lib/util/event_select.c:
+ Fix building with select (not poll) when fd_set is not defined in
+ sys/types.h. We can use a void * for the fd_set arrays and just add
+ a cast when using the FD_SET macros.
+ [5c636cbc11f0]
+
+ * src/exec_pty.c:
+ Reinstall the event handler if we get EAGAIN from read/write
+ callback. The read and write events do not set SUDO_EV_PERSIST so we
+ need to explicitly re-enable the event if there is still data to be
+ read. Bug #963.
+ [0006cb6531f4]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c:
+ If write(2) returns EAGAIN just re-enter the event loop. This is
+ consistent with how we handle EAGAIN for read(2).
+ [e6478d917a0f]
+
+ * .hgtags:
+ Added tag SUDO_1_9_11 for changeset d495c99554f7
+ [74c59bc5c323] <1.9>
+
+ * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
+ logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Merge sudo 1.9.11 from tip.
+ [d495c99554f7] [SUDO_1_9_11] <1.9>
+
+ * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
+ Document how setting ModulePath affects the Python search path. Also
+ advise the user to use a unique prefix to avoid name space
+ collisions with installed Python modules. Bug #1031.
+ [68a9d50d7806]
+
+ * configure, configure.ac, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in:
+ Add EXAMPLES variables for use in the man pages for the examples
+ directory.
+ [148272d9a6d3]
+
+2022-06-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
+ Updated translations from translationproject.org
+ [985902730e5b]
+
+ * plugins/sudoers/po/hr.mo, po/hr.mo:
+ Rebuild Croatian message catalog.
+ [438136f65c13]
+
+2022-06-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .gitignore, .hgignore:
+ Add new test binaries to the ignore files.
+ [ea9de2ded48d]
+
+ * po/cs.mo, po/cs.po:
+ Updated translations from translationproject.org
+ [eac0aba546ed]
+
+ * lib/protobuf-c/protobuf-c.c:
+ Define WORDS_BIGENDIAN on big endian systems. Instead of a configure
+ check, we use endian.h (or a fallback).
+ [4d5603a9528c]
+
+ * include/intercept.pb-c.h, include/log_server.pb-c.h,
+ include/protobuf-c/protobuf-c.h, lib/protobuf-c/protobuf-c.c,
+ scripts/unanon:
+ Update to protobuf-c 1.4.0
+ [47ff9b8bab21]
+
+ * logsrvd/logsrvd.c, plugins/sudoers/cvtsudoers_csv.c:
+ Quiet two clang analyzer false positives.
+ [2c878f7853cc]
+
+ * src/exec_intercept.c:
+ Move a comment to the correct location.
+ [caacb3fae078]
+
+ * logsrvd/logsrvd.c:
+ union sockaddr_union: pass in sockaddr_union * instead of sockaddr
+ *. This eliminates the need for a few casts and is consistent with
+ how create_listener() is written.
+ [4def05f8d895]
+
+ * src/exec_ptrace.c:
+ Eliminate some dead stores that clang-analyzer complains about.
+ [3aac29fe0101]
+
+ * src/exec_ptrace.c:
+ ptrace_read_vec: don't try to free memory on the error path This is
+ leftover from when ptrace_read_string() allocated its own memory.
+ [7f5b5d21bce9]
+
+ * config.h.in, configure, configure.ac, src/sudo_intercept.c:
+ Avoid using vfork(2) in the DSO system(3) wrapper. Traditional
+ vfork(2) semantics make it unsafe for use for more than just
+ vfork(2) + execve(2).
+ [9a8ce7aef55d]
+
+2022-06-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * po/vi.mo, po/vi.po:
+ Updated translations from translationproject.org
+ [e3197ef8a98d]
+
+ * NEWS:
+ Mention sudo_logsrvd.conf "log_server" parsing fix.
+ [575a31b83bfd]
+
+ * MANIFEST, logsrvd/Makefile.in,
+ logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in,
+ logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in,
+ logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.1.in,
+ logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.2.in:
+ For logsrvd_conf_test include both tls and non-tls configs.
+ [ec1815793aab]
+
+ * MANIFEST, logsrvd/Makefile.in,
+ logsrvd/regress/logsrvd_conf/cacert.pem,
+ logsrvd/regress/logsrvd_conf/logsrvd_cert.pem,
+ logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c,
+ logsrvd/regress/logsrvd_conf/logsrvd_dhparams.pem,
+ logsrvd/regress/logsrvd_conf/logsrvd_key.pem,
+ logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in,
+ logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in:
+ Add a simple regression test for logsrvd.conf parser. Unlike the
+ parser fuzzer, this includes sample certs and keys. This test would
+ have detected the BIO_new_file() bug in set_dhparams().
+ [7ddabb9d022f]
+
+ * logsrvd/logsrvd_conf.c:
+ Fix inverted logic when setting server_log. A value that starts with
+ a '/' should be treated as a path.
+ [8941fd924fbf]
+
+ * plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in:
+ Use abs_top_builddir instead of `pwd`/$(top_builddir).
+ [0f4e20a7aeed]
+
+2022-06-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/regress/parse_gids/parse_gids_test.c:
+ Plug a memory leak.
+ [8a9eb498ed55]
+
+ * plugins/sudoers/parse_ldif.c:
+ Fix bug in last commit, need to reinitialize role to NULL.
+ [1e454b967993]
+
+ * plugins/sudoers/parse_ldif.c:
+ Simplify the check for when we can reuse the previous user and host
+ specs. This makes the code easier to read and quiets a cppcheck
+ false positive.
+ [037c4943f1ac]
+
+ * docs/Makefile.in:
+ Install the plugin man pages in section 5 (or 4 for System V). The
+ manual had the correct section in the text but was installed in the
+ wrong directory.
+ [5df7d3f9a010]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/de.mo,
+ po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo,
+ po/hr.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo,
+ po/ro.po, po/uk.mo, po/uk.po:
+ Updated translations from translationproject.org
+ [9ac84e5c9250]
+
+ * NEWS:
+ Sudo now supports intercepting system(3).
+ [a46db96a3b03]
+
+2022-05-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/log_client.c:
+ Only display "unable to connect to log server" warning once.
+ Previously, in intercept mode, if the log server is unreachable the
+ message would be printed for each sub-command.
+ [df4c53518bb7]
+
+ * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/sudo_exec.h:
+ When using ptrace(2), push the point where we suspend into
+ exec_cmnd(). This should reduce the amount of time the child has to
+ wait for the parent to use PTRACE_SEIZE to seize control and then
+ PTRACE_CONT to continue the child.
+ [f9caab4bf18b]
+
+ * config.h.in, configure, configure.ac, src/sudo_intercept.c:
+ Add configure check for vfork(2) and fall back to fork(2) if
+ missing.
+ [ddfaba8d2a09]
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, src/intercept.exp.in, src/sudo_intercept.c:
+ Add support for intercepting the system(3) function. This also means
+ we can log system(3) with log_subcmds.
+ [aca241d96c0b]
+
+ * include/compat/endian.h:
+ Newer compilers define __BYTE_ORDER__ and
+ __ORDER_{BIG,LITTLE}_ENDIAN__ Also add riscv the little endian list.
+ [55731e5517fc]
+
+2022-05-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ On AIX, fmemopen(3) has a bug where feof() returns false at EOF. See
+ https://www.ibm.com/support/pages/apar/IJ11845
+ [a703278bceed]
+
+2022-05-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c:
+ Fix potential signed integer overflow on 32-bit CPUs. Converting
+ fractional minutes to nanoseconds could overflow a 32-bit integer,
+ use long long instead.
+ [b1d2afc0cc4d]
+
+ * plugins/sudoers/Makefile.in:
+ Fix path to example sudoers file, it is now in the build dir.
+ [899850a04adf]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ init_options: initialize apparmor_profile to NULL
+ [ad0de9e0474f]
+
+ * NEWS:
+ Update with latest 1.9.11 changes.
+ [12650d2b6184]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Fix typo
+ [ce83f628330c]
+
+ * docs/CONTRIBUTORS.md:
+ Update contributors.
+ [5b69f27ea398]
+
+ * logsrvd/tls_init.c:
+ Fix uninitialized use of ca_store when building with wolfSSL.
+ [e7cc6d8d9f7e]
+
+ * docker/debian/testing/Dockerfile, docker/ubuntu/devel/Dockerfile,
+ docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
+ Newer Debian/Ubuntu uses libsepol-dev not libsepol1-dev.
+ [b2c1326bfb0d]
+
+ * configure, configure.ac, plugins/sudoers/def_data.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/toke.c, src/Makefile.in:
+ Regenerate files after merging AppArmor integration.
+ [d24fcec2cb87]
+
+ * Merge pull request #148 from kernelmethod/apparmor_support
+
+ Add AppArmor support to sudo
+ [fcbfb2410afd]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Merge branch 'main' into apparmor_support
+ [7832ecc5eb7f]
+
+2022-05-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_intercept.c:
+ Pass envp, not environ, to real execve() from exec_wrapper() if
+ possible. The replacement execve() function was passing the global
+ environ to exec_wrapper() instead of the envp parameter. This caused
+ the command to be run with the wrong environment on AIX systems, and
+ possibly others, when intercept or log_subcmds was enabled. Bug
+ #1030.
+ [dc0187c68c1b]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.11
+ [b4c8ec57842f]
+
+ * src/exec_ptrace.c:
+ Consolidate some translatable strings.
+ [05dae7c3c8da]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/sudoers/log_client.c, src/exec_intercept.c:
+ Standardize protobuf "unable to unpack" warning messages.
+ [6f4e026c7a02]
+
+ * docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
+ e_approval_plugin_and_arguments.stdout, src/exec.c:
+ Bump plugin minor version and document new intercept-related
+ settings. There should have been a minor version bump for sudo 1.9.8
+ when intercept was originally implemented.
+ [2b7591704df4]
+
+2022-05-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Reset intercept_allow_setid if intercept_type changes from trace to
+ dso. But only reset intercept_allow_setid if the user didn't
+ explicitly set it.
+ [e398111d824e]
+
+2022-05-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
+ CentOS Stream only uses a major version number, no minor version.
+ This prevents the packages from being created as foo.el.arch.rpm
+ since we were assuming that the version number was two digits.
+ [a3caed91ea8c]
+
+ * src/exec_ptrace.c, src/exec_ptrace.h:
+ Add support for running o32 and n32 binaries on mips64.
+ [887ab363f2a4]
+
+ * src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h:
+ Enable ptrace support for MIPS but only for log_subcmds. It is not
+ possible to change the syscall return value on MIPS so we cannot
+ support full intercept mode. Another complication on MIPS is that if
+ a system call is invoked via syscall(__NR_###), v0 holds
+ __NR_O32_Linux and the real syscall is in the first arg (a0) and
+ other args are shifted by one.
+ [0345a4137047]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ src/exec_ptrace.c, src/parse_args.c, src/sudo.c, src/sudo.h,
+ src/sudo_exec.h:
+ Add intercept_type sudoers option to set intercept/log_subcmds
+ mechanism.
+ [b97e461f7da1]
+
+2022-05-23 kernelmethod <wss2ec@virginia.edu>
+
+ * MANIFEST, include/sudo_debug.h, src/Makefile.in, src/apparmor.c,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Add an apparmor_profile sudo setting
+
+ Define a new sudo setting, `apparmor_profile`, that can be used to
+ pass in an AppArmor profile that should be used to confine commands.
+ If apparmor_profile is specified, sudo will execute the command
+ using the new `apparmor_execve` function, which confines the command
+ under the provided profile before exec'ing it.
+ [a54897efe031]
+
+ * plugins/sudoers/check.c, plugins/sudoers/cvtsudoers_csv.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.dict,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.l:
+ Add an APPARMOR_PROFILE user spec option to sudoers
+
+ sudoers now supports an APPARMOR_PROFILE option, which can be
+ specified as e.g.
+
+ alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo ALL
+
+ The line above says "user alice can run any command as any
+ user/group, under confinement by the AppArmor profile 'foo'."
+ Profiles can be specified in any way that complies with the rules of
+ aa_change_profile(2). For instance, the sudoers configuration
+
+ alice ALL=(ALL:ALL) APPARMOR_PROFILE=unconfined ALL
+
+ allows alice to run any command unconfined (i.e., without an
+ AppArmor profile), while
+
+ alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo//&bar ALL
+
+ tells sudoers that alice can run any command under the stacked
+ AppArmor profiles 'foo' and 'bar'.
+
+ The intention of this option is to give sysadmins on Linux distros
+ supporting AppArmor better options for fine-grained access control.
+ Among other things, this option can enforce mandatory access control
+ (MAC) over the operations that a privileged user is able to perform
+ to ensure that they cannot privesc past the boundaries of a
+ specified profile. It can also be used to limit which users are able
+ to get unconfined system access, by enforcing a default AppArmor
+ profile on all users and then specifying
+ 'APPARMOR_PROFILE=unconfined' for a privileged subset of users.
+ [2afe8c910959]
+
+ * config.h.in, configure.ac, scripts/mkdep.pl, scripts/mkpkg:
+ Add a --with-apparmor build flag
+
+ Add a new build flag, --with-apparmor, that builds sudo with
+ AppArmor support. Modify the build script for Debian and Ubuntu to
+ enable this flag by default.
+ [596b4e6dce4d]
+
+ * INSTALL.md, docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Add documentation for AppArmor support
+
+ - Document the AppArmor userspec option in the sudoers man pages.
+ - Add information about the --with-apparmor build configuration option
+ to INSTALL.md.
+ [524dde965b94]
+
+2022-05-22 kernelmethod <wss2ec@virginia.edu>
+
+ * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
+ docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
+ docker/ubuntu/rolling/Dockerfile:
+ Add libapparmor-dev to the Debian and Ubuntu Dockerfiles
+
+ Install libapparmor-dev on Debian- and Ubuntu-based Docker images so
+ that they can build sudo with AppArmor support.
+ [8491c8b6d240]
+
+2022-05-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_nopty.c, src/exec_pty.c:
+ Pass the WUNTRACED flag to waitpid() even if __WALL is present.
+ Otherwise, we won't get the wait status of a suspended command that
+ is not being traced.
+ [7c2b46ec73be]
+
+ * configure, configure.ac, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Use explicit library dependencies instead of implicit. We now
+ include all the dependent libraries when linking. Fixes a linking
+ problem on CentOS Stream 9.
+ [6f06cdbb1552]
+
+ * plugins/sudoers/logging.c:
+ mail_parse_errors: allocate the correct amount of space for mail
+ body. Use strlen(), not sizeof(), on "problem parsing sudoers" since
+ it is a tranlated string and not a constant. This was caught by the
+ existing overflow checks.
+ [5aa53136cd9d]
+
+2022-05-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, src/Makefile.in, src/exec_nopty.c, src/exec_pty.c,
+ src/regress/intercept/test_ptrace.c, src/sudo_exec.h,
+ src/suspend_nopty.c:
+ Move code to suspend sudo when no pty is in use to separate file.
+ Use this in test_ptrace.c to be able to suspend just like sudo does.
+ [ddef421918b7]
+
+2022-05-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c,
+ src/regress/intercept/test_ptrace.c, src/sudo_exec.h:
+ Fix suspending a sudo-run shell in ptrace intercept mode with no
+ pty. When ptracing a process, we receive the signal-delivery-stop
+ signal before the group-stop signal. If sudo is running the command
+ in the same terminal, we need to wait until the stop signal is
+ actually delivered to the command before we can suspend sudo itself.
+ If we suspend sudo before receiving the group-stop, the command will
+ be restarted with PTRACE_LISTEN too late and will miss the SIGCONT
+ from sudo.
+ [bf9a482ecddd]
+
+ * docs/TROUBLESHOOTING.md, docs/sudo_logsrvd.man.in,
+ docs/sudo_logsrvd.mdoc.in:
+ OpenSSL 3.x requires the key usage extension be present in CA and
+ certs. Certificates generated with a CA that doesn't set the key
+ usage extension will fail to validate if "tls_verify" is enabled.
+ [3ae4ef1ecf57]
+
+ * logsrvd/tls_init.c:
+ Include the cert or ca file in error messages where applicable.
+ [3e0558886a3d]
+
+ * logsrvd/tls_init.c:
+ Add missing include of string.h for strerror(3).
+ [253a5634d441]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ logsrvd/tls_client.c, logsrvd/tls_init.c,
+ plugins/sudoers/log_client.c:
+ If ERR_reason_error_string() returns NULL, fall back on
+ strerror(errno). That way we get reasonable error messages for
+ missing files, etc.
+ [d2423ef0e284]
+
+ * logsrvd/tls_init.c:
+ set_dhparams: pass BIO_new_file() "r" for the file mode, not
+ O_RDONLY. Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style
+ mode string.
+ [7a67aec88cb4]
+
+ * src/exec_ptrace.c:
+ The set_sc_arg3, get_sc_arg3 and set_sc_arg4 functions are not used.
+ Use ifdef notyet to disable for now since they may be used in the
+ future.
+ [99d2f2a42da5]
+
+2022-05-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.h, src/sudo_exec.h:
+ Use __x86_64__ preprocessor symbol, not __amd64__ Also clarify a
+ comment about MIPS ptrace.
+ [b02ad513eb64]
+
+ * src/exec_ptrace.h, src/sudo_exec.h:
+ ptrace support has been tested on Debian/s390x. It should also work
+ on s390 but this has not been tested. I have not added a compat mode
+ to trace 31-bit binaries on s390x due to the lack of a test system.
+ [3176433e7456]
+
+ * src/exec_ptrace.h:
+ Define sudo_pt_regs instead of user_pt_regs and include the struct
+ keyword. On s390, the struct is typedef'd without a name.
+ [b2b74f378eef]
+
+ * src/exec_ptrace.h, src/sudo_exec.h:
+ ptrace support has been tested on Debian/riscv64.
+ [e1011074d984]
+
+2022-05-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.in:
+ Add maxseq setting to log_output example. This should make it more
+ obvious that you need to adjust maxseq unless you have (virtually)
+ unlimited disk space.
+ [5203240a248b]
+
+ * scripts/mkpkg:
+ Fix dependency check for libssl on Debian/Ubuntu with OpenSSL 3.
+ Also add check for python 3.10 and 3.11 and remove versions < 3.4.
+ Fixes building on Ubuntu 22.04.
+ [c9114582911c]
+
+2022-05-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.h:
+ Tracing 32-bit arm binaries from a 64-bit sudo works.
+ [c1e1602874ed]
+
+ * src/exec_ptrace.c:
+ ptrace_write_string: the terminating NUL fix was reverted by
+ mistake.
+ [587dd11b2783]
+
+ * src/exec_ptrace.h, src/sudo_exec.h:
+ ptrace-based intercept has now been tested on 32-bit arm
+ [493b17a89e63]
+
+2022-05-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.h:
+ Don't use PTRACE_SET_SYSCALL for 32-bit arm binaries running on
+ aarch64. Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just
+ like we would for a 64-bit binary. Newer Linux headers don't define
+ PTRACE_SET_SYSCALL for aarch64.
+ [5930846e9c9e]
+
+ * src/regress/intercept/test_ptrace.c:
+ Replace verbose flag with debug flag. This is more accurate since it
+ actually uses the debug subsystem.
+ [dda8b8af8bd2]
+
+ * src/exec_ptrace.h:
+ Initial cut at MIPS support, untested. Mips is a bit different in
+ that most Linux distros appear to use the n32 ABI on 64-bit CPUs. We
+ don't currently support tracing a 64-bit binary from a 32-bit sudo.
+ We could suport tracing o32 ABI binaries in compat mode, though.
+ [05e5e246463a]
+
+2022-05-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/regress/intercept/test_ptrace.c:
+ Add have_seccomp_action("trap") call to check for
+ SECCOMP_MODE_FILTER.
+ [250c6b72c4f4]
+
+ * src/exec_ptrace.c, src/exec_ptrace.h:
+ Add arm-specific code to set the system call number. Fixes rejection
+ of commands due to policy on arm when in intercept mode.
+ [74c5bd26713b]
+
+ * scripts/mkpkg:
+ Fix OS major version detection on CentOS Stream
+ [cd4d5aaf59a7]
+
+ * src/exec_ptrace.c:
+ Repair ptrace_write_vec() for compat binaries.
+ [77ee302b0631]
+
+ * src/regress/intercept/test_ptrace.c:
+ Fix a crash when not run in verbose mode.
+ [adf481623228]
+
+ * src/exec_ptrace.c:
+ ptrace_intercept_execve: read back the updated syscall args in test
+ mode. This makes it easier to detect problems with the syscall
+ rewrite code when testing with test_ptrace.
+ [4eb9e09d90d9]
+
+2022-05-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h:
+ Enable ptrace intercept on powerpc. Tested on ppc64 and ppc64le.
+ [fbd12baa1a02]
+
+ * src/exec_ptrace.c:
+ Fix tracing compat binaries on big endian systems. We need to swap
+ the order of the two 32-bit addresses for big-endian.
+ [375004a3ef09]
+
+ * src/exec_ptrace.c:
+ Move code to write a string vector to ptrace_write_vec().
+ [8401e0397f11]
+
+ * src/exec_ptrace.c:
+ Fix compilation error on systems with no compat arch. Currently only
+ affects i386.
+ [b95c707298c5]
+
+ * MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c,
+ src/regress/intercept/test_ptrace.c, src/sudo_exec.h:
+ Add test_ptrace program to test ptrace-based intercept support.
+ [5f7162bcdbfd]
+
+ * src/exec_ptrace.c:
+ Use unsigned long for addresses so we don't have to worry about sign
+ extension.
+ [7a0d4ea2fa70]
+
+2022-05-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ ptrace_write_string: make sure we always write the terminating NUL.
+ We can't check *str for NUL since it may not have been written yet.
+ [9d95217981ac]
+
+ * src/exec_ptrace.c:
+ Fix compilation error when SECCOMP_AUDIT_ARCH_COMPAT is not defined.
+ [3162054bac24]
+
+2022-05-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c, src/exec_ptrace.h:
+ It is now safe to make WORDALIGN use compat (not native) aligment.
+ We allocate space for an extra pointer between argv and the string
+ table for compat binaries so there is no need to align address to
+ sizeof(long).
+ [898626f1cdf6]
+
+ * src/exec_ptrace.c, src/exec_ptrace.h:
+ Use the entire word in ptrace_get_vec_len() and ptrace_read_vec().
+ For compat binaries, use the upper 32-bits as the next word instead
+ of calling ptrace(2) to get it. This reduces the number of ptrace(2)
+ calls when reading argv and envp for compat binaries.
+ [cf5d1ae47dbe]
+
+2022-05-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ We don't need to align strings in the string table. We align the
+ start of the string table to a word boundary to help prevent overlap
+ when writing the pointers. However, the actual strings themselves
+ don't need to be aligned.
+ [219a1a07fc2e]
+
+2022-05-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ Avoid potentially overwriting string table when writing argv. In
+ compat mode, if argc is odd, writing the last pointer of argv will
+ overlap with the address of argv[0], so leave an extra word in
+ between. Also remove incorrect comments about PTRACE_PEEKDATA
+ unaligned access.
+ [13f7e63a31bd]
+
+ * src/exec_ptrace.c, src/exec_ptrace.h:
+ Use native word size for padding and when reading/writing strings.
+ If we try to use the compat word size we can end up in a situation
+ where a subsequent PTRACE_POKEDATA overwrites part of what we've
+ already written since it always writes in sizeof(long) units.
+ [e0d7fdc3f8e2]
+
+2022-05-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_ptrace.c:
+ ptrace_intercept_execve: rewrite path to exec if changed by the
+ policy
+ [089f0e32cf2a]
+
+ * src/exec_ptrace.c:
+ ptrace_intercept_execve: plug memory leak of get_execve_info()
+ buffer
+ [5ce2cf252c80]
+
+ * MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c,
+ src/exec_ptrace.h:
+ Move register definitions to exec_ptrace.h
+ [59cc9bec6925]
+
+ * src/exec_ptrace.c:
+ Add support for intercepting 32-bit binaries on 64-bit systems. We
+ need to define the ptrace register struct ourselves for the 32-bit
+ system since there is no good way to get it from the system headers.
+ Currently only implemented for x86_64 and aarch64.
+ [a0407bb1fee0]
+
+ * src/exec_ptrace.c:
+ Add setters and getters for ptrace(2) register access. This will be
+ used when running 32-bit binaries from a 64-bit sudo.
+ [f7da9453d9fa]
+
+ * src/exec_ptrace.c:
+ exec_ptrace_handled: don't return early if ptrace_intercept_execve()
+ fails. We need to continue the traced process even if there is a
+ fatal error. Otherwise, sudo will appear to hang as the running
+ process is left in PTRACE_EVENT stop.
+ [5b3bd75c4486]
+
+ * src/exec_ptrace.c:
+ Don't use PTRACE_GETREGS, it is too complicated when runing compat
+ binaries. Unlike PTRACE_GETREGSET, PTRACE_GETREGS requires that we
+ manually map registers from 64-bit to 32-bit layouts when running,
+ e.g. a 32-bit binary from a 64-bit sudo process.
+ [bb3476230373]
+
+2022-05-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, src/exec_nopty.c, src/exec_pty.c,
+ src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
+ Initialize intercept_allow_setid to true if we use ptrace(2) and
+ seccomp(2).
+ [57e58c0ada44]
+
+2022-05-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c,
+ src/sudo_exec.h:
+ If the process is already being traced, just resume it and clear
+ flags. This makes it possible to run sudo in ptrace intercept mode
+ from within a shell (or other process) that is already being traced
+ by sudo.
+ [db4d7cd5f673]
+
+ * src/exec_ptrace.c:
+ exec_ptrace_handled: fix delivery of non-stop signals. We need to
+ deliver signals to the tracee as long as it is not a group stop.
+ Fixes a hang while tracing another sudo process.
+ [4ede8b4cfbd9]
+
+ * src/exec_nopty.c:
+ Make SIGCHLD handler more consistent with the pty version. No real
+ change other than a few debug statements.
+ [bd52284b1e2a]
+
+ * plugins/sudoers/parse.c:
+ sudoers_lookup_check: preserve intercepted flag when reinitializing
+ cmnd_info Otherwise we may not reject an attempt to run a set-user-
+ ID command.
+ [43d72d1537b2]
+
+ * src/exec_nopty.c, src/exec_pty.c:
+ Kill the command if intercept_setup() or ptrace_seize() fail.
+ [1037f81b327b]
+
+2022-05-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match_command.c:
+ Move intercept setid check out of do_stat() and into its own
+ function. For command_matches_all() we should only perform the setid
+ check if the file exists and intercept is enabled. Otherwise, we can
+ end up returning an error if the fully-qualified command does not
+ exist. Fixes a regression introduced in sudo 1.9.0 with the support
+ for digests in conjunction with "sudo ALL".
+ [1b5f9ed2160a]
+
+ * src/exec_ptrace.c:
+ Add support for intercepting x32 binaries on Linux x64_64.
+ [c5fc89f38c43]
+
+2022-04-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.11
+ [d3e832f94348]
+
+ * plugins/sudoers/auth/kerb5.c, src/exec_ptrace.c:
+ Fix typos
+ [8ef3e84fc62e]
+
+ * MANIFEST, docs/CONTRIBUTORS.md, po/ka.mo, po/ka.po:
+ New Georgian translation from translationproject.org
+ [f6b9c7d2192c]
+
+ * src/exec_ptrace.c:
+ Short-circuit the policy check if the command doesn't exist.
+ Otherwise, both sudo and the shell will report the error.
+ [f16f1b6705d9]
+
+ * src/exec_ptrace.c:
+ Add support for replacing argv in ptrace intecept mode. The new argv
+ is written below the tracee's stack and the system call argument is
+ replaced with the new argv address.
+ [3974c784be8b]
+
+ * src/exec_ptrace.c:
+ Check architecture in the seccomp filter. Currently only supports
+ the native architecture.
+ [13f88e436ae0]
+
+ * src/exec_common.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_ptrace.c:
+ Suspend the child process and wait for SIGUSR when using ptrace.
+ This fixes a race condition in ptrace-based intercept mode when
+ running the command in a pty. It was possible for the monitor to
+ receive SIGCHLD when the command sent itself SIGSTOP before the main
+ sudo process did.
+ [cf1f0bea9931]
+
+ * plugins/sudoers/parse.c, src/exec.c, src/selinux.c, src/sudo.h:
+ Enable intercept and log_subcmds for SELinux using ptrace and
+ seccomp.
+ [5d7a3df4457e]
+
+ * src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c,
+ src/sudo.c, src/sudo.h:
+ For ptrace intercept mode, do not do a policy check for the initial
+ command. We can skip the policy check for the execve(2) of the
+ initial command since it has already been check. Otherwise, we would
+ log the command twice. When using fexecve(2) due to a digest check,
+ there should be no need to skip the initial command since it will be
+ executed via execveat(2) not execve(2). However, on older kernels
+ without execveat(2), glibc will emulate fexecve(2) using /proc which
+ will result in the extra log entry.
+ [e411d6bc3855]
+
+ * docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in:
+ Update intercept documentation.
+ [f44f1cb2a5d2]
+
+ * src/exec_intercept.c, src/exec_ptrace.c:
+ In ptrace(2) intercept mode, add execveat to the seccomp(2) filter.
+ This allows us to avoid logging the initial command twice regardless
+ of whether the kernel supports execveat(2) or not.
+ [d39bd5adac13]
+
+ * src/exec_ptrace.c:
+ Use PTRACE_GETREGS/PTRACE_SETREGS on platforms that support it. This
+ has a better chance of working on things like user-mode Linux.
+ [c53475bd4020]
+
+ * MANIFEST, src/Makefile.in, src/exec_intercept.c,
+ src/exec_intercept.h, src/exec_nopty.c, src/exec_ptrace.c,
+ src/exec_pty.c, src/sudo_exec.h:
+ Check the policy for ptrace-based intercept mode.
+ [6eadd667ca6d]
+
+ * src/exec_ptrace.c:
+ Add support for getting the execve(2) arguments via ptrace(2). This
+ will be used to perform a policy check in intercept mode.
+ [84b23ae53e2f]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
+ src/exec_intercept.c, src/exec_nopty.c, src/exec_ptrace.c,
+ src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
+ Add scaffolding for ptrace-based intercept mode.
+ [34a6269ac4eb]
+
+ * include/sudo_compat.h, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c:
+ Stop using the WCONTINUED flag with waitpid(2). We don't use it for
+ anything other than a debug message and it will cause problems when
+ intercept mode starts using ptrace(2).
+ [1f55993d68eb]
+
+ * src/exec_nopty.c, src/exec_pty.c:
+ Handle multiple child processes in the SIGCHLD handler. This is
+ required by the uncoming ptrace intercept code.
+ [6dd72fb8f53f]
+
+2022-04-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd_journal.c,
+ plugins/sudoers/log_client.c:
+ sudo_logsrvd: update elapsed time for winsize and suspend in journal
+ mode Fixes a bug in store-first relay mode where the commit point
+ messages sent by the server were incorrect.
+ [5607e8c7b559]
+
+2022-04-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/visudo.man.in, docs/visudo.mdoc.in:
+ Fix typo; GitHub issue #144
+ [fb1a539569b4]
+
+2022-04-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/TROUBLESHOOTING.md:
+ Expand section about expired accounts to include /etc/shadow info.
+ GitHub issue #143
+ [78368dadddfb]
+
+ * src/exec_monitor.c:
+ Add struct command details * to struct monitor_closure. This will be
+ used in the future by the ptrace intercept code.
+ [0603acf1ff96]
+
+ * src/exec.c:
+ Translate "unable to set limit privileges" strings.
+ [a8426e224497]
+
+ * ABOUT-NLS, MANIFEST, docs/CONTRIBUTING.md:
+ Remove ABOUT-NLS file, it is no longer maintained as part of GNU
+ gettext. Expand the Translations section in CONTRIBUTING.md.
+ [b4f0269a8f13]
+
+ * src/exec.c, src/exec_intercept.c:
+ Don't require a pty for intercept or log_subcmmds. The code to take
+ back control of the tty before a policy check doesn't appear to be
+ needed. If the command is run in its own pty, sudo has control over
+ the user's tty. If the command is run in the user's tty, sudo should
+ be in the foreground process group.
+ [bddcc0d9fee6]
+
+2022-04-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac:
+ Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU
+ libc. This should be replaced by a specialized autoconf macro when
+ one becomes available.
+ [f63b7f9ea5c2]
+
+2022-04-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/regress/testdata/check_example_group_plugin_is_able_t
+ o_debug.log, plugins/python/regress/testhelpers.c:
+ clean_output: prune lines that consisting of '^' characters and
+ whitespace. Starting with Python 3.11, backtraces may contain a line
+ with '^' characters to bring attention to the important part of the
+ line. Also replace "REJECT" with "0" in backtrace output for Python
+ 3.11.
+ [f6a5d1c05b2b]
+
+2022-04-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private.
+ [4f3fd0d1fd34]
+
+2022-04-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
+ lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
+ plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/python/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS
+ [92aa57606481]
+
+ * INSTALL.md:
+ Mention other hardening compilation and linker options.
+ [7da9cf428e39]
+
+2022-03-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Fix check for EVP_MD_CTX_new using static libcrypto with
+ dependencies.
+ [c02d6b6e474c]
+
+ * configure, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4, scripts/ltmain.sh:
+ Update to libtool 2.4.7.
+ [b8824f6b792c]
+
+2022-03-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ --enable-openssl: don't add non-existent directories to
+ PKG_CONFIG_LIBDIR
+ [daa9cab172da]
+
+2022-03-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Fix a typo in the AIX section.
+ [4d122a222632]
+
+2022-03-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/crc32.c, lib/zlib/crc32.h, lib/zlib/deflate.c,
+ lib/zlib/deflate.h, lib/zlib/gzguts.h, lib/zlib/gzlib.c,
+ lib/zlib/gzread.c, lib/zlib/gzwrite.c, lib/zlib/infback.c,
+ lib/zlib/inffast.c, lib/zlib/inflate.c, lib/zlib/inflate.h,
+ lib/zlib/inftrees.c, lib/zlib/trees.c, lib/zlib/zlib.exp,
+ lib/zlib/zlib.h, lib/zlib/zutil.c, lib/zlib/zutil.h:
+ Update embedded copy of zlib to version 1.2.12. Fixes CVE-2018-25032
+ [3e2517079d86]
+
+2022-03-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/kerb5.c:
+ Minor style nit.
+ [9bdde2c81a3d]
+
+ * Merge pull request #138 from dfskoll/main
+
+ If we're using Kerberos, don't overwrite a custom prompt
+ [266b04c9ee0a]
+
+2022-03-16 Dianne Skoll <dianne@skoll.ca>
+
+ * plugins/sudoers/auth/kerb5.c:
+ If we're using Kerberos, don't overwrite a custom prompt if one was
+ given with -p
+
+ Thanks to @thend20 for testing this patch.
+ [e62136f88c3e]
+
+2022-03-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/conversation.c:
+ Write the \r\n pair to ttyfp if possible, falling back on fp. This
+ is consistent with the vfprintf() call and fixes a problem
+ introduced by the last commit where the newline could be written
+ before the message instead of after.
+ [3aaebbec4ee5]
+
+ * include/sudo_util.h,
+ plugins/sudoers/regress/starttime/check_starttime.c:
+ Adjust starttime test when run under Debian faketime. Bug #1026
+ [b8ac7dec6e11]
+
+2022-03-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/conversation.c:
+ sudo_conversation_printf: convert trailing nl to cr + nl combo. This
+ fixes output when the terminal is in raw mode and is consistent with
+ how sudo_conversation() behaves.
+ [e377f2a71021]
+
+ * lib/eventlog/eventlog.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c, src/tgetpass.c:
+ Block SIGCHLD when forking the mailer. Otherwise, it may be picked
+ up by the signal handler instead of our waitpid(2) call. Don't warn
+ if waitpid() returns 0 in a SIGCHLD handler.
+ [e34a3f90de5b]
+
+ * plugins/sudoers/sudoers.c:
+ Do not warn, log or send mail for errors when reinitializing
+ defaults. If there is a problem, we would have already warned,
+ logged or mailed it. The one exception is the initial defaults,
+ which should never fail.
+ [0d273f4d307d]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.c, plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c:
+ If there are multiple parse errors, send them in a single mail
+ message.
+ [5de37ad1101f]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Unset LANGUAGE when running tests, otherwise it may override LC_ALL.
+ Bug #1025.
+ [87573102f25b]
+
+2022-03-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ Looser owner/permission checks for an uninstalled sudoers file. We
+ don't check the owner or permissions on a sudoers file that is
+ specified as an argument to visudo by default. However, the owner
+ and mode of files included via @includedir were still checked. This
+ commit makes the owner and permissions checks for filed included via
+ @includedir follow the same as for the original sudoers file.
+ [db78857306d4]
+
+ * lib/util/regress/getdelim/getdelim_test.c:
+ getdelim_test: increase longstr to check end pointer after realloc
+ This would have caught the recent bug in our getdelim replacement
+ when run under address-sanitizer or valgrind.
+ [6559a42a3205]
+
+ * plugins/sudoers/check_aliases.c:
+ Add missing va_start/va_end around call to sudoers_error_hook().
+ Coverity CID 250885
+ [49d026ba67b2]
+
+ * lib/util/getdelim.c:
+ Correctly update the end pointer when we expand the buffer. From
+ Robert Manner.
+ [99617ae8332d]
+
+2022-03-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/secure_path.c:
+ sudo_secure_path: pass the struct stat * argument directly to
+ stat(2) Set the pointer to a struct stat on the stack if st is NULL.
+ Avoids a needless memcpy() at the end.
+ [11636745ce29]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Fix off-by-one when storing line number in userspec. We store the
+ line number *after* parsing the newline so we need to subtract one.
+ [40d6521a966e]
+
+ * lib/eventlog/eventlog.c:
+ For alert messages, the command or runuser may not be set. This
+ fixes the logging of parse errors when JSON logging is enabled.
+ [cfde228ef422]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Pass file, line and column to sudoers defaults callbacks.
+ [04a26b1a224c]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/check_aliases.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/file.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/sudoers/test18.toke.ok,
+ plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/visudo.c:
+ Add a hook for sudoers parse errors (including defaults and
+ aliases). The hook can be used to log parser errors (sudoers module)
+ or keep track of which files have an error (visudo). Previously, we
+ only kept track of a single parse error.
+ [601915bb6265]
+
+2022-03-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/file.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/sudoers/test18.out.ok,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Add a source to struct sudo_nss and use it if getdefs() fails. Also
+ remove useless "Problem with defaults entries" warning in
+ testsudoers.
+ [f9ba65e975a0]
+
+2022-03-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c:
+ Plug a few test memory leaks now that they return from main().
+ [dc4db97a1d57]
+
+2022-03-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/regress/logwrap/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c:
+ Remove extra newline in sudo_warnx() calls.
+ [3366401671fc]
+
+ * plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/file.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
+ Preserve the column and error message when there is a syntax error.
+ This information is now included in the error mail sent to root.
+ [a224b006bfb3]
+
+ * plugins/python/python_plugin_common.c:
+ Deinit python subinterpreters in reverse order (last to first). This
+ appears to work around a crash on OpenBSD with Python 3.9.10.
+ [ad4d7b33da9b]
+
+2022-03-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_10 for changeset 3557db693da4
+ [edcb9bf4d4c3] <1.9>
+
+ * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Merge sudo 1.9.10 from tip.
+ [3557db693da4] [SUDO_1_9_10] <1.9>
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ For 'make check-verbose' run fuzzers with -verbose=1 This is the
+ default for libFuzzer but not for the stub fuzzer lib.
+ [7f2551a87c08]
+
+2022-03-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md:
+ INSTALL.md: Mention "make check" and "make check-verbose"
+ [17a30e329ba7]
+
+ * scripts/generate_test_coverage.sh:
+ Repair generate_test_coverage.sh after move to scripts directory.
+ [ffef93da0436]
+
+ * Makefile.in, docs/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
+ lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
+ plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/python/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add check-verbose Makefile target that runs tests in verbose mode.
+ [929d079dbfc7]
+
+ * lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/iolog/regress/host_port/host_port_test.c,
+ lib/iolog/regress/iolog_filter/check_iolog_filter.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_timing/check_iolog_timing.c,
+ lib/util/regress/closefrom/closefrom_test.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/getgrouplist/getgids.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsig/strsig_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/uuid/uuid_test.c:
+ Add -v option parsing to regress tests, currently a no-op. This will
+ be used by a "check-verbose" target in the future.
+ [9cdcc23e6a70]
+
+2022-03-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/testhelpers.h:
+ Less verbose output unless the -v option is used. Also display a
+ test summary at the end.
+ [b18a8f6526e9]
+
+ * src/regress/net_ifs/check_net_ifs.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c:
+ verbose flag is boolean, not int
+ [8663ac48be27]
+
+ * configure.ac:
+ Update copyright year.
+ [461698b72a64]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Regenerate dependencies.
+ [f007ec225986]
+
+ * MANIFEST, configure, configure.ac, lib/util/Makefile.in,
+ lib/util/regress/closefrom/closefrom_test.c:
+ Add sudo_closefrom() regression test.
+ [14f4439a8437]
+
+ * NEWS, config.h.in, configure, configure.ac, lib/util/closefrom.c:
+ Use close_range(2) in closefrom() emulation if available. On Linux,
+ prefer our own closefrom() emulation since the glibc version may
+ fail if /proc is not present and close_range() is not supported. On
+ FreeBSD, closefrom(3) will either call the closefrom or close_range
+ system call, depending on which is available.
+ [d84eff07783f]
+
+ * configure, configure.ac:
+ Repair --enable-pvs-studio on Linux.
+ [add3c7fff7f5]
+
+ * configure, configure.ac:
+ Mention apple radar 3710161 in the comment about broken macOS
+ poll(2).
+ [ffb6c8c070dc]
+
+2022-02-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/regress/net_ifs/check_net_ifs.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c:
+ Only display test totals unless run in verbose mode.
+ [f543b41f226e]
+
+ * lib/util/regress/harness.in, plugins/sudoers/regress/harness.in:
+ Allow test harness to be run from any directory. Also add missing
+ copyright notice.
+ [5e60bc5beb52]
+
+ * lib/util/regress/harness.in:
+ Adapt test harness for lib/util and move to regress directory.
+ [f415d958bca7]
+
+ * .gitignore, .hgignore, MANIFEST, configure, configure.ac,
+ lib/util/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/harness.in, plugins/sudoers/regress/harness.in:
+ Adapt test harness for lib/util and move to regress directory.
+ [5f488712f797]
+
+ * lib/fuzzstub/fuzzstub.c:
+ Make fuzzer stub main() quiet by default. LLVM LibFuzzer displays
+ the input and running time by default but we don't care about that
+ for the stub fuzzer library.
+ [728005c2de78]
+
+ * .gitignore, .hgignore, MANIFEST, configure, configure.ac,
+ plugins/sudoers/Makefile.in, plugins/sudoers/harness.in:
+ Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script.
+ It is easier to maintain these tests in script form. The output now
+ more closely matches that of the other tests. The harness script can
+ be invoked directly and supports running specific tests.
+ [fbad6e93201e]
+
+2022-02-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po:
+ Updated translations from translationproject.org
+ [b2622a56fcbc]
+
+2022-02-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ sudo_regex_compile_v1 stub: set errstr on error
+ [2da61535e60d]
+
+ * logsrvd/Makefile.in, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). We
+ want to fuzz our parser, not the libc regular expression code.
+ [2662a181acc8]
+
+ * plugins/sudoers/regress/testsudoers/test18.out.ok,
+ plugins/sudoers/regress/testsudoers/test18.sh:
+ testsudoers/test18: don't rely on /usr/bin/w being present Fixes a
+ test failure on Alpine Linux.
+ [5b3915cef32b]
+
+2022-02-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Add configure check for gzclearerr() when using system zlib.
+ [388dd60cd577]
+
+ * configure, configure.ac:
+ Fix PVS-Studio platform check for macOS.
+ [cc46ae5d60a3]
+
+ * plugins/sudoers/ldap.c:
+ sudo_ldap_parse_options: fix memory leak of sudoRole cn string.
+ Coverity CID 249976
+ [bcf86c362e05]
+
+ * src/sudo_intercept_common.c:
+ command_allowed: plug memory leak on strdup() failure. Coverity CID
+ 249972
+ [f15a58ed68d6]
+
+2022-02-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check.c:
+ display_lecture: just return if callback is NULL
+ [3e7352fbc28b]
+
+ * lib/eventlog/eventlog.c:
+ For alert messages it is possible for evlog to be NULL. Coverity CID
+ 238641
+ [3e89523699fd]
+
+ * logsrvd/logsrv_util.c:
+ iolog_seekto: initialize struct timing_closure before using.
+ Coverity CID 249977
+ [ea53680a2367]
+
+ * logsrvd/iolog_writer.c:
+ iolog_rewrite: initialize struct timing_closure before using.
+ Coverity CID 249971
+ [d214237f3ce8]
+
+ * scripts/mkpkg:
+ Allow ARCH_FLAGS to be overridden and handle macOS 12.
+ [f04f3405fa50]
+
+ * scripts/mkpkg:
+ Prefer if [ ... ]; then over if test ...; then.
+ [4ba3e6ed7280]
+
+ * .circleci/config.yml:
+ Do not build with -Werror on macOS. Some macOS warnings are bogus,
+ for instance it has an incorrect getgrouplist(3) definition.
+ [7e5f469cb0ec]
+
+ * .circleci/config.yml:
+ Build and test macos with circleci.
+ [fc62dc986646]
+
+2022-02-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention lecture behavior change.
+ [cc034a54eb11]
+
+ * lib/iolog/regress/iolog_filter/check_iolog_filter.c:
+ Fix compilation on systems without a real openat(2).
+ [25067ad6772b]
+
+ * plugins/sudoers/match_digest.c:
+ Better warning message when the digest in sudoers is the wrong
+ length.
+ [c2043906f356]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is
+ set.
+ [fd3d5706ffda]
+
+2022-02-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
+ Display the lecture immediately before prompting for a password.
+ This means we no longer display the lecture unless the user is going
+ to enter a password. Authentication methods that don't interact with
+ the user via the terminal don't trigger the lecture.
+ [17ef981664c3]
+
+ * NEWS, plugins/sudoers/logging.c:
+ Add back warning when a user is not allowed to run a command.
+ Previously, the warning was displayed when a user was not in the
+ sudoers file, or was present but not listed for the local host. The
+ new behavior is to display the warning if a command is denied and
+ mail is sent to the administrator. Whether or not mail is sent is
+ controlled by the "mail_*" flags in sudoers. The warning text is now
+ "This incident has been reported to the administrator." which is
+ hopefully less confusing. The message will not be printed if either
+ the "mailto" or "mailerpath" sudoers settings are disabled.
+ [dcaeadb7e558]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Document that negating mailto or mailerpath disables sending mail.
+ [02d8aabd9af3]
+
+ * TODO:
+ Remove obsolete TODO file.
+ [98e112abab92]
+
+2022-02-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ Don't try to send mail if mailto not set or the mailer is not
+ present.
+ [37166e692a9c]
+
+2022-02-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
+ po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
+ po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo,
+ po/ro.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/vi.mo,
+ po/vi.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [194b42011062]
+
+ * MANIFEST, lib/iolog/Makefile.in,
+ lib/iolog/regress/iolog_filter/check_iolog_filter.c,
+ lib/iolog/regress/iolog_filter/test1/log,
+ lib/iolog/regress/iolog_filter/test1/timing,
+ lib/iolog/regress/iolog_filter/test1/ttyin,
+ lib/iolog/regress/iolog_filter/test1/ttyin.filtered,
+ lib/iolog/regress/iolog_filter/test1/ttyout,
+ lib/iolog/regress/iolog_filter/test2/log,
+ lib/iolog/regress/iolog_filter/test2/timing,
+ lib/iolog/regress/iolog_filter/test2/ttyin,
+ lib/iolog/regress/iolog_filter/test2/ttyin.filtered,
+ lib/iolog/regress/iolog_filter/test2/ttyout,
+ lib/iolog/regress/iolog_filter/test3/log,
+ lib/iolog/regress/iolog_filter/test3/timing,
+ lib/iolog/regress/iolog_filter/test3/ttyin,
+ lib/iolog/regress/iolog_filter/test3/ttyin.filtered,
+ lib/iolog/regress/iolog_filter/test3/ttyout:
+ Add tests for iolog filtering. This is the functionality used by the
+ log_passwords and passprompt_regex options.
+ [07e587dfd765]
+
+ * lib/iolog/iolog_filter.c:
+ iolog_pwfilt_run: apply regex on ttyout even if we disabled
+ filtering. The heuristic used to decide when to disable filtering is
+ when we see another ttyout buffer or find a cr or nl in the ttyin
+ buffer. However, we should also check the buffer that caused us to
+ disable filtering for a matching regex that would re-enable
+ filtering. Programs that prompt for a password twice might otherwise
+ not have the second password filtered.
+ [f34bf167c3b4]
+
+2022-02-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md, README.LDAP.md, docs/TROUBLESHOOTING.md,
+ docs/UPGRADE.md, docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in,
+ docs/sudo.man.in, docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
+ docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
+ docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
+ docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
+ examples/sudo_logsrvd.conf.in:
+ Avoid using "note that" and "note: " in documentation.
+ [d75995c86fe0]
+
+ * INSTALL.md, README.LDAP.md, README.md, docs/CONTRIBUTING.md,
+ docs/CONTRIBUTORS.md, docs/SECURITY.md, docs/TROUBLESHOOTING.md,
+ docs/UPGRADE.md, docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
+ docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
+ docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
+ docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
+ docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in,
+ docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
+ docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
+ docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
+ Remove "please" from the documentation, it is considered bad style.
+ [9c4a7bc1b48c]
+
+ * docs/UPGRADE.md:
+ Mention regular expressions and "sudo -l -U user" behavior change.
+ [9bf947ed3e30]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ Add security notes about regular expressions in sudoers rules.
+ [1748e3a05906]
+
+ * NEWS:
+ Update NEWS for GitHub issue #134.
+ [c69636554901]
+
+2022-02-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ do_logfile_sudo: plug memory leak of full_line Coverity CID 249329
+ [d1d2bc51077a]
+
+ * plugins/sudoers/logging.c:
+ log_server_alert: plug potential memory leak Coverity CID 249328
+ [4d01a8e7dffb]
+
+ * plugins/sudoers/logging.c:
+ fmt_authfail_message: compute the exact amount of space needed.
+ Instead of truncating on overflow, warn and return NULL.
+ [96542ddc9674]
+
+ * plugins/sudoers/parse.c:
+ Fix potential NULL deref if getpwuid(0) fails. Coverity CID 249326
+ [23249273cd01]
+
+2022-02-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c:
+ Restrict "sudo -U other -l" to users with sudo ALL for root or
+ "other". Having "sudo ALL" permissions in no longer sufficient to be
+ able to list another user's privileges. The invoking user must now
+ have "sudo ALL" for root or the target user. GitHub issue #134
+ [e2b4f8400599]
+
+2022-02-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Reword some of the NEWS items for 1.9.10.
+ [b2d757e7889c]
+
+2022-02-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
+ docs/sudoers.man.in, docs/sudoers.mdoc.in, lib/util/regex.c,
+ po/sudo.pot:
+ Limit regular expressions to 1024 characters each. Avoids a problem
+ with the fuzzer creating large regular expressions that blow up the
+ glibc regcomp().
+ [83b1cac11c79]
+
+2022-02-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .gitignore, .hgignore, MANIFEST, configure, configure.ac,
+ examples/Makefile.in, examples/sudo.conf.in, examples/syslog.conf,
+ examples/syslog.conf.in:
+ Substitute values in the example syslog.conf too. Also update ignore
+ files for example changes
+ [b13a7e6a630c]
+
+ * MANIFEST, configure, configure.ac, docs/sudo.conf.man.in,
+ docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
+ docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
+ docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
+ docs/sudoers.man.in, docs/sudoers.mdoc.in, examples/Makefile.in,
+ examples/sudo_logsrvd.conf, examples/sudo_logsrvd.conf.in,
+ examples/sudoers, examples/sudoers.in:
+ Substitute paths set by configure in examples. Bug #1023
+ [f528fe7a8f88]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update Project-Id-Version to 1.9.10.
+ [0ad7934baa9f]
+
+ * plugins/sudoers/po/sudoers.pot:
+ Update .pot files for 1.9.10
+ [c7a477455e2e]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.10
+ [b437c4c37971]
+
+ * MANIFEST, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, include/sudo_util.h, lib/iolog/iolog_filter.c,
+ lib/util/Makefile.in, lib/util/regex.c, lib/util/util.exp.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/regress/sudoers/test28.in,
+ plugins/sudoers/regress/sudoers/test28.json.ok,
+ plugins/sudoers/regress/sudoers/test28.ldif.ok,
+ plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test28.out.ok,
+ plugins/sudoers/regress/sudoers/test28.toke.ok,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Add helper function to compile a regex that supports (?i).
+ [d680d423d2df]
+
+2022-02-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, configure, configure.ac, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, examples/sudoers,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test28.in,
+ plugins/sudoers/regress/sudoers/test28.json.ok,
+ plugins/sudoers/regress/sudoers/test28.ldif.ok,
+ plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test28.out.ok,
+ plugins/sudoers/regress/sudoers/test28.toke.ok,
+ plugins/sudoers/regress/sudoers/test29.in,
+ plugins/sudoers/regress/sudoers/test29.json.ok,
+ plugins/sudoers/regress/sudoers/test29.ldif.ok,
+ plugins/sudoers/regress/sudoers/test29.out.ok,
+ plugins/sudoers/regress/sudoers/test29.toke.ok,
+ plugins/sudoers/regress/testsudoers/test18.out.ok,
+ plugins/sudoers/regress/testsudoers/test18.sh,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
+ Add support for matching command and args using regular expressions.
+ Either the command, its arguments or both may be (separate) regular
+ expressions.
+ [bef0b1a14771]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Clear sudoers_errstr after it is used. This way we avoid printing
+ the same error message more than once if there are multiple ERROR
+ tokens returned from the lexer.
+ [8a7509cd1c46]
+
+ * logsrvd/logsrvd_local.c:
+ store_iobuf_local: fix potential double free on the error path.
+ [f9a0e3cb3c7f]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
+ docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
+ docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
+ docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
+ docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in,
+ docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
+ docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
+ docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
+ Update links to sudo web site and reference markdown docs.
+ [da9a9eb04f04]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
+ docs/sudo.mdoc.in, docs/sudo_logsrvd.man.in,
+ docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
+ Use a 4n indent for code blocks instead of the default 6n.
+ [7322dd26a3d4]
+
+ * plugins/sudoers/testsudoers.c:
+ testsudoers: disable argument permutation in GNU getopt This makes
+ it easier to test commands with arguments.
+ [fb005b03a75e]
+
+ * lib/iolog/iolog_filter.c:
+ iolog_pwfilt_run: fix types in error return
+ [663deea257d0]
+
+ * lib/iolog/iolog_filter.c, plugins/sudoers/iolog.c:
+ Free potential leaks of passprompt_regex_handle. Coverity CID 249057
+ [d562ea42ab66]
+
+2022-02-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #133 from Dzejrou/main
+
+ Do not unset user timeout when no default timeout is set.
+ [58504381014e]
+
+2022-02-09 Jaroslav Jindrak <dzejrou@gmail.com>
+
+ * plugins/sudoers/policy.c:
+ Do not unset user timeout when no default timeout is set.
+ [25f32be7d18d]
+
+2022-02-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/sudoers/test2.in,
+ plugins/sudoers/regress/sudoers/test2.json.ok,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok,
+ plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test2.out.ok,
+ plugins/sudoers/regress/sudoers/test2.toke.ok:
+ Don't escape double quotes (") in a command when printing it.
+ Previously, cvtsudoers and "sudo -l" would escape double quotes in a
+ command or command line argument, which is not valid sudoers syntax.
+ [3bd0505b03e2]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in:
+ A few minor (mostly cosmetic) fixes. Add missing ALL to Runas_Member
+ and Host. Replace some tabs with spaces. Fix the syntax of a
+ sudoedit example.
+ [a943116eb35b]
+
+2022-02-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #132 from ninedotnine/patch-1
+
+ Sync example sudoers with default sudoers
+ [8c903452e624]
+
+2022-02-04 dan soucy <ninedotnine@users.noreply.github.com>
+
+ * examples/sudoers:
+ Sync example sudoers with default sudoers
+
+ `sudoers.in` was changed by 1d13533
+ [f34657ff9345]
+
+2022-02-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * ABOUT-NLS, INSTALL.md, NEWS, README.LDAP.md, docs/CONTRIBUTING.md,
+ plugins/sudoers/po/README, po/README:
+ Upgrade http links to https where possible and fix some broken
+ links.
+ [e33d61fdafdb]
+
+2022-02-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ Remove "This incident will be reported." from user warnings. This
+ used to indicate that email had been sent to the administrator
+ telling them that someone tried to run sudo. Whether or not sudo
+ sends email is now configurable, so the warning may not be accurate.
+ It is also confusing to the user since they will not know who the
+ incident is being reported to. See also https://xkcd.com/838/
+ [b2860bb51393]
+
+ * plugins/sudoers/sssd.c:
+ Log fn_get_values() return code in the debug log on error. Also move
+ a nested switch() statement out of 'case 0' for improved
+ readability.
+ [ad609804a70c]
+
+ * plugins/sudoers/sssd.c:
+ Do not return an error if we cannot connect to the SSSD connector.
+ This may simply mean that nsswitch.conf lists sss as a sudoers
+ source but SSSD is not configured for sudo. Otherwise, the user will
+ receive a useless "problem with defaults entries" when the sssd
+ backend tries to fetch the global defaults. Bug #1022.
+ [60bb147ed3e6]
+
+ * plugins/sudoers/log_client.c, plugins/sudoers/logging.c:
+ Set client_closure to NULL after freeing it.
+ [20da8f0c9226]
+
+ * plugins/sudoers/log_client.c:
+ client_closure_alloc: init write_bufs/free_bufs before other
+ allocations. We must initialize the tail queues before any possible
+ call to client_closure_free(), such as due to malloc() failure.
+ [5dd7d1ba2b76]
+
+ * logsrvd/logsrvd_journal.c:
+ Add missing default return in last commit.
+ [e17820ba6ff8]
+
+ * logsrvd/logsrvd_journal.c:
+ sudo_logsrvd: make sure journal exists before writing the alert
+ message. Fixes a potential NULL dereference when journaling an alert
+ message.
+ [19d109fb1420]
+
+ * include/sudo_compat.h:
+ Fix compilation on Debian kFreeBSD. The configure script correctly
+ detects that utimensat() and futimens() are missing but the headers
+ define stub versions of the functions. Including sys/stat.h pulls in
+ the system definitions so we can override them safely. Bug #1021.
+ [10775e14164a]
+
+2022-02-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/ttyname.c:
+ Add fallback if /proc/self/stat or /proc/pid/psinfo is missing or
+ invalid. If the /proc file indicates no terminal is present there is
+ no fallback. Bug #1020
+ [c32620c9f115]
+
+2022-02-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/check.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add sudoers option to perform authentication even in non-interative
+ mode. If noninteractive_auth is set, authentication methods that do
+ not require input from the user's terminal may proceed. It is off by
+ default, which restores the pre-1.9.9 behavior of "sudo -n".
+ [f06dcd0957d0]
+
+ * MANIFEST, lib/iolog/iolog_filter.c,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7:
+ Work around a glibc regcomp() bug with repeated '+' operators. Glibc
+ regcomp() has a bug where it uses excessive memory for repeated '+'
+ ops. Collapse them to avoid running the fuzzer out of memory.
+ [db423326311f]
+
+ * logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6:
+ Rebase seed corpus on updated sudo_logsrvd.conf example.
+ [1f30b95c6ce6]
+
+ * logsrvd/logsrvd_conf.c:
+ Fix parsing of "retry_interval" in the relay section. The setting
+ was present but the callback was missing so it could not be parsed
+ in the conf file.
+ [09666425a392]
+
+ * logsrvd/logsrvd_conf.c:
+ Use TIME_T_MAX as the upper limit when parsing timeouts.
+ [989eaa812d4e]
+
+ * plugins/sudoers/auth/pam.c:
+ converse: don't set response pointer on error Linux pam_conv(3) says
+ not to set the pointer on PAM_CONV_ERR.
+ [79934c8631c0]
+
+2022-01-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/sudoers4:
+ Add missing sudoers4 test file for new cvtsudoers test.
+ [5b9f3084d9e9]
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/test38.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test38.sh:
+ defaults_check_conflict: it is only really a conflict if the binding
+ match If the Defaults name matched but the binding does not, we can
+ simply leave it be. Fixes a problem where given two sudoers sources
+ that have a host specified, if they contain conflicting Defaults
+ entries we would drop one of the Defaults instead of keeping both
+ after making them host-specific.
+ [9b8ad3d1e163]
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/sudoers1,
+ plugins/sudoers/regress/cvtsudoers/sudoers2,
+ plugins/sudoers/regress/cvtsudoers/sudoers3,
+ plugins/sudoers/regress/cvtsudoers/test34.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test34.sh,
+ plugins/sudoers/regress/cvtsudoers/test35.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test35.sh,
+ plugins/sudoers/regress/cvtsudoers/test36.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test36.sh,
+ plugins/sudoers/regress/cvtsudoers/test37.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test37.sh:
+ Make it possible to merge a host-based Defaults with a global one.
+ We convert the global Defaults to a host-based one with a single
+ "ALL" member. Later, when we simplify the host list, we'll convert
+ this back to a global Defaults.
+ [152c16a608c1]
+
+2022-01-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_conf.c:
+ Check for garbage after [section] in sudo_logsrvd.conf.
+ [46a222b60747]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.dict:
+ Sync fuzzing dictionary with current configuration keyword list.
+ [9af3929a2f6a]
+
+2022-01-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c:
+ Add new log_passwords and passprompt_regex settings. When logging
+ terminal input, if log_passwords is false and any of the regular
+ expressions in the passprompt_regex list are found in the terminal
+ output, terminal input will be replaced with '*' characters until a
+ newline or carriage return is found in the input or an output
+ character is received.
+ [1d07eaada99c]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/serialize_list/check_serialize_list.c,
+ plugins/sudoers/regress/unescape/check_unesc.c,
+ plugins/sudoers/serialize_list.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/unesc_str.c:
+ Escape/unescape commas when serializing/deserializing a stringlist.
+ [17c422c0b236]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Pass the operator to the Defaults callback too. That way we can tell
+ what to do in callbacks for lists.
+ [d541809b62bf]
+
+ * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
+ lib/iolog/iolog_filter.c:
+ lib/iolog: add support for filtering password out of tty input If a
+ password regex is found in the tty output, tty input will be
+ replaced with '*' chars until a newline or another tty output
+ character is received.
+ [19c3a58dfe29]
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c:
+ Add a new sudoers settings log_passwords and passprompt_regex. When
+ logging terminal input, if log_passwords is disabled and any of the
+ regular expressions in the passprompt_regex list are found in the
+ terminal output, terminal input will be replaced with '*' characters
+ until a newline or carriage return is found in the input or an
+ output character is received.
+ [5fa969cfdef4]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ Add a flag to avoid splitting list entries on white space.
+ [32ac4cd5eae7]
+
+2022-01-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_9 for changeset 296f4f986a7a
+ [cba838829505] <1.9>
+
+ * NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
+ logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Merge sudo 1.9.9 from tip.
+ [296f4f986a7a] [SUDO_1_9_9] <1.9>
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
+ "plain text" -> "plaintext" for consistency.
+ [6cbefac27286]
+
+2022-01-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * po/ro.mo, po/ro.po:
+ Updated translations from translationproject.org
+ [c264de490846]
+
+ * INSTALL.configure:
+ Sync with autoconf git.
+ [efd6e2df1b4f]
+
+ * scripts/mkdep.pl:
+ Fix potential infinite loop when trying to format long lines.
+ [e17a3b7b657b]
+
+2022-01-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Document how commands are passed to the shell for the -i and -s
+ options. The concatenation of command and arguments and escaping of
+ special characters was not documented. Text adapted from GitHub
+ issue #121 from Kris Rinzwind
+ [852f803234af]
+
+ * docs/TROUBLESHOOTING.md:
+ Also mention no_new_privs error in the troubleshooting guide.
+ [70cc0679098f]
+
+ * INSTALL.md, docs/TROUBLESHOOTING.md, docs/sudo.conf.man.in,
+ docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
+ docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
+ docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
+ docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
+ docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in,
+ docs/visudo.mdoc.in:
+ Replace uid and gid with user-ID and group-ID in more places.
+ [2b6bc95509fd]
+
+2022-01-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL.md:
+ PAM is enabled on NetBSD by default too.
+ [3bc31511f687]
+
+ * INSTALL.md, README.LDAP.md, docs/HISTORY.md,
+ docs/TROUBLESHOOTING.md, docs/UPGRADE.md:
+ Use the Oxford comma consistently, it is helpful in technical
+ documents.
+ [3df4b26d035e]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ Document the error message when no_new_privs is set.
+ [492a154dec10]
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
+ Sudo now recovers from sudoers syntax errors.
+ [77d457c4e722]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
+ docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
+ docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
+ docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
+ docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
+ docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
+ docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
+ docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
+ docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
+ examples/sudo.conf.in, examples/sudo_logsrvd.conf:
+ Use the Oxford comma consistently, it is helpful in technical
+ documents.
+ [e8d29c772963]
+
+ * INSTALL.md:
+ Mention docker configuration.
+ [8312350518cb]
+
+ * plugins/sudoers/ldap_util.c:
+ Quiet a cppcheck false positive.
+ [023468af3269]
+
+ * docs/CONTRIBUTING.md:
+ Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing
+ section.
+ [87767f7b89ad]
+
+ * plugins/sudoers/sssd.c:
+ Fix logic inversion when setting negated flag.
+ [3e4051bc9f30]
+
+ * src/sudo.c:
+ Quiet a PVS-Studio format string warning.
+ [77e953f3c46f]
+
+2022-01-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Regen .pot files.
+ [b999972bc90d]
+
+ * NEWS:
+ Bug #1016, #1017 and negated sudoUser in LDAP.
+ [4ec54e728437]
+
+ * plugins/sudoers/defaults.c:
+ Don't set/run early Defaults if a custom defaults_list is specified.
+ Defaults settings passed in by the front end are already "early" so
+ there is no need to treat any of them as special.
+
+ Otherwise, we end up running the early defaults callbacks before
+ sudoers has been parsed. This means that, for instance, it is not
+ possible to disable the fqdn flag before its callback is run if sudo
+ is build with the --with-fqdn option. Bug #1016.
+ [8c6eaa503793]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ Mark is_early_default(), run_early_defaults(), set_early_default()
+ static. They are not used outside of defaults.c.
+ [1045e8c7a92e]
+
+ * plugins/sudoers/sssd.c:
+ Add support in SSSD for negated users.
+ [bca3d02cdd8b]
+
+ * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
+ plugins/sudoers/ldap.c:
+ Add support in the LDAP filter for negated users. Based on a diff
+ from Simon Lees
+ [e1d48d44229e]
+
+2022-01-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/mkdir_parents.c:
+ Use PATH_MAX, not NAME_MAX+1 for the directory entry length. On some
+ systems, such as Solaris, the max length of a directory entry is
+ filesystem-dependent. We could use fpathconf() and dynamically
+ allocate the name but it is simpler to just use PATH_MAX here.
+ [d1a097783717]
+
+ * plugins/python/python_plugin_common.c:
+ Only emulate Py_FinalizeEx for Python 3.[0-5].
+ [b314942c0f2f]
+
+ * lib/util/getcwd.c, lib/util/mkdir_parents.c:
+ Use POSIX NAME_MAX, not the obsolete MAXNAMLEN define. Fixes
+ compilation with musl libc.
+ [a1609b2d968f]
+
+2022-01-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/limits.c:
+ When applying fallback limits, make sure we don't reduce rlim_max.
+ Fixes a problem where sudo could reduce the max stack size on some
+ systems if the original limit was higher than the fallback limit,
+ but not unlimited/infinity.
+ [1fef77204f17]
+
+ * src/limits.c:
+ Don't modify the stack limit if it is >= SUDO_STACK_MIN.
+ [b9e473780083]
+
+ * plugins/sudoers/Makefile.in:
+ The pre-install target requires visudo, add an explicit dependency.
+ [b5b073d2fc9b]
+
+2022-01-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo.c:
+ If sudo is not set-user-ID root, check for the no_new_privs flag on
+ Linux. This flag disables set-user-ID at execve(2) time and may be
+ set by default for some containers. GitHub issue #129.
+ [462249058274]
+
+2022-01-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/sudoers.man.in, docs/sudoers.mdoc.in,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c:
+ Add pam_askpass_service sudoers setting for "sudo -A". This makes it
+ possible to use a different PAM configuration for when "sudo -A" is
+ used. The main use case is to only use PAM modules that can interact
+ with the askpass program. GitHub issue #112.
+ [5f59bc3f9d81]
+
+2022-01-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_loginfo.c:
+ Improve debugging info when fdopen() fails.
+ [0d9711d8564a]
+
+2022-01-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sssd.c:
+ sss_sudo_free_values() checks for NULL, no need to do it manually.
+ [ccf012907a01]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Quiet a clang analyzer false positive.
+ [90b6791616b0]
+
+2022-01-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Quiet a clang analyzer false positive.
+ [3c66e9be5f24]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix return value for non-interactive mode for non-standalone auth
+ methods. AUTH_NONINTERACTIVE was being stored in the wrong variable.
+ [199a180e7fab]
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, po/fi.mo,
+ po/fi.po, po/ko.mo, po/ko.po, po/tr.mo, po/tr.po:
+ Updated translations from translationproject.org
+ [032877650fe6]
+
+ * plugins/sudoers/cvtsudoers_merge.c:
+ defaults_var_matches() should return bool, not enum match_result.
+ Remove enum match_result as it is no longer used.
+ [6559769ddcd1]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c:
+ Quiet two PVS-studio warnings.
+ [3a7c89cff3d6]
+
+ * plugins/sudoers/auth/pam.c:
+ Remove PAM_TTY workaround for old, buggy PAM modules. In the past,
+ some PAM modules assumed that PAM_TTY was set and would misbehave
+ (or crash) if not. This was primarily obsolete versions of Linux-
+ PAM, so it should now be safe to remove this. Setting PAM_TTY to an
+ empty string can cause its own set of issues. GitHub issue #74
+ [491cb67ea43b]
+
+2022-01-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention fix for Bug #956 and GitHub issue #83.
+ [8692b9985381]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.h:
+ Push non-interactive mode checking down into the auth methods. For
+ "sudo -n" we only want to reject a command if user input is actually
+ required. In the case of PAM at least, we may not need to interact
+ with the user. Bug #956, GitHub issue #83
+ [bc9653ffe82f]
+
+2022-01-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/sudoers1,
+ plugins/sudoers/regress/cvtsudoers/sudoers2,
+ plugins/sudoers/regress/cvtsudoers/sudoers3,
+ plugins/sudoers/regress/cvtsudoers/test34.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test35.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test36.out.ok:
+ userspec_overridden: fix checks when there is more than one userspec
+ [199996d29f50]
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/test35.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test36.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test36.sh:
+ Fix merging of global/ALL entries when each input file has a host.
+ If a host is specified for the input file, cvtsudoers will bind
+ global Defaults to that host and change host "ALL" in a userspec to
+ the host name. However, if all the input files have matching hosts
+ we can simplify the merged file by converting back to ALL after
+ resolving conflicts.
+ [bfdb2edfca71]
+
+ * LICENSE.md:
+ Welcome to 2022.
+ [039e8c0efd7e]
+
+ * docs/Makefile.in:
+ LICENSE.md moved to the top-level src dir.
+ [b1c2687eef9d]
+
+2021-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #127 from Tyler887/main
+
+ Typo
+ [c4780c2a3056]
+
+2021-12-22 Tyler887 <tylermageeshields@gmail.com>
+
+ * INSTALL.md:
+ Typo
+ [b650bec9f275]
+
+2021-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, docs/UPGRADE.md, plugins/sudoers/policy.c, src/selinux.c,
+ src/sudo.c:
+ Back out changes to enable SELinux by default. This may return in a
+ future release in a different form.
+ [73e46fbe5c27]
+
+ * LICENSE.md, MANIFEST, README.md, docs/LICENSE.md:
+ Move LICENSE.md out of docs and back to the top-level. GitHub
+ expects it to be in the top-level directory.
+ [3c62dd396aff]
+
+2021-12-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/test35.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test35.sh:
+ cvtsudoers: fix a regression when merging matching Defaults. If a
+ host is specified with a sudoers file, we have to treat Defaults as
+ Defaults@host checking for duplicates.
+ [9db413953938]
+
+2021-12-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ add_defaults: add defs == NULL check to quiet coverity false
+ positive
+ [a534eee04069]
+
+2021-12-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/test34.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test34.sh:
+ When merging Defaults, allow a subsequent global Defaults (no
+ binding) to override a prior Defaults setting with a binding.
+ [0be52fa6d4d8]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ add_defaults: defs can never be NULL
+ [9ba97823b757]
+
+ * plugins/sudoers/cvtsudoers_merge.c:
+ Plug memory leak when making a default host-specific. We don't need
+ to allocate new space for the binding list, just the members of the
+ list.
+ [5667d09136f2]
+
+2021-12-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, examples/Makefile.in, examples/cvtsudoers.conf:
+ Add an example cvtsudoers.conf file.
+ [aa738148e712]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
+ Add group_file, match_local, and passwd_file to cvtsudoers.conf.
+ Previously, these were only settable via command line options.
+ [a7a8b0af3c42]
+
+2021-12-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/TROUBLESHOOTING.md:
+ Remove question about running Solaris 11 binaries on Solaris 10.
+ Current versions of sudo use many APIs that are not present on
+ Solaris 10. If you want a sudo Solaris 10 binary, build it on
+ Solaris 10, not 11.
+ [0346a46cf595]
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test34.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test34.sh:
+ Add simple test for cvtsudoers merge functionality.
+ [fda86b17249a]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo,
+ po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, po/ja.po, po/pl.mo,
+ po/pl.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
+ po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [edfdaac9b1e7]
+
+ * MANIFEST, plugins/sudoers/po/es.mo, plugins/sudoers/po/es.po:
+ Add sudoers Spanish translation from translationproject.org
+ [502d45c0af5f]
+
+2021-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Bugs #1013 and #1014
+ [1a7b533c5829]
+
+ * lib/util/mkdir_parents.c:
+ sudo_mkdir_parents: make sure the path we created is a directory For
+ extra paranoia, verify that the directory we created is still a
+ directory before we fchown() it.
+ [75c23aaa9fca]
+
+ * docs/sudo.man.in, docs/sudo.mdoc.in:
+ In SECURITY NOTES, clarify that PATH may be overridden by the
+ policy. Bug #1014
+ [4f7035d6b921]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/mkdir_parents.c, lib/util/mkdirat.c, logsrvd/logsrvd.c,
+ plugins/sudoers/timestamp.c, scripts/mkdep.pl:
+ Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2).
+ This also allows us to make path const as it should be.
+ [46db77e4afb8]
+
+ * plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap_conf.h:
+ Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set
+ the options. The switch() in the sudo_ldap_set_options_table()
+ function needed to be updated to treat CONF_DEREF_VAL and
+ CONF_REQCERT_VAL data types as int. Fix from Dennis Filder. Bug
+ #1013.
+ [5f5bdf9010d7]
+
+2021-12-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/SECURITY.md:
+ Minor formatting tweak so we can import into the sudo web site.
+ [220c647b6635]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/pwutil_impl.c:
+ Fix CodeQL "Multiplication result converted to larger type"
+ warnings.
+ [a17db0b94018]
+
+2021-12-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/SECURITY.md:
+ Surround email addresses with angle brackets, not square backets.
+ [b9514c0165f2]
+
+2021-12-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/fa.mo,
+ po/fa.po, po/fi.mo, po/fi.po, po/ja.mo, po/ja.po, po/sr.mo,
+ po/sr.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [b2815226875b]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.9
+ [e4e903808160]
+
+2021-12-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * README.LDAP.md, docs/CONTRIBUTING.md, docs/TROUBLESHOOTING.md,
+ docs/UPGRADE.md:
+ Minor formatting tweaks.
+ [eee91b1fc68c]
+
+2021-12-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, INSTALL.md, MANIFEST, README, README.LDAP, README.LDAP.md,
+ README.md, docs/CONTRIBUTING.md, docs/CONTRIBUTORS,
+ docs/CONTRIBUTORS.md, docs/HISTORY, docs/HISTORY.md, docs/LICENSE,
+ docs/LICENSE.md, docs/Makefile.in, docs/TROUBLESHOOTING,
+ docs/TROUBLESHOOTING.md, docs/UPGRADE, docs/UPGRADE.md, etc/sudo-
+ logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
+ Convert README and docs files to markdown. This makes things look
+ better on GitHub and we can use the markdown version directly in the
+ new sudo web site.
+ [1cdcbce74a73]
+
+2021-12-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/SECURITY.md:
+ Policy -> Disclosure Policy
+ [13f278869e03]
+
+ * Merge pull request #124 from juspence/main
+
+ Allow sudo -g anyone and sudo -u anyone -g anytwo
+ [1a000f5aaba1]
+
+2021-12-04 juspence <87657842+juspence@users.noreply.github.com>
+
+ * plugins/sudoers/sudoers.in:
+ Allow sudo -g anyone and sudo -u anyone -g anytwo
+
+ When only the user (ALL) is specified explicitly, and the group is
+ implied, only sudo -u works. Specifying both the user and group,
+ like (ALL:ALL), is required to:
+
+ 1) Use sudo -g by itself (with no -u user) 2) Use sudo -u and -g
+ together, with a -g group that is different from the -u user's
+ primary group
+ [ca31aaa0b074]
+
+2021-12-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/Makefile.in:
+ Add build dir to include search path for mksiglist.h and mksigname.h
+ Fixes out of tree builds on systems without sys_siglist[] or
+ sys_signame[]. GitHub issue #123.
+ [fccd76813052]
+
+2021-11-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
+ plugins/sudoers/regress/cvtsudoers/sudoers1,
+ plugins/sudoers/regress/cvtsudoers/sudoers2,
+ plugins/sudoers/regress/cvtsudoers/sudoers3:
+ cvtsudoers: better merging of lists that are not exact duplicates
+ When merging rules, if one list would be overridden by another,
+ remove the overridden rule and continue merging.
+ [19dc52bd9c6f]
+
+2021-11-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Update NEWS with latest changes.
+ [fafe74e0b20f]
+
+2021-11-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/edit_open.c:
+ dir_is_writable: don't treat EPERM from faccessat() as a fatal
+ error. We can get EPERM on Linux with SELinux. GitHub issue #122.
+ [25bbc56b2f6d]
+
+2021-11-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_merge.c:
+ cvtsudoers: add -l option to log merge actions The "-l logfile"
+ option can be used to store a log of what actions cvtsudoers took
+ when merging multiple files. For example, which aliases were
+ renamed, which entries were overriden or removed as duplicated.
+ [fa96976882aa]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.9
+ [dad415a982bc]
+
+2021-11-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, docs/CONTRIBUTORS, po/fa.mo, po/fa.po:
+ New Persian (Farsi) translation from translationproject.org
+ [3665533a7219]
+
+2021-11-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_csv.c:
+ Quiet a PVS Studio warning. The warning that need_comma is always
+ false is correct but in this case it is better to use a consistent
+ construct so that if the code is re-ordered no bugs are introduced.
+ [5109a34444f5]
+
+ * lib/util/getentropy.c:
+ Pass correct size to free_zero(). Coverity CID 241233
+ [2ba51f57deb5]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c:
+ Add reference counting to Defaults bindings. Previously, we checked
+ that the previous entry's binding pointer was not the same while
+ freeing. However, to be able to merge Defaults records we cannot
+ rely on Defaults entries with the same binding being immediately
+ adjacent. This removes the prev_binding checks in favor of a
+ reference count which allows us to plug the memory leak in
+ cvtsudoers when merging Defaults.
+ [0a789516622b]
+
+2021-11-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/parse.h:
+ cvtsudoers: merge aliases when multiple sudoers files are specified
+ Duplicate aliases are remove. If there are conflicting alias names,
+ the conflicts are renamed by appending a numerical suffix. For
+ example, if there are two SERVERS Host_Aliases, the second one will
+ be renamed to SERVERS_1.
+ [d9b602626b8c]
+
+ * plugins/sudoers/cvtsudoers_merge.c:
+ cvtsudoers: merge Defaults when multiple sudoers files are specified
+ If a hostname is specified with the sudoers file, it will be used to
+ make the Defaults setting host-specific, if possible. Duplicate
+ Defaults settings are removed and conflicts are warned about. It is
+ not possible to resolve all conflicts automatically.
+ [756b05304ccb]
+
+ * plugins/sudoers/cvtsudoers_merge.c:
+ cvtsudoers: merge userspecs when multiple sudoers files are
+ specified If a hostname is specified with the sudoers file, it will
+ be used to make the userspec host-specific, if possible. Duplicate
+ userspecs are removed but conflicting entries are not currently
+ pruned.
+ [643b533bb4f4]
+
+ * docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
+ Document how to merge sudoers files with cvtsudoers.
+ [241c3786f5a8]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c:
+ init_parse_tree() now takes ownership of lhost and shost, if any.
+ This means that lhost and shost in struct sudoers_parse_tree are no
+ longer const and that free_parse_tree() will free lhost/shost. The
+ only consumer that passed in lho.st/shost was the SSSD back-end
+ which has been updated to avoid a double-free.
+ [650bb75666fb]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_merge.c:
+ cvtsudoers: use init_parse_tree() to initialize a parse tree. Also
+ free the parse tree before exit.
+ [9d8f8bb88192]
+
+ * MANIFEST, Makefile.in, etc/macos-background.png, etc/sudo-
+ logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
+ Add a background image for the macOS installer.
+ [39889307b278]
+
+ * scripts/pp:
+ Update PolyPkg
+ [44b1d08be1b0]
+
+2021-11-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ mkpkg: handle a macOS SDK that just uses the major version. For
+ example, MacOSX11.sdk instead of MacOSX11.3.sdk.
+ [ce41fc5aa672]
+
+ * lib/util/Makefile.in:
+ Add missing dependencies for timegm.
+ [b20c4936504b]
+
+2021-11-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c:
+ Add support for specifying the hostname as a prefix to the sudoers
+ file. If present, the host name is copied into the struct
+ sudoers_parse_tree.
+ [e87e11cccb6e]
+
+2021-11-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c:
+ cvtsudoers: parse multiple sudoers files and store them in a tail
+ queue In the future the parsed files will be merged before they are
+ output.
+ [89c77b3f4157]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h:
+ Add sudoers_parse_tree_list, a tail queue of struct
+ sudoers_parse_tree. This will be used to store multiple parse trees
+ and merge them into a single sudoers_parse_tree.
+ [073ada18f18b]
+
+ * docs/CONTRIBUTING.md:
+ Fix formatting of links.
+ [df50208b3f70]
+
+ * MANIFEST, docs/CONTRIBUTING.md:
+ Add contributing guide.
+ [a99f3a0757f6]
+
+ * .github/workflows/codeql-analysis.yml:
+ Create codeql-analysis.yml
+ [efab25dab29c]
+
+2021-11-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, docs/SECURITY.md:
+ Add security doc, inspired by the Microsoft template.
+ [0a8012f8ee35]
+
+ * .gitignore, .hgignore, INSTALL, MANIFEST, Makefile.in, README,
+ configure, configure.ac, doc/CONTRIBUTORS, doc/HISTORY, doc/LICENSE,
+ doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE,
+ doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/fixman.sh,
+ doc/fixmdoc.sed, doc/schema.ActiveDirectory, doc/schema.OpenLDAP,
+ doc/schema.iPlanet, doc/schema.olcSudo, doc/sudo.conf.man.in,
+ doc/sudo.conf.man.in.sed, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
+ doc/sudo.man.in.sed, doc/sudo.mdoc.in, doc/sudo_logsrv.proto.man.in,
+ doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in,
+ doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
+ doc/sudo_logsrvd.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudo_plugin_python.man.in,
+ doc/sudo_plugin_python.mdoc.in, doc/sudo_sendlog.man.in,
+ doc/sudo_sendlog.mdoc.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
+ doc/visudo.mdoc.in, docs/CONTRIBUTORS, docs/HISTORY, docs/LICENSE,
+ docs/Makefile.in, docs/TROUBLESHOOTING, docs/UPGRADE,
+ docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/fixman.sh,
+ docs/fixmdoc.sed, docs/schema.ActiveDirectory, docs/schema.OpenLDAP,
+ docs/schema.iPlanet, docs/schema.olcSudo, docs/sudo.conf.man.in,
+ docs/sudo.conf.man.in.sed, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
+ docs/sudo.man.in.sed, docs/sudo.mdoc.in,
+ docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in,
+ docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
+ docs/sudo_logsrvd.man.in, docs/sudo_logsrvd.mdoc.in,
+ docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
+ docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
+ docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in,
+ docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
+ docs/sudoers.man.in, docs/sudoers.man.in.sed, docs/sudoers.mdoc.in,
+ docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in,
+ docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in, docs/visudo.man.in,
+ docs/visudo.mdoc.in, etc/codespell.skip:
+ Rename "doc" directory to "docs" for better GitHub compatibility.
+ [1268c3ae0916]
+
+ * lib/util/Makefile.in:
+ Use $(SED), not sed, when generating mksiglist.h/mksigname.h
+ [7a7b636a3f32]
+
+ * configure, configure.ac, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Add configure check for sha1sum and use "openssh dgst -sha1" if
+ missing. Only needed when building the seed corpus zip files.
+ [3c74ceba0446]
+
+ * include/sudo_compat.h:
+ sudo_compat.h: include unistd.h regardless of OS type This helps to
+ avoid issues with mismatched headers and libraries.
+ [4a22435a2832]
+
+2021-11-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ install_sudoers: fix return value when there is no temp file to
+ install This can happen when no changes were made. Also preserve the
+ edited temp file on error if we are unable to move it into place.
+ [01c1052ac874]
+
+ * plugins/python/regress/testdata/check_multiple_approval_plugin_and_a
+ rguments.stdout:
+ Bump plugin version in test data to 1.18.
+ [138b9f6a6143]
+
+ * plugins/sudoers/defaults.c:
+ free_defs_val: free rlimits like strings (which they are).
+ [ade32de829cb]
+
+ * plugins/sudoers/visudo.c:
+ Rename {check,set}_perms variable to {check,set}_mode. Avoids a name
+ clash with the set_perms() function.
+ [a2dfa0d36690]
+
+ * src/edit_open.c:
+ Avoid symbol name clash with is_writable() function variable. Rename
+ "is_writable" variable to "writable".
+ [a52bd106933b]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document new resource limit settings.
+ [022e51bff860]
+
+ * doc/UPGRADE:
+ Mention that the core dump size resource limit now defaults to 0.
+ [22997e8008c9]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, src/exec.c:
+ Document resource limit support in command_info[] and Bump plugin
+ API minor. This is supported beginning with sudo 1.9.9 and plugin
+ API 1.17.
+ [2004a71a11b3]
+
+2021-11-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c,
+ src/limits.c:
+ Use strtoul() on systems without strtoull(). We can assume that
+ systems without strtoull() have 32-bit resource limits.
+ [59c1be5a0387]
+
+ * src/exec.c, src/limits.c, src/sudo.c, src/sudo.h:
+ Add front-end support for setting resouce limits. The special value
+ "user" means preserve the invoking user's limit. The value "default"
+ means don't override the default limit for the user as assigned by
+ the system (PAM, loging.conf, userdb, etc).
+ [7ad6961d5d72]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults,
+ plugins/sudoers/policy.c:
+ Add basic support for setting resource limits in sudoers. The
+ default for rlimit_core is "0,0" Resource limits are passed back to
+ the front-end in command_info[] when set.
+ [298d5e228635]
+
+ * src/edit_open.c:
+ switch_user_nonfatal: only define if using faccessat()
+ [1a6b2c0240f5]
+
+2021-11-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c:
+ visudo: add -O and -P options to check/set owner and permissions.
+ This can be used in conjunction with the -c option to check that the
+ sudoers file ownership and permissions are correct. Bug #1007
+ [1f20721148b0]
+
+2021-11-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/UPGRADE:
+ UPGRADE: mention SELinux behavior change.
+ [0b8cef633225]
+
+ * src/selinux.c, src/sudo.h, src/sudo_edit.c:
+ Rename selinux_setcon -> selinux_setexeccon
+ [50bde2e4d922]
+
+ * src/selinux.c:
+ In the SELinux role is "unconfined_r", disable SELinux support. We
+ only want to apply SELinux to confined users. This is a bit of a
+ hack as unconfined_r is specific to the targeted policy.
+ [aaa8ee97f31e]
+
+ * src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Separate out the code to compute the context from selinux_setup().
+ This makes it possible to determine whether we really need to
+ execute the command via the sesh helper. What was left of
+ selinux_setup() is now selinux_relabel_tty() and
+ selinux_audit_role_change().
+ [687a81e59fdd]
+
+ * plugins/sudoers/policy.c, src/selinux.c, src/sudo.c:
+ Pass status of selinux sudoers setting to front-end as selinux-rbac.
+ The front-end uses this to decide whether or not to enable SELinux.
+ If selinux-rbac is true _or_ if it is not present and selinux_role
+ or selinux_type are set, SELinux support is enabled. Previously,
+ SELinux support was only enabled if a role was specified.
+ [2f21ae08ebbd]
+
+ * src/edit_open.c:
+ dir_is_writable: add fallback if changing UIDs fails The SELinux
+ policy may not allow uid/gid changes which will break the
+ writability checks and cause sudoedit to fail.
+ [5c5928a0c314]
+
+2021-11-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Build python package on Fedora
+ [7261434fc60c]
+
+2021-11-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/selinux.c:
+ Make get_exec_context static, it is unused outside selinux.c.
+ [be59f91e53dd]
+
+ * doc/sudo.conf.mdoc.in:
+ Fix lint warning: skipping paragraph macro: Pp before Bd
+ [f84297a652d8]
+
+2021-10-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ Escape some minus signs ('-') as required by newer groff.
+ [4a1a2d6d5c19]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/timegm.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/parse.h, scripts/mkdep.pl:
+ parse_gentime: use timegm() to generate time since the epoch The
+ timegm() function is non-standard but widely available. Provide an
+ implementation for those systems that lack it. Bug #1006
+ [3ca20dfdb44c]
+
+ * include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl:
+ Fix pasto in gmtime_r and localtime_r macros. Also add missing
+ Makefile targets for them.
+ [2310e188fdd4]
+
+ * plugins/sudoers/gmtoff.c:
+ Take daylight saving time into consideration when computing offset.
+ Otherwise, the resulting time may be off by and hour, depending on
+ whether DST is currently active compared to the target time.
+ [20c60fe8e8fc]
+
+2021-10-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Back out f2d82771e7dd, arm64e on macOS is still in preview state.
+ Until arm64e on macOS is finalized, continue to build arm64
+ packages.
+ [6c3bbd6ffc3a]
+
+2021-10-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Build arm64e ABI binaries on macOS 11 and above. We originally used
+ arm64 here but the correct ABI is arm64e. The arm64 arch will be
+ removed in a future release.
+ [f2d82771e7dd]
+
+ * logsrvd/logsrvd_local.c:
+ Use iolog_openat() when opening the log.json file in the I/O log
+ dir.
+ [9041b20b8d01]
+
+2021-10-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/tls_init.c:
+ Use BIO_new_file() not BIO_new_fd() to read dhparams file. Older
+ versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly
+ include openssl/bio.h and openssl/dh.h for wolfSSL.
+ [8338f58d5ba0]
+
+ * INSTALL, config.h.in, configure, configure.ac:
+ wolfSSL not WolfSSL
+ [4ee7f96ef87c]
+
+ * .circleci/config.yml:
+ Add wolfSSL variant to continuous integration tests.
+ [dbbab23e069c]
+
+ * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
+ docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
+ docker/ubuntu/rolling/Dockerfile:
+ Add libwolfssl-dev to Debian and Ubuntu Dockerfiles Fedora does not
+ appear to have an official wolfssl package.
+ [12c0feaa0ebb]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ White space in an include file path supported by sudo 1.9.1 or
+ higher.
+ [9a22034de181]
+
+2021-10-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/iolog/hostcheck.c,
+ lib/util/digest_openssl.c, lib/util/getentropy.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
+ logsrvd/tls_init.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/log_client.h:
+ Add support for WolfSSL's OpenSSL compatibility layer. Based on
+ changes from Hayden Roche
+ [568557ecb77b]
+
+ * lib/util/Makefile.in, plugins/sudoers/Makefile.in:
+ regenerate dependencies
+ [d36bf7724e49]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
+ logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Move include of log_server.pb-c.h into logsrvd.h and sendlog.h This
+ way there is no include file order issue with the
+ PROTOBUF_C_VERSION_NUMBER check.
+ [23678487ffaf]
+
+ * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
+ docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
+ docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
+ docker/ubuntu/rolling/Dockerfile:
+ Add pkg-config to all Dockerfile
+ [63457bb84c4d]
+
+2021-10-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/tls_init.c:
+ Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not
+ X509_FILETYPE_PEM While they are defined to the same value in
+ OpenSSL one should not rely on this.
+ [1a1557931dbf]
+
+2021-10-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Fix setting _PATH_ASAN_LIB, need to double up the square brackets.
+ [98143164620a]
+
+ * logsrvd/sendlog.c:
+ sudo_sendlog: send runenv, rungid and runuid from log.json too With
+ this change, sudo_sendlog can now round-trip sudo-style I/O logs
+ that use the newer log.json format without losing any information.
+ [d9d3dad6cca3]
+
+2021-10-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, lib/util/arc4random.c:
+ arc4random: need to include sys/random.h on Solaris too. This was
+ removed when Linux genentropy() was disabled.
+ [18ea9b386950]
+
+2021-10-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/hostcheck.c, lib/util/inet_ntop.c, logsrvd/logsrv_util.h,
+ plugins/sudoers/log_client.h:
+ Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined.
+ [e347465e0a05]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h:
+ Only include log_client.h if SUDOERS_LOG_CLIENT is defined.
+ [c318f74cf2a8]
+
+ * Merge pull request #118 from larb0b/main
+
+ Define MAP_FAILED where relevant if undefined
+ [74f3e9f1a1f4]
+
+2021-10-21 Larkin Nickle <me@larbob.org>
+
+ * lib/util/getentropy.c, lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/snprintf.c:
+ Define MAP_FAILED where relevant if undefined
+
+ On systems such as HP-UX 10.20, MAP_FAILED is not defined.
+ [9f4976caa567]
+
+2021-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, m4/libtool.m4:
+ Improve macOS version detection to support macOS 11 and simplify
+ legacy logic From Jeremy Huddleston Sequoia
+ [f09b45ab460a]
+
+ * logsrvd/sendlog.c:
+ sudo_sendlog: send multiple I/O log records together if possible Try
+ to fill the write buffer and then send to the server instead of
+ sending records one at a time.
+ [0b084cd75d64]
+
+ * logsrvd/sendlog.c, logsrvd/sendlog.h:
+ sudo_sendlog: support multiple write buffers like sudo_logsrvd
+ [a46b88eff200]
+
+ * configure, configure.ac, lib/util/Makefile.in:
+ Always link libsudo_util.so with libcrypto.so if using OpenSSL. We
+ may need to use RAND_bytes() in the getentropy() emulation.
+ [9c805a008d76]
+
+ * config.h.in, configure, configure.ac, lib/util/getentropy.c,
+ plugins/sudoers/boottime.c:
+ Add an explicit check for sys/sysctl.h. This test needs to be done
+ after AC_LANG_WERROR to avoid including sys/sysctl.h on systems
+ where it is marked as deprecated via a #warning directive.
+ [d9f1f97b0f37]
+
+ * config.h.in, configure, configure.ac, lib/util/arc4random.c:
+ Use our own getentropy() by default on Linux. The glibc getentropy()
+ emulation will fail on older kernels that don't support getrandom().
+ Also use sudo_fatal() instead of sending SIGKILL on getentropy()
+ failure. GitHub issue #117.
+ [1ca9d10ff780]
+
+ * lib/util/getentropy.c:
+ Use the OpenSSL RAND_bytes() function if getrandom() fails.
+ [5f82f6d2ea36]
+
+ * lib/util/Makefile.in, lib/util/arc4random_buf.c, scripts/mkdep.pl:
+ Fix compilation of standalone arc4random_buf(). Apparently this code
+ was never compiled anywhere.
+ [a66c68c3a976]
+
+ * lib/util/uuid.c:
+ sudo_uuid_create: no longer need a union for the uuid.
+ [a9277bf0078c]
+
+2021-10-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog_free.c:
+ eventlog_free: free signal_name too
+ [1da686483f2a]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.dict:
+ Add new log.json keywords
+ [f4a30fc6c4ed]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c:
+ fuzz_iolog_json: initialize exit_value to -1
+ [bac9826b95a1]
+
+ * logsrvd/logsrvd.c:
+ Fix potential use-after-free when calling iolog_flush_all(). We need
+ to call iolog_flush_all() _before_ scheduling the commit point. If
+ we fail to schedule to commit point, the closure will be freed.
+ Coverity CID 220557
+ [364736f15a06]
+
+ * logsrvd/sendlog.c:
+ sendlog: use runargv from log.json if available
+ [88a0f4d7bb94]
+
+ * logsrvd/sendlog.c:
+ sudo_sendlog: send exit data in eventlog if present
+ [fdacc0f68c56]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
+ No longer need to pass exit params to eventlog_exit(), use struct
+ eventlog. Now that struct eventlog includes the exit parameters we
+ can simplify how eventlog_exit() is called.
+ [8580c0e8334d]
+
+ * include/sudo_eventlog.h, lib/iolog/iolog_json.c,
+ lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c:
+ Read command run_time, signal and exit_value from I/O log log.json
+ file.
+ [05223c4cca0c]
+
+ * logsrvd/logsrvd_local.c:
+ Log the command run-time and exit status in the I/O log.
+ [8b02b373f79b]
+
+ * lib/eventlog/eventlog.c:
+ format_json: fix pasto when setting dumped_core boolean
+ [ca11285c088a]
+
+2021-10-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c, logsrvd/logsrvd_local.c:
+ Handle a missing run_time in an ExitMessage. It is now possible to
+ pass a NULL run_time to eventlog_exit().
+ [f3e989682931]
+
+2021-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ logsrvd/logsrvd.c:
+ No need to flush logs before commit point if we flush after each
+ write. Also document that logs are flushed before sending a commit
+ point even when flushing is disabled.
+ [50323241569d]
+
+2021-10-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
+ lib/iolog/iolog_conf.c, lib/iolog/iolog_flush.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Flush I/O logs before we send a commit point. The commit point
+ message means we have written the data to disk so we should not be
+ buffering it any longer. We do not currently fsync(2) the data after
+ flushing, perhaps we should.
+ [5233172b7531]
+
+ * logsrvd/logsrv_util.c:
+ Do not treat a resume point of [0, 0] as an error. If the connecton
+ is interrupted before sudo sends back a commit_point message,
+ resuming at [0, 0] is correct. Also add a warning on unexpected EOF
+ parsing the timing file.
+ [105f29878ad7]
+
+2021-10-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Display a more helpful message if the user tries to run "sudo cd".
+ Since "cd" is a shell built-in command it cannot be run directly via
+ sudo. The user either needs to spawn a shell via "sudo -s" or use
+ the -D option to run a command in a specific directory.
+ [4d45797dfb11]
+
+ * configure, configure.ac:
+ Don't install sudoers.a when configured with --enable-static-
+ sudoers. We already avoid installing it when --disable-shared-util
+ is specified.
+ [0d2022bc07cb]
+
+2021-10-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ mkpkg: preserve make exit value on exit Fixes a problem where the
+ exit value from mkpkg was 0 even on error.
+ [0d0f15bf10cf]
+
+ * plugins/sudoers/cvtsudoers_csv.c:
+ Fix typos in SELinux and Solaris priv support.
+ [16b9a1459f1d]
+
+ * MANIFEST, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c:
+ cvtsudoers: initial support for CSV output For CSV output we double
+ quotes strings that contain commas. For each literal double quote
+ character present inside the string, two double quotes are output.
+ [8f7763b74563]
+
+ * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ regenerate dependencies
+ [09d11b5c7d41]
+
+ * docker/README, etc/codespell.ignore:
+ Fix typo and avoid a codespell false positive.
+ [81a365b29c3c]
+
+2021-10-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .circleci/config.yml:
+ Add build-nointercept and test-nointercept
+ [d39877327ccc]
+
+2021-10-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .circleci/config.yml:
+ circleci: test multiple build options We now do separate builds with
+ LDAP/SSSD enabled, logsrv client/server disabled, and static-sudoers
+ enabled.
+ [4d8a9b45156c]
+
+ * configure, configure.ac, plugins/sudoers/Makefile.in:
+ Fix fuzzer build with when --enable-static-sudoers is used. This
+ introduces a sudoers-specific version of LT_STATIC instead of
+ appending the --tag=disable-shared to SUDOERS_LDFLAGS. I've also
+ removed the -static flag as it should not be needed.
+ [864a2fd4e3f7]
+
+2021-10-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * docker/README:
+ Mention --security-opt=seccomp=unconfined workaround for bleeding
+ edge. May be needed for Fedora rawhide and Ubuntu testing, among
+ others.
+ [a465fdb0a7de]
+
+ * configure, configure.ac:
+ Try to handle the case where libasan.so is a linker script. Fixes
+ check_noexec with ASAN on Fedora where libasan.so just includes the
+ actual library file.
+ [f96d1d0cea53]
+
+ * .circleci/config.yml, docker/README,
+ docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile:
+ Enable address and undefined behavior sanitizers in CI builds. We
+ need to disable leak sanitizer during "make check" because it uses
+ ptrace which is not allowed for unprivileged containers.
+ [9378e3856a60]
+
+2021-10-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .circleci/config.yml:
+ Switch to Ubuntu latest for circleci build.
+ [1270ca1ba47d]
+
+ * .circleci/config.yml, docker/debian/latest/Dockerfile,
+ docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile,
+ docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile,
+ docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
+ Add build user for circleci instead of running as root.
+ [27dcb5218cb2]
+
+ * .circleci/config.yml, MANIFEST, docker/README,
+ docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
+ docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
+ docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
+ docker/ubuntu/rolling/Dockerfile:
+ Use circleci for continuous integegration. Build container
+ descriptions are in the new docker directory.
+ [d5b5b16b0624]
+
+2021-10-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .gitignore, .hgignore:
+ Update ignore file.
+ [7fe8afa88e96]
+
+2021-10-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoreplay.c:
+ Sync "sudo -l" output with normal sudo log format. It now prints
+ runchroot and runcwd (falling back on cwd). As a result, submithost
+ is now printed first, matching sudo. Also avoid printing NULL
+ pointers and skip entries that don't have at least command,
+ submituser and runuser set.
+ [0d6b96ec88a1]
+
+ * lib/iolog/iolog_json.c:
+ iolog_parse_json_object: optimize for large argv
+ [5fa1929189a3]
+
+2021-09-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported.
+ Can be disabled via --disable-hardening.
+ [589507ecadf4]
+
+ * configure, configure.ac:
+ Add "-z now" to hardened link options if supported. Can be disabled
+ via --disable-hardening.
+ [11ff1d86440b]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/editor.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/visudo.c:
+ find_editor: remove the env_error argument There is no case where we
+ should fail to find an editor just because the values of EDITOR,
+ VISUAL and SUDO_EDITOR are unavailable. Both sudoedit and the
+ "env_editor" sudoers setting are documented as falling back on the
+ hard-coded list of editors in the "editors" sudoers setting. Bug
+ #1000
+ [caa529a0cab6]
+
+ * plugins/sudoers/check_aliases.c:
+ Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr).
+ Avoids extraneous output in the fuzzer.
+ [981d3abd96c7]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Stub out sudo_printf() and avoid other use of stderr in fuzzers.
+ This makes it possible to parse sudoers without using quiet mode,
+ resulting in better coverage.
+ [3215cad4174f]
+
+2021-09-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Use a consistent version of fuzz_conversation() with all fuzzers.
+ Also undo a change to fuzz_sudoers.c that snuck in to the last
+ commit.
+ [8a94b06302b7]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Fuzzers should not produce output. Excessive output makes the fuzzer
+ runs much less efficient.
+ [b9c485009c0f]
+
+ * logsrvd/logsrv_util.c:
+ expand_buf: fix conditional for when we need to preserve existing
+ data It is possible for the buffer offset to be zero when the length
+ is non-zero. The proper value to use is the same as is used for the
+ memcpy/memmove size. Fixes buffer corruption caused by a very long
+ command line that usually results in a dropped connection.
+ [59a4319b3463]
+
+2021-09-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, lib/util/closefrom.c:
+ Emulate closefrom() on macOS using proc_pidinfo(). This avoids
+ relying on /dev/fd which may not exist in a chroot jail. Adapted
+ from a change in OpenSSH by likan_999.student AT sina.com
+ [2e86d4150ce5]
+
+2021-09-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/edit_open.c:
+ Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure.
+ FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
+ This is only used to present the user with a more appropriate error
+ message.
+ [ca5499c8c40f]
+
+2021-09-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c:
+ Fix typo in last commit, use boolean AND not bitwise.
+ [685bd5d9ce6f]
+
+ * doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h:
+ Add the ability to filter/match by command via the -m option. For
+ example "cvtsudoers -m cmd=/bin/ls" would only display entries that
+ would allow /bin/ls to be allowed or denied.
+ [3534a0170c59]
+
+2021-09-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/pwutil.c:
+ Add --group-file and --passwd-file options to cvtsudoers. These are
+ based on the code in testsudoers.
+ [3286dd5dd0bf]
+
+2021-09-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/mkdir_parents.c:
+ Move cppcheck suppression annotation to where it needs to be.
+ [17d601bc91f3]
+
+ * lib/util/mksigname.c:
+ format string fix: print signal number as unsigned. Quiets a
+ cppcheck warning; mksiglist.c already has this fixed.
+ [a28b72dceec4]
+
+ * plugins/sudoers/ldap_util.c:
+ Fix memory leak on error path if snprintf() overflows. Coverity CID
+ 188804
+ [73872d2e2cd0]
+
+2021-09-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c:
+ Avoid reinitializing other auth methods.
+ [af0495460943]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ expand_include: add bounds checking when expanding %h escape.
+ [3c0ca1f0d4e5]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Check snprintf() return values even if we preallocated the correct
+ amount. There are no remaining unchecked snprintf() that can
+ actually overflow.
+ [0eaf1d4daa84]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_nextid.c:
+ iolog_nextid(): make iolog_dir argument const. We make a copy of the
+ directory so there's no real reason that parameter can't be const.
+ [f278847ca9aa]
+
+ * plugins/sudoers/ldap_util.c:
+ Amend truncation fix, the real problem was the size passed to
+ snprintf(). sudo_rcstr_alloc() takes a length (not a size) parameter
+ so when calling snprintf() we need to add one to the length.
+ [92f8a8b86d20]
+
+ * plugins/sudoers/ldap_util.c:
+ Fix truncation of the last char of the sudoRole cn passed to
+ append_default(). This string is primarily used for warning
+ messages. Also check the snprintf() return value to avoid silent
+ truncation. GitHub issue #115
+ [22b8d7bc62f8]
+
+2021-09-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_8p2 for changeset 9edebc604c58
+ [67357c8687d3] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.8p2
+ [9edebc604c58] [SUDO_1_9_8p2] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.8p2
+ [f29fdeb8ae5b]
+
+ * etc/codespell.exclude:
+ Standardize on "front-end" not "front end" in the man pages.
+ [b0ad634852e7]
+
+ * configure, configure.ac:
+ fix typo
+ [4d8738449daa]
+
+ * logsrvd/logsrvd_journal.c:
+ Reuse existing journal file for an accepted/rejected sub-command.
+ Otherwise we end up with zero-length files in the incoming queue dir
+ and may end up relaying one of those instead of the actual journal
+ file.
+ [4789371a43f3] <1.9>
+
+ * logsrvd/logsrvd_journal.c:
+ Reuse existing journal file for an accepted/rejected sub-command.
+ Otherwise we end up with zero-length files in the incoming queue dir
+ and may end up relaying one of those instead of the actual journal
+ file.
+ [545897a2761c]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Re-enable error output for the sudoers parser. It is only the alias
+ and defaults warnings we need to suppress.
+ [114bd7756a7c]
+
+ * src/exec_intercept.c:
+ Add intercept_cleanup() stub for when building w/o intercept
+ support.
+ [bd6f32a90787]
+
+ * src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
+ src/sudo_exec.h:
+ Add intercept_cleanup() to free the closure used by
+ intercept_accept_cb().
+ [55f6aea8b517]
+
+ * plugins/sudoers/auth/pam.c:
+ Don't re-initialize PAM for sub-commands.
+ [41d7d61e4ac5] <1.9>
+
+ * plugins/sudoers/auth/pam.c:
+ Don't re-initialize PAM for sub-commands.
+ [faa7aec4d145]
+
+ * logsrvd/logsrvd_local.c:
+ sudo_logsrvd: only send log ID for first command of a session There
+ is no need to send the log ID for each sub-command.
+ [e21b40af74f2] <1.9>
+
+ * logsrvd/logsrvd_local.c:
+ sudo_logsrvd: only send log ID for first command of a session There
+ is no need to send the log ID for each sub-command.
+ [625b18c5f821]
+
+ * plugins/sudoers/log_client.c:
+ Only store the first log id received from the server. Plugs a small
+ memory leak in intercept mode if the log server sends the log ID
+ again for sub-commands.
+ [e20563f3e152] <1.9>
+
+ * plugins/sudoers/log_client.c:
+ Only store the first log id received from the server. Plugs a small
+ memory leak in intercept mode if the log server sends the log ID
+ again for sub-commands.
+ [ca2ad5b219cd]
+
+2021-09-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ fuzz_sudoers: don't warn about unknown defaults entries Some fuzzing
+ inputs cause a huge number of warnings and displaying them all can
+ result in the fuzz run timing out. If we disable the warnings we can
+ avoid the timeout.
+ [4823ee305937]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/policy.c:
+ Limit paths for command, cwd and chroot to PATH_MAX bytes. This
+ helps prevent the fuzzer from going off the rails.
+ [9550fa76a645]
+
+ * plugins/sudoers/sudoers.c:
+ sudo -i: missing NULL terminator when moving argv to make room for
+ --login Fixes a potential crash for "sudo -i" when the target user
+ has bash as the shell (which needs the --login option). Bug #998.
+ [32644aae1eab] <1.9>
+
+ * plugins/sudoers/sudoers.c:
+ sudo -i: missing NULL terminator when moving argv to make room for
+ --login Fixes a potential crash for "sudo -i" when the target user
+ has bash as the shell (which needs the --login option). Bug #998.
+ [4b297f2ead15]
+
+ * lib/eventlog/eventlog.c:
+ Only append argv[] to the log line if argv[0] is not NULL. It should
+ not be possible to reach this point with a command defined but
+ argv[] empty but it doesn't hurt to check.
+ [61f9cf744673]
+
+2021-09-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check_aliases.c:
+ Only warn about an undefined alias or a cycle a single time. There's
+ no point in warning about the same problem multiple times. This
+ implementation assumes a small number of warnings and so just uses a
+ simple listed link.
+ [4461f65d1bad]
+
+ * configure, configure.ac:
+ Remove now-unused CHECK_INTERCEPT variable.
+ [447dbf8bea48]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Quiet pvs-studio false positive: V557 Array overrun is possible.
+ Make the zero length check explicit so as not to confuse static (or
+ human) analyzers.
+ [512ab29a9f28]
+
+2021-09-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test17.out.ok,
+ plugins/sudoers/regress/testsudoers/test17.sh:
+ Test that digest matching works with LDAP sudoCommand: ALL
+ [f7ec49401d4f]
+
+ * plugins/sudoers/ldap_util.c:
+ Allow a digest to be specified with the "ALL" command for ldap/sssd
+ back-ends. This has been possible with sudoers file entries since
+ sudo 1.9.0 but no corresponding change was made for ldap/sssd.
+ [89a30bbd7dac]
+
+ * lib/eventlog/eventlog.c:
+ Use localtime_r() not gmtime_r() when formatting the local time.
+ This is consistent with how sudo formatted time stamps prior to the
+ logging code being split off into libeventlog. We only need to use
+ gmtime_r() for ISO 8601 time.
+ [aee6e29ba9d6]
+
+ * lib/eventlog/eventlog.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/timestr.c:
+ Check strftime(3) return value in all cases. Old versions of
+ strftime(3) didn't guarantee to NUL-terminate the buffer so we
+ explicitly clear the last byte of the buffer and check it.
+ [bc402e4bd4d2]
+
+ * config.h.in, configure, configure.ac, logsrvd/tls_init.c:
+ tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. Fixes a warning
+ on OpenSSL 3.0 and plugs a memory leak of dhparams on config reload.
+ [02027ea86d3b]
+
+ * configure, configure.ac, lib/util/digest_openssl.c:
+ Use the EVP digest routines instead of calling SHA2 functions
+ directly. Avoids compiler warnings with OpenSSL 3.0.
+ EVP_MD_CTX_new() is only available for OpenSSL 1.1 and higher--we
+ will fall back to sudo's SHA2 code if necessary.
+ [6fbac28175f9]
+
+ * configure, configure.ac:
+ When using pkg-config, don't assume the names of the ssl and crypto
+ libs. On the HP-UX build machines these are named libssl_pic.a and
+ libcrypto_pic.a to avoid conflicting with the system libs.
+ [a8eb772b3a4d]
+
+ * lib/util/sudo_debug.c:
+ Store milliseconds in the debug file timestamp. Sometime second
+ granularity is not enough.
+ [1df3e75f1133]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/gmtime_r.c, lib/util/localtime_r.c:
+ Add gmtime_r and localtime_r tests and compat if missing.
+ [709671c493a3]
+
+ * lib/eventlog/eventlog.c, lib/iolog/iolog_path.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
+ plugins/sample_approval/sample_approval.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/timestr.c:
+ Use gmtime_r() and localtime_r() instead of gmtime() and
+ localtime().
+ [5758514b25cb]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Plugin lines are for approval and audit plugins too.
+ [67bb7c0687f2]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
+ doc/sudo.mdoc.in, doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
+ doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in,
+ doc/visudo.mdoc.in:
+ Standardize on "front-end" not "front end" in the man pages.
+ [68748f8cc8a6]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test16.out.ok,
+ plugins/sudoers/regress/testsudoers/test16.sh:
+ Add a test to exercise Bug #994
+ [eef2ece0e8d4]
+
+ * scripts/mkpkg:
+ mkpkg: limit the number of cores used to 16
+ [5b8f2aa834b8]
+
+2021-09-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ fix typo
+ [120b1e7d2aca]
+
+ * .hgtags:
+ Added tag SUDO_1_9_8p1 for changeset feb396a0d60d
+ [e5f560a935fc] <1.9>
+
+ * configure, configure.ac:
+ Merge sudo 1.9.8p1 from tip
+ [feb396a0d60d] [SUDO_1_9_8p1] <1.9>
+
+ * NEWS:
+ Bug #994.
+ [14ea3a741b25]
+
+ * plugins/sudoers/ldap_util.c:
+ Always allocate a struct sudo_command for the command, even for ALL.
+ This was missed in the previous set of changes, resulting in a crash
+ for LDAP and SSSD rules that give sudo "ALL" privileges. Bug #994.
+ [91d0379b068a]
+
+ * plugins/sudoers/Makefile.in:
+ Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS Fixes a fuzzer link error when
+ building with ldap if the ldap libs are not in the default library
+ search path.
+ [a450881f9763]
+
+ * configure, configure.ac:
+ Fix the OpenSSL link order for the non-pkg-config case. Since -lssl
+ depends on -lcrypto, -lcrypto must be listed after -lssl. Fixes
+ linking of non-dynamic OpenSSL libs.
+ [787724ab6e87]
+
+2021-09-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.8p1
+ [fc8c69d55348]
+
+ * src/sudo_intercept_common.c:
+ sudo_interposer_init: verify message type from sudo We should only
+ get a HelloResponse from sudo at this point.
+ [a021319260b3]
+
+ * include/intercept.pb-c.h, src/exec_intercept.c,
+ src/intercept.pb-c.c, src/intercept.proto,
+ src/sudo_intercept_common.c:
+ Avoid symbol name clash to fix --enable-static-sudoers linking.
+ [5cc5e415844f]
+
+2021-09-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/policy.c:
+ append_defaults() should not be passed a value for boolean flags.
+ The operation should simply be set to true/false. Also treat a NULL
+ file as coming from the front-end. Bug #993.
+ [86e69d358916]
+
+2021-09-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, plugins/python/Makefile.in,
+ scripts/mkdep.pl, src/Makefile.in:
+ Teach mkdep.pl about --tag=disable-static in LTFLAGS. If static objs
+ are disabled we need to add explicit dependencies for .o files. The
+ OpenBSD libtool doesn't use a pic object file when linking
+ executables so we need to build the non-pic objects too.
+ [cdefeeb41a64]
+
+ * configure, configure.ac:
+ Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. The
+ OpenSSL pkgconfig files only include -L paths, not -R paths. Using
+ SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
+ binaries will run (not just link).
+ [29d051972287]
+
+ * INSTALL, configure, configure.ac:
+ Add --enable-openssl-pkgconfig-template option. This can be used to
+ find the correct openssl pkg-config file if it is not named
+ "openssl" (also libcrypto).
+ [77cd3463cefa]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Some POSIX yacc fixes for bison 3.8 yyerror() must be extern void
+ declare tokens with type instead of using separate %type lines
+ [c4e57f9e7df5]
+
+2021-09-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_8 for changeset e25cff5d148b
+ [4067d7a889fa] <1.9>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Merge sudo 1.9.8 from tip
+ [e25cff5d148b] [SUDO_1_9_8] <1.9>
+
+ * .gitignore, .hgignore:
+ Add src/intercept.exp to ignore files.
+ [4eaa182a8808]
+
+2021-09-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo:
+ regen
+ [8c168099301b]
+
+ * NEWS:
+ Mention --enable-static-sudoers fix.
+ [c93a42253fd0]
+
+ * configure, configure.ac:
+ Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to
+ SUDOERS_LDFLAGS. Copy pasta is not always the best kind of pasta.
+ [08188442f77b]
+
+ * MANIFEST, configure, configure.ac, m4/sudo.m4, src/Makefile.in,
+ src/intercept.exp, src/intercept.exp.in, src/sudo_intercept.c:
+ sudo_intercept.so: only replace execvpe() if it is present.
+ execvpe() is a GNU extension also found on *BSD (but not macOS).
+ [26153ad9c6ca]
+
+ * NEWS:
+ We now intercept more than just execve().
+ [33e453f035f8]
+
+2021-09-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_intercept.c:
+ Implement simple PATH resolution for execvp(). We want to use PATH
+ from the current value of the environment, not the initial value of
+ PATH when the policy was opened. This is a little different from how
+ real execvp() works since we use stat() instead of just execve().
+ [fae58e1962cc]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c:
+ Add support for execl, execle, execlp, execvp, and execvpe.
+ Currently, PATH traversal is handled by sudoers which uses the
+ original PATH, not the one updated by the shell.
+ [59dfbbd39bf6]
+
+2021-09-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y:
+ Remove conditional include of alloca.h, we don't define
+ HAVE_ALLOCA_H. The configure check for alloca() was removed long ago
+ but this got missed.
+ [4c64529df149]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Define RBAC and mention incompatibility with intercept/log_subcmds.
+ [a44d8f96cad6]
+
+2021-09-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_intercept.c:
+ Fix computation of the token address when handling a partial read.
+ We want to treat it as an array of bytes, not an array of tokens.
+ Coverity CID 240011
+ [0bb3fb3315ce]
+
+ * plugins/sudoers/parse.c:
+ Quiet a PVS-Studio format string warning.
+ [4e445c646dc8]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Regen .pot files.
+ [4cec17bc24da]
+
+ * plugins/sudoers/po/cs.po:
+ Updated translations from translationproject.org
+ [62fdbab57411]
+
+2021-09-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/Makefile.in:
+ regen
+ [a2f37ca5473b]
+
+ * configure, configure.ac, lib/util/sudo_conf.c, scripts/mkdep.pl,
+ src/Makefile.in, src/exec_common.c, src/exec_intercept.c:
+ Do not compile intercept code if --disable-intercept is specified.
+ [9d31e2822c24]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ We now intercept execv() too.
+ [f0eac891cb5c]
+
+ * INSTALL:
+ INSTALL: --disable-intercept will also disable "log_subcmds"
+ [55ddfdae455d]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/parse.c:
+ Can't use intercept or log_subcmds with SELinux RBAC. SELinux policy
+ will prevent the inherited socket from sudo from being used and may
+ also restrict the ability to connect back to the sudo process.
+ [b73409172859]
+
+ * m4/ax_prog_cc_for_build.m4:
+ Fix typo in comment.
+ [3259f09e6952]
+
+ * po/cs.mo, po/cs.po:
+ Updated translations from translationproject.org
+ [7543d0d50ee2]
+
+ * include/intercept.pb-c.h, src/exec_intercept.c,
+ src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h,
+ src/sudo_intercept_common.c:
+ Switch to a 128-bit token instead of a 64-bit secret. Protobuf
+ doesn't have a 128-bit type so use two u64s. We now support partial
+ reads of the token.
+ [e39ece25fb3b]
+
+2021-08-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, lib/util/Makefile.in, lib/util/regress/uuid/uuid_test.c,
+ lib/util/uuid.c:
+ Fix random uuid generation, no need to convert between byte order.
+ Also add regression test.
+ [fd2940acffc2]
+
+ * include/intercept.pb-c.h, src/exec_intercept.c,
+ src/intercept.pb-c.c, src/intercept.proto,
+ src/sudo_intercept_common.c:
+ sudo_intercept.so: send the secret immediately after connecting.
+ Sending the secret out of band, before the message size is read,
+ should make it harder to mount a DoS attack.
+ [4c8b6577bd8c]
+
+ * src/sudo_intercept_common.c:
+ Handle reading large messages that don't fit in a single recv(). We
+ know the length of what we are receiving so just loop until we have
+ it all, get EOF or an error.
+ [1b8aa927ea83]
+
+ * configure, configure.ac:
+ Add checks for -fstack-clash-protection and -Wl,-z,noexecstack We
+ use -Wc,-fstack-clash-protection as the linker flag to prevent
+ libtool from removing it from the link line.
+ [7cd701b5039e]
+
+ * src/exec_intercept.c:
+ Make the sudo side of the intercept socket non-blocking.
+ [3fe7129ea1f2]
+
+ * src/exec_intercept.c:
+ Handle partial read/write by dropping back into the event loop.
+ [fa216d963e18]
+
+ * src/exec_intercept.c:
+ intercept_check_policy: Fix double free introduced in last commit If
+ the command is not accepted we don't rebuild command_info[] and must
+ not free it. It will be freed by the policy instead.
+ [8bbd2af0924b]
+
+2021-08-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/intercept.pb-c.h, src/exec_intercept.c,
+ src/intercept.pb-c.c, src/intercept.proto,
+ src/sudo_intercept_common.c:
+ Update runcwd in command_info[] before passing it to the audit
+ plugin. Since sudoers does rejected commands itself the runcwd will
+ still not be correct for those.
+ [5462a5e1d760]
+
+ * src/exec_preload.c:
+ Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var.
+ [04d8d7750ff6]
+
+2021-08-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_intercept.c:
+ intercept_check_policy: fix potential NUL dereference on the error
+ path.
+ [4d1b3f39ccb1]
+
+ * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/policy.c, src/exec.c,
+ src/exec_common.c, src/exec_nopty.c, src/exec_pty.c, src/sudo.c,
+ src/sudo.h:
+ Rename log_children -> log_subcmds
+ [abd73fc939c3]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo,
+ po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ko.mo,
+ po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo,
+ po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
+ po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [f948528780fb]
+
+ * lib/util/sudo_debug.c:
+ Add sudo_debug_register_v2() stub for fuzzing build.
+ [ba522c0c2075]
+
+ * src/exec_intercept.c:
+ Fix use-after-free on error. Also remove useless free of a ptr that
+ is always NULL on the error path.
+ [75200535be80]
+
+ * src/exec_common.c:
+ No longer need to remap intercept fd but we do need to remap debug
+ fd. The intercept fd is closed in the ctor but the debug fd will
+ still be open.
+ [b48125b884f3]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in,
+ logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c,
+ plugins/sample_approval/sample_approval.c,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
+ src/sesh.c, src/sudo.c, src/sudo_intercept_common.c:
+ sudo_debug_register: add minfd argument to specify lowest fd number
+ Use this in sudo_intercept.so to avoid allocating a low-numbered fd
+ which the shell reserves for use by scripts.
+ [50b23c4d0531]
+
+ * src/exec_intercept.c:
+ Fix command name of sub-command in logs when log_children is set.
+ [c1b35686d8b4]
+
+2021-08-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ log_allowed: pass struct eventlog * instead of argv[] and envp[].
+ This lets us log based on the command_info[] list passed in from the
+ front-end. Previously, much of the struct eventlog was constructed
+ from internal sudoers state instead.
+ [4c4a7ddfeba3]
+
+ * include/sudo_compat.h:
+ sudo_compat.h: include unistd.h on HP-UX to safely redefine
+ pread/pwrite HP-UX 11.31 defines static functions for pread() and
+ pwrite() which will conflict with our macros.
+ [2dd64cdc261f]
+
+ * config.h.in, configure, configure.ac, include/intercept.pb-c.h,
+ src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
+ src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h,
+ src/sudo_intercept_common.c:
+ Change intercept IPC to use a localhost socket instead of inherited
+ fd. This allows intercept mode to work with shells that close all
+ open fds upon startup. The ctor in sudo_intercept.so requests the
+ port number and secret over the socket inherited from the parent
+ then closes it. For each policy request, a TCP connection is made to
+ the sudo parent process to perform the policy check. Child processes
+ re-use the TCP socket to request the port number and secret just
+ like the initial process started by sudo does.
+ [7e7e4a389f11]
+
+ * src/exec_intercept.c:
+ Add a state variable to intercept_closure, replaces policy_result.
+ [60fae103a4cd]
+
+ * plugins/sudoers/match_command.c:
+ command_matches: avoid printf("%s") of NULL in debug for sudo ALL.
+ [5c81c2c32b4c]
+
+ * Merge pull request #111 from commodo/fix-cflags
+
+ lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for
+ mksig{name,list}
+ [ee86d28da792]
+
+2021-08-25 Alexandru Ardelean <ardeleanalex@gmail.com>
+
+ * lib/util/Makefile.in:
+ lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for
+ mksig{name,list}
+
+ When cross-build support was added for mkig{name,list} was added,
+ the CFLAGS and CPPFLAGS should have been updated to the
+ HOSTCFLAGS/HOSTCPPFLAGS vars.
+
+ In a cross-build scenario, some of these flags don't match what the
+ compiler can understand (because they may be architecture specific)
+ and may fail the build.
+
+ Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
+ Also the output binary works on the target.
+
+ This is in continuation of
+ - https://github.com/sudo-project/sudo/pull/104
+ - https://github.com/sudo-project/sudo/pull/109
+
+ Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
+ [f76870e1a6c5]
+
+2021-08-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_intercept.c:
+ Fold intercept_closure_reset() into intercept_close().
+ [ff00ab240672]
+
+ * src/exec_preload.c:
+ Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD.
+ [e4cd1043c7bb]
+
+ * src/exec_preload.c:
+ Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD
+ vars.
+ [9044d0dff708]
+
+ * src/sudo_intercept.c:
+ Fix typo in macOS execv change.
+ [1c637d909382]
+
+2021-08-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c:
+ Add execv(3) support to sudo_intercept.so. This allows intercept to
+ work with csh which uses execv(3) not execve(2).
+ [690ebf72b6f8]
+
+2021-08-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Sync the list of functions trapped by sudo_noexec.so.
+ [b1f7799209ff]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Add a Debug example for sudo_intercept.so Don't try to enumerate all
+ the sudo programs that support debugging since all of them do.
+ [9c1201eaaca2]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Update sudoers Debug example to match the debug changes from sudo
+ 1.8.12.
+ [7c831aa9b6d5]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ sudo_intercept.so only intercepts execve(2) for now.
+ [7314abc72fb9]
+
+ * plugins/sudoers/parse.c:
+ Fix formatting for bound defaults with multiple entries in the
+ binding. The entries in the binding were separated with " ," instead
+ of ", ".
+ [14442701f793]
+
+ * MANIFEST, src/Makefile.in, src/intercept.exp:
+ Add exports file for sudo_intercept.so that only exports execve()
+ [ac97417435ab]
+
+ * src/Makefile.in, src/sudo_intercept.c, src/sudo_intercept_common.c:
+ Add some debugging to the sudo_intercept.so.
+ [2dee003b5cc7]
+
+ * config.h.in, configure, configure.ac:
+ Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). This
+ will define _LARGEFILE_SOURCE, if needed, to make the prototype
+ visible on older systems.
+ [3f4314f6a795]
+
+2021-08-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ We still need the pread/pwrite hack for HP-UX 11.11 at least. This
+ time around, avoid defining _LARGEFILE64_SOURCE and just declare
+ pread64/pwrite64 ourselves.
+ [66e01b14a10f]
+
+ * include/sudo_compat.h:
+ Fix prototypes for sudo_pread() and sudo_pwrite().
+ [15acfc576a71]
+
+ * src/exec_intercept.c:
+ intercept_fd_cb: store the passed fd in newfd, not fd only affects
+ the old BSD-style fd passing code, not POSIX-style.
+ [4b13aa4593ba]
+
+ * lib/util/Makefile.in:
+ Fix mksiglist and mksigname dependencies.
+ [31519cc5ec2b]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ set-user-ID and set-group-ID not set user-ID and set group-ID.
+ [0ddf5fedc896]
+
+ * NEWS:
+ The fix for bug #989 will make sudo 1.9.8. Also mention
+ intercept_authenticate and intercept_allow_setid.
+ [fa8b7444486b]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [c8993c070218]
+
+ * .gitignore, .hgignore, MANIFEST, aclocal.m4, configure,
+ configure.ac, lib/util/Makefile.in, lib/util/mksiglist.c,
+ lib/util/mksiglist.h, lib/util/mksigname.c, lib/util/mksigname.h,
+ lib/util/sys_siglist.h, lib/util/sys_signame.h,
+ m4/ax_prog_cc_for_build.m4:
+ Cross-build support for mksigname and mksiglist We must build these
+ with the host C compiler but use the target preprocessor to generate
+ the output.
+ [bf2919b63fb9]
+
+2021-08-19 a1346054 <36859588+a1346054@users.noreply.github.com>
+
+ * .clang-format, INSTALL, MANIFEST, autogen.sh, doc/LICENSE,
+ etc/sudo.pp, examples/Makefile.in:
+ Minor cleanup (#110)
+
+ * fix trivial shell script issues
+ * remove trailing whitespace
+ [f9d4de3dee50]
+
+2021-08-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_conf.c, plugins/sudoers/check.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/exptilde.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/mkdefaults, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsdump.c:
+ Replace messages like "unknown foo: %s" with "unknown foo %s". The
+ colon really doesn't belong there; we generally use a colon to
+ separate a message from the warning detail.
+ [a1b99c8821ae]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ log_server_peer_cert and log_server_peer_key are not required by
+ default. They are only required if sudo_logsrvd has tls_checkpeer
+ enabled.
+ [0d9099ce5d74]
+
+ * logsrvd/logsrvd_conf.c:
+ Sync warning messages with sudoers/logging.c Avoids 3 translation
+ strings that were effectively duplicated.
+ [eb058a820998]
+
+2021-08-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/protobuf-c/Makefile.in, src/Makefile.in:
+ regen
+ [ab9d4b22d7cb]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/match_command.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Add intercept_allow_setid sudoers option, disabled by default. With
+ this change, a shell in intercept mode cannot run a setuid or setgid
+ binary by default. On most systems, the dynamic loader will ignore
+ LD_PRELOAD for setuid/setgid binaries such as sudo which would
+ effectively disable intercept mode.
+ [cdb876f62882]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/match.c:
+ Always allocate a struct sudo_command for the command, even for ALL.
+ Previously we special-cased handling of ALL but this complicates
+ some upcoming changes.
+ [d552109d739c]
+
+2021-08-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/codespell.exclude:
+ Update TAGS_CHANGED macro based on parse.h
+ [261e4bad3f55]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Better document the limitations of intercept mode. Also mention
+ log_children under "Preventing shell escapes"
+ [0dfca8d0672d]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.8.
+ [ed2582c37765]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Try to clarify log_server_peer_key and log_server_peer_cert. These
+ are client-side not server-side.
+ [ffa4ee3e2557]
+
+ * logsrvd/logsrvd_conf.c:
+ Print the section when warning about an illegal key in the conf
+ file. This should make it easier to tell when a setting is present
+ in the wrong section.
+ [8150a7775155]
+
+2021-08-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ new_logline: limit offset to two significant digits after the
+ decimal Now instead of TSID=0001L3@5.168230749 we would log
+ TSID=0001L3@5.16.
+ [089f7a1285cb]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_journal.c:
+ Set umask to be less restrictive before creating parent directories.
+ Otherwise we could end up creating them with a more restrictive mode
+ than indended. Coverity CID 221592
+ [1bbb3621106a]
+
+ * lib/eventlog/eventlog.c:
+ new_logline: handle case where evlog is NULL
+ [e14ded2179e8]
+
+ * logsrvd/logsrvd_local.c:
+ store_alert_local: fix memory leak on error path Coverity CID 238642
+ [2a3c7fb50c38]
+
+ * plugins/sudoers/audit.c:
+ log_server_accept: fix memory leak of evlog when logging a sub-
+ command. Coverity CID 238643
+ [36a7325b3dc2]
+
+ * src/exec_intercept.c:
+ Fix memory leak when client requests secret. Move closure allocation
+ closer to where it is used.
+ [773ffe0cb216]
+
+ * logsrvd/logsrvd_local.c:
+ store_accept_local: fix return value on error
+ [de0d06a1ade2]
+
+2021-08-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ Cast iolog_offset.tv_sec to long long for %lld printf format. Quiets
+ a compiler warning on systems where tv_sec in struct timeval is not
+ long long.
+ [54d757357a00]
+
+ * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ lib/iolog/iolog_timing.c, plugins/sudoers/sudoreplay.c:
+ Add support for an optional offset when parsing the ID to replay.
+ The offset is a suffix in the form of @sec[.nanosec]
+ [f8cda41ea0ae]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
+ For intercepted commands, log an offset into the current I/O log.
+ This can be used with sudoreplay to jump to when a specific command
+ was executed within a session log.
+ [fd9431d7c878]
+
+ * logsrvd/logsrvd_local.c:
+ Don't overwrite closure->evlog for sub-commands.
+ [925c97582b1d]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Older Solaris has getusershell() et al but does not declare it.
+ [df4cd6a5e07f]
+
+ * src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
+ src/sudo_intercept_common.c:
+ Add missing stdint.h and sudo_rand.h includes. Needed for
+ arc4random() and uin64_t.
+ [47fd965524fe]
+
+ * include/intercept.pb-c.h, src/exec_intercept.c, src/exec_nopty.c,
+ src/exec_pty.c, src/intercept.pb-c.c, src/intercept.proto,
+ src/sudo_exec.h, src/sudo_intercept_common.c:
+ Pass a secret value to sudo_intercept.so and verify after policy
+ check. The goal is to make it harder for someone to have a fake
+ policy checker. This will not stop a determined adversary since the
+ secret is present in the address space of the running process.
+ [7938c63384df]
+
+2021-08-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_intercept.c:
+ Split off intercept code into exec_intercept.c.
+ [2c05715c4885]
+
+ * scripts/mkpkg:
+ Add trivial support for FreeBSD packages. The actual FreeBSD port
+ supports multiple options but this is sufficient for testing
+ purposes.
+ [6bb8a1cdf26c]
+
+ * scripts/pp:
+ FreeBSD: Set default directory and file mode if not specified in
+ %files Otherwise, a mode of 0 will be used, potentially rendering
+ the system unusable.
+ [a3be86a5f85f]
+
+ * plugins/sudoers/logging.c:
+ Use same check for intercepted commands as log_server_accept().
+ Previously, log_server_reject() and log_server_alert() just checked
+ whether client_closure has been set.
+ [41177f7c32f4]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/sudoers/log_client.c:
+ Call shutdown() on sockets before closing() if they are connected.
+ This should ensure that the other side sees any queued data before
+ the connection is dropped.
+ [beaafc6c17cf]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
+ plugins/sudoers/log_client.c:
+ If SSL_shutdown() returns 0 it needs to be called one more time.
+ [52bb0acfb659]
+
+ * plugins/sudoers/editor.c:
+ resolve_editor: sudoers_gc_remove(editor) before freeing it.
+ [534cc939264f]
+
+2021-08-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/mksigname.h, lib/util/siglist.in:
+ Sync siglist.in with the generated files. The change to prefer
+ SIGSYS over SIGUNUSED wasn't made to siglist.in. Also, mksigname.c
+ doesn't need to explicitly set sudo_sys_signame[0].
+ [c331b05f8fc5]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
+ plugins/sudoers/gc.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add garbage collection to resolve_editor(). Fixes a leak when
+ evaluating the policy multiple times if sudoedit is set.
+ [ab011d864e87]
+
+2021-08-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_common.c:
+ Fix compilation when configure option --disable-shared is specified.
+ [98687e01c8e4]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/check.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add intercept_authenticate sudoers option, defaults to false. By
+ default, sudoers will not require authentication of commands run via
+ an intercepted session. To require authenticaton of subsequent
+ commands, enable intercept_authenticate in sudoers.
+ [b428c75da1ad]
+
+ * config.h.in, configure, configure.ac, src/exec.c,
+ src/sudo_intercept_common.c:
+ If msg_control is not present in struct msghdr use msg_accrights
+ instead. Fixes building on Solaris and probably others. It is
+ possible to expose msg_control on Solaris but this requires a
+ specific set of feature flag defines which can cause other
+ complications.
+ [6ee77b869a8c]
+
+ * configure, configure.ac, src/exec_preload.c:
+ Require that our dso be first in the list to make sure it takes
+ effect. Otherwise, another dso could take precedence and ours would
+ not be run.
+ [58ba4086357c]
+
+ * configure, configure.ac, pathnames.h.in, src/Makefile.in,
+ src/exec_preload.c:
+ If building with address sanitizer make sure its DSO is first.
+ Address sanitizer requires that it be preloaded before any other DSO
+ in LD_PRELOAD. This should not be required for clang, which links in
+ asan statically by default.
+ [a812062f42a8]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Plug some memory leaks when sudoers_policy_main is called multiple
+ times. These would get cleaned up a policy close time but we don't
+ want to bloat sudo's memory footprint when running a shell with
+ multiple commands.
+ [7fee001ffeae]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
+ plugins/sudoers/logging.c:
+ Fix logging intercepted commands to a log server in sudoers. Only
+ available when the server supports the subcommands capability.
+ [5975770561de]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Use a separate uuid for intercepted commands. We use the uuid to
+ match the command with its exit status.
+ [467f0db6e2c6]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Avoid some double frees in the fuzzer Now that sudoers free old
+ values of NewArgv and command_info the fuzzer needs to reset those
+ values. Otherwise we end up with stashed values that have already
+ been garbage collected.
+ [2a1b5808d272]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.8
+ [bc96c8f95abf]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/policy.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Add "intercept" Defaults setting to allow interception of sub-
+ commands. This causes "intercept" to be set to true in
+ command_info[] which the sudo front-end will use to determine
+ whether or not to intercept attempts to run further commands, such
+ as from a shell. Also add "log_children" which will use the same
+ mechanism but only log (audit) further commands.
+ [f42e11c0fde9]
+
+ * INSTALL, configure, configure.ac, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, examples/sudo.conf.in, include/sudo_conf.h,
+ lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in,
+ src/Makefile.in, src/exec.c, src/exec_common.c, src/selinux.c,
+ src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
+ Add support for loading the sudo_intercept.so DSO.
+ [47d84cc8a8ed]
+
+ * include/sudo_compat.h, src/exec.c, src/exec_common.c,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/selinux.c,
+ src/sesh.c, src/sudo_exec.h:
+ Allocate a socketpair to communicate with sudo_intercept.so over.
+ This is used for the intercept and log_children options.
+ [b40091760952]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/file.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Make it possible to call the sudoers policy check function multiple
+ times. We need to reset the Defaults values to their original state.
+ [3187e87d7fb6]
+
+ * plugins/sudoers/set_perms.c:
+ Allow set_perms(PERM_INITIAL) to be called more than once. If the
+ perm stack depth is non-zero when set_perms(PERM_INITIAL) is called,
+ rewind it first and re-initialize the stack depth to 0. Fixes a
+ user-after-free bug if set_perms(PERM_INITIAL) is called multiple
+ times.
+ [fdf9a2e07eb1]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Use run_argv and run_envp passed into the audit plugin for event
+ logging. Previously we used NewArgv[] and env_get() but now that
+ logging is performed via an audit plugin we should use the values
+ passed in.
+ [d8e031fc2389]
+
+ * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
+ include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
+ lib/logsrv/log_server.proto, logsrvd/logsrvd.c:
+ Allow multiple accept/reject messages during a logsrv conversation.
+ The log server now advertises a subcommands flag if it supports
+ logging subcommands (e.g. commands run from a sudo-spawned program
+ like a shell). The client should only log additional commands during
+ a session if this flag is set in the ServerHello message.
+ [5b88982604e8]
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ lib/logsrv/Makefile.in, lib/logsrv/protobuf-c.c,
+ lib/protobuf-c/Makefile.in, lib/protobuf-c/protobuf-c.c:
+ Add separate convenience lib for protobuf-c We need to use it for
+ sudo <-> sudo_intercept.so communication.
+ [9529d7f9db18]
+
+ * MANIFEST, include/intercept.pb-c.h, src/Makefile.in,
+ src/intercept.pb-c.c, src/intercept.proto:
+ Define protocol for sudo <-> sudo_intercept.so communication. Uses
+ google protocol buffers.
+ [139ba292e226]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Implement the sudo side of the sudo_intercept.so communication.
+ [4a7face9ed17]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
+ src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c:
+ Implement sudo_intercept.so. Uses protobuf to talk to main sudo
+ process over a socketpair.
+ [fc21ae0f663e]
+
+ * src/sudo.c, src/sudo.h:
+ Add return values for most of the plugin function wrappers that
+ returned void. Previously, they would just exit if there was an
+ error. Now the error is passed back up the stack so we can use them
+ in sudo_intercept.so.
+ [87cb4b0e7dff]
+
+ * src/sudo.c:
+ Reduce the number of function args passed to plugin wrappers. This
+ makes sudo_settings, user_info, submit_argv, submit_envp and
+ submit_optind global. This will be required for calling the wrapper
+ from outside of sudo.c where we may not have access to those
+ variables.
+ [525bffcf911c]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Call the approval plugin after the policy plugin accepts a command.
+ Previously, for intercepted commands we only called the policy
+ plugin.
+ [4df18aaa8708]
+
+ * src/exec.c:
+ Take control of the tty and save its settings before doing a policy
+ check. Otherwise the policy plugin won't be able to read the
+ password.
+ [6a422974d472]
+
+ * MANIFEST, src/Makefile.in, src/exec_common.c, src/exec_preload.c,
+ src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c:
+ Move preload_dso() to its own file and rename to sudo_preload_dso().
+ It now takes an intercept fd as an optional argument instead of a
+ list of extra variables to add. This lets us check whether it is
+ already set to the expected value (and add it if not).
+ sudo_intercept.so now uses sudo_preload_dso() to make sure that
+ LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing.
+ [447e96378d01]
+
+ * src/exec_preload.c, src/sudo_intercept_common.c:
+ Add debug support to sudo_intercept.so
+ [586ea125cebb]
+
+ * src/exec.c, src/exec_nopty.c, src/exec_pty.c:
+ Make the log_children option only log and not check policy.
+ [0524c7e87174]
+
+ * plugins/sudoers/prompt.c:
+ expand_prompt: use correct strlcpy() size parameter The available
+ size passed to strlcpy() was computed incorrectly. Switch to
+ updating the length after writing to the new prompt instead of
+ computing it each time. The actual buffer size is computed and
+ allocated correctly so there is no real consequence to this bug.
+ Found by Qualys.
+ [c03f1c2f8f35]
+
+2021-08-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf:
+ The tls_verify setting only affects server behavior, not the client.
+ Originally, there was a flag in the ServerHello message to indicate
+ that the client should verify the server cert, but this was removed
+ TLS was moved to a separate port. Client validation of the server
+ certificate is now configured in the sudoers file instead.
+ [344b51f3eee3]
+
+2021-08-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ On macOS, don't disable tty tickets and set password timeout to 0.
+ This more closely matches the options used by the macOS version of
+ sudo.
+ [bd21c492921c]
+
+ * plugins/sudoers/find_path.c:
+ Add some debugging info to find_path()
+ [dd7aebb432d6]
+
+2021-07-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_mkdtemp.c:
+ iolog_mkdtemp: umask must not be more restrictive than the file
+ modes. We need this even though we will be calling mkdtemp() since
+ the umask affects the mode of any parent directories.
+ [c545b3369eae]
+
+2021-07-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/visudo.c:
+ Plug memory leak in error path when sudoers cannot be opened.
+ [3df6b32149b8]
+
+ * plugins/sudoers/defaults.c:
+ Trying to use "+=" or "-=" operators on a non-list is an error.
+ Previously, they were simply treated as "=" for non-lists.
+ [3e0d47d0b4ea]
+
+ * src/regress/net_ifs/check_net_ifs.c:
+ Plug a memory leak in check_net_ifs found by address sanitizer.
+ [bff1ad993476]
+
+ * configure, configure.ac:
+ Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS.
+ Otherwise libtool may ignore the options when linking.
+ [ed1120f3813d]
+
+2021-07-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/tls_init.c:
+ Display the correct error message if X509_verify_cert() fails. We
+ must use X509_STORE_CTX_get_error() and
+ X509_verify_cert_error_string() instead of the generic OpenSSL error
+ functions.
+ [778bbbe68e28]
+
+ * lib/eventlog/eventlog.c:
+ In new_logline check for NULL args->reason for EVLOG_RAW. This can't
+ happen in practice since we never set EVLOG_RAW without passing in a
+ reason. Coverity CID 237142 237143
+ [83f9038151db]
+
+ * lib/eventlog/eventlog.c:
+ format_json: don't dereference evlog if it is NULL. Also silence a
+ PVS Studio false positive.
+ [150039f65d26]
+
+2021-07-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_7p2 for changeset 590e06825ec4
+ [cf3865846c94] <1.9>
+
+ * configure, configure.ac:
+ Bump version to 1.9.7p2
+ [590e06825ec4] [SUDO_1_9_7p2] <1.9>
+
+ * configure, configure.ac:
+ Bump version to 1.9.7p2
+ [388bf6af8434]
+
+ * NEWS:
+ Sudo 1.9.7p2
+ [c3bd2eb0d779] <1.9>
+
+ * NEWS:
+ Sudo 1.9.7p2
+ [153a6c96a8ec]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ logsrvd/tls_client.c, logsrvd/tls_init.c,
+ plugins/sudoers/log_client.c:
+ Use TLS_method() instead of TLS_client_method() throughout. OpenSSL
+ returns an error for SSL_accept() if TLS_client_method() was used to
+ generate the context (LibreSSL doesn't care).
+
+ Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
+ were used in the TLS client and server initialization code
+ respectively. This was refactored in sudo 1.9.7 to allow the code to
+ be shared. Bug #988
+ [f2bf4aca30d4] <1.9>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ logsrvd/tls_client.c, logsrvd/tls_init.c,
+ plugins/sudoers/log_client.c:
+ Use TLS_method() instead of TLS_client_method() throughout. OpenSSL
+ returns an error for SSL_accept() if TLS_client_method() was used to
+ generate the context (LibreSSL doesn't care).
+
+ Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
+ were used in the TLS client and server initialization code
+ respectively. This was refactored in sudo 1.9.7 to allow the code to
+ be shared. Bug #988
+ [1ca00726b4d6]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Only replace getaddrinfo for
+ FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue
+ on SCO which uses inline functions in the header files which call
+ the actual, versioned, library function.
+ [f010d83f0168] <1.9>
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Only replace getaddrinfo for
+ FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue
+ on SCO which uses inline functions in the header files which call
+ the actual, versioned, library function.
+ [64cbf884b7f9]
+
+2021-07-26 MertsA <andrewmerts@gmail.com>
+
+ * src/utmp.c:
+ Rewind utmp file pointer after searching for entry (#108)
+
+ getutline() advances the file pointer until it matches or reaches
+ EOF. pututline() starts from the current position in utmp. This
+ rewinds the file pointer to the beginning to avoid allocating
+ additional spurious utmp entries.
+ [af1463026fd1] <1.9>
+
+ * src/utmp.c:
+ Rewind utmp file pointer after searching for entry (#108)
+
+ getutline() advances the file pointer until it matches or reaches
+ EOF. pututline() starts from the current position in utmp. This
+ rewinds the file pointer to the beginning to avoid allocating
+ additional spurious utmp entries.
+ [142555f7a47e]
+
+2021-07-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, m4/sudo.m4:
+ Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where
+ possible.
+ [7b0fb8de8276]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Add configure check for va_copy instead of using #ifdef This
+ prevents the va_copy compat #define from being used if sudo_compat.h
+ is somehow included before stdarg.h.
+ [6d283753e47b] <1.9>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Add configure check for va_copy instead of using #ifdef This
+ prevents the va_copy compat #define from being used if sudo_compat.h
+ is somehow included before stdarg.h.
+ [fcfd53b859ac]
+
+2021-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/limits.c:
+ Avoid using RLIM_INFINITY for the nofile soft limit to prevent
+ closefrom_fallback() from closing too many file descriptors.
+ [edbcd5c82d4d] <1.9>
+
+ * src/limits.c:
+ Avoid using RLIM_INFINITY for the nofile soft limit to prevent
+ closefrom_fallback() from closing too many file descriptors.
+ [e807ca9bfb6a]
+
+ * plugins/sudoers/logging.c:
+ Include signal.h for SIG2STR_MAX and sig2str().
+ [ad17a1be07e2]
+
+2021-07-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ logsrvd/iolog_writer.c, plugins/sudoers/logging.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ Create a UUID and log it in the JSON version of the event log.
+ [8a1ad98fac51]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
+ Remove unused info_cb and info arguments from eventlog_exit()
+ [c614ef1afa12]
+
+2021-07-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c:
+ Add support for logging exit status events. For sudo-formatted logs,
+ this is a record with "EXIT=number" and potentially "SIGNAL=name"
+ after the command. For JSON-format logs, a new "exit" record is
+ logged which contains an "exit_value" and potentially "signal" and
+ "core_dumped". JSON-format logs now incude a UUID to associate the
+ "exit" record with the "accept" record.
+ [52e40ae4b79a]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Add log_exit_status sudoers option to log when a command exits. This
+ option defaults to off.
+ [cac3ca7ad193]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c:
+ Add log_exit setting in the sudo_logsrvd.conf eventlog stanza This
+ causes sudo_logsrvd to log a record with the exit status or
+ terminating signal in response to an ExitMessage.
+ [1a15f676974a]
+
+2021-07-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/python_plugin_common.c:
+ Check that the python module we actually loaded is what we intended.
+ This is intended to provide a more useful error message if the user
+ defines a module which conflicts with a system python module. For
+ example, a module called test.py would conflicts with the system
+ python test module.
+ [345523b6e87d] <1.9>
+
+ * plugins/python/python_plugin_common.c:
+ Check that the python module we actually loaded is what we intended.
+ This is intended to provide a more useful error message if the user
+ defines a module which conflicts with a system python module. For
+ example, a module called test.py would conflicts with the system
+ python test module.
+ [0676191e4741]
+
+2021-07-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/CONTRIBUTORS:
+ Mention that xkcd inspired the sandwich logo.
+ [c7839328e21f]
+
+ * doc/HISTORY:
+ Mention log server and fuzzers under Quest contributions.
+ [f4a081f75cd0]
+
+2021-06-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sesh.c, src/sudo.c, src/sudo_edit.c:
+ Don't assume that the number of groups returned by getgroups() is
+ static. On systems where getgroups() returns results based on more
+ than just the per-process group vector in the kernel it is possible
+ for the number of groups to change in between invocations. Based on
+ GitHub PR #106 from Pierre-Olivier Martel.
+ [832fa2480024] <1.9>
+
+ * src/sesh.c, src/sudo.c, src/sudo_edit.c:
+ Don't assume that the number of groups returned by getgroups() is
+ static. On systems where getgroups() returns results based on more
+ than just the per-process group vector in the kernel it is possible
+ for the number of groups to change in between invocations. Based on
+ GitHub PR #106 from Pierre-Olivier Martel.
+ [dbc7a173a7b8]
+
+ * doc/Makefile.in:
+ Use "mandoc -Tlint -Wwarning" instead of -Wstyle. The style checks
+ now include "referenced manual not found" warnings which is not
+ helpful.
+ [251757f22498]
+
+2021-06-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/Makefile.in, src/Makefile.in:
+ regen
+ [c6a21b385d57]
+
+2021-06-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/fuzzstub/fuzzstub.c:
+ Change ms from size_t to long. Avoids a spurious test failure on
+ Solaris 9
+ [5e204b959000] <1.9>
+
+ * lib/fuzzstub/fuzzstub.c:
+ Change ms from size_t to long. Avoids a spurious test failure on
+ Solaris 9
+ [c26f8d233ea9]
+
+ * plugins/sudoers/interfaces.c, src/net_ifs.c:
+ Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes
+ compilation on Solaris 9.
+ [d05bca21f145] <1.9>
+
+ * plugins/sudoers/interfaces.c, src/net_ifs.c:
+ Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes
+ compilation on Solaris 9.
+ [9da2276cf944]
+
+2021-06-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Fix dead store found by clang analyzer.
+ [5c85aeef651e]
+
+ * logsrvd/logsrvd_conf.c:
+ Fix prefix skipping when the prefix is embedded and not separate.
+ This doesn't currently matter since the progname and the ": " are
+ stored in separate messages. Found by clang analyzer.
+ [321e90e1b347]
+
+ * logsrvd/logsrvd_relay.c:
+ Remove dead store found by clang analyzer.
+ [5fd56f26e1ba]
+
+2021-06-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/audit_json/audit_json.c:
+ Make sure we store an octal number (like umask) as a string. JSON
+ doesn't (portably) support octal numbers with a leading zero.
+ [a0c8392f2f7a] <1.9>
+
+ * plugins/audit_json/audit_json.c:
+ Make sure we store an octal number (like umask) as a string. JSON
+ doesn't (portably) support octal numbers with a leading zero.
+ [3ac37bb42f1e]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Replace logsrvd_is_early() with logsrvd_warn_stderr(). This is now
+ defined in logsrvd_conf.c which removes a dependency on another
+ compilation unit for the fuzzer.
+ [3594cf3ec397]
+
+2021-06-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_local.c:
+ Silence a compiler warning on Solaris.
+ [fd9ba461b601]
+
+ * logsrvd/logsrvd.c:
+ Reduce scope of errstr variable so it is only declared for OpenSSL.
+ [eebe09a17f4b]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [05b8391c6d13]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
+ logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_init.c:
+ Use sudo_warnx?() instead of sudo_debug_printf for errors. We now
+ hook the warn functions so the messages are logged. The messages
+ still show up in the debug log too.
+ [9e25dc71b4cc]
+
+2021-06-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/vsyslog.c,
+ scripts/mkdep.pl:
+ Remove vsyslog(3) emulation, it is no longer used.
+ [7d1b78c2037a]
+
+2021-06-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_conf.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ If logsrvd_config not set fall back to using stderr for warnings.
+ Also fix fuzz_logsrvd_conf link error.
+ [eeaafe1b3e09]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ Add support for logging server warning/error messages. We can use
+ sudo_warn_set_conversation() to set a conversation function that
+ either writes to a log file or calls syslog().
+ [5d8e13f053d0]
+
+2021-06-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_7p1 for changeset d936a99e842d
+ [9bc246c519f3] <1.9>
+
+ * Merge sudo 1.9.7p1 from tip
+ [d936a99e842d] [SUDO_1_9_7p1] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.7p1
+ [29f478993ef3]
+
+2021-06-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/audit_json/audit_json.c:
+ Check arrays that are passed in for NULL before using them.
+ [925ba5b0f2cb]
+
+ * configure, configure.ac:
+ Disable nss_search()-based group lookups on HP-UX for now. There is
+ a crash when "group: compat" is used in /etc/nsswitch.conf that I
+ haven't been able to debug. Since HP-UX doesn't ship the appropriate
+ headers it is likely that there is a mismatch between
+ include/compat/nss_dbdefs.h and what HP actually uses.
+ [28b00005c785]
+
+2021-06-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Remove logsrvd closure ERROR state and use a boolean flag instead.
+ Fixes a bug where we would not insert a journal file that failed to
+ relay into the queue because its state was changed from CONNECTING
+ to ERROR after failing to connect.
+ [638285a4bedb]
+
+ * include/compat/nss_dbdefs.h, lib/util/getgrouplist.c:
+ Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. Add
+ some function argument names. Also use struct nss_db_state * instead
+ of void * in nss_db_root_t. We don't define struct nss_db_state but
+ since it is a pointer all we need is a forward declaration.
+ [bc848fb97671]
+
+2021-06-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/fuzzstub/fuzzstub.c, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in:
+ Make sure we link with libsudo_util *after* libfuzzstub. This only
+ affects builds with a static libsudo_util. Also fix a warning on HP-
+ UX about main not being public.
+ [18ff1f108c4e]
+
+ * MANIFEST, lib/util/Makefile.in,
+ lib/util/regress/getgrouplist/getgids.c:
+ Add getgids utility to simular "id -G" using sudo_getgrouplist2()
+ [aed11065818d]
+
+ * lib/util/getgrouplist.c:
+ Make sure we don't read or write past the end of the group buffer.
+ We need to leave room for the terminating NULL in gr_mem. It is
+ possible for gbm->numgids > gbm->maxgids if we ran out of room.
+ [25a3ee849fd4]
+
+2021-06-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/getgrouplist.c:
+ Add some debugging to sudo_getgrouplist2().
+ [4d79e92c8ee8]
+
+2021-06-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/load_plugins.c:
+ Fix some debug_decl typos and remove an unneeded cast.
+ [fafa91ac3def]
+
+ * plugins/sudoers/defaults.h:
+ T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2.
+ [66019af6d642]
+
+2021-05-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/load_plugins.c:
+ sudo_stat_plugin(): set errno but do not warn if plugin path too
+ long. The caller will display the warning (using errno) so there is
+ no need to do it twice.
+ [c8614b374a35]
+
+2021-05-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ sudoreplay does not parse sudoers to find the value of iolog_dir.
+ The default value for the I/O log directory is set at build time.
+ [3cf72612e992]
+
+ * plugins/sudoers/policy.c:
+ Fix group list ref leak in sudoers_policy_store_result() on error
+ path.
+ [34785448a275]
+
+2021-05-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Update comment to match reality.
+ [ec3e0a40d1ec]
+
+2021-05-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, scripts/ltmain.sh, src/Makefile.in:
+ Build sudo_noexec.so as a module on systems other then Darwin. On
+ Darwin, shared modules and shared libraries are not interchangable
+ and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
+ must be a library, not a module. We must relax the requirement that
+ libraries begin with a "lib" prefix to work around this difference.
+ This does mean you must use sudo's libtool on Darwin (macOS) but
+ that is already a requirement on other systems (notably HP-UX and
+ SCO) due to a number of libtool patches we require that haven't be
+ accepted upstream. This is a different fix for PR #102.
+ [2e5454c56d3c]
+
+ * configure, configure.ac:
+ Use -Wno-deprecated-declarations on macOS This quiets warnings about
+ LDAP and audit libraries being deprecated. We will use them until
+ they are removed in a future version of macOS.
+ [6fbdf644865c]
+
+2021-05-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Use /usr/bin/cc on FreeBSD and macOS.
+ [7d6bcea0e544]
+
+ * plugins/sudoers/log_client.c:
+ Don't include errno in "unable to connect to log server" message.
+ There should be a more specific message, usually with an error
+ string, displayed earlier.
+ [e599f9b0fd1c]
+
+ * src/ttyname.c:
+ Fix compiler warning on FreeBSD.
+ [2c6fc866fb5b]
+
+ * lib/iolog/hostcheck.c:
+ Explicitly include netinet/in.h for struct sockaddr_in and
+ sockaddr+_in6. Fixes a compilation problem on FreeBSD.
+ [2277c8f37c34]
+
+2021-05-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_7 for changeset f0ce54d4288c
+ [58968ec7a457] <1.9>
+
+ * Merge sudo 1.9.7 from tip
+ [f0ce54d4288c] [SUDO_1_9_7] <1.9>
+
+2021-05-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po:
+ Updated translations from translationproject.org
+ [3d6d49097b98]
+
+ * plugins/sudoers/log_client.c:
+ Better warning when close function is passed a non-terminal signal.
+ [8b8628249e4d]
+
+ * logsrvd/logsrvd_local.c:
+ Remove line causing store_suspend_local() to return false on
+ success. This is something that should have been removed as part of
+ the local I/O logging refactor.
+ [e8ae1e61b8b2]
+
+ * src/exec_pty.c:
+ Don't set the command status in the closure when the command is
+ suspended. This should only be set for signals that terminate the
+ process. Fixes a bug where the sudo front-end could call the plugin
+ close function with a non-terminal signal argument.
+ [a95024bfb6e8]
+
+2021-05-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c:
+ Quiet -Wshadow warnings from gcc.
+ [7ff2985ba650]
+
+ * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ The -g option may also be used with any group the target user
+ belongs to. The description in the Runas_Spec section incorrectly
+ stated that the -g option could not be used if no runas group was
+ set. Bug #975.
+ [67d1948d1aa8]
+
+ * configure, configure.ac:
+ Remove redundant "configuring Sudo version X.YY" line. We now
+ display this along with the summary info at the end.
+ [0d7c908f8d4c]
+
+ * configure, configure.ac:
+ Don't check for -Wl,-z,relro twice.
+ [a30dce71fb26]
+
+2021-05-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ Updated translations from translationproject.org
+ [9303a20fe480]
+
+ * scripts/mkpkg:
+ Build python plugin for RHEL 6 as well.
+ [edaa6ec0e255]
+
+ * configure, configure.ac:
+ Remove shell-style quotes in configure warning/error/notice
+ messages. Square bracket quotes are used, no need for shell-style
+ double quotes.
+ [e6de284df511]
+
+ * NEWS, configure, configure.ac:
+ Summarize configure settings after all tests have run. This makes it
+ a lot easier to see what features have been enabled.
+ [12ea96affed5]
+
+2021-05-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, configure, configure.ac:
+ Remove --with-efence option, there are better options available.
+ [78fd5ceb2c52]
+
+ * NEWS:
+ Move misplaced changes into the 1.9.7 section where they belong.
+ [1519f7a4669b]
+
+ * lib/util/regress/sudo_conf/conf_test.c:
+ Awful hack to pass on macOS where group_source=dynamic by default.
+ [b038bfab8c34]
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/ca.mo,
+ po/ca.po, po/it.mo, po/it.po, po/sr.mo, po/sr.po:
+ Updated translations from translationproject.org
+ [7b156da85d13]
+
+ * NEWS:
+ Document late stage 1.9.7 changes.
+ [28756df7dcb4]
+
+ * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
+ logsrvd/sendlog.c, logsrvd/sendlog.h:
+ sudo_sendlog: rename -m (max-time) to -s (stop-after).
+ [4f016111b242]
+
+ * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c:
+ Update closure->elapsed_time in journal_seek(). Otherwise the commit
+ point messages won't be accurate when restarting.
+ [6cd4db44b8ee]
+
+ * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
+ logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Add "-m elapsed" option to specify the max elapsed time of records
+ to send. Useful for testing the ability of the server to handle
+ restarted log transfers.
+ [cd9c9235e320]
+
+2021-05-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
+ Disable reading from client or relay when sending error to client.
+ We treat an error from the relay as fatal and must stop processing
+ data from both client and relay to make sure we don't get out of
+ sync.
+ [258f9691b3d9]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c:
+ Fix I/O log restart of locally-store logs. This got broken a while
+ ago when evlog in struct connection_closure was changed to a
+ pointer.
+ [8b59122891f9]
+
+ * scripts/pp:
+ Fix detection of the volatile flag when other flags are present.
+ Otherwise flags fields like "volatile,ignore-other" will be ignored
+ by the Debian and BSD back ends.
+ [0d120b9eab71]
+
+ * src/limits.c:
+ Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) fails.
+ GitHub issue #101
+ [7d266c174457]
+
+ * logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
+ logsrvd/tls_common.h, plugins/sudoers/log_client.c:
+ Don't hard-code the TLS connect timeout, use normal connect timeout.
+ For sudo_logsrvd, this is the relay connect_timeout setting. For
+ sudoers, this is the log_server_timeout setting.
+ [49e29f187f5a]
+
+2021-05-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_queue.c:
+ Add missing closedir(3) in logsrvd_queue_scan(). Coverity CID 221591
+ [e9745c64a721]
+
+ * NEWS:
+ Mention "log_server_verify" bug fix.
+ [a70060c34e7a]
+
+ * configure, configure.ac, doc/sudo_logsrvd.conf.man.in,
+ doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf,
+ m4/sudo.m4, pathnames.h.in:
+ Rename logsrvd log dir to /var/log/sudo_logsrvd.
+ [fb979be9927e]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_queue.c:
+ Make the failed relay retry interval configurable. This is the
+ amount of time to wait before trying to resend a journal to the
+ relay server after a connection error.
+ [cbc04201a63e]
+
+2021-05-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_journal.c, logsrvd/logsrvd_queue.c,
+ logsrvd/logsrvd_relay.c:
+ Send outgoing messages to the relay server on startup. Also attempt
+ to retry messages that could not be relayed periodically.
+ [7ed12983af85]
+
+ * lib/util/fatal.c:
+ Avoid clobbering errno in warning().
+ [3282a7db7f51]
+
+ * logsrvd/logsrvd_relay.c:
+ Set relay name string to NULL after dropping the reference.
+ Otherwise it is possible to decrement the reference more than once.
+ [245d4e60ea21]
+
+2021-04-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog.c:
+ Fix cut & pasto that prevented the verify_server option from being
+ set. The "log_server_verify" setting passed from the policy plugin
+ was applied to the "keepalive" option instead of "verify_server".
+ From Krisztian Kovacs.
+ [06f716981ad0]
+
+2021-04-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
+ logsrvd/logsrvd.c:
+ Write client and server information to debug file on SIGUSR1 This
+ can be used to debug client problems such as a connection not being
+ closed as expected.
+ [e6e3a4ba02f4]
+
+ * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in:
+ Document journal file directories in store_first mode.
+ [a08de0c20127]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c:
+ Create journal files in an incoming directory, move to outgoing when
+ complete. This will make it possible to process completed journal
+ files periodically if the relay server is down.
+ [5ced00c6eb7e]
+
+ * logsrvd/logsrvd_relay.c:
+ Add missing connection_close() call for relay-only connections. For
+ an immediate relay we will close the connection when the client
+ disconnects (or there is a timeout). However, for store-and-forward
+ mode the client has already disconnected at the time we are
+ relaying.
+ [e51e98489c6d]
+
+2021-04-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [4aa3f848b223]
+
+ * logsrvd/logsrvd_conf.c:
+ Replace non-ascii characters in warning string.
+ [5e99ac170a15]
+
+ * lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/editor/check_editor.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/regress/unescape/check_unesc.c:
+ Quiet clang analyzer false positive in regress tests.
+ [190ad1f287d8]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_local.c:
+ Move local iolog log functions to logsrvd_local.c
+ [e16e2a1d8209]
+
+ * logsrvd/logsrvd_relay.c:
+ Better client error reporting on relay server connection error. More
+ detailed error messages may be found in the debug log.
+ [d0807790327d]
+
+ * logsrvd/logsrvd.c:
+ Update debug pid string when sudo_logsrvd becomes a daemon.
+ [33069e2da7d5]
+
+2021-04-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Must call SSL_shutdown() before closing the underlying socket. This
+ got broken by some code rearrangement when relay mode was added.
+ [a3a8c4d10565]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
+ Recover if the client or relay server closes the TLS connection
+ uncleanly. The other end of the connection should perform a proper
+ TLS shutdown but as long as we are in the correct state there is no
+ need to treat this as a user-visible error.
+ [90887bc2235f]
+
+ * NEWS, aclocal.m4, configure, configure.ac:
+ Sudo 1.9.7
+ [c1ea457eca11]
+
+ * MANIFEST, plugins/python/Makefile.in, plugins/python/lsan_suppr.txt:
+ Add a suppression file for the libpython leaks. This is a big hammer
+ but it seems like the best we can do for now. Allows "make check" to
+ succeed when address sanitizer is used.
+ [4500cd1e835e]
+
+2021-04-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
+ plugins/sudoers/regress/editor/check_editor.c:
+ When spliting EDITOR check for escaped quote characters. Also add
+ check_editor to sudoers "make check".
+ [0d8001299358]
+
+2021-04-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
+ plugins/sudoers/regress/editor/check_editor.c:
+ Treat a lone backslash at the end of a string as a literal
+ backslash. GitHub issue #99
+ [40a53e523003]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in:
+ Fix typo.
+ [614379733a17]
+
+2021-04-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.c:
+ Avoid a potential NULL dereference when mutating args_str. Coverit
+ CID 221401
+ [69f3c7f8e524]
+
+ * logsrvd/logsrvd_journal.c:
+ Avoid calling fread() with a NUL buffer if msg_len is 0. Coverity
+ CID 221399
+ [ed605b7a3186]
+
+ * logsrvd/logsrvd.c:
+ Set a restrictive umask so new files are only read/write by owner.
+ Coverity CID 221402
+ [595465e4baa2]
+
+ * logsrvd/logsrvd.c:
+ In connection_closure_free() only close sock if it is not -1. When
+ relaying from a journal there will be no socket. Coverity CID 221403
+ [fd4f27067c3f]
+
+ * logsrvd/logsrvd.c:
+ Avoid potential NULL dereference in get_free_buf(). Coverity CID
+ 221400
+ [6cb5491bf812]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
+ Remove some now-dead code in the error path. Coverity CID 221397 and
+ 221398
+ [edc860f72f98]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_relay.c:
+ Use function pointers for each client message type instead of
+ conditionals. This separats out the message handler from the
+ functions that store or relay the message contents.
+ [f596480880fa]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
+ Add enqueue_error_message() helper function. Formats and enqueues an
+ error message and enables the write event.
+ [122bd89fe5e3]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c,
+ logsrvd/logsrvd_relay.c:
+ Forward the journaled entry after it has been stored locally.
+ [a187d5a7ea28]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c:
+ Stash the value of the store_first config setting in
+ connection_closure. If the configuration changes it should not
+ affect a connection that is already in progress.
+ [6617c2b7ece5]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_journal.c, logsrvd/logsrvd_relay.c:
+ Journal messages to disk when store_first is set in the relay
+ section. Instead of forwarding messages immediately, they are
+ journaled locally in wire format. This will be used to implement
+ relay store-and-forward mode.
+ [aa0c537258e7]
+
+ * INSTALL, configure, configure.ac, doc/sudo_logsrvd.conf.man.in,
+ doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.mdoc.in,
+ logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, m4/sudo.m4,
+ pathnames.h.in:
+ Add configuration for sudo_logsrvd store-and-forward mode. Adds
+ "relay_dir" and "store_first" settings to sudo_logsrvd.conf in the
+ [relay] section. Also adds a --with-relaydir configure argument to
+ change the default value (usually /var/log/logsrvd-relay.
+ [6f064ed6d20e]
+
+ * src/signal.c:
+ Make sure SIGCHLD is not ignored when sudo is executed. If SIGCHLD
+ is ignored there is a race condition between when the process is
+ executed and when the SIGCHLD handler is installed. This fixes the
+ bug described by GitHub PR #98
+ [b4c91a0f72e7]
+
+2021-04-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac:
+ Remove the HP-UX 11.0 pread64() hack, it causes problems on modern
+ HP-UX.
+ [fea8ebd0b88d]
+
+ * src/limits.c:
+ Add minimum value to consider when overriding resource limits.
+ Currently only used for RLIMIT_DATA and RLIMIT_AS.
+
+ This works around a problem on HP-UX where setting RLIMIT_DATA
+ changes the resource limits for both 32-bit and 64-bit processes.
+ HP-UX processes start out with RLIMIT_DATA set based on the values
+ of the maxdsiz and maxdsiz_64bit kernel tunables, depending on
+ whether they are 32-bit or 64-bit. By default this limit is 1GB for
+ 32-bit processes and 4GB for 64-bit. However, once RLIMIT_DATA is
+ changed, it does not appear to be possible to restore the old
+ values. This can result in a 64-bit process that is executed by a
+ 32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit
+ one. Bug #973
+ [8778a27abfaf]
+
+2021-04-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd_relay.c:
+ Don't use msg_len as a length after converting it to network byte
+ order.
+ [3f2496be1130]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
+ Use the packed message buffer when relaying if possible. There's no
+ need to rebuild the message buffer for anything but RestartMessage
+ and ClientHello.
+ [903fa50f48c9]
+
+2021-04-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
+ Allocate the data buffer in get_free_buf() too. We always know the
+ size of the data buffer we need at allocation time.
+ [c02dc245aa40]
+
+2021-04-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
+ Relay ChangeWindowSize and CommandSuspend events too.
+ [cb20a1de47e3]
+
+2021-04-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.c, plugins/python/regress/testdata/check_ex
+ ample_debugging_c_calls@diag.log, plugins/python/regress/testdata/ch
+ eck_example_debugging_c_calls@info.log, plugins/python/regress/testd
+ ata/check_example_group_plugin_is_able_to_debug.log:
+ Regenerate test output with python 3.10a7 Also adjust debug tests so
+ they pass on older python versions
+ [03aeda971872]
+
+ * configure, m4/python.m4:
+ determine Python (3.10) version number correctly. from upstream
+ automake
+ [1f4136509aca]
+
+ * MANIFEST, aclocal.m4, m4/python.m4, m4/runlog.m4:
+ Move python.m4 and runlog.m4 to the m4 directory. Previously they
+ were inline in aclocal.m4.
+ [6ec4c92539a7]
+
+2021-04-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Add hiuxmpp where we have hpux for special cases. Also move the HP-
+ UX 11.00 pread(2) workaround into the section where pread(2) is
+ tested for, not before it.
+ [f6cc1820e0fb]
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp:
+ Only replace the last instance of "sudo" in example and doc dir.
+ Otherwise we end up with weird paths for a prefix like /opt/sudo.
+ [113bdf79f00f]
+
+2021-04-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.mdoc.in:
+ Fix lint warning.
+ [aa4a4f0b0da1]
+
+ * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in:
+ Mention relay mode and update TLS example.
+ [a50a23542c05]
+
+ * etc/sudo-logsrvd.pp, etc/sudo.pp:
+ If libssl_dep was not passed in, use ldd to determine its value.
+ Normally, mkpkg will figure this out, but if the user does "make
+ package" outside of the mkpkg script, libssl_dep will not be set.
+ [87329797daca]
+
+2021-04-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, configure, configure.ac, doc/UPGRADE:
+ Enable the use of OpenSSL if log client/server not disabled. This
+ adds a dependency on OpenSSL unless it is explicitly disabled
+ (--disable-openssl) or the sudo log client and server are disabled
+ (--disable-log-client and --disable-log-server).
+ [618f504240d2]
+
+2021-04-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/codespell.skip:
+ configure aux scripts moved to the scripts directory
+ [1cfcbfd128ed]
+
+ * logsrvd/Makefile.in, logsrvd/logsrvd_conf.c:
+ Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing
+ it. Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd
+ itself). Also fix linking fuzz_logsrvd_conf with OpenSSL.
+ [ad78729467d4]
+
+ * logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict:
+ Update sudo_logsrvd.conf fuzzer to match configuration changes.
+ [85ae32ce6f44]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf:
+ Document relay configuration changes.
+ [d66eb842a6ef]
+
+2021-04-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_relay.c:
+ Move relay configuration into its own section and add TLS options.
+ TLS options in the relay section will be used if specified,
+ otherwise the TLS options from the server section are used.
+ [0695e9b9b067]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_relay.c:
+ Add "server" and "relay" to getters/callbacks specific to server and
+ relay.
+ [618b4fa5325c]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_relay.c:
+ Remove struct logsrvd_tls_config. Now that the SSL context is
+ initialized in logsrvd_conf.c there's no need to export TLS
+ configuration other than tls_check_peer.
+ [4fb0fdc417e1]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/logsrvd_relay.c:
+ No longer need struct logsrvd_tls_runtime, use SSL_CTX instead.
+ [61e0bdf1499d]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
+ Move allocation of the TLS context to logsrvd_conf_apply(). This way
+ we get certificate errors at configuration time, not after. It also
+ means that a change to the config file that renders the TLS settings
+ invalid will no longer cause the server to exit. The new config will
+ just be ignored as if there was a syntax error.
+ [352ecb58618f]
+
+ * logsrvd/tls_init.c:
+ Only initialize the SSL library once.
+ [e17215eec1d6]
+
+2021-04-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/timestamp.c:
+ Sanity check struct timespec in timestamp file. Coverity CID 220564
+ [68dfceeb105e]
+
+ * plugins/sudoers/timestamp.c:
+ Check lseek(fd, 0, SEEK_CUR) for -1 return value. Not actually
+ possible in practice. Coverity CID 220568.
+ [27105922d3be]
+
+ * src/net_ifs.c:
+ Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops.
+ [373961966099]
+
+2021-04-07 Radovan Sroka <rsroka@redhat.com>
+
+ * src/sudo_edit.c:
+ Fixed bad condition for sesh args
+
+ In selinux_edit_copy_tfiles() when there is only one file and the
+ open() fails then number of arguments is lower than expected. Sudo
+ should return error with or without "Defaults !sudoedit_checkdir"
+ set.
+
+ This was found with regression testing of CVE-2021-23240.
+
+ Signed-off-by: Radovan Sroka <rsroka@redhat.com>
+ [947ce862c0bf]
+
+2021-04-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ Plug memory leak on overflow; Coverity CID 220556
+ [86b71e5dec5c]
+
+ * logsrvd/logsrvd.c:
+ In schedule_commit_point() do not free the closure on error. It is
+ the caller's responsibility to free resources on error. Coverity CID
+ 220557
+ [e6629496ab03]
+
+ * plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Cast NULL terminator argument to char * when calling sudo_mkgrent().
+ Avoids a portability issue on systems where NULL is not a pointer.
+ [cdb9cf0ad2ea]
+
+ * logsrvd/tls_init.c:
+ Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13
+ [a5d7da05cf09]
+
+ * logsrvd/tls_client.c:
+ Include string.h for strerror(3) prototype.
+ [57f5cfe43a89]
+
+ * logsrvd/logsrvd_relay.c:
+ Move connect_relay_tls() so we don't need a prototype for it. Fixes
+ a warning when sudo is not configured to use OpenSSL.
+ [0c73cfebf32b]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf:
+ Document relay and connect_timeout server settings.
+ [a101d54b451e]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrv_util.h,
+ logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_client.c,
+ logsrvd/tls_common.h:
+ Move common TLS client code to tls_client.c and use it in sendlog.c.
+ [5334b6c4bef8]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ Rename listen_address -> server_address and add reference counting.
+ This will be used by the upcoming relay mode.
+ [f8ef9c83c3c8]
+
+ * logsrvd/logsrvd.c:
+ Try to send an error message to client for some client_msg_cb()
+ failures.
+ [0805636e8114]
+
+ * logsrvd/logsrvd.c:
+ Split most of server_commit_cb() out into schedule_commit_point().
+ This allows it to be used by the relay code too.
+ [c985c2f9e5d5]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c:
+ Add a relay mode to sudo_logsrvd where it forwards instead of
+ stores. Relay hosts are be specified in the server section of
+ sudo_logsrvd.conf.
+ [071c231e76a9]
+
+ * logsrvd/Makefile.in, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c,
+ logsrvd/sendlog.c, logsrvd/tls_common.h:
+ Add support for relaying to another sudo_logsrvd via TLS.
+ [c47397ce4098]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/rcstr.c, lib/util/util.exp.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/check_aliases.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/rcstr.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c:
+ Move reference-counted string code from sudoers to libsudo_util. It
+ will be used by sudo_logsrvd too.
+ [d228aaf9b6fa]
+
+ * logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c:
+ Add sa_host to struct server_address as a ref counted string. Also
+ convert sa_str to ref counted string.
+ [4e8abb84c11d]
+
+ * logsrvd/logsrvd_conf.c:
+ Don't allow a wildcard address for the relay parameter.
+ [4a80d18d025b]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ Add logsrvd_conf_cleanup() to free the conf data structures on exit.
+ There is no longer a need to do anything in shutdown_cb() other than
+ break out of the event loop.
+ [9e4d7456fb7a]
+
+ * src/tgetpass.c:
+ Set user group list when executing the askpass helper. Under normal
+ circumstances the existing group list will match the list fetched by
+ sudo. However, if sudo is executed by a process that has changed the
+ group list via setgroups(2) and "group_source" in sudo.conf is set
+ to "dynamic" it is possible for them to be different.
+
+ If group_source in sudo.conf is set to "dynamic" it is possible for
+ the group list
+ [2b1d4ffb9cf6]
+
+ * logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Use a tailq of write buffers instead of a single one per connection.
+ This allows us to queue up multiple messages for writing like the
+ sudoers client supports. Currently, each connection has its own free
+ list. In the future we may want a single free list with low and high
+ water marks.
+ [b5df1b4d79c7]
+
+ * configure.ac:
+ Increase autoconf minimum version to 2.70. Some of the macros
+ deprecated in 2.70 are required by older versions. For example,
+ AC_PROG_CC now does the work of AC_PROG_CC_STDC. Bug #972
+ [223a584b6241]
+
+ * MANIFEST, Makefile.in, config.guess, config.sub, configure,
+ configure.ac, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, install-sh, lib/util/Makefile.in,
+ lib/zlib/Makefile.in, logsrvd/Makefile.in, ltmain.sh,
+ plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/python/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, scripts/config.guess,
+ scripts/config.sub, scripts/install-sh, scripts/ltmain.sh,
+ src/Makefile.in:
+ Move autoconf auxiliary files to the scripts directory.
+ [5ea8182c11d9]
+
+2021-04-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
+ Document SUCCESS=return support in sudoers nsswitch.conf entries.
+ Based on a patch from Dennis Filder. Bug #971.
+ [1d631d1b6244]
+
+2021-04-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/audit.c:
+ Move log_server_accept() out from under the #ifdef
+ SUDOERS_LOG_CLIENT Fixes a link error when sudo is configured with
+ --disable-log-client.
+ [1bb7efdbddd5]
+
+2021-04-01 Radovan Sroka <rsroka@redhat.com>
+
+ * src/selinux.c:
+ Removed depricated security_context_t
+
+ Signed-off-by: Radovan Sroka <rsroka@redhat.com>
+ [14aba55909fc]
+
+2021-03-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/sendlog.c:
+ Return NULL if init_tls_client_context() fails. Otherwise, we will
+ call SSL_new with a freed SSL context. Bug #970
+ [5fbadce88524]
+
+2021-03-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/parse_args.c:
+ Use separate getopt config for sudoedit. Avoids a problem where the
+ user gets an exclusive usage error message when using a sudo-
+ specific option. GitHub issue #95
+ [b6207568e50a]
+
+ * src/parse_args.c, src/sudo_usage.h.in:
+ Add -h and -V to sudoedit usage and customize help output for
+ sudoedit. Also add missing -B option to usage strings.
+ [0d8fa214f8c3]
+
+ * src/parse_args.c:
+ Don't report a usage error for "sudo -V". GitHub issue #95
+ [a18573251751]
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
+ Do not include parent directories in rpm and deb files. Fixes a
+ directory conflict with the AIX sudo rpm package. Other deb/rpm
+ packages were not affected because parent dirs are omitted for a
+ prefix of /usr.
+ [f7d8db9670bb]
+
+2021-03-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. On OpenServer,
+ SIOCGIFNUM is the number of network interfaces, not the number of
+ ifreq structs.
+ [a992ea37b071]
+
+2021-03-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. We need
+ to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF only
+ returns IPv6 addresses.
+ [7a53304872b9]
+
+2021-03-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN
+ def.
+ [15bb7bc0ecb8]
+
+ * src/net_ifs.c:
+ No longer need ifr_tmp variable, just reuse ifr. Now that we store
+ the string version of the address before fetching the netmask we can
+ just re-use ifr. This simplifies things and is safer since if there
+ is space for the address there must also be space for the mask.
+ [89ade84d0a6d]
+
+ * src/net_ifs.c:
+ SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. Gleaned from
+ sendmail.
+ [0616f2103f0b]
+
+ * src/net_ifs.c:
+ Use SIOCGSIZIFCONF or SIOCGIFNUM where available. Still falls back
+ to a loop if not but now maxes out at 2048 interfaces instead of
+ potentially looping forever.
+ [f19cd2f827d5]
+
+ * configure, configure.ac, src/net_ifs.c:
+ Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. They
+ were getting in the way of net_its.c simplification.
+ [4e2b7ce2fb7b]
+
+2021-03-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ Use SIOCGLIFCONF to get interface list where supported (Solaris).
+ HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
+ return IPv6 addresses). Also add IPv6 support using SIOCGIFCONF
+ (probably AIX only) and make sure ifr_tmpbuf[] is properly aligned.
+ [d2eebba41618]
+
+ * MANIFEST, src/Makefile.in, src/regress/net_ifs/check_net_ifs.c:
+ Add simple regress check to display the network interfaces found.
+ [6c1a5a50056e]
+
+2021-03-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL:
+ Suggest clang 11 or higher, some fuzzers may hang when used with
+ clang 10.
+ [abcf94949ca2]
+
+2021-03-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, logsrvd/Makefile.in,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict:
+ Add dictionary file for fuzz_logsrvd_conf.
+ [f9e154751a5f]
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Add a new "fuzz" target that executes the fuzzers for 8192 runs
+ each. To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1
+ fuzz"
+ [5fd3d7e9430f]
+
+ * MANIFEST, lib/iolog/Makefile.in,
+ lib/iolog/regress/corpus/log_json/id.json,
+ lib/iolog/regress/corpus/log_json/ls.json,
+ lib/iolog/regress/corpus/log_json/mailq.json,
+ lib/iolog/regress/corpus/log_json/make.json,
+ lib/iolog/regress/corpus/log_json/pkg_add.json,
+ lib/iolog/regress/corpus/log_json/pkg_delete.json,
+ lib/iolog/regress/corpus/log_json/printenv.json,
+ lib/iolog/regress/corpus/log_legacy/id.log,
+ lib/iolog/regress/corpus/log_legacy/ls.log,
+ lib/iolog/regress/corpus/log_legacy/mailq.log,
+ lib/iolog/regress/corpus/log_legacy/make.log,
+ lib/iolog/regress/corpus/log_legacy/pkg_add.log,
+ lib/iolog/regress/corpus/log_legacy/pkg_delete.log,
+ lib/iolog/regress/corpus/log_legacy/printenv.log,
+ lib/iolog/regress/corpus/seed/log_json/id.json,
+ lib/iolog/regress/corpus/seed/log_json/ls.json,
+ lib/iolog/regress/corpus/seed/log_json/mailq.json,
+ lib/iolog/regress/corpus/seed/log_json/make.json,
+ lib/iolog/regress/corpus/seed/log_json/pkg_add.json,
+ lib/iolog/regress/corpus/seed/log_json/pkg_delete.json,
+ lib/iolog/regress/corpus/seed/log_json/printenv.json,
+ lib/iolog/regress/corpus/seed/log_legacy/id.log,
+ lib/iolog/regress/corpus/seed/log_legacy/ls.log,
+ lib/iolog/regress/corpus/seed/log_legacy/mailq.log,
+ lib/iolog/regress/corpus/seed/log_legacy/make.log,
+ lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log,
+ lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log,
+ lib/iolog/regress/corpus/seed/log_legacy/printenv.log,
+ lib/iolog/regress/corpus/seed/timing/timing.1,
+ lib/iolog/regress/corpus/seed/timing/timing.2,
+ lib/iolog/regress/corpus/seed/timing/timing.3,
+ lib/iolog/regress/corpus/seed/timing/timing.4,
+ lib/iolog/regress/corpus/timing/timing.1,
+ lib/iolog/regress/corpus/timing/timing.2,
+ lib/iolog/regress/corpus/timing/timing.3,
+ lib/iolog/regress/corpus/timing/timing.4, lib/util/Makefile.in,
+ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1,
+ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2,
+ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3,
+ lib/util/regress/corpus/sudo_conf/sudo.conf.1,
+ lib/util/regress/corpus/sudo_conf/sudo.conf.2,
+ lib/util/regress/corpus/sudo_conf/sudo.conf.3, logsrvd/Makefile.in,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
+ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6,
+ plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/corpus/policy/policy.1,
+ plugins/sudoers/regress/corpus/policy/policy.2,
+ plugins/sudoers/regress/corpus/policy/policy.3,
+ plugins/sudoers/regress/corpus/policy/policy.4,
+ plugins/sudoers/regress/corpus/policy/policy.5,
+ plugins/sudoers/regress/corpus/seed/policy/policy.1,
+ plugins/sudoers/regress/corpus/seed/policy/policy.2,
+ plugins/sudoers/regress/corpus/seed/policy/policy.3,
+ plugins/sudoers/regress/corpus/seed/policy/policy.4,
+ plugins/sudoers/regress/corpus/seed/policy/policy.5:
+ Move corpus files to a seed subdirectory.
+ [ba6dd7f30d22]
+
+ * lib/fuzzstub/fuzzstub.c:
+ We can now rely on LLVMFuzzerTestOneInput to flush stdout.
+ [f20f353eeb87]
+
+ * plugins/sudoers/Makefile.in:
+ Fix fuzz_sudoers output comparison when fuzzing is enabled.
+ libFuzzer outputs additional info to stderr that our stub doesn't.
+ [49434e4eceaa]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Flush stdout before successful return from LLVMFuzzerTestOneInput().
+ Fixes a problem with diag lines from libFuzzer being interspersed
+ with test output.
+ [f0b701120128]
+
+ * configure, configure.ac:
+ Use --allow-multiple-definition to work around an issue with ld.lld.
+ For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
+ a DNS timeout problem with name resolution and CIfuzz. However, this
+ causes a link failure when sanitizers are enabled on systems that
+ use ld.lld as their linker. Use a big hammer to avoid the link
+ error.
+ [2b9df5329c0e]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
+ Do not redefine system group and passwd functions for testsudoers.
+ Instead, prefix the replacements with "testsudoers_" and use a
+ custom pwutil backend so they get used.
+ [6bfd2f8d01c0]
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Rename "fuzz" makefile target to "check-fuzzer". It's purpose is to
+ run the fuzzers are part of a normal "make check" to avoid bit rot,
+ not to perform a fuzzer run. The fuzz_logsrvd_conf fuzzer was not
+ wired up to "make check" previously.
+ [01c03ccfd3f0]
+
+2021-03-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_6p1 for changeset 055f2a618604
+ [5376bc9e3b85] <1.9>
+
+ * Merge sudo 1.9.6p1 from tip
+ [055f2a618604] [SUDO_1_9_6p1] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.6p1
+ [93d95d3f23b1]
+
+2021-03-15 Alexandru Ardelean <aardelean@deviqon.com>
+
+ * plugins/sudoers/policy.c:
+ plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS
+
+ Since this flag isn't set, the sudo_mode variable gets invalidated
+ and running the 'sudo' command seems to error out with message
+ 'sudoers_policy_check: invalid mode flags from sudo front end:
+ 0x80001"'
+ [b98b418f1997]
+
+2021-03-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_6 for changeset e3e96490e48f
+ [2e377fa2b87c] <1.9>
+
+ * config.guess, config.sub:
+ Merge sudo 1.9.6 from tip
+ [e3e96490e48f] [SUDO_1_9_6] <1.9>
+
+ * NEWS:
+ fix typo
+ [c7367647bd7c]
+
+2021-03-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Bug #968
+ [e08853fca88e]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_common.h,
+ logsrvd/tls_init.c:
+ Move common TLS initialization code to tls_init.c.
+ [118c7d41ad48]
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/tr.mo,
+ po/tr.po:
+ Updated translations from translationproject.org
+ [cbc05710d6ba]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c:
+ Use HAVE_STDINT_H instead of trying to guess based on
+ __STDC_VERSION__. Fixes compilation with pre-C99 headers when the
+ compiler supports C99.
+ [05ebf79d02c7]
+
+ * include/sudo_compat.h, lib/util/secure_path.c:
+ Remove compatibility defines for POSIX sys/stat.h macros. Modern
+ systems have them and we no longer support pre-POSIX systems. This
+ fixes potential redefinition of the macros if sys/stat.h is included
+ after sudo_compat.h. Bug #968.
+ [d10d0b9b60e1]
+
+ * lib/eventlog/logwrap.c,
+ plugins/python/python_plugin_approval_multi.inc,
+ plugins/python/python_plugin_audit_multi.inc,
+ plugins/python/python_plugin_io_multi.inc, src/get_pty.c:
+ Quiet a few Solaris Studio compiler warnings.
+ [1d82509f2e44]
+
+ * configure, configure.ac:
+ Add -Wno-unknown-pragmas along with -Wall. We don't want warnings
+ about unknown pragmas in system headers.
+ [ac15fa0e3d95]
+
+ * scripts/pp:
+ Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead.
+ [97d8bb91cf02]
+
+2021-03-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Compare OS name against freebsd* and netbsd* not freebsd and netbsd.
+ Fixes an issue on NetBSD where host_os starts with netbsdelf.
+ [2e813d52a7d6]
+
+ * plugins/sudoers/Makefile.in:
+ Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD
+ [38a7b3a9eb90]
+
+ * lib/util/Makefile.in, plugins/python/Makefile.in, src/Makefile.in:
+ Set locale for all "make check" targets.
+ [1a80048486d4]
+
+2021-03-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ AIX 6.1 may have a broken fmemopen(). We only use it for the fuzzers
+ so ignore it for AIX < 7.1.
+ [ad909c1479ff]
+
+2021-03-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/pp:
+ Only put specific directories in the ROOT section of the AIX
+ package. Previously, /usr and /opt were placed in USR and everything
+ else went in ROOT. Now, only /dev, /etc, /sbin and /var go in ROOT.
+ [6f1fbe8fea31]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
+ po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
+ po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo,
+ po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
+ po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [53c17c8d56e9]
+
+2021-03-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
+ Remove unused tls parameter, we now use a per-address tls flag.
+ [2be727a37b9c]
+
+2021-03-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document double escaping of backslashes. Bug #961.
+ [ae51e4899555]
+
+ * NEWS, configure, configure.ac:
+ No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. We
+ now define _DARWIN_C_SOURCE which accomplishes the same thing.
+ [c233df4c1ae4]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix a potential use-after-free in conversation function. The prompt
+ passed in to sudo_pam_verify() will be freed later by
+ check_user_interactive() so we need to reset the stashed value. From
+ Pavel Heimlich. Bug #967.
+ [86bc6ee3c493]
+
+ * plugins/sudoers/pwutil.c:
+ No need to update cp after storing gr->gr_name, it is not used,
+ Coverity CID 219314
+ [27bace364dc9]
+
+2021-03-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention GitHub issue #56.
+ [47b8b9fac52b]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [923899bcc63d]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Log peer address in sudo_logsrvd JSON-format logs. The peer that
+ connected to us might not be the same host where the log entry
+ originated.
+ [4e2488efaf97]
+
+ * NEWS, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ lib/util/sudo_conf.c:
+ Make "group_source=dynamic" the default on macOS. Recent versions of
+ macOS do not reliably return all of a user's non-local groups via
+ getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug
+ #946.
+ [491720b06a68]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on
+ C. Works around a crash in leak sanitizer when the locale is set to
+ C and TLS support is enabled.
+ [4345912b9bd8]
+
+2021-03-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Initialize the lbuf used by sudoers_trace_print() in init_lexer().
+ Free the old buffer if there is one, otherwise it would never be
+ freed.
+ [1893ecc06718]
+
+ * lib/util/lbuf.c:
+ In sudo_lbuf_destroy(), reset error, len and size.
+ [7a6f980c2215]
+
+ * NEWS:
+ Mention the integer overflow check in store_timespec().
+ [f41519e1dae9]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ In find_path() stub only make a copy in outfile if returning FOUND.
+ Fixed a recently-introduced memory leak in the fuzzer.
+ [2045b1afc0b5]
+
+2021-02-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_debug.c:
+ Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION It
+ will not be used and just confuses the coverage stats.
+ [3307c855b77d]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Expand stub getaddrinfo() to resolve "localhost".
+ [e1035616ad99]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Improve fuzz_policy coverage and set defaults in setdefs not parse.
+ Now exercises session open/close and set additional defaults to
+ exercise more code paths.
+ [2843a0b930fd]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
+ Improve SUDOERS_NAME_MATCH support. Now supports digests and
+ performs better directory matching.
+ [2f2d63596256]
+
+ * plugins/sudoers/policy.c:
+ Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command".
+ [eff4cbe95d75]
+
+2021-02-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
+ lib/iolog/iolog_clearerr.c, lib/iolog/iolog_close.c,
+ lib/iolog/iolog_eof.c, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_gets.c, lib/iolog/iolog_mkdirs.c,
+ lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c,
+ lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c,
+ lib/iolog/iolog_openat.c, lib/iolog/iolog_read.c,
+ lib/iolog/iolog_seek.c, lib/iolog/iolog_swapids.c,
+ lib/iolog/iolog_util.c, lib/iolog/iolog_write.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c, logsrvd/iolog_writer.c,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Split iolog_fileio.c into multiple files.
+ [9b7c4f1b781f]
+
+ * plugins/sudoers/defaults.c:
+ Correct the integer overflow check in store_timespec(). Fixes oss-
+ fuzz issue #31463
+ [3765d5c4ecd3]
+
+ * plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok:
+ Update file that was missed in test27 changes.
+ [5824f54afa88]
+
+ * MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
+ lib/iolog/iolog_conf.c, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_loginfo.c:
+ Break out I/O log config handling into iolog_conf.c.
+ [546f503f9bb4]
+
+ * lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
+ regen Makefile.in
+ [43c54f94e9c8]
+
+ * examples/Makefile.in, lib/eventlog/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Add some missing files to the clean target
+ [20754fec5ff1]
+
+ * plugins/sudoers/regress/sudoers/test27.in,
+ plugins/sudoers/regress/sudoers/test27.json.ok,
+ plugins/sudoers/regress/sudoers/test27.ldif.ok,
+ plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test27.out.ok,
+ plugins/sudoers/regress/sudoers/test27.toke.ok:
+ Add netgroup check to sudoers test27
+ [1b45a6794b2d]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
+ Sync with fuzz_sudoers changes.
+ [1481cef048ad]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Fuzz with runuser and rungroup specified too.
+ [2d8ceb465cea]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test27.in,
+ plugins/sudoers/regress/sudoers/test27.json.ok,
+ plugins/sudoers/regress/sudoers/test27.ldif.ok,
+ plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test27.out.ok,
+ plugins/sudoers/regress/sudoers/test27.toke.ok:
+ Add test to exercise RunasSpec without a RunasUser.
+ [ee22ac488aca]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test22.sudo.ok,
+ plugins/sudoers/regress/sudoers/test23.sudo.ok,
+ plugins/sudoers/regress/sudoers/test24.sudo.ok,
+ plugins/sudoers/regress/sudoers/test26.sudo.ok:
+ Remove unused regress files.
+ [71d943734bb8]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Don't try to run getters if we failed to parse the config file.
+ [734bb56c24ed]
+
+2021-02-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz.
+ [5f725de1e3ad]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Fix runchroot, runcwd, tty_tickets. Add timestampowner.
+ [d8a945bea98d]
+
+ * plugins/sudoers/policy.c:
+ Only add command_info to garbage collector on successful return.
+ Otherwise it will be freed on failure.
+ [c3d0461efaa1]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Add user millert to group sudo, which is often the exempt group.
+ [fac833a2cf3b]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Add some defaults settings in sudo_file_parse(). We don't have a
+ real policy file but we still want to exercise callbacks in
+ sudoers.c.
+ [9f3d3f668973]
+
+ * plugins/sudoers/sudoers.c:
+ Do not free sudo_user.iolog_{file,path} in sudo_user_free(). They
+ are not dynamically allocated.
+ [59c102ba67cf]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
+ Remove unnecessary warnings, we want to fail silently.
+ [4b1ee5dd2cb4]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ No longer need to stub out eventlog config functions.
+ [08c40b6a63c9]
+
+ * MANIFEST, logsrvd/Makefile.in,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Call public getters in logsrvd.conf fuzzer and add to corpus. Now
+ exercises the syslog config erorr path.
+ [0b314e4e0696]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Add more passes to policy fuzzer Now execises list, list other user
+ and show_version.
+ [21a1cc9665ec]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Implement sudoers_policy_deregister_hooks() Register/deregister
+ hooks in fuzz_policy and also call show_version().
+ [8849644a75de]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Add sudoers debug register/deregister.
+ [5fba9b19c6fa]
+
+ * plugins/sudoers/defaults.c:
+ Remove unnecessary break statement.
+ [aa18c2957f82]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok,
+ plugins/sudoers/regress/sudoers/test14.in,
+ plugins/sudoers/regress/sudoers/test14.json.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok:
+ Include a sha384 digest in the test corpus.
+ [6c405febff10]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Parse sudoers file in the C locale.
+ [82d6afbe499b]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test26.in,
+ plugins/sudoers/regress/sudoers/test26.json.ok,
+ plugins/sudoers/regress/sudoers/test26.ldif.ok,
+ plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test26.out.ok,
+ plugins/sudoers/regress/sudoers/test26.sudo.ok,
+ plugins/sudoers/regress/sudoers/test26.toke.ok:
+ Add regress test with all current Defaults settings. Currently skips
+ SELinux and Solaris privilege settings.
+ [79e82a58ccde]
+
+2021-02-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_hooks.c:
+ Move env hooks into sudoers_hooks.c.
+ [7296d05b9206]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ No need to call check_defaults() and check_aliases() in quiet mode.
+ [0d0f93849388]
+
+ * plugins/sudoers/gc.c:
+ sudoers_gc_init() is not currently used
+ [e74d2870ae25]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/fmtsudoers_cvt.c:
+ Split fmtsudoers.c into the parts used by sudoers plugin and
+ cvtsudoers. Only testsudoers and cvtsudoers use the full set of
+ formatting functions.
+ [8c57e80ae655]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Check defaults settings too.
+ [7dc7d66f47e7]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_stubs.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Add fuzzer-specific stubs source file.
+ [815c28958d42]
+
+ * Makefile.in:
+ Do not overwrite existing ChangeLog file if there is no hg/git dir.
+ We don't want "make install" from a source tarball to nuke the
+ ChangeLog.
+ [f7aba6a01d85]
+
+ * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Remove fuzzer targets in "make clean"
+ [25b068bc254b]
+
+ * .gitignore, .hgignore:
+ Ignore fuzzer targets
+ [d920254ce731]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Set program name in fuzzers so we get consisten warnings.
+ [1ee4b5478d1c]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Use real eventlog config fuctions instead of stubs.
+ [eed6fc4df1f6]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_loginfo.c:
+ Move iolog info log writing to iolog_loginfo.c
+ [292915dae440]
+
+ * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_loginfo.c,
+ lib/iolog/iolog_timing.c, lib/iolog/iolog_util.c,
+ lib/iolog/regress/iolog_timing/check_iolog_timing.c,
+ lib/iolog/regress/iolog_util/check_iolog_util.c:
+ Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. Also
+ rename check_iolog_util -> check_iolog_timing.
+ [5b5249e4aa96]
+
+ * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_legacy.c,
+ lib/iolog/iolog_util.c:
+ Move legacy I/O log info file parsing to iolog_legacy.c
+ [94b767bb56c7]
+
+ * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
+ lib/eventlog/eventlog.c, lib/eventlog/eventlog_conf.c:
+ Move eventlog config code into eventlog_conf.c
+ [656d65215e50]
+
+ * MANIFEST, lib/eventlog/Makefile.in, lib/eventlog/eventlog.c,
+ lib/eventlog/eventlog_free.c:
+ Move eventlog_free() into its own file.
+ [a5ff36ac0ebb]
+
+ * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Stub out eventlog and iolog configuration setters.
+ [cc32ba7436cd]
+
+ * MANIFEST, plugins/sudoers/defaults.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
+ Update Defaults settings after parsing sudoers. Also stub out
+ dump_defaults when fuzzing as it is not used.
+ [fa1e7c7b42c2]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/b64_decode.c,
+ plugins/sudoers/b64_encode.c, plugins/sudoers/base64.c:
+ Split base64 encode/decode functions into separate source files.
+ They are independent functions.
+ [ab0904c5122c]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ fuzz_printf and fuzz_conversation can be stubs.
+ [9b11c9a3f3c3]
+
+2021-02-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Exercise tilde expansion if used in runcwd or runchroot.
+ [a6f0995c6a55]
+
+ * plugins/sudoers/check_aliases.c:
+ Move alias checking code out of visudo.c and into check_aliases.c.
+ [5c0a91978441]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Check aliases in fuzz_sudoers if the policy parsed correctly.
+ [b272e634f204]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/parse.h,
+ plugins/sudoers/visudo.c:
+ Move alias checking code out of visudo.c and into check_aliases.c.
+ [b9c23c958935]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ We don't need to link fuzz_sudoers with file.c.
+ [4fcd15e8cdcf]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.dict,
+ lib/util/regress/fuzz/fuzz_sudo_conf.dict,
+ plugins/sudoers/regress/fuzz/fuzz_policy.dict,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict:
+ Strings in dictionary files need to be quoted.
+ [8a95ea335d2d]
+
+ * MANIFEST, lib/iolog/Makefile.in,
+ lib/iolog/regress/fuzz/fuzz_iolog_json.dict, lib/util/Makefile.in,
+ lib/util/regress/fuzz/fuzz_sudo_conf.dict,
+ plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_policy.dict,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict:
+ Add dictionary files for fuzzers where possible.
+ [4d9147fd50fd]
+
+2021-02-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Also free safe_cmnd so it doesn't leak.
+ [5071a1ffa5d0]
+
+ * plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c:
+ Return NOT_FOUND from the set_cmnd_path() stub since we don't set
+ user_cmnd. The purpose of set_cmnd_path() is to reset user_cmnd
+ based on a new runchroot. For the stub version we don't modify
+ user_cmnd and so must not return a status of FOUND. Fixes oss-fuzz
+ issue #31250 which only affected the fuzzer and not sudo.
+ [36fe416668df]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
+ Fix fuzz_sudoers output matching.
+ [6cec1e5aa799]
+
+ * lib/fuzzstub/fuzzstub.c:
+ Print "running" and "executed" lines to stderr like libfuzzer does.
+ [b76b7a4a6ff3]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Support passing sudo_make_gidlist_item() an array of gids. The gids
+ are formatted as strings, not gid_t.
+ [d1608f63ae91]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
+ Prime user/group cached and set the interface list. Also match
+ parsed policy against multiple users.
+ [ec19b5658a2a]
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h:
+ Add sudo_mkgrent(), to be used to prime the group cache in
+ tests/fuzzers.
+ [333f0887abbc]
+
+2021-02-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Perform matching in fuzz_sudoers for inputs that parse correctly.
+ The fuzzer now exercised the normal match code as well as the
+ pseudo-command (list, validate, etc) match code. Privileges are also
+ listed for well-formed sudoers file.
+ [8caf505d7341]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h:
+ Add back SUDOERS_NAME_MATCH and enable it when fuzzing. This avoids
+ the test environment from influencing sudoers matching.
+ [496b3a7184a8]
+
+ * plugins/sudoers/match_command.c:
+ Add missing globfree(3) in command_matches_glob() when matching a
+ directory.
+ [1d6d28d6eb61]
+
+2021-02-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_dso.c:
+ Add support on AIX for loading plugins that are .a (not .so) files.
+ It is possible to specify the member name in parens after the path,
+ e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit.
+ If no member is specified in the path and dlopen() fails with
+ ENOEXEC, try again with an explicit member, either shr.o or
+ shr_64.o.
+ [90d975989148]
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Add clean rules to .PHONY target.
+ [dea3468f3f7b]
+
+2021-02-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Add install-fuzz Makefile target to install the fuzzers and seed
+ corpus. The FUZZ_DESTDIR make variable needs to be set in the
+ environment or on the command line.
+ [89c4dc1e8cb0]
+
+ * plugins/sudoers/Makefile.in:
+ Only display fuzz_policy output if the fuzzer exits with an error.
+ [c6927227be4a]
+
+ * plugins/sudoers/regress/corpus/policy/policy.1,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Call list, validate and invalidate entry points too. We need a
+ separate open/close for each one.
+ [fbbc5bdb4541]
+
+ * INSTALL, configure, configure.ac:
+ Add --disable-ssp configure option. This allows for disabling
+ -fstack-protector without turning off the other hardening options.
+ [1d9ca18e4fa9]
+
+ * lib/util/regress/getdelim/getdelim_test.c:
+ Test the error case by closing the underlying fd. Note that we don't
+ use ferror() here since our getdelim() has no way to set the error
+ flag if there is a memory allocation error.
+ [df0464968e2c]
+
+ * lib/util/regress/getdelim/getdelim_test.c:
+ Test the case where getdelim() must reallocate the buffer.
+ Reproduces Bug #960.
+ [df4dbc0830be]
+
+ * lib/eventlog/eventlog.c:
+ When logging JSON to syslog, wrap the contents in a "sudo" object.
+ This makes it easier for log parsers to identify what is a sudo log
+ entry.
+ [2c96aeaabc8e]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Restore the check for sudoers_policy.close == NULL. The fuzzers run
+ as part of "make check" too in which case NO_LEAKS won't be defined
+ and the close function will be set to NULL.
+ [8418ff5f6dfb]
+
+ * lib/iolog/iolog_json.c:
+ Use %td when printing the difference of two pointers.
+ [608de9ab3902]
+
+ * plugins/sudoers/parse.c:
+ Don't print a NULL as a string if role/type/privs/limitprivs is not
+ set. We can't rely on printf("%s", NULL) not crashing.
+ [4a04efbcbff9]
+
+ * plugins/sudoers/sudoers.c:
+ Fix compilation error on Solaris introduced with sudo_user_free().
+ [0ce4e0ac807e]
+
+2021-02-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Bug #960.
+ [82303f217d8b]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Distinguish between EOF and error using feof(3), not ferror(3). Our
+ getdelim(3) emulation won't set the error flag if the error is due
+ to an allocation failure. This explains the premature EOF without
+ error seen in Bug #960.
+ [5a70875f92fa]
+
+ * lib/util/getdelim.c:
+ Reset end pointer when reallocing the line buffer in getdelim().
+ Fixes excessive memory allocations for long lines. Bug #960.
+ [d6dd6893b38a]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables.
+ [2f7695aadad9]
+
+ * lib/iolog/iolog_json.c:
+ On parse error, display line and column instead of the offending
+ line.
+ [bbda04a5b05d]
+
+ * logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
+ regen
+ [20e093fd76f0]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.6
+ [1c76fe52426f]
+
+2021-02-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_json.c, lib/iolog/iolog_util.c:
+ Pass I/O log memory allocation errors up to the caller.
+ [4777add71679]
+
+ * INSTALL, config.h.in, configure, configure.ac, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, pathnames.h.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c:
+ Add admin_flag sudoers option and make --enable-admin-flag take a
+ path. It is now possible to disable the Ubuntu admin flag in sudoers
+ or change its location. GitHub issue #56
+ [d77c3876fa95]
+
+ * plugins/sudoers/exptilde.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c:
+ Fix tilde expansion of paths with no user like ~/foo. The '/'
+ separator was missing in the resulting path.
+ [dbba61f76d6c]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, lib/util/sudo_conf.c,
+ plugins/sudoers/policy.c:
+ Limit max_groups in sudo.conf to 1024. The max_groups setting should
+ no longer be needed anyway.
+ [aee7843e0c7d]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ In sudoers_policy_close() call sudoers_cleanup() instead of
+ sudo_user_free(). If we didn't call sudoers_policy_main() due to an
+ early error there may be more things to clean up.
+ [683d69d84aa6]
+
+ * plugins/sudoers/policy.c:
+ Check for invalid flag combinations from front-end for all cases.
+ The checks are now performed in the check_policy, list, validate and
+ invalidate functions instead of as part of the open function. We
+ can't perform the checks in open because we don't yet know what
+ operation is going to be performed.
+ [b09105b3bb42]
+
+ * plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c:
+ Always dynamically allocate user_cmnd, it is freed in
+ sudo_user_free(). Instead of setting user_cmnd in the policy
+ functions, always set argv. Calling sudoers_policy_main() with argc
+ of 0 is no longer allowed.
+ [820f1f4e5c44]
+
+ * plugins/sudoers/policy.c:
+ No need for sudoers_cleanup() in sudoers_policy_invalidate(). The
+ sudoers close() function is now called even for "sudo -k". Also no
+ need to set user_cmnd, it is not used in this code path.
+ [c2c9832c32f4]
+
+2021-02-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd_conf.c,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2,
+ logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3,
+ logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
+ Add simple fuzzer for sudo_logsrvd.conf parser.
+ [8b5cd9e24656]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
+ Fix unlinking of timing temp file.
+ [8b0ce6d777c8]
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ plugins/python/Makefile.in, plugins/sudoers/Makefile.in:
+ Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets.
+ [47e8b85d1d9a]
+
+ * MANIFEST, lib/util/Makefile.in,
+ lib/util/regress/corpus/sudo_conf/sudo.conf.1,
+ lib/util/regress/corpus/sudo_conf/sudo.conf.2,
+ lib/util/regress/corpus/sudo_conf/sudo.conf.3,
+ lib/util/regress/fuzz/fuzz_sudo_conf.c:
+ Add simple fuzzer for sudo.conf parser.
+ [8a530402f936]
+
+ * plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Free struct sudo_user in sudoers_policy_close() and
+ sudoers_cleanup(). Also, do not NULL out the close function if
+ NO_LEAKS is defined.
+ [f3fbf78e6e41]
+
+ * MANIFEST, lib/iolog/Makefile.in,
+ lib/iolog/regress/corpus/log_legacy/id,
+ lib/iolog/regress/corpus/log_legacy/id.log,
+ lib/iolog/regress/corpus/log_legacy/ls,
+ lib/iolog/regress/corpus/log_legacy/ls.log,
+ lib/iolog/regress/corpus/log_legacy/mailq,
+ lib/iolog/regress/corpus/log_legacy/mailq.log,
+ lib/iolog/regress/corpus/log_legacy/make,
+ lib/iolog/regress/corpus/log_legacy/make.log,
+ lib/iolog/regress/corpus/log_legacy/pkg_add,
+ lib/iolog/regress/corpus/log_legacy/pkg_add.log,
+ lib/iolog/regress/corpus/log_legacy/pkg_delete,
+ lib/iolog/regress/corpus/log_legacy/pkg_delete.log,
+ lib/iolog/regress/corpus/log_legacy/printenv,
+ lib/iolog/regress/corpus/log_legacy/printenv.log,
+ plugins/sudoers/Makefile.in:
+ For "make fuzz" only fuzz the seed corpus. This way we avoid files
+ generated by the fuzzer itself.
+ [42ace1dec313]
+
+2021-02-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/env.c, plugins/sudoers/gc.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Fix sudoers garbage collection and run it in policy fuzzer.
+ [c0d572fd9921]
+
+ * .github/workflows/main.yml:
+ Rename master -> main
+ [57000edd1aff]
+
+ * plugins/sudoers/policy.c:
+ Do not include errno string for invalid params from front-end.
+ [2d0b55b3041f]
+
+ * plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ Always dynamically allocate user_role, user_type, user_privs,
+ user_limitprivs
+ [f5992824219d]
+
+ * plugins/sudoers/policy.c:
+ Remove dead code, front-end does not set runas_privs or
+ runas_limitprivs
+ [6ce3da323452]
+
+ * plugins/sudoers/iolog.c:
+ Plug memory leak if there are duplicate user_info or command_info
+ entries.
+ [21865246a4dc]
+
+2021-02-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .github/workflows/main.yml:
+ Add CIFuzz workflow to run fuzzers on push or PR.
+ https://google.github.io/oss-fuzz/getting-started/continuous-
+ integration/
+ [47f1c8015ec5]
+
+ * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Move create_admin_success_flag() to timestamp.c.
+ [0675f230288c]
+
+ * configure, configure.ac:
+ Error out if fuzzer/sanitizer enabled but not supported by the
+ compiler.
+ [289afba93f79]
+
+ * plugins/sudoers/regress/fuzz/fuzz_policy.c:
+ The push() function was not updating the size after reallocating.
+ [e089aaeee3b2]
+
+ * plugins/sudoers/pwutil_impl.c, src/sudo.c:
+ If sudo_getgrouplist2() returns -1, clamp ngroups based on
+ max_groups. The ngroups parameter is an out parameter that is filled
+ in with the actual number of groups, which may be less than the
+ static number allocated when max_groups is set in sudo.conf. Fixes a
+ potential out of bounds read found by LLVM libFuzzer.
+ [a26461ccf891]
+
+2021-02-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Reset sudoers path, owner and mode before parsing plugin arguments.
+ This is only needed when calling sudoers_policy_deserialize_info()
+ more than once, which is true for the policy fuzzer.
+ [a25a6210f48c]
+
+ * plugins/sudoers/sudoers.c:
+ Cleanup sudoers sources on denial and error too.
+ [454b7adcfa21]
+
+ * plugins/sudoers/pwutil.c:
+ Fix sudo_getgrgid reference count bug when gid doesn't exist. This
+ one was missed when the other user/group lookup functions were
+ fixed.
+ [20e3fad6768b]
+
+ * plugins/sudoers/policy.c:
+ Plug memory leak if there are duplicate user_info entries.
+ [b8ddcfa0a051]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/corpus/policy/policy.1,
+ plugins/sudoers/regress/corpus/policy/policy.2,
+ plugins/sudoers/regress/corpus/policy/policy.3,
+ plugins/sudoers/regress/corpus/policy/policy.4,
+ plugins/sudoers/regress/corpus/policy/policy.5,
+ plugins/sudoers/regress/fuzz/fuzz_policy.c,
+ plugins/sudoers/sudoers.c:
+ Fuzz sudoers policy module API. Includes a test case to reproduce
+ CVE-2021-3156.
+ [576d065759cf]
+
+ * lib/iolog/Makefile.in, plugins/sudoers/Makefile.in:
+ Make fuzz targets depend on fuzzer stub library. We really want a
+ dependency on $(LIB_FUZZING_ENGINE) but that could be a flag like
+ "-fsanitize=fuzzer" instead of a path.
+ [0963418f1cf9]
+
+ * lib/util/Makefile.in:
+ regen
+ [dd872eceb19e]
+
+ * MANIFEST, plugins/sudoers/Makefile.in:
+ Move audit.c from libparsesudoers to the sudoers module itself. Now
+ that audit.c contains the audit module it doesn't belong in
+ libparsesudoers.
+ [3df4f6e10f54]
+
+ * configure, configure.ac:
+ Do not pass AX_APPEND_FLAG more than a single flag. GitHub issue #92
+ [ed9ccdd41231]
+
+2021-02-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
+ Fix up some .la file library dependencies. libsudo_iolog.la already
+ depends on libsudo_util.la and libsudo_eventlog.la so we don't need
+ to list those explicitly when libsudo_iolog.la is listed.
+ [d8b55cf698b5]
+
+ * lib/eventlog/eventlog.c, lib/util/Makefile.in, lib/util/progname.c,
+ lib/util/regress/progname/progname_test.c, lib/util/sudo_conf.c,
+ lib/util/util.exp.in, plugins/sudoers/audit.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/sudo_edit.c, src/sudo_noexec.c:
+ Use sudo_basename() instead of doing the equivalent manually.
+ [67e2b5d68a73]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/basename.c, lib/util/util.exp.in:
+ Add a GNU-compatible version of basename(3). Unlike POSIX
+ basename(3), the GNU variant does not modify its argument. Note that
+ basename of a path ending in "/" returns an empty string.
+ [693e1d39718a]
+
+2021-02-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_fileio.c:
+ feof(3) returns non-zero at EOF, not necessarily 1. On Illumos at
+ least it returns a value other than 1.
+ [fc2242fe7c6e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Portable workaround for getdelim(3) implementations modify buf on
+ EOF. We should assume that the contents of buf are undefined when
+ getdelim(3) returns -1. We now peek ahead one char and skip the
+ getdelim(3) call if EOF is detected. This will preserve the original
+ value of the last line.
+ [1e353f05a0fa]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Some getdelim(3) implementations write a NUL to the buffer on EOF.
+ AIX and Illumos appear to have this behavior. We now preserve the
+ first character of the buffer on EOF to work around this. Fixes
+ reporting of syntax errors on the last line of a file.
+ [22611c14c1d1]
+
+ * plugins/sudoers/Makefile.in:
+ Fuzz the example sudoers file, not the default one. The default
+ sudoers uses @includedir which can result in different output,
+ depending on the permissions of /etc/sudoers.d.
+ [1b325a1d0e0a]
+
+ * configure, configure.ac:
+ illumos has a broken fmemopen(3), don't use it.
+ [d297ee0339e6]
+
+2021-02-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Add configure check for SSIZE_MAX
+ [ca7699154705]
+
+ * lib/iolog/iolog_json.c:
+ Suppress PVS Studio false positives.
+ [6d8fcec047e5]
+
+ * src/sesh.c:
+ Silence a clang analyzer false positive.
+ [8bc3e89f6fbb]
+
+ * plugins/sudoers/toke_util.c:
+ Silence a clang analyzer false positive.
+ [2489166fc372]
+
+ * lib/fuzzstub/fuzzstub.c:
+ Fix CID 217123, size check always false on 64-bit systems.
+ [3c018b5d43a8]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Make open_sudoers() always return NULL like fuzz_sudoers.c
+ [042de90307ae]
+
+ * plugins/sudoers/regress/sudoers/test4.toke.ok,
+ plugins/sudoers/regress/sudoers/test5.toke.ok,
+ plugins/sudoers/regress/sudoers/test7.toke.ok,
+ plugins/sudoers/regress/sudoers/test8.toke.ok:
+ Update *.toke.ok now that lexer doesn't call sudoerserror() itself.
+ [d60c0d33b5b4]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l:
+ The lexer now sets an error string before returning ERROR. The
+ parser will use that when reporting on an ERROR state. This prevents
+ the lexer from reporting errors about tokens that are not actually
+ consumed by the parser and we don't have to worry about both the
+ lexer and the parser reporting errors. It also means we only get one
+ error per sudoers line.
+ [7ffb0d28862f]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Go back to storing the last error file/line in sudoerserrorf(). This
+ is still the best way to avoid displaying more than one error per
+ line.
+ [21da59d69c5f]
+
+ * configure, configure.ac:
+ Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just
+ ASAN_CFLAGS.
+ [d3c719c72d79]
+
+ * MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/eventlog/Makefile.in,
+ lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add fuzz Makefile target and run fuzzer corpus in make check.
+ [a66085f05dea]
+
+2021-02-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ lib/fuzzstub/Makefile.in, lib/fuzzstub/fuzzstub.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Add stub library that just feeds files to the fuzzing target. This
+ will allow the fuzzers to be run as part of "make check".
+ [aa8fda20c3f8]
+
+ * scripts/mkpkg:
+ Append to CFLAGS and LDFLAGS instead of overriding them when adding
+ -m64.
+ [d02cf3c28198]
+
+ * config.h.in, configure, configure.ac,
+ lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Fall back to a temp file if fmemopen() is not available().
+ [87f804b98c18]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Add missing return statement when NO_LEAKS is not defined.
+ [25b8e1041b62]
+
+ * lib/eventlog/Makefile.in:
+ Remove remnants of liblogsrv.
+ [5030114bb12f]
+
+ * INSTALL, configure, configure.ac, lib/iolog/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Add --enable-fuzzer-linker and --enable-fuzzer-engine options. These
+ will allow the fuzzers to be built as part of oss-fuzz.
+ [c3176bd8b95b]
+
+2021-02-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .gitignore, .hgignore:
+ Sync ignore files.
+ [ddf136d412f7]
+
+ * plugins/sudoers/Makefile.in:
+ Fix linking of sudoers fuzzers with static libsudo_util.
+ [86d07a5a671d]
+
+ * INSTALL, configure, configure.ac, lib/iolog/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Add --enable-fuzzer option to use when building fuzzers
+ [01e31362c2b0]
+
+ * INSTALL, configure, configure.ac:
+ Replace --enable-asan with --enable-sanitizer It is not possible to
+ set the sanitizer flags at configure time.
+ [115d869e1d55]
+
+2021-02-06 Anton Bershanskiy <45960703+bershanskiy@users.noreply.github.com>
+
+ * src/copy_file.c:
+ Fix comment typo in src/copy_file.c
+ [60dbf6da4712]
+
+2021-02-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/Makefile.in, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
+ plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Build (but don't run) fuzzers as part of "make check". Uses a stub
+ to make it possible to link w/o libfuzzer. The goal is to ensure the
+ fuzzers are always buildable and avoid bit rot.
+ [9186e252b8bf]
+
+ * lib/iolog/Makefile.in, plugins/sudoers/Makefile.in:
+ Add libsudo_eventlog.la as a dependency of libsudo_iolog.la No
+ longer need to link against libsudo_eventlog.la in sudoers.
+ [508097f86035]
+
+2021-02-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, lib/iolog/regress/corpus/log_json/id.json,
+ lib/iolog/regress/corpus/log_json/ls.json,
+ lib/iolog/regress/corpus/log_json/mailq.json,
+ lib/iolog/regress/corpus/log_json/make.json,
+ lib/iolog/regress/corpus/log_json/pkg_add.json,
+ lib/iolog/regress/corpus/log_json/pkg_delete.json,
+ lib/iolog/regress/corpus/log_json/printenv.json,
+ lib/iolog/regress/corpus/log_legacy/id,
+ lib/iolog/regress/corpus/log_legacy/ls,
+ lib/iolog/regress/corpus/log_legacy/mailq,
+ lib/iolog/regress/corpus/log_legacy/make,
+ lib/iolog/regress/corpus/log_legacy/pkg_add,
+ lib/iolog/regress/corpus/log_legacy/pkg_delete,
+ lib/iolog/regress/corpus/log_legacy/printenv,
+ lib/iolog/regress/corpus/timing/timing.1,
+ lib/iolog/regress/corpus/timing/timing.2,
+ lib/iolog/regress/corpus/timing/timing.3,
+ lib/iolog/regress/corpus/timing/timing.4:
+ Add more test files for fuzzers.
+ [22256acfbe23]
+
+2021-02-05 Daniel Milnes <thebeanogamer@gmail.com>
+
+ * doc/sudo.mdoc.in:
+ Fix the typo in the mdoc
+ [e0ad7f93e678]
+
+ * doc/sudo.man.in:
+ Fix a tiny typo in the Sudo manpage
+ [d52c308677bf]
+
+2021-02-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
+ fuzzer for I/O log timing files
+ [7b32f8eecfd6]
+
+ * lib/iolog/iolog_json.c:
+ In JSON, name/value pairs must be separated by a comma. Previously
+ we didn't require the comma to be there.
+ [bb70cecf6360]
+
+ * lib/iolog/iolog_json.c:
+ Detect integer overflow when converting JSON_ARRAY to string vector.
+ Extremely unlikely to happen but better safe than sorry.
+ [60a7a4d3a1d8]
+
+2021-02-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Only strip double quotes from an include path if len >= 2. Found
+ locally using libfuzzer/oss-fuzz.
+ [274d0a05081b]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Don't allow the sudoers fuzzer to open include files. If we allow
+ the fuzzer to choose include paths it will include random files in
+ the file system. This leads to bug reports that cannot be
+ reproduced.
+ [b8ffce94f30a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ If getdelim() returns a string with embedded NULs, truncate on first
+ one. This should avoid some issues with the fuzzer.
+ [e90e61d4bb0e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Reallocate the buffer correctly when appending a newline. Fixes a
+ potential buffer overflow introduced in the last commit.
+ [50b0f77aed5f]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y:
+ Don't free the alias name in alias_add() if the alias already
+ exists. We need to be able to display it using alias_error(). Only
+ free what we actually allocated in alias_add() on error and let the
+ caller handle cleanup. Note that we cannot completely fill in the
+ alias until it is inserted. Otherwise, we will have modified the
+ file and members parameters even if there was an error. As a result,
+ we have to remove those from the leak list after alias_add(), not
+ before.
+ [6a920646d7d1]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix NUL termination when parsing a sudoers file with no ending
+ newline. oss-fuzz issue #30252
+ [5c75d8e15966]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ sudoersrestart() does not reset state to INITIAL, do it in
+ init_lexer(). Fixes spurious errors from fuzz_sudoers, which calls
+ the parser multiple times.
+ [bf2c1c3b82e6]
+
+ * plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Push lexer leak tracking down into check_fill.c. This lets us track
+ things correctly when buffers are realloc()d. Rewrote fill() and
+ append() to be more readable.
+ [a1e61a4a7aad]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
+ Use sudoersrestart() in fuzz_sudoers.c Since we run the parser
+ multiple times we need to restart it each time.
+ [64792d363f62]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Parser needs user_shost for the %h escape in @include expansion.
+ Fixes oss-fuzz issue #30238
+ [b043e413be31]
+
+ * INSTALL:
+ The --disable-leaks option is not recommended for production use.
+ [cb37a56f4e99]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Remove options from the leak list before freeing them. Should fix
+ oss-fuzz issue #30236
+ [1ee6dac8c027]
+
+ * MANIFEST, include/sudo_iolog.h, lib/iolog/iolog_util.c,
+ lib/iolog/regress/fuzz/fuzz_iolog_legacy.c:
+ Add fuzzer for legacy I/O log info file.
+ [3f4ed83660ca]
+
+ * doc/Makefile.in, plugins/sudoers/Makefile.in:
+ Fix uninstall target; there were missing line continuation chars.
+ GitHub issue #87
+ [02cffb51c15c]
+
+2021-02-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse_ldif.c:
+ Don't close fp in sudoers_parse_ldif() The caller should be the one
+ to handle this.
+ [e8d830851379]
+
+ * .gitignore, .hgignore:
+ Update ignore files.
+ [0c8245d8097c]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y:
+ Got back to calling alias_free() on alias_add() failure. We now need
+ to remove the name and members from the leak list
+ *before* calling alias_add() since alias_add() will consume them for
+ both success and failure.
+ [65c95a84f8ca]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ close sudoersin, not fp, and reset it to be safe
+ [f616d1c7c09a]
+
+ * lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Add missing fclose(3) of fmemopen(3) stream; it does not modify the
+ data.
+ [9207901dcccd]
+
+ * lib/iolog/iolog_json.c:
+ Check for unexpected value after checking the name, not before.
+ [6f973cc4378d]
+
+ * lib/util/progname.c:
+ Allow getprogname() to succeed as long as __progname is present.
+ Also simplify the progname code so we only need a single
+ implementation.
+ [300a29bd117e]
+
+ * lib/iolog/iolog_json.c:
+ Fix potential leak of evlog->runuser. Also warn if we find an
+ unexpected JSON type.
+ [0ec615b3d4e0]
+
+2021-02-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Parse into a local parse_tree and add missing cleanup. Since
+ parsed_policy is for the sudoers parser we should declare our own.
+ [c418d65e7bb4]
+
+ * plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
+ Call init_parser() after parsing to clean up completely.
+ [2063d26ab401]
+
+ * MANIFEST, plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/sudoers/test25.in,
+ plugins/sudoers/regress/sudoers/test25.json.ok,
+ plugins/sudoers/regress/sudoers/test25.ldif.ok,
+ plugins/sudoers/regress/sudoers/test25.out.ok,
+ plugins/sudoers/regress/sudoers/test25.toke.ok,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Plug a few more parser leaks.
+ [c9478efdd65d]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Make parser_leak_remove(type, NULL) a no-op.
+ [7699e99a028a]
+
+ * MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
+ plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
+ Add initial fuzzers to be used by oss-fuzz. These are not yet hooked
+ up to the sudo build.
+ [5593a755f359]
+
+ * plugins/sudoers/gc.c, plugins/sudoers/sudoers.h:
+ Garbage collect unused gc_remove() function.
+ [ff561edd846e]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test11.sh,
+ plugins/sudoers/regress/testsudoers/test12.sh,
+ plugins/sudoers/regress/testsudoers/test13.sh,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ The parser should be leak free, re-enable leak detection in ASAN.
+ [a89599540a5a]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
+ Add garbage collection to the sudoers parser to clean up on error.
+ This makes it possible to avoid memory leaks when there is a parse
+ error.
+ [ef739da324bb]
+
+2021-01-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_ldap.h:
+ Move new_member_all to ldap_util.c, it is only used by ldap/sssd.
+ [9df2efb6956a]
+
+2021-01-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_json.c:
+ Fix crashes trying to parse invalid JSON. Found locally using
+ libfuzzer/oss-fuzz.
+ [b74c8c260d60]
+
+ * lib/iolog/iolog_json.c:
+ Plug memory leak if a key is listed more than once in the log.json
+ file.
+ [764ef247f13e]
+
+ * lib/iolog/regress/iolog_json/check_iolog_json.c:
+ Fix crash when file does not exist.
+ [55a46b75e6ed]
+
+ * plugins/sudoers/gentime.c:
+ Strict tz offset parsing. Fixes an out of bounds read found locally
+ using libfuzzer/oss-fuzz.
+ [72266f1af75d]
+
+ * plugins/sudoers/ldap_util.c:
+ Don't leak memory for duplicate command options. The last option
+ wins but we also now warn about the duplicate. Found locally using
+ libfuzzer/oss-fuzz.
+ [f1cd342e62f7]
+
+ * plugins/sudoers/ldap_util.c:
+ Copy command options when converting a sudoRole with multiple
+ sudoCommands. A sudoRole with multiple sudoCommands is converted to
+ a privilege with multiple cmndspecs. However, we were not copying
+ some of the command options to subsequent cmndspecs in the list.
+ [d8309574a756]
+
+ * plugins/sudoers/parse_ldif.c:
+ Fix memory leak if the last line is folded. Fixes issue 30080 by
+ ClusterFuzz-External
+ [404f38aa19a6]
+
+ * INSTALL, configure, configure.ac:
+ Add --disable-leaks configure option. This enables the extra freeing
+ of memory before exit also enabled by --enable-asan. To be used by
+ oss-fuzz.
+ [faddd42273a4]
+
+ * plugins/sudoers/gentime.c:
+ Stricter parsing of generalized time. Fixes potential out of bounds
+ read found by libfuzzer/oss-fuzz.
+ [4548e29ea5e0]
+
+2021-01-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse_ldif.c:
+ Don't bother calling ldif_to_sudoers() if there are no roles to
+ convert.
+ [242394d46fb1]
+
+ * lib/iolog/iolog_json.c:
+ In json_stack_push() treat stack exhaustion like memory allocation
+ failure. Return NULL instead of treating as a fatal error. This
+ should make life a little easier for oss-fuzz.
+ [84c7c3b7971a]
+
+ * plugins/sudoers/sudoers.c:
+ Update comment about return values for resolve_host().
+ [0e92fe582db1]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/policy.c:
+ Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4.
+ init_eventlog_config() is called immediately after initializing the
+ Defaults settings, which is before struct sudo_user is setup. This
+ adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
+ after the invoking user is determined. Reported by Roman Fiedler.
+ [e0d4f196ba02]
+
+2021-01-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST:
+ Add plugins/sudoers/strvec_join.c
+ [1dfeb8ab9fdb]
+
+ * plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.c:
+ Fix compilation on systems without a native strlcpy() function.
+ [7b28feb4350a]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Break up the long help string into multiple printf() statements. AIX
+ xlc compiler doesn't like cpp directives in between strings. Also
+ fixes a complaint from cppcheck and makes translation easier.
+ [e55b4061f598]
+
+ * plugins/sudoers/regress/unescape/check_unesc.c,
+ plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.h:
+ strvec_join: free result on error and actually use separator char
+ [801546807a8a]
+
+2021-01-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/unescape/check_unesc.c:
+ Test strvec_join() using strlcpy_unesc(). Emulates an overflow like:
+ sudoedit -s '\' `perl -e 'print "A" x 65536'`
+ [8d9a063adde5]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/strvec_join.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Refactor code to flatten an argument vector into a string. This is
+ used when building up the user_args string.
+ [a6ae655d91a1]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/unescape/check_unesc.c,
+ plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add strlcpy_unescape() function to undo escaping from front-end.
+ Includes unit test.
+ [abfaa390d275]
+
+ * plugins/sudoers/parse_ldif.c:
+ Add missing check for reallocarray() failure. Found by OSS-Fuzz.
+ [fcda06966ed7]
+
+2021-01-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/python_convmessage.c,
+ plugins/python/sudo_python_module.c:
+ Remove Py_SSIZE2SIZE to quiet cppcheck warnings. Tuple size cannot
+ be negative and we already handle the case where it is zero.
+ [d6ec5e558a0e]
+
+ * src/parse_args.c:
+ The program name may now only be "sudo" or "sudoedit". We no longer
+ need to check for any string that ends in "edit".
+ [caed524c6ba0]
+
+2021-01-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_5p2 for changeset 83685ffbc4df
+ [74a2ddc3e4a4] <1.9>
+
+ * Merge sudo 1.9.5p2 from tip
+ [83685ffbc4df] [SUDO_1_9_5p2] <1.9>
+
+ * plugins/sudoers/timestamp.c:
+ Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL.
+ We want to zero the struct starting at flags, not type (which was
+ just set). Found by Qualys.
+ [09f98816fc89]
+
+ * src/parse_args.c:
+ Don't assume that argv is allocated as a single flat buffer. While
+ this is how the kernel behaves it is not a portable assumption. The
+ assumption may also be violated if getopt_long(3) permutes
+ arguments. Found by Qualys.
+ [c125fbe68783]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.5p2
+ [89a357d8da4e]
+
+ * src/parse_args.c:
+ Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. This is
+ consistent with how the -e option is handled. Also reject -H and -P
+ flags for sudoedit as was done in sudo 1.7. Found by Qualys, this is
+ part of the fix for CVE-2021-3156.
+ [9b97f1787804]
+
+ * plugins/sudoers/policy.c:
+ Add sudoedit flag checks in plugin that are consistent with front-
+ end. Don't assume the sudo front-end is sending reasonable mode
+ flags. These checks need to be kept consistent between the sudo
+ front-end and the sudoers plugin.
+ [a97dc92eae6b]
+
+ * plugins/sudoers/sudoers.c:
+ Fix potential buffer overflow when unescaping backslashes in
+ user_args. Also, do not try to unescaping backslashes unless in run
+ mode *and* we are running the command via a shell. Found by Qualys,
+ this fixes CVE-2021-3156.
+ [049ad90590be]
+
+2021-01-22 Fabrice Fontaine <fontaine.fabrice@gmail.com>
+
+ * lib/eventlog/Makefile.in:
+ lib/eventlog/Makefile.in: fix static build without closefrom
+
+ Since version 1.9.4 and https://github.com/sudo-
+ project/sudo/commit/bd1ca79cca827a92e904f022e49df121931d4ff5, when
+ closefrom is not available, libsudo_eventlog.a depends on
+ libsudo_util.a. So reflect this dependency in the libtool file to
+ avoid the following static build failure of logsrvd:
+
+ /bin/bash ../libtool --tag=disable-static --mode=link
+ /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
+ linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o
+ logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro
+ ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la
+ ../lib/logsrv/liblogsrv.la /bin/bash ../libtool --tag=disable-static
+ --mode=link
+ /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
+ linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,--
+ enable-new-dtags -Wl,-z,relro ../lib/iolog/libsudo_iolog.la
+ ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
+ libtool: link:
+ /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
+ linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o
+ logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro
+ ../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instanc
+ e-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a
+ -lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a
+ ../lib/logsrv/.libs/liblogsrv.a
+ /home/buildroot/autobuild/instance-1/output-1/host/opt/ext-
+ toolchain/bin/../lib/gcc/powerpc-buildroot-linux-
+ uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld:
+ ../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function
+ `send_mail.constprop.1': eventlog.c:(.text+0x149c): undefined
+ reference to `sudo_closefrom' collect2: error: ld returned 1 exit
+ status
+
+ Fixes:
+ - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f
+ 4dc10eb3b54
+
+ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+ [4e42d276c336]
+
+2021-01-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/log_client.c:
+ Do not add an unfinished write buffer to the queue if it is already
+ present. In client_msg_cb() we only remove a buffer from the queue
+ when it is finished. Inserting the buf again can cause a cycle in
+ the queue.
+ [b398dcc0933d]
+
+2021-01-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/log_client.c:
+ Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can
+ happen when the socket cannot be written to immediately. We need to
+ set the read_instead_of_write flag in that case, _not_
+ write_instead_of_read. Also sync comments with sendlog.c. Bug #954
+ [e4239bb932aa]
+
+2021-01-18 Pavel Březina <pbrezina@redhat.com>
+
+ * plugins/sudoers/auth/pam.c:
+ pam: pass KRB5CCNAME to pam_authenticate environment if available
+
+ If a PAM module wants to authenticate user using GSSAPI, the
+ authentication is broken if non-default ccache name is used in
+ KRB5CCNAME environment variable.
+
+ One way to mitigate this would be to add this to env_keep, but this
+ also makes the variable available in the executed command which may
+ not be always desirable.
+
+ This patch sets KRB5CCNAME for pam_authenticate only, if it is
+ available and not yet set.
+ [90aba6ba6e03]
+
+2021-01-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/progname.c:
+ Fix setprogname() emulation on systems without it. For fully-
+ qualified paths, store the string starting after the last slash, not
+ at the slash itself.
+ [111fde52d116]
+
+2021-01-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_5p1 for changeset 3a873a732416
+ [e837c76279bc] <1.9>
+
+ * Merge sudo 1.9.5p1 from tip
+ [3a873a732416] [SUDO_1_9_5p1] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.5p1
+ [2dbbab94d4b6]
+
+ * src/sudo_edit.c:
+ Run the editor with the user's real and effective uid and gid. Fixes
+ a bug introduced in sudo 1.9.5 where the editor was run setuid root
+ unless SELinux RBAC was in use.
+ [30fe53c07aa7]
+
+ * NEWS:
+ fix typo
+ [52e7767881ba]
+
+ * src/copy_file.c, src/edit_open.c:
+ Add casts to quiet two warnings on Solaris.
+ [f76126f6d68d]
+
+2021-01-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_5 for changeset 4059f5520d9d
+ [ee76c8a938de] <1.9>
+
+ * Merge sudo 1.9.5 from tip
+ [4059f5520d9d] [SUDO_1_9_5] <1.9>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.5.
+ [49dae07bda23]
+
+2021-01-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac, doc/LICENSE, etc/sudo-logsrvd.pp,
+ etc/sudo-python.pp, etc/sudo.pp:
+ Sudo 1.9.5
+ [3a0e500981a8]
+
+ * doc/sudoers.man.in, doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/policy.c:
+ Allow SELinux support to be disabled via the sudoers file. Defaults
+ to true if sudo is built with SELinux support and SELinux is not
+ disabled on the system.
+ [c457eaae8692]
+
+2021-01-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/python_importblocker.c:
+ Add a comment to verify_import() to clarify its purpose.
+ [30ef680f4104]
+
+ * lib/eventlog/eventlog.c, lib/util/arc4random.c,
+ lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
+ plugins/python/python_convmessage.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
+ src/exec_common.c, src/sesh.c, src/sudo.c, src/sudo_edit.c:
+ Suppress PVS Studio false positives.
+ [077f46549351]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Plug a memory leak in sudoerserrorf().
+ [a3c14cf0283e]
+
+ * plugins/sudoers/editor.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/parse.h,
+ plugins/sudoers/starttime.c, plugins/sudoers/tsgetgrpw.c,
+ src/ttyname.c:
+ Quiet a few harmless cppcheck warnings.
+ [ab123790b3fd]
+
+ * src/copy_file.c, src/sudo_edit.c:
+ In sudoedit, use sudo_check_temp_file() for non-SELinux too.
+ [b5d5bd506487]
+
+ * MANIFEST, src/Makefile.in, src/edit_open.c, src/sesh.c,
+ src/sudo_edit.c, src/sudo_edit.h, src/sudo_exec.h:
+ Move safe open code out of sudo_edit.c and into edit_open.c.
+ [108fcca05798]
+
+ * src/Makefile.in, src/edit_open.c, src/sesh.c, src/sudo_edit.c,
+ src/sudo_edit.h:
+ Add directory writability checks for SELinux RBAC sudoedit. These
+ were never added to the SELinux RBAC path.
+ [0d4f28b5a8e2]
+
+ * src/edit_open.c, src/exec.c, src/exec_pty.c, src/sesh.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/sudo_edit.h, src/tgetpass.c:
+ Add struct sudo_cred to hold the invoking or runas user credentials.
+ We can use this when we need to pass around credential info instead
+ of the user_details and command_details structs.
+ [20594f3f00c1]
+
+ * src/edit_open.c, src/sesh.c, src/sudo_edit.c, src/sudo_edit.h:
+ Rename run_cred -> cur_cred and stash existing creds in
+ set_tmpdir(). For sudo_edit_open() et al what we need is a copy of
+ the current cred to restore after dir_is_writable() changes to the
+ user cred.
+ [dcfce8a11282]
+
+ * configure, configure.ac, include/sudo_compat.h, lib/util/progname.c:
+ Add setprogname(3) for those without it.
+ [e2f1d1ecedb0]
+
+ * src/sesh.c, src/sudo_edit.c:
+ Split up sesh_sudoedit() so it is organized more like sudo_edit.c.
+ The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles()
+ functions are analogous to sudo_edit_create_tfiles() and
+ sudo_edit_copy_tfiles(). Also use "sudoedit" in the warning/error
+ messages from sesh_sudoedit(). Otherwise, the user gets a mix of
+ messages from sudoedit and sesh.
+ [5510be4b2129]
+
+ * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/python/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Remove the --force option from the cppcheck args, it causes errors.
+ [57f2ad72e874]
+
+ * include/sudo_util.h, lib/util/progname.c, lib/util/util.exp.in,
+ src/sudo.c:
+ For sudo, only allow "sudo" or "sudoedit" as the program name. The
+ program name is also used when matching Debug lines in sudo.conf. We
+ don't want the user to be able to influence sudo.conf Debug
+ matching. The string "sudoedit" is treated the same as "sudo" in
+ sudo.conf. Problem reported by Matthias Gerstner of SUSE.
+ [1d32c53859f9]
+
+ * lib/iolog/iolog_fileio.c, lib/util/sudo_debug.c,
+ plugins/group_file/getgrent.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/tsgetgrpw.c:
+ Check the return value of fcntl() when setting FD_CLOEXEC. This
+ should never fail unless the fd is invalid. Problem reported by
+ Matthias Gerstner of SUSE.
+ [f1ca39a0d870]
+
+ * src/sudo_edit.c:
+ Fix potential directory existing info leak in sudoedit. When
+ creating a new file, sudoedit checks to make sure the parent
+ directory exists so it can provide the user with a sensible error
+ message. However, this could be used to test for the existence of
+ directories not normally accessible to the user by pointing to them
+ with a symbolic link when the parent directory is controlled by the
+ user. Problem reported by Matthias Gerstner of SUSE.
+ [ea19d0073c02]
+
+ * src/copy_file.c, src/sesh.c, src/sudo_edit.c, src/sudo_exec.h:
+ Add security checks before using temp files for SELinux RBAC
+ sudoedit. Otherwise, it may be possible for the user running
+ sudoedit to replace the newly-created temporary files with a
+ symbolic link and have sudoedit set the owner of an arbitrary file.
+ Problem reported by Matthias Gerstner of SUSE.
+ [8fcb36ef422a]
+
+ * plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ko.mo,
+ po/ko.po, po/sr.mo, po/sr.po, po/sv.mo, po/sv.po:
+ Updated translations from translationproject.org
+ [e68c92c767f1]
+
+2021-01-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Use debug_return_int() not debug_return_bool() to return -1. Found
+ by PVS Studio.
+ [f1f67ca51aeb]
+
+ * plugins/sudoers/logging.c:
+ Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown
+ user.
+ [d1a3f0f4d0f9]
+
+2021-01-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check.c:
+ Make sure lecture file is a regular file before reading it.
+ [c9c68eff1e45]
+
+2021-01-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
+ lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/group_file/plugin_test.c, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/parse.h,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Minor fixes pointed out by cppcheck. Also add
+ compareBoolExpressionWithInt to suppression list.
+ [52316819700e]
+
+ * logsrvd/logsrvd.c:
+ Avoid potential use after free with eventlog-only connections.
+ Coverity CID 215884.
+ [cca5cffabe42]
+
+ * src/exec.c:
+ Cannot do direct exec of a command when SELinux RBAC is enabled.
+ [2706b0fc1451]
+
+ * MANIFEST, configure, configure.ac, include/sudo_compat.h,
+ lib/util/Makefile.in, lib/util/pread.c, lib/util/pwrite.c,
+ scripts/mkdep.pl:
+ Add emulation of pread(3) and pwrite(3) for systems without them.
+ This makes it possible to remove some ugly #ifdefs and only affects
+ very old systems.
+ [1c2a31bda598]
+
+ * lib/iolog/iolog_fileio.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/timestamp.c:
+ Remove #ifdefs around code using pread(3) and pwrite(3).
+ [3830fdf650df]
+
+ * plugins/sudoers/Makefile.in:
+ Regen now that ldap.c and sssd.c no longer need gram.h
+ [5cc4e107f301]
+
+2020-12-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/fatal.c:
+ Fix deregistration of a callback that is not at the head of the
+ list. The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought
+ it did. Just store our own prev pointer and use that instead.
+ [04c290fe1fcb]
+
+2020-12-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ Fix the buffer size parameter when serializing the interface list.
+ Problem reported by Matthias Gerstner of SUSE.
+ [b0cae3ac8e46]
+
+2020-12-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_4p2 for changeset 8aed5221ede9
+ [a74faf363dbb] <1.9>
+
+ * merge sudo 1.9.4p2 from tip
+ [8aed5221ede9] [SUDO_1_9_4p2] <1.9>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.4p2
+ [8bb8ec358990]
+
+ * plugins/sudoers/sudoers.c:
+ The runas user must be set before applying runas-based Defaults.
+ This effectively backs out changeset f738f5ac5350, which made it
+ possible to log the command when an invalid user was specified. The
+ policy plugin API doesn't supply the command until the check
+ function, at which point we've already denied the command due to the
+ invalid user. Bug #951.
+ [8a415f555cf9]
+
+2020-12-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/uncrustify-small.cfg, etc/uncrustify.cfg:
+ Don't enable mod_remove_empty_return We like to use an empty return
+ for stub functions.
+ [018ef129dc24]
+
+2020-12-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_4p1 for changeset 8f65fd9f0f57
+ [e27e424f9f56] <1.9>
+
+ * merge sudo 1.9.4p1 from tip
+ [8f65fd9f0f57] [SUDO_1_9_4p1] <1.9>
+
+ * plugins/sudoers/policy.c:
+ The lower bounds for the "closefrom" option is 3, not 4. This is a
+ regression introduced in sudo 1.8.9 with the strtonum() conversion.
+ Bug #950.
+ [fb06603b9a12]
+
+2020-12-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.4p1
+ [59c37ec1a128]
+
+2020-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Direct execution of a command is incompatible with using a log
+ server.
+ [91afbbde217a]
+
+ * plugins/sudoers/audit.c:
+ Set sudoers_audit.close to NULL if not using a log server.
+ [231abb92a3b2]
+
+2020-12-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.guess, config.h.in, config.sub, configure, configure.ac:
+ Regenerate configure script with autoconf 2.71. Also fix some
+ warnings from the new version.
+ [cd1c7615e861]
+
+2020-12-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, src/sudo.c:
+ Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups.
+ On macOS 10.6 and above, getgroups(2) can return more than
+ NGROUPS_MAX if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is
+ defined. Bug #946
+ [2e7d3c3cf18b]
+
+2020-12-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
+ Comment out the default plugin lines in the example sudo.conf. Fixes
+ a problem when there are multiple versions of sudo installed and not
+ all suport the audit plugin, such as on macOS. GitHub issue #75
+ [aaed5d7a3471]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Store the user-provided runas user and group name in struct
+ sudo_user. This makes it available for event logging in case the
+ name doesn't resolve.
+ [98d70ba8a2a6]
+
+ * plugins/sudoers/logging.c:
+ Log submit group to event log.
+ [3e7ace99f7f8]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Store iolog_path in struct sudo_user for use in the event log.
+ [35bc39ec8ad5]
+
+2020-12-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ Defer lookup of runas user until sudoers_main() for better logging.
+ The log message now includes user info and the command attempted.
+ [f738f5ac5350]
+
+ * lib/eventlog/eventlog.c:
+ Don't assume that just because command is non-NULL, argv is non-
+ NULL.
+ [4fac4ae88e4e]
+
+ * plugins/sudoers/logging.c:
+ Fix a crash introduced in 1.9.4 when running command as an unknown
+ user. Bug #948
+ [8b24c140ec7c]
+
+2020-12-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ When shutting down the server, close non-I/O log connections
+ immediately. Avoids a timeout during server shutdown while the
+ server waits for active connections to close.
+ [26bfda2c8f67]
+
+ * src/sudo.c:
+ Audit errors from policy_init_session(), audit_accept(), and
+ audit_reject().
+ [638e583754ac]
+
+ * src/sudo.c:
+ Do not run the command if the audit accept function fails. Also add
+ warnings if the audit reject or error functions fail.
+ [ca94ef438961]
+
+ * plugins/sudoers/log_client.c:
+ Reduce the number of error messages when we can't connect to the
+ audit server. Add the error string to "unable to connect to log
+ server" instead of using an extra error message for the connect(2)
+ failure.
+ [25ac7ac5bfdf]
+
+ * plugins/sudoers/log_client.c:
+ Use correct error message when the TLS connection is dropped. Was:
+ "recv: Unknown error 0", now: "lost connection to log server".
+ [5c3f319b1f75]
+
+2020-12-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h:
+ Change alias_add() to return bool and set errno on failure. This
+ fixes a localization problem where the error message could have been
+ reported in the wrong locale.
+ [1859fe3da40c]
+
+2020-11-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ Fix build when configured using --without-sendmail Bug #947
+ [41db1aad85bb]
+
+2020-11-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_4 for changeset 74705fb3b956
+ [45a5e742496e] <1.9>
+
+ * merge sudo 1.9.4 from tip
+ [74705fb3b956] [SUDO_1_9_4] <1.9>
+
+ * plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/hr.mo,
+ po/hr.po:
+ Updated translations from translationproject.org
+ [96a5cfe3c66b]
+
+2020-11-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ sudo_logsrvd.conf pid_file change.
+ [fdc0276c7e0e]
+
+ * logsrvd/logsrvd.c:
+ Don't try to unlink a NULL pointer.
+ [95babad9636a]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
+ If pid_file is set to an empty value, disable the use of a pid file.
+ [d4462105ab4b]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ logsrvd/logsrvd.c:
+ Don't overwrite sudo_logsrvd.pid if it is a symbolic link.
+ [d79f97a0a533]
+
+ * INSTALL, configure, configure.ac, etc/codespell.exclude,
+ plugins/sudoers/env.c:
+ Fix typo detected by codespell 2.0.0 Also avoid some new false
+ positives
+ [d973f44e2396]
+
+2020-11-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/uncrustify-small.cfg, etc/uncrustify.cfg,
+ plugins/python/regress/testhelpers.h, plugins/sudoers/env.c,
+ plugins/sudoers/sudo_ldap_conf.h:
+ Set pp_ignore_define_body=false in uncrustify config. Need to work
+ around a bug that produces closed brace errors, see
+ https://github.com/uncrustify/uncrustify/issues/2569
+ [5e4692fca707]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo,
+ po/hr.po, po/it.mo, po/it.po:
+ Updated translations from translationproject.org
+ [156162e6e07e]
+
+2020-11-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_conf.c:
+ Fix calling sudo_conf_read() multiple times with different
+ conf_types. The change to reinitialize the configuration data when
+ sudo_conf_read() is called again didn't take into account that sudo
+ calls sudo_conf_read() twice--once for the debug info and once for
+ everything else.
+ [b6869b7da3c2]
+
+2020-11-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Don't free the private copy of the environment until the close
+ function. We may need to use it when logging from the audit reject
+ function.
+ [5118eb5797fb]
+
+ * plugins/sudoers/log_client.c:
+ It is possible for evlog->argv or evlog->envp to be NULL.
+ [798ff96301bf]
+
+ * src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Pass command_info[] to audit plugin on I/O log plugin reject or
+ error. The audit plugin should cope with a NULL command_info but
+ there's no reason not to pass the info when we have it.
+ [e361897d0192]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ plugins/sudoers/audit.c:
+ For the audit plugin, command_info may be NULL. Fixes a NULL
+ dereference in sudoers_audit when an I/O logging plugin rejects
+ input/output or returns an error.
+ [9abee774e7e1]
+
+ * plugins/sudoers/defaults.c:
+ Add missing initialization of def_log_format to sudo.
+ [8c824f6dcfdd]
+
+2020-11-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac:
+ Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled.
+ Add a check for the function declaration in openssl/ssl.h.
+ [d6d0665572ec]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Event log data is sent to sudo_logsrvd even when not I/O logging.
+ [d720f4ad3d40]
+
+2020-11-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Regenerate sudoers.pot for 1.9.4
+ [127283726e97]
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.9.4.
+ [2cb747911aef]
+
+ * plugins/sudoers/audit.c:
+ Update struct eventlog based on command_info[] from front-end. The
+ I/O log path is not known until the I/O log plugins have run and
+ other plugins may alter the execution environment.
+ [3ad14a88052e]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/logging.h,
+ plugins/sudoers/regress/testsudoers/test13.out.ok,
+ plugins/sudoers/toke.h:
+ Add sudoerserrorf(), a printf-style yyerror() function. Use this to
+ display a better error message when using a reserved work in an
+ alias definition.
+ [1bb3915f61b6]
+
+2020-11-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Build universal binaries on macOS 11.0 and higher. The resulting
+ package should work on Macs based on Apple Silicon.
+ [91cdeda79e66]
+
+2020-11-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/editor.c:
+ Support EDITOR environment variable that includes quotes. Quote
+ support is limited to the beginning of a word. Also handles
+ characters escaped with a backslash.
+ [ebb7f3c6240c]
+
+2020-11-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/Makefile.in, plugins/python/pyhelpers.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
+ check_example_debugging_c_calls@diag.log, plugins/python/regress/tes
+ tdata/check_example_debugging_c_calls@info.log, plugins/python/regre
+ ss/testdata/check_example_debugging_plugin@info.log, plugins/python/
+ regress/testdata/check_example_debugging_py_calls@diag.log, plugins/
+ python/regress/testdata/check_example_debugging_py_calls@info.log, p
+ lugins/python/regress/testdata/check_example_group_plugin_is_able_to
+ _debug.log, plugins/python/regress/testdata/check_example_io_plugin_
+ command_log.stored, plugins/python/regress/testdata/check_example_io
+ _plugin_command_log_multiple1.stored, plugins/python/regress/testdat
+ a/check_example_io_plugin_command_log_multiple2.stored, plugins/pyth
+ on/regress/testdata/check_example_io_plugin_failed_to_start_command.
+ stored, plugins/python/regress/testdata/check_example_io_plugin_fail
+ s_with_python_backtrace.stderr, plugins/python/regress/testdata/chec
+ k_example_policy_plugin_validate_invalidate.log, plugins/python/regr
+ ess/testdata/check_loading_fails_not_owned_by_root.stderr, plugins/p
+ ython/regress/testdata/check_loading_fails_wrong_classname.stderr, p
+ lugins/python/regress/testdata/check_loading_fails_wrong_path.stderr
+ , plugins/python/regress/testdata/check_multiple_approval_plugin_and
+ _arguments.stdout, plugins/python/regress/testdata/check_python_plug
+ ins_do_not_affect_each_other.stdout,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h:
+ Back out regex use in python tests, filter the output instead. This
+ makes it possible to regenerate the test output again. Also adds an
+ update_test_data target to the Makefile.
+ [3837f51a8072]
+
+ * plugins/sudoers/ldap.c:
+ Ignore sudoNotBefore and sudoNotAfter unless ldap.conf contains
+ SUDOERS_TIMED This is consistent with the pre-1.8.24 behavior. Bug
+ #945
+ [d1e1bb5a6cc1]
+
+ * src/sudo.c:
+ Stay setuid until just before executing the command. Fixes a problem
+ with pam_xauth which checks effective and real uids to get the real
+ identity of the user.
+ [2c6fef0107c8]
+
+2020-11-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
+ Introduce new_member_all() for code that doesn't include gram.h. The
+ ldap and sssd back-ends no longer require gram.h which fixes a
+ compilation issue with IBM LDAP.
+ [1729532cda27]
+
+ * lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c:
+ On SIGHUP, deregister the old debug instance before registering a
+ new one. Otherwise, if debugging is enabled we will get an extra log
+ instance each time sudo_logsrvd reeives SIGHUP which results in
+ duplicate lines in the debug log.
+ [538633994d8a]
+
+2020-11-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
+ Refactor code to format the client message after the hello.
+ [12d29d129166]
+
+ * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
+ include/log_server.pb-c.h, lib/eventlog/eventlog.c,
+ lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c,
+ plugins/sudoers/log_client.c:
+ Add info_msgs to AlertMessage and populate it. This lets us log
+ eventlog info along with the alert if it is available.
+ [493a047a4463]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Use sudoers_to_eventlog() and init_log_details() in
+ sudoers_audit_accept(). log_deserialize_info() can be private to
+ iolog.c again.
+ [0b4e03904f3d]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/log_client.c,
+ plugins/sudoers/log_client.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Log reject and alert messages to the log server if one is defined.
+ [087cf87d10af]
+
+ * plugins/sudoers/logging.c:
+ Treat an authentication failure as a reject, not an alert. This
+ matters when logging via sudo_logsrvd. It also lets us remove a
+ special case in vlog_warning().
+ [ae489d3f20a8]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h, plugins/sudoers/log_client.c,
+ plugins/sudoers/sudoers.c:
+ Rename iolog_client -> log_client. The logsrvd client code is now
+ used for more than just I/O logging.
+ [ea47ce43bbee]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_plugin.h,
+ plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
+ Rename iolog_plugin.h to log_client.h. It is no longer I/O log
+ specific and is used by sudoers_audit too.
+ [cde784a59490]
+
+ * configure, configure.ac:
+ Remove hack to define YYTOKENTYPE, it breaks newer bison.
+ [8b919ef33db7]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h:
+ Regenerate with bison 3.7.3
+ [9fb81b933c43]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c:
+ Use struct eventlog *evlog, not struct eventlog *details.
+ [a9b5f3c2902f]
+
+2020-11-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ For logsrvd AlertMessages, evlog will be NULL.
+ [d048f7b429d5]
+
+ * lib/eventlog/eventlog.c:
+ Append errstr to reason for alert and reject events if specified.
+ Previously, we logged the error string separately but this is not
+ consistent with how it is logged in other formats.
+ [68c76e530248]
+
+ * plugins/sudoers/logging.c:
+ Fix cut & pasto in debug subsystem.
+ [c39dd60b6d2d]
+
+2020-11-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Refactor code to format InfoMesage array into fmt_info_messages().
+ Add free_info_messages() to free the array.
+ [e6223d325c77]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Log accept messages in sudoers_audit if not I/O logging.
+ [cdb5c443c97d]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Refactor sudoers_io_open_remote() into log_server_open(). Also
+ rename client_close() to log_server_close(). This keeps more of the
+ client code details out of iolog.c and will be used when logging
+ accept messages from the audit plugin.
+ [e3f6ba6768b8]
+
+ * plugins/sudoers/iolog.c:
+ Move argv and envp setting into iolog_deserialize_info().
+ [613b97f1d7bc]
+
+ * logsrvd/logsrvd.c:
+ Avoid early return in handle_accept() if expect_iobufs not set.
+ [918adc8234f0]
+
+2020-11-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
+ e_approval_plugin_and_arguments.stdout, src/exec.c,
+ src/load_plugins.c:
+ Add event_alloc to the audit plugin API. The sudoers audit plugin
+ will use this to communicate with sudo_logsrvd.
+ [c2fc2911476b]
+
+ * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
+ Set server_name before initiating TLS connection so verify function
+ works. Fixes a crash in the SSL_VERIFY_PEER callback. Also call
+ inet_ntop(3) with addr pointer, not sockaddr pointer so we get the
+ correct IP address.
+ [7a7dcebbe889]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/sudoers/test18.toke.ok,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok,
+ plugins/sudoers/regress/sudoers/test3.ldif.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif.ok,
+ plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/visudo.c:
+ Store column number for aliases, defaults and userspecs too. This is
+ used to provided the column number along with the line number in
+ error messages. For aliases we store the column of the alias name,
+ not the value since that is what visudo generally needs.
+ [1c9d86b88517]
+
+2020-11-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/regress/testsudoers/test12.out.ok,
+ plugins/sudoers/regress/testsudoers/test13.out.ok:
+ Display column number in parse error messages too. Bug #841
+ [0aea28dec8f2]
+
+ * plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
+ Move tls initialized flag into client_closure. We may call
+ tls_init() from multiple places in the future so a static
+ initialized flag will cause problems.
+ [00b2b02c24c5]
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ Fix -Wshadow warnings caused by json enum member.
+ [ea336980bb6a]
+
+2020-10-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * ABOUT-NLS, INSTALL, NEWS, configure.ac, doc/UPGRADE,
+ doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/visudo.man.in, doc/visudo.mdoc.in, examples/sudo.conf.in,
+ include/compat/getaddrinfo.h, install-sh, lib/util/getaddrinfo.c,
+ lib/util/getentropy.c, lib/util/regress/sudo_conf/test1.in,
+ lib/util/regress/sudo_parseln/test1.in,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/strtoid.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
+ m4/sudo.m4, plugins/group_file/group_file.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/load_plugins.c, src/sudo.c,
+ src/sudo_noexec.c, src/tgetpass.c:
+ Apply Google inclusive language guidelines. Also replace backwards
+ with backward.
+ [678fbce6054f]
+
+2020-10-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
+ Refernce IBM LDAP libs, not Tivoli since that is how it is packaged.
+ We still use Tivoli when talking about the server itself but refer
+ to it as the "IBM Tivoli Directory Server".
+ [9f97a7e6b67a]
+
+ * doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
+ Add a newline before "This option is ..."
+ [853f819f0241]
+
+ * doc/sudoers.man.in:
+ regen
+ [8b29097f2cd1]
+
+2020-10-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/eventlog/regress/logwrap/check_wrap.in,
+ lib/eventlog/regress/logwrap/check_wrap.out.ok:
+ Test eventlog_writeln() when word wrap is disabled.
+ [73acb7fbef59]
+
+ * configure, configure.ac:
+ Bison generates an extra enum containing the parser tokens. This
+ conflicts with the IBM ldap.h at least. Prevent it from being
+ exposed by defining YYTOKENTYPE.
+ [f3445ad76687]
+
+ * configure, configure.ac:
+ IBM LDAP packages use a lib64 directory for 64-bit libraries. We
+ need to add this to LDFLAGS so the linker is able to find the
+ correct libs when building 64-bit binaries.
+ [701b83f6cd13]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/ldap.c:
+ Use ssl_err2string() in message on ldap_ssl_client_init() failure.
+ Displaying SSL reason code directly is not user-friendly.
+ [aaf272403f3e]
+
+2020-10-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ For JSON logs, write the most important log elements first. This is
+ important for syslog where the record could be truncated.
+ [58fc957c41bb]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ Add log_format sudoers setting to select sudo or json format logs.
+ Defaults to sudo-format logs.
+ [2936d2750af0]
+
+ * include/sudo_json.h, lib/eventlog/eventlog.c, lib/util/json.c:
+ Support "minimal" JSON which skips all non-essention whitespace.
+ This replaces the old "compact" mode which is only used for syslog.
+ [be07bca67019]
+
+ * plugins/sudoers/logging.c:
+ Don't warn about log failure more than once.
+ [b4dc59a58d1d]
+
+2020-10-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/eventlog/eventlog.c:
+ Check for fdopen(3) failure in send_mail().
+ [e08b17bf26ce]
+
+ * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
+ lib/eventlog/eventlog.c, lib/eventlog/logwrap.c,
+ lib/eventlog/regress/logwrap/check_wrap.c,
+ lib/eventlog/regress/logwrap/check_wrap.in,
+ lib/eventlog/regress/logwrap/check_wrap.out.ok,
+ plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/logwrap.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/logging/check_wrap.in,
+ plugins/sudoers/regress/logging/check_wrap.out.ok,
+ plugins/sudoers/sudoers.c:
+ Add support for file log line wrapping in libeventlog.
+ [935c30cf7633]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Use real setters for the eventlog config. This makes it possible to
+ have a base config that the callers can modify instead of replacing
+ the config wholesale.
+ [2ca1e7d376c2]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/policy.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ Use libeventlog in sudoers instead of doing our own logging.
+ [d8306755201a]
+
+ * lib/eventlog/eventlog.c, plugins/sudoers/logging.c:
+ Log the short version of the tty in sudoers-format logs. This is
+ consistent with historical practice.
+ [69440e4659a8]
+
+ * lib/eventlog/eventlog.c:
+ Add default values in eventlog_setconf().
+ [582d359a8ec0]
+
+ * include/sudo_eventlog.h, lib/eventlog/Makefile.in,
+ lib/eventlog/eventlog.c, logsrvd/logsrvd.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.h:
+ Add support for mailing eventlog entries and for logging raw
+ messages. These will be used by the sudoers plugin.
+ [acab8209ddd0]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c,
+ lib/iolog/iolog_fileio.c:
+ If no JSON callback is provided, store the contents of struct
+ eventlog. This moves the JSON formatting of struct eventlog out of
+ libsudo_iolog and into libsudo_eventlog where it belongs.
+ [260a7ec65485]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c:
+ struct eventlog contains submit_time, no need to pass it in
+ directly.
+ [a3ac404e6a59]
+
+ * include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c:
+ Add an errstr argument to eventlog_alert().
+ [e2afd2f1c092]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
+ Make a copy of the strings stored in iolog_details and struct
+ eventlog. Previously, we just made the strings const and relied on
+ the front-end not changing them. Now the sudoers I/O log plugin
+ behavior is consistent with the policy plugin.
+ [406632298bd5]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
+ Use struct eventlog in iolog_details.
+ [c22e05f420fe]
+
+ * include/sudo_eventlog.h, include/sudo_iolog.h,
+ lib/eventlog/eventlog.c, lib/iolog/Makefile.in,
+ lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
+ lib/iolog/iolog_util.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
+ logsrvd/sendlog.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoreplay.c:
+ Use struct eventlog in place of struct iolog_info.
+ [9fef7a5f077b]
+
+ * logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ No longer need eventlog-related getters in logsrvd.c
+ [e3ab80a9a892]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ Use libeventlog in sudo_logsrvd.
+ [3dd22be50c30]
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ include/sudo_eventlog.h, lib/eventlog/Makefile.in,
+ lib/eventlog/eventlog.c, logsrvd/logsrvd.h:
+ Refactor eventlog code into a library
+ [2e02c25be009]
+
+2020-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
+ logsrvd/Makefile.in, plugins/python/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ regen Makefiles
+ [d9064a0c53ae]
+
+ * scripts/mkpkg:
+ Build 64-bit binaries on HP-UX ia64
+ [3f8b599e7d7f]
+
+2020-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in:
+ Explicitly set umask when running tests. Some tests create files
+ that must not be world-writable.
+ [9186ea1d2696]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ sudoers_policy_store() -> sudoers_policy_store_result()
+ [3dad5322916b]
+
+2020-10-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). It is
+ called even when there is no command to execute. Also pass in status
+ of whether or not the command was accepted.
+ [a0ded23e81c4]
+
+2020-10-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/cvtsudoers/test1.sh,
+ plugins/sudoers/regress/cvtsudoers/test10.sh,
+ plugins/sudoers/regress/cvtsudoers/test11.sh,
+ plugins/sudoers/regress/cvtsudoers/test12.sh,
+ plugins/sudoers/regress/cvtsudoers/test13.sh,
+ plugins/sudoers/regress/cvtsudoers/test14.sh,
+ plugins/sudoers/regress/cvtsudoers/test15.sh,
+ plugins/sudoers/regress/cvtsudoers/test16.sh,
+ plugins/sudoers/regress/cvtsudoers/test17.sh,
+ plugins/sudoers/regress/cvtsudoers/test18.sh,
+ plugins/sudoers/regress/cvtsudoers/test19.sh,
+ plugins/sudoers/regress/cvtsudoers/test2.sh,
+ plugins/sudoers/regress/cvtsudoers/test20.sh,
+ plugins/sudoers/regress/cvtsudoers/test21.sh,
+ plugins/sudoers/regress/cvtsudoers/test22.sh,
+ plugins/sudoers/regress/cvtsudoers/test23.sh,
+ plugins/sudoers/regress/cvtsudoers/test24.sh,
+ plugins/sudoers/regress/cvtsudoers/test25.sh,
+ plugins/sudoers/regress/cvtsudoers/test26.sh,
+ plugins/sudoers/regress/cvtsudoers/test27.sh,
+ plugins/sudoers/regress/cvtsudoers/test28.sh,
+ plugins/sudoers/regress/cvtsudoers/test29.sh,
+ plugins/sudoers/regress/cvtsudoers/test3.sh,
+ plugins/sudoers/regress/cvtsudoers/test30.sh,
+ plugins/sudoers/regress/cvtsudoers/test31.sh,
+ plugins/sudoers/regress/cvtsudoers/test32.sh,
+ plugins/sudoers/regress/cvtsudoers/test33.sh,
+ plugins/sudoers/regress/cvtsudoers/test4.sh,
+ plugins/sudoers/regress/cvtsudoers/test5.sh,
+ plugins/sudoers/regress/cvtsudoers/test6.sh,
+ plugins/sudoers/regress/cvtsudoers/test7.sh,
+ plugins/sudoers/regress/cvtsudoers/test8.sh,
+ plugins/sudoers/regress/cvtsudoers/test9.sh,
+ plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test10.sh,
+ plugins/sudoers/regress/testsudoers/test11.sh,
+ plugins/sudoers/regress/testsudoers/test12.sh,
+ plugins/sudoers/regress/testsudoers/test13.sh,
+ plugins/sudoers/regress/testsudoers/test14.sh,
+ plugins/sudoers/regress/testsudoers/test15.sh,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/regress/testsudoers/test6.sh,
+ plugins/sudoers/regress/testsudoers/test7.sh,
+ plugins/sudoers/regress/testsudoers/test8.sh,
+ plugins/sudoers/regress/testsudoers/test9.sh,
+ plugins/sudoers/regress/visudo/test1.sh,
+ plugins/sudoers/regress/visudo/test10.sh,
+ plugins/sudoers/regress/visudo/test2.sh,
+ plugins/sudoers/regress/visudo/test3.sh,
+ plugins/sudoers/regress/visudo/test4.sh,
+ plugins/sudoers/regress/visudo/test5.sh,
+ plugins/sudoers/regress/visudo/test6.sh,
+ plugins/sudoers/regress/visudo/test7.sh,
+ plugins/sudoers/regress/visudo/test8.sh,
+ plugins/sudoers/regress/visudo/test9.sh:
+ Pass path to testsudoers, visudo or cvtsudoers in the environment.
+ Falls back on the unqualified command if the environment variable is
+ not set.
+ [a7b8c413b66d]
+
+2020-10-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sssd.c:
+ Init cmnds to NULL in rule_to_priv() so we don't free a bogus
+ pointer. In the sssd backend, the rule_to_priv() cleanup code
+ assumes cmnds can be passed to fn_free_values(), which was not the
+ case if we receive an error getting values for "sudoCommand". This
+ is a regression introduced in sudo 1.9.1. Fix from Ron Bowes. GitHub
+ issue #67.
+ [a3fe4615f039]
+
+2020-10-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h:
+ Pass runchroot to match_digest() too. We use the open fd for the
+ actual I/O but having runchroot makes it possible to report the
+ correct file name in error messages.
+ [2e1d142e2fe5]
+
+2020-10-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ GitHub issue #61 was fixed in sudo 1.9.3.
+ [55e54b3111f0]
+
+2020-09-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
+ Fix indentation of enum def_tuple.
+ [237db08cc1a3]
+
+2020-09-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Remove special case EOF handling; lines now always end in a newline.
+ Previously we needed to emulate some of the state transitions that
+ happen at end-of-line at end-of-file as well. Those are no longer
+ needed now that we are guaranteed to always have a newline at the
+ end.
+ [4c0c21b081f7]
+
+2020-09-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Increment sudolinebuf.size after realloc().
+ [b871905c3442]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y,
+ plugins/sudoers/regress/sudoers/test13.toke.ok,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add a newline at end of line if one is missing. This is simpler than
+ having to support entries that end at EOF too.
+ [cb335acb1064]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test14.out.ok,
+ plugins/sudoers/regress/testsudoers/test14.sh,
+ plugins/sudoers/regress/testsudoers/test15.out.ok,
+ plugins/sudoers/regress/testsudoers/test15.sh:
+ Add tests for entries without a newline.
+ [98a50d8301a8]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix handling of a command spec without a newline at the end. For
+ include files, we may need to inject a newline token now that the
+ grammar requires lines to end with a newline or EOF. There is no END
+ (EOF) token processed after popping off an include file since
+ everything is just treated as one big file.
+ [3e6c62ea7237]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Mark sudoerserror() messages for translation.
+ [d6a173cea48b]
+
+ * plugins/sudoers/regress/sudoers/test8.toke.ok,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix line number accounting when a string contains a newline. Strings
+ are not allowed to span multiple lines without a continuation
+ character. Also provide a better error message if we are in the
+ middle of a string and hit EOF.
+ [cf34b0a3beba]
+
+2020-09-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Use sudoerschar (yychar) instead of last_token. The parser already
+ provides a way to examing the last token processed, we don't need to
+ add our own.
+ [ba35fe36bd56]
+
+2020-09-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/closefrom.c, lib/util/getentropy.c, lib/util/pipe2.c,
+ lib/util/term.c, lib/util/ttyname_dev.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/env.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/policy.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/load_plugins.c, src/sudo.c,
+ src/sudo_plugin_int.h, src/tgetpass.c, src/ttyname.c:
+ Fix -Wshadow warnings.
+ [5480e97a1160]
+
+ * configure, configure.ac:
+ Add -Wshadow to warning flags if the compiler supports it.
+ [6f29b5ebc2b8]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test13.out.ok,
+ plugins/sudoers/regress/testsudoers/test13.sh:
+ Add test for syntax error when defining an alias using a reserved
+ word.
+ [4c90b3952ed1]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix pasto, TIMEOUT not CMND_TIMEOUT.
+ [842ad3a578f2]
+
+ * NEWS, doc/UPGRADE, doc/sudoers.man.in, doc/sudoers.man.in.sed,
+ doc/sudoers.mdoc.in:
+ Document reserved words that cannot be used as alias names. Bug #941
+ [4b37a2174cd2]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/sudoers_version.h:
+ Detect when a reserved word is used when declaring an alias. Now
+ instead of "syntax error, unexpected CHROOT, expecting ALIAS" the
+ message is "syntax error, reserved word used as an alias name" Bug
+ #941
+ [dfc55de5526c]
+
+2020-09-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_3p1 for changeset 02c47b39359e
+ [23bf4d95356d] <1.9>
+
+ * merge sudo 1.9.3p1 from tip
+ [02c47b39359e] [SUDO_1_9_3p1] <1.9>
+
+ * plugins/sudoers/sudoers.c:
+ Fix potential NULL deref in debug code.
+ [c6b8910ac7dc]
+
+ * plugins/sudoers/getspwuid.c:
+ Close the passwd db before calling getpwnam_shadow(3). Otherwise, we
+ will get the non-shadow passwd entry ("*") since we called
+ setpassent(3) earlier to keep the passwd db open.
+ [71ee5e16e4c5]
+
+ * configure, configure.ac:
+ Fix configure test for crypt(3) when it is present in libc. Fixes a
+ regression introduced in sudo 1.9.3.
+ [0d77733de667]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
+ Add SLOG_AUDIT flag for log_warningx() to also audit the message.
+ This lets us combine audit_failure() and log_warningx() calls with
+ the same message.
+ [23a8a5eab2ff]
+
+ * plugins/sudoers/sudoers.c:
+ Log when user-specified command line options are rejected by
+ sudoers. We already audit those but in some cases they were not
+ logged as well.
+ [30d991993763]
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.9.3p1
+ [0cbbb7608c3f]
+
+2020-09-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_3 for changeset bdd40c087bec
+ [eca7e986d20f] <1.9>
+
+ * merge sudo 1.9.3 from tip
+ [bdd40c087bec] [SUDO_1_9_3] <1.9>
+
+2020-09-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Move warning about plaintext password to the end of configure. It is
+ unlikely to be noticed at the beginning of the output.
+ [b3b5abcedc73]
+
+2020-09-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo,
+ po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po:
+ Updated translations from translationproject.org
+ [54b5484b2756]
+
+2020-09-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c:
+ Use a simple string compare on systems without crypt(3). This is
+ only used on systems without PAM, BSD authentication or AIX
+ authentication. Bug #940.
+ [aed39197f364]
+
+ * src/utmp.c:
+ Fix typo in last commit.
+ [30a77a50f7b2]
+
+2020-09-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_edit.c:
+ Only use faccessat(3) if AT_EACCESS is defined. Apparently Android
+ (bionic) has faccessat() but not AT_EACCESS. Bug #940.
+ [18604919a023]
+
+ * src/utmp.c:
+ Guard use of ttyslot() with HAVE_TTYSLOT, fix guard for
+ utmp_setid(). This should make it easier to compile sudo on Android
+ which doesn't provide a way to write to the utmp file. Bug #940.
+ [69fe5b8426cd]
+
+2020-09-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * po/zh_CN.mo, po/zh_CN.po:
+ Updated translations from translationproject.org
+ [ef72535d71a5]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
+ po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo,
+ po/it.po, po/ja.mo, po/ja.po, po/pl.mo, po/pl.po, po/pt.mo,
+ po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, po/sr.po, po/tr.mo,
+ po/tr.po, po/uk.mo, po/uk.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [48fdb293a803]
+
+ * configure, configure.ac, plugins/sudoers/po/sudoers.pot:
+ Back out sudo 1.9.3b1 version change.
+ [70cee88da8b1]
+
+2020-09-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac, plugins/sudoers/defaults.c,
+ plugins/sudoers/po/sudoers.pot:
+ Fix typo in warning for T_CHPATH, list '~' not '*' twice. Bug #938
+ [d516bebe9644]
+
+2020-09-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update .pot files for 1.9.3.
+ [47cedd231dd6]
+
+2020-09-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Add missing check for strdup() failure. Coverity CID 214243
+ [86cf4da0cd81]
+
+ * examples/sudoers:
+ Sync example sudoers with manual page.
+ [1ccf32907f11]
+
+2020-09-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add simple runchroot and runcwd examples. Also document the
+ limitation of command-based Defaults settings.
+ [6a610884670c]
+
+ * plugins/sudoers/sudoers.c:
+ Add callback for runchroot Defaults and require password -D/-R
+ checks. Using a command-based Default for runchroot will still only
+ work for paths that exist both in and outside the chroot.
+ [a50148e16b89]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Pass a struct to the match functions to track the resolved command.
+ This makes it possible to update user_cmnd and cmnd_status modified
+ by per-rule CHROOT settings.
+ [c71faa1f5ea1]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/editor.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ Take the chroot into account when search for the command. This could
+ a a user-specific chroot via the -R option, a runchroot Defaults
+ value, or a per-command CHROOT spec in the sudoers rule.
+ [d8765611b48c]
+
+2020-09-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Remove closefrom_fallback() from lib/util/util.exp. It is a static
+ function and should not be exported.
+ [dc09dc563197]
+
+2020-09-06 Evan Anderson <evan@eaanderson.com>
+
+ * configure, m4/sudo.m4:
+ configure: Fix runstatedir handling for distros that do not support
+ it
+
+ runstatedir was added in yet-to-be released autoconf 2.70. Some
+ distros are shipping this addition in their autoconf packages, but
+ others, such as Fedora, are not. This causes the rundir variable to
+ be set incorrectly if the configure script is regenerated with an
+ unpatched autoconf since the runstatedir variable set is deleted
+ after regeneration. This change works around that problem by
+ checking that runstatedir is non-empty before potentially using it
+ to set the rundir variable
+ [35c1eb25dd9d]
+
+2020-09-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/Makefile.in:
+ We need to link with NET_LIBS for gai_strerror() on some systems.
+ From Tim Rice
+ [b10aeb7ec2ed]
+
+ * ltmain.sh:
+ Fix sco library versioning; fallout from frebsd-elf reorg. From Tim
+ Rice
+ [072a37c2d3cb]
+
+ * configure, configure.ac:
+ SVR4/5 fixes and long password support for OpenServer 6 & 5. From
+ Tim Rice
+ [8622970c77c3]
+
+ * lib/logsrv/protobuf-c.c:
+ Use config.h to handle systems without inline function support.
+ [1ba5301de713]
+
+ * configure, configure.ac:
+ Prefer dlopen() over shl_load() on HP-UX 11.11 and higher.
+ [065316970f79]
+
+ * include/sudo_fatal.h, lib/util/fatal.c:
+ Define sudo_warn_setlocale_t and use sudo_conv_t in sudo_fatal.h.
+ Works around a bug in older versions of the HP ANSI C compiler and
+ results in more readable code.
+ [0e53ec783100]
+
+ * configure, configure.ac:
+ HP-UX cc may not allow __declspec(dllexport) to be used in
+ conjunction with "#pragma HP_DEFINED_EXTERNAL" when redefining
+ standard libc functions.
+ [7190082c3a09]
+
+2020-09-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Fix check for hiding unexported symbols on HP-UX. We need to pass
+ the -b option to the compiler, not just the linker, so it will
+ choose the PIC C runtime.
+ [bc1b9351cbce]
+
+ * src/regress/ttyname/check_ttyname.c:
+ Check that the files are character devices before comparing st_rdev.
+ [d9f8b730d131]
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix regress when ttyname(3) returns the same device under a
+ different name. On systems that have both new and old pty names we
+ can end up with a name mismatch even though the underlying device is
+ the same.
+ [3760f44d81d4]
+
+ * plugins/sudoers/regress/testsudoers/test3.sh:
+ Use the same pattern of redefining TESTDIR as test10.sh. Adapted
+ from a diff from Tim Rice.
+ [378590625bfd]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ Rename sa_len -> sa_size to avoid a conflict on UnixWare and others.
+ On some systems, sa_len is a #define for 4.4BSD compatibility.
+ [a369d15175dd]
+
+ * plugins/sudoers/pwutil.c:
+ Include strings.h for strcasecmp(3). From Tim Rice
+ [27be3ee47426]
+
+ * lib/util/getentropy.c:
+ Add missing #ifdef HAVE_CLOCK_GETTIME in getentropy_fallback() From
+ Tim Rice
+ [4bdcf1048196]
+
+ * plugins/sudoers/Makefile.in:
+ Regen for check_exptilde.o
+ [b3e2a87b5144]
+
+ * lib/util/Makefile.in, scripts/mkdep.pl:
+ Add missing dependency info for cfmakeraw.lo in lib/util/Makefile.in
+ From Tim Rice
+ [18d953844745]
+
+ * plugins/sudoers/auth/pam.c:
+ Be consistent and use __hpux not __hpux__ like the rest of sudo.
+ [dd5ef59dc980]
+
+ * lib/logsrv/protobuf-c.c:
+ Replace "static inline" with "static __inline" for older compilers.
+ [a09412277d0f]
+
+ * MANIFEST, include/log_server.pb-c.h, lib/logsrv/Makefile.in,
+ lib/logsrv/log_server.pb-c.c, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/sudoers/iolog_client.c, scripts/unanon:
+ Post-process protoc-c files to avoid depending on anonymous unions.
+ Based on a patch from Michael Osipov. GitHub issue #60
+ [13ab1ec22477]
+
+ * src/preload.c:
+ Add sudoers_audit to sudo_sudoers_plugin_symbols[] array. Fixes
+ loading of sudoers_audit when configured with --enable-static-
+ sudoers. GitHub issue #61
+ [f0bd4b5cd7b3]
+
+2020-09-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Fix copy and paste error; Coverity CID 214191
+ [49044d66dffc]
+
+ * plugins/sudoers/visudo.c:
+ Fix memory leak on error found by the clang 10.01 analyzer.
+ [12de4dd014eb]
+
+ * src/limits.c:
+ Use correct size for curlim and maxlim.
+ [1fc6aea5ece0]
+
+ * configure, configure.ac, doc/Makefile.in:
+ Only install man pages for logsrvd and python plugin if we build
+ them. GitHub issue #58
+ [e92799dd4886]
+
+ * Makefile.in, configure, configure.ac, doc/Makefile.in:
+ Remove obsolete mansrcdir variable, add _SRC suffix to LOGSRV and
+ LOGSRVD
+ [aa9c0f8cb227]
+
+2020-09-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/eventlog.c, plugins/sudoers/logging.c:
+ If the command was run in a chroot, add it to the log.
+ [0cda78f7ed40]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test12.out.ok,
+ plugins/sudoers/regress/testsudoers/test12.sh:
+ Add test of multiple syntax errors. Where possible, the portion of
+ the line before the error should be still be interpreted.
+ [3af61a54586f]
+
+ * logsrvd/eventlog.c, logsrvd/iolog_writer.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Log the runcwd not submitcwd in the sudo-style log file. The log
+ entry should reflect the working directory the command actually ran
+ in.
+ [a477dee74683]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Fix error recovery in a privilege after a ':' separator.
+ [02c4b5872a38]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Initialize runchroot and runcwd in init_options()
+ [13bebf71955d]
+
+ * MANIFEST:
+ Fix path to check_exptilde.c
+ [7dc831cbd59d]
+
+ * include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h,
+ lib/logsrv/protobuf-c.c:
+ Update to protobuf-c 1.3.3
+ [22a88bccb611]
+
+2020-09-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h:
+ Regenerate the parser with "bison -y" for verbose syntax error
+ messages.
+ [e1530c5b8960]
+
+ * NEWS:
+ Add chroot/chdir changes.
+ [9367855da7d1]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in:
+ Support "*" for CWD/CHROOT to allow user to specify cwd or chroot.
+ Adds two new command line options, -D (--chdir) and -R (--chroot)
+ that can only be used when sudoers sets runcwd or runchroot to "*".
+ [afeb73867b66]
+
+ * MANIFEST, lib/util/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/exptilde.c,
+ plugins/sudoers/regress/exptilde/check_exptilde.c:
+ Unit test for exptilde
+ [f0d7b0031fea]
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/sudoers/test24.in,
+ plugins/sudoers/regress/sudoers/test24.json.ok,
+ plugins/sudoers/regress/sudoers/test24.ldif.ok,
+ plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test24.out.ok,
+ plugins/sudoers/regress/sudoers/test24.sudo.ok,
+ plugins/sudoers/regress/sudoers/test24.toke.ok:
+ Add support for runchroot and runcwd to "sudo -l" and cvtsudoers.
+ [9f5ecd22d822]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_json.c, lib/iolog/iolog_util.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
+ Read/write runchroot and runcwd entries in the JSON event log.
+ [3edb8305abe9]
+
+ * MANIFEST, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/exptilde.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/sudoers/test1.toke.ok,
+ plugins/sudoers/regress/sudoers/test11.toke.ok,
+ plugins/sudoers/regress/sudoers/test12.toke.ok,
+ plugins/sudoers/regress/sudoers/test13.toke.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok,
+ plugins/sudoers/regress/sudoers/test15.toke.ok,
+ plugins/sudoers/regress/sudoers/test16.toke.ok,
+ plugins/sudoers/regress/sudoers/test17.toke.ok,
+ plugins/sudoers/regress/sudoers/test18.toke.ok,
+ plugins/sudoers/regress/sudoers/test19.toke.ok,
+ plugins/sudoers/regress/sudoers/test22.toke.ok,
+ plugins/sudoers/regress/sudoers/test3.toke.ok,
+ plugins/sudoers/regress/sudoers/test4.toke.ok,
+ plugins/sudoers/regress/sudoers/test6.toke.ok,
+ plugins/sudoers/regress/sudoers/test8.toke.ok,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add CHROOT and CWD sudoers options. Also matching runchroot and
+ runcwd Defaults settings.
+ [2f0aca92c360]
+
+2020-08-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
+ e_approval_plugin_and_arguments.stdout, src/exec.c, src/limits.c,
+ src/sudo.c, src/sudo.h:
+ Pass resource limits values to the plugin in user_info[] Sudo resets
+ the resource limits early in its execution so the plugin cannot tell
+ what the original limits were itself.
+ [64957c5875f3]
+
+ * doc/Makefile.in, doc/sudo_logsrvd.man.in,
+ doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
+ lib/logsrv/Makefile.in, lib/util/cfmakeraw.c, lib/util/fchmodat.c,
+ lib/util/fstatat.c, lib/util/getdelim.c, lib/util/getusershell.c,
+ lib/util/openat.c, lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/strsig/strsig_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c,
+ lib/util/strtoid.c, lib/util/strtonum.c, lib/util/term.c,
+ lib/util/unlinkat.c, logsrvd/Makefile.in, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
+ plugins/python/Makefile.in, plugins/python/pyhelpers.c,
+ plugins/python/pyhelpers.h, plugins/python/python_baseplugin.c,
+ plugins/python/python_convmessage.c,
+ plugins/python/python_importblocker.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/python_plugin_approval.c,
+ plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_group.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c,
+ plugins/python/sudo_python_debug.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/starttime.c,
+ plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/limits.c, src/ttyname.c:
+ Update copyright year on some files where it was out of date.
+ [2086262cd012]
+
+2020-08-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in,
+ doc/visudo.mdoc.in:
+ Refer to "syntax error" instead of "parse error". This is the term
+ the parser uses when there is an actual error.
+ [7134b6869432]
+
+ * plugins/sudoers/visudo.c:
+ Remove superfluous "parse error in sudoers near line N" message. The
+ sudoers parser now produces better syntax error messages so we don't
+ need visudo to print its own.
+ [9c32131fb6ac]
+
+ * plugins/sudoers/visudo.c:
+ Don't override errorfile and errorlineno set by check_aliases(). Now
+ that alias parsing stores the file and line number, visudo can use
+ that information to go to the line with an error when re-editing.
+ [896d1f73ca02]
+
+2020-08-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, lib/util/sig2str.c,
+ lib/util/str2sig.c:
+ Use sigabbrev_np(3) to access signal abbreviations if supported.
+ glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3)
+ instead.
+ [e30482f26924]
+
+2020-08-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Briefly describe how to restore historical parse error behavior.
+ [1ede927d99b3]
+
+ * NEWS, doc/UPGRADE:
+ Mention eof-of-line terminator and plugin argument changes.
+ [96cd7a3477fa]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, src/load_plugins.c:
+ Fix sudoers_policy plugin options when sudoers_audit is not listed.
+ As of sudo 1.9.1 the sudoers file is opened by the audit plugin, not
+ the policy plugin. As a result, plugin options set for
+ sudoers_policy have no effect. If sudoers_policy has plugin options
+ in sudo.conf and sudoers_audit is not listed, move the options to
+ sudoers_audit so they will have an effect.
+ [839a9a9c0cc3]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/file.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ sudoers error recovery can be configured via an "error_recovery"
+ setting. This setting is an argument to the sudoers plugin, similar
+ to how sudoers_file, sudoers_mode, sudoers_uid, etc. are
+ implemented. The default value is true.
+ [86f7059f9e45]
+
+ * plugins/sudoers/regress/testsudoers/test11.sh:
+ Make this test pass with bison's verbose error messages.
+ [a2a8e4ca3f63]
+
+2020-08-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Recover from a syntax error after the ':' in a privilege spec. For
+ compound privilege specs, don't throw away the entire thing if we
+ have a syntax error, only the part after the error is encountered.
+ [d6ef4e6ca624]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/sudoers/test5.toke.ok:
+ Add explicit end-of-line matching in the parser for better error
+ messages. A valid line in sudoers must end in a newline or EOF.
+ Previously, it was possible (though not documented) to have multiple
+ user specs on a single line. Now, each must be on its own line.
+ [9f513e9b10ee]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Add NOMATCH token and use it in the lexer for an unmatched pattern.
+ The ERROR token is now only used for errors detected by the lexer
+ and for which we've already printed an error. This lets us remove
+ the hack in sudoerserror() and just check last_token to determine
+ whether or not to display the error.
+ [0ca11ad5b7f3]
+
+2020-08-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Enable error recovery for syntax erorrs that don't end with a
+ newline. A syntax error on the last line of a sudoers file with no
+ trailing newline is now recoverable.
+ [020f76d7f369]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/testsudoers/test11.out.ok:
+ Add error recovery for unexpected tokens after include/includedir.
+ [1aedd819916d]
+
+ * NEWS:
+ Sudo 1.9.3 changes so far.
+ [bc6c6321a065]
+
+ * configure, configure.ac:
+ sudo 1.9.3
+ [432950d9f778]
+
+2020-08-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/pp:
+ Format the macOS minor version number with two digits. This way we
+ get consistent 4-digit version numbers even for macOS verions like
+ 10.3 or 11.0 where the minor number is a single digit. For example.
+ 10.3 will be formatted as 1003 and 11.0 will be 1100.
+ [7f48e10be9ae]
+
+2020-08-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/infback.c, lib/zlib/inflate.c:
+ Add missing ZFALLTHROUGH and use spaces not tabs.
+ [4b1c71cfb8a9]
+
+ * scripts/pp:
+ Fix probe for macOS Big Sur "sw_vers -productName" now returns
+ "macOS", not "Mac OS X"
+ [4caad8ca5b0c]
+
+2020-08-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/pyhelpers.c, plugins/python/python_plugin_common.h,
+ plugins/python/sudo_python_module.c, src/parse_args.c,
+ src/selinux.c:
+ Fix some warnings from pvs-studio
+ [fa83bb619209]
+
+ * Makefile.in, lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
+ lib/util/aix.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c,
+ logsrvd/sendlog.c, plugins/audit_json/audit_json.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/copy_file.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
+ src/exec_nopty.c, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/selinux.c, src/sesh.c, src/solaris.c,
+ src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
+ Fix some warnings from pvs-studio
+ [164a51c446da]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sssd.c:
+ Use angle quotes when including gram.h and def_data.c. Otherwise, we
+ can include the wrong file when doing an out-of-source build when
+ configured using --with-devel.
+ [105e52a86e22]
+
+ * lib/util/fatal.c, lib/util/regress/fnmatch/fnm_test.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/parse_args.c:
+ Move inclusion of compat headers up with the system headers. Now
+ that sudo_dso_public is defined in config.h we don't need
+ sudo_compat.h before including the compat headers.
+ [da2103ee7ba8]
+
+ * config.h.in, configure.ac, include/compat/fnmatch.h,
+ include/compat/getaddrinfo.h, include/compat/getopt.h,
+ include/compat/glob.h, include/compat/sha2.h, include/sudo_compat.h,
+ include/sudo_conf.h, include/sudo_debug.h, include/sudo_digest.h,
+ include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h,
+ include/sudo_json.h, include/sudo_lbuf.h, include/sudo_rand.h,
+ include/sudo_util.h, lib/iolog/regress/host_port/host_port_test.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_util/check_iolog_util.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsig/strsig_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/term.c,
+ logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/audit_json/audit_json.c, plugins/group_file/group_file.c,
+ plugins/group_file/plugin_test.c,
+ plugins/python/python_plugin_approval.c,
+ plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_group.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c,
+ plugins/sample/sample_plugin.c,
+ plugins/sample_approval/sample_approval.c, plugins/sudoers/audit.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/visudo.c, plugins/system_group/system_group.c,
+ src/env_hooks.c, src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.c,
+ src/sudo_noexec.c:
+ Rename __dso_public -> sudo_dso_public and move to config.h.
+ [12550ec04e3a]
+
+ * lib/iolog/host_port.c, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_json.c, lib/iolog/iolog_path.c,
+ lib/iolog/iolog_util.c, lib/util/ttyname_dev.c, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
+ plugins/audit_json/audit_json.c, plugins/sample/sample_plugin.c,
+ plugins/sample_approval/sample_approval.c, plugins/sudoers/locale.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ src/net_ifs.c, src/sesh.c, src/sudo.h:
+ We no longer need to include sudo_gettext.h before sudo_compat.h
+ [660770ab7e7b]
+
+ * .gitignore, .hgignore:
+ Add *.map to the ignore file.
+ [e96b46d418db]
+
+2020-08-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/uncrustify.cfg:
+ Update to uncrustify 0.71.0
+ [dabd7b24c0d9]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Mention visudo in sudo(8) and document sudoers error recovery.
+ [44acd34811fb]
+
+2020-08-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/freezero.c,
+ lib/util/getentropy.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ scripts/mkdep.pl, src/conversation.c:
+ Use OpenBSD-compatible freezero() in place of explicit_bzero() +
+ free()
+ [af0a9ed1e259]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_compat.h, include/sudo_plugin.h, lib/util/Makefile.in,
+ lib/util/arc4random.c, lib/util/explicit_bzero.c,
+ lib/util/getentropy.c, lib/util/memset_s.c, lib/util/sha2.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, scripts/mkdep.pl,
+ src/conversation.c:
+ Switch from memset_s() -> explicit_bzero(). memset_s() (and all of
+ Annex K) is likely to be removed from the a future version of the
+ standard.
+ [c0f81ef1ee3c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' This
+ results in better error messages when there is a parse error
+ [7ba896f285a9]
+
+ * plugins/sudoers/mkdefaults:
+ Some minor cleanup. Use ntuples instead of tuple_last Strip leading
+ and trailing double quotes using a single gsub() ntuples will never
+ be zero so don't bother checking No need to explicitly close files
+ in END
+ [b841147900df]
+
+2020-08-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/event.c, plugins/sudoers/cvtsudoers_pwutil.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, src/selinux.c:
+ Quiet some clang 10 analyzer warnings.
+ [4147311f6278]
+
+ * logsrvd/sendlog.c:
+ Refactor freeing of InfoMessage list into free_info_messages(). Also
+ fixes a false positive from the clang analyzer.
+ [25a6f0035a33]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/regress/testsudoers/test11.sh:
+ Require that a @include line end with a newline or EOF. We now parse
+ the entire line before reading the include file. This is less
+ surprising behavior and results in better error messages.
+ [ad6a2c991db6]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/regress/sudoers/test10.out.ok,
+ plugins/sudoers/regress/sudoers/test11.out.ok,
+ plugins/sudoers/regress/sudoers/test12.out.ok,
+ plugins/sudoers/regress/sudoers/test13.out.ok,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test15.out.ok,
+ plugins/sudoers/regress/sudoers/test16.out.ok,
+ plugins/sudoers/regress/sudoers/test17.out.ok,
+ plugins/sudoers/regress/sudoers/test18.out.ok,
+ plugins/sudoers/regress/sudoers/test18.toke.ok,
+ plugins/sudoers/regress/sudoers/test19.out.ok,
+ plugins/sudoers/regress/sudoers/test2.out.ok,
+ plugins/sudoers/regress/sudoers/test20.out.ok,
+ plugins/sudoers/regress/sudoers/test21.out.ok,
+ plugins/sudoers/regress/sudoers/test22.out.ok,
+ plugins/sudoers/regress/sudoers/test23.out.ok,
+ plugins/sudoers/regress/sudoers/test3.out.ok,
+ plugins/sudoers/regress/sudoers/test4.out.ok,
+ plugins/sudoers/regress/sudoers/test4.toke.ok,
+ plugins/sudoers/regress/sudoers/test5.out.ok,
+ plugins/sudoers/regress/sudoers/test5.toke.ok,
+ plugins/sudoers/regress/sudoers/test6.out.ok,
+ plugins/sudoers/regress/sudoers/test7.out.ok,
+ plugins/sudoers/regress/sudoers/test7.toke.ok,
+ plugins/sudoers/regress/sudoers/test8.out.ok,
+ plugins/sudoers/regress/sudoers/test8.toke.ok,
+ plugins/sudoers/regress/sudoers/test9.out.ok,
+ plugins/sudoers/regress/testsudoers/test1.out.ok,
+ plugins/sudoers/regress/testsudoers/test10.out.ok,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/regress/testsudoers/test2.out.ok,
+ plugins/sudoers/regress/testsudoers/test3.out.ok,
+ plugins/sudoers/regress/testsudoers/test4.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test6.out.ok,
+ plugins/sudoers/regress/testsudoers/test7.out.ok,
+ plugins/sudoers/regress/testsudoers/test8.out.ok,
+ plugins/sudoers/regress/testsudoers/test9.out.ok,
+ plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/regress/visudo/test8.err.ok,
+ plugins/sudoers/regress/visudo/test8.sh,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
+ Display more specific parser error messages when possible.
+ [91dd5d67bb83]
+
+ * plugins/sudoers/file.c:
+ Let the sudoers parser recover after a parse error. We currently
+ just discard the line with the error.
+ [712537665215]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Keep track of the position of the current token for error messages.
+ [a5f6bd38267e]
+
+2020-08-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [28026a042255]
+
+ * plugins/sample_approval/sample_approval.exp:
+ Sync sample_approval.exp with sample_approval.c
+ [e810da8a6772]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Store the current line in our own buffer for better error messages.
+ [33b2042e0028]
+
+2020-08-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, etc/sudo.pp, scripts/mkpkg:
+ Fix libssl dependency on Debian-based systems. Older systems may
+ still have libssl1.0.0, not libssl1.1.
+ [0de802ec595a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add workaround for yyless() not resetting yy_at_bol.
+ [5defcd893f6a]
+
+2020-08-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Always use a linker script to hide symbols if it is supported. We
+ use this even if the compiler has symbol visibility support so we
+ will notice mismatches between the exports file and __dso_public
+ annotations in the source code.
+ [1679ac3124b1]
+
+ * MANIFEST, configure, configure.ac, plugins/python/python_plugin.exp,
+ plugins/python/python_plugin.exp.in:
+ Rename python_plugin.exp.in -> python_plugin.exp There is nothing
+ dynamic in this file.
+ [f34cc08c026c]
+
+ * MANIFEST, configure, configure.ac,
+ plugins/python/python_plugin.exp.in,
+ plugins/python/python_plugin_approval_multi.inc,
+ plugins/python/python_plugin_audit_multi.inc:
+ Add missing python_plugin.exp.in file and remove unneeded
+ __dso_public This fixes building the python plugin on systems where
+ the compiler doesn't support symbol hiding (but wherethe linker
+ does).
+ [e0305faf8282]
+
+2020-08-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/mkdefaults:
+ Use "foo in bar" syntax for testing existence of a key.
+ [0807ae0db0a7]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/toke.c:
+ Replace /*FALLTHROUGH*/ in generated code.
+ [a7590ec10b16]
+
+2020-08-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/infback.c, lib/zlib/inflate.c, lib/zlib/zconf.h.in:
+ Add ZFALLTHROUGH macro to use instead of /* FALLTHROUGH */ comments.
+ [92ec8a466095]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/arc4random_buf.c, lib/util/glob.c, lib/util/snprintf.c,
+ lib/util/strtonum.c, logsrvd/sendlog.c, plugins/python/pyhelpers.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/check.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse_ldif.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/conversation.c, src/exec_monitor.c,
+ src/exec_pty.c, src/parse_args.c, src/regress/noexec/check_noexec.c,
+ src/tgetpass.c:
+ Use the fallthrough attribute instead of /* FALLTHROUGH */ comments.
+ [ce33e87ddfd6]
+
+2020-07-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
+ Rewrite mkdefaults in awk.
+ [f069ca4eae59]
+
+2020-07-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/CONTRIBUTORS:
+ Update translators.
+ [5252e2d1a61a]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in, src/copy_file.c:
+ Prompt user before truncating a file to zero bytes. Bug #922.
+ [8bfaa57d5bd4]
+
+2020-07-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_2 for changeset a411d532a5f4
+ [84e81d1fe48f] <1.9>
+
+ * merge sudo 1.9.2 from tip
+ [a411d532a5f4] [SUDO_1_9_2] <1.9>
+
+2020-07-21 kuberlog <collinalexbell@gmail.com>
+
+ * config.h.in, configure.ac:
+ configure.ac: fix documentation about lecture
+ [382c2809eda1]
+
+2020-07-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/ja.mo,
+ po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo,
+ po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/ro.mo, po/ro.po, po/tr.mo,
+ po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo,
+ po/zh_TW.po:
+ Updated translations from translationproject.org
+ [74fbf2ca39e1]
+
+2020-07-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Handle openssl where there is no separate libcrypto pkgconfig file.
+ In this case, just use the full openssl libs to get the sha2
+ functions.
+ [f724510bb416]
+
+ * INSTALL, configure, configure.ac:
+ Ignore --enable-gcrypt if --enable-openssl is also specified.
+ [39d493d7e549]
+
+2020-07-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.2
+ [9af764b239c2]
+
+ * config.h.in, configure, configure.ac:
+ Fix some warnings displayed by autoconf 2.69b This fixes the missing
+ HAVE_GSSAPI_GSSAPI_H define in config.h.in. TODO: replace
+ shadow_funcs variable in function checks with literals
+ [9d8f67e1f8fe]
+
+2020-07-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/audit.c:
+ Initialize sudo_conv and sudo_printf in sudoers_audit_open(). We
+ will need them if there is an error parsing sudoers and leaving them
+ unset can result in NULL deref. Also set the text domain to
+ "sudoers" like we do for the policy and I/O logging open functions.
+ Bug #934.
+ [e88919ff4900]
+
+2020-07-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, po/it.mo,
+ po/it.po, po/ko.mo, po/ko.po, po/ro.mo, po/ro.po:
+ Updated translations from translationproject.org
+ [2488a1479208]
+
+2020-07-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.exp:
+ Export sudoers_audit symbol for compilers without symbol visibility.
+ [081f6729cb38]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document the contents of the log.json file.
+ [b1ea749fffc2]
+
+ * lib/iolog/iolog_fileio.c:
+ Fix typo, runas_uid should be runas_gid.
+ [7b2c0fd84a60]
+
+ * examples/sudo.conf.in:
+ Add sudoers_audit line for completeness, matching the documentation.
+ When sudoers is loaded as a policy plugin, it will be loaded
+ automatically as an audit plugin. Listing it explicitly in the
+ default sudo.conf file helps bring attention to the fact that
+ sudoers now supports the audit plugin type.
+ [7145a02ed280]
+
+ * plugins/sudoers/defaults.c:
+ Add some debugging statements around Defaults lookup.
+ [b95e2a9b6555]
+
+ * plugins/sudoers/sudoers.in:
+ Replace #includedir with @includedir in default sudoers file.
+ [d18945ec728e]
+
+2020-06-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, m4/libtool.m4:
+ Allow HP-UX share libs and modules to link against static libs.
+ hppa64 and ia64 use PIC by default
+ [0553c60b922a]
+
+2020-06-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Use pkg-config to find the openssl cflags and libs if possible. We
+ support linking against static openssl libs too.
+ [55442f4fea5e]
+
+2020-06-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/pp:
+ Fix parsing of /etc/redhat-release on RHEL 8. RedHat dropped the
+ word "server" from the release name in redhat-release which results
+ in the awk script printing the wrong field. Instead of using awk,
+ just use sed to pull out the version number immediately following
+ the word "release".
+ [a283acb4622a]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen without `scare quotes'
+ [31f021892137]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
+ src/parse_args.c, src/sudo.c:
+ Replace or remove use of `scare quotes' These don't translate well
+ and look odd in many fonts.
+ [3c7fa8f93543]
+
+2020-06-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/zlib/infback.c, lib/zlib/inflate.c:
+ Add FALLTHROUGH comments to quiet -Wimplicit-fallthrough
+ [f724957b7cae]
+
+ * src/solaris.c:
+ Fix implicit fallthrough warning and add break to default cases.
+ [74d8c68eb160]
+
+ * configure, configure.ac, m4/ax_func_snprintf.m4, m4/sudo.m4:
+ Fix some warnings from configure test programs.
+ [6cff0cdb066a]
+
+ * configure, configure.ac:
+ Add -Wimplicit-fallthrough to --enable-warnings if available. Note
+ that clang 10 has support for -Wimplicit-fallthrough in C code but
+ doesn't recognize lint-style FALLTHROUGH comments like gcc does so
+ we can't use it.
+ [cf70a1ab3ea9]
+
+ * configure, configure.ac:
+ Drop old test for -lcposix for ISC Unix.
+ [1bfd474c8819]
+
+2020-06-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * README:
+ Mention sudo-blog announce list.
+ [526dc0cc1e83]
+
+ * NEWS:
+ Bugs #860 and #917 were fixed in 1.9.0.
+ [51a347785dbf]
+
+2020-06-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_1 for changeset 06b47089122a
+ [94c1c10ddbbd] <1.9>
+
+ * merge sudo 1.9.1 from tip
+ [06b47089122a] [SUDO_1_9_1] <1.9>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen to fix a typo
+ [9755e76fcd8b]
+
+ * MANIFEST, lib/iolog/Makefile.in,
+ lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c:
+ Add regress test to catch swapids() bug when called by
+ iolog_mkdtemp()
+ [deff1dc2f144]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, po/ro.mo,
+ po/ro.po:
+ Updated translations from translationproject.org
+ [9007c89029ea]
+
+2020-06-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ Document the order in which the plugin open/close functions are
+ called.
+ [48ec66882e1a]
+
+ * NEWS, lib/iolog/iolog_fileio.c:
+ Fix a typo that prevented swapids() from restoring the original gid.
+ This led to a regression when the iolog_file setting ends in six or
+ more X's or when the I/O logs are stored on NFS.
+ [522d8ec470cb]
+
+2020-06-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_monitor.c, src/exec_pty.c, src/get_pty.c, src/sudo.h,
+ src/sudo_exec.h:
+ Replace master/slave in code with leader/follower.
+ [230f5343d961]
+
+ * NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudoers,
+ plugins/sudoers/regress/cvtsudoers/sudoers,
+ plugins/sudoers/regress/cvtsudoers/sudoers.defs,
+ plugins/sudoers/regress/cvtsudoers/test13.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test19.out.ok,
+ plugins/sudoers/regress/visudo/test6.sh:
+ Replace terms master and blacklist in docs and examples.
+ [2908ac6c0fe0]
+
+ * NEWS:
+ Bug #929
+ [c1f5a01d1af6]
+
+2020-06-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_edit.c:
+ Clean up temporary sudoedit files on success; Bug #929 This is a
+ regression introduced in sudo 1.9.0.
+ [2bc4822b7382]
+
+2020-06-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ New Romanian translation
+ [fd753dfa0a84]
+
+2020-06-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
+ po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/pl.mo,
+ po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo,
+ po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
+ po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [570aacc81015]
+
+ * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ro.mo,
+ plugins/sudoers/po/ro.po, po/ro.mo, po/ro.po:
+ Romanian translation from translationproject.org.
+ [1e277907378e]
+
+ * NEWS:
+ Add missing entry for the LDAP/SSSD sudoHost regression. Also add
+ new Romanian translation
+ [624eb5e8e612]
+
+2020-06-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Fix a typo in the audit string when "sudo -E" is not allowed.
+ [85bcb3b1f7d8]
+
+2020-06-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/regress/testhelpers.c:
+ Check asprintf() return value.
+ [456bb2d7c37f]
+
+ * scripts/mkpkg:
+ Prefer the python3 in /usr/bin on Solaris. The /opt/csw version, if
+ it exists, may be a 32-bit version which we can't link with. Also
+ handle the case where the /usr/bin/python3 link is missing.
+ [2ed7715e6b2e]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Declare getdelim(3) if it exists in libc but is not prototyped in
+ stdio.h. This can happen on systems with a gcc packages that was
+ built on and older versions of the OS where getdelim(3) was not
+ present.
+ [e78803280641]
+
+ * aclocal.m4, configure, configure.ac:
+ For python3-config, only use -I and -L/-l from --cflags and
+ --ldflags output. Otherwise we may get other flags used to build
+ python that conflict with what sudo uses.
+ [7a8d3c5fd2ae]
+
+ * scripts/mkpkg:
+ Build 64-bit binaries and the python package on Solaris 11 and
+ above. No longer prefer the Solaris Studio C compiler over gcc, it
+ causes issues with the Python plugin.
+ [a92f9641bd07]
+
+ * logsrvd/sendlog.c:
+ Fix memory leak on error in fmt_info_messages().
+ [511ac9ba6819]
+
+ * NEWS:
+ Update for 1.9.1b1
+ [562b0add8e04]
+
+2020-06-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen for sudo 1.9.1
+ [8960aceb2519]
+
+2020-06-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Add basic support for reject and error audit events to sudoers. This
+ is only used when logging events from plugins other than sudoers,
+ such as an approval plugin. With this change, if an approval plugin
+ rejects the command the denial will be logged in the sudoers log
+ file using the message from the approval plugin.
+ [c7abc39b0e37]
+
+ * plugins/sudoers/bsm_audit.c, plugins/sudoers/solaris_audit.c,
+ scripts/mkpkg:
+ Fix Solaris and BSM audit warnings. Use BSM audit on Illumos, which
+ lacks Solaris audit.
+ [3844e8a24f59]
+
+ * plugins/sudoers/policy.c:
+ Track whether the session was opened in sudoers. In
+ sudoers_policy_close() only warn about being unable to run the
+ command if we actually opened the session (and thus passed all
+ approval plugins).
+ [f99b434d121b]
+
+ * src/sudo.c:
+ Only display an error in the built-in policy close if command is
+ set. If a policy or approval plugin denies the command,
+ command_details will not have been filled out.
+ [245024004df2]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sssd.c:
+ Avoid passing NULL to printf in match debug code for LDAP/SSSD. The
+ file name in struct userspec was not set for the LDAP and SSSD
+ backends. There is no actual file in this case so set the name to
+ LDAP/SSSD. Also add a guard to make sure we don't try to print NULL
+ in sudoers_lookup_check() if name is left unset.
+ [240efcda496e]
+
+2020-06-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h:
+ Add missing const to linux_audit_command()'s argv function argument.
+ [cb219f1ccb6e]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ When converting LDAP to sudoers, ignore entries with no sudoHost
+ attribute. Otherwise, sudo_ldap_role_to_priv() will treat a NULL
+ host list as as the "ALL" wildcard. This regression was introduced
+ in sudo 1.8.23, which was the first version to convert LDAP sudoRole
+ objects to sudoers internal data structures. Thanks to Andreas
+ Mueller for reporting and debugging this problem.
+ [484d0d3b892e]
+
+2020-06-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, src/load_plugins.c:
+ Load the sudoers module as an audit plugin if loaded as a policy
+ plugin. Now that logging of successful commands is performed by
+ sudoers as an audit plugin we need to load sudoers_audit if
+ sudoers_policy is also loaded. Otherwise, accpted commands will not
+ be logged.
+ [f20bee20f4c7]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/policy.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/solaris_audit.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Defer logging of the successful command until approval plugins have
+ run. This adds audit plugin support to the sudoers module, currently
+ only used for accept events. As a result, the sudoers file is now
+ initially parsed as an audit plugin.
+ [552c13bd0287]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
+ include/sudo_plugin.h, plugins/audit_json/audit_json.c,
+ plugins/python/sudo_python_module.c, src/sudo.c:
+ Add support for "accept" audit events sent by the sudo front-end.
+ With this change, the sudo front-end will send an "accept" audit
+ event to the audit plugins after all the I/O logging plugins have
+ been initialized. This can be used by an audit plugin that does not
+ care about the result of the individual policy and approval plugins
+ and only wants to receive a single "accept" event if all policy and
+ approval plugins have succeeded. The plugin_type argument for events
+ sent by the front-end is SUDO_FRONT_END (0).
+ [6b3cb94fedb9]
+
+ * src/exec_pty.c:
+ If event loop fails due to ENXIO, remove /dev/tty events and
+ recover. This fixes an issue on Solaris 11.4 (and probably others)
+ with "sudo reboot" when I/O logging is enabled. Previously, sudo
+ would kill the command if it was still running after the event loop
+ terminated, leaving the system in a half-dead state.
+ [e12e3040b067]
+
+2020-06-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Don't try to suspend sudo if the user's tty has gone away. Fixes a
+ problem on Solaris 11.4 (and possibly others) where sudo continually
+ tries to put itself in the background after the user's terminal has
+ been revoked.
+ [92f172b46b9c]
+
+ * src/exec_pty.c:
+ Back out WIP code that was mistakenly committed.
+ [41f57239b2c4]
+
+ * scripts/mkpkg:
+ Don't enable BSM audit on Solaris 10, it is missing AUE_sudo
+ [3b32087b1ed3]
+
+ * src/exec_pty.c, src/get_pty.c:
+ On Solaris 11.4 the openpty(3) prototype lives in termios.h.
+ [d6e353e8b9df]
+
+ * plugins/sudoers/solaris_audit.c:
+ Add missing stdlib.h include and fix solaris_audit_failure() error
+ return.
+ [5748d8fd24c4]
+
+ * scripts/mkpkg:
+ Use Solaris audit for Solaris 11, not BSM audit. BSM audit is no
+ longer supported in Solaris 11.4.
+ [01f2189f439d]
+
+2020-05-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec.c:
+ Check audit plugins for a close function too before execing command
+ directly. We cannot exec the command directly if any of the policy
+ or audit plugins use a close function.
+ [5aa6db56ce32]
+
+2020-05-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention Bug #927.
+ [0fd9e757d80b]
+
+2020-05-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, m4/sudo.m4:
+ Add basic support for --runstatedir If the user specifies
+ --runstatedir but not --with-rundir, use runstatdir as the parent
+ directory of the sudo rundir.
+
+ In the future we may deprecate --with-rundir in favor of
+ --runstatedir but that will require changes for systems with no
+ /var/run directory.
+ [14879831fe6e]
+
+ * MANIFEST, NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y,
+ plugins/sudoers/regress/testsudoers/test10.out.ok,
+ plugins/sudoers/regress/testsudoers/test10.sh,
+ plugins/sudoers/regress/testsudoers/test11.out.ok,
+ plugins/sudoers/regress/testsudoers/test11.sh,
+ plugins/sudoers/regress/testsudoers/test2.out.ok,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.out.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/regress/testsudoers/test8.out.ok,
+ plugins/sudoers/regress/testsudoers/test8.sh,
+ plugins/sudoers/regress/testsudoers/test9.out.ok,
+ plugins/sudoers/regress/testsudoers/test9.sh,
+ plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Add support for @include and @includedir These are less confusing
+ than #include and #includedir when the hash character is also the
+ comment character.
+
+ This commit also adds real parsing of include directives as opposed
+ to the pure lexer approach used previously. As a result, it is now
+ possible to include files with spaces by either using a double-
+ quoted string or escaping the space characters with a backslash.
+ [c422a5c8ea5d]
+
+2020-05-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/iolog_fileio.c:
+ In iolog_openat() enable the write bit on pre-existing files if
+ needed. This prevents problems caused by the change to strip the
+ write bit from the timing file when it is finished.
+ [a6b0da3f7b94]
+
+ * plugins/sudoers/visudo.c:
+ In visudo check that an include file is regular file before using
+ it. Avoids a generic "input in flex scanner failed" error message.
+ [287d90d359a6]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix a memory leak on error when including a file or directory.
+ [02db03f7b565]
+
+2020-05-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.9.1
+ [57a1a5f05500]
+
+ * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ Add a follow option (-F) to support replaying a live session. By
+ default, sudoreplay will exit when it reaches the end of the timing
+ file. With the -F option, it will keep going until the timing file
+ is finished and its write bit is cleared.
+ [12ab27768cad]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c:
+ Add iolog_clearerr() that acts like clearerr(3). Works for both
+ compressed and uncompressed I/O logs.
+ [c83b88285c2c]
+
+ * plugins/sudoers/iolog.c:
+ Clear the write bit from the I/O log timing file when it is
+ complete. This matches the behavior of sudo_logsrvd.
+ [0bc8a012db26]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Use PACKAGE_VERSION instead of 0.1 as the client and server version.
+ [d1e3ac049cf7]
+
+ * lib/util/Makefile.in, lib/util/aix.c, lib/util/fatal.c,
+ lib/util/getusershell.c, lib/util/gidlist.c, lib/util/json.c,
+ lib/util/mkdir_parents.c, lib/util/strsignal.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c:
+ Set DEFAULT_TEXT_DOMAIN in lib/util's Makefile not individual .c
+ files. We no longer need to include sudo_gettext.h before
+ sudo_compat.h
+ [ead9b6a434b8]
+
+ * lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
+ lib/iolog/iolog_path.c, lib/iolog/iolog_util.c,
+ lib/iolog/regress/host_port/host_port_test.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_util/check_iolog_util.c,
+ lib/util/digest_gcrypt.c, lib/util/event.c, lib/util/event_select.c,
+ lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c,
+ lib/util/getdelim.c, lib/util/getgrouplist.c,
+ lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c,
+ lib/util/json.c, lib/util/key_val.c, lib/util/lbuf.c,
+ lib/util/locking.c, lib/util/mkdir_parents.c, lib/util/mktemp.c,
+ lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
+ lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c,
+ lib/util/str2sig.c, lib/util/strndup.c, lib/util/strtobool.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
+ lib/util/term.c, lib/util/ttyname_dev.c, lib/util/vsyslog.c,
+ plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/python/sudo_python_debug.c,
+ plugins/sample/sample_plugin.c,
+ plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gentime.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/match_digest.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
+ src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
+ src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
+ src/preserve_fds.c, src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/signal.c, src/sudo.c,
+ src/sudo_edit.c, src/sudo_noexec.c, src/tcsetpgrp_nobg.c,
+ src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Include string.h unconditionally and only use strings.h for
+ strn?casecmp() In the pre-POSIX days BSD had strings.h, not
+ string.h. Now strings.h is only used for non-ANSI string functions.
+ [f7f633de570a]
+
+ * lib/iolog/host_port.c, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_json.c, lib/iolog/iolog_path.c,
+ lib/iolog/iolog_util.c,
+ lib/iolog/regress/host_port/host_port_test.c,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_util/check_iolog_util.c, lib/util/aix.c,
+ lib/util/arc4random.c, lib/util/arc4random_buf.c,
+ lib/util/arc4random_uniform.c, lib/util/cfmakeraw.c,
+ lib/util/closefrom.c, lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/fatal.c, lib/util/fchmodat.c,
+ lib/util/fnmatch.c, lib/util/fstatat.c, lib/util/getaddrinfo.c,
+ lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getgrouplist.c,
+ lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c,
+ lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c,
+ lib/util/isblank.c, lib/util/json.c, lib/util/key_val.c,
+ lib/util/lbuf.c, lib/util/locking.c, lib/util/logfac.c,
+ lib/util/logpri.c, lib/util/memset_s.c, lib/util/mkdir_parents.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
+ lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c,
+ lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/mktemp/mktemp_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsig/strsig_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c,
+ lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c,
+ lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c,
+ lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
+ lib/util/strsignal.c, lib/util/strsplit.c, lib/util/strtobool.c,
+ lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
+ lib/util/term.c, lib/util/ttysize.c, lib/util/unlinkat.c,
+ lib/util/utimens.c, lib/util/uuid.c,
+ plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
+ plugins/python/regress/testhelpers.h,
+ plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c,
+ plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/base64.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
+ plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/match_digest.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/strlist.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c,
+ src/copy_file.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
+ src/exec_nopty.c, src/get_pty.c, src/hooks.c, src/limits.c,
+ src/load_plugins.c, src/openbsd.c, src/parse_args.c, src/preload.c,
+ src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c,
+ src/solaris.c, src/sudo_edit.c, src/tcsetpgrp_nobg.c,
+ src/tgetpass.c, src/utmp.c:
+ We no longer need to include headers we don't use for sudo*.h files.
+ Previously we needed to include headers required by the various
+ sudo*h files. Now those files are more self-sufficient and we should
+ only include headers needed by code in the various .c files.
+ [72cbeae218e7]
+
+ * include/sudo_compat.h, include/sudo_conf.h, include/sudo_debug.h,
+ include/sudo_iolog.h, include/sudo_json.h, include/sudo_util.h,
+ plugins/sudoers/sudoers.h:
+ Add dependent system includes to make sudo_*.h more standalone. In
+ the past we've relied on the various .c files to include the system
+ headers that define types that the sudo_*.h headers require. This is
+ fragile and can cause issues when includes get re-ordered.
+ [a9fb765c0fba]
+
+ * plugins/sudoers/env.c:
+ Fix typo in PERLIO_DEBUG (trailing whitespace). This has no effect
+ unless env_reset is disabled. From Allan Wirth
+ [bdf9c9e7f455]
+
+2020-05-17 Sebastian Rasmussen <sebras@gmail.com>
+
+ * plugins/sudoers/visudo.c:
+ Fix typo in warning message.
+ [01b8fab9fdf5]
+
+2020-05-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/mksiglist.h, lib/util/mksigname.h:
+ Prefer SIGSYS if SIGUNUSED is defined to the same value. Fixes a
+ regress failure on musl libc where SIGSYS and SIGUNUSED share the
+ same value.
+ [e030acf8a670]
+
+ * plugins/python/regress/testhelpers.h:
+ Add missing sys/wait.h include; fixes a compilation problem on musl
+ libc.
+ [9a6a09e74a14]
+
+ * lib/iolog/hostcheck.c:
+ Add missing sys/types.h include; fixes a compilation problem on musl
+ libc.
+ [7c8ea831203b]
+
+ * include/sudo_compat.h:
+ Only define WCONTINUED and WIFCONTINUED if neither are already
+ defined. Fixes a warning on musl libc where WIFCONTINUED is defined
+ in stdlib.h for some reason.
+ [9f55ae24b479]
+
+2020-05-16 Dan Robertson <dan@dlrobertson.com>
+
+ * include/sudo_debug.h:
+ Fix includes when building with musl
+
+ Include sys/types.h for mode_t and id_t in sudo_debug.h
+ [15abb56a1edf]
+
+2020-05-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Enable OpenSSL on RHEL 6 too. The version of OpenSSL in RHEL 6 is
+ new enough for the log server to use.
+ [853fd8a74207]
+
+ * logsrvd/logsrvd_conf.c:
+ Don't print errno for the "TLS not supported" message.
+ [c94540d3d632]
+
+2020-05-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, etc/sudo-python.pp:
+ Fix macOS bundle IDs for sudo-logsrvd and sudo-python packages
+ [a9f6aea56e40]
+
+2020-05-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/eventlog.c:
+ Add iolog_path to the JSON-format event log
+ [924d8836ead0]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Rename FLUSHED state to FINISHED This makes more sense when
+ receiving event-only logs.
+ [9e2736246e0d]
+
+2020-05-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Fix handling of connections without associated I/O logs. This fixes
+ reject events as well as accept events without the expect_iobufs
+ flag set.
+ [3ddb52ae0af4]
+
+ * logsrvd/sendlog.c:
+ Fix handling of accept and reject messages without an I/O log. Only
+ set expect_iobufs in AcceptMessage if sending I/O logs. Set state to
+ FINISHED immediately after sending a RejectMessage.
+ [767e75944d4f]
+
+ * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
+ logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Add -A and -R options to test logging of accept and reject events.
+ If -A is specified, no I/O will be sent, only the accept event. For
+ -R, a reject event with the specified reason is sent.
+ [90db0e6f9b68]
+
+ * configure, configure.ac:
+ cfmakeraw(3) is broken on AIX, don't use it there The cfmakeraw(3)
+ function exists but does not set VMIN to 1 or VTIME to 0 in c_cc[]
+ in struct termios, which makes it useless. The AIX version also
+ doesn't clear the CSIZE and PARENB flags from c_cflag.
+ [bbdcae2c5fb5]
+
+ * NEWS:
+ fix pastos
+ [cbf517081e74]
+
+2020-05-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgtags:
+ Added tag SUDO_1_9_0 for changeset 706d726a2f8e
+ [d1f2b4ee59d5] <1.9>
+
+ * MANIFEST, include/sudo_iolog.h, include/sudo_util.h,
+ lib/iolog/Makefile.in, lib/iolog/host_port.c,
+ lib/iolog/regress/host_port/host_port_test.c, lib/util/Makefile.in,
+ lib/util/host_port.c, lib/util/regress/host_port/host_port_test.c,
+ lib/util/util.exp.in, logsrvd/logsrvd_conf.c,
+ plugins/sudoers/iolog_client.c:
+ Rename sudo_parse_host_port -> iolog_parse_host_port and mv to
+ lib/iolog It is not used outside of the I/O log client and server
+ and the host:port syntax may change in the future.
+ [706d726a2f8e] [SUDO_1_9_0]
+
+ * plugins/sudoers/sudoreplay.c:
+ Remove duplicate inclusion of time.h
+ [f560858325d5]
+
+2020-05-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
+ plugins/sudoers/iolog_client.c:
+ Only enable TLS listener by default if we have a cert for it. We
+ want the log server to work with the default configuration. If the
+ default certificate path exists, it will be used with the default
+ listener. If the user explicitly enabled a TLS listener we always
+ attempt to use it. If TLS was specified but no cert file was set,
+ the default location will be used (and an error will occur if the
+ cert cannot be loaded).
+ [16ade34c38ee]
+
+2020-05-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen for 1.9.0 final
+ [99e507035253]
+
+ * logsrvd/Makefile.in:
+ regen
+ [555d817825b0]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
+ The --preserve-env=list option may be specified more than once.
+ [8066a9d1b04b]
+
+ * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Quiet some warnings from igor.
+ [4df4fd274023]
+
+ * MANIFEST, Makefile.in, etc/codespell.exclude, etc/codespell.ignore,
+ etc/codespell.skip:
+ Plumb in codespell with a "make spell" target.
+ [4b1de7ee8648]
+
+ * configure, configure.ac, install-sh:
+ Fix a few more typos.
+ [d22a8c46c743]
+
+2020-05-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
+ Don't allow duplicate values for command line options that take an
+ argument. Previously, if multiple instances of the same command line
+ option were specified, the last one would be used. This meant that,
+ for example, "sudo -u someuser -u otheruser id" would run the
+ command as "otheruser". This has the potential to cause problems for
+ programs that run sudo with a user-specified command that do not use
+ the "--" option to indicate that no more options should be
+ processed. While this is a bug in the calling program, there is
+ little downside to erroring out when multiple options of the same
+ type are specified on the command line. Bug #924
+ [66e2612e7672]
+
+ * NEWS:
+ Debian bug #734752
+ [d3285c45ac4b]
+
+ * src/sudo.c, src/sudo.h:
+ Look up runas user by name, not euid, where possible. Fixes a
+ problem when there are multiple users with the same user-ID where
+ the PAM session modules could be called with the wrong user name.
+ Debian bug #734752
+ [b45608f29a02]
+
+ * src/sesh.c:
+ Fix ironic typo in spelling fixes. Bug #925
+ [73de90df6ff9]
+
+ * scripts/pp:
+ Sync PolyPkg from upstream.
+ [ac5e4b830177]
+
+ * NEWS, TODO, config.h.in, configure.ac,
+ doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
+ etc/sudo.pp, include/compat/getaddrinfo.h, include/sudo_event.h,
+ include/sudo_util.h, lib/util/fnmatch.c, lib/util/getaddrinfo.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, logsrvd/logsrvd.c,
+ plugins/audit_json/audit_json.c,
+ plugins/python/example_debugging.py,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/testhelpers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/parse.h,
+ plugins/sudoers/pwutil.h,
+ plugins/sudoers/regress/cvtsudoers/test30.sh, scripts/mkdep.pl,
+ src/exec.c, src/exec_monitor.c, src/exec_pty.c, src/sesh.c:
+ Apply spelling fixes. Fixes from PR #30 (ka7) and Bug #925
+ (fossies.org codespell)
+ [1fb13dc3991b]
+
+2020-05-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, etc/sudo-python.pp:
+ Use the proper python version in the libpython dependency on Debian.
+ The configure script already detects the python version, we just
+ need to use it.
+ [4e49c53f206f]
+
+ * plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ja.mo,
+ po/ja.po, po/sv.mo, po/sv.po:
+ Updated translations from translationproject.org
+ [abdb2d6fe7cb]
+
+ * NEWS:
+ Bug #922 and Bug #923
+ [7a77f74c436f]
+
+2020-05-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo.pp:
+ Fix Debian ldap dependency broken in last commit.
+ [4980b1b653ef]
+
+ * etc/sudo.pp:
+ Fix "make package" on Debian when linux_audit is not set.
+ [a00d7dec5821]
+
+ * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
+ include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
+ lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/sudoers/iolog_client.c:
+ Add a ClientHello message that client sends to the server. This
+ makes it easier to detect a plaintext client sending to a TLS port.
+ Without this, the TLS server will be silent as it waits for the
+ client to initiate the TLS connection.
+ [22c033bcf456]
+
+ * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
+ Better error messages when there is a problem with the TLS
+ connection. If SSL_read, SSL_write or SSL_connect fails we can use
+ the reason string to let the user know what the problem is.
+ [92f603e37e40]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ logsrvd/logsrvd_conf.c:
+ Make the default certificate and key paths match the example file.
+ [f642836bfcf0]
+
+ * logsrvd/logsrvd.c, plugins/sudoers/iolog_client.c:
+ Warn about tls errors during startup so the user has a clue. We
+ write messages to stderr until we become a daemon.
+ [25ad61aa7dab]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, include/log_server.pb-c.h,
+ lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
+ logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Remove the tls parameter from the ServerHello message. The TLS
+ connection is now initiated before ServerHello is received.
+ [9d8b76f14cda]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h,
+ plugins/sudoers/policy.c:
+ Adapt sudoers iolog client to log server dual port changes. The TLS
+ handshake now occurs before the ServerHello message is read. This
+ fixes potential man-in-the-middle attacks and works better with TLS
+ 1.3.
+ [8137b029a3fe]
+
+ * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
+ doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf, logsrvd/logsrv_util.h,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/sendlog.c:
+ Use port 30343 for plaintext and port 30344 for TLS. For TLS
+ connections we now do the TLS handshake immediately before the
+ ServerHello message. This lets the client recieve an alert from the
+ server is there is a handshake error after the TLS connect has
+ succeeded. It also means that the contents of the ServerHello are
+ protected from a man-in-the-middle attack.
+ [bb4d8b57b3dd]
+
+ * include/sudo_util.h, lib/util/host_port.c,
+ lib/util/regress/host_port/host_port_test.c, logsrvd/logsrvd_conf.c,
+ plugins/sudoers/iolog_client.c:
+ Add support for a tls flag in sudo_parse_host_port(). If the string
+ "(tls)" appears at the end, the tls flag is set to true and the
+ default tls port is used if necessary.
+ [f0d9a225cd75]
+
+ * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
+ Plug memory leaks in sudo_sendlog
+ [886254bcae6a]
+
+ * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
+ Handle EAGAIN like we do ENOMEM from poll() and select(). On some
+ systems, poll() and select() can return EAGAIN instead of ENOMEM if
+ there is a kernel resource shortage. In this case we just re-enter
+ the event loop and retry.
+ [048df2548dcc]
+
+2020-05-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Use the --embed when running "python3-config --ldflags" if
+ supported. Newer versions of python3-config only include libpython
+ in the output when the --embed is used. Otherwise, "python3-config
+ --libs" and "python3-config --ldflags" only list the libraries
+ python is dependent on and not the python library itself.
+ [d90dc892c726]
+
+2020-04-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
+ On error, remove the connection with an error without freeing the
+ closure. Fixes the final message at the end when there is a network
+ error.
+ [0e1952eb707b]
+
+ * lib/util/event_poll.c:
+ Do not call poll(2) or ppoll(2) with nfds > RLIMIT_NOFILE. Both
+ poll(2) and ppoll(2) will return EINVAL if the nfds function
+ argument is larger than the max files per process resource limit.
+ Prevent this by limiting the max number entries in the pfds[] array
+ to the RLIMIT_NOFILE soft limit.
+ [ab0f798bb024]
+
+2020-04-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_event.h, lib/util/event.c:
+ The timeout parameter of sudo_ev_add() should be const.
+ [de85c8897aad]
+
+2020-04-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Don't free TLS on error in tls_init(), it is freed in
+ client_closure_free(). Fixes a double free on error introduced with
+ the TLS state cleanup in client_closure_free().
+ [f1b478f2ec13]
+
+ * logsrvd/logsrvd.c:
+ Check for tls_config->dhparams_path being non-NULL before using it.
+ [09348a25bfd2]
+
+2020-04-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in:
+ Document the TLS and test options.
+ [e5f6b6c46c25]
+
+ * logsrvd/sendlog.c:
+ Allow -t option even without OpenSSL Also add -t to the usage
+ message
+ [d874c9a67ed6]
+
+ * logsrvd/sendlog.c:
+ Use sudo_strtonum() instead of relying on strtoll(). Older, pre-C99,
+ systems may not include strtoll() in their C library.
+ [a1a610bbe022]
+
+ * include/protobuf-c/protobuf-c.h:
+ Allow this to build on systems without stdint.h by using config.h.
+ Old, pre-C99, systems may have inttypes.h but not stdint.h.
+ [72e603875b82]
+
+2020-04-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, scripts/pp:
+ Fix support for pp_systemd_disabled and check for systemd existence.
+ On our build schroots we don't have systemctl installed but do have
+ the /etc/systemd and /lib/systemd (or /usr/lib/systemd) directories.
+ [93917f4130b0]
+
+ * etc/sudo-logsrvd.pp:
+ Set pp_macos_service_id instead of
+ pp_macos_default_service_id_prefix. It is only effective to set
+ pp_macos_default_service_id_prefix in the indivisual %service
+ sections (and not %set) so we may was well use pp_macos_service_id
+ which includes the service name.
+ [84ccf13e7076]
+
+ * etc/sudo-logsrvd.pp:
+ Set launchd service id prefix to "ws.sudo." The default value in
+ PolyPkg is "com.quest.rc."
+ [eb581d74573e]
+
+ * scripts/pp:
+ Fix macOS package creation.
+ [556c0051c0fc]
+
+2020-04-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Shut down the TLS connection cleanly in client_closure_free(). Also
+ free the SSL data which is part of the client closure.
+ [258ec8832cbd]
+
+ * src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/sudo_exec.h:
+ Fix sudoedit when running with SELinux RBAC mode. We can't use
+ run_command() to run sesh, that will use the sudo event loop (and
+ might run it in a pty!). There's no need to relabel the tty when
+ copying files. Get the path to sesh from sudo.conf.
+
+ Currently, for SELinux RBAC, the editor runs with the target user's
+ security context. This defeats the purpose of sudoedit. Fixing that
+ requires passing file descriptors between the main sudo process
+ (running with the invoking user's security context) and sesh
+ (runnning with the target user's security context).
+ [81c9ec600894]
+
+ * MANIFEST, src/Makefile.in, src/copy_file.c, src/sesh.c,
+ src/sudo_edit.c, src/sudo_exec.h:
+ Refactor the sudoedit code to copy files so it can be shared. The
+ SELinux sudoedit code now extends the destination file the same way
+ the non-SELinux version does.
+ [82c44299309e]
+
+ * src/sudo_edit.c:
+ Do not remove sudoedit temporary files if we cannot overwrite the
+ real file. The warning message says the files were preserved but
+ they actually got removed.
+ [685f2de6bb2e]
+
+ * include/compat/glob.h, lib/util/glob.c:
+ Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match
+ POSIX.
+ [c3586082d3ea]
+
+ * scripts/pp:
+ Only remove the systemd unit service file if we copied it manually.
+ If the service file was installed as part of the package it will be
+ removed automatically when the package is uninstalled.
+ [e98e1493c5bf]
+
+2020-04-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in:
+ Document TLS settings in ServerHello
+ [22ae16f41585]
+
+2020-04-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_edit.c:
+ Extend the original file before to the new size before updating it.
+ Instead of opening the original file for writing w/ tuncation, we
+ first extend the file with zeroes (by writing, not seeking), then
+ overwrite it. This should allow sudo to fail early if the disk is
+ out of space before it overwrites the original file.
+ [aef4db03e9e1]
+
+ * src/sudo.c:
+ I/O log plugins should be closed *before* the policy plugin, not
+ after.
+ [dec6fccf63d4]
+
+ * plugins/sudoers/set_perms.c:
+ Fix typo
+ [82b0efbb6c26]
+
+ * plugins/sudoers/iolog.c:
+ Only display error string once on I/O error. We already include the
+ error string in the format so no need to use errno too.
+ [59795855d6a2]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
+ Free passwd and group caches in I/O plugin after log_warning(), not
+ before. The logging functions may try to use the cache via
+ set_perms(PERM_ROOT).
+ [652b925b9658]
+
+2020-04-17 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ add missing shudown of TLS connection
+ [14b25a0f4f6b]
+
+2020-04-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp, scripts/pp:
+ Disable systemd support on Linux systems that don't use it.
+ [3c01c91dbfb2]
+
+2020-04-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ 1.9.0 final
+ [acf3b4592384]
+
+ * etc/sudo-logsrvd.pp, scripts/pp:
+ Update PolyPkg from my branch with systemd support.
+ [a7a487496209]
+
+2020-04-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/example_conversation.py,
+ plugins/python/example_io_plugin.py, plugins/python/regress/testdata
+ /check_example_io_plugin_fails_with_python_backtrace.stdout:
+ If the signal.Signals enum is not present, search the dictionary.
+ The Signals enum was added in Python 3.5. If it is not present we
+ need to iterate over the dictionary items, looking for signal name
+ to number mappings. Fixes the signal tests with Python 3.4.
+ [22811794ed46]
+
+ * plugins/python/regress/check_python_examples.c,
+ plugins/python/sudo_python_module.c:
+ Python dictionaries are sparse so we cannot use pos as an index.
+ When converting sudo options from a dictionary to a tuple we need to
+ track the current index into the tuple separately from the position
+ of the dictionary entry.
+ [07cb8a0c7f21]
+
+2020-04-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo-logsrvd.pp:
+ Fix handling of /etc/sudo_logsrvd.conf in the sudo-logsrvd package.
+ For rpm and deb we include the file directly and mark it volatile.
+ For all others we copy it in the postinstall script from the example
+ dir if the file doesn't already exist.
+ [83264a96b923]
+
+ * scripts/mkpkg:
+ Check for the Sun Studio C compiler on Solaris under /opt. Also
+ intialize with_python to false.
+ [52e28d55f9a6]
+
+ * po/sudo.pot:
+ regen
+ [faaacb7777d4]
+
+ * lib/util/parseln.c:
+ Explicitly include stdio.h for getdelim(3)
+ [3b0bff3ef388]
+
+ * logsrvd/logsrvd.c:
+ Reload sudo.conf upon SIGUP This makes it possible to update the
+ Debug settings in sudo.conf and have them take effect on reload.
+ [9fb7baf9a3ad]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/sudoers/iolog_client.c:
+ Store the result of ERR_get_error() so we can use it for both warn
+ and debug. Otherwise, only the debug framework gets the actual error
+ and the user won't see the problem.
+ [039565f16d13]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ Disable IPv4-mapped IPv6 addresses in the listener. Also store the
+ host + port string and use it in error messages.
+ [3fbac477ef6b]
+
+ * configure, configure.ac, examples/Makefile.in:
+ Install the example sudo_logsrvd.conf unless one already exists
+ [89c41b936c44]
+
+2020-04-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * examples/sudo_logsrvd.conf:
+ Make the path to logsrvd_cert.pem match the documentation.
+ [b2a45e7c9cdb]
+
+ * etc/sudo-logsrvd.pp, logsrvd/logsrvd.c:
+ Create the pid file parent directory if it doesn't already exist.
+ Also package the run directory in the sudo_logsrvd PolyPkg file.
+ [ac8b573e8545]
+
+ * configure, configure.ac:
+ Sudo 1.9.0rc1
+ [7d437646afc2]
+
+ * MANIFEST:
+ Include all python plugin files in MANIFEST, not the directory
+ itself.
+ [4aa09dd70b9e]
+
+ * plugins/python/example_approval_plugin.py,
+ plugins/python/example_audit_plugin.py,
+ plugins/python/example_group_plugin.py,
+ plugins/python/example_io_plugin.py,
+ plugins/python/example_policy_plugin.py, plugins/python/regress/test
+ data/check_example_io_plugin_fails_with_python_backtrace.stdout:
+ Avoid using typing annotations so tests run with Python 3.4.
+ [88b7048bc4a6]
+
+ * plugins/python/python_plugin_common.c, plugins/python/regress/testda
+ ta/check_loading_fails_missing_classname.stderr:
+ Sort the list of possible plugins before printing it. This gives
+ more reproducible error messages for the tests.
+ [ea33f4970268]
+
+ * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
+ check_example_group_plugin_is_able_to_debug.log, plugins/python/regr
+ ess/testdata/check_example_io_plugin_command_log.stored, plugins/pyt
+ hon/regress/testdata/check_example_io_plugin_command_log_multiple1.s
+ tored, plugins/python/regress/testdata/check_example_io_plugin_comma
+ nd_log_multiple2.stored, plugins/python/regress/testdata/check_examp
+ le_io_plugin_failed_to_start_command.stored, plugins/python/regress/
+ testdata/check_example_io_plugin_fails_with_python_backtrace.stderr,
+ plugins/python/regress/testdata/check_loading_fails_wrong_path.stder
+ r, plugins/python/regress/testdata/check_multiple_approval_plugin_an
+ d_arguments.stdout, plugins/python/regress/testdata/check_python_plu
+ gins_do_not_affect_each_other.stdout,
+ plugins/python/regress/testhelpers.h:
+ Use regular expressions when matching expected and actual text.
+ [f2562728481a]
+
+ * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
+ check_example_debugging_c_calls@info.log, plugins/python/regress/tes
+ tdata/check_example_debugging_plugin@info.log,
+ plugins/python/regress/testhelpers.c:
+ Use regex to match __init__.py instead of hacking it in
+ verify_log_lines()
+ [8bf71289e585]
+
+ * plugins/python/pyhelpers.c, plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/iohelpers.c,
+ plugins/python/regress/plugin_approval_test.py, plugins/python/regre
+ ss/testdata/check_example_debugging_c_calls@diag.log, plugins/python
+ /regress/testdata/check_example_debugging_c_calls@info.log, plugins/
+ python/regress/testdata/check_example_debugging_py_calls@diag.log, p
+ lugins/python/regress/testdata/check_example_debugging_py_calls@info
+ .log, plugins/python/regress/testdata/check_example_policy_plugin_va
+ lidate_invalidate.log, plugins/python/regress/testdata/check_loading
+ _fails_wrong_classname.stderr, plugins/python/regress/testdata/check
+ _multiple_approval_plugin_and_arguments.stdout,
+ plugins/python/regress/testhelpers.h:
+ Make most python tests pass with Python 3.4 Dictionary order is not
+ stable in Python < 3.6 so we need to sort by key to have consistent
+ results. The LogHandler output is also different on older Python
+ versions. Also, don't stop running python tests after the first
+ error.
+ [aaa06cb5fac1]
+
+ * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Increase the maximum delay again for slower systems. Otherwise we
+ may get a spurious test failure.
+ [6660908aa93d]
+
+ * plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
+ scripts/mkdep.pl:
+ Handle dependencies for .h files in the same directory as the
+ source. Fixes missing header dependencies for the sudoers and python
+ plugins.
+ [3109dd5cf61e]
+
+ * etc/sudo.pp:
+ Remove bits for Tru64 kit-style packages
+ [0e9a9580d76c]
+
+ * MANIFEST, Makefile.in, configure, configure.ac, etc/sudo-logsrvd.pp,
+ etc/sudo-python.pp, etc/sudo.pp:
+ Split sudo_logsrvd and the python plugin into their own packages.
+ [9aee8247f0ba]
+
+ * scripts/mkpkg:
+ Build python packages where possible.
+ [7a2b993bb8ac]
+
+2020-04-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Don't pass a NULL submitcwd or ttyname value to the server. It is
+ possible for the cwd and/or tty to be missing. If we send a NULL
+ pointer to the server where it expects a string the AcceptMessage
+ will fail to parse.
+ [4f96d1c6e41c]
+
+ * include/sudo_plugin.h:
+ Disable -Wstrict-prototypes for sudo_hook_fn_t typedef.
+ [15d2a1332865]
+
+ * plugins/python/python_plugin_common.c:
+ Fall back to using Py_Finalize() for Python version < 3.6
+ [e7ad63e57c79]
+
+2020-04-06 Robert Manner <robert.manner@balabit.com>
+
+ * logsrvd/eventlog.c:
+ logsrvd/eventlog.c: add a newline after each log message for logfile
+ output
+ [457f77b8f3be]
+
+ * lib/iolog/iolog_fileio.c:
+ lib/iolog/iolog_fileio.c: do not call fchown on invalid fd
+
+ Fixes the warning in the log: iolog_write_info_file_json: unable to
+ fchown 0:0 /var/log/...: Bad file descriptor
+ [bccdaf007db8]
+
+ * logsrvd/iolog_writer.c:
+ logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually
+ ==root)
+ [5a7c447e9619]
+
+2020-04-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * po/eo.mo, po/eo.po, po/sr.mo, po/sr.po:
+ Updated translations from translationproject.org
+ [6e47dbfdba2c]
+
+2020-04-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * examples/Makefile.in:
+ Install example sudo_logsrvd.conf file
+ [c1c6f4c8119d]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Make it clear in the sudoers grammar that sudoedit needs file args.
+ Debian bug #571621
+ [b6358b602623]
+
+2020-04-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Fixed Debian bugs #571621, #596631 and #669687
+ [6058c1c46739]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/env.c:
+ Truncate the command args at 4096 chars when formatting
+ SUDO_COMMAND. We have to limit the length of SUDO_COMMAND to avoid
+ getting E2BIG from execve(2) for very long argument vectors. The
+ command's environment also counts against the ARG_MAX limit. Debian
+ bug #596631
+ [ff1fa8e3377f]
+
+ * plugins/sudoers/auth/pam.c:
+ Do not try to delete creds we did not set. If pam_setcred() fails
+ when opening the PAM session, we don't want to call it with
+ PAM_DELETE_CRED when closing the session.
+ [c31039431c46]
+
+2020-04-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/sudoers.h:
+ Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
+ This is used for PAM authentication to make sure pam_end() is called
+ via sudo_auth_cleanup() when the user authenticates successfully but
+ sudoers denies the command. Debian bug #669687
+ [98cb9d98f547]
+
+ * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Increase the maximum delay for slower systems. Otherwise we may get
+ a spurious test failure.
+ [e4c1fffd427c]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ Document when cwd_optional was added.
+ [165447e1d7fa]
+
+2020-03-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ plugins/sudoers/policy.c, src/exec.c, src/sudo.c, src/sudo.h:
+ Add cwd_optional to command details and enable it in the sudoers
+ plugin. If cwd_optional is set to true, a failure to set the cwd
+ will be a warning, not an error, and the command will still run.
+ Debian bug #598519
+ [a6694704d92f]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in:
+ The policy close function is responsible for closing the PAM
+ session.
+ [db4af211ff75]
+
+ * .clang-format:
+ Config file for clang-format 8.x and higher based on webkit style.
+ This approximates what I want the sudo coding style to look like.
+ Only deviations from webkit style are included.
+ [d3ec3a8401cf]
+
+ * src/exec_pty.c:
+ Don't kill the command just because the loop exited unexpectedly. We
+ currently have no good way to distinguish between an error executing
+ the command and an error while the command is running.
+
+ In the future, we should have additional status codes so we can tell
+ what type of condition caused the loop to exit.
+
+ For now, only kill the command if cstat is left uninitialized.
+ [9492d60783fe]
+
+2020-03-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Write process ID as an unsigned int (with a cast). On Solaris, pid_t
+ may be typedef'd as a long but the actual range is 32 bits at most.
+ [b9a818d77142]
+
+ * doc/LICENSE:
+ Add license info for a few other files. These are all ISC licensed
+ but it is still best to have them all listed in one place.
+ [dd37dc484ea5]
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/ca.mo,
+ po/ca.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, po/eo.mo,
+ po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/hr.mo,
+ po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo,
+ po/ko.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt.mo,
+ po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo,
+ po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [58d62352abff]
+
+ * lib/util/getusershell.c, lib/util/host_port.c, lib/util/roundup.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
+ logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, logsrvd/sendlog.h,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
+ Some new source files got created with my old email address.
+ [ede435f55f5c]
+
+ * .gitignore, .hgignore:
+ Ignore __pycache__ directories.
+ [5901cfb35a74]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_util.c, logsrvd/sendlog.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoreplay.c:
+ iolog_parse_loginfo() now opens the log file itself.
+ [bf03f505fc94]
+
+ * include/sudo_iolog.h, lib/iolog/Makefile.in,
+ lib/iolog/iolog_fileio.c, lib/iolog/iolog_util.c,
+ logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoreplay.c:
+ Write an extended I/O info log in JSON format. This will be used by
+ sudoreplay if it exists to get more information about the command
+ being replayed.
+ [5fc89148c214]
+
+ * MANIFEST, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ include/sudo_iolog.h, lib/iolog/Makefile.in, lib/iolog/iolog_json.c,
+ lib/iolog/iolog_util.c, plugins/sudoers/sudoreplay.c:
+ Parse I/O JSON info file in JSON if present. The JSON version
+ includes more information than the original "log" file in the I/O
+ log dir.
+ [269ae210ea34]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd.h:
+ Store runenv in the I/O log info file too.
+ [15f90fb3748f]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Create files for check_iolog_plugin in the build dir, not src dir.
+ [bdaea95b47fc]
+
+ * include/sudo_json.h, lib/iolog/iolog_fileio.c, lib/util/json.c,
+ logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
+ plugins/audit_json/audit_json.c:
+ Do not use JSON_ARRAY with sudo_json_add_value()
+ [c74b75adb90f]
+
+ * MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_json.c,
+ lib/iolog/iolog_json.h,
+ lib/iolog/regress/iolog_json/check_iolog_json.c,
+ lib/iolog/regress/iolog_json/test1.in,
+ lib/iolog/regress/iolog_json/test2.in,
+ lib/iolog/regress/iolog_json/test2.out.ok,
+ lib/iolog/regress/iolog_json/test3.in, lib/util/json.c:
+ Add tests for the simple json parser.
+ [9ede5000f4c7]
+
+ * lib/iolog/iolog_json.c:
+ Simply the JSON parsing code a bit. We can use a single stack for
+ nested objects and arrays. There is also no need to track the
+ current object and array separately. This allows us to remove the
+ array special case when assigning a value.
+ [4a34e528d9f0]
+
+ * NEWS:
+ Update NEWS for 1.9.0b5 changes
+ [bf8db62788d3]
+
+ * logsrvd/logsrvd.c:
+ sudo_logsrvd now exits with an error if it cannot open any listen
+ sockets.
+ [47a22f71e286]
+
+ * configure, doc/sudo_logsrvd.conf.man.in,
+ doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
+ doc/sudo_logsrvd.mdoc.in, examples/sudo_logsrvd.conf,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ m4/sudo.m4, pathnames.h.in:
+ Create a pidfile for sudo_logsrvd when not run with the -n flag.
+ [9f1b8edff6cc]
+
+ * etc/sudo.pp:
+ Add sudo_logsrvd as a service so it gets started at boot.
+ [d2ac9eb87dbf]
+
+ * plugins/sudoers/po/sudoers.pot:
+ Update sudoers.pot with json parser warnings.
+ [2b277f799d2e]
+
+2020-03-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * scripts/mkpkg:
+ Enable OpenSSL on systems that can support it.
+ [976370b9d9db]
+
+2020-03-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, logsrvd/logsrvd.c:
+ Add configure check for SSL_CTX_get0_certificate(). Dummy out
+ verify_server_cert() if it is not present to allow building on older
+ OpenSSL versions. Rewriting this to work with old OpenSSL is not
+ worth the trouble.
+ [61349d2533fe]
+
+ * lib/iolog/hostcheck.c:
+ Include stdlib.h for malloc(3) prototype. We shouldn't rely on it to
+ be implicitly included via OpenSSL headers.
+ [9f4f7d3d3662]
+
+2020-03-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Only set errstr for plugin API version 1.15 and above.
+ [780722091e9f]
+
+2020-03-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Sudo 1.8.31p1
+ [40629e6fd692]
+
+ * src/limits.c:
+ Ignore a failure to restore the RLIMIT_CORE resource limit. Linux
+ containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
+ if we set the limit to zero, even for root. This is not a problem
+ outside the container.
+ [1064b906ca68]
+
+2020-03-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [72ca06a294b4]
+
+ * include/sudo_event.h, lib/util/event.c:
+ Add SUDO_EV_MASK to mask off invalid event values. Now used by
+ sudo_ev_init() to avoid bogus events.
+ [10a5d1afa1c9]
+
+2020-03-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/python/regress/iohelpers.c,
+ plugins/python/regress/testhelpers.c:
+ Avoid using sprintf(), vsprintf(), strcat(), and strncat(). It is
+ less error-prone to use functions with a return value that indicates
+ when truncation ocurred.
+ [21938a3b1548]
+
+ * plugins/sudoers/match_digest.c:
+ Work around two Coverity false positives; CID 208813 208815
+ [389bf3749ed2]
+
+ * logsrvd/logsrvd.c:
+ Fix potential use-after-free; Coverity CID 208814
+ [e575532efe35]
+
+ * plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
+ check_example_debugging_c_calls@info.log, plugins/python/regress/tes
+ tdata/check_example_debugging_plugin@info.log,
+ plugins/python/regress/testhelpers.c:
+ Don't hard-code path to logging/__init__.py or line numbers. Allows
+ python plugin tests to success on versions other than 3.7.
+ [659d3d3fcb8b]
+
+ * doc/LICENSE:
+ Add copyright for the Python bindings.
+ [cc64df1f85f2]
+
+ * plugins/sudoers/match_command.c:
+ Fix typo introduced on systems with O_PATH or O_EXEC
+ [e8fea3eabf99]
+
+ * NEWS:
+ Update for sudo 1.9.0
+ [39158cb4af26]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/match.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/regress/sudoers/test14.in,
+ plugins/sudoers/regress/sudoers/test14.json.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok,
+ plugins/sudoers/sudoers_version.h:
+ Allow the ALL keyword to be specified with a digest list.
+ [9856ed3cde7f]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test14.in,
+ plugins/sudoers/regress/sudoers/test14.json.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok,
+ plugins/sudoers/sudo_ldap.h:
+ Allow a list of digests to be specified for a command.
+ [e0e9ecee870b]
+
+ * plugins/sudoers/ldap_util.c, plugins/sudoers/parse_ldif.c:
+ A struct member of type ALL should have its name field set to NULL.
+ [484b9af004af]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Allow Cmd_Alias in addition to Cmnd_Alias. Some people find using
+ Cmd_Alias more natural.
+ [55edb5057091]
+
+2020-03-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add pam_ruser and pam_rhost sudoers flags.
+ [b1d494440004]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
+ logsrvd/sendlog.h:
+ Store the event base in the client closure. Explicitly passing the
+ event base removes the need to set a default base.
+ [0e4ae8d810f8]
+
+ * plugins/sudoers/iolog.c:
+ Revert change to initialize io_operations earlier. Instead, check
+ io_operations.open for NULL which is the case for "sudo -V". Also
+ move the early return in sudoers_io_open() for "sudo -V" until after
+ we have initialized debugging.
+ [0e9e7a99725d]
+
+2020-02-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog.c:
+ Initialize io_operations earlier.
+ [ab235d88f8ae]
+
+2020-02-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Mark up some remaining TODOs
+ [847c9328a7b5]
+
+ * src/conversation.c:
+ Sudo's -S option should override the SUDO_CONV_PREFER_TTY flag.
+ [f5737b68c0bf]
+
+ * plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c,
+ plugins/python/sudo_python_module.c:
+ Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__
+ [db4f5d7c200e]
+
+2020-02-27 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_debugging.py, plugins/python/regress/testdata
+ /check_example_debugging_c_calls@diag.log, plugins/python/regress/te
+ stdata/check_example_debugging_c_calls@info.log, plugins/python/regr
+ ess/testdata/check_example_debugging_plugin@err.log, plugins/python/
+ regress/testdata/check_example_debugging_plugin@info.log:
+ plugins/python/regress: add a test and example of using the python
+ logger
+ [ed23b3ba375f]
+
+ * MANIFEST, doc/sudo_plugin_python.man.in,
+ doc/sudo_plugin_python.mdoc.in, plugins/python/Makefile.in,
+ plugins/python/python_baseplugin.c,
+ plugins/python/python_convmessage.c,
+ plugins/python/python_importblocker.c,
+ plugins/python/python_loghandler.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ plugins/python/sudo_module: add sudo.LogHandler
+
+ so python log system can be used with sudo logsystem. Loggers use it
+ by default (the handler is set on the root logger). If that is not
+ the intent, it can be overridden explicitly.
+ [45b8902ce188]
+
+2020-02-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, Makefile.in, config.h.in, configure, configure.ac,
+ lib/iolog/iolog_fileio.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h, plugins/sudoers/sudoers.c:
+ Add --disable-log-server and --disable-log-client configure options.
+ These can be used to optionally disable building sudo_logsrvd and
+ support for remote I/O logging in the sudoers plugin respectively.
+ [bc802e022f22]
+
+2020-02-26 Robert Manner <robert.manner@balabit.com>
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c, plugins/python/regre
+ ss/testdata/check_loading_fails_missing_classname.stderr, plugins/py
+ thon/regress/testdata/check_loading_succeeds_with_missing_classname.
+ stdout:
+ plugins/python: autodetect ClassName field
+
+ If "ClassName" is not specified, load the one and only sudo.Plugin
+ from the module (if so), otherwise display which plugins are
+ available from which the system admin can choose.
+ [b9dbbf1b6e97]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
+ plugins/python/Makefile.in, plugins/python/python_plugin_common.c:
+ plugins/python/plugin_common: add a default search path for python
+ plugins
+
+ If the ModulePath is relative, assume it is under
+ "/usr/local/libexec/sudo/python" or wherever the sudo plugins are in
+ a "python" subdirectory.
+ [5f75db882754]
+
+ * plugins/python/regress/check_python_examples.c, plugins/python/regre
+ ss/testdata/check_example_audit_plugin_version_display.stdout, plugi
+ ns/python/regress/testdata/check_example_debugging_py_calls@info.log
+ , plugins/python/regress/testdata/check_example_io_plugin_version_di
+ splay_full.stdout, plugins/python/regress/testdata/check_example_pol
+ icy_plugin_version_display_full.stdout, plugins/python/regress/testd
+ ata/check_multiple_approval_plugin_and_arguments.stdout:
+ plugins/python/regress: update tests for show_version changes
+
+ - plugin->show_version is not marked NULL any more.
+ - if verbose, it also displays which python class was loaded from
+ which file
+ [e30a1e43e3c2]
+
+ * plugins/python/python_plugin_approval.c,
+ plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python: make show_version display the plugin in verbose mode
+
+ Before it only displayed the plugin version, now it also displays
+ which python plugin is loaded to be more useful.
+ [8c94175ead70]
+
+ * plugins/python/python_plugin_approval.c,
+ plugins/python/python_plugin_common.c:
+ plugins/python/approval: fix show_version crash when it is not
+ implemented
+
+ For approval plugins show_version is not optional.
+ [61f6b4679d6b]
+
+2020-02-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Avoid calling sudoers_policy_exec_setup() on error. We only want to
+ pass the execution environment back for commands that are accepted
+ or rejected. Also avoid potentially freeing the wrong pointer when
+ garbage collection is enabled.
+ [a3a202e89951]
+
+2020-02-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/eventlog.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ Open event log at config time instead of open/close for each entry.
+ If logging via syslog, do the openlog() at config time instead. We
+ still lock the log file prior to writing to it but unlock
+ immediately after.
+ [3236bd001160]
+
+ * lib/util/locking.c:
+ Fix unlocking of an entire file with lockf(). Since lockf() uses the
+ files's current offset, we need to seek to the start of the file to
+ unlock the entire file.
+ [e415af1de6ca]
+
+2020-02-21 Robert Manner <robert.manner@balabit.com>
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: add approval plugin to supported plugins
+ [5034917e6902]
+
+2020-02-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/util.exp.in:
+ Add sudo_json_free_v1 to symbol exports file too.
+ [0a91a2986952]
+
+ * lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Regenerate dependencies to match the recent JSON changes.
+ [5da86c77629c]
+
+ * plugins/python/python_convmessage.c:
+ Add missing check for calloc(3) failure.
+ [589c32ff2cf1]
+
+2020-02-19 Robert Manner <robert.manner@balabit.com>
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: document approval plugin and PluginReject
+ [9e61203dcb8d]
+
+ * plugins/python/sudo_python_module.c:
+ plugins/python/sudo_python_module.c: remove unused declaration
+
+ We do not use structsequence any more.
+ [a5570ba5ad8b]
+
+2020-02-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Re-register listeners on SIGHUP. Previously, a config reload would
+ refresh the listener address list but the changes had no effect on
+ the actual addresses being listened on.
+ [c1c0ada6c594]
+
+ * logsrvd/logsrvd.c:
+ Fix compilation error when not built with OpenSSL support. Adds a
+ missing #ifdef HAVE_OPENSSL and reorders code to avoid the need for
+ a static init_tls_server_context() prototype.
+ [976c469eeb57]
+
+2020-02-18 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_common.c:
+ plugins/python: restore the original python inittab after
+ interpreter deinit
+ [b78a5d995de9]
+
+2020-02-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ include/sudo_json.h, lib/util/json.c, logsrvd/eventlog.c:
+ Add support for JSON structured logging using syslog. Note that
+ depending on the system, the default syslog buffer may not be large
+ enough to store all the logging data.
+ [15a6667b1198]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ examples/sudo_logsrvd.conf, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ Add support for JSON logging in sudo_logsrvd.
+ [8b013b899e3b]
+
+ * include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in,
+ plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/regress/sudoers/test10.json.ok,
+ plugins/sudoers/regress/sudoers/test9.json.ok:
+ Rework the JSON API to write to a memory buffer, not a stdio stream.
+ [ec4e4053e95e]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
+ Fix support for reloading the config in sudo_logsrvd. We need to re-
+ initialize the TLS server context. Also fix a memory leak of the TLS
+ parameters on reload.
+ [c4ca45502f3e]
+
+2020-02-17 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c, plugins/python/regre
+ ss/testdata/check_example_debugging_load@diag.log,
+ plugins/python/regress/testhelpers.c:
+ plugins/python: only deinit interpreters when sudo unlinks the
+ plugin
+
+ This only happens when sudo unloads the last python plugin. The
+ reason doing so is because there are some python modules which does
+ not support importing them again after destroying the interpreter
+ which has imported them previously.
+
+ Another solution would be to just leak the interpreters (let the
+ kernel free up), but then there might be some python resources like
+ open files would not get cleaned up correctly if the plugin is badly
+ written.
+
+ Tests are meant to test the scenario sudo does, so I have modified
+ them to generally do not unlink but only a few times (~per plugin
+ type) so it does not use 48 interpreters (one gets started on every
+ plugin->open) and it is visible at least which type of plugin fails
+ deinit if there is an error.
+ [13cdead652aa]
+
+ * plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_debug.c:
+ plugins/python/debug: adapt debug refcount solution of sudoers
+ plugin
+ [dc815e383c39]
+
+2020-02-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ The environment in the accept message is runenv not submitenv. The
+ I/O logging plugin is passed the environment the command will run
+ with, not the user's original environment.
+ [b3e1ee513001]
+
+2020-02-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_compat.h, lib/iolog/iolog_fileio.c,
+ plugins/audit_json/audit_json.c, src/utmp.c:
+ Add compatibility define for fseeko(3). This is better than
+ cluttering up the code with #ifdefs for obsolete systems.
+ [a9123f768fe0]
+
+2020-02-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test8.out.ok,
+ plugins/sudoers/regress/testsudoers/test8.sh:
+ Add test for #include directive without a trailing newline.
+ [dfcfad5c7c41]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Don't require a newline at the end of include or includedir
+ directives.
+ [3d6aa5531609]
+
+2020-02-14 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/regress/testhelpers.c:
+ plugins/python/regress/testhelpers.c: replace fromisoformat
+
+ fromisoformat is only supported from python >=3.7
+ [86bf6de82376]
+
+2020-02-13 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_common.h,
+ plugins/python/sudo_python_module.c:
+ plugins/python: add missing annotations to help cpychecker
+ [fd66659bd681]
+
+ * plugins/python/python_plugin_common.c:
+ plugins/python/python_plugin_common.c: release py_args in close
+
+ even if the arguments are not used (eg. when there is no "close"
+ call in the plugin).
+
+ It was not really a memleak, because interpreter is deinitialized
+ anyway, which frees the object.
+ [5de8c111d40d]
+
+ * plugins/python/python_plugin_approval.c:
+ plugins/python/python_plugin_approval: fix negative ref count
+
+ The python_plugin_api_rc_call function already decrements the
+ refcount of py_args. Python avoids the double free, but the error
+ gets shown if using python debug build.
+ [4370af5b9092]
+
+2020-02-12 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/regress/check_python_examples.c:
+ plugins/python/regress: still some memleak fix
+ [c60050b79a5e]
+
+ * plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python: make storing errstr more explicit
+
+ The error is always stored in plugin_ctx, but it is only set into
+ errstr if the API version is enough. (Previously it worked the
+ opposite: we only stored the error if API level was enough.)
+ [5b4fa733c876]
+
+ * plugins/python/regress/check_python_examples.c:
+ plugins/python/regress: strengthen errstr verification
+
+ Tests did not catch the issue where errstr was not set correctly,
+ but its pointer contained the expected data, because the memory
+ allocator reused the same space for storing the string.
+
+ Now it is either verified to be NULL, or reset to NULL.
+ [973e52ed3f68]
+
+ * plugins/python/regress/check_python_examples.c:
+ plugins/python/regress: simplify plugin option creation
+ [628142f39c63]
+
+2020-02-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in,
+ plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c,
+ plugins/sample_approval/sample_approval.c,
+ plugins/sudoers/sudoers_debug.c:
+ Move duplicated code to parse plugin debug flags to libsudo_util.
+ There's no need for four copies of sudo_debug_parse_flags().
+ [cfd9d624d8b1]
+
+2020-02-11 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ plugins/python/sudo_module: let a reject also supply error message
+
+ Same as sudo.PluginError exception, have a sudo.PluginReject
+ exception as well. Added common base exception as well.
+ [e2e36f4778d4]
+
+ * plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/plugin_approval_test.py, plugins/python/regre
+ ss/testdata/check_multiple_approval_plugin_and_arguments.stderr, plu
+ gins/python/regress/testdata/check_multiple_approval_plugin_and_argu
+ ments.stdout, plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h:
+ plugins/python/regress: add tests for approval plugin
+ [31bd830a36fa]
+
+ * MANIFEST, plugins/python/Makefile.in,
+ plugins/python/python_plugin_approval.c,
+ plugins/python/python_plugin_approval_multi.inc,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/sudo_python_module.c:
+ plugins/python: add python approval plugin wrapper
+ [489ef35ac957]
+
+ * MANIFEST, plugins/python/Makefile.in,
+ plugins/python/example_approval_plugin.py:
+ plugins/python: add python approval plugin example
+ [4ed865e04c0a]
+
+2020-02-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test23.in,
+ plugins/sudoers/regress/sudoers/test23.json.ok,
+ plugins/sudoers/regress/sudoers/test23.ldif.ok,
+ plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test23.out.ok,
+ plugins/sudoers/regress/sudoers/test23.sudo.ok,
+ plugins/sudoers/regress/sudoers/test23.toke.ok:
+ Add regress test for parsing Defaults lists. Currently only
+ env_check, env_delete, env_keep and log_servers are lists.
+ [dfda2dec37d3]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ Clarify that approval close happens after auditing. Also fix a few
+ typos.
+ [8f9fb2f0b5a7]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, plugins/sample_approval/sample_approval.c,
+ src/sudo.c:
+ Add open and close functions to the approval plugin API. We need a
+ close function to be able to to free memory allocated for errstr.
+ Unlike the other plugins, the close function is called immediately
+ after the plugin's check or show_version function. The plugin does
+ not remain open until the command completes.
+ [6611bafc8ace]
+
+ * plugins/audit_json/audit_json.c:
+ Use unique function names to avoid confusion with front-end
+ functions. Also add a missing sudo_debug_enter() after debug
+ registration.
+ [b127b0997ecb]
+
+ * scripts/log2cl.pl:
+ Use Text::Wrap instead of perl's built-in format function. This
+ still breaks log filename incorrectly but is a step in the right
+ direction.
+ [2184fe794ecb]
+
+ * Makefile.in, scripts/log2cl.pl:
+ Avoid changing directory when generating the ChangeLog file.
+ Instead, pass the repo path to either hg or log2cl.pl
+ [736e90c9fe6d]
+
+2020-02-10 Robert Manner <robert.manner@balabit.com>
+
+ * src/sudo.c:
+ src/sudo.c: call audit plugin close when result is a wait status
+ [0bfe6bc588a3]
+
+ * Makefile.in:
+ Makefile.in: fix install target for out of source build
+
+ The scriptdir contained a path relative to where the target was
+ started. The scripts are called like "$scriptdir/script_name" which
+ is fine with relative path as well, until the current directory is
+ not changed. But things like cd $srcdir && $scriptdir/script_name
+ fails (if building in separate build directory).
+ [7c0958b47925]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: document python audit plugin support
+ [2a2f6227bae0]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: document returning error string
+ [cf32faa3805f]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: update python manual for constant -> enum
+ changes
+ [e2cd8737978c]
+
+2020-02-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c, logsrvd/logsrvd.c,
+ logsrvd/sendlog.c, plugins/group_file/plugin_test.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/logging.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
+ src/parse_args.c, src/regress/noexec/check_noexec.c:
+ Use EXIT_SUCCESS and EXIT_FAILURE more consistently.
+ [1b78154a35f3]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Mark main sudo usage() function __noreturn__. This splits the usage
+ printing out into display_usage().
+ [400d23c2a6f1]
+
+ * include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in,
+ plugins/sudoers/cvtsudoers_json.c:
+ Use json functions from libsudo_util in cvtsudoers.
+ [c4316ce76fe6]
+
+2020-02-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sample_approval/sample_approval.c:
+ Check localtime() return value; coverity CID 208156
+ [e2697b46f7e2]
+
+ * plugins/audit_json/audit_json.c:
+ Check fseeko() return value; coverity CID 207993
+ [3abd610ae63b]
+
+ * logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Make restart and elapsed members of the closure structs not
+ pointers. Fixes coverity CID 207992
+ [2dbace19cb6a]
+
+ * lib/iolog/iolog_fileio.c:
+ Check return value of sudo_lock_file(); coverity CID 207991
+ [e2862d70dea8]
+
+ * logsrvd/logsrvd.c:
+ Only keepalive if accept() succeeded; coverity CID 207990
+ [0c35e46495a2]
+
+2020-02-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ generate_test_coverage.sh, include/Makefile.in,
+ lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
+ lib/zlib/Makefile.in, log2cl.pl, logsrvd/Makefile.in, mkdep.pl,
+ mkinstalldirs, mkpkg, plugins/audit_json/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, pp,
+ scripts/generate_test_coverage.sh, scripts/log2cl.pl,
+ scripts/mkdep.pl, scripts/mkinstalldirs, scripts/mkpkg, scripts/pp,
+ src/Makefile.in:
+ Move some scripts from the top level src dir to a scripts dir.
+ [0be8e958cbc2]
+
+ * MANIFEST, plugins/sample_approval/Makefile.in,
+ plugins/sample_approval/sample_approval.c,
+ plugins/sample_approval/sample_approval.exp:
+ Add sample approval plugin that simply tests for "business hours"
+ [8005b14fd0c7]
+
+ * Makefile.in, configure, configure.ac:
+ Add sample approval plugin that simply tests for "business hours"
+ [9d7370fea2c3]
+
+ * src/load_plugins.c:
+ Refactor code to alloc and insert a new plugin_container. The only
+ outlier is the policy plugin which is not part of a list since there
+ can only be a single policy plugin.
+ [610c6e01eb0b]
+
+ * plugins/audit_json/audit_json.c:
+ Tech audit_json about approval plugin accept/reject
+ [b1e568bacd87]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ Add an approval plugin type that runs after the policy plugin. The
+ basic idea is that the approval plugin adds an additional layer of
+ policy. There can be multiple approval plugins.
+ [2b57fac1ad0b]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ plugin documentation fixes: o whitespace cleanup o show_version
+ doesn't have an errstr argument o document runas_user and
+ runas_group in command_info[] o add missing .El at before start of
+ audit section
+ [73cb9ca71ef7]
+
+2020-02-06 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/sudo_python_module.c:
+ plugins/python/sudo_python_module.c: fix options_as_dict if no equal
+ sign
+
+ The intented behaviour was that those get skipped, but the
+ PyList_GetItem sets the interpreter into error state, so python has
+ raised exception.
+ [4f99dd186eb9]
+
+ * plugins/python/regress/check_python_examples.c, plugins/python/regre
+ ss/testdata/check_example_audit_plugin_receives_accept.stdout, plugi
+ ns/python/regress/testdata/check_example_audit_plugin_receives_error
+ .stdout, plugins/python/regress/testdata/check_example_audit_plugin_
+ receives_reject.stdout, plugins/python/regress/testdata/check_exampl
+ e_audit_plugin_version_display.stdout, plugins/python/regress/testda
+ ta/check_example_audit_plugin_workflow_multiple.stderr, plugins/pyth
+ on/regress/testdata/check_example_audit_plugin_workflow_multiple.std
+ out:
+ plugins/python/regress/check_python_examples: add audit_plugin tests
+ [fcc483a569ff]
+
+ * plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python/python_plugin_common: close can get custom arguments
+
+ For the audit plugin. Ensure we do not fail if
+ plugin_ctx->py_instance is NULL (because plugin init has failed).
+ [dd1c0be3d8e7]
+
+ * plugins/python/example_group_plugin.py,
+ plugins/python/example_io_plugin.py,
+ plugins/python/example_policy_plugin.py, plugins/python/regress/test
+ data/check_example_io_plugin_fails_with_python_backtrace.stdout:
+ plugins/python/example_*.py: document returning error string
+ [ee55ef4a3cb6]
+
+ * plugins/python/example_conversation.py,
+ plugins/python/example_debugging.py,
+ plugins/python/example_group_plugin.py,
+ plugins/python/example_io_plugin.py,
+ plugins/python/example_policy_plugin.py, plugins/python/regress/test
+ data/check_example_debugging_c_calls@info.log, plugins/python/regres
+ s/testdata/check_example_debugging_plugin@info.log, plugins/python/r
+ egress/testdata/check_example_io_plugin_fails_with_python_backtrace.
+ stdout:
+ plugins/python/example*.py: pep8 fixes (mainly line too long)
+ [56b15859cc9a]
+
+2020-02-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/audit_json/audit_json.exp:
+ Exported symbol is audit_json
+ [a39e9cc1047b]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ Silence lint warning.
+ [fbba7f8dc3ef]
+
+ * plugins/sudoers/policy.c:
+ Add runas_user and runas_group (if set) to command_info for audit
+ plugin. Otherwise, the audit plugin has to look up the runas name
+ and group by user or group ID.
+ [711731384693]
+
+ * src/tgetpass.c:
+ Only enable pwfeedback when reading password from /dev/tty. This
+ effectively disables pwfeedback when the -S or -A options are used.
+ [71da469aab20]
+
+2020-02-05 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/regress/check_python_examples.c:
+ plugins/python/regress: load/unload module for each testcase
+
+ so they can start from clean state. (My problem was optional
+ argument tests has destroyed the callbacks.)
+ [ab90adbb9328]
+
+ * plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_group.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ plugins/python: add support for callback errstr arguments
+
+ Plugins can raise a sudo.PluginError exception to add context
+ message for the failure.
+
+ The callback's errstr gets filled up with the specified message.
+ But, as sudo expects a string constant (will not free the string),
+ we store it in the plugin context at least until next callback
+ invocation.
+ [240bf4c627f0]
+
+ * plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/plugin_errorstr.py:
+ plugins/python/regress: add test for callback error msg return
+ [44a71a20f94c]
+
+ * plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python_plugin_io,policy: fix version display in verbose mode
+
+ Unfortunately the test did not catch this mistake, because it only
+ searches that "Python policy plugin API version" string is present
+ and does not check the version.
+ [7da28d01063f]
+
+2020-02-04 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_conversation.py,
+ plugins/python/example_debugging.py,
+ plugins/python/example_group_plugin.py,
+ plugins/python/example_io_plugin.py,
+ plugins/python/example_policy_plugin.py, plugins/python/pyhelpers.c,
+ plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c, p
+ lugins/python/regress/testdata/check_example_debugging_c_calls@diag.
+ log, plugins/python/regress/testdata/check_example_debugging_c_calls
+ @info.log, plugins/python/regress/testdata/check_example_group_plugi
+ n_is_able_to_debug.log, plugins/python/sudo_python_module.c:
+ plugins/python/sudo_python_module.c: use IntEnums instead of
+ constants
+
+ It is a bit more code, but it is more "pythonic" and easier to debug
+ as the enum values also know their names.
+
+ It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as
+ sudo.RC will be the "type" of the enum, but I guess that is
+ acceptable before the initial release.
+ [2a0845428e2b]
+
+2020-02-03 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_policy.c:
+ plugins/python/python_plugin_policy: add missing debug return
+ [2bf4cc35de9c]
+
+2020-02-03 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/sendlog.c:
+ fixed compiler error when sudo is configured without --enable-
+ openssl
+ [fb19fb96c41d]
+
+2020-02-03 Robert Manner <robert.manner@balabit.com>
+
+ * MANIFEST, plugins/python/Makefile.in,
+ plugins/python/python_plugin_audit.c,
+ plugins/python/python_plugin_audit_multi.inc,
+ plugins/python/sudo_python_module.c:
+ plugins/python: add python audit plugin wrapper
+ [92bf3ccbd35d]
+
+ * MANIFEST, plugins/python/Makefile.in,
+ plugins/python/example_audit_plugin.py:
+ plugins/python: add example python audit plugin
+ [15abd19f6fdb]
+
+2020-02-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_plugin.man.in:
+ Regenerate .man.in files from .mdoc.in
+ [6d04628b3bbb]
+
+ * doc/sudo_plugin.mdoc.in:
+ Update documentation for setbase when the given base is NULL.
+ [03054c46d322]
+
+ * plugins/sudoers/iolog_client.c, src/sudo.c:
+ For plugin events, set the sudo event base for setbase(NULL). This
+ makes it possible for a plugin to change the event base to a local
+ one and then reset it back to its original value.
+ [f95ab1a5fd5a]
+
+2020-02-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Don't display "error in event loop" on loop break reading
+ ServerHello. We should already have displayed a more useful error
+ message. Otherwise, we can get two "error in event loop" warnings if
+ the TLS handshake fails (in addition to other error messages).
+ [c42b8158ab36]
+
+2020-01-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Read ServerHello message synchronously before the command is
+ executed. Otherwise, the command could be run before the TLS
+ handshake completes.
+ [4dab1676ae41]
+
+2020-01-31 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/python_convmessage.c:
+ plugins/python/pyhelpers: add helpers for attribute handling
+
+ to simplify code a bit.
+ [c3eb52c88a04]
+
+2020-01-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.mdoc.in:
+ Document audit plugin in the sudo_plugin manual.
+ [e2aab376bae1]
+
+ * include/sudo_plugin.h, plugins/audit_json/audit_json.c, src/sudo.c:
+ Change audit close arguments to a type and value. That way we can
+ distinguish between different error types.
+ [37abbe9f39b5]
+
+ * MANIFEST, Makefile.in, configure, configure.ac, m4/sudo.m4,
+ pathnames.h.in, plugins/audit_json/Makefile.in,
+ plugins/audit_json/audit_json.c, plugins/audit_json/audit_json.exp:
+ Example audit plugin that writes JSON output to a log file.
+ [295d9d1a1209]
+
+ * plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_io_multi.inc,
+ plugins/python/python_plugin_policy.c,
+ plugins/python/regress/check_python_examples.c:
+ Adapt python plugin to new plugin API changes
+ [974e76db3a3a]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Pass back a failure or error string to the front end. The
+ audit_failure() function now stores the failure string. This will
+ allow an audit plugin to log the reason if the user's request is a
+ rejected.
+ [5bb4e000a7ec]
+
+ * doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c,
+ src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Define a new plugin type that receives accept and reject messages.
+ This can be used to implement logging-only plugins. The plugin
+ functions now take an errstr argument that can be used to return an
+ error string to be logged on failure or error.
+ [361aab49325f]
+
+ * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h,
+ lib/util/arc4random.c, lib/util/arc4random_buf.c:
+ Add tests for arc4random_buf() and an implementation for those
+ without.
+ [e89dabfd5a41]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/util.exp.in, lib/util/uuid.c:
+ Add code to generate universally unique identifiers. We create type
+ 4, variant 1 uuids (random).
+ [22aff362662e]
+
+ * MANIFEST, include/sudo_json.h, lib/util/Makefile.in,
+ lib/util/json.c, lib/util/util.exp.in:
+ Add a simple API for writing JSON records. To be used by the
+ upcoming JSON audit module.
+ [734b29194a82]
+
+2020-01-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Sudo 1.8.31 changes.
+ [3d12f4cb4d9f]
+
+ * src/tgetpass.c:
+ Fix a buffer overflow when pwfeedback is enabled and input is a not
+ a tty. In getln() if the user enters ^U (erase line) and the
+ write(2) fails, the remaining buffer size is reset but the current
+ pointer is not. While here, fix an incorrect break for erase when
+ write(2) fails. Also disable pwfeedback when input is not a tty as
+ it cannot work. CVE-2019-18634 Credit: Joe Vennix from Apple
+ Information Security.
+ [4830bdf1a683]
+
+2020-01-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Fix warning about unresolved host name with "sudo -l -h hostname".
+ The resolve_host() function returns 0 on success, not bool.
+ [9af5bb6e4036]
+
+ * configure, configure.ac:
+ Check for presence of fseeko() regardless of utmp type.
+ [d0c254ba8311]
+
+ * plugins/python/regress/check_python_examples.c:
+ Fix typo in a test: python_policy->close not python_io->close
+ [34d8631cc501]
+
+ * lib/util/getentropy.c:
+ Allow getentropy.c to compile when MAP_ANON is unavailable.
+ [d707e07f1a9c]
+
+ * MANIFEST, lib/util/Makefile.in, lib/util/arc4random.c,
+ lib/util/arc4random.h:
+ Remove multi-thread support from arc4random. Sudo is not multi-
+ threaded so we don't need the added complexity.
+ [77c1795e0aaa]
+
+2020-01-28 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/sudo_python_module.c:
+ plugins/sudo_python_module: Fix double free in sudo.options_as_dict
+ function
+
+ PyArg_ParseTuple sets the py_config_tuple pointer, but it does not
+ increment the reference count, so by decrementing, we end up freeing
+ the argument passed in.
+ [511aeb75a905]
+
+ * plugins/python/example_io_plugin.py, plugins/python/regress/testdata
+ /check_example_io_plugin_fails_with_python_backtrace.stdout:
+ plugins/python/example_io_plugin: close the file at destroy
+
+ to avoid warning of debug python build.
+ [6730352ab2d8]
+
+2020-01-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/arc4random.h, lib/util/getentropy.c:
+ Backed out changeset 9dce3ebb2c37 MAP_SGI_ANYADDR cannot be used in
+ place of MAP_ANON
+ [b261d200435a]
+
+2020-01-28 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/Makefile.in,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h:
+ plugins/python: memleak fixes in test
+
+ The main problem was that string array objects were constructed
+ differently:
+ - if constructed by the test, then the elements were constant
+ - if constructed by the plugin, then the elements were allocated
+
+ Modified it so that now each array contains allocated strings so
+ they can be handled similarly. For freeing, I have used the
+ str_array_free function from the plugin, so I have linked its object
+ into the test runner.
+
+ Happy path is now free of "definitely lost" memleaks, so the test
+ can be used for valgrind.
+ [657ffd948be5]
+
+2020-01-28 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Refactor sudo_sendlog in order to be able to send one I/O log
+ multiple times in parallel (for testing purposes)
+ [c9afea455ab6]
+
+2020-01-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/arc4random.h, lib/util/getentropy.c:
+ Fix compilation on IRIX; Bug #915 IRIX lacks MAP_ANON (and
+ MAP_ANONYMOUS) but we can use the IRIX-specific flag MAP_SGI_ANYADDR
+ instead. From Kazuo Kuroi
+ [9dce3ebb2c37]
+
+2020-01-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check.c:
+ Fix crash in sudo 1.8.30 when suspending sudo at the password
+ prompt. The closure pointer in sudo_conv_callback was being filled
+ in with a struct getpass_closure ** instead of a struct
+ getpass_closure *. The bug was introduced in the fix for Bug #910;
+ previously the closure variable was a struct getpass_closure, not a
+ pointer. Fix from Michael Norton; Bug #914.
+ [011b6a7663ef]
+
+2020-01-24 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_group.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python: use separate python interpreter for each plugin
+
+ On each plugin initialization we create a separate python
+ interpreter which gets stored in the plugin_ctx. The main
+ interpreter is stored in py_ctx and is used for creating more
+ interpreters (if more plugins get loaded) and final python
+ deinitialization.
+
+ The "traceback" module import and the ImportBlocker initialization
+ was moved, because it has to happen inside the plugin specific
+ interpreters.
+ [eb9308e5eacb]
+
+ * plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/plugin_conflict.py, plugins/python/regress/te
+ stdata/check_python_plugins_do_not_affect_each_other.stdout:
+ plugins/python/regress: add a failing textcase about python plugins
+ affect each other
+
+ Since python plugins are run inside the same interpreter, they
+ affect each other's state, which would be better to avoid.
+ [1628425d608c]
+
+2020-01-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in:
+ Document new tls_verify setting.
+ [3e4bc6e4d301]
+
+ * config.h.in, configure, configure.ac:
+ Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version
+ Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
+ [f3e36090a31e]
+
+2020-01-23 Robert Manner <robert.manner@balabit.com>
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: update doc about the multiple I/O plugin
+ loading
+ [08e7c479954b]
+
+ * plugins/python/Makefile.in:
+ plugins/python/Makefile.in: update autogenerated header dependencies
+ [54c0c7f11046]
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/python_plugin_common.c,
+ plugins/python/regress/check_python_examples.c, plugins/python/regre
+ ss/testdata/check_example_io_plugin_command_log_multiple.stderr,
+ plugins/python/sudo_python_module.c:
+ plugins/python/pyhelpers: have a default sudo_printf function
+
+ Adapted the default sudo_printf from sudoers plugin to be able to
+ print errors before plugin open() gets called. (This is used by the
+ multiple io plugin loading to display error for too much plugin
+ load.)
+
+ Since this makes us always have a sudo_log, I have removed the logic
+ about whether it is available or not.
+ [fdd4842b3ba2]
+
+ * src/load_plugins.c:
+ src/load_plugins.c: plugins can supply a clone function
+
+ if they want to support getting loaded multiple times.
+ [33ff0027f686]
+
+2020-01-23 Laszlo Orban <laszlo.orban@quest.com>
+
+ * examples/sudo_logsrvd.conf, include/log_server.pb-c.h,
+ lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ plugins/sudoers/iolog_client.c:
+ logserver option to disable certificate verification on server side
+ and server authentication on client side
+ [9b171f3af727]
+
+2020-01-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/load_plugins.c:
+ Refactor code to allocate and fill struct plugin_container. This
+ will help avoid duplicate code in the audit and approval plugins.
+ [8ad9ba987131]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudo_logsrvd.conf:
+ Document TCP keepalive options in the manual pages.
+ [7afe9293b503]
+
+ * doc/CONTRIBUTORS:
+ Add proper diacritical to Róbert's name.
+ [9ca9ea59cdd4]
+
+2020-01-22 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/regress/check_python_examples.c, plugins/python/regre
+ ss/testdata/check_example_io_plugin_command_log_multiple.stderr, plu
+ gins/python/regress/testdata/check_example_io_plugin_command_log_mul
+ tiple.stdout, plugins/python/regress/testdata/check_example_io_plugi
+ n_command_log_multiple1.stored, plugins/python/regress/testdata/chec
+ k_example_io_plugin_command_log_multiple2.stored,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h:
+ plugins/python/regress: add a testcase for multiple io plugin
+ loading
+
+ to verify 2 python plugins can work next to each other.
+ [916dd4f44bcf]
+
+2020-01-22 Laszlo Orban <laszlo.orban@quest.com>
+
+ * include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
+ lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/sudoers/iolog_client.c:
+ Rename tls_checkpeer to tls_reqcert in ServerHello message
+ [b69630f1f5b4]
+
+2020-01-22 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_baseplugin.c,
+ plugins/python/python_convmessage.c:
+ plugins/python: fix return value typo for the error case
+ [a7088391d8fb]
+
+2020-01-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * etc/sudo.pp, examples/Makefile.in, examples/sudo.conf.in:
+ Install a default sudo.conf file.
+ [e2b4613cced9]
+
+ * aclocal.m4, autogen.sh, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, logsrvd/logsrvd.c, logsrvd/sendlog.c,
+ plugins/sudoers/iolog_client.c:
+ Add support for building on OpenSSL 1.0.2. This adds compatibility
+ defines for some OpenSSL 1.1.x functions.
+ [17e50378c8ee]
+
+2020-01-21 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_io_multi.inc:
+ plugins/python/plugin_io: enable loading of multiple io plugins
+
+ Separate sudo io plugin symbols are created which stores wrapper
+ functions adding the context of which python plugin the callback is
+ about.
+
+ These sudo io plugin "slots" get generated with macros by the
+ preprocessor.
+
+ This makes sudo support loading multiple python IO plugins like
+ this: (note the differences in the symbol names)
+
+ Plugin python_io python_plugin.so ModulePath=...
+ ClassName=SudoIOPlugin1 Plugin python_io1 python_plugin.so
+ ModulePath=... ClassName=SudoIOPlugin2 Plugin python_io2
+ python_plugin.so ModulePath=... ClassName=SudoIOPlugin3
+ [cb45052d227a]
+
+2020-01-21 Laszlo Orban <laszlo.orban@quest.com>
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h, plugins/sudoers/policy.c:
+ sudoers: disable SO_KEEPALIVE socket option based on
+ log_server_disable_keepalive flag in sudoers
+ [ad48ee6fbcb7]
+
+ * examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ logserver: enable/disable SO_KEEPALIVE socket option based on
+ tcp_keepalive configuration option in sudo_logsrvd.conf
+ [c0d919468e95]
+
+2020-01-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/hostcheck.h:
+ No need to export the validate_hostname() symbol. We don't export
+ symbols in convenience libraries, only installed DSOs.
+ [f26897793700]
+
+ * lib/iolog/hostcheck.c:
+ Fix a few pointer signedness warnings on Linux.
+ [6a4f68430e69]
+
+ * include/sudo_compat.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h, src/net_ifs.c:
+ Store the server host name and IP in client_closure_fill(). Also
+ check for getpeername() and inet_ntop() failure.
+ [22df6ff5fcaf]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
+ logsrvd/sendlog.h, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. If we
+ get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume the
+ SSL_read(), not call SSL_write() as we were doing. Likewise for
+ SSL_ERROR_WANT_READ received from SSL_write(). This introduces a
+ flag so we call the proper callback even when the I/O direction
+ doesn't match the read/write calls.
+ [7162125ad7b7]
+
+ * lib/util/Makefile.in:
+ Add siglist.c and signame.c as dependencies for depend target. Fixes
+ running "make depend" in lib/util dir when siglist.c or signame.c
+ are not already present.
+ [9d7aa4107136]
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/iolog/Makefile.in, lib/logsrv/Makefile.in,
+ lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add abs_top_srcdir and abs_top_builddir and use them. Configure
+ provides absolution versions of srcdir, builddir, top_srcdir and
+ top_builddir. We can use these instead of calling pwd.
+ [597ba26af997]
+
+2020-01-20 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/Makefile.in:
+ plugins/python/Makefile.in: remove path prefix from examples to make
+ install target work
+ [ba31bde08e17]
+
+2020-01-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/iolog/Makefile.in:
+ Rebuild dependencies after hostcheck.c include changes.
+ [3a4e808e5038]
+
+2020-01-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/hostcheck.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c,
+ plugins/sudoers/iolog_client.c:
+ Add debugging statements to certificate checks.
+ [81f813c8c1f1]
+
+ * MANIFEST, lib/iolog/Makefile.in, lib/iolog/hostcheck.c,
+ plugins/sudoers/iolog.c:
+ Portability fixes and correct path to hostcheck.h in MANIFEST.
+ Include sys/socket.h for getpeername(). Link with -lnsl on Solaris
+ to get inet_pton().
+ [060371a21669]
+
+ * lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
+ lib/zlib/Makefile.in, logsrvd/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/python/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Using "libtool --clean" to remove regular files is slow. We only
+ need to use libtool's clean mode to remove files created by libtool.
+ [510af2b052c6]
+
+2020-01-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .gitignore, .hgignore:
+ Add examples/sudo.conf to ignore files.
+ [9eb86d1b8661]
+
+ * doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
+ Remove whitespace at the end of the line in example sudo.conf
+ [88b0ae1f8a18]
+
+ * doc/sudo_plugin_python.mdoc.in:
+ Fix mdoc lint warnings by removing .Pp before and after .Ss.
+ [e59218682d7f]
+
+2020-01-17 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/iohelpers.c,
+ plugins/python/regress/iohelpers.h,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h:
+ plugins/python/regress: add missing license texts
+ [b0e4b41b2834]
+
+2020-01-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Fix TLS accept when SSL_accept() returns SSL_ERROR_WANT_WRITE. We
+ need to switch from SUDO_EV_READ to SUDO_EV_WRITE for this case.
+ [71ada9bfa056]
+
+ * logsrvd/sendlog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. We
+ need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
+ Also make the tls connect events private to tls_timed_connect() with
+ their own closure. There is no need to store them in the client
+ closure.
+ [afda37d1dd26]
+
+ * logsrvd/iolog_writer.c:
+ Store submit time in struct iolog_info. Fixes missing time stamp in
+ remote I/O log info file.
+ [dcd1dfa00646]
+
+ * src/sudo_edit.c:
+ Treat EROFS (like EACCES) as a non-fatal error in dir_is_writable().
+ Fixes sudoedit on macOS 10.15 and above where the root file system
+ is mounted read-only. See https://support.apple.com/en-us/HT210650.
+ From Dan Villiom Podlaski Christiansen. Bug #913
+ [cc636a1af1b6]
+
+2020-01-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/event.c, plugins/sudoers/iolog_client.c:
+ Really fix flushing of data in client_close(). Now that we call
+ fmt_exit_message() from client_close() we do not need to try to
+ determine whether the read or write events were pending in the old
+ base.
+
+ We can't tell anyway because the active flag in the event was
+ cleared when the old sudo event base was destroyed. It is correct to
+ enable both the read and write events after formatting the
+ ExitMessage.
+ [c59e77060c37]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_path_escapes.c:
+ Use SUDOERS_DEBUG_* not SUDO_DEBUG_* in debug_decl() for the sudoers
+ plugin.
+ [2d0c049e689e]
+
+ * src/sudo.c, src/sudo_plugin_int.h:
+ Wrap calls to plugin event callbacks to use the plugin's debug
+ instance. Otherwise, the debug output in a plugin's event callback
+ will go to the sudo debug file, not sudoers.
+ [02e227cfc715]
+
+ * lib/util/regress/strsig/strsig_test.c:
+ FreeBSD is missing SIGLWP (aka SIGTHR) in sys_signame[]. Don't test
+ SIGLWP on FreeBSD where it is reserved for the thread library and is
+ not listed in sys_signame[].
+ [95cbafc79b4d]
+
+ * configure, configure.ac:
+ We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries.
+ Otherwise, LD_LIBRARY_PATH does not work when running the tests. The
+ GNU linker's --enable-new-dtags can be used to do this. We don't do
+ this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
+ [2c6c9a348d81]
+
+2020-01-15 Laszlo Orban <laszlo.orban@quest.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/iolog_client.c:
+ do server identity validation in iolog plugin
+ [b1bec55bbed6]
+
+ * logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ do client identity validation in logserver
+ [e415409dfe0b]
+
+ * MANIFEST, include/hostcheck.h, lib/iolog/Makefile.in,
+ lib/iolog/hostcheck.c:
+ implement host validation for the audit server SSL certificates
+ [7f48e57bece2]
+
+2020-01-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers_debug.c:
+ Fix reference counting when both sudoers policy and I/O log are
+ loaded. If both sudoers policy and I/O log plugins are loaded,
+ debug_files will be empty when the I/O plugin is initialized. This
+ changes the logic to always increase the reference count if the
+ instance is valid.
+ [18adfeb3727b]
+
+ * src/load_plugins.c:
+ Fix handling of duplicate policy and I/O plugins. The warning
+ message said the later I/O plugin was ignored but it actually
+ overwrote the existing one instead. The first registered plugin of
+ the same name now is used, as was intended. Specifying more than one
+ policy plugin is no longer a fatal error; this allows the admin to
+ fix the situation.
+ [dde476072346]
+
+2020-01-14 Robert Manner <robert.manner@balabit.com>
+
+ * aclocal.m4, configure, configure.ac,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h,
+ plugins/python/sudo_python_debug.h:
+ plugins/python: various portability improvements
+ [d6aa5e2585ef]
+
+ * plugins/python/example_conversation.py,
+ plugins/python/example_io_plugin.py, plugins/python/regress/testdata
+ /check_example_conversation_plugin_reason_log_with_suspend.stdout, p
+ lugins/python/regress/testdata/check_example_io_plugin_command_log.s
+ tored, plugins/python/regress/testdata/check_example_io_plugin_fails
+ _with_python_backtrace.stdout:
+ plugins/python/example_{io,conversation}: avoid printing signal
+ number
+
+ They are platform dependant, so their test would fail on some
+ platforms. While we could create separate plugin for the tests, I
+ like the idea that the examples are ensured to be working.
+
+ I believe this is a good compromise for being able to auto update
+ the test cases.
+ [7b46d305e7d9]
+
+ * plugins/python/Makefile.in,
+ plugins/python/regress/check_python_examples.c:
+ plugins/python/regress: load the python plugin dynamically
+
+ instead of linking with it.
+ [084c61e7d565]
+
+2020-01-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_edit.c:
+ For sudoedit_checkdir consider a user-owner directory to be
+ writable. The non-faccessat() code already did this so this just
+ brings the faccessat() path into alignment. Bug #912
+ [91a1a9c0ba40]
+
+2020-01-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/CONTRIBUTORS:
+ Add newline before list of artwork authors.
+ [1be0fe5f7d7a]
+
+ * doc/LICENSE:
+ Update copyright year.
+ [f4ef4c1990af]
+
+2020-01-10 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_policy_plugin.py:
+ plugins/python/example_policy_plugin.py: extend user env changing
+ example
+
+ Make the demonstration extend the environment with a new variable.
+ Easier to read, and makes the testing able to check for that it is
+ working.
+ [77c09cc38298]
+
+ * generate_test_coverage.sh:
+ generate_test_coverage.sh: example script to ease test coverage
+ generation
+
+ Uses lcov and genhtml to generate test coverage. It is meant to be
+ run in a clean directory. Extra configure options can be added as
+ script arguments.
+
+ Example execution:
+
+ mkdir build cd build ../generate_test_coverage.sh --enable-python
+ [a52c480639aa]
+
+2020-01-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ Remove MAXSYSLOGTRIES, it is no longer used.
+ [dbd274fd8330]
+
+2020-01-09 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python/python_plugin_policy: fix validate() call
+
+ When calling validate() python function, TypeError exception was
+ thrown ("argument list must be a tuple"), because the call does not
+ have arguments, and python does not accept empty tuple for
+ execution. NULL must be used instead, which was handled as argument
+ construction failure previously.
+ [5ac3c2acee9b]
+
+ * plugins/python/example_policy_plugin.py:
+ plugins/python/example_policy_plugin.py: make allowed_commands
+ ordered
+
+ Storing them as "tuple" instead of "set", so they have a fix order.
+ This makes the output of the list() example stable. ("set" is
+ printed out in random order)
+ [470ccf46a088]
+
+ * plugins/python/example_io_plugin.py,
+ plugins/python/example_policy_plugin.py,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python: fix confusing version display
+
+ IO/Group/Policy Python API version is displayed instead of sudo
+ version, because that is not very meaningful in this context.
+
+ They are only displayed in verbose mode.
+
+ Example plugins express it more concrete that they are displaying
+ their version, not the API version.
+ [af9d969231a9]
+
+2020-01-08 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_conversation.py:
+ plugins/python/example_conversation.py: make log path configurable
+
+ Similarly to IO plugin example. (It is easier to test it this way.)
+ [6526a842ee21]
+
+2020-01-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo.c:
+ Iterate over io_plugins list in the iolog_* wrappers. Moving the
+ iteration into the wrapper functions simplifies the calling code.
+ [1e803fb8fd1f]
+
+ * src/sudo.c:
+ policy_plugin is global, no need to pass it to policy_* functions.
+ [676c85f87b3c]
+
+ * configure, configure.ac:
+ If --enable-openssl or --enable-gcrypt is given a path, append to
+ LDFLAGS. Previously we appended the path to SUDOERS_LDFLAGS but now
+ that we use OpenSSL in the log server, LDFLAGS is the correct one to
+ use.
+ [8b30cffe500f]
+
+ * doc/CONTRIBUTORS:
+ Add Robert Manner
+ [fe8bb27dcff3]
+
+2020-01-07 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_io_plugin.py:
+ plugins/python/example_io_plugin.py: fix backtrace during destructor
+
+ If the plugin fails to open the file for writing, constructor will
+ raise an exception and exit before creating the "_log" member
+ variable. So the destructor will also raise a backtrace. (Which
+ python ignores, but dumps out to stderr.)
+ [09cfa2edb38c]
+
+ * plugins/python/python_plugin_common.c:
+ plugins/python/python_plugin_common: raise debug level for module
+ import
+ [b261d22e3c2e]
+
+ * plugins/python/regress/testdata/check_example_conversation_plugin_re
+ ason_log_with_suspend.conversation, plugins/python/regress/testdata/
+ check_example_conversation_plugin_reason_log_with_suspend.stderr, pl
+ ugins/python/regress/testdata/check_example_conversation_plugin_reas
+ on_log_with_suspend.stdout, plugins/python/regress/testdata/check_ex
+ ample_conversation_plugin_reason_log_with_suspend.stored, plugins/py
+ thon/regress/testdata/check_example_conversation_plugin_reason_log_w
+ ithout_suspend.conversation, plugins/python/regress/testdata/check_e
+ xample_conversation_plugin_reason_log_without_suspend.stderr, plugin
+ s/python/regress/testdata/check_example_conversation_plugin_reason_l
+ og_without_suspend.stdout, plugins/python/regress/testdata/check_exa
+ mple_conversation_plugin_reason_log_without_suspend.stored, plugins/
+ python/regress/testdata/check_example_conversation_plugin_user_inter
+ rupts.conv, plugins/python/regress/testdata/check_example_conversati
+ on_plugin_user_interrupts.conversation, plugins/python/regress/testd
+ ata/check_example_conversation_plugin_user_interrupts.stderr, plugin
+ s/python/regress/testdata/check_example_conversation_plugin_user_int
+ errupts.stdout, plugins/python/regress/testdata/check_example_debugg
+ ing_c_calls@diag.log, plugins/python/regress/testdata/check_example_
+ debugging_c_calls@info.log, plugins/python/regress/testdata/check_ex
+ ample_debugging_load@diag.log, plugins/python/regress/testdata/check
+ _example_debugging_plugin@err.log, plugins/python/regress/testdata/c
+ heck_example_debugging_plugin@info.log, plugins/python/regress/testd
+ ata/check_example_debugging_py_calls@diag.log, plugins/python/regres
+ s/testdata/check_example_debugging_py_calls@info.log, plugins/python
+ /regress/testdata/check_example_debugging_sudo_cb@info.log, plugins/
+ python/regress/testdata/check_example_group_plugin_is_able_to_debug.
+ log, plugins/python/regress/testdata/check_example_io_plugin_command
+ _log.stderr, plugins/python/regress/testdata/check_example_io_plugin
+ _command_log.stdout, plugins/python/regress/testdata/check_example_i
+ o_plugin_command_log.stored, plugins/python/regress/testdata/check_e
+ xample_io_plugin_failed_to_start_command.stderr, plugins/python/regr
+ ess/testdata/check_example_io_plugin_failed_to_start_command.stdout,
+ plugins/python/regress/testdata/check_example_io_plugin_failed_to_st
+ art_command.stored, plugins/python/regress/testdata/check_example_io
+ _plugin_fails_with_python_backtrace.stderr, plugins/python/regress/t
+ estdata/check_example_io_plugin_fails_with_python_backtrace.stdout,
+ p
+ lugins/python/regress/testdata/check_example_io_plugin_version_displ
+ ay.stderr, plugins/python/regress/testdata/check_example_io_plugin_v
+ ersion_display.stdout, plugins/python/regress/testdata/check_example
+ _io_plugin_version_display.stored, plugins/python/regress/testdata/c
+ heck_example_policy_plugin_accepted_execution.stderr, plugins/python
+ /regress/testdata/check_example_policy_plugin_accepted_execution.std
+ out, plugins/python/regress/testdata/check_example_policy_plugin_den
+ ied_execution.stderr, plugins/python/regress/testdata/check_example_
+ policy_plugin_denied_execution.stdout, plugins/python/regress/testda
+ ta/check_example_policy_plugin_failed_execution.stderr, plugins/pyth
+ on/regress/testdata/check_example_policy_plugin_failed_execution.std
+ out, plugins/python/regress/testdata/check_example_policy_plugin_lis
+ t.stderr, plugins/python/regress/testdata/check_example_policy_plugi
+ n_list.stdout, plugins/python/regress/testdata/check_example_policy_
+ plugin_validate_invalidate.log, plugins/python/regress/testdata/chec
+ k_example_policy_plugin_version_display.stderr, plugins/python/regre
+ ss/testdata/check_example_policy_plugin_version_display.stdout, plug
+ ins/python/regress/testdata/check_loading_fails_missing_classname.st
+ derr, plugins/python/regress/testdata/check_loading_fails_missing_cl
+ assname.stdout, plugins/python/regress/testdata/check_loading_fails_
+ missing_path.stderr, plugins/python/regress/testdata/check_loading_f
+ ails_missing_path.stdout, plugins/python/regress/testdata/check_load
+ ing_fails_not_owned_by_root.stderr, plugins/python/regress/testdata/
+ check_loading_fails_not_owned_by_root.stdout, plugins/python/regress
+ /testdata/check_loading_fails_wrong_classname.stderr, plugins/python
+ /regress/testdata/check_loading_fails_wrong_classname.stdout, plugin
+ s/python/regress/testdata/check_loading_fails_wrong_path.stderr, plu
+ gins/python/regress/testdata/check_loading_fails_wrong_path.stdout:
+ plugins/python/regress/testdata: generated data for the pyplugin
+ tests
+ [cec6c9036644]
+
+ * plugins/python/example_debugging.py:
+ plugins/python/example_debugging: fix typo in comment
+ [38de8ea0b0e9]
+
+2020-01-06 Laszlo Orban <laszlo.orban@quest.com>
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ save a pointer to the currently connected audit server in the
+ closure object
+ [f1c14c43ab40]
+
+2020-01-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/timestamp.c:
+ Sanity check size when converting the first record to TS_LOCKEXCL
+ Coverity CID 206591
+ [5b94873c4051]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c:
+ Fix coverity CID 206586. Potential use after free calling
+ gzstrerror() after gzclose().
+ [4bcba58004c8]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Use canonical pattern when freeing a tail queue. Avoids some
+ coverity false positives when using TAILQ_FOREACH_SAFE to free the
+ tail queue.
+ [9019d7ad9958]
+
+2020-01-03 Robert Manner <robert.manner@balabit.com>
+
+ * MANIFEST, plugins/python/Makefile.in,
+ plugins/python/regress/check_python_examples.c,
+ plugins/python/regress/iohelpers.c,
+ plugins/python/regress/iohelpers.h,
+ plugins/python/regress/testdata/sudo.conf.developer_mode,
+ plugins/python/regress/testdata/sudo.conf.normal_mode,
+ plugins/python/regress/testhelpers.c,
+ plugins/python/regress/testhelpers.h:
+ plugins/python/regress: adds tests for python plugin feature and
+ examples
+ [7ab4daed9558]
+
+2020-01-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Avoid potential NULL deref in tls_timed_connect() error path.
+ Coverity CID 206396
+ [730687307b24]
+
+ * logsrvd/sendlog.c:
+ Check for sudo_ev_add() failure; Coverity CID 206395 206397
+ [7008560eac95]
+
+2020-01-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
+ Update sample sudo.conf with all supported settings. The deprecated
+ "max_groups" setting is not documented.
+ [e17f7bf95578]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in,
+ lib/util/regress/sudo_conf/test1.in,
+ lib/util/regress/sudo_parseln/test1.in:
+ Remove POD-style C<> markup (typewriter font) from sudo.conf
+ [b69d4743c860]
+
+ * MANIFEST, configure, configure.ac, examples/Makefile.in,
+ examples/sudo.conf, examples/sudo.conf.in:
+ Substitute plugin dir into examples/sudo.conf
+ [8c481a21c098]
+
+2020-01-02 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/sudoers/sudoers_debug.c:
+ plugins/sudoers/sudoers_debug.c: fix harmless debug deregistration
+ warning
+
+ If the debug sudoers subsystem is not registered, because it does
+ not get any file names to deal with (TAILQ_EMPTY(debug_files)),
+ deregistration of the subsystem outputs a warning:
+
+ sudo: sudo_debug_deregister_v1: invalid instance ID -1, max -1
+
+ This patch prevents that by only increasing the refcount if the
+ debug_instance was registered successfully.
+ [939042599498]
+
+ * plugins/python/Makefile.in:
+ plugins/python/Makefile.in: fix the install path of examples
+
+ Examples are installed by default to "docdir", which refers to
+ PACKAGE_TARNAME variable which was empty for the python plugin
+ Makefile.in
+
+ So the examples were installed to '.../share/doc/examples' instead
+ of '.../share/doc/sudo/examples'. This also made them be skipped
+ from the package.
+
+ Also the install target now depends on install-doc so the examples
+ gets installed also (similarly as other examples).
+ [e4c07404a3fc]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ doc/sudo_plugin_python: indent code examples for easier readability
+ [c91ee22bfc83]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ doc/sudo.conf: document developer_mode option
+ [127215dca183]
+
+2019-12-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/UPGRADE:
+ fix typo in previous
+ [3031418fba2b]
+
+ * Makefile.in:
+ In update-pot match *.c not *c.
+ [77a1139fef99]
+
+ * NEWS, doc/UPGRADE:
+ Changes in sudo 1.8.30
+ [dfaac62074f4]
+
+2019-12-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in:
+ Add check for up to date def_data.[ch] in check-dist target.
+ [ffaf150e76a5]
+
+2019-12-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/limits.c:
+ Use 64-bit resource limits on AIX.
+ [b8b76c47c8a7]
+
+ * src/limits.c:
+ When restoring old resource limits, try to recover if we receive
+ EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
+ limit is lower than the current resource usage. This can be a
+ problem when restoring the old stack limit if sudo has raised it.
+ [50bdbdbea1b7]
+
+ * src/limits.c:
+ Sudo doesn't require such a large stack.
+ [f93eb9e0c105]
+
+ * plugins/sudoers/Makefile.in:
+ Restore check for readable /etc/sudoers in pre-install target. If
+ there is no installed sudoers there is nothing to check...
+ [99e65bc54052]
+
+ * config.h.in, configure, configure.ac:
+ Enable OpenBSD extensions on NetBSD to get reallocarray(3)
+ prototype.
+ [e303dca0c1cb]
+
+ * include/sudo_event.h:
+ Add forward declaration of struct timeval for deprecated APIs.
+ [e41bdbbbc067]
+
+ * lib/util/sig2str.c, lib/util/str2sig.c:
+ Fix compilation on systems with SIGRTMIN/SIGRTMAX but not
+ _SC_RTSIG_MAX.
+ [8e40c62e00f8]
+
+ * include/sudo_compat.h:
+ Older systems may not support WCONTINUED.
+ [730bede52ff0]
+
+ * plugins/sudoers/logging.c:
+ Support systems that have nl_langinfo(3) but not the CODESET define.
+ Fixes compilation on old NetBSD versions.
+ [03e7cff93172]
+
+ * plugins/sudoers/starttime.c:
+ Fix a typo; HAVE_KINFO_PROC2_NETBSD not HAVE_KINFO_PROC2_NETBSD2
+ [0c46a062f888]
+
+2019-12-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ etc/init.d/aix.sh.in, etc/init.d/hpux.sh.in,
+ etc/init.d/sudo.conf.in, etc/sudo.pp, init.d/aix.sh.in,
+ init.d/hpux.sh.in, init.d/sudo.conf.in, src/Makefile.in, sudo.pp:
+ Move init.d and sudo.pp to the etc dir.
+ [81c9cbbc8ea9]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/cfmakeraw.c:
+ Add cfmakeraw() for systems without it.
+ [48f48eaf2a68]
+
+ * MANIFEST:
+ Remove indent.pro from MANIFEST
+ [2b6a24282b8c]
+
+ * .gitignore, .hgignore:
+ Add uncrustify.files to ignore file.
+ [056b0df738a9]
+
+ * doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
+ Substitute @prefix@ in for the example paths. We can't use
+ @exampledir@ here since it contains Makefile variables.
+ [1744e2bcc813]
+
+2019-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_debug.h, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_path.c, lib/iolog/iolog_util.c, lib/util/aix.c,
+ lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/gettime.c,
+ lib/util/getusershell.c, lib/util/gidlist.c, lib/util/host_port.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
+ lib/util/logfac.c, lib/util/logpri.c, lib/util/mkdir_parents.c,
+ lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c,
+ lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/term.c,
+ lib/util/ttyname_dev.c, lib/util/ttysize.c, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
+ plugins/python/python_plugin_common.c,
+ plugins/python/sudo_python_debug.c, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
+ plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
+ src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
+ src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
+ src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
+ src/ttyname.c, src/utmp.c:
+ debug_decl and debug_decl_vars now require a semicolon at the end.
+ [c05890653007]
+
+2019-12-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, doc/Makefile.in, doc/sudo_plugin_python.man.in,
+ doc/sudo_plugin_python.mdoc.in:
+ Add sudo_plugin_python manual page. Based on markdown docs from
+ Robert Manner.
+ [65f2af21832d]
+
+2019-12-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c, src/limits.c:
+ Output the name of the limit when warning about setrlimit or
+ getrlimit. From Kimmo Suominen.
+ [92ed66b5cc1f]
+
+2019-12-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * aclocal.m4, config.h.in, configure:
+ regen
+ [81961af46679]
+
+ * MANIFEST:
+ Add python module files to MANIFEST
+ [f223a19117bb]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ Update SUDO_CONV_REPL_MAX in docs.
+ [120970879b36]
+
+ * Makefile.in:
+ Remove uncrustify.files in clean target
+ [ba843b8f2e80]
+
+2019-12-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, etc/uncrustify-small.cfg, etc/uncrustify.cfg,
+ indent.pro:
+ Add uncrustify config file for new sudo code style.
+ [7c3b3f733134]
+
+ * include/sudo_plugin.h:
+ Bump SUDO_CONV_REPL_MAX from 255 to 1023
+ [9127fb27eb55]
+
+ * lib/util/digest_gcrypt.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c:
+ Minor style cleanups. Remove extraneous break after return
+ statement. Convert two old K&R function declarations.
+ [19f8b7a3d2d1]
+
+2019-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/selinux.c:
+ Save/restore the raw form of the file context in case mctrans is not
+ available.
+ [786a04ba33ab]
+
+2019-12-10 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_plugin_common.c:
+ plugins/python: make group plugin able to debug
+
+ It does not get the debug settings, so it looks them up through
+ sudo_conf.
+ [fe4dbf8345b6]
+
+ * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_conf/test1.in,
+ lib/util/regress/sudo_conf/test1.out.ok,
+ lib/util/regress/sudo_conf/test2.out.ok,
+ lib/util/regress/sudo_conf/test3.out.ok,
+ lib/util/regress/sudo_conf/test4.out.ok,
+ lib/util/regress/sudo_conf/test5.out.ok,
+ lib/util/regress/sudo_conf/test6.out.ok,
+ lib/util/regress/sudo_conf/test7.out.ok,
+ lib/util/regress/sudo_conf/test8.err.ok,
+ lib/util/regress/sudo_conf/test8.in,
+ lib/util/regress/sudo_conf/test8.out.ok, lib/util/sudo_conf.c,
+ lib/util/util.exp.in, plugins/sudoers/group_plugin.c,
+ src/load_plugins.c:
+ src/load_plugins, plugins/sudoers: added developer_mode sudo.conf
+ option
+
+ It can be used to disable the enforcement that a plugin (shared
+ object or an imported python module) must be owned by root and not
+ modifiable by others. This can make plugin development easier.
+ [a9f86943d30c]
+
+2019-12-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in,
+ lib/util/getusershell.c, mkdep.pl, plugins/sudoers/check.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add runas_check_shell flag to require a runas user to have a valid
+ shell. Not enabled by default.
+ [9e7936e0ccfe]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Add a new flag "allow_unknown_runas_id" to control matching of
+ unknown IDs. Previous, sudo would always allow unknown user or group
+ IDs if the sudoers entry permitted it. This included the "ALL"
+ alias. With this change, the admin must explicitly enable support
+ for unknown IDs.
+ [ebdbb5c7f60b]
+
+2019-12-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/term.c:
+ Use cfmakeraw() in sudo_term_raw() instead of doing it manually.
+ [b8ff5f81399f]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Fix event loop called via I/O log close function. We need to set
+ events that were pending in the old base in the new one. Fixes
+ sending the final I/O log data and the ExitMessage to the server.
+ [dcba4ce2196c]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_plugin.h, src/sudo.c:
+ Replace timeleft with pending in sudo plugin event API.
+ [5f49af23af38]
+
+ * plugins/sudoers/sudoreplay.c:
+ Use sudo_ev_pending() instead of the deprecated sudo_ev_timeleft().
+ [c6cce5275f1e]
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in:
+ Add sudo_ev_pending(), used to check whether an event is pending.
+ [edcea66bda32]
+
+ * plugins/sudoers/Makefile.in:
+ Add TLS libs when linking check_iolog_plugin
+ [d84a5f5c6bc1]
+
+2019-12-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Remove extraneous newlines in some sudo_warnx() calls.
+ [d3dbf0f93372]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document log_server_cabundle, log_server_peer_cert and
+ log_server_peer_key
+ [edea4d048221]
+
+ * Merge pull request #16 from laczau/master
+
+ Proper handling of certificate chain file
+ [44939e511321]
+
+2019-12-06 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ cert files can contain the full chain of trust, so load all certs in
+ every case for verification
+ [ca26bb970ef5]
+
+2019-12-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ Sync init_session() prototype with sudo_plugin.h and fix a typo.
+ [1501cdfa8e76]
+
+2019-12-05 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_conversation.py,
+ plugins/python/example_debugging.py:
+ plugins/python: example plugin demonstrating conversation and debug
+ API
+ [e487d2240607]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in:
+ lib/util/sudo_debug.c: add a function for querying if debugging is
+ needed
+
+ for a level. Rationale: this way we can avoid computing details for
+ the log which will not happen at all if the computation is slow.
+ [d636c26d192d]
+
+2019-12-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/check.c:
+ Only update the time stamp entry after the approval function has
+ succeeded. Bug #910
+ [9b2022e6f11d]
+
+2019-12-04 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/sudo_python_debug.c,
+ plugins/python/sudo_python_debug.h:
+ plugins/python: add sudo debug helpers
+ [1d48021e86ad]
+
+2019-12-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Merge pull request #14 from sudo-project/tls-config-default-values
+
+ Audit Server - add default values for cert paths
+ [f30a48f8b5d5]
+
+2019-12-04 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
+ add default values for cert paths
+ [a76ca8a3ca9f]
+
+2019-12-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_debug.c:
+ Add reference counting to debug register/deregister. Fixes a
+ potential problem when an instance is re-registered.
+ [270e739fd0b3]
+
+ * plugins/sudoers/sudoers_debug.c:
+ Only deregister the sudoers debug instance on last close. Reference
+ count calls to sudoers_debug_register and only deregister
+ sudoers_debug_instance when refcnt reaches 0. Fixes a problem where
+ the debug system was deregistered when the sudoers policy is closed
+ even though the iolog plugin is active.
+ [2b73f3e9fc32]
+
+2019-12-02 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/python_importblocker.c:
+ plugins/python: add ImportBlocker which forbids loading unsafe
+ python modules
+
+ If non root can alter any imported python modules, he is able to run
+ anything he would like to as root user. This class is a helper to
+ avoid such situation.
+
+ This feature can be disabled with 'DeveloperMode=1' plugin option.
+ [26be6228724f]
+
+2019-11-28 Laszlo Orban <laszlo.orban@quest.com>
+
+ * plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
+ implement tls layer in iolog plugin
+ [c25837909952]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
+ process tls config options
+ [510fdfd39d71]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in:
+ add audit server tls related configuration options to sudoers
+ [f4135025ff1d]
+
+ * plugins/sudoers/Makefile.in:
+ optionally link sudoers with openssl libs
+ [750f87200eab]
+
+2019-11-27 Laszlo Orban <43516882+laczau@users.noreply.github.com>
+
+ * logsrvd/logsrvd.c:
+ Merge pull request #11 from sudo-project/audit-server-tls-async
+
+ Sudo audit Server - TLS protocol update
+ [923f6d914ec5]
+
+2019-11-26 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ disable timeout for the reader after ServerHello message
+ [e579450aafa1]
+
+2019-11-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Exit if the first call to logsrvd_conf_read() fails. It is not fatal
+ if subsequent calls fail (due to SIGHUP) since we keep a copy of the
+ old config before installing the new one.
+ [c20866ea9d03]
+
+ * Makefile.in, plugins/sudoers/Makefile.in:
+ Add some missing files to "make clean" and "make distclean"
+ [d1b559e9e1ab]
+
+ * .gitignore, .hgignore:
+ Update .hgignore and convert to .gitignore
+ [c8b92b55e74a]
+
+2019-11-22 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ use event timeout instead of socket timeout
+ [5c72d1d18aec]
+
+ * logsrvd/sendlog.c, logsrvd/sendlog.h:
+ adapt sudo sendlog (async communication, unencrypted ServerHello
+ message)
+ [0269d852f6c6]
+
+ * logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ ServerHello message is now unencrypted, TLS communication has been
+ refactored to full async
+ [d138cbe2253e]
+
+ * include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
+ lib/logsrv/log_server.proto, logsrvd/logsrvd.c:
+ extend ServerHello message with two fields (tls, tls_checkpeer)
+ [6d7965d29cd4]
+
+2019-11-21 Robert Manner <robert.manner@balabit.com>
+
+ * Makefile.in:
+ Makefile.in: fix calling log2cl when doing out of source build
+
+ If doing build out of source and not calling configure by absolute
+ path, $(top_srcdir) variable will contain a path relative to the
+ directory we stand in. So, after changing the current directory "cd
+ $(srcdir)", this path will point to somewhere else making the
+ install step fail.
+ [58a22fce613f]
+
+ * plugins/python/python_baseplugin.c,
+ plugins/python/python_convmessage.c,
+ plugins/python/sudo_python_module.c,
+ plugins/python/sudo_python_module.h:
+ plugins/python: add a sudo python module
+ [c512c48170ae]
+
+2019-11-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ plugins/sudoers/policy.c, src/sudo.c:
+ For plugin API 1.15 and up, always call the plugin close function.
+ Previously, it was only called when a command was run (including
+ sudoedit). Now, plugin operations list, validate, invalidate, and
+ show_version are also closed.
+ [6cdcb5624908]
+
+2019-11-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_client.c:
+ Avoid NULL deref on an error path if calloc() fails. Coverity CID
+ 205873
+ [bad732813149]
+
+ * src/conversation.c:
+ Fix potential fd leak when converting trailing newline to cr + nl.
+ Coverity CID 205872
+ [4597abb8ee1f]
+
+ * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
+ examples/sudo_logsrvd.conf:
+ Document the process of creating self-signed certificates for
+ sudo_logsrvd. Based on a document from Laszlo Orban.
+ [0be730e58f17]
+
+ * plugins/group_file/plugin_test.c:
+ Sync with argument handling in group_plugin.c
+ [937475aa2c3f]
+
+ * plugins/sudoers/group_plugin.c:
+ If a group plugin has optional arguments, NULL terminate the vector.
+ Otherwise, the plugin cannot determine the end of arguments. The
+ behavior now matches the plugin documentation.
+ [51e02f75a447]
+
+2019-11-19 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/example_group_plugin.py:
+ plugins/python: add example python group plugin
+ [9f9d7cc2d5db]
+
+ * plugins/python/example_policy_plugin.py:
+ plugins/python: add example python policy plugin
+ [6cc0d47edae0]
+
+ * plugins/python/example_io_plugin.py:
+ plugins/python: add example io python plugin
+ [d22532c34748]
+
+2019-11-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/sudo.c:
+ If there is no session or terminal group ID, pass the plugin a value
+ of 0. This behavior already matches what is documented in the
+ sudo_plugin manual for "sid" but the "tcpgid" entry needed to be
+ updated.
+ [2d720153c4cf]
+
+ * plugins/sudoers/sudoers.c:
+ Don't touch the local iolog sequence file if we are logging remotely
+ [3c5dc60a9d11]
+
+ * plugins/sudoers/iolog_client.c:
+ Plug a memory leak found by leak sanitizer
+ [13aac57d0506]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
+ plugins/sudoers/iolog_plugin.h:
+ Make a shallow copy of user_env in I/O plugin in case it is
+ reallocated. The policy plugin's session init function may
+ reallocate the user environment pointer. Fixes a use after free when
+ PAM is used.
+ [3eb35dac2743]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/policy.c:
+ Rename "log_server" in sudoers to "log_servers" to match I/O plugin.
+ [1dbe79c18760]
+
+2019-11-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/logsrvd.c:
+ Check closure->ssl for non-NULL instead of
+ logsrvd_conf_get_tls_opt(). It's a little more obvious this way and
+ ssl is only non-NULL when the tls option is enabled anyway.
+ [3436430c064b]
+
+ * logsrvd/logsrvd.c:
+ Init iolog_dir_fd and sock in connection_closure before adding to
+ list. Otherwise we could close the wrong fds in the error path.
+ [1643211f8b46]
+
+ * doc/CONTRIBUTORS:
+ Add Laszlo Orban
+ [2836214cd4b8]
+
+2019-11-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_logsrvd.conf.man.in:
+ regen
+ [4a44bfc42b4b]
+
+ * doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf:
+ Change TLS example file locations to be under /etc/ssl/sudo.
+ [f4c302a3bcb9]
+
+ * doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf:
+ Document sudo_logsrvd TLS configuration.
+ [97260e6acfaf]
+
+2019-11-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_event.h:
+ Include time.h for struct timespec.
+ [8bd80773d0fa]
+
+ * lib/util/util.exp.in:
+ Add sudo_ev_set_v1 to the exports file.
+ [fd6b66378e5d]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document the log_server and log_server_timeout options
+ [7d7429b73d25]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h,
+ plugins/sudoers/policy.c, src/exec_nopty.c, src/exec_pty.c,
+ src/sudo.c:
+ Add support for logging to the log server
+ [158a8e80faab]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_event.h, include/sudo_plugin.h, lib/util/event.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/Makefile.in,
+ src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
+ src/load_plugins.c, src/preload.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Add a plugin interface to sudo main event loop.
+ [123662f454da]
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h,
+ lib/logsrv/Makefile.in, lib/logsrv/log_server.pb-c.c,
+ lib/logsrv/log_server.proto, lib/logsrv/protobuf-c.c,
+ logsrvd/Makefile.in, logsrvd/log_server.pb-c.c,
+ logsrvd/log_server.pb-c.h, logsrvd/log_server.proto,
+ logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h:
+ Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to
+ lib/logsrv
+ [6772a775471f]
+
+ * lib/util/event.c:
+ When freeing an event base, reset ev->base to NULL for associated
+ events.
+ [7199d3967059]
+
+ * logsrvd/logsrvd_conf.c:
+ Move cb_timeout() out from under the HAVE_OPENSSL ifdef.
+ [c7fc294ce21a]
+
+ * INSTALL, config.h.in, configure, configure.ac, logsrvd/Makefile.in,
+ logsrvd/logsrvd.c:
+ LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites().
+ Add a configure test and skip TLS 1.3 setup if it is missing. We
+ still accept the tls_ciphers13 config setting but it will be
+ ignored.
+ [06d478442971]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Minor style nits that I missed during review.
+ [7209ccc5a3cf]
+
+ * logsrvd/sendlog.c:
+ Avoid calling SSL_CTX_free() on an uninitialized pointer in an error
+ path.
+ [2df423e30773]
+
+ * Merge pull request #9 from sudo-project/audit-server-tls-support
+
+ Audit server tls support
+ [0aded6c1deec]
+
+2019-11-13 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/Makefile.in, logsrvd/sendlog.c:
+ update sudo_sendlog to support openssl tls
+ [ab4be8367862]
+
+2019-11-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/limits.c:
+ Simplify resource limit fallback logic a bit.
+ [cdab60b50079]
+
+2019-11-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/CONTRIBUTORS:
+ Add sudo logo designers
+ [94c841c8bc28]
+
+ * src/limits.c:
+ Don't set the RLIMIT_STACK soft/hard limits to unlimited. Use 8Mb
+ for soft and 64Mb for hard. Works around issues on macOS and docker.
+ See also Bug #908
+ [1d7f52c32360]
+
+ * src/tgetpass.c:
+ Restore resource limits before executing the askpass program. Linux
+ with docker seems to have issues executing a program when the stack
+ size is unlimited. Bug #908
+ [28cb58a5ac94]
+
+ * src/conversation.c:
+ Check for replies pointer being NULL just in case.
+ [7c0c4c6b001e]
+
+2019-11-11 Laszlo Orban <laszlo.orban@quest.com>
+
+ * examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ set timeout value for the socket
+ [e884292ab6c9]
+
+2019-11-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/conversation.c:
+ Convert trailing newline to carriage return + newline for tty. Does
+ not currently handle embedded newlines.
+ [ad195e045150]
+
+2019-11-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/fatal.c:
+ Only write a carriage return if output is to a tty.
+ [f605335649ea]
+
+ * lib/util/fatal.c:
+ Include a carriage return when printing warning messages. Otherwise,
+ if the command is running in a pty the output is stair-stepped.
+ [f23d4f0ed902]
+
+2019-11-08 Laszlo Orban <laszlo.orban@quest.com>
+
+ * configure, logsrvd/Makefile.in, logsrvd/logsrvd.c,
+ logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ make audit server openssl dependency optional; tls layer is compiled
+ only if sudo is built with --enable-openssl feature switch
+ [c360a34c89c0]
+
+2019-11-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/util.exp.in:
+ Add sudo_parse_host_port_v1 and sudo_pow2_roundup_v1 to exports
+ file.
+ [e8b529115871]
+
+2019-11-07 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ fixed segfault when connection_closure_free() tries to remove a non-
+ existent connection object from the list
+ [4d6dd38d59f6]
+
+2019-11-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/closefrom.c:
+ Fix typo in closefrom emulation.
+ [b23a6c512d4a]
+
+ * plugins/sudoers/env.c:
+ Do not warn about a missing /etc/environment file on Linux without
+ PAM. Bug #907
+ [f85ff5ee2caf]
+
+2019-11-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c:
+ Transparently handle the "sudo sudoedit" problem. Some admin are
+ confused about how to give users sudoedit permission and many users
+ try to run sudoedit via sudo instead of directly. If the user runs
+ "sudo sudoedit" sudo will now treat it as plain "sudoedit" after
+ issuing a warning. If the admin has specified a fully-qualified path
+ for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
+ match accordingly. In visudo (but not sudo), a fully-qualified path
+ for sudoedit is now treated as an error.
+ [5cdcfd9a6c33]
+
+ * logsrvd/iolog_writer.c, logsrvd/sendlog.c:
+ Rename cwd -> submitcwd to match man page.
+ [bc9ea396055a]
+
+2019-11-05 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ verify server/client certs with CA certificate chain file
+ [a177af7d7bbf]
+
+2019-11-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, lib/util/Makefile.in, lib/util/host_port.c,
+ lib/util/regress/host_port/host_port_test.c:
+ Add unit test for parse_host_port and make an empty port an error.
+ [b6b895cdc010]
+
+2019-11-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/host_port.c:
+ Fill in host and port pointers on success.
+ [794368ebd367]
+
+2019-11-04 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ fix copy-paste mistake
+ [2fe897c77485]
+
+2019-11-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/host_port.c, logsrvd/logsrvd_conf.c:
+ Split out code to parse host:port into a utility function.
+ [d8331e72394d]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/roundup.c, logsrvd/logsrv_util.c, logsrvd/logsrv_util.h,
+ logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util.
+ [791f5c353ef1]
+
+ * lib/iolog/Makefile.in, logsrvd/Makefile.in:
+ Add missing depend target
+ [75107bcfff3d]
+
+ * lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ We haven't needed -I$(top_srcdir) for a long time.
+ [6974ea4a6c8c]
+
+ * lib/util/closefrom.c:
+ In closefrom_fallback() use the interval [OPEN_MAX, INT_MAX]. We
+ want to try closing at least OPEN_MAX fds but no more than INT_MAX.
+ On 64-bit systems it is possible for sysconf(_SC_OPEN_MAX) to return
+ a value larger than INT_MAX when the number of open files is
+ unlimited.
+ [08d6fea1c894]
+
+ * plugins/sudoers/logging.c, src/exec_monitor.c, src/selinux.c,
+ src/tgetpass.c:
+ Use dup3() instead of dup2(). This is less error prone since dup3()
+ returns an error if old == new. Sudo guarantees that fds 0-2 are
+ already open.
+ [a9ffaa8a8a55]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/dup3.c,
+ mkdep.pl:
+ Add dup3() emulation.
+ [7bd8864dee7e]
+
+ * plugins/sudoers/logging.c, src/exec_monitor.c, src/exec_pty.c,
+ src/tgetpass.c:
+ Open all pipes using pipe2() with O_CLOEXEC. We no longer depend on
+ calling closefrom() before exec.
+ [176ae5cf1d94]
+
+ * src/exec.c, src/tgetpass.c:
+ Call closefrom() before we change to a non-root UID. This prevents
+ another process from changing the NOFILE resource limit of the child
+ process and defeating the closefrom() call. Reported by Joe Vennix
+ from Apple Information Security.
+ [f93d52b24976]
+
+ * MANIFEST, logsrvd/Makefile.in:
+ Regenerate Makefile and sort MANIFEST
+ [24664d6c9d47]
+
+2019-11-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in:
+ Reference timestamp_type and timestamp_timeout in sudoers. This
+ should help users find details on how time stamp files work.
+ [d5aa7c0b404c]
+
+2019-10-31 Laszlo Orban <laszlo.orban@quest.com>
+
+ * logsrvd/logsrvd.c:
+ process tls config params in the audit server and establish TLS
+ connection accordingly
+ [33ce32c140af]
+
+2019-10-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/limits.c:
+ macOS does not allow rlim_cur to be set to RLIM_INFINITY for
+ RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
+ setrlimit manual. Bug #904
+ [2a00e62eaeb0]
+
+2019-10-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in:
+ Fix ChangeLog generation on a branch.
+ [69409e5b1179]
+
+2019-10-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * logsrvd/sendlog.c:
+ Remove unused copy of iolog_seekto().
+ [1d730d414cd9]
+
+2019-10-25 Laszlo Orban <laszlo.orban@quest.com>
+
+ * examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ add configuration options for TLS
+ [291a9986d6e9]
+
+2019-10-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, doc/Makefile.in, doc/sudo_logsrv.proto.man.in,
+ doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in,
+ doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf,
+ logsrvd/iolog_writer.c:
+ Document the sudo log server protocol
+ [46de0934987c]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c:
+ Read logsrvd.conf in two steps: first read, then apply if OK. This
+ fixes a problem where when logsrvd.conf was reloaded while running
+ (due to SIGHUP) and there was an error we could end up with a
+ partial config.
+ [d3244c318c5b]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_util.c,
+ lib/iolog/regress/iolog_util/check_iolog_util.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/sendlog.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoreplay.c:
+ Add iolog_ prefix to exported functions in iolog_util.c
+ [62027c8e1abd]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Simplify iolog_set_user and iolog_set_group
+ [e82c5078b02c]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/fchmodat.c,
+ lib/util/fstatat.c, mkdep.pl:
+ Add fchmodat() and fstatat() emulation. Note that fchmodat()
+ emulation does not support AT_SYMLINK_NOFOLLOW
+ [8232c22e71c7]
+
+ * doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c:
+ Clear the write bit on the timing file for completed logs. This
+ allows us to tell whether or not a log can be restarted.
+ [b2180b6ef53b]
+
+ * logsrvd/logsrvd.c:
+ Redirect std{in,out,err} to /dev/null even when given the -n option.
+ [376186a8d9cc]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_path.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_path/data, logsrvd/iolog_writer.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/sudoers.c:
+ Simplify expand_iolog_path()
+ [4f0f85f659d1]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [e268d56da49c]
+
+ * examples/sudo_logsrvd.conf, include/sudo_iolog.h,
+ lib/iolog/iolog_fileio.c, logsrvd/Makefile.in, logsrvd/logsrvd.c,
+ logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
+ Make the logsrvd port and list address configurable.
+ [69d73358888d]
+
+ * Makefile.in, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c:
+ Mark logsrvd and sendlog strings for translation in the sudoers
+ domain
+ [24b1fd6250fb]
+
+ * logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Add long option support to logsrvd and sendlog.
+ [ecb2fae83abb]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
+ Return an error to the client on error instead of dropping the
+ connection.
+ [2e40ca902100]
+
+ * examples/sudo_logsrvd.conf, logsrvd/logsrvd_conf.c:
+ Convert sudo_logsrvd.conf to ini file format
+ [91dff03d0795]
+
+ * MANIFEST, examples/sudo_logsrvd.conf, include/sudo_util.h,
+ lib/util/Makefile.in, lib/util/logfac.c, lib/util/logpri.c,
+ lib/util/util.exp.in, logsrvd/Makefile.in, logsrvd/eventlog.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c:
+ Add basic support for event logging using a sudo-style log format.
+ [eb6aa3672e6f]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Add OpenBSD malloc options.
+ [a0d79af0c430]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/buffer.c, logsrvd/buffer.h,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Allow messages up to 2Mb in size.
+ [af79754aaf53]
+
+ * MANIFEST, configure, configure.ac, doc/Makefile.in,
+ doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+ doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
+ doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
+ examples/sudo_logsrvd.conf, m4/sudo.m4:
+ Add manual pages for logsrvd and sendlog.
+ [f437259d81ae]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c:
+ Add restart support for compresses I/O logs.
+ [1191fac5ff52]
+
+ * logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Fix client side of restart. Seek to the target point there too so we
+ start sending from the right place.
+ [403bf22a6dad]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_util.c,
+ logsrvd/iolog_writer.c, logsrvd/sendlog.c,
+ plugins/sudoers/sudoreplay.c:
+ Move read_timing_record() into libsudo_iolog
+ [65a984f7fa7a]
+
+ * MANIFEST, lib/iolog/iolog_fileio.c, logsrvd/Makefile.in,
+ logsrvd/buffer.c, logsrvd/buffer.h, logsrvd/iolog_writer.c,
+ logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Rename buffer.c -> logsrv_util.c and add iolog_seekto()
+ [0ff1a6fdaecd]
+
+ * logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Fix some warnings from the clang static analyzer.
+ [95de486cfb65]
+
+ * logsrvd/sendlog.c:
+ Fix Coverity CID 204353, fd leak on error path.
+ [3519d910c777]
+
+ * logsrvd/logsrvd_conf.c:
+ Fix Coverity CID 204355, resource leak on error path.
+ [c5c50c6bae16]
+
+ * lib/iolog/iolog_fileio.c:
+ Avoid TOCTOU in iolog_mkdirs; Coverity CID 204356
+ [0c8679a731f5]
+
+ * lib/util/mkdir_parents.c:
+ Avoid TOCTOU in sudo_mkdir_parents; Coverity CID 204357
+ [e9eeae60dff2]
+
+ * logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h,
+ logsrvd/log_server.proto:
+ Add NumberList to InfoMessage. Also make comments fit in 80 columns
+ when formatted as a man page.
+ [fd7af0bb2477]
+
+ * configure, configure.ac, include/sudo_rand.h, logsrvd/Makefile.in,
+ logsrvd/logsrvd.c:
+ Command line option processing for logsrvd
+ [0f2248532960]
+
+ * MANIFEST, examples/sudo_logsrvd.conf, logsrvd/Makefile.in,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/logsrvd_conf.c, pathnames.h.in:
+ Add config file support for logsrvd
+ [4e643a95c88b]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/mkdir_parents.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/mkdir_parents.c,
+ plugins/sudoers/sudoers.h:
+ Move mkdir_parents to libsudo_util.
+ [3f540eb94282]
+
+ * MANIFEST, Makefile.in, configure, configure.ac,
+ include/sudo_iolog.h, include/sudo_util.h, lib/iolog/Makefile.in,
+ lib/iolog/iolog_fileio.c, lib/iolog/iolog_path.c,
+ lib/iolog/iolog_util.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ lib/iolog/regress/iolog_path/data,
+ lib/iolog/regress/iolog_util/check_iolog_util.c,
+ lib/util/sudo_conf.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ logsrvd/sendlog.c, logsrvd/sendlog.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog.h, plugins/sudoers/iolog_files.h,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_path_escapes.c,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, src/sudo.h:
+ Refactor code in sudoers that creates I/O log files to share with
+ logsrvd.
+ [3aa1fa95650d]
+
+ * Makefile.in, include/sudo_iolog.h, lib/iolog/iolog_path.c,
+ lib/iolog/regress/iolog_path/check_iolog_path.c,
+ logsrvd/iolog_writer.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
+ plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/sudoers.c:
+ Enable sudo_logsrvd.conf settings.
+ [8e7b37d1d2a9]
+
+ * include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
+ lib/iolog/iolog_util.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoreplay.c:
+ Use openat(2) when opening files in the I/O log directory.
+ [1ab2e278e1d9]
+
+ * logsrvd/Makefile.in, sudo.pp:
+ Add sudo_ prefix to logsrvd and sendlog.
+ [acbaed157ae5]
+
+ * logsrvd/iolog_writer.c, logsrvd/log_server.pb-c.c,
+ logsrvd/log_server.pb-c.h, logsrvd/log_server.proto,
+ logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
+ logsrvd/sendlog.h:
+ Rename ExecMessage -> AcceptMessage and add RejectMessage
+ [a080c4eb7c4b]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/openat.c, lib/util/unlinkat.c,
+ src/sudo_edit.c:
+ Move openat() emulation to lib/util and at unlinkat() emulation.
+ [756ace7fdf38]
+
+ * logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c:
+ Add debugging for logsrvd and sendlog
+ [4c86dbceb611]
+
+ * MANIFEST, doc/LICENSE, logsrvd/Makefile.in,
+ logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h:
+ Import protobuf-c source since to avoid an external dependency. The
+ files generated with protoc-c are not standalone. We need to include
+ protobuf-c.c and protobuf-c.h from the protobuf-c distribution too.
+ Building protoc-c requires a relative recent version of gcc which
+ limits its portability.
+ [0ea50a59cab7]
+
+ * logsrvd/Makefile.in, logsrvd/iolog_writer.c, logsrvd/logsrvd.c,
+ logsrvd/logsrvd.h, logsrvd/sendlog.c, logsrvd/sendlog.h:
+ Add support for restarting I/O log transfers.
+ [748e8f4f7fec]
+
+ * MANIFEST, Makefile.in, configure, configure.ac, logsrvd/Makefile.in,
+ logsrvd/iolog.h, logsrvd/iolog_reader.c, logsrvd/iolog_writer.c,
+ logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h,
+ logsrvd/log_server.proto, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, logsrvd/sendlog.h, sudo.pp:
+ Import proof of concept sudo log server.
+ [a0687ba66feb]
+
+ * MANIFEST, logsrvd/Makefile.in, logsrvd/iolog.h,
+ logsrvd/iolog_reader.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
+ logsrvd/sendlog.c, logsrvd/sendlog.h, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/iolog.h,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/sudoreplay.c:
+ Refactor I/O log code so it can be shared between sudoers and
+ logsrvd
+ [b6608769ba8a]
+
+ * lib/util/strtonum.c:
+ Avoid invalid read when minval > maxval
+ [7f1a6f992e4f]
+
+2019-10-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, plugins/sudoers/policy.c, src/sudo.c:
+ Don't pass an invalid session or process group ID to the plugin.
+ Fixes a regression in 1.8.28 when there is no terminal session
+ leader.
+ [d9c626167b3c]
+
+2019-10-22 Robert Manner <robert.manner@balabit.com>
+
+ * plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
+ plugins/python/pyhelpers_cpychecker.h,
+ plugins/python/python_plugin_common.c,
+ plugins/python/python_plugin_common.h,
+ plugins/python/python_plugin_group.c,
+ plugins/python/python_plugin_io.c,
+ plugins/python/python_plugin_policy.c:
+ plugins/python: a plugin which can load policy/io plugin written in
+ python
+ [2c7620c8052f]
+
+ * Makefile.in, configure.ac, plugins/python/Makefile.in:
+ Makefile.in, configure.ac: add python plugin build
+ [09b305e2cd54]
+
+2019-10-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [70f4543f177c]
+
+ * src/limits.c:
+ Not all systems support RLIMIT_NPROC and RLIMIT_RSS
+ [26b8e2afe755]
+
+ * doc/Makefile.in, examples/Makefile.in, include/Makefile.in,
+ lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Add depend target to all Makefile.in files.
+ [0a22d80ef716]
+
+ * NEWS, configure, configure.ac, doc/UPGRADE:
+ Sudo 1.8.29
+ [736c9a5c3720]
+
+ * MANIFEST, lib/util/Makefile.in, src/Makefile.in, src/exec.c,
+ src/limits.c, src/sudo.c, src/sudo.h:
+ Set resource limits in the sudo process to unlimited. We don't want
+ sudo to be limited by the caller's resource limits. The original
+ resource limits are restore before session setup.
+ [6c3bf214caf0]
+
+2019-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/starttime.c, src/ttyname.c:
+ Older FreeBSD needs sys/param.h included before sys/user.h. From
+ Darren Tucker
+ [88c060df0439]
+
+ * include/sudo_util.h, lib/util/getgrouplist.c, lib/util/gidlist.c,
+ lib/util/regress/strtofoo/strtoid_test.c, lib/util/strtoid.c,
+ lib/util/util.exp.in, plugins/group_file/getgrent.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/sudo.c:
+ Rename sudo_strtoid() to sudo_strtoidx() and add simplified
+ sudo_strtoid()
+ [94a418cdbae6]
+
+2019-10-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/UPGRADE, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/testsudoers.c, src/exec.c:
+ Refer to user-ID and group-ID instead of "user ID" and "group ID"
+ [36d7bd4ab52d]
+
+2019-10-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ sudoedit doesn't create a new PAM session so PAM umask does not
+ apply.
+ [8ae167d0ae7c]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, include/sudo_plugin.h,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/exec.c, src/sudo.c, src/sudo.h:
+ Change how the umask is handled with PAM and login.conf. If the
+ umask is explicitly set in sudoers, use that value regardless of
+ what is in PAM or login.conf. If using the default umask from
+ sudoers, allow PAM or login.conf to override it. Bug #900
+ [7c0a835ac512]
+
+2019-10-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/audit.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.c:
+ Add log_allowed and log_denied sudoers flags, defaulting to true.
+ [fb1e188a3d05]
+
+ * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
+ Enable security auditing malloc options for "make check".
+ [333632dd3134]
+
+2019-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Be more consistent with how we talk about sudoers Defaults settings.
+ Use "flag" not "option" when referring to boolean flags. Use
+ "setting" in place of "Defaults setting" in most places. Use "the
+ foo option" instead of "sudo's foo option" for command line options.
+ [8058378c4b35]
+
+ * plugins/sudoers/Makefile.in:
+ No need to check existing sudoers file when installing to DESTDIR
+ This check can cause problems on systems where /etc/sudoers.d is not
+ readable.
+ [2ec01e9fe408]
+
+ * lib/util/str2sig.c:
+ Inclue sudo_util.h to get sudo_strtonum() prototype.
+ [8b0b4ee28d5f]
+
+ * lib/util/str2sig.c:
+ strtonum -> sudo_strtonum
+ [4d2363678583]
+
+ * MANIFEST:
+ Add split out strtofoo tests.
+ [0cc598502faf]
+
+ * lib/util/strtonum.c:
+ Make sure we don't go past the end of the string when out of range.
+ [2b89961c524a]
+
+ * lib/util/regress/strtofoo/strtonum_test.c, lib/util/strtonum.c:
+ Fix stronum() regress test and the errno value for out of range
+ numbers.
+ [3547d022bead]
+
+ * lib/util/Makefile.in, lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/strtofoo/strtobool_test.c,
+ lib/util/regress/strtofoo/strtoid_test.c,
+ lib/util/regress/strtofoo/strtomode_test.c,
+ lib/util/regress/strtofoo/strtonum_test.c:
+ Split atofoo.c regress into multiple tests.
+ [75b7547e33bd]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.28p1
+ [09ceaddc94f9]
+
+2019-10-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c:
+ The fix for bug #869 broke "sudo -v" when verifypw=all (the default)
+ [aac35bcd8584]
+
+2019-10-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/closefrom.c, lib/util/getaddrinfo.c, lib/util/strtonum.c,
+ lib/util/sudo_conf.c, lib/util/ttysize.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ src/parse_args.c, src/sesh.c, src/sudo.c, src/ttyname.c:
+ Use sudo_strtonum() explicitly instead of via a macro.
+ [f75f786eddd5]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/Makefile.in, lib/util/strtoid.c, lib/util/strtonum.c,
+ lib/util/util.exp.in, mkdep.pl:
+ Always use our own strtonum and implement sudo_strtoid in terms of
+ it.
+ [94b1114ef79d]
+
+ * plugins/sudoers/pwutil.c:
+ Use errno in warning when sudo_make_*_item() fails. Previously we
+ always said "out of memory" if not ENOENT.
+ [68e5a208c242]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/parse_ldif.c,
+ plugins/sudoers/regress/cvtsudoers/test26.err.ok,
+ plugins/sudoers/regress/cvtsudoers/test26.sh:
+ Reject non-LDIF input when converting from LDIF to sudoers or JSON.
+ [2d08d4aa0e01]
+
+2019-10-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/da.mo,
+ plugins/sudoers/po/el.mo, plugins/sudoers/po/eu.mo,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fur.mo,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hu.mo,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/lt.mo,
+ plugins/sudoers/po/nl.mo, plugins/sudoers/po/ru.mo,
+ plugins/sudoers/po/sk.mo, plugins/sudoers/po/sl.mo,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/tr.mo,
+ plugins/sudoers/po/zh_CN.mo, po/ast.mo, po/ca.mo, po/es.mo,
+ po/eu.mo, po/fi.mo, po/fur.mo, po/gl.mo, po/hr.mo, po/hu.mo,
+ po/ko.mo, po/nl.mo, po/nn.mo, po/ru.mo, po/sk.mo, po/sl.mo,
+ po/sr.mo, po/sudo.pot, po/vi.mo, po/zh_CN.mo:
+ regen
+ [362645d256b7]
+
+ * NEWS, lib/util/strtoid.c:
+ Treat an ID of -1 as invalid since that means "no change". Fixes
+ CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+ [83db8dba09e7]
+
+ * lib/util/regress/atofoo/atofoo_test.c,
+ plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Add sudo_strtoid() tests for -1 and range errors. Also adjust
+ testsudoers/test5 which relied upon gid -1 parsing.
+ [db06a8336c09]
+
+2019-10-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, configure, configure.ac:
+ Back out compiler override for now.
+ [f03f7fd7ff8b]
+
+ * configure, configure.ac:
+ Only prefer clang over gcc on BSD systems.
+ [2309baa23a00]
+
+2019-10-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in:
+ Fix "make pvs-studio" run in a build dir
+ [a49635de3777]
+
+2019-09-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [430d45f3b461]
+
+ * NEWS:
+ Bug #898
+ [3d07895888e8]
+
+ * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
+ src/selinux.c, src/sudo.c, src/sudo.h:
+ Fix restoring the file context of the user's tty with SELinux. Also
+ fix broken tty labeling when running a command in a pty. Includes a
+ fix for a typo introduced in the last change set.
+ [eb3f547b08f8]
+
+ * lib/util/arc4random.c:
+ _rs_random_buf is currently unused
+ [e384fc3625e8]
+
+ * src/selinux.c:
+ Add some debugging around context setting and tty labeling Also be
+ more extact with error return values
+ [ed66480282c7]
+
+2019-09-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sudo_debug.c:
+ Better error message when debug log file cannot be opened.
+ [09e0cdff0c49]
+
+2019-09-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgignore:
+ Ignore in-tree build directory.
+ [66577c63f097]
+
+ * configure, configure.ac:
+ Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred
+ compiler.
+ [6a318eeffb30]
+
+2019-09-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * pp:
+ Update Polypkg to the latest version from git.
+ [68bbecc25007]
+
+ * configure, configure.ac:
+ If no mandoc or nroff is present, install mdoc format manuals. If
+ there is no installed nroff/mandoc they will need to install groff
+ or heirloom doctools to format the manual pages.
+ [6dd386c1a378]
+
+2019-09-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h:
+ Refer to number of terminal lines, not rows, for consistency.
+ [566e3e38058f]
+
+2019-09-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * INSTALL, configure, configure.ac:
+ Prefer clang over gcc. We want to use clang on systems where clang
+ is the system compiler. It is less common to have clang installed on
+ systems where gcc is the system compiler.
+ [d29d764a4938]
+
+ * INSTALL:
+ No longer need bypass_last_login on HP-UX, warnings work with clang.
+ Also add deb package names for pam and ldap devel on Linux.
+ [6aff480b1f4b]
+
+ * src/parse_args.c:
+ Silence a warning from clang about string concatenation.
+ [cadba1a4d86d]
+
+2019-09-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, doc/UPGRADE:
+ sudoedit umask fix
+ [4bfc0e393e2a]
+
+2019-09-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/event.c:
+ Fix sorting of the time-based event queue.
+ [f12e5a877c8a]
+
+ * lib/util/event.c:
+ Support default base in got_exit, got_break, loopexit, loopbreak,
+ loopcontinue
+ [da02194b5ba9]
+
+2019-09-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_edit.c:
+ Create new files with the umask specified in sudoers.
+ [4d0b6152834b]
+
+2019-09-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse_ldif.c:
+ More case-insensitive compare for LDAP attributes and string lists.
+ Only the ALL keyword should be compared case-sensitive.
+ [87cd688b2648]
+
+2019-08-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo.h:
+ Enable asserts for Coverity too.
+ [b830f200a8bd]
+
+ * src/parse_args.c, src/sudo.h:
+ Add asserts() to avoid static analyzer false positives.
+ [860aca50028d]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Plug memory leak on malloc failure.
+ [1b35743703d4]
+
+ * plugins/sudoers/ldap_util.c:
+ Plug memory leak on malloc failure.
+ [c2257637d659]
+
+2019-08-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/pam.c:
+ Add sudo_pam_strerror(), like pam_strerror() but never returns NULL.
+ It also uses strerror(errno) for PAM_SYSTEM_ERR.
+ [b070d1702112]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_start() fails, display the PAM error using pam_strerror(). It
+ is legal to pass pam_strerror() a NULL handle.
+ [6403fa1479d8]
+
+2019-08-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ If the sudoreplay ID option is a fully-qualified path, use it
+ directly. Previously, one had to use the -d option to override the
+ I/O log directory.
+ [9fddb3ffc760]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [f70579d2972b]
+
+ * MANIFEST, doc/sudo.conf.man.in.sed:
+ Add conditional for sesh path in sudo.conf manual.
+ [93b5c6fcf8f4]
+
+2019-08-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Bug #895
+ [d69984bccd0e]
+
+ * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/check.c, plugins/sudoers/sudo_printf.c,
+ src/conversation.c:
+ Use the SUDO_CONV_PREFER_TTY flag during authentication. This
+ prevents the password and PAM prompts from being redirected. Bug
+ #895
+ [546082c674b7]
+
+2019-08-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * mkpkg:
+ Fix typo that prevented a missing linux audit lib from being
+ detected.
+ [b9412151615d]
+
+2019-08-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoreplay.c:
+ Use fputs(), not printf() for plain strings.
+ [b102ae1cb6da]
+
+ * NEWS:
+ Recent fixes.
+ [8249e98a05c8]
+
+ * plugins/sudoers/ldap.c:
+ Add user ID to the search filter when matching sudoUser. We already
+ support group IDs but the user ID was missing. From
+ sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7.
+ [3da7b9f990be]
+
+ * plugins/sudoers/regress/sudoers/test2.json.ok,
+ plugins/sudoers/regress/sudoers/test2.toke.ok,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix parsing of double-quoted Defaults bindings that start with % or
+ +. From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-
+ values.patch in RHEL 7.
+ [df613e67ef45]
+
+ * src/exec.c:
+ Restore core dump resource limit before the PAM session module is
+ run. Otherwise, we may override the limits set by PAM. Bug #894
+ [f35441098234]
+
+2019-08-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/sig2str.c, lib/util/str2sig.c:
+ sys_signame on macOS contains lower-cases names
+ [d7af71311b3d]
+
+ * MANIFEST, configure, configure.ac, lib/util/Makefile.in,
+ lib/util/regress/strsig/strsig_test.c:
+ Add regress tests for str2sig() and sig2str().
+ [fb73303699fb]
+
+ * lib/util/str2sig.c:
+ SIGIOT and SIGABRT are aliases on BSD systems.
+ [d35f75aba04a]
+
+ * lib/util/sig2str.c, lib/util/str2sig.c:
+ Fix handling of real-time signals.
+ [39066a5eabcb]
+
+2019-08-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ ipa_hostname fix
+ [54245ed09830]
+
+2019-08-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/file.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c:
+ Fix special handling of ipa_hostname that was lost in sudo 1.8.24.
+ We now include the long and short hostname in sudo parser container.
+ [b4f31dbe3109]
+
+2019-08-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_event.h:
+ Remove unused include file.
+ [0731078e72b1]
+
+2019-08-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, doc/UPGRADE:
+ Mention I/O log signal change in NEWS and UPGRADE files.
+ [ac7969640146]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/ast.mo,
+ plugins/sudoers/po/ast.po:
+ Asturian translation for sudoers from translationproject.org.
+ [4f011f10129e]
+
+ * mkdep.pl:
+ Check source dir if source file is not listed in MANIFEST.
+ Previously, we just used the file name without $(srcdir).
+ [cd17ca929217]
+
+ * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in,
+ lib/util/str2sig.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_util.c:
+ Store signal name, not number in I/O log timing file. The "SIG"
+ prefix is not used so, e.g. SIGTERM -> "TERM". This makes the I/O
+ log files portable from one system to another. Older I/O log files
+ with signal numbers can still be replayed.
+ [5652f831b715]
+
+2019-07-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/utmp.c:
+ Disable stringop-truncation false positive warnings on gcc 8.
+ Strings in struct utmp/utmpx are not guaranteed to be NUL-
+ terminated.
+ [644b97bba318]
+
+ * plugins/group_file/plugin_test.c, src/net_ifs.c:
+ Replace non-essential strncpy() calls.
+ [2377cad6e155]
+
+2019-07-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Revert version back to 1.8.28
+ [4e2deb0b4925]
+
+ * lib/util/Makefile.in:
+ Link util functions being tested directly with the test harness.
+ Otherwise we may get the version from the installed libsudo_util.so.
+ [46c833080d13]
+
+2019-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_TW.mo,
+ plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po,
+ po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po,
+ po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po,
+ po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po,
+ po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po,
+ po/zh_TW.mo, po/zh_TW.po:
+ Updated translations from translationproject.org
+ [a5aa41ab05cb]
+
+2019-07-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/parse.c:
+ Use strftime(3) instead of formatting struct tm by hand. Fixes a
+ warning on newer versions of gcc.
+ [4a2fdb51bbe5]
+
+ * doc/sudo.man.in, doc/sudo.mdoc.in:
+ Update error message when the password cannot be read from the
+ terminal.
+ [9b329f92e8a0]
+
+ * NEWS:
+ Fix for Bug #888
+ [d64fc43adfdd]
+
+ * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
+ If the command in sudoers does not exist on the file system, match
+ by name. We still want to match the command even if it doesn't exist
+ so that the NOPASSWD flag on sudoers entries with non-existant paths
+ works as expected. Bug #888.
+ [0879054870be]
+
+ * NEWS, doc/TROUBLESHOOTING, po/sudo.pot, src/tgetpass.c:
+ More verbose error message when a password is required and no
+ terminal is present. Bug #828.
+ [f15ffeffff32]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [8e0fdf8e4cd5]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that PAM session modules are now run with the silent flag.
+ [b67b769a0532]
+
+2019-07-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Simpler change to retry sudo_secure_file() as root as needed.
+ [feb0c2309366]
+
+ * plugins/sudoers/sudoers.c:
+ If we are unable to stat() sudoers as non-root, try again as root.
+ By default, sudo relies soley on group permissions to read sudoers
+ to make it possible to store sudoers on NFS. However, if
+ /etc/sudoers is not accessible to non-root uids for some reason,
+ sudo will fail. Bug #880.
+ [6a50adb25f2e]
+
+2019-07-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Clarify that ttyin contains raw terminal input.
+ [eea9d33f85bd]
+
+2019-07-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Expand the description of the I/O log files.
+ [f15cefc9bbd8]
+
+ * doc/sudo.conf.mdoc.in:
+ Remove trailing whitespace.
+ [421e9f481c1d]
+
+2019-07-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
+ Rename PLUGINDIR -> plugindir
+ [75cc43534ee1]
+
+ * configure, configure.ac:
+ Use $libexecdir in default settings used by the documentation. The
+ web and pdf pages will substitute /usr/local/libexec for
+ $noexec_file. Also do substitution of variables using exec_prefix
+ even if we don't use them in the Makefile since the documentation
+ may reference them.
+ [b7a37b03b6db]
+
+ * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Add conditional for sesh path in sudo.conf manual.
+ [ec1f8f559bad]
+
+ * configure, configure.ac:
+ Update plugindir even when --disable-shared is specified. Otherwise,
+ the default value is substituted into the Makefiles and
+ documentation which may not match --prefix. Bug #886
+ [0f6c9a4af739]
+
+2019-06-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_util.h, lib/util/fatal.c, lib/util/inet_ntop.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sudo_debug.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestamp.c, src/load_plugins.c, src/net_ifs.c,
+ src/sudo.c:
+ Add ssizeof macro that returns ssize_t. We can use this instead of
+ casting the result of size_t to int. Also change checks for
+ snprintf() returning <=0 to <0.
+ [da4a95a5d8ec]
+
+2019-06-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/TROUBLESHOOTING, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ sudoedit should be used for editing files instead of "sudo editor"
+ That way the user's editor config files are used by the editor.
+ [24bb1e6326ee]
+
+ * doc/TROUBLESHOOTING:
+ Move the section on HOME to be after the environment section. Also
+ strongly discourage the disabling of env_reset.
+ [7a41bddf5fde]
+
+2019-06-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/TROUBLESHOOTING:
+ Remove the Solaris last login question, add one about HOME. The PAM
+ session is opened with PAM_SILENT so last login info is not printed.
+ It is dangerous to preserve HOME from the user's environment.
+ [99be2cd98556]
+
+ * doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use the term pseudo-terminal more consistently.
+ [129a0d2e5a33]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document why HOME should not be preserved from the user's
+ environment. Text was adapted from what is already present in the
+ UPGRADE file. Also mark set_home and always_set_home as obsolete.
+ [3cddca2f78de]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
+ Refer to command line options, not flags.
+ [5caa383e1f9b]
+
+ * NEWS:
+ sync
+ [fd7e952e3e43]
+
+ * doc/TROUBLESHOOTING:
+ sudo will now prompt for a password as long as /dev/tty is
+ available.
+ [a4241d432e63]
+
+ * MANIFEST, configure, configure.ac, doc/Makefile.in,
+ doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat,
+ doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat:
+ Remove .cat pages, there is no need for them in the modern world.
+ Sudo only shipped .cat pages for Irix, which lacked nroff. Irix is
+ long dead and there are multiple open source nroff options.
+ [b7a48dc22bdb]
+
+ * INSTALL, configure.ac, doc/sudoers.cat, doc/visudo.cat:
+ Make env_editor the default. It is already the default in the
+ package script.
+ [a4f0c46ef5d6]
+
+ * INSTALL, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Don't describe env_editor as a security hole. Users that are able to
+ edit sudoers can grant themselves permissions so the fact that
+ visudo runs the editor as root is not a security issue.
+ [627f0a96ccc9]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not)
+ preserved. The description in the editor option was incorrect and
+ didn't mention env_keep. Reported by Sander Bos
+ [1b498d610672]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Modern visudo locks the actual sudoers file, not the sudoers.tmp
+ file. Refer to sudoers.tmp as a temporary file, not a lock file.
+ Reported by Sander Bos
+ [3a449f316304]
+
+2019-06-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ In tty_present(), check for /dev/tty if sudo was unable to get the
+ tty name. For requiretty it is enough to check that /dev/tty is
+ available. If sudo can't get the tty from the kernel (missing
+ /proc?) that is OK.
+ [2102ffa0fa7e]
+
+ * src/tgetpass.c:
+ Don't refuse to use the tty unless /dev/tty is unavailable. We don't
+ care whether sudo was able to get the tty name from the kernel. All
+ that really matters is whether we are able to disable echo as
+ needed.
+ [a3376277883f]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use of "they" was ambiguous.
+ [a39f42aa21ca]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Better description of secure_path. The secure_path option affects
+ the resolution of unqualified commands as well as the environment
+ that commands run with.
+ [e0534efa8271]
+
+ * doc/CONTRIBUTORS:
+ Add Sander Bos
+ [75f6f90c2f24]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix a few typos and awkward wording. Use the singular "they" instead
+ of he/she. Add back missing text in description of variables
+ starting with (). Based on changes from Sander Bos.
+ [d6b5068ae2ca]
+
+2019-06-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Clarify which environment variables are set based on the target
+ user.
+ [1e6ac7e5ef32]
+
+2019-06-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/Makefile.in:
+ libsudo_util depends on LT_DEP_LIBS even when building a static lib
+ [232370d6af88]
+
+ * aclocal.m4, config.h.in, configure, configure.ac,
+ lib/util/arc4random.c:
+ Solaris getentropy() requires that sys/random.h be included.
+ [f1ec0a7290a6]
+
+2019-05-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c:
+ Use the runhost for "User foo is not allowed to run sudo on bar."
+ Otherwise, if the -h option is specified sudo will print the local
+ host name instead of the host specified via -h.
+ [8e6836ff952c]
+
+2019-05-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/TROUBLESHOOTING:
+ Document that "no tty present and no askpass program specified" may
+ happen when /proc is not accessible.
+ [b551c47e55aa]
+
+2019-05-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/CONTRIBUTORS:
+ Add Sangamesh Mallayya and Michael Spradling
+ [73b3acddc973]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c,
+ src/sudo.h, src/tgetpass.c:
+ Add -B option to ring the bell before the password prompt.
+ [b2181b069809]
+
+ * plugins/sudoers/auth/aix_auth.c:
+ Allow the user to change their password if expired on AIX. Bug #883
+ [b1def2572198]
+
+2019-05-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/aix_auth.c:
+ When using AIX auth, don't display the AIX password incorrect
+ message. Avoids a "3004-300 You entered an invalid login name or
+ password" message in addition to sudo's own "Sorry, try again"
+ message.
+ [ee606cfc3c8c]
+
+2019-05-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * mkpkg:
+ AIX packages were not being build with optimization enabled.
+ [41563464b897]
+
+2019-05-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/parse.h:
+ Fix a typo.
+ [6cd3fdc40b13]
+
+ * mkpkg:
+ Support using macOS SDKs from
+ /Library/Developer/CommandLineTools/SDKs
+ [98399af73e06]
+
+2019-05-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/term.c:
+ It is safe to assume _POSIX_VDISABLE is defined. The old compat
+ defines were to support pre-termios systems.
+ [82153896cede]
+
+2019-05-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/pam.c:
+ Remove second catopen() which is never called.
+ [8a3db9d71297]
+
+2019-05-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/TROUBLESHOOTING:
+ Sudo's conversation functions now filters out the last login
+ information.
+ [ac21b18ba6bf]
+
+2019-04-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c:
+ Add pam_acct_mgmt setting to enable/disable PAM account validation.
+ [ec657af6eeb8]
+
+ * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat,
+ doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat:
+ regen
+ [d39b0636806f]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.28
+ [dd02af1b71e1]
+
+ * Makefile.in, configure.ac, doc/Makefile.in, doc/cvtsudoers.man.in,
+ doc/cvtsudoers.mdoc.in, doc/fixman.sh, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
+ doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in,
+ include/compat/charclass.h, include/compat/endian.h,
+ include/compat/fnmatch.h, include/compat/getopt.h,
+ include/compat/glob.h, include/compat/nss_dbdefs.h,
+ include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h,
+ include/sudo_debug.h, include/sudo_digest.h, include/sudo_dso.h,
+ include/sudo_event.h, include/sudo_fatal.h, include/sudo_gettext.h,
+ include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_queue.h,
+ include/sudo_rand.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/aix.c, lib/util/arc4random.c, lib/util/arc4random.h,
+ lib/util/arc4random_uniform.c, lib/util/closefrom.c,
+ lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c,
+ lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getentropy.c,
+ lib/util/getgrouplist.c, lib/util/gethostname.c,
+ lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c,
+ lib/util/glob.c, lib/util/inet_ntop.c, lib/util/inet_pton.c,
+ lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c,
+ lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
+ lib/util/nanosleep.c, lib/util/parseln.c, lib/util/pipe2.c,
+ lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/getdelim/getdelim_test.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
+ lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c,
+ lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c,
+ lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c,
+ lib/util/ttyname_dev.c, lib/util/ttysize.c, lib/util/utimens.c,
+ lib/util/vsyslog.c, lib/zlib/Makefile.in, log2cl.pl, m4/sudo.m4,
+ mkdep.pl, mkpkg, pathnames.h.in, plugins/group_file/Makefile.in,
+ plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
+ plugins/group_file/plugin_test.c, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
+ plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/digestname.c,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/env_pattern.c, plugins/sudoers/file.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/gc.c,
+ plugins/sudoers/gentime.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
+ plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
+ plugins/sudoers/ins_python.h, plugins/sudoers/insults.h,
+ plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
+ plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_util.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
+ plugins/sudoers/match_digest.c, plugins/sudoers/mkdir_parents.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
+ plugins/sudoers/strlist.h, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h,
+ plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in,
+ src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c,
+ src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c,
+ src/parse_args.c, src/preload.c, src/preserve_fds.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c,
+ src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Add SPDX-License-Identifier to files.
+ [db66decfad24]
+
+2019-04-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/pam.c:
+ Filter out last login messages on HP-UX unless running a shell. HP-
+ UX in trusted mode will display last login messages as part of the
+ PAM account management module by libpam_comsec. There is no way to
+ suppress these messages from the PAM configuration in trusted mode
+ so we need to filter them in the conversation function. In regular
+ mode, similar (but different) messages may be produced by
+ libpam_hpsec.
+ [5bbb02c69b46]
+
+2019-04-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/closefrom.c:
+ FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted.
+ In practice this doesn't matter since FreeBSD >= 8 has a native
+ closefrom
+ [bbeeb52550f1]
+
+2019-04-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ Keep debug fds open in send_mail() to aid in debugging. Adds
+ closefrom_nodebug() which acts like closefrom(3) but doesn't close
+ debug fds for use by send_mail(). Also moves the code to exec the
+ mailer to its own function.
+ [b1892425667a]
+
+2019-04-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c:
+ Set def_mailerflags even if sendmail was not found at configure
+ time. Fixes a NULL dereference when mailerpath is set but
+ mailerflags is not. Bug #878
+ [6c57f5ddca54]
+
+2019-04-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/getdelim.c,
+ lib/util/getline.c, lib/util/parseln.c,
+ lib/util/regress/getdelim/getdelim_test.c, mkdep.pl,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/sssd.c:
+ Add a proper getdelim(3) replacement and use it instead of
+ getline(3).
+ [2e06e45ffbd6]
+
+ * plugins/sudoers/auth/pam.c:
+ Restrict the PAM_TTY kludge to Solaris and Linux-PAM. Setting
+ PAM_TTY to the empty string causes problems with some modules on HP-
+ UX so restrict it to systems where it is fixes known issues.
+ [d61f4e20dc67]
+
+2019-03-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/getgrouplist.c:
+ Fix the counting of supplementary groups on AIX. We should not
+ assume that basegid will be present in the list of gids returned by
+ getgrset().
+ [6b5fa2805840]
+
+2019-03-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/pwutil.c:
+ Plug a memory leak on user/group lookup failure found by ASAN.
+ [aff673f310d0]
+
+2019-03-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/test3.d/root,
+ plugins/sudoers/regress/testsudoers/test3.sh:
+ Fix test failure when run by a user other than the file owner.
+ [c41ea7cfedf8]
+
+ * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/da.mo,
+ po/da.po, po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/zh_TW.mo,
+ po/zh_TW.po:
+ Updated translations from translationproject.org
+ [484d7b28bdd6]
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test1.sh,
+ plugins/sudoers/regress/cvtsudoers/test10.sh,
+ plugins/sudoers/regress/cvtsudoers/test11.sh,
+ plugins/sudoers/regress/cvtsudoers/test12.sh,
+ plugins/sudoers/regress/cvtsudoers/test13.sh,
+ plugins/sudoers/regress/cvtsudoers/test14.sh,
+ plugins/sudoers/regress/cvtsudoers/test15.sh,
+ plugins/sudoers/regress/cvtsudoers/test16.sh,
+ plugins/sudoers/regress/cvtsudoers/test17.sh,
+ plugins/sudoers/regress/cvtsudoers/test18.sh,
+ plugins/sudoers/regress/cvtsudoers/test19.sh,
+ plugins/sudoers/regress/cvtsudoers/test2.sh,
+ plugins/sudoers/regress/cvtsudoers/test20.sh,
+ plugins/sudoers/regress/cvtsudoers/test21.sh,
+ plugins/sudoers/regress/cvtsudoers/test22.sh,
+ plugins/sudoers/regress/cvtsudoers/test23.sh,
+ plugins/sudoers/regress/cvtsudoers/test24.sh,
+ plugins/sudoers/regress/cvtsudoers/test25.sh,
+ plugins/sudoers/regress/cvtsudoers/test26.err.ok,
+ plugins/sudoers/regress/cvtsudoers/test26.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test26.sh,
+ plugins/sudoers/regress/cvtsudoers/test27.sh,
+ plugins/sudoers/regress/cvtsudoers/test28.sh,
+ plugins/sudoers/regress/cvtsudoers/test29.sh,
+ plugins/sudoers/regress/cvtsudoers/test3.sh,
+ plugins/sudoers/regress/cvtsudoers/test30.sh,
+ plugins/sudoers/regress/cvtsudoers/test31.sh,
+ plugins/sudoers/regress/cvtsudoers/test32.err.ok,
+ plugins/sudoers/regress/cvtsudoers/test32.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test32.sh,
+ plugins/sudoers/regress/cvtsudoers/test33.sh,
+ plugins/sudoers/regress/cvtsudoers/test4.sh,
+ plugins/sudoers/regress/cvtsudoers/test5.sh,
+ plugins/sudoers/regress/cvtsudoers/test6.sh,
+ plugins/sudoers/regress/cvtsudoers/test7.sh,
+ plugins/sudoers/regress/cvtsudoers/test8.sh,
+ plugins/sudoers/regress/cvtsudoers/test9.sh:
+ Test cvtsudoers stdout and stderr separately. Fixes a test failure
+ on systems with musl libc. Bug #873
+ [e82a381f4f3d]
+
+2019-03-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/starttime.c, src/ttyname.c:
+ Better comment about EOVERFLOW and pstat_getproc(). Also remove some
+ useless casts.
+ [09a915110812]
+
+ * lib/util/closefrom.c:
+ Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error. It
+ just means that one of the fields in pstat lacks the precision to
+ store a value. That's not an issue for pst_highestfd.
+ [bb7ed18e360b]
+
+ * sudo.pp:
+ update copyright year
+ [cff8184aeb11]
+
+2019-03-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/load_plugins.c:
+ Fix error message when a fully-qualified plugin path does not exist.
+ [318f7511c9bc]
+
+2019-03-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix unescaped '\' and remove an extra '[' in the definition of
+ digest.
+ [9ea1a400ebc9]
+
+2019-03-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Ignore carriage return before a linefeed. This allows sudo to parse
+ files with DOS-style line endings.
+ [65882b63a84d]
+
+2019-02-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ For sssd, the nsswitch.conf setting should be "sss" not "sssd". From
+ Johnathan Smith.
+ [5c07130d1bbc]
+
+2019-02-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Add simple API for to allow reading environment data from different
+ sources. Currently, this is used to read a file like
+ /etc/environment.
+ [ce9161899719]
+
+2019-02-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Fix pasto; the unrestricted env file was read when we want the
+ restricted one.
+ [23b0b3c473db]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/parse.h, plugins/sudoers/strlist.c, src/sudo.h:
+ Be sure to include sudo_queue.h where needed instead of relying on
+ other headers.
+ [fe9418a9b378]
+
+2019-02-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/util.exp.in:
+ Only export sudo_arc4random_uniform() if arc4random_uniform() is
+ missing.
+ [e32a7243976d]
+
+ * lib/util/regress/vsyslog/vsyslog_test.c:
+ Quiet a warning on gcc 8
+ [fe8cad6564e2]
+
+ * include/sudo_compat.h:
+ AIX 7.1 defines O_CLOEXEC but it can't be used outside the kernel.
+ Redefine O_CLOEXEC if it doesn't fit in an int and pipe2() is
+ missing.
+ [3ef0220351ca]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
+ plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
+ plugins/sudoers/parse.h:
+ Split command match code out into match_command.c. Also remove
+ unused SUDOERS_NAME_MATCH code.
+ [2a7adb93a65e]
+
+2019-02-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match_digest.c:
+ Split out digest matching into its own file.
+ [93863918f934]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h:
+ Split out digest matching into its own file.
+ [aafdc9b976ed]
+
+2019-02-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. Fixes a
+ namespace collision on Solaris when bison is used.
+ [707b94b7c1e9]
+
+2019-02-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ Add stub definition of digest_matches() for SUDOERS_NAME_MATCH
+ [a322e57c85e0]
+
+ * plugins/sudoers/sudo_nss.c:
+ No longer need to include sudo_lbuf.h
+ [db110422b24c]
+
+ * mkpkg:
+ On RedHat/CentOS get the OS major version from /etc/redhat-release.
+ We cannot determine this from the output of "pp --probe" since it
+ doesn't contain a period to separate the major and minor numbers.
+ [78a27d62de0c]
+
+2019-02-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Use SET macro instead of bitwise OR.
+ [b523937e8da8]
+
+ * plugins/sudoers/pwutil_impl.c:
+ In sudo_make_grlist_item() the calculation of total did not include
+ space for pointers to the group names.
+ [7c438dd62f45]
+
+ * plugins/sudoers/cvtsudoers_pwutil.c:
+ Use correct debug_decl() names.
+ [d0f02db8be20]
+
+ * plugins/sudoers/sudoers.h:
+ Add fallback values for sudoers uid, gid and mode if not set in
+ Makefile.
+ [21e41ed7a06c]
+
+2019-02-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/memset_s.c:
+ include stddef.h to make sure we get NULL
+ [d42b4c325c0c]
+
+2019-02-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/net_ifs.c:
+ Fix memory leak when there are no network interfaces or an error
+ occurs.
+ [7ba525ee9233]
+
+2019-01-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ Use $ac_cv_search_FUNCTION instead of $ac_lib and $ac_res. Fixes a
+ problem where libcrypt is not used with autoconf caching. Adapted
+ from a diff from Adam Labbe.
+ [5cfcade6ce3e]
+
+2019-01-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * po/de.mo, po/de.po, po/ko.mo, po/ko.po:
+ Updated translations from translationproject.org
+ [4995f6542a2c]
+
+2019-01-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c:
+ Fix listpw=never and verifypw=never. Bug #869
+ [ecb89088a884]
+
+2019-01-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sig2str.c,
+ plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_pwutil.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c, src/sudo.c, src/ttyname.c:
+ Minor snprintf() usage tweaks: 1) don't assume snprintf() returns -1
+ on error, check for <0 2) when comparing return value of
+ sizeof(foo), cast the sizeof, not the len 3) cast return value to
+ void in cases where snprintf cannot fail
+ [2af6dfb31a49]
+
+2019-01-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ The AIX nofiles hard limit fix and bug #867 will make 1.8.27.
+ [a8b4710ff907]
+
+ * plugins/sudoers/auth/pam.c:
+ Use PAM_SILENT to prevent pam_lastlog from printing last login
+ information on RedHat except when explicitly running a shell.
+ Adapted from a patch from Nir Soffer. Bug #867
+ [b8b5d3445a3c]
+
+ * lib/util/aix.c:
+ Fix the default nofiles and stack hard limits. The table of default
+ hard limits in /etc/security/limits was out of date with respect to
+ the current documentation. The default hard limit for nofiles should
+ be unlimited, not 8196. The default hard limit for stack should be
+ 4194304 blocks (which fits in an unsigned long on 32-bit platforms).
+ [68c8c05a0b9b]
+
+2019-01-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [3000c62ed0ba]
+
+ * NEWS:
+ Final updates for sudo 1.8.27.
+ [40d6ecb1f739]
+
+ * src/exec_pty.c:
+ Update copyright year
+ [adc9f4046585]
+
+ * doc/LICENSE:
+ Update for 2019
+ [ccbbad25d7c7]
+
+2019-01-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Fix setting of utmp entry when running command in a pty. Regression
+ introduced in sudo 1.8.22.
+ [cf81f3fa1f3a]
+
+2018-12-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Use debug_return_int not debug_return_bool in resolve_host
+ [490241e14e68]
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.27
+ [f59a4a391a44]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/visudo.c:
+ Allow the sudoers file to be specified without the -f option. Bug
+ #864
+ [eb3d4c4461ba]
+
+2018-12-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ The iolog_dir section is below the maxseq section, not above.
+ [35534e4f23d9]
+
+2018-12-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo,
+ po/ja.po:
+ Updated translations from translationproject.org
+ [270660da2de4]
+
+2018-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoreplay.c:
+ Add -n and -R options to help; reported by Radovan Sroka
+ [683df32eb950]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ Add missing description of padding option and missing argument to
+ -c.
+ [c762020f1694]
+
+ * plugins/sudoers/cvtsudoers.c:
+ The -c option was missing from the help info; from Radovan Sroka
+ [aa36d5c05b0b]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ Fix some typos; reported by Radovan Sroka
+ [d6137224dd47]
+
+2018-12-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/pam.c:
+ In sudo_pam_approval(), for the exempt case, only overwrite pam
+ status when the passwd is expired or needs to be updated.
+ [2c2d1ed1bb7e]
+
+2018-12-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/pam.c:
+ The fix for bug #843 was incomplete and caused pam_end() to be
+ called early. sudo_pam_approval() must not set the global pam status
+ to an error value if it returns AUTH_SUCCESS. Otherwise,
+ sudo_pam_cleanup() will call pam_end() before
+ sudo_pam_begin_session(). This resulted in a NULL PAM handle being
+ used in sudo_pam_begin_session().
+ [656aa910fbaf]
+
+2018-12-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec.c:
+ Don't run the command in a pty if no I/O plugins are logging
+ anything. That way an I/O plugin that doesn't actually log anything
+ won't cause the command to be run in a pty.
+ [ef83f35c9cb0]
+
+2018-11-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgignore:
+ Update ignore patterns to match doc changes.
+ [7438cdacc0e1]
+
+ * doc/fixmdoc.sed:
+ fix mode fixmdoc.sed
+ [d74c0b7c5932]
+
+2018-11-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.man.in,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in,
+ doc/visudo.man.in:
+ Fix section in the .TH line of *.man.in file. The substitution for
+ @mansectsu@ and @mansectform@ was broken. No longer need to strip
+ out OpenBSD from the header line.
+ [cb02c8496b21]
+
+ * doc/sudoers.man.in.sed:
+ Add sudoers.man.in.sed, missed from previous commit.
+ [a2113a52e6a7]
+
+ * doc/CONTRIBUTORS:
+ Add Guillem Jover
+ [db7a39f9726a]
+
+ * NEWS:
+ recent changes
+ [0c07a0cdf2ff]
+
+ * MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sed,
+ doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.in.sed,
+ doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Use roff conditionals in the manuals instead of post-processing. We
+ still need to process the resulting .man.in files to add back the
+ conditionals but this should be easier to debug as the changes are
+ visible in the .in file. Some minor postprocessing is still used to
+ make the manuals HP-UX friendly and to change "0 seconds" ->
+ unlimited after substitution.
+ [44316d271ab8]
+
+2018-11-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Sudo plugin manual updates and clarification from Guillem Jover:
+ - Add missing return information for show_version().
+ - Fix prototypes for several function pointers.
+ - Update SUDO_API_VERSION_MINOR.
+ - Add missing references to log_suspend() and change_winsize().
+ - Add missing "array.".
+ - Clarify that argc can be zero on sudo -V.
+ - Clarify size requirements for conversation array arguments.
+ - Clarify timeout zero value for struct sudo_conv_message.
+ - Clarify initial and final state of reply in struct sudo_conv_reply.
+ [1241cff4dd51]
+
+ * doc/fixmdoc.sh, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Revert changes to give arguments to the .Bx macro. This is intended
+ for things like .Bx 4.3 to generate "4.3BSD" so the argument ends up
+ before the BSD, not after. Just go back to using "BSD
+ authentication" and "BSD login classes" so fixmdoc.sh can operate
+ correctly. Bug #861
+ [c58965343318]
+
+2018-11-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/fixmdoc.sh, doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
+ Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals.
+ Bug #861
+ [7ddfb74781a1]
+
+2018-11-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, m4/sudo.m4, src/utmp.c:
+ Add support for utmps as found in HP-UX.
+ [f55312948139]
+
+2018-11-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, include/sudo_util.h,
+ lib/util/utimens.c:
+ Support st_nmtime in struct stat as found in HP-UX.
+ [0854b34cd2ea]
+
+ * lib/util/closefrom.c:
+ If fcntl fails, fall back to the /proc implementation.
+ [59a03e0d3148]
+
+2018-11-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Mention schema.olcSudo
+ [320adcd29a61]
+
+2018-11-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Mention schema.olcSudo here too.
+ [a19dff54603b]
+
+ * MANIFEST, README.LDAP, doc/CONTRIBUTORS, doc/schema.OpenLDAP,
+ doc/schema.olcSudo:
+ OpenLDAP schema file for Sudo in on-line configuration (OLC) format.
+ From Frederic Pasteleurs.
+ [1fcfa9f307a2]
+
+ * po/ast.mo, po/ast.po:
+ Updated translations from translationproject.org
+ [70f0ec8c721c]
+
+2018-11-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/closefrom.c:
+ Only use closefrom_fallback() if no better method exists. The
+ previous logic was too fragile.
+ [2510928e291f]
+
+2018-11-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo,
+ po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo,
+ po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo,
+ po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ Updated translations from translationproject.org
+ [898154804015]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/pt.mo,
+ plugins/sudoers/po/pt.po, po/pt.mo, po/pt.po:
+ Portuguese translation for sudo and sudoers from
+ translationproject.org.
+ [4c49e5cf8936]
+
+2018-11-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, configure, configure.ac, include/sudo_fatal.h,
+ lib/util/Makefile.in, lib/util/fatal.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
+ Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn
+ and gai_log_warning that use gai_strerror() instead of strerror().
+ [9c37c5db3293]
+
+2018-10-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ Fix memory leak in runaslist_matches().
+ [f1366ad50eb3]
+
+2018-10-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ typo
+ [fc8aa243672a]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [f333405eb06c]
+
+ * NEWS:
+ More updates for 1.8.26
+ [1941961b232f]
+
+2018-10-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/regress/cvtsudoers/test33.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test33.sh:
+ Add support for negated sudoRunAsUser and sudoRunAsGroup entries.
+ [d0368336d92b]
+
+2018-10-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that the target user's groups may be specified via the -g
+ option.
+ [67b7643e3bcb]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Include getpwent() version of sudo_getgrouplist2_v1() from
+ getgrouplist.c
+ [60aa493504d1]
+
+ * MANIFEST, plugins/sudoers/regress/testsudoers/group,
+ plugins/sudoers/regress/testsudoers/test1.sh:
+ Use a testsudoers group file with known contents instead of the
+ system one.
+ [7a4499c92acd]
+
+ * plugins/sudoers/match.c, plugins/sudoers/parse.h,
+ plugins/sudoers/set_perms.c:
+ Allow the group set by "sudo -g" to be any of the target user's
+ groups. Previously, this was only allowed if the group matched the
+ target user's primary group ID (from the passwd database entry). The
+ sudoers policy will now allow the group if it is one of the target
+ user's supplemental groups as well.
+ [c43fedc19a01]
+
+2018-10-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/regress/getgrouplist/getgrouplist_test.c:
+ Skip sudo_getgrouplist2() check on systems with getgrouplist_2().
+ sudo_getgrouplist2() is just a wrapper on such systems and this
+ avoids a test failure on macOS where a user is automatically a
+ member of certain groups.
+ [26ba0c363b80]
+
+ * lib/util/util.exp.in:
+ Add missing exported symbol sudo_term_eof
+ [2d8e0438eba4]
+
+ * plugins/sudoers/ldap_conf.c:
+ Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT Fixes problems
+ building on older LDAP sdks.
+ [1effb0f19867]
+
+ * MANIFEST:
+ add getgrouplist_test.c
+ [ca5bae341846]
+
+ * lib/util/regress/getgrouplist/getgrouplist_test.c:
+ Check the user's primary gid from the passwd file too.
+ [60ba98074d75]
+
+ * .hgignore:
+ ignore prologue
+ [589222ec2717]
+
+ * lib/util/aix.c, lib/util/arc4random.c,
+ lib/util/arc4random_uniform.c, lib/util/closefrom.c,
+ lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c,
+ lib/util/getentropy.c, lib/util/getgrouplist.c,
+ lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c,
+ lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
+ lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c,
+ lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c,
+ lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c,
+ lib/util/pw_dup.c, lib/util/reallocarray.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
+ lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
+ lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c,
+ lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
+ lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
+ lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c,
+ lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c,
+ plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
+ plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
+ plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
+ plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/starttime.c,
+ plugins/sudoers/strlist.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
+ src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
+ src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c,
+ src/preload.c, src/preserve_fds.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c,
+ src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c,
+ src/ttyname.c, src/utmp.c:
+ Convert PVS-Studio comment to ANSI C.
+ [31f2aefe6d9b]
+
+ * Makefile.in, doc/Makefile.in, doc/cvtsudoers.man.in,
+ doc/cvtsudoers.mdoc.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
+ doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in,
+ include/sudo_lbuf.h, lib/util/Makefile.in, lib/util/digest.c,
+ lib/util/digest_gcrypt.c, lib/util/digest_openssl.c,
+ lib/util/lbuf.c, lib/util/setgroups.c, lib/util/ttysize.c,
+ lib/zlib/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/base64.c,
+ plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/gentime.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/system_group/Makefile.in, src/Makefile.in, src/sesh.c,
+ src/sudo_usage.h.in:
+ Fix some mangled text in the license block.
+ [86b88fbda4b4]
+
+ * lib/util/Makefile.in,
+ lib/util/regress/getgrouplist/getgrouplist_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c:
+ Add regress test for sudo_getgrouplist2(). This test assumes all the
+ groups in root's group list can be resolved by group ID.
+ [48564f85b7ed]
+
+2018-10-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ More changes in 1.8.26
+ [fe81e3e4b653]
+
+ * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in,
+ doc/cvtsudoers.mdoc.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/cvtsudoers/test31.conf,
+ plugins/sudoers/regress/cvtsudoers/test31.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test31.sh,
+ plugins/sudoers/regress/cvtsudoers/test32.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test32.sh:
+ Add padding option to cvtsudoers. Bug #856
+ [6e31b0e37ba1]
+
+ * lib/util/getgrouplist.c:
+ Remove an errant grset++ in the AIX version of sudo_getgrouplist2().
+ Bug #857
+ [03b19227cab2]
+
+2018-10-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c.
+ Since we don't auto-generate dependencies for sudo_noexec.c we can't
+ easily check it from outside the source tree. This is not a problem
+ as it just contains stub functions.
+ [3cf842d30e45]
+
+ * MANIFEST, doc/CONTRIBUTORS, po/ast.mo, po/ast.po:
+ Asturian translation for sudo from translationproject.org
+ [dc0b31fa013c]
+
+2018-10-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/gettime.c:
+ Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present on
+ macOS.
+ [5f34c8de0707]
+
+ * INSTALL, configure, configure.ac:
+ Add --enable-pvs-studio configure option to create PVS-Studio.cfg.
+ [772e86227c11]
+
+ * lib/util/aix.c, lib/util/arc4random.c,
+ lib/util/arc4random_uniform.c, lib/util/closefrom.c,
+ lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c,
+ lib/util/getentropy.c, lib/util/getgrouplist.c,
+ lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c,
+ lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
+ lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c,
+ lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c,
+ lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c,
+ lib/util/pw_dup.c, lib/util/reallocarray.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
+ lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
+ lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c,
+ lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
+ lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
+ lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c,
+ lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c,
+ plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
+ plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
+ plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
+ plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/regress/starttime/check_starttime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/starttime.c,
+ plugins/sudoers/strlist.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
+ src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
+ src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c,
+ src/preload.c, src/preserve_fds.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c,
+ src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c,
+ src/ttyname.c, src/utmp.c:
+ Add comments in .c files so PVS-Studio will check them.
+ [b42b6dcb48a6]
+
+ * .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ mkdep.pl, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add pvs-studio target and associated production rules.
+ [3dbcef5ac205]
+
+2018-10-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog_util.c:
+ Simplify range checks. No need to check for ERANGE in the cases
+ where we also check that the value is <= INT_MAX. Found by PVS-
+ Studio.
+ [45810a8437b6]
+
+2018-10-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/key_val.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/toke_util.c,
+ src/preserve_fds.c:
+ Avoid some PVS-Studio false positives.
+ [e4d8ce94fda7]
+
+ * src/sudo.c:
+ Remove some calls to sudo_fatalx(); just propagate the error return.
+ [bc9eefbf0cdf]
+
+ * src/sesh.c:
+ No need to check if fd_dst is -1 in sudoedit mode. Failure to open
+ the destination sudoedit file is fatal so there's no need to check
+ that fd_dst != -1 later on. Found by PVS-Studio.
+ [5530586ace16]
+
+ * plugins/sudoers/timestamp.c:
+ In timestamp_open() no need to free cookie on error, it is NULL.
+ Found by PVS-Studio.
+ [becfe97c72f8]
+
+2018-10-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap_util.c:
+ Fix a memory leak on malloc() error in sudo_ldap_role_to_priv().
+ Coverity CID 188804
+ [1bea56670410]
+
+ * plugins/sudoers/parse_ldif.c:
+ Move the allocation of role to be immediately before in_role is set.
+ This makes it clear that when in_role == true, role is non-NULL.
+ Also remove two dead stores.
+ [790d90c578c8]
+
+ * plugins/sudoers/parse_ldif.c:
+ Fix trimming of non-escaped trailing space in
+ ldif_parse_attribute(). Found by PVS-Studio.
+ [37fded3c77a4]
+
+ * plugins/sudoers/match.c:
+ Simplify the logic surrounding sudoers_args in command_args_match().
+ We only need to check that sudoers_args is non-NULL once. Found by
+ PVS-Studio.
+ [93c967145e82]
+
+ * plugins/sudoers/ldap.c:
+ If sudo_ldap_get_values_len() fails goto cleanup instead of oom.
+ This is not strictly necessary as there's not anything to cleanup in
+ this case but it is more consistent with the code that follows.
+ [d0d8b8b8dca8]
+
+ * plugins/sudoers/policy.c:
+ Fix handling of timeout values in sudoers. When passing the timeout
+ back to the front end, ignore the user-specified timeout if it is
+ not set (initialized to 0). Otherwise, sudo would choose a zero
+ user-specified timeout over the sudoers-specified timeout (non-
+ zero).
+ [6b08b3b918b7]
+
+2018-10-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_pwutil.c:
+ Fix cut & pastos in cvtsudoers_make_gritem()
+ [bd901c0394ba]
+
+ * plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok:
+ Fix expected test output now that command_timeout is parsed
+ correctly in LDIF.
+ [ba6cfd26330e]
+
+ * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
+ tv_nsec can never be negative after timespecsub. Found by PVS Studio
+ [ecfb93c9463c]
+
+2018-10-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Avoid potentially undefined behavior. Found by PVS Studio.
+ [ae76c69e0d6f]
+
+ * plugins/sudoers/ldap_util.c:
+ sudo_ldap_parse_option() never returns '=' as the operator. When
+ parsing command_timeout, role, type, privs and limitprivs, check
+ that val is non-NULL instead. Found by PVS Studio.
+ [10f8cff7cce7]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/toke.c:
+ Fix up #line entries that reference lex.sudoers.c.
+ [c724cef37b66]
+
+2018-10-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog.h, plugins/sudoers/iolog_util.c:
+ Fix workaround for broken sudo 1.8.7 timing files.
+ [78ef3625c650]
+
+ * plugins/sudoers/parse_ldif.c:
+ Fix memory leak when reusing the runas list. We need to free the
+ member list itself as well as its contents.
+ [62fb86a5c83f]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Some DIAGNOSTICS updates: Update error message for when the user's
+ uid does not exist in passwd. Remove "This error indicates" and some
+ other cosmetic cleanups.
+ [c73841e03014]
+
+ * src/sudo.c:
+ If the user's passwd entry cannot be resolved via the uid, use the
+ same error message as visudo.
+ [ce596b32dfbb]
+
+2018-10-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Add a DIAGNOSTICS section with an explanation of the more non-
+ trivial error messages.
+ [775419794f7d]
+
+ * plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c:
+ Replace sudo_fatal(NULL) with an "unable to allocate memory" message
+ that includes the function name.
+ [26e19bcc0ce8]
+
+2018-10-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/tgetpass.c:
+ Make EOF handling while reading the password prompt more like
+ getpass(3). We now return the password as long as at least one
+ character has been read. Previously, EOF at the password prompt was
+ treated as if nothing was entered.
+ [fc2ed4a87e6f]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [2aee8680abc3]
+
+ * src/tgetpass.c:
+ Print a warning for password read issues. Issues include: timeout at
+ the password prompt, read error while reading the password, and EOF
+ reading the password.
+ [df1dcebe9ffa]
+
+2018-10-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/term.c, src/tgetpass.c:
+ Handle EOF on password input when pwfedback is enabled.
+ [4958978fc967]
+
+2018-10-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.mdoc.in:
+ Fix remaining instances of "e.g." without a trailing ','.
+ [8cbf11c04b3c]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in,
+ doc/sudoers_timestamp.mdoc.in:
+ Use mdoc macros for BSD systems. All manuals now pass "make lint"
+ [7f23209a5e1c]
+
+ * doc/Makefile.in:
+ Use -Wstyle with -Tlint since sudo is not part of the base system.
+ This avoids "referenced manual not found" and "operating system
+ explicitly specified" warnings.
+ [e417e972a88a]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document log_suspend() and fix the description of the
+ change_winsize() return value.
+ [be02b0fb26a9]
+
+2018-10-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix problems found by igor. Bug #854
+ [4ddcb625f3b7]
+
+ * doc/Makefile.in:
+ Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed
+ twice).
+ [abb2baac9373]
+
+ * doc/Makefile.in:
+ Add igor target to run igor(1) on the manuals.
+ [64be7fb868b3]
+
+2018-10-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ Add new -S option to sleep while the command was suspended. The
+ default behavior is now to not consider the time the command was
+ suspended as part of the normal inter-event delay.
+ [bb30f7b28126]
+
+ * MANIFEST, include/sudo_plugin.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
+ plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h,
+ plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/sudoreplay.c, src/exec_pty.c:
+ Add a suspend event type to the I/O log to log suspend/resume of the
+ command so we can skip that delay during replay.
+ [8091d1835a31]
+
+ * src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Initialize the pty rows/cols based on the values we stored in
+ user_details. This fixes a minor issue where we would send an extra
+ window size change event the first time the command was suspended.
+ [b2ae9be4d1d6]
+
+2018-09-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/sudo_ldap_conf.h:
+ Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
+ [f07a14ae05cb]
+
+2018-09-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_util.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog_util.c,
+ plugins/sudoers/regress/starttime/check_starttime.c:
+ Move definition of TIME_T_MAX to sudo_util.h
+ [469c36d44950]
+
+ * NEWS, doc/UPGRADE:
+ Changes in 1.8.26 (so far).
+ [5c73b0d8c676]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/env.c:
+ Treat LOGIN, LOGNAME and USER specially. If one is preserved or
+ deleted we want to preserve or delete all of them.
+ [ea1782686195]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/env.c,
+ plugins/sudoers/logging.c, plugins/sudoers/regress/visudo/test6.sh:
+ Remove special handling of the USERNAME environment variable. It
+ used to be set on old versions of Fedora but that hasn't been the
+ case for some time. It's worth noting that ssh doesn't set USERNAME
+ either.
+ [5141bebd99c4]
+
+ * configure, configure.ac:
+ sudo 1.8.26
+ [cfe8d540328e]
+
+2018-09-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo.c:
+ Remove unused system_maxgroups argument from fill_group_list().
+ [debc4ca9d35f]
+
+ * lib/util/getgrouplist.c:
+ Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room
+ for the primary gid.
+ [fccf07f2e8cf]
+
+2018-09-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ In print_member_json_int() eliminate the need_newline variable and
+ just move the non-alias expansion printing bits into the else
+ clause, including the newline and comma printing.
+ [b40224fc6090]
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test30.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test30.sh:
+ Add regress test for bug #853
+ [31544afc6013]
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ When expanding an alias in print_member_json_int() avoid printing an
+ extra comma at the end of the entry. Bug #853.
+ [e73e09f8569a]
+
+2018-09-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/CONTRIBUTORS:
+ Add Kan Sasaki
+ [ff277fb5b0c9]
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.25p1
+ [c4f0a69e6356]
+
+ * lib/util/event_poll.c:
+ Fix a crash in the event system's poll() backend introduced with
+ support for nanosecond timers. Only affects systems without ppoll().
+ Bug #851
+ [54e561b11a0f]
+
+2018-09-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [04afa00445ef]
+
+2018-08-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Allow for some clock drift due to ntpd, etc.
+ [2d72989fe7b1]
+
+ * plugins/sudoers/visudo.c:
+ If sudo_lock_file() fails for a reason other than the file already
+ being locked, give the user a chance to edit anyway.
+ [e5a963ecc083]
+
+2018-08-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/cvtsudoers/test28.sh:
+ Quick sort is not a stable sort; use distinct sudoOrder values so
+ the output is predictable.
+ [46ebc1169c0c]
+
+ * lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ plugins/sudoers/ldap.c,
+ plugins/sudoers/regress/parser/check_base64.c:
+ Fix warnings on OpenIndiana (Illumos)
+ [1b45d303b338]
+
+ * plugins/sudoers/ldap.c:
+ Correct ldap_to_sudoers() return value.
+ [16b0d144b196]
+
+ * NEWS:
+ Bug #849
+ [3e05bad00a44]
+
+ * plugins/sudoers/sssd.c:
+ The sssd backend used to take the first match, assuming that entries
+ were sorted in descending order by sudoOrder. That allowed it to
+ avoid iterating over the entire list of rules. Now that we convert
+ to a sudoers parse tree, we need to convert rules in ascending
+ order, not descending. The simplest way to accomplish this is to
+ simply iterate over the rules from last to first, reversing the sort
+ order. Bug #849
+ [63627909bb10]
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test28.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test28.sh,
+ plugins/sudoers/regress/cvtsudoers/test29.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test29.sh:
+ Add some more ldif -> sudoers tests to verify sudoOrder.
+ [f41358fbd066]
+
+ * plugins/sudoers/ldap.c:
+ For conversion to a sudoers parse tree, ldap_entry_compare() now
+ needs to sort in ascending order, not descending. Bug #849
+ [9f23126cded8]
+
+2018-08-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c:
+ No need to set input_file for stdin in parse_ldif(); noted by clang
+ analyzer.
+ [c852e1c92dd2]
+
+ * plugins/sudoers/iolog_util.c:
+ Use TIME_T_MAX when parsing the I/O log file timestamp and disallow
+ negative times.
+ [bfb17118e584]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_util.c,
+ plugins/sudoers/iolog_util.h,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/regress/iolog_util/check_iolog_util.c,
+ plugins/sudoers/sudoreplay.c:
+ When parsing an I/O log timing line, store the result in a timespec,
+ not a double. The speed factor (for scaling the delay) in sudoreplay
+ is still a double but we only need to adjust the delay if the factor
+ is something other than 1.0.
+ [39077129d1f9]
+
+ * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Fix memory leak in test.
+ [94fb9f39dfee]
+
+ * doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat,
+ doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat:
+ regen
+ [f2850c2f733a]
+
+2018-08-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/env.c:
+ Update conversion of DID_* to KEPT_* to match the new values of
+ DID_* and KEPT_*.
+ [6ce1bc30a4d1]
+
+ * NEWS, plugins/sudoers/env.c:
+ Set the LOGIN environment variable on AIX like we do LOGNAME.
+ [e6afb82d918c]
+
+2018-08-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, m4/sudo.m4,
+ plugins/sudoers/bsm_audit.c:
+ Add a test for the 4-argument au_close() function found in Solaris
+ 11 instead of assuming it is present if __sun is defined. Fixes a
+ compilation error on OpenIndiana and older Solaris versions.
+ [4a4f91e28bbc]
+
+ * doc/CONTRIBUTORS:
+ Add Miguel Sanders and Scott Cheloha
+ [14aca7309a0a]
+
+ * NEWS:
+ testsudoers changes
+ [f008d473c933]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/testsudoers.c:
+ Add ldif support to testsudoers
+ [321f11b7badd]
+
+2018-08-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c:
+ Move ldif -> sudoers conversion code into parse_ldif.c
+ [497d55799d5b]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/strlist.c,
+ plugins/sudoers/strlist.h:
+ Move string list functions to their own file.
+ [a15902cde4eb]
+
+ * lib/util/Makefile.in:
+ sync
+ [9b1f98d4335f]
+
+2018-08-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in:
+ Backward ABI compatibility for even functions that use a timeval.
+ [01d9e617a923]
+
+ * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
+ Use a monotonic timer for the event subsystem.
+ [acf30905a275]
+
+ * config.h.in, configure, configure.ac, include/sudo_event.h,
+ lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
+ plugins/sudoers/iolog_util.h, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c:
+ Use struct timespec, not struct timeval in the event subsystem. Use
+ ppoll() or pselect() if avaialble which use timespec.
+ [b1bfccec8b13]
+
+2018-08-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgignore:
+ sync
+ [193fd33e9864]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c:
+ Eliminate most use of parsed_sudoers in cvtsudoers
+ [0d0504f61e3e]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/parse.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Make alias_apply() take 3 arguments, the first being a pointer to
+ the struct sudoers_parse_tree.
+ [7802295c07fa]
+
+2018-08-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
+ Handle systems where root's gid is not 0.
+ [1fc92bad715a]
+
+ * plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h:
+ Add missing files from last commit.
+ [a155e07bb191]
+
+ * .hgignore, MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
+ plugins/sudoers/sudoreplay.c:
+ Add regress test for I/O log plugin endpoints
+ [bf9fbe5ff2a6]
+
+ * plugins/sudoers/iolog.c:
+ We cannot reuse last_time for the I/O log info file now that it is a
+ monotonic timer. Just call time(3) in write_info_log() directly.
+ [f2e1de732a91]
+
+ * src/exec_pty.c:
+ Move the loop to free the monitor_messages list into
+ free_exec_closure_pty()
+ [d6edc1a94e7e]
+
+ * po/sudo.pot:
+ regen
+ [6467f05a2fd0]
+
+2018-08-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * lib/util/getentropy.c:
+ Fix typo in last commit.
+ [38f3450b57fb]
+
+ * config.h.in, configure, configure.ac, lib/util/getentropy.c:
+ Do not assume all Linux has linux/random.h. Add missing
+ sys/syscall.h include
+ [8460f258e1af]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
+ Cast uid/gid to unsigned int before printing.
+ [37fcab8b4f97]
+
+ * include/sudo_compat.h:
+ Only include stdarg.h if we need it.
+ [c266d34454ba]
+
+ * plugins/sudoers/bsm_audit.c, plugins/sudoers/timestamp.c:
+ fix compiler warnings on Solaris 11
+ [6c92c438a38e]
+
+ * lib/util/getentropy.c:
+ Fix setting of errno when gotdata() fails.
+ [4fab71fa575f]
+
+ * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c,
+ src/sudo_noexec.c:
+ Include stddef.h for offsetof() definition.
+ [15d13ae1ba46]
+
+ * NEWS:
+ Bugs 846 and 847
+ [a0ba7ad24812]
+
+ * include/sudo_compat.h:
+ We still need to include string.h for AIX (and possibly others) when
+ we are not using the system memset_r() function and rsize_t is
+ defined by the system headers.
+ [e1f8f7537209]
+
+ * configure, configure.ac, include/sudo_compat.h, mkpkg:
+ Add --enable-package-build to give configure a hint that we are
+ building a package. This can be used to avoid relying on libc
+ functions that may not be present in all libc versions for a
+ particular system. For instance, AIX 7.1 may or may not have
+ memset_s() and getline() present.
+ [7e843bed8435]
+
+ * include/sudo_compat.h:
+ AIX defines rsize_t in string.h, not stddef.h for use by the
+ memset_s() prototype. We use our own memset_s() on AIX since it is
+ not available on all BOS levels which makes package building
+ problematic.
+ [3724b47eadd8]
+
+2018-08-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c:
+ Fix printing of T_TIMESPEC values.
+ [8775c17229a4]
+
+ * plugins/sudoers/iolog.c:
+ Remove unused struct script_buf
+ [fd27f67123b3]
+
+2018-08-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Document when the I/O log timing file entry bug was introduced.
+ [09a75d80487e]
+
+ * NEWS:
+ sync
+ [95fd54c61719]
+
+ * config.h.in, configure, configure.ac, lib/util/gettime.c:
+ HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime()
+ instead.
+ [3ec7d99444c0]
+
+ * src/exec_monitor.c, src/exec_pty.c:
+ Close the pty slave in the parent so that when the command and
+ monitor exit, the pty gets recycled without our having to close it
+ directly.
+ [fec53753cf52]
+
+ * lib/util/term.c, src/exec_monitor.c, src/exec_pty.c, src/sudo.h:
+ Move updating of the window size to the monitor process. This will
+ allow us to close the slave in the main sudo process in the future
+ so only the command and monitor have it open.
+ [07108a1c2edc]
+
+ * configure, configure.ac:
+ sudo 1.8.25
+ [4938ba570787]
+
+ * plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok:
+ Fix test output for bug #845
+ [ee6f2d615bd8]
+
+ * plugins/sudoers/ldap_util.c:
+ Fix pasto when converting sudoNotAfter; from Miguel Sanders Bug #845
+ [69638cd6da60]
+
+2018-08-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * aclocal.m4, config.h.in, configure, configure.ac,
+ include/sudo_util.h, lib/util/gettime.c, lib/util/util.exp.in:
+ Add sudo_gettime_uptime() to measure time while not sleeping.
+ [a128e7d51740]
+
+ * plugins/sudoers/iolog.c:
+ Use a monotonic timer that only runs while not suspended for the
+ iolog timing values and write nsec-precision entries.
+ [7f37f0b24ce7]
+
+2018-08-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * mkpkg:
+ Detect number of CPUs on AIX.
+ [2b7c62b42da2]
+
+ * plugins/sudoers/iolog.c:
+ Fix I/O log timing file on systems without a C99-compatible
+ snprintf(). On those systems we use our own snprintf() that doesn't
+ support floating point. We don't actually need floating point in
+ this case since the we can print seconds and microseconds without
+ using it.
+ [4ea419ac5bee]
+
+ * NEWS:
+ Fix for Bug #844
+ [51cfeb79669c]
+
+ * src/sudo_edit.c:
+ Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY
+ is not. In theory, O_DIRECTORY is redundant when O_SEARCH is
+ specified but it is legal for O_EXEC and O_SEARCH to have the same
+ value. Bug #844
+ [fb75d75c7249]
+
+2018-08-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ sync
+ [2be1b619a06a]
+
+ * plugins/sudoers/starttime.c:
+ Fix get_starttime() on HP-UX.
+ [329a4ad9f4ef]
+
+ * mkpkg:
+ Detect number of CPUs on HP-UX. Use MAKE environment variable if
+ set.
+ [c95ab5d6d392]
+
+ * src/net_ifs.c:
+ Avoid a compilation problem on HP-UX 11.31 with gcc and
+ machine/sys/getppdp.h
+ [b861e894271b]
+
+2018-08-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/Makefile.in:
+ Add CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX
+ executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld is
+ passed the +s flag. This lets the check_symbols test pass on systems
+ where the ldap libraries aren't installed in the standard location.
+ [c2d6d3248fa4]
+
+2018-08-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/Makefile.in:
+ For the lint target, don't stop after the first manual that fails
+ lint.
+ [8a80d8e7b540]
+
+ * plugins/sudoers/timestamp.c:
+ Add debugging info so we can tell why a timestamp record doesn't
+ match.
+ [99ede76f9835]
+
+2018-08-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ typo
+ [8a5a11b921ea]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo,
+ po/da.po:
+ sync with translationproject.org
+ [19f7eba39013]
+
+2018-08-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/iolog.c:
+ Fix the return value of sudoers_io_change_winsize() on success.
+ Otherwise, we only log a single window size change.
+ [d6cdab99f6f9]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ sync with translationproject.org
+ [4109b52f393f]
+
+2018-08-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ sync
+ [1448675b44aa]
+
+2018-08-07 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix ambiguity when talking about Aliases. We can't use User_Alias in
+ the grammar as both the definition of the Alias as well as its name.
+ This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate
+ between the name of the alias and its definition. Bug #834
+ [06678d12306f]
+
+ * doc/cvtsudoers.cat, doc/sudoreplay.cat:
+ regen
+ [d7237381675a]
+
+ * Makefile.in:
+ Warn if unable to run xgettext or msgfmt.
+ [d0cbba35cd49]
+
+2018-08-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/ja.mo,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/vi.mo:
+ sync with translationproject.org
+ [d1deb5cb5eb3]
+
+2018-08-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Refactor code to convert defaults to tags and do conversion on
+ output for "sudo -l".
+
+ Remove the short_list (was long_list) global in favor of a verbose
+ argument.
+ [eae1e1e814e0]
+
+2018-08-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/policy.c:
+ Assign short_list true, not 1 now that it is a boolean.
+ [10354cd29439]
+
+ * plugins/sudoers/fmtsudoers.c:
+ fix typo
+ [ad7e93f375ba]
+
+2018-08-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/rcstr.c:
+ Fix a warning on FreeBSD which has a fancier __containerof
+ implementation.
+ [b5106a524232]
+
+ * plugins/sudoers/po/de.po, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.po, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.po:
+ sync with translationproject.org
+ [ae5353cbeac4]
+
+2018-08-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * aclocal.m4, autogen.sh, config.h.in, configure:
+ Regen with aclocal 1.15.1.
+ [22c02e451333]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ For ldap/sssd, include defaults in the generate privilege unless we
+ are listing in short mode (in which case we convert them to tags if
+ possible). Fixes a problem where sudoOptions were not being applied
+ to the command.
+ [b21267488971]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ update_defaults() needs to be able to take a defaults_list for the
+ ldap/sssd backends which support per-role defaults.
+ [ddbb07881a46]
+
+2018-07-31 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [29c5a09aaeaf]
+
+2018-07-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Update
+ [045b535f84b9]
+
+2018-07-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/file.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ o Move userspecs, defaults and aliases into a new struct
+ sudoers_parse_tree. o The parse tree is now passed to the alias,
+ match and defaults functions. o The nss API has been changed so that
+ the nss parse() function returns a pointer to a struct
+ sudoers_parse_tree which will be filled in by the getdefs() and
+ query() functions.
+ [bddb4676ad0e]
+
+ * lib/util/getgrouplist.c:
+ Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux. For
+ BSD/Linux, getgrouplist(3) will tell us the number of groups if we
+ don't have enough. For AIX, we can count the entries in the group
+ set before allocating the group vector.
+ [c278fd947af4]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/sudoers.h:
+ Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from
+ pam_acct_mgmt() if authentication is disabled for the user. Bug #843
+ [1dc39794cf0d]
+
+2018-07-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Work around a bug on AIX where closing the pty slave causes the main
+ sudo process to lose its controlling tty (which was *not* the pty
+ slave).
+ [649a25b7f864]
+
+ * src/sudo.c:
+ Add missing aix_restoreauthdb() call to match the aix_setauthdb()
+ added in b8a011be9af7. Fixes issues on AIX where local users/groups
+ may not be resolved when some NIS/AD/LDAP is used for users.
+ [16e196a7a337]
+
+ * lib/util/getgrouplist.c:
+ Linux getgrouplist(3) returns the number of groups on success
+ instead of 0 like BSD.
+ [599a89afa4f5]
+
+2018-07-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * mkdep.pl, plugins/sudoers/Makefile.in:
+ When both a .o and .lo file was used in a Makefile, we used to make
+ the .o depend on the .lo. Unfortunately, this creates a race
+ condition for parallel make since libtool is not atomic (it creates
+ a .o and then renames it when building PIC objects for shared libs).
+
+ We always link with libtool so the only reason to prefer the .o over
+ the .lo file is to avoid mixing .o and .lo in the dependencies.
+ That's not a good enough reason so change mkdep.pl to warn when both
+ a .o and .lo are referenced in a Makefile and do nothing else.
+
+ Bug #842
+ [a8d94e6aed9f]
+
+2018-07-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap.c:
+ Avoid duplicate free when netgroup_base is invalid.
+ [5ce39dff77ba]
+
+2018-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/arc4random.h:
+ Use madvise(2) with MADV_WIPEONFORK if available.
+ [a11461409569]
+
+2018-07-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, po/eo.mo,
+ po/eo.po:
+ sync with translationproject.org
+ [01bcfe7b30e5]
+
+ * NEWS:
+ Update.
+ [f5e0b1f909bb]
+
+2018-06-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ sync with schema.OpenLDAP
+ [d83420d8228d]
+
+ * doc/schema.OpenLDAP:
+ RFC 2849 specifies whitespace as the space character only so replace
+ tabs with spaces. Bug #840
+ [e9d5de6365ba]
+
+ * doc/schema.OpenLDAP:
+ Fix typo; bug #839
+ [dee2dad738de]
+
+2018-06-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Should no longer need to set max_groups.
+ [459119b11265]
+
+2018-06-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c,
+ src/sudo.c:
+ Use new sudo_getgrouplist2() function instead of getgrouplist().
+ [8e88b6d3ea6f]
+
+ * configure, configure.ac, include/sudo_compat.h, include/sudo_util.h,
+ lib/util/Makefile.in, lib/util/getgrouplist.c, lib/util/util.exp.in:
+ Add sudo_getgrouplist2() to dynamically allocate the group vector.
+ This allows us to avoid repeatedly calling getgrouplist() with a
+ statically sized vector on macOS, Solaris, HP-UX, and AIX.
+ [55480e2ec7c2]
+
+ * src/conversation.c:
+ Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID
+ 186605.
+ [fb6eb518bc4c]
+
+2018-06-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in,
+ doc/sudoers_timestamp.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
+ doc/visudo.mdoc.in:
+ Fix some issues pointed out by mandoc -Tlint
+ [7ace981c7334]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/conversation.c:
+ Add SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo
+ to try writing to /dev/tty first. Can be used in conjunction with
+ SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
+ [a1e9420a7c5e]
+
+2018-06-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/LICENSE:
+ Update for arc4random.c, arc4random_uniform.c and getentropy.c
+ [168db3c8d590]
+
+2018-06-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/regress/noexec/check_noexec.c:
+ FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell
+ process. Since we've prevented execve() from succeeding this is the
+ error we get back from wordexp() on FreeBSD.
+ [2a7a73de30cf]
+
+2018-06-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/starttime.c:
+ Fix conversion of usec to nsec; from Scott Cheloha
+ [26fa756ea623]
+
+2018-06-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * include/sudo_plugin.h:
+ Fix typo.
+ [504256dc4ccc]
+
+2018-05-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ The getdefs() function now get called multiple times so use the
+ cached data if present.
+ [042be7ccab3c]
+
+ * plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c:
+ Return an empty defaults list, not NULL if there is no global
+ sudoers defaults entry in sss.
+ [8e16de465ee2]
+
+ * plugins/sudoers/file.c:
+ Fix memory leak of handle pointer on close.
+ [e4eb30e611d4]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Remove a needless copy when parsing options.
+ [60fe50b736a9]
+
+ * plugins/sudoers/file.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c:
+ Move cached userspecs and defaults into the handle object.
+ [37e4df73907d]
+
+2018-05-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Quiet a clang analyzer warning. It should not be possible for
+ pop_include() to be called when YY_CURRENT_BUFFER is NULL.
+ [148d79e5a44e]
+
+ * plugins/sudoers/file.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sssd.c:
+ Reorder things to avoid the need to declare static functions.
+ [8f27e69fa9cb]
+
+2018-05-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h,
+ lib/util/Makefile.in, lib/util/arc4random.c, lib/util/arc4random.h,
+ lib/util/arc4random_uniform.c, lib/util/chacha_private.h,
+ lib/util/getentropy.c, lib/util/util.exp.in, mkdep.pl:
+ Import arc4random() from libressl. This takes an all-in-one approach
+ instead of the one-file-per-OS approach that libressl takes. The
+ fallback code does not have as many OS-specific bits as libressl.
+ [310d65e466bd]
+
+ * lib/util/Makefile.in, lib/util/mktemp.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/insults.h:
+ Use arc4random for mkstemp() and insults.
+ [b8c7447756f2]
+
+ * MANIFEST, configure, configure.ac, include/sudo_digest.h,
+ lib/util/Makefile.in, lib/util/digest.c, lib/util/digest_gcrypt.c,
+ lib/util/digest_openssl.c, lib/util/util.exp.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c,
+ plugins/sudoers/filedigest_openssl.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/sudo_ldap.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Move digest code into libutil
+ [c53cf5c508eb]
+
+2018-05-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/cvtsudoers/test25.sh,
+ plugins/sudoers/regress/cvtsudoers/test26.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test26.sh,
+ plugins/sudoers/regress/cvtsudoers/test27.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test27.sh:
+ Check for invalid bas64 attributes.
+ [4218d11c8205]
+
+ * plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/parser/check_base64.c:
+ Fix pointer sign warnings.
+ [5ee724e3956e]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Add missing variable declaration for SELinux and Solaris.
+ [c8084f0508e5]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Handle empty string and treat it as safe.
+ [8029b97d8f4a]
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/cvtsudoers/test26.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test26.sh:
+ Add support for base64-encoding non-safe strings in LDIF output.
+ [b9fd1795f4ee]
+
+2018-05-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/base64.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_base64.c:
+ Add base64_encode() by Jon Mayo.
+ [a893ec3dc667]
+
+2018-05-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/cvtsudoers/test25.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test25.sh:
+ Add support for parsing base64-encoded attributes
+ [262dd9a526de]
+
+2018-05-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok:
+ rfc2253 says we need to escape " and leading and trailing space.
+ [1c0105a5eb1b]
+
+ * configure, configure.ac:
+ Define ZLIB_CONST so we get the const version of the API.
+ [71a629d0eb4b]
+
+2018-05-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/parse.c:
+ Fix logic inversion when handing the authenticate Defaults option
+ for "sudo -l" and "sudo -v" in long list mode.
+ [f8157d4c4f03]
+
+ * plugins/sudoers/sssd.c:
+ Set handle->pw before sss_to_sudoers() since sss_check_user() uses
+ it. Coverity CID 185651
+ [fa646e569352]
+
+ * plugins/sudoers/ldap_util.c:
+ Fix memory leak on error, CID 185602
+ [31c1ab085985]
+
+ * plugins/sudoers/ldap.c:
+ Some ldap_get_values_len -> sudo_ldap_get_values_len that were
+ missed before.
+ [d7f1877531be]
+
+ * plugins/sudoers/ldap_util.c:
+ When building up the cmndspec, add the actual command member last.
+ This simplifies the logic regarding the SETENV tag and alsomakes
+ "out of memory" cleanup simpler.
+ [d704f3b09ac1]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Fix format string mismatch, sudo_order is unsigned.
+ [ecc398e45b0a]
+
+ * plugins/sudoers/pwutil.c:
+ Add cppcheck annotation to suppress memory leak false positive.
+ [d4a0ae57c372]
+
+ * plugins/sudoers/ldap_util.c:
+ Sudo "ALL" implies the SETENV tag.
+ [7abc653b4d39]
+
+ * src/parse_args.c:
+ Only set MODE_PRESERVE_ENV when preserving the entire environment.
+ Fixes a problem introduced in 1.8.23 where "sudo -i" could not be
+ used in conjunction with --preserve-env=VARIABLE. Bug #835
+ [8ea75ca8fbd2]
+
+2018-05-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/file.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
+ Add free_userspecs() and free_default() and use them instead of
+ looping over the lists and calling free_userspec() and
+ free_default().
+ [797221539242]
+
+ * configure, configure.ac:
+ Depending on the bos level, AIX 6.1 may or may not include
+ getline/getdelim and AIX 7.1 may or may not include memset_s. Since
+ we need to build packages that will work on all AIX 6.1 and 7.1
+ machines, use our getline() and memset_s emulation.
+ [f5c427076b2c]
+
+2018-05-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap_util.c:
+ Do not leak struct sudo_command when the command is ALL. Coverity
+ CID 185602.
+ [d71ca4bc06bc]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.24
+ [7df3df9a3907]
+
+ * plugins/sudoers/sssd.c:
+ Improve comments about why we need to do a user check and how it
+ related to netgroups.
+ [605234ed0935]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Add checks for ldap/sss functions failing due to memory allocation
+ errors.
+ [0dfeb0d8ecf5]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Let the main sudoers lookup code check the host name. We still check
+ the user name so it is possible to use a single userspec but this
+ may change in the future.
+ [a74699b90213]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/file.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Simplify the nss interface such that each sudoers provider fills in
+ a per-nss list of userspecs and defaults instead of using separate
+ lookup and list functions. This makes it possible to have a single
+ implementation of the code for sudoers lookup and listing.
+ [50de9302de01]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c,
+ plugins/sudoers/filedigest_openssl.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
+ plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
+ Include parse.h in sudoers.h since it will soon be required.
+ [196abb590d96]
+
+ * plugins/sudoers/ldap_util.c:
+ Parse "ALL" as a command correctly.
+ [d969e7dfdbbc]
+
+2018-05-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ Add debug warning if lseek() fails (should not be possible).
+ [d568dc923c7d]
+
+ * plugins/sudoers/match.c:
+ Fix swapped args of lseek() when rewinding. This didn't cause a
+ problem because the value of SEEK_SET is 0.
+ [142591a3f333]
+
+2018-05-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/parser/check_hexchar.c:
+ Fix a format-truncation warning in newer gcc by avoiding using %0x
+ and %0X in the test. We are formatting a single byte so just do it
+ one nybble at a time.
+ [7c594a63598f]
+
+ * configure:
+ Regen with autoconf git commit
+ e17a30e987d7ee695fb4294a82d987ec3dc9b974 AC_HEADER_MAJOR: port to
+ glibc 2.25
+ [9fe77765c768]
+
+2018-05-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ No need to explicitly free role on EOF, it will be freed after the
+ loop is done.
+ [8d08c06b7622]
+
+ * plugins/sudoers/policy.c:
+ Garbage collect the command argv, envp and info vectors since they
+ are not available at policy close time.
+ [de22290a8ec5]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Plug memory leaks on parse error or when an LDIF entry doesn't match
+ the dn filter.
+ [4f48e740eed1]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Rename variables now that the string list functions are not ldap-
+ specific.
+ [640497f70551]
+
+2018-04-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ Fix typo
+ [6466295ba962]
+
+2018-04-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * configure, configure.ac:
+ fix version
+ [bfed601130b5]
+
+ * NEWS:
+ sync
+ [1c382f2aff27]
+
+ * configure, configure.ac, plugins/sudoers/po/zh_CN.mo,
+ plugins/sudoers/po/zh_CN.po, po/zh_CN.mo, po/zh_CN.po:
+ sync with translationproject.org
+ [ec28ff5acbd6]
+
+2018-04-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ O_EXEC for fexecve() not O_SEARCH.
+ [a156d8b38f31]
+
+ * doc/TROUBLESHOOTING:
+ Document how to suppress the last login message on Solaris.
+ [2926b670aca4]
+
+2018-04-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ Fix compilation error with older Sun Studio compilers.
+ [0f735611642d]
+
+ * NEWS:
+ Update Bug #831 decription.
+ [d5e6a2a807b8]
+
+ * MANIFEST, doc/CONTRIBUTORS, po/zh_TW.mo, po/zh_TW.po:
+ Add Chinese(Taiwan) translation for sudo.
+ [5a4ba6769cca]
+
+ * plugins/sudoers/match.c:
+ Move the check for /dev/fd/N until *after* the digest has been
+ checked. We still need to be able to check the digest even if there
+ is no /dev/fd/N or fexecve().
+ [e0e086b4e764]
+
+2018-04-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ Rewind the fd after calling sudo_filedigest(). Otherwise, when
+ running a script via fexecve(), the interpreter may get EOF when
+ reading /dev/fd/N. This only appears to affect BSD systems with
+ fdescfs. Bug #831.
+ [d79f5125cc73]
+
+ * plugins/sudoers/match.c:
+ In open_cmnd(), return true, not false, if we the /dev/fd/N pathname
+ is not present. We don't want to fail a match because of this.
+ [72c4b499c019]
+
+ * NEWS:
+ Bug #831.
+ [700646725f45]
+
+ * plugins/sudoers/match.c:
+ We can only use fexecve() on a script if /dev/fd/N exists. Some
+ systems, such as FreeBSD, don't have /dev/fd mounted by default. Bug
+ #831
+ [30f7c5d64104]
+
+2018-04-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po,
+ plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po,
+ plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
+ plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo,
+ po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
+ po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo,
+ po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo,
+ po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo,
+ po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo,
+ po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ sync with translationproject.org
+ [a786a841f30a]
+
+2018-04-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po,
+ plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po,
+ plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
+ plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo,
+ po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
+ po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo,
+ po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo,
+ po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo,
+ po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo,
+ po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ sync with translationproject.org
+ [268a65ce44cb]
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test23.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test23.sh,
+ plugins/sudoers/regress/cvtsudoers/test24.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test24.sh:
+ Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers
+ and LDIF -> sudoers -> LDIF.
+ [370d4ba4dbb8]
+
+2018-04-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/regress/cvtsudoers/test22.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test22.sh:
+ Test the -b option when converting from LDIF.
+ [4d65c7c2ed01]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Fix the -b option when converting from LDIF.
+ [f3c1e4dbd61e]
+
+2018-04-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo,
+ po/it.po:
+ sync with translationproject.org
+ [1953956c60fe]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Fix some more typos.
+ [87fde92a1fa4]
+
+ * doc/Makefile.in:
+ mandoc now preserves the copyright notice, no need to do it
+ ourselves
+ [2c3f6841941a]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Describe the special handling of LOGNAME, USER and USERNAME. Fix
+ typos reported by aspell.
+ [e89bd28f4530]
+
+ * src/load_plugins.c:
+ Fix a memory leak on the error path.
+ [db5a4678e0e4]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that the editor setting is also used by sudoedit.
+ [2ae14439efd7]
+
+2018-04-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
+ Plug memory leak when an I/O plugin is specified in sudo.conf but
+ the I/O plugin is not configured.
+ [5b5086d7152a]
+
+ * INSTALL, MANIFEST, NEWS, config.h.in, configure, configure.ac,
+ plugins/sudoers/Makefile.in, plugins/sudoers/ins_python.h,
+ plugins/sudoers/insults.h:
+ Monty Python insults from Philip Hudson
+ [8330cfc5ea19]
+
+2018-04-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ add examples
+ [830ff26a0dbc]
+
+ * doc/sudo.conf.man.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in,
+ doc/visudo.man.in:
+ Update copyright year and regen man pages.
+ [6385891ebaa3]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo,
+ po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
+ po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo,
+ po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo,
+ po/uk.po:
+ sync with translationproject.org
+ [3495b17becb0]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c:
+ Prune alias contents when pruning and expanding aliases. This abuses
+ the userlist_matches_filter() and hostlist_matches_filter()
+ functions. A better approach would be to call the correct function
+ from user_matches() and host_matches().
+ [0ae5f351b09f]
+
+ * MANIFEST, examples/sudoers, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/cvtsudoers/sudoers,
+ plugins/sudoers/regress/cvtsudoers/sudoers.defs,
+ plugins/sudoers/regress/cvtsudoers/test1.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test1.sh,
+ plugins/sudoers/regress/cvtsudoers/test10.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test10.sh,
+ plugins/sudoers/regress/cvtsudoers/test11.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test11.sh,
+ plugins/sudoers/regress/cvtsudoers/test12.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test12.sh,
+ plugins/sudoers/regress/cvtsudoers/test13.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test13.sh,
+ plugins/sudoers/regress/cvtsudoers/test14.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test14.sh,
+ plugins/sudoers/regress/cvtsudoers/test15.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test15.sh,
+ plugins/sudoers/regress/cvtsudoers/test16.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test16.sh,
+ plugins/sudoers/regress/cvtsudoers/test17.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test17.sh,
+ plugins/sudoers/regress/cvtsudoers/test18.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test18.sh,
+ plugins/sudoers/regress/cvtsudoers/test19.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test19.sh,
+ plugins/sudoers/regress/cvtsudoers/test2.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test2.sh,
+ plugins/sudoers/regress/cvtsudoers/test20.conf,
+ plugins/sudoers/regress/cvtsudoers/test20.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test20.sh,
+ plugins/sudoers/regress/cvtsudoers/test21.conf,
+ plugins/sudoers/regress/cvtsudoers/test21.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test21.sh,
+ plugins/sudoers/regress/cvtsudoers/test3.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test3.sh,
+ plugins/sudoers/regress/cvtsudoers/test4.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test4.sh,
+ plugins/sudoers/regress/cvtsudoers/test5.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test5.sh,
+ plugins/sudoers/regress/cvtsudoers/test6.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test6.sh,
+ plugins/sudoers/regress/cvtsudoers/test7.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test7.sh,
+ plugins/sudoers/regress/cvtsudoers/test8.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test8.sh,
+ plugins/sudoers/regress/cvtsudoers/test9.out.ok,
+ plugins/sudoers/regress/cvtsudoers/test9.sh:
+ cvtsudoers regress tests
+ [72fd218b5036]
+
+2018-04-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ Fix typo
+ [e572c36919b7]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Fix cut & pasto that prevented "-d command" from working.
+ [6e4ff7f23d0a]
+
+2018-04-13 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y:
+ Fix a user after free crash as well as a memory leak when filtering
+ Defaults.
+ [9bdd404ae6a4]
+
+2018-04-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ Document that a User_Alias or Host_Alias may be used in the match
+ filter.
+ [49b9306a6a6d]
+
+ * plugins/sudoers/fmtsudoers.c:
+ Don't always expand aliases when formatting a host-based Defaults
+ line. This was missed when expand_aliases support was added.
+ [ef12a033306c]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Allow host and user aliases to be specified in match filters.
+ [6bc8c0da4578]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update copyright year.
+ [e9c2eb23def1]
+
+2018-04-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/da.mo,
+ po/da.po, po/hr.mo, po/hr.po, po/hu.mo, po/hu.po, po/pt_BR.mo,
+ po/pt_BR.po, po/tr.mo, po/tr.po:
+ sync with translationproject.org
+ [4a0811073374]
+
+2018-04-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/parse.h:
+ When the -d option is used, remove aliases used by the non-converted
+ Defaults settings if the aliases are not also referenced by
+ userspecs.
+ [d07c4254b3dd]
+
+2018-04-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [9a4d88b2a965]
+
+ * NEWS:
+ update
+ [6ef9dde8fc9a]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ Mention -p and -M options in the description of -m.
+ [b20abfd14164]
+
+2018-04-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo_edit.c:
+ Check sudoedit temporary directory for writability before using it.
+ [1e29ade3f4b2]
+
+ * plugins/sudoers/regress/starttime/check_starttime.c:
+ Use btime in /proc/stat to determine system start time instead of
+ /proc/uptime. Fixes the process start time test when run from a
+ container where /proc/uptime is the uptime of the container but the
+ process start time is relative to the host system boot time. Bug
+ #829
+ [65ba61e55011]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ Add option to prune non-matching entries from cvtsudoers output with
+ -m option is used.
+ [9a69ba35389d]
+
+2018-04-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
+ Allow defaults types and suppression list to be specified in the
+ config file.
+ [62dd7a96ac9b]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/parse.h, plugins/sudoers/visudo.c:
+ Refactor common alias code out of cvtsudoers and visudo and into
+ alias.c.
+ [b3ba3e6f24d2]
+
+2018-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/cvtsudoers.c:
+ Avoid NULL deref in an error path. CID 183467
+ [38ea56670f18]
+
+ * plugins/sudoers/cvtsudoers.c:
+ No need to initialize the last pointer passed to strtok_r(). This
+ was originally added to appease newer gcc but no longer seems to be
+ required. CID 183466, CID 183468, CID 183469
+ [b0a9b90603e1]
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ Avoid false positive NULL dereference by uses value.u.string instead
+ of name as the former is guaranteed not to be NULL. Fixes CID
+ 183465.
+ [c896d10f5626]
+
+2018-03-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [8a88e162fd0b]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Add a section on convertion from file-based sudoers.
+ [033c797b229d]
+
+2018-03-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c:
+ Add support for "cvtsudoers -d all"
+ [62e748b70105]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
+ Add -d option to control what type of Defaults entries are
+ converted.
+ [b723f0dae5c7]
+
+2018-03-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ In pty_close() we still need to check whether the pty master and
+ slave fds are open before closing them. When no tty is present but
+ we are I/O logging pty_close() will be called when there is no
+ actual pty in use.
+ [59201fb78427]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/sudo.conf.cat,
+ doc/sudoers_timestamp.cat, doc/visudo.cat:
+ regen
+ [186f3b58daf5]
+
+2018-03-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgignore:
+ ignore *.ldif2sudo regress output
+ [8d57e8a0013f]
+
+ * src/exec_pty.c:
+ In pty_close() there is no need to remove events associated with the
+ pty slave as there are none. We also don't need to check for the pty
+ fds being -1 since they are not closed elsewhere and pty_close() is
+ only called if pty_setup() succeeds.
+ [585a47fb5a8b]
+
+2018-03-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/Makefile.in, doc/cvtsudoers.mdoc.in:
+ Move cvtsudoers to section 1.
+ [69adcb2d24ff]
+
+ * src/exec_pty.c:
+ In pty_close() close the slave and remove any events associated with
+ it. Fixes a potential hang when performing the final flush on non-
+ BSD systems.
+ [40159d852c2d]
+
+2018-03-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap_util.c:
+ Fix typo in strcmp(), we are comparing var not val.
+ [07ccd7bae4f6]
+
+ * MANIFEST:
+ sync
+ [7960511e39dd]
+
+ * NEWS:
+ sync
+ [c655e7111ce9]
+
+2018-03-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [ff7b545844fb]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.h:
+ Add -M option to cvtsudoers to force the use of the local passwd and
+ group databases when matching.
+ [ea58e2765a40]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c:
+ Add cvtsudoers command line option to suppress certain parts of the
+ security policy. Can be used to suppress displaying of Defaults
+ entries, aliases or privileges.
+ [b243efa695e6]
+
+2018-03-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/parser/check_gentime.c:
+ Silence a false positive from the clang static analyzer.
+ [bfde0594783e]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h:
+ Silence a false positive from the clang static analyzer.
+ [5257e321158d]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Fix memory leak on error path.
+ [1a13732abfd5]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [c139b8bed3c1]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_ldif.c:
+ Move cvtsudoers string functions into cvtsudoers.c
+ [4b5b799e7abc]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [6ecb37e35c9f]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/parse.h:
+ Initial support filtering by user, group and host in cvtsudoers.
+ Currently forces alias expansion when a filter is applied and the
+ entire matching user or host list is printed, even the non-matching
+ entries. This effectively allows you to grep sudoers by user, group
+ and host.
+ [0adbf8d38eb4]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h:
+ Add free_default() to free a struct defaults pointer so we have a
+ single place where we free the defaults. A pointer to the previous
+ Default's binding may be passed in to avoid freeing an already free
+ binding.
+ [9d9ef007ee88]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Decrease bullet width to 1n.
+ [e6f3776fd72e]
+
+2018-03-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/sudo.c:
+ Add aix_setauthdb() before the initial getpwuid() call.
+ [b8a011be9af7]
+
+2018-03-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h:
+ fix compilation on Solaris
+ [e31019b5f545]
+
+2018-03-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ Make "sudoreplay -m 0" skip the pauses entirely.
+ [d9a7fc9f5720]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Document that a negative value for -m will elmininate the pauses.
+ [a025e96abb47]
+
+2018-03-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/testsudoers.c:
+ Update copyright date, remove unneeded include and add a few
+ comments.
+ [ac1bccd631e5]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/regress/sudoers/test10.out.ok,
+ plugins/sudoers/regress/sudoers/test11.out.ok,
+ plugins/sudoers/regress/sudoers/test12.out.ok,
+ plugins/sudoers/regress/sudoers/test13.out.ok,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test15.out.ok,
+ plugins/sudoers/regress/sudoers/test16.out.ok,
+ plugins/sudoers/regress/sudoers/test17.out.ok,
+ plugins/sudoers/regress/sudoers/test18.out.ok,
+ plugins/sudoers/regress/sudoers/test19.out.ok,
+ plugins/sudoers/regress/sudoers/test2.out.ok,
+ plugins/sudoers/regress/sudoers/test20.out.ok,
+ plugins/sudoers/regress/sudoers/test21.out.ok,
+ plugins/sudoers/regress/sudoers/test22.out.ok,
+ plugins/sudoers/regress/sudoers/test3.out.ok,
+ plugins/sudoers/regress/sudoers/test4.out.ok,
+ plugins/sudoers/regress/sudoers/test5.out.ok,
+ plugins/sudoers/regress/sudoers/test6.out.ok,
+ plugins/sudoers/regress/sudoers/test7.out.ok,
+ plugins/sudoers/regress/sudoers/test8.out.ok,
+ plugins/sudoers/regress/sudoers/test9.out.ok,
+ plugins/sudoers/testsudoers.c:
+ Use fmtsudoers functions in testsudoers.
+ [be27df4a5291]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test22.in,
+ plugins/sudoers/regress/sudoers/test22.json.ok,
+ plugins/sudoers/regress/sudoers/test22.ldif.ok,
+ plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test22.out.ok,
+ plugins/sudoers/regress/sudoers/test22.sudo.ok,
+ plugins/sudoers/regress/sudoers/test22.toke.ok:
+ Add test for empty runas user list.
+ [5598cf4c3329]
+
+ * plugins/sudoers/testsudoers.c:
+ Don't print an empty user list as ALL.
+ [806ee09f854d]
+
+ * plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h:
+ In sudoers_format_userspecs make the separator optional and silence
+ a printf format warning.
+ [62c576cbec4b]
+
+ * plugins/sudoers/starttime.c:
+ Use correct defines when checking for sysctl kinfo_proc support.
+ [6017e45d14b9]
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ Fix crash when converting sudoers entry with a runas list that is
+ present but empty.
+ [ff6b9ef53c6b]
+
+2018-03-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/starttime.c,
+ plugins/sudoers/sudoers.c, src/regress/ttyname/check_ttyname.c,
+ src/tgetpass.c, src/ttyname.c:
+ Less confusing sysctl checks for kinfo_proc.
+ [553f6b3f9c3b]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c:
+ Add case_insensitive_group and case_insensitive_user sudoers
+ options, which are enabled by default.
+ [bd74d8b7fe83]
+
+2018-03-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/fmtsudoers.c:
+ Kill dead store found by clang-analyzer.
+ [af2021d3d396]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok,
+ plugins/sudoers/regress/sudoers/test3.ldif.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif.ok,
+ plugins/sudoers/sssd.c:
+ Initial support for adding comments that will be emitted when
+ sudoers is formatted. Currently adds a comment for the source
+ sudoRole when converting from ldif -> sudoers.
+ [bf2e7f48f452]
+
+ * lib/util/lbuf.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h:
+ Special case comment lines in lbufs.
+ [10d6d229ffae]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Handle escaped commas when skipping over the cn.
+ [61aed7ff5e1c]
+
+2018-03-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c,
+ plugins/sudoers/parse.h:
+ When formatting as sudoers, flush the lbuf after each userspec.
+ [060266dd440c]
+
+2018-03-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok:
+ Add tests for round-tripping sudoers -> ldif -> sudoers
+ [72e3e73fb612]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Add missing sudoOrder support to parse_ldif().
+ [8c5e9f22f0da]
+
+ * plugins/sudoers/ldap_util.c:
+ Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and
+ expand support for NOMAIL tags.
+ [2820c8333381]
+
+ * plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok,
+ plugins/sudoers/regress/sudoers/test3.ldif.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif.ok:
+ Don't emit an empty sudoRole for global defaults if there are none.
+ [2a69dccb7071]
+
+ * plugins/sudoers/ldap_util.c:
+ Avoid changing the order of non-negated hosts and commands. We still
+ put negated hosts/commands at the end of the list.
+ [e1aea92dd6dc]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Handle parsing boolean options that have no explicit value.
+ [b5d597faa23d]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Refactor the code that actually converts the role to sudoers format
+ into role_to_sudoers() now that it is more involved than just
+ calling sudo_ldap_role_to_priv().
+ [b876171ff96e]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ When merging two privileges, use the runas lists of the previous
+ privilege when possible. Otherwise, the generated sudoers line will
+ include a runas list for commands that is not necessary.
+ [337b49451947]
+
+2018-03-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/match.c:
+ Use a case-insensitive comparison when matching user and group names
+ in sudoers with the passwd or group database. This can be necessary
+ when users and groups are stored in AD or LDAP.
+ [bfccb8acc3e9]
+
+ * plugins/sudoers/Makefile.in:
+ Fix clean target for *.sudo regress files
+ [6f52a4aef93a]
+
+ * .hgignore:
+ ignore more binaries
+ [9adf244d0e9e]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Fix use of uninitialized variable (conf) if sudoers_debug_register()
+ happens to fail.
+ [0ef1765f14f4]
+
+2018-02-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Split conversion code out of parse_ldif() and into
+ ldif_to_sudoers().
+ [27c8b7001735]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Quiet a clang analyzer warning.
+ [21102c27dcce]
+
+ * MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/ldap_common.c,
+ plugins/sudoers/ldap_util.c:
+ rename ldap_common.c -> ldap_util.c
+ [3093bdbb8a9b]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ When converting from ldif to sudoers, sudoRole objects with the same
+ user if possible. If both user and host are the same, merge into a
+ single privilege. This makes it possible to convert a sudoers entry
+ like:
+
+ aaron shanty = NOEXEC: /usr/bin/vi, /usr/bin/more, EXEC: /bin/sh
+
+ to ldif and then back to sudoers as a single line. Currently, the
+ ldif entries to be merged must have the same or adjacent sudoOrder
+ attributes.
+ [74e5cef2e849]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ plug memory leaks
+ [a5268668c397]
+
+ * src/parse_args.c:
+ Restore line to set MODE_PRESERVE_ENV in flags when the -E command
+ line option is used. The caller doesn't check MODE_PRESERVE_ENV
+ these days but parse_args uses it to detect usage errors when -E is
+ used along with a mutually excusive option. Problem found by Yuriy
+ Vostrikov.
+ [b511e35d9be4]
+
+2018-02-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add missing close parenthesis in "Including other files from within
+ sudoers" section. Bug #824
+ [3335cb2ce29f]
+
+2018-02-25 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap_common.c:
+ When converting from LDAP to sudoers, put negated hosts and commands
+ at the end of the list. Since LDAP doesn't guarantee attribute order
+ we need to make sure negated entries always override non- negated
+ ones.
+ [0ebff259c521]
+
+2018-02-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c:
+ We may need the hostname to resolve %h escapes in include files.
+ [3e57710762d3]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c:
+ Setting a sudoOrder start point of 0 will disable creation of
+ sudoOrder attributes in the resulting LDIF output.
+ [4107f61b431b]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Don't need to fill in struct sudo_user since we don't do matching.
+ [cdc876d298b5]
+
+ * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in,
+ doc/cvtsudoers.mdoc.in, pathnames.h.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c:
+ Add support for setting default options in a config file. In
+ addition to expand_aliases, input_format and output_format, both the
+ initial sudoOrder and the increment when updating sudoOrder for
+ subsequent sudoRole objects can be specified. Command line options
+ have also been added for the start order and increment.
+ [d3121c039ddf]
+
+2018-02-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ cvtsudoers can now read LDIF
+ [99b7ed30c754]
+
+ * doc/UPGRADE:
+ Fix a typo.
+ [87f635970a5d]
+
+ * plugins/sudoers/fmtsudoers.c:
+ Deal with user_name not being set in cvtsudoers.
+ [421bb1dbff57]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_common.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_ldap.h:
+ Initial support for parsing sudoers LDIF files in cvtsudoers. This
+ makes it possible to convert from LDAP sudoers to a traditional
+ sudoers file. Semantic differences between file sudoers and LDAP
+ sudoers mean that LDIF -> sudoers is not completely equivalent.
+ [ddf513e2778f]
+
+2018-02-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/sudoers/test14.ldif.ok:
+ Fix LDIF conversion of commands with an associated digest.
+ [590ab0cb58e4]
+
+ * plugins/sudoers/ldap_common.c:
+ In array_to_member_list() use the correct type for netgroups and
+ user groups.
+ [359947d19131]
+
+ * plugins/sudoers/fmtsudoers.c:
+ Prepend digest to command if present. Fix printing of group IDs and
+ non-unix groups.
+ [5f9834b4bcbc]
+
+ * plugins/sudoers/cvtsudoers_json.c:
+ Fix gcc false positive for uninitialized variable
+ [d250b862c1ed]
+
+2018-02-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * pp:
+ Update Polypkg to the latest version from git.
+ [204ebffb502f]
+
+ * config.h.in, configure, configure.ac, src/sudo.c:
+ Use setpassent() and setgroupent() on systems that support it to
+ keep the passwd and group database open. Sudo does a lot of passwd
+ and group lookups so it can be beneficial to just leave the file
+ open.
+ [3d2d5bca9670]
+
+2018-02-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c:
+ Add option to cvtsudoers to expand aliases in the output.
+ [1af56459fd7d]
+
+ * plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/regress/sudoers/test1.json.ok,
+ plugins/sudoers/regress/sudoers/test14.json.ok,
+ plugins/sudoers/regress/sudoers/test15.json.ok,
+ plugins/sudoers/regress/sudoers/test16.json.ok,
+ plugins/sudoers/regress/sudoers/test17.json.ok,
+ plugins/sudoers/regress/sudoers/test19.json.ok,
+ plugins/sudoers/regress/sudoers/test2.json.ok,
+ plugins/sudoers/regress/sudoers/test6.json.ok:
+ Fix conversion of "ALL" in the JSON output format, which was being
+ printed as an alias.
+ [3f7869688820]
+
+ * INSTALL, configure, configure.ac:
+ Clarify that --with-rundir and --with-vardir take sudo-specific
+ directory, e.g. /var/run/sudo and not just /var/run. Bug #823
+ [e1913085e544]
+
+ * src/exec_pty.c:
+ In pty_cleanup() we need to call sudo_term_restore() even if no I/O
+ plugins are present as long as /dev/tty exists. Fixes the use_pty
+ case with no I/O plugins.
+ [82fecef72998]
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in,
+ plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c:
+ Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags.
+ Similar the dispatch function in libevent.
+ [61e588fd50d0]
+
+ * INSTALL, configure, configure.ac, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4:
+ Use /run in preference to /var/run if it exists. Bug #822
+ [ec2febe6f8a3]
+
+2018-02-14 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ mention common sudoers formatting changes
+ [b32825ca3e2f]
+
+2018-02-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap.h,
+ plugins/sudoers/sudo_ldap_conf.h:
+ Move LDAP configuration bits into ldap_conf.c
+ [1673e3c7855a]
+
+2018-02-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c:
+ No longer need to include stddef.h
+ [a10a13dc73c7]
+
+ * plugins/sudoers/iolog.c:
+ Remove dead store, found by cppcheck.
+ [744e99ffc82e]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h:
+ simplify iterator
+ [944fd546ec98]
+
+ * plugins/sudoers/mkdir_parents.c:
+ Silence a false positive from cppcheck.
+ [f94421968d8e]
+
+ * plugins/sudoers/tsdump.c:
+ Cast version to int when printing. Avoids a cppcheck warning.
+ [3312bec4f1e3]
+
+2018-02-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h:
+ Use an iterator instead of fragile pointer arithmetic to iterate
+ over value arrays in sudo_ldap_role_to_priv().
+ [61752c5f3427]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c:
+ Move sudoers formatting code into fmtsudoers.
+ [ff25291c99f4]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse.c:
+ Clean up some XXX in parse.c
+ [19854e7d8ac7]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
+ Rename sudo_file_append_default() -> sudo_lbuf_append_default() and
+ use it for ldap and sssd too.
+ [dae22810f2dd]
+
+ * MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/ldap_common.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h:
+ Move common bits of ldap to sudoers conversion into ldap_common.c
+ and use it in sssd.c.
+ [5cca03f64b77]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h:
+ Convert ldap results into a sudoers userspec so we can use the "sudo
+ -l" output functions in parse.c.
+ [1422e10dc274]
+
+2018-02-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * sudo.pp:
+ Don't mark sudoers.dist volatile, it only gets used on systems that
+ don't have the concept of volatile files.
+ [c47fd17e62e3]
+
+2018-02-05 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.h:
+ Refactor member freeing code into free_member(). Refactor userspec
+ freeing code into free_userspec().
+ [ccc95e8b9f69]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Fix compilation with glibc where stdout is not constant.
+ [97a0302c29c8]
+
+2018-02-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap.c:
+ For "sudo -l", if a word includes spaces, print it in double quotes.
+ Also escape spaces in the command path. This matches the sudoers
+ quoting rules.
+ [04ace6decf3a]
+
+2018-02-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/ldap.c:
+ Display sudoNotBefore and sudoNotAfter in "sudo -l"
+ [ef7de4c8aa9e]
+
+ * plugins/sudoers/parse.c:
+ For "sudo -l", if a word includes spaces, print it in double quotes.
+ Also escape spaces in the command path. This matches the sudoers
+ quoting rules.
+ [fa12a254657c]
+
+ * plugins/sudoers/cvtsudoers.c:
+ Add back printing of negation operator ('!') when printing a word
+ with spaces in it.
+ [c69706a91817]
+
+ * plugins/sudoers/Makefile.in:
+ Use visudo to validate "cvtsudoers -f sudoers" output.
+ [06bae7204926]
+
+ * plugins/sudoers/regress/sudoers/test21.in,
+ plugins/sudoers/regress/sudoers/test21.json.ok,
+ plugins/sudoers/regress/sudoers/test21.ldif.ok,
+ plugins/sudoers/regress/sudoers/test21.out.ok,
+ plugins/sudoers/regress/sudoers/test21.toke.ok:
+ Remove syslog_goodpri and syslog_badpri without a value that causes
+ visudo to report an error.
+ [c1f696e49f49]
+
+ * plugins/sudoers/cvtsudoers.c:
+ When outputting sudoers, if a word includes spaces, print it in
+ double quotes. Also escape spaces in the command path.
+ [d040c1a21277]
+
+2018-02-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/parse.h, plugins/sudoers/visudo.c:
+ Add sudoers output format to cvtsudoers. In the future this may be
+ used with filters to emit a partial sudoers file instead of a full
+ one.
+ [533d2c389213]
+
+ * plugins/sudoers/parse.c:
+ When printing a member name, quote sudoers special characters unless
+ it is a UID/GID, in which case we print the '#' unquoted.
+ [e4e8154c4fe9]
+
+ * plugins/sudoers/parse.c, plugins/sudoers/parse.h:
+ Move SUDOERS_QUOTED define to parse.h
+ [a813ec4acb5f]
+
+2018-01-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/timestamp.c:
+ Remove extraneous break statement and fix some whitespace.
+ [39df566c33e3]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ The max timeout for kernel time stamps is 60 minutes, not 3600
+ minutes.
+ [95be88c4f106]
+
+2018-01-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/testsudoers.c:
+ Check the return value of sudoers_debug_register(). Coverity CID
+ 182574
+ [fb5449acdafd]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Fix memory leak, su->count is now 0 when it is unused, not 1.
+ Covertity CID 182573
+ [77019ded8f84]
+
+ * plugins/sudoers/cvtsudoers_ldif.c:
+ Quiet a clang analyzer false positive.
+ [ef04f7069df4]
+
+ * plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif.ok:
+ Quote special characters when creating the cn as per RFC2253
+ [e49ff28c1fd7]
+
+ * NEWS, configure, configure.ac, doc/UPGRADE:
+ Sudo 1.8.23
+ [e364ed057d1d]
+
+ * doc/LICENSE:
+ Remove the C-style comment charactes from the getopt_long.c and
+ inet_pton.c license text as it was inconsistent with the rest of the
+ file and messed up the html formatting.
+ [a26679d2d0a7]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers2ldif,
+ sudo.pp:
+ Remove sudoers2ldif, it has been replaced by cvtsudoers.
+ [7563cc3768c2]
+
+2018-01-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c:
+ Add -b option to specify the base dn.
+ [7cd4c46c33bf]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
+ Document limitations of LDIF conversion.
+ [e8c84362f084]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c:
+ Switch the default output format to LDIF
+ [a677c7b72a90]
+
+ * plugins/sudoers/visudo.c:
+ Execute cvtsudoers if the user runs "visudo -x" but also emit a
+ warning.
+ [53ec45a847d2]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/visudo.c:
+ Revert 04ec05108b2b, change the default input source back to stdin.
+ [df8d94f1bab4]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.ldif.ok,
+ plugins/sudoers/regress/sudoers/test10.ldif.ok,
+ plugins/sudoers/regress/sudoers/test11.ldif.ok,
+ plugins/sudoers/regress/sudoers/test12.ldif.ok,
+ plugins/sudoers/regress/sudoers/test13.ldif.ok,
+ plugins/sudoers/regress/sudoers/test14.ldif.ok,
+ plugins/sudoers/regress/sudoers/test15.ldif.ok,
+ plugins/sudoers/regress/sudoers/test16.ldif.ok,
+ plugins/sudoers/regress/sudoers/test17.ldif.ok,
+ plugins/sudoers/regress/sudoers/test18.ldif.ok,
+ plugins/sudoers/regress/sudoers/test19.ldif.ok,
+ plugins/sudoers/regress/sudoers/test2.ldif.ok,
+ plugins/sudoers/regress/sudoers/test20.ldif.ok,
+ plugins/sudoers/regress/sudoers/test21.ldif.ok,
+ plugins/sudoers/regress/sudoers/test3.ldif.ok,
+ plugins/sudoers/regress/sudoers/test4.ldif.ok,
+ plugins/sudoers/regress/sudoers/test5.ldif.ok,
+ plugins/sudoers/regress/sudoers/test6.ldif.ok,
+ plugins/sudoers/regress/sudoers/test7.ldif.ok,
+ plugins/sudoers/regress/sudoers/test8.ldif.ok,
+ plugins/sudoers/regress/sudoers/test9.ldif.ok:
+ Add LDIF conversion to sudoers tests
+ [997b79da8874]
+
+ * plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/cvtsudoers_ldif.c,
+ plugins/sudoers/regress/sudoers/test19.json.ok:
+ Add notbefore and notafter support to the backends.
+ [be50db300eda]
+
+2018-01-27 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * README.LDAP:
+ cvtsudoers instead of sudoers2ldif
+ [3909ea2c29c1]
+
+ * MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in,
+ doc/cvtsudoers.mdoc.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c:
+ Add ldif backend to cvtsudoers, to replace sudoers2ldif
+ [f0e039c63488]
+
+ * plugins/sudoers/Makefile.in:
+ fix make check
+ [2cbedce72e3a]
+
+2018-01-26 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c:
+ Parse sudoers in the front end, not the back end.
+ [30d4e40ed69a]
+
+ * doc/Makefile.in:
+ install the cvtsudoers manual
+ [243d319fed1c]
+
+ * doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c,
+ plugins/sudoers/visudo.c:
+ Use the built-in sudoers file location as the default sudoers file
+ for cvtsudoers and move parse_sudoers_options() to stubs.c since it
+ is shared between visudo.c and cvtsudoers.c.
+ [04ec05108b2b]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
+ plugins/sudoers/stubs.c, plugins/sudoers/visudo.c:
+ Move common stub functions required by the parser out of visudo.c
+ and cvtsudoers.c and into stubs.c.
+ [a324cbde55a3]
+
+ * plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c:
+ Rename export_sudoers() to convert_sudoers_json() and move the check
+ for the same input and output file to the front-end.
+ [7c83c21ea479]
+
+ * sudo.pp:
+ add cvtsudoers
+ [e8ba851cafb4]
+
+ * MANIFEST, doc/Makefile.in, doc/cvtsudoers.cat,
+ doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
+ Move sudoers JSON conversion to cvtsudoers which will eventually
+ output to other formats too.
+ [e64a50657a88]
+
+ * plugins/sudoers/defaults.c:
+ Convert from time in minutes to timespec directly instead of
+ converting to double via strtod(). This makes it easier to catch
+ overflow.
+ [0d6ab7c21a15]
+
+2018-01-24 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ document that kernel tty timestamps don't support negative timeouts
+ [4ff726cf2010]
+
+2018-01-23 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/timestamp.c:
+ Fall back to ppid time stamps if timestamp_type == kernel and no tty
+ is present. This is consistent with timestamp_type == tty.
+ [26c527166a0c]
+
+ * plugins/sudoers/timestamp.c:
+ Do not call the TIOCSETVERAUTH ioctl with a negative number of
+ seconds. Also cap the max number of seconds at 3600 to avoid getting
+ EINVAL from TIOCSETVERAUTH.
+ [371744874743]
+
+2018-01-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c:
+ Better conversion from double to nanoseconds.
+ [2f54790801c8]
+
+ * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults,
+ plugins/sudoers/timestamp.c:
+ Store passwd_timeout and timestamp_timeout as a struct timespec
+ instead of as a float. Remove timeout argument to auth_getpass() as
+ it was never used.
+ [c4a3c60d0284]
+
+2018-01-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/mkdefaults:
+ Don't rely on perl being installed in /usr/local/bin
+ [e3274f56df43]
+
+2018-01-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * config.h.in, configure, configure.ac, lib/util/gettime.c,
+ lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/utimens.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/net_ifs.c, src/sesh.c, src/sudo.c,
+ src/sudo_edit.c, src/utmp.c:
+ Remove use of AC_HEADER_TIME, only obsolete platforms actually need
+ this. Also stop removing sys/time.h unless the source file uses
+ struct timeval.
+ [a744b8a07685]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Remove duplicate options %type
+ [3ea3c3d477bf]
+
+2018-01-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/sudoers.h:
+ Add an approval function to the sudo auth API which is run after the
+ user's password has been verified. The approval function is run even
+ if no password is required. This is currently only used for PAM (use
+ pam_acct_mgmt) and BSD auth (auth_approval).
+ [cab448ac8633]
+
+2018-01-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/tsdump.c:
+ treat uid as unsigned in error message
+ [2672d4ca3479]
+
+ * MANIFEST, plugins/sudoers/po/fur.mo:
+ Add missing plugins/sudoers/po/fur.mo file to repo.
+ [cfa503d7fcd4]
+
+ * NEWS:
+ Mention new sudoers_timestamp manual.
+ [f96ad00c4ba4]
+
+2018-01-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * .hgignore:
+ ignore tsdump
+ [39306d37c846]
+
+ * plugins/sudoers/tsdump.c:
+ Convert from mono time to real time before displaying time stamps.
+ [12f9e1f5e8e5]
+
+2018-01-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/solaris_audit.c:
+ Use PATH_MAX, not MAXPATHLEN.
+ [d3c7466aad1d]
+
+ * MANIFEST, config.h.in, configure, configure.ac, include/sudo_util.h,
+ lib/util/Makefile.in, lib/util/ttyname_dev.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/check.h,
+ plugins/sudoers/tsdump.c, src/ttyname.c:
+ Add tsdump, a simple utility to dump a timestamp file. To build, run
+ "make tsdump" in the plugins/sudoers directory (it is not built by
+ default). In order to map the tty device number to a name,
+ sudo_ttyname_dev() has been moved into libsudo_util.
+ [b79ae30fe6a4]
+
+2018-01-04 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/uk.mo,
+ po/uk.po:
+ sync with translationproject.org
+ [71140a551c60]
+
+ * doc/LICENSE:
+ Welcome to 2018
+ [3ddea360d414]
+
+2017-12-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/fur.po, plugins/sudoers/po/nb.mo,
+ plugins/sudoers/po/nb.po, plugins/sudoers/po/zh_CN.mo,
+ plugins/sudoers/po/zh_CN.po:
+ sync with translationproject.org
+ [fbd54c7f59f1]
+
+2017-12-22 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/logging.c:
+ Silence a clang analyzer false positive.
+ [bfcdfe2c1376]
+
+ * doc/Makefile.in:
+ Remove extra $(srcdir)/sudoreplay.man.in target added by mistake.
+ [7e83806cc17e]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ja.mo,
+ po/ja.po:
+ sync with translationproject.org
+ [27cf5abeeb1a]
+
+ * plugins/sudoers/timestamp.c:
+ Use a tty lock even for kernel time stamps so we can avoid
+ simultaneous password prompts.
+ [90a55098176b]
+
+ * NEWS:
+ visudo changes
+ [06c99aab6f7a]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
+ Also honor SUDO_EDITOR in visudo. Previously is was only used by
+ sudoedit.
+ [9bccc7171a53]
+
+2017-12-21 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoers.c:
+ Stop looking for an editor as soon as we find one. A similar fix was
+ made to visudo some time ago.
+ [c6c5d968612a]
+
+ * doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in,
+ doc/sudoers_timestamp.mdoc.in:
+ The session ID was added in 1.8.6p7 to prevent a user in another
+ session from re-using the time stamp file. Other minor cleanups.
+ [f733f7ea97a7]
+
+ * plugins/sudoers/check.h:
+ "time stamp" not "timestamp"
+ [af0f2d8b6d52]
+
+2017-12-20 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/timestamp.c:
+ Add "kernel" as a possible value of timestamp_type. Currently only
+ supported on OpenBSD.
+ [ca1a2a03e37d]
+
+ * MANIFEST, doc/Makefile.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat,
+ doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
+ plugins/sudoers/check.h:
+ Document the sudoers time stamp file format.
+ [d3470da8fde9]
+
+2017-12-19 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/starttime/check_starttime.c:
+ Verify start time of the current process, allowing for some clock
+ drift. For Linux, process start time is relative to boot time, not
+ wallclock time.
+ [4928645eaa1c]
+
+2017-12-18 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * NEWS:
+ sync
+ [aeffb7f82e10]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [8be51858eec1]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/starttime/check_starttime.c:
+ Trivial test for process start time. We don't try to check the
+ resulting timespec as it differs by platform. On most it is
+ wallclock time, on others it is relative to boot time (Linux).
+ [e74cf3bd4c87]
+
+ * lib/util/Makefile.in:
+ regen
+ [6de26735d666]
+
+2017-12-17 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/starttime.c:
+ Support start time on macOS and 4.4BSD
+ [81f2eebc7edb]
+
+2017-12-16 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/regress/env_match/check_env_pattern.c:
+ Include sys/types.h for mode_t used in sudoers.h.
+ [bdff1606f111]
+
+ * plugins/sudoers/starttime.c:
+ Fix compilation error on FreeBSD
+ [2c4962a7812c]
+
+ * plugins/sudoers/starttime.c:
+ Fix debug_decl(), it should be SUDOERS_DEBUG_UTIL Add debugging for
+ the successful case For Linux, don't NUL out *ep before parsing with
+ strtoull().
+ * * * Add missing debug info for the System V /proc version.
+ [2394c6d9375d]
+
+ * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/check.h,
+ plugins/sudoers/starttime.c, plugins/sudoers/timestamp.c:
+ In the timestamp record, include the start time of the terminal
+ session leader for tty-based timestamps or the start time of the
+ parent process for ppid-based timestamps. Idea from Duncan
+ Overbruck.
+ [f0964b4cf4ac]
+
+2017-12-15 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/timestamp.c:
+ If the lock record doesn't match the expected record size we need to
+ seek to the end of the record as we otherwise may have gone too far
+ (or not far enough). Fixes interop problems when the time stamp
+ record changes size.
+ [e8e4c3815db5]
+
+2017-12-12 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ No need for a loop around the recv() now that we don't have to worry
+ about EINTR. CID 180697
+ [7cb966d69bc6]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Try to be clearer about sudo's exit value when the -l option is
+ used.
+ [efbddaa576a7]
+
+ * NEWS:
+ sync
+ [99fc4b347250]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/sssd.c:
+ An empty RunAsUser means run as the invoking user, similar to how
+ the sudoers files works.
+ [576172386594]
+
+ * doc/sudoers.cat, doc/sudoers.man.in:
+ regen
+ [9b6d0064f410]
+
+2017-12-11 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
+ Add authfail_message sudoers option to allow the user to override
+ the default message of %d incorrect password attempt(s).
+ [f11e9d64a6da]
+
+ * plugins/sudoers/policy.c, src/parse_args.c:
+ Allow the plugin to determine whether or not an empty timeout is
+ allowed. For sudoers, an error will be returned for an empty
+ timeout.
+ [26511c049fb1]
+
+ * plugins/sudoers/timeout.c:
+ Return an error for an empty timeout string. Just use strtol() for
+ syntax checking instead of scanning with strspn().
+ [1fa1b712fbcc]
+
+ * src/parse_args.c, src/sudo_edit.c:
+ Change some _() into U_() since they are used for warn/fatal. We
+ always want to issue warnings in the user's locale.
+ [684331aee66e]
+
+ * Makefile.in:
+ update my email address
+ [b4ec26be6203]
+
+2017-12-10 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * log2cl.pl:
+ Don't print mercurial branch info for merges.
+ [489881774e52]
+
+ * log2cl.pl:
+ Use log size instead of using a separator between the log entry and
+ the file names.
+ [620c231f789b]
+
+ * src/parse_args.c:
+ Print usage and return an error when an empty argument is given for
+ all command line arguments other than -p and -E. Bug #817
+ [143be1bc8316]
+
+ * plugins/sudoers/policy.c:
+ Better input validation of settings passed by the sudo front-end.
+ Instead of ignoring an empty setting, throw an error.
+ [93cc4f4761f3]
+
+ * log2cl.pl:
+ Treat a blank line in a commit message as a line break. There
+ doesn't appear to be a way to make perl's format use a blank field
+ but at least the line break happens now.
+ [fbc3ff819341]
+
+2017-12-09 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * MANIFEST, Makefile.in, log2cl.pl:
+ Add script to generate ChangeLog from git log output.
+ [e8bfbd1ae6ef]
+
+2017-12-08 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h:
+ Don't include syslog.h from logging.h, just include it in the two .c
+ files it is actually needed.
+ [9ffc5ca9eb49]
+
+2017-12-06 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Document that in check mode, visudo does not check the owner/mode on
+ files specified with the -f flag.
+ [f5d86019e4c7]
+
+2017-12-03 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * Makefile.in, configure.ac, doc/HISTORY, doc/LICENSE,
+ doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
+ doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
+ doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.man.in,
+ doc/sudoreplay.mdoc.in, doc/visudo.man.in, doc/visudo.mdoc.in,
+ examples/Makefile.in, include/Makefile.in,
+ include/compat/charclass.h, include/compat/endian.h,
+ include/compat/fnmatch.h, include/compat/nss_dbdefs.h,
+ include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h,
+ include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h,
+ include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h,
+ include/sudo_plugin.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/aix.c, lib/util/closefrom.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c,
+ lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c,
+ lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c,
+ lib/util/glob.c, lib/util/isblank.c, lib/util/key_val.c,
+ lib/util/lbuf.c, lib/util/locking.c, lib/util/memrchr.c,
+ lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/parseln.c,
+ lib/util/pipe2.c, lib/util/progname.c, lib/util/pw_dup.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c,
+ lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
+ lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c,
+ lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c,
+ lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c,
+ lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c,
+ lib/zlib/Makefile.in, m4/sudo.m4, mkdep.pl, mkpkg, pathnames.h.in,
+ plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
+ plugins/sample/Makefile.in, plugins/sample/sample_plugin.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/base64.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/digestname.c,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c,
+ plugins/sudoers/filedigest_gcrypt.c,
+ plugins/sudoers/filedigest_openssl.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/hexchar.c, plugins/sudoers/ins_2001.h,
+ plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
+ plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h,
+ plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/po/sudoers.pot,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h,
+ plugins/sudoers/sudoers_version.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
+ plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, po/sudo.pot, src/Makefile.in,
+ src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c,
+ src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c,
+ src/parse_args.c, src/preload.c, src/preserve_fds.c,
+ src/regress/noexec/check_noexec.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c,
+ src/tgetpass.c, src/ttyname.c, src/utmp.c, sudo.pp:
+ update my email to Todd.Miller@sudo.ws
+ [96110003e904]
+
+2017-12-02 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sudoreplay.c:
+ Add missing carriage return before prompt when replay is done.
+ [cf4b8bfcb3dd]
+
+ * src/exec_pty.c:
+ Track window size changes that happen while sudo is suspended
+ [cae06f75bde9]
+
+2017-12-01 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [26ae754b8416]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
+ doc/visudo.cat:
+ regen for sudo 1.8.22
+ [596d82da0158]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.22
+ [6b32c2f5d020]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Background processes started by the command will no longer receive
+ SIGHUP.
+ [47bcc3ae4362]
+
+ * src/exec_monitor.c:
+ When the command completes, make the monitor the foreground process
+ group before informing the main sudo process of the command's exit
+ status. This will prevent processes started by the command (which
+ runs in a different process group) from receiving SIGHUP since the
+ kernel sends SIGHUP to the foreground process group associated with
+ the terminal session. The monitor has a SIGHUP handler installed so
+ the signal is effectively ignored.
+ [9e163efe4afb]
+
+ * src/sudo.c:
+ Add debug printfs around group list retrieval.
+ [5f307b00153b]
+
+2017-11-30 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_pty.c:
+ Move call to sudo_ev_loopcontinue() into schedule_signal() itself.
+ We always want to prioritize signal forwarding.
+ [4b25dc24038b]
+
+ * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
+ Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying
+ to handle EINTR. We now use SA_RESTART with signals so this is not
+ needed and is potentially dangerous if it is possible to receive
+ SIGTTIN or SIGTTOU (which it currently is not).
+ [ba6885b57891]
+
+2017-11-29 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * src/exec_monitor.c, src/signal.c:
+ Sprinkle some extra debugging printfs
+ [bf33574bc603]
+
+ * src/exec_pty.c:
+ We don't need to be the foreground process to be able to write to
+ the terminal in most cases. If the background process tries to
+ modify the terminal flags it will receive SIGTTOU which is relayed
+ to the sudo front-end. This currently mishandles terminals with the
+ TOSTOP local flag set.
+ [3fc25570d482]
+
+ * src/exec_pty.c:
+ Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the
+ tty. We can't use a signal event for these since that would restart
+ the system call after the signal was handled and the callback would
+ not get a chance to run. Fixes running a command in the background
+ that write to the tty when the TOSTOP terminal flag is set.
+ [5ac68f05249a]
+
+2017-11-28 Todd C. Miller <Todd.Miller@sudo.ws>
+
+ * plugins/sudoers/sssd.c:
+ Avoid a double free when ipa_hostname is set in sssd.conf and it is
+ an unqualified host name. From Daniel Kopecek.
+
+ Also move the "unable to allocate memory" warning into
+ get_ipa_hostname() itself to make it easier to see where the
+ allocation failed in the debug log.
+ [14dacdea3319]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ When running a command as the invoking user we cannot use the gid
+ list from the front-end since it may not correspond to the user's
+ aux group vector as defined by the group database.
+ [b456101fe509]
+
+ * lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/glob/globtest.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/parser/check_hexchar.c:
+ Add missing initprogname() calls.
+ [ad4f8d236d89]
+
+2017-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Better describe things when a command is run in a pty.
+ [0f34fc342ab5]
+
+2017-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Plug some memory leaks on error, some found by the clang static
+ analyzer.
+ [62844cc145b6]
+
+2017-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Avoid calling cmnd_matches() in list/verify mode if we already have
+ a match.
+ [5bddfc911065]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sssd.c:
+ In list (-l) or verify (-v) mode, if we have a match but
+ authentication is required, clear FLAG_NOPASSWD so that when
+ listpw/verifypw is set to "all" and there are multiple sudoers
+ sources a password will be required unless none of the entries in
+ all sources require authentication. From Radovan Sroka of RedHat
+ [edac7222600a]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ When checking the results for "sudo -l" and "sudo -v", keep checking
+ even after we get a match since the value of doauth may depend on
+ evaluating all the results. From Radovan Sroka of RedHat.
+ [ae0704445bd4]
+
+2017-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ If passwd_tries is less than 1, check_user() will always return
+ false (since the user didn't authenticate). The normal reason for
+ this is an authentication error but in this case no authentication
+ was tries so no warning message has been displayed to the user. If
+ the user wasn't given a chance to authenticate, set inform_user to
+ true when calling log_denial() from sudoers_policy_main().
+
+ An alternate approach would be for check_user() to return true in
+ this case but seems more confusing.
+ [c8be95b46e9d]
+
+2017-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Document bash shell alias issue with "sudo -i".
+ [8affa5376277]
+
+2017-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/policy.c:
+ Return an error if the sudo front end doesn't set the user name,
+ user ID, group ID or host name. Bug #807
+ [03e281d93fff]
+
+ * lib/util/gethostname.c:
+ Treat an empty hostname as a failure and return NULL.
+ [fafb3a3083cb]
+
+2017-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers2ldif:
+ Add support for #include and #includedir from Natale Vinto.
+ [926deea0d506]
+
+2017-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Minor corrections from Tae Wong
+ [dbc5ee98ffa6]
+
+2017-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Add a warning that for "sudo -i command" and "sudo -s command" the
+ shell is not run in interactive mode which may change its behavior.
+ [76c19db05a1e]
+
+2017-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_compat.h, src/exec_pty.c:
+ Fix stair-stepped output when the output of a sudo command is piped
+ to another command and use_pty is set.
+ [e91e3f12d2d4]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ env_keep and env_check are also taken into account with "sudo -i".
+ Bug #806
+ [5f5568c6fdd9]
+
+2017-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.ac,
+ plugins/sudoers/ins_classic.h:
+ Make PC insults the default and add new configure option, enable-
+ offensive-insults, to enable the offensive insults.
+ [eb264d342601]
+
+2017-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add missing translators from recent updates and one name change.
+ [20828c25ad92]
+
+2017-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/fur.po, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/sv.mo,
+ plugins/sudoers/po/sv.po, po/hr.mo, po/hr.po, po/sv.mo, po/sv.po:
+ sync with translationproject.org
+ * * * sync with translationproject.org
+ [24bb066fa19f]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ More accurately describe the use_pty option now that its behavior
+ has changed with respect to interposition with a pipe. Also describe
+ some caveats with log_input.
+ [a87056499931]
+
+ * doc/UPGRADE:
+ Document changes in use_pty behavior when no terminal is present.
+ [a4b978693178]
+
+ * src/exec_pty.c:
+ Set ec->cmnd_pid to the correct value when receiving the command's
+ process ID from the monitor.
+ [a624309ba848]
+
+ * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
+ If /dev/tty is not available and no I/O logging plugins are
+ configured, fall back on exec_nopty() even if the policy plugin
+ requested a pty. We never allocate a pty when sudo is not run from a
+ terminal anyway.
+ [c9b9c6c4e0ad]
+
+ * src/exec_pty.c:
+ Do not set utmp_user if we did not actually allocate a pty.
+ [aa8e0fdea32b]
+
+2017-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.21p2
+ [94d18888e7c4]
+
+ * src/exec.c:
+ sudo_terminated() should not return true when SIGCHLD is pending.
+ Bug #801
+ [57f636b6489f]
+
+ * src/tgetpass.c:
+ Set SIGCHLD handler to SIG_DFL before forking the askpass command
+ and restore after. Otherwise, SIGCHLD will end up in the list of
+ pending signals and sudo_execute() will not execute the command.
+ [c171eeabdc72]
+
+ * lib/util/event.c:
+ The read and write sides of signal_pipe[] were swapped, resulting in
+ EBADF reading from and writing to the signal pipe on Linux and
+ probably others. On systems with bidirectional pipes this was not an
+ issue.
+ [7668f93e6544]
+
+2017-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Fix a logic error in 96651906de42 which prevented sudo from using
+ the PAM-supplied prompt. Bug #799
+ [6ee5cc13af69]
+
+2017-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.21p1
+ [7e6bf56cb06c]
+
+ * mkpkg:
+ The Fedora sudo package uses /etc/ldap.conf not /etc/sudo-ldap.conf.
+ [7b4e6f50e138]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ The fix for matching when no sudoRunAsUser is present in a sudoRole
+ was incomplete. If no -g option was specified on the command line
+ but sudoRunAsGroup is present in a sudoRole, we need to treat the
+ group match as failed instead of missing.
+ [3aaeeebd924c]
+
+ * plugins/sudoers/check.c, plugins/sudoers/defaults.c:
+ Sprinkle a few more debugging printfs.
+ [f7a40f9985cf]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix replaying sessions that contain input logs. When the inter-
+ record timeout expires we need to read the next record if there is
+ nothing to output.
+ [443b329ddc60]
+
+ * doc/visudo.cat:
+ regen
+ [7ace4ac32116]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Fix typo (Auguest vs. August). From David Pocock.
+ [98a792ff1c90]
+
+2017-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Go back to returning true from display_privs() on non-error. This
+ results in "sudo -U otheruser -l" exiting with a status of 0 even
+ when otheruser is not allowed to run commands. This is appropriate
+ since the "sudo -l" command was successful. This does not change the
+ exit value when otheruser runs "sudo -l" themselves, the exit status
+ will be 1 since that user is not allowed to run commands. Requested
+ by Radovan Sroka.
+ [055b78015fcb]
+
+ * plugins/sudoers/ldap.c:
+ Fix the pass2 ldap query string when no search filter is defined.
+ Due to the addition of "(sudoUser=*)" to the query we always need
+ the AND operator, even if no search filter is present.
+ [631243487d27]
+
+2017-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_nopty.c:
+ Don't forward SIGINFO to the child when it is send by the kernel
+ (not another user process). This is consistent with the handling of
+ other keyboard-generated signals such as SIGINT, SIGQUIT and
+ SIGTSTP. Bug #796
+ [29603b0a4315]
+
+2017-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Fix path to LICENSE and NEWS files that get used in the installer.
+ Previously, the installed versions were used instead of the ones in
+ the destdir.
+ [689a5806f2de]
+
+2017-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/fi.mo,
+ po/fi.po:
+ sync with translationproject.org
+ [32a0f3bbba31]
+
+2017-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * po/es.mo, po/es.po:
+ sync with translationproject.org
+ [bfa5659d66f2]
+
+2017-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo,
+ po/it.po:
+ sync with translationproject.org
+ [05cd6ff68a4b]
+
+2017-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Preserving environment variables on the command line was bug #279
+ [46f2c7931a84]
+
+2017-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, po/fur.mo, po/fur.po:
+ Add Friulian translation for sudo from Fabio Tomat via
+ translationproject.org
+ [77fdb76e83c8]
+
+2017-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/fr.mo, po/fr.po, po/ko.mo, po/ko.po, po/nb.mo,
+ po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo,
+ po/sr.po, po/sv.mo, po/sv.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ sync with translationproject.org
+ [0f18e2f30ff5]
+
+2017-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ In the Runas example that uses "boulder" make it clear that
+ "boulder" is a host name.
+ [6bca59aa5579]
+
+2017-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [9bb78048656f]
+
+ * NEWS, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ src/parse_args.c:
+ Allow the user to specify a list of environment variables to
+ preserve. This adds an option paramter to the --preserve-env option,
+ a comma-separated list of variable names.
+ [a6bc511a2e81]
+
+2017-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, NEWS, config.h.in, configure, configure.ac,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Replace tty_tickets option with timestamp_type which can be global,
+ ppid or tty. Defaults to tty (no change in behavior). Some users
+ want the ppid behavior.
+ [426161a2e06f]
+
+ * lib/util/Makefile.in, plugins/sudoers/Makefile.in:
+ regen
+ [b396e70a4a8b]
+
+ * plugins/sudoers/sudoers.c:
+ Don't send email about an unresolvable host name if fqdn is enabled
+ and the user specified the run host via the -h flag.
+ [59d7a8743943]
+
+2017-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ fix playback of stdout/stderr without embedded carriage returns
+ [f1a5b47be2db]
+
+2017-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Avoid unused variable warning when sasl is not used.
+ [3010fd3c5a7f]
+
+ * INSTALL, configure, configure.ac:
+ Add support for --enable-sasl and --disable-sasl to make it possible
+ to enable/disable support for LDAP with SASL authentication. Sudo
+ compiles in support for SASL authentiation by default if the
+ ldap_sasl_interactive_bind_s() function is detected. Bug #788
+ [cf94d407d576]
+
+ * NEWS:
+ List the correct pattern ("*=()*") in the env_delete description.
+ Use pseudo-tty instead of pseudo terminal for consistency.
+ [f2df0baea2f0]
+
+2017-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/closefrom.c:
+ Include pathnames.h for /dev/fd on FreeBSD and Mac OS X.
+ [b190dc607277]
+
+ * NEWS:
+ update for 1.8.21
+ [a3a38f6cba66]
+
+ * src/exec_pty.c:
+ No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free()
+ will delete the event from its base before freeing it.
+ [ebf3dedcba5c]
+
+ * src/exec_pty.c:
+ Terminate the command if an I/O log function returns 0 or -1. This
+ was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the
+ removal of the ignore_iolog_errors variable.
+ [e1dd18d95815]
+
+ * plugins/sudoers/sudoreplay.c:
+ Quiet a coverity false positive.
+ [b7a9c9e35fd0]
+
+ * plugins/sudoers/sudoreplay.c:
+ Change to a single event loop in sudoreplay and use signal events.
+ [7320de46cf48]
+
+2017-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ start new sentences on a new line
+ [ae35ab253de5]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Clarify how the variable prompt options interact with each other and
+ PAM.
+ [342b936c4aaa]
+
+ * plugins/sudoers/sudoers.c:
+ Don't set passprompt_override when SUDO_PROMPT is present. This
+ effectively reverts ed77d255f383.
+
+ We treat the SUDO_PROMPT environment variable similar to passprompt
+ in sudoers: it will only override a PAM prompt if the PAM prompt is
+ either "Password:" or "username's Password:".
+ [6dad2bd126d1]
+
+2017-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
+ Add syslog_pid sudoers option to log sudo's process ID when logging
+ via syslog. This is disabled by default to match historic behavior.
+ [f4dc29b0052c]
+
+ * plugins/sudoers/auth/pam.c:
+ When deciding which prompt to use (PAM's or sudo's) treat the PAM
+ prompt "username's Password:" as equivalent to "Password:". Some PAM
+ modules (on AIX at least) use this prompt.
+ [96651906de42]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Add missing argument to a few of the defaults strings in the "sudo
+ -V" output.
+ [44546c4b87c3]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/visudo.c:
+ When examining environment variables or variables passed in from the
+ front-end, ignore variables with no value specified.
+ [8537a7fc6190]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document that "-p prompt" overrides SUDO_PROMPT.
+ [d2e6b518d00d]
+
+ * plugins/sudoers/sudoers.c:
+ Enable passprompt_override by default if SUDO_PROMPT is present in
+ the environment. This is consistent with how "sudo -p prompt" is
+ handled.
+ [ed77d255f383]
+
+2017-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ When reading a single character via a switch() use "default: instead
+ of "case 1:" to quiet a coverity warning.
+ [ddcfc40159e4]
+
+ * plugins/sudoers/sudoreplay.c:
+ Initialize ch in getsize_cb() in case we are called with the wrong
+ initial state.
+ [a31431c59e14]
+
+ * plugins/sudoers/sudoreplay.c:
+ remove unused variable
+ [488054411049]
+
+ * plugins/sudoers/visudo.c:
+ Call install_sudoers() even when doedit is false. If a file in a
+ #includedir has a syntax error it will still have been edited and we
+ need to install the edited temp file.
+ [ab833e2d1791]
+
+ * plugins/sudoers/visudo.c:
+ Reparse sudoers if a new #include file was added. Otherwise the new
+ file will not get its syntax checked. Bug #791
+ [e584dc8bf306]
+
+2017-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ don't restore the cursor when setting terminal size, we don't want
+ the cursor to move
+ [9cbcb3372bcd]
+
+ * plugins/sudoers/sudoreplay.c:
+ Read the xterm terminal size using an event so we can easily time
+ out if needed.
+ [634524476741]
+
+ * lib/util/event.c, src/exec_nopty.c, src/exec_pty.c:
+ If we free the default base in sudo_ev_base_free(), reset the
+ default base to NULL.
+ [2a8f7938618b]
+
+2017-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in,
+ src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
+ Add the ability to set a default event base, to be used by plugins
+ which don't have access to the event base.
+ [dc159ea98b25]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ Allow sudoreplay to adjust the window size on xterm-like terminals.
+ [3358b1a9f01c]
+
+2017-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/term.c:
+ Clear input, output, control and local flags before copying them
+ from the source terminal. Otherwise, flags that are disabled in the
+ source terminal may still be enabled in the destination.
+ [ead41242b820]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c:
+ Pass window size change events to the plugin.
+ [529b5c9d16a4]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Log window size change events in the sudoers I/O plugin. Let
+ sudoreplay parse a timing file with window change events (currently
+ ignored).
+ [a67f4627dfa7]
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Remove pointless subshells in targets that simply change the
+ directory and execute a command. The command is already run in a
+ shell so there is no need to execute a subshell in this case.
+ [e57639cb2f97]
+
+2017-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Store the debug instance ID for I/O plugins too. Now iolog_open() is
+ consistent with policy_open().
+ [519abb3c09d0]
+
+2017-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, lib/util/mktemp.c:
+ Use getentropy() in mkstemp/mkdtemp replacement.
+ [8d8e45266858]
+
+ * configure, configure.ac, lib/util/closefrom.c, lib/util/mktemp.c,
+ pathnames.h.in, src/exec_pty.c, src/get_pty.c, src/ttyname.c:
+ Use _PATH_DEV consistently
+ [ca10a91539e0]
+
+2017-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/term.c:
+ When copying terminal settings from one tty to another only copy a
+ subset of the flags. Sudo now copies the same set of flags that
+ OpenSSH uses, which should be safe.
+ [2f12bc7a87d1]
+
+ * src/exec_monitor.c, src/exec_nopty.c:
+ Add debug warning when we have wait status but don't overwrite the
+ existing cstat.
+ [5ae8f8e75104]
+
+ * src/exec_monitor.c:
+ Better handling of SIGCONT from in command in the monitor. It is
+ useful to know when the command continued but we don't want to
+ inform the parent or store the wait status in this case. Fixes a
+ hang after multiple suspends on Linux.
+ [9cdbbb7ff3dd]
+
+2017-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.h:
+ avoid padding in struct cmndspec
+ [2529551a9c2d]
+
+2017-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Fix the man section of sudo_plugin in cross-references.
+ [f964de570403]
+
+2017-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Don't treat an unchanged file as an error. From Xin Li.
+ [503e04f7856e]
+
+ * src/sudo_edit.c:
+ sudo_edit() must return a wait status but if there is an error, or
+ even if no changes were made to the file, it was returning 1 instead
+ which would be interpreted as the command having received SIGHUP.
+ Use the W_EXITCODE() to construct a proper wait status in the error
+ case too.
+ [62515bd6c64c]
+
+2017-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Avoid sign extension when assigning the value of tty_nr in
+ /proc/self/stat on Linux. It is an unsigned int value that is
+ printed as a signed int but dev_t is unsigned long long. We need to
+ cast to unsigned int before assigning to a dev_t.
+ [c198d1317560]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/env.c:
+ Instead of hard-coding a check for bash functions in
+ env_should_delete(), use a "*=()* " pattern in
+ initial_badenv_table[] to match them instead. This allows the user
+ to remove the check via env_delete.
+ [90c4dfd1d3a3]
+
+2017-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.configure, configure.ac, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, mkpkg, sudo.pp:
+ Mac OS X -> macOS
+ [08f793d1f496]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ devsearch is ignored on BSD, macOS and Solaris
+ [b041a1d64eda]
+
+2017-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/event.c:
+ Move the bits to fill in the new event base to sudo_ev_base_init(),
+ which is not currently exported.
+ [9be46693bed1]
+
+2017-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ A command name may also contain newline characters so read
+ /proc/self/stat until EOF. It is not legal for /proc/self/stat to
+ contain embedded NUL bytes so treat the file as corrupt if we see
+ any. With help from Qualys.
+
+ This is not exploitable due to the /dev traversal changes in sudo
+ 1.8.20p1 (thanks Solar!).
+ [9ad60fe663e5]
+
+ * NEWS:
+ Sudo 1.8.20p2
+ [39f199a38383]
+
+2017-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/selinux.c:
+ After opening a tty device, fstat() and error out if it is not a
+ character device.
+ [e03cfa98f2b6]
+
+ * INSTALL, configure, configure.ac, doc/sudo.conf.cat,
+ doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h,
+ lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in,
+ src/ttyname.c:
+ Add a new "devsearch" Path setting to sudo.conf for configuring the
+ /dev paths to traverse instead of hard-coding a list in ttyname.c
+ The default value can be set at configure time.
+ [7ab1be502dc3]
+
+ * src/ttyname.c:
+ Use /proc/self consistently on Linux. As far as I know, only AIX
+ doesn't support /proc/self.
+ [ef737b5d4ed8]
+
+2017-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure:
+ Sudo 1.8.20p1
+ [c34da84ae8e4]
+
+ * src/ttyname.c:
+ Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
+ the process name contains spaces. Since the user has control over
+ the command name this could be used by a user with sudo access to
+ overwrite an arbitrary file. Thanks to Qualys for investigating and
+ reporting this bug.
+
+ Also stop performing a breadth-first traversal of /dev when looking
+ for the device. Only the directories specified in search_devs[] are
+ checked.
+ [b5460cbbb11b]
+
+2017-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/event_select.c:
+ Fix potential memory leak on reallocarray() error. Coverity CID
+ 169639
+ [c303e6eecc78]
+
+ * plugins/sudoers/bsm_audit.c:
+ Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler
+ warnings on macOS.
+ [18f4699e417c]
+
+ * mkpkg:
+ Use clang on macOS if present
+ [a963454d1b9e]
+
+ * sudo.pp:
+ fix paths to LICENSE and NEWS files for macOS packages
+ [47103614311b]
+
+2017-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
+ To avoid overwriting existing command status, check for CMD_INVALID
+ instead of CMD_ERRNO or CMD_WSTATUS.
+ [5fec1fa81482]
+
+ * plugins/sudoers/regress/env_match/data:
+ Add some patterns that could result in exponential run time for
+ poorly written '*' matching.
+ [98f4d085c919]
+
+2017-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/ttysize.c, src/exec_pty.c:
+ On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize
+ visisble, we need termios.h too.
+ [211510123ad6]
+
+ * lib/util/ttysize.c:
+ Always used TIOCGWINSZ.
+ [82e679b8cd00]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c
+ to exec.c.
+ [9127e50cf4ec]
+
+ * src/sudo_edit.c:
+ No need to include selinux.h here.
+ [8bb07a8f4203]
+
+ * plugins/sudoers/regress/env_match/check_env_pattern.c:
+ Fix compilation error on macOS
+ [bc5e5c3d44f2]
+
+2017-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/term.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/exec_monitor.c, src/exec_nopty.c,
+ src/exec_pty.c, src/signal.c, src/sudo.c, src/tcsetpgrp_nobg.c,
+ src/tgetpass.c:
+ Remove use of non-standard sigaction_t
+ [81a57af4c7a9]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c:
+ Use debug logging instead of ignore_result() where possible.
+ [9c9fde5b52cc]
+
+ * Makefile.in:
+ Add cov-build and cov-submit targets for checking with coverity.
+ [bf88b4439c7b]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c:
+ Avoid a clang analyzer false positive.
+ [9f4f915a2e28]
+
+ * plugins/sudoers/sudoreplay.c:
+ Restore the error message for sudo_ev_add() failure.
+ [267305606577]
+
+ * include/sudo_event.h, lib/util/event.c:
+ Add support for signal events in sudo's event subsystem
+ [0d48fab2dec8]
+
+ * include/sudo_event.h, lib/util/event.c:
+ Handle the possibility of the siginfo parameter in sa_sigaction
+ handler being NULL.
+ [0835ca553426]
+
+ * src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
+ src/signal.c, src/sudo.h, src/sudo_exec.h:
+ Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the
+ signal_pipe explicitly.
+ [841e2ca6a4a6]
+
+ * lib/util/event.c:
+ Activate the sigevents inside the signal pipe callback itself and
+ call signal_pipe_cb() directly if the backend returns EINTR and the
+ signal_caught flag is set. This has the side effect of processing
+ signal events in the current pass of the event loop instead of the
+ next one.
+ [d94e202b8e57]
+
+ * src/signal.c:
+ Add SIGCHLD to the list of signals we install sudo_handler() for.
+ Otherwise, it is possible for the command to exit before the SIGCHLD
+ handler is installed. POSIX says that signals that are ignored by
+ default are still ignored even if the signal mask would block them.
+ We need to have a handler installed for SIGCHLD before the fork().
+ [a26f04459c37]
+
+ * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/env_pattern.c,
+ plugins/sudoers/regress/env_match/check_env_pattern.c,
+ plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h:
+ Add support for multiple '*' in env_keep, env_check and env_delete
+ entries.
+ [b55270a8ecc4]
+
+ * configure, configure.ac:
+ sudo 1.8.21
+ [76aa5455903e]
+
+ * include/sudo_compat.h, plugins/sudoers/timestamp.c,
+ src/tcsetpgrp_nobg.c, src/tgetpass.c:
+ Remove use of the non-standard SA_INTERRUPT
+ [3ec05ffb0dcb]
+
+ * include/sudo_queue.h:
+ Add workaround for clang static analyzer being confused by
+ LIST_REMOVE and TAILQ_REMOVE.
+ [ff8d278e8526]
+
+2017-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Fix "make check" when openssl or gcrypt is used. Bug #787
+ [7968686742e2]
+
+2017-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Only display string version of errno if sudo_ev_add() fails for now
+ [24244a02c93f]
+
+2017-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update
+ [8e3359235e24]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Be clear that #includedir diverts control to the files in the
+ specified directory and, when parsing of those files is complete,
+ returns control to the original file. Bug #775
+ [f68769f15356]
+
+2017-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo,
+ po/sr.po:
+ sync with translationproject.org
+ [4552eaf8fabf]
+
+2017-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update
+ [53d1c9424816]
+
+ * src/exec_monitor.c:
+ Fix a hang introduced in the last commit. Don't close the pty slave
+ until after we have the controlling tty.
+ [c9c19beb60ed]
+
+ * src/exec_monitor.c, src/exec_pty.c:
+ If any of std{in,out,err} are not hooked up to a tty only interpose
+ ourselves with a pipe if the plugin will actually log the data. This
+ avoids a problem with non-interactive commands where no tty is
+ present where sudo will consume stdin even when log_input is not
+ enabled in sudoers.
+ [a79edafdd307]
+
+ * NEWS:
+ update
+ [144ff056cd01]
+
+ * doc/TROUBLESHOOTING:
+ Update based on information from Michael Felt.
+ [7ea34380ba1d]
+
+2017-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ In check_input() when switch()ing on the return value of read(), use
+ the default label instead of 1 for the success case. It is only
+ reading a single byte so the two are equivalent but it reads better
+ using default.
+ [860682b86af5]
+
+ * plugins/sudoers/sudoreplay.c:
+ Check sudo_ev_add() return value. Coverity CID 168362
+ [b69779d3801f]
+
+ * plugins/sudoers/iolog.c:
+ Add io_open() wrapper for open(2) that retries with PERM_IOLOG if
+ open(2) fails with EACCES. Use io_open() instead of duplicate copies
+ of the same fallback code.
+ [09f7992f681b]
+
+ * plugins/sudoers/iolog.c:
+ Don't retry the open() if set_perms() fails.
+ [0808a9157037]
+
+ * plugins/sudoers/iolog.c:
+ Fix typo (fd2 vs. fd) caught by coverity, CID 168359.
+ [f68df770e06f]
+
+ * po/hu.mo, po/hu.po:
+ sync with translationproject.org
+ [ebef76dc27be]
+
+2017-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Warn people not to use --enable-asan in production.
+ [ecb5c1143ef4]
+
+ * configure, configure.ac, src/Makefile.in:
+ Move the invocation of check_noexec into the main "check" target but
+ only run it if not cross compiling and whe CHECK_NOEXEC is not
+ empty.
+ [cba8fd3337c2]
+
+ * src/Makefile.in:
+ Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly.
+ [efaa9c44e749]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Move syslog_maxlen to the "Integers" section. Move syslog_goodpri
+ and syslog_badpri to the "Strings at can be used in a boolean
+ context" section.
+ [342dfe9dd37c]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix a pasto that resulted in an extra (empty) syslog_goodpri list
+ entry.
+ [eb0563c5b8dc]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test20.in,
+ plugins/sudoers/regress/sudoers/test20.json.ok,
+ plugins/sudoers/regress/sudoers/test20.out.ok,
+ plugins/sudoers/regress/sudoers/test20.toke.ok,
+ plugins/sudoers/regress/sudoers/test21.in,
+ plugins/sudoers/regress/sudoers/test21.json.ok,
+ plugins/sudoers/regress/sudoers/test21.out.ok,
+ plugins/sudoers/regress/sudoers/test21.toke.ok:
+ Add tests for parsing tuples and syslog options.
+ [86f3da23b4df]
+
+ * plugins/sudoers/defaults.c:
+ Allow the syslog Defaults option to be used in a "true" boolean
+ context and use the compiled in default log facility in this case.
+ [4fab25217602]
+
+ * plugins/sudoers/defaults.c:
+ Allow a tuple to be set to boolean true. Regression introduced by
+ refactor of set_default_entry() in sudo 1.8.18.
+ [9b38728deb27]
+
+2017-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Replace the list of "dangerous" environment variables and explain
+ how sudo handles the environment instead.
+ [966cf87d1bed]
+
+2017-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/glob.c:
+ Fix exponential behavior in glob() with respect to multiple '*'. See
+ https://research.swtch.com/glob Adapted from https://perl5.git.perl.
+ org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95
+ [3d187b0fb764]
+
+ * src/exec_pty.c:
+ We no longer need to write to the tty if the command was killed by a
+ signal. Sudo will terminate itself with the same signal the command
+ died from. Unfortunately, we lose the "core dumped" bit since sudo
+ itself will not dump core, but there doesn't appear to be a way
+ around that.
+ [1be331e0c4d4]
+
+2017-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE to
+ 0. This will prevent sudo itself from dumping core in this case.
+ [cf5a5793ebf4]
+
+ * INSTALL:
+ Update path to sudo_noexec.so
+ [14e995667c8b]
+
+ * src/sudo.c:
+ If the command terminated due to a signal, sudo will send that same
+ signal to itself so the parent shell knows the command died from a
+ signal. However, we don't want sudo itself to dump core.
+ [8d823e6ec41e]
+
+2017-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [1704e6005b07]
+
+ * src/sudo.c:
+ The fix for Bug #722 contained a typo/thinko that resulted in the
+ exit status being 0 when a command was killed by a signal other than
+ SIGINT. This fixes the signal handler setup so sudo will terminate
+ with the same signal as the command. Bug #784.
+ [50b988d0c97f]
+
+ * sudo.pp:
+ Better check for /etc/rc.d/rc2.d/S90sudo on AIX
+ [93de5e34a6a3]
+
+ * src/Makefile.in:
+ Don't install the rc.d link when installing to a DESTDIR. DESTDIR is
+ generally only set when installing to a temporary directory for
+ packaging in which case the link should be made in a post-install
+ script.
+ [4200ef757b56]
+
+ * plugins/sudoers/Makefile.in, sudo.pp:
+ In "make install", install sample sudoers file as /etc/sudoers.dist
+ and copy it to /etc/sudoers if there is no existing /etc/sudoers.
+ Packages either contain /etc/sudoers (RPM and Debian) or
+ /etc/sudoers.dist (everything else).
+ [40f8e5806d71]
+
+ * Makefile.in, mkdep.pl:
+ Allow "make dist" and "make depend" to work for out of tree builds.
+ [7b7ba3f38abb]
+
+2017-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/zlib/Makefile.in:
+ Add missing $(srcdir) prefix to shlib_exp definition.
+ [c63e8e73507e]
+
+2017-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_compat.h:
+ Fix typo in killpg macro.
+ [f7392d21c915]
+
+ * include/sudo_compat.h:
+ Fix the killpg macro for systems without killpg() in libc.
+ [ba0c5162bc4a]
+
+2017-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Use the standard idiom for popping all entries from a tail queue.
+ The llvm checker gets confused by TAILQ_REMOVE and generate use-
+ after-free false positives.
+ [a88cacd23f09]
+
+ * src/exec_monitor.c, src/exec_nopty.c:
+ rewrite errpipe callbacks
+ [5c75729cea19]
+
+ * src/exec_monitor.c, src/exec_nopty.c:
+ use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and
+ FD_CLOEXEC
+ [c8c9cc31c43a]
+
+ * src/exec_pty.c:
+ init io_pipe[][] to -1, not 0
+ [71012940a8f1]
+
+2017-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ In sudo_sss_check_user() it is not possible for handle to be NULL.
+ [de41ba76a4ce]
+
+ * plugins/sudoers/sssd.c:
+ Fix a use after free when the fqdn sudoOption is set and no hostname
+ value is present in sssd.conf.
+ [716a7c502cc0]
+
+ * src/sudo.c:
+ Avoid unused variable when getgrouplist_2() is available. It would
+ be nicer to just provide getgrouplist_2() (or the equivalent) and
+ avoid the ugly #ifdefs.
+ [2c7ac21feb5f]
+
+ * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
+ po/nb.po:
+ sync with translationproject.org
+ [e91a983f9de6]
+
+2017-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [790d9a05f585]
+
+2017-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ In sudo_ttyname_scan() if dir is the empty string, set errno to
+ ENOENT before returning.
+ [f531ea6e489e]
+
+2017-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Try to make it clear that when match_group_by_gid is enabled, groups
+ in sudoers are looked up by group name instead of group ID. This
+ doesn't usually cause problems, but if there are conflicting group
+ entries (for example, from a local /etc/group file and an LDAP or AD
+ group database), whether the group is resolved by name or ID can be
+ used to work around conflicts.
+ [fe3bfca4fcce]
+
+2017-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo,
+ po/ja.po:
+ sync with translationproject.org
+ [94d36c45e345]
+
+ * plugins/sudoers/regress/parser/check_digest.c:
+ plug memory leak in check_digest
+ [40aab9e6e365]
+
+ * src/exec.c:
+ Check return value of dispatch_pending_signals() in case we received
+ SIGINT or SIGQUIT before executing the command.
+ [218758d1560d]
+
+2017-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ back out unintentional change to the version number
+ [799b396c1c69]
+
+2017-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/fr.mo,
+ po/fr.po, po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/pl.mo,
+ po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo,
+ po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ sync with translationproject.org
+ [04c4a3ec233d]
+
+2017-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_digest.out.ok:
+ Make check_digest test sudo_filedigest() itself instead of the
+ underlying SHA2 functions. That way we can test it regardless of
+ whether we use sudo's SHA2 functions or a library version.
+ [9834b37f1fb0]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that commands matched by "sudo ALL" are not affected by
+ fdexec.
+ [7cc3b770a2ff]
+
+2017-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for 1.8.20
+ [14a09000c1dc]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen for restricted_env_file
+ [81290b370c95]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention that iolog_user is useful for NFS.
+ [9c8f9dfdebf0]
+
+2017-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Only retry mkdir or create with PERM_IOLOG if errno is EACCES. Also
+ always use PERM_IOLOG for mkdtemp() since we cannot retry if it
+ fails. Since we are guaranteed to create a new directory there's no
+ real need to try w/o PERM_IOLOG in this case.
+ [c3c67d78e46a]
+
+2017-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Add fallback to PERM_IOLOG when making the final componenet of
+ iolog_dir.
+ [72924e4c8f5d]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/env.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add restricted_env_file which is like env_file but subject to the
+ same restrictions as the user's own environment.
+ [ec887cc57a8b]
+
+ * plugins/sudoers/iolog.c:
+ quiet a warning on older zlib
+ [bcd3cac968a2]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/timestamp.c:
+ cast mode_t to unsigned int when printing with %o
+ [f9ca9ead134e]
+
+2017-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [f62e81f74d10]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
+ plugins/sudoers/timestamp.c:
+ Set umask temporarily when creating files instead of changing the
+ mode after the fact. This is slightly less error prone.
+ [a9b4cf336b73]
+
+ * plugins/sudoers/iolog.c:
+ remove now-useless variable
+ [9a36b2449ac4]
+
+ * plugins/sudoers/mkdir_parents.c:
+ Don't set owner/mode on directories that already exist, only on
+ newly-created ones.
+ [2b616be0e165]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c:
+ Explicitly set the file mode of I/O log files so the mode is not
+ affected by the invoking user's umask.
+ [ec7d5dd47b6b]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c:
+ Add PERM_IOLOG so we can create I/O log files on an NFS-mounted
+ filesystem where root is remapped to an unprivileged user.
+ [01804a971cd5]
+
+ * plugins/sudoers/mkdir_parents.c:
+ Restore the '/' in the path before returning if we encounter an
+ error.
+ [bb12cfce16fd]
+
+ * plugins/sudoers/sssd.c:
+ zero out nss->handle after it has been freed to make sure we cannot
+ free it twice
+ [00d5340b7541]
+
+2017-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c:
+ When creating the timestamp directory, use the group of the
+ timestamp owner instead of inheriting the group of the parent
+ directory.
+ [7a4a10cafe08]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
+ Add iolog_flush option.
+ [96baa17409cf]
+
+2017-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/iolog.c:
+ Don't allow the user to specify an I/O log file mode that sudo can't
+ read or write to. I/O logs must always be readable and writable by
+ the owner.
+ [b32e2ef04905]
+
+2017-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
+ doc/visudo.cat:
+ Regenerate the cat pages with newer mandoc which formats double
+ quotes as "foo" instead of ``foo''.
+ [5f14e527ae05]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Make it clear that I/O logs will be complete even if the command run
+ by sudo is terminated by a signal. The I/O log buffering just
+ prevents the logs from being displayed in real-time as the command
+ is running.
+ [072fd419ac1e]
+
+2017-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_monitor.c, src/signal.c, src/sudo.h:
+ Replace pipe_nonblock() with pipe2()
+ [c106b62d7835]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/pipe2.c,
+ mkdep.pl:
+ Emulate pipe2() on systems without it.
+ [5a183dd380f0]
+
+2017-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/kerb5.c:
+ Fix declaration of sudo_krb5_verify() in the case where
+ krb5_verify_user() is not present. Bug #777
+ [eafd4e2d7c7f]
+
+ * plugins/sudoers/rcstr.c:
+ Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. Bug #778
+ [dbac86777429]
+
+2017-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [2fc489ddc143]
+
+ * src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
+ Move SIGCHLD handling into handle_sigchld() functions and move the
+ remaining bits of dispatch_signal() into signal_pipe_cb()
+ [b120f5cfa8cc]
+
+2017-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/utmp.c:
+ e_termination should be set to the value of WTERMSIG not WEXITSTATUS
+ [95f37078ae8f]
+
+2017-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, src/Makefile.in, src/exec_nopty.c, src/sudo.h,
+ src/tcsetpgrp_nobg.c:
+ Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 for
+ a background process. This is safer than blocking SIGTTOU which
+ would cause tcsetpgrp() to succeed in the background.
+ [7ab75c47b8bf]
+
+2017-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_nopty.c:
+ Prevent sudo from receiving SIGTTOU when it tries to restore the
+ controlling terminal. There appears to be a race with the shell
+ (bash) which we may lose.
+ [aab018fb9940]
+
+2017-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/timestamp.c, src/exec_monitor.c:
+ Add some casts to quiet gcc warnings on Solaris and remove a now-
+ useless debug printf.
+ [16c862eab0ce]
+
+ * src/exec_pty.c:
+ change debug info when suspending sudo
+ [f5c5ee07f8e3]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_monitor.c,
+ src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
+ Reorganize the command execution code to separate out the pty and
+ non-pty code paths into their own event loops. The non-pty exec code
+ is now contained in exec_nopty.c and the pty exec code is split
+ between exec_pty.c (parent process) and exec_monitor.c (session
+ leader). This results in a small bit of duplicated code but improves
+ readability. Some of the duplicated code will fall out in future
+ changes to the event subsystem (the signal pipe).
+ [fe239d2a3cbd]
+
+2017-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/ttysize.c, src/exec_pty.c:
+ Remove support for the TIOCGSIZE ioctl. Systems that use this rather
+ than TIOCGWINSZ are too old for sudo to build on anyway.
+ [0179b16c70f9]
+
+2017-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c:
+ Set the child pid to -1 after we've waited for it and take care to
+ avoid killing pid -1. This makes it a bit more explicit and removes
+ the need for a separate variable to track the child's status. Sudo
+ already stops processing signals after it receives SIGCHLD so it is
+ not vulnerable to CVE-2017-2616.
+ [1123704858ae]
+
+2017-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Update the description of strict mode to current reality. Aliases
+ haven't needed to be defined before they are used since sudo 1.7.
+ [9dc4ce4ec538]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/visudo.c:
+ Go back to using a Warning/Error prefix in the message printed to
+ stderr for alias problems. Requested by Tomas Sykora.
+ [ad4dc6e34222]
+
+2017-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_openssl.c:
+ fix copyright years
+ [b9f013f95bb2]
+
+2017-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c,
+ plugins/sudoers/filedigest.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c, plugins/sudoers/visudo_json.c:
+ Move the file digest code out of match.c and into filedigest.c.
+ Inspired by RedHat changes that used libgcrypt. Also add
+ digest_type_to_name() to map a sudo digest type (int) to a name
+ (string) and use it.
+ [9213d8c94b8f]
+
+ * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c:
+ Add support for using the message digest functions in OpenSSL
+ instead of sudo's own SHA2 implementation.
+ [d77639c97e43]
+
+ * INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c:
+ Add support for using the message digest functions in libgcrypt
+ instead of sudo's own SHA2 implementation.
+ [0259467c38dd]
+
+ * plugins/sudoers/gmtoff.c:
+ Check for gmtime() or localtime() returning NULL and just use a zero
+ offset in that case. Should not be possible.
+ [ed210dd8bf46]
+
+2017-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers2ldif:
+ Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE
+ and NOTAFTER.
+ [d0310b017c78]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/timestr.c:
+ strftime() was in C89 so use it unconditionally.
+ [87bf66aa18fd]
+
+ * MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_debug.h,
+ lib/util/sudo_debug.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c,
+ plugins/sudoers/gmtoff.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_gentime.c,
+ plugins/sudoers/regress/sudoers/test19.in,
+ plugins/sudoers/regress/sudoers/test19.json.ok,
+ plugins/sudoers/regress/sudoers/test19.out.ok,
+ plugins/sudoers/regress/sudoers/test19.toke.ok,
+ plugins/sudoers/regress/visudo/test10.out.ok,
+ plugins/sudoers/regress/visudo/test10.sh,
+ plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add NOTBEFORE and NOTAFTER command options similar to what is
+ already available in LDAP.
+ [3ba0f9567f83]
+
+2017-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [f2876eadc1f5]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
+ Bump version to 1.11 for timeout entry in settings[]
+ [7b288e4bab93]
+
+ * doc/sudo.conf.cat, doc/sudo_plugin.cat, doc/sudoers.ldap.cat,
+ doc/sudoreplay.cat, doc/visudo.cat:
+ regen
+ [8c059a57d367]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in:
+ Add a command line option to specify the command timeout, as long as
+ sudoers does not specify a shorter time limit.
+ [a8ef7f923d0a]
+
+2017-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Better error message when the timeout value does not parse.
+ [2360fb093e3e]
+
+ * plugins/sudoers/timeout.c:
+ set errno to ERANGE not EOVERFLOW on range error
+ [9654e1acab0d]
+
+2017-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [46a124dd72aa]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h:
+ Merge command tags, SELinux type/role and Solaris privs settings
+ into "command options". This relaxes the order of things so tags and
+ other options can be interspersed.
+ [0970fd78cbe8]
+
+ * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/mkdefaults, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/sudoers/test17.in,
+ plugins/sudoers/regress/sudoers/test17.json.ok,
+ plugins/sudoers/regress/sudoers/test17.out.ok,
+ plugins/sudoers/regress/sudoers/test17.toke.ok,
+ plugins/sudoers/regress/sudoers/test18.in,
+ plugins/sudoers/regress/sudoers/test18.json.ok,
+ plugins/sudoers/regress/sudoers/test18.out.ok,
+ plugins/sudoers/regress/sudoers/test18.toke.ok,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo_json.c:
+ Add support for command timeouts in sudoers. After the timeout, the
+ command will be terminated.
+ [a36a748e9324]
+
+ * doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h:
+ Split out tags again so they must precede the command and not allow
+ them to be mixed in with options.
+ [e7e7d60316cc]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Only inherit SELinux role/type and Solaris privilege sets if the
+ command does not include any. Previously, a command with only a role
+ would inherit a type from the previous command which is not what was
+ intended.
+ [171a3ad972e7]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ List SELinux role/type for "sudo -l" with LDAP and SSSd backends.
+ Also fix printing of the timeout.
+ [740723a49ab5]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Plug some memory leaks found by ASAN.
+ [08189098a5b6]
+
+ * plugins/sudoers/Makefile.in:
+ Only inhibit ASAN leak detector for tests that result in a parse
+ error. The parser cannot currently clean up completely on error.
+ [b2f82dcd2545]
+
+ * plugins/sudoers/rcstr.c:
+ supress cppcheck memory leak false positive
+ [e0caf2275a44]
+
+ * lib/util/strtoid.c:
+ fix typo that prevented compilation on FreeBSD
+ [27866f6a2b5e]
+
+2017-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/Makefile.in:
+ Link vsyslog.lo directly into vsyslog_test to make sure the syslog()
+ stub gets called. Otherwise, the real syslog will get called via
+ libutil on AIX.
+ [693bc8411a98]
+
+ * lib/util/regress/vsyslog/vsyslog_test.c:
+ Fix final test with a format > 2048 bytes. Keep track of tests run
+ in the syslog() stub so we can detect if the stub is not being
+ called.
+ [d10d784446c1]
+
+ * lib/zlib/deflate.c:
+ avoid redefining the MIN macro
+ [45b7b0ba0f01]
+
+ * plugins/sudoers/parse.h, plugins/sudoers/timestr.c:
+ Include parse.h in timestr.c which is where function prototype
+ lives.
+ [3ec9ec84a84c]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix for including a sudoers file that begins with the letter 'i'.
+ The hack to determine whether we are parsing an include or
+ includedir is no longer safe now that relative include paths are
+ permitted. Bug #776.
+ [4d9691a43867]
+
+2017-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Display the value of syslog_maxlen in sudo -V output.
+ [0841ad36531c]
+
+2017-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add ignore_unknown_defaults flag to ignore unknown Defaults entries
+ in sudoers instead of producing a warning.
+ [a7fdb44677dd]
+
+2017-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Always set the close-on-exec bit on the fd used to generate the
+ digest (i.e. the command to run) on systems that lack fexecve(2).
+ That way we don't need to explicitly close it using #ifdefs.
+ [f840a22fac1c]
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ca.mo,
+ po/ca.po, po/eo.mo, po/eo.po, po/sv.mo, po/sv.po:
+ sync with translationproject.org
+ [57e877674892]
+
+ * NEWS:
+ first updates for 1.8.20
+ [118208688b08]
+
+ * configure, configure.ac:
+ sudo 1.8.20
+ [6cba125ea903]
+
+2017-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/LICENSE, lib/zlib/adler32.c, lib/zlib/compress.c,
+ lib/zlib/crc32.c, lib/zlib/deflate.c, lib/zlib/deflate.h,
+ lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
+ lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c,
+ lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c,
+ lib/zlib/trees.c, lib/zlib/uncompr.c, lib/zlib/zconf.h.in,
+ lib/zlib/zlib.exp, lib/zlib/zlib.h, lib/zlib/zutil.c,
+ lib/zlib/zutil.h:
+ update zlib to version 1.2.11
+ [75a563663083]
+
+2017-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Fix fdexec=never when a digest is present.
+ [49d3ab5baad0]
+
+2017-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/match.c:
+ Add new fdexec sudoers setting to allow choose whether execve() or
+ fexecve() is used.
+ [6a7623aa9a64]
+
+ * src/exec.c, src/exec_pty.c:
+ Close execfd in parent processes where it is not needed.
+ [f44e334d43e2]
+
+2017-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Add support for digest matching when the command is a glob-style
+ pattern or a directory. For example:
+
+ millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/
+ millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/*
+
+ would only match /bin/ls (assuming the digest matches).
+
+ Previously, only explicit path matches checked the digest.
+ [d4f6822ba9bb]
+
+2017-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
+ Add support for SASL_MECH in ldap.conf; Bug #764
+ [d057bb7f2ddc]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix documentation bug, the contents of env_file have never been
+ subject to env_keep or env_check. However, variables are only added
+ if they have not already been preserved.
+ [4483b1b44709]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ examples/sudoers:
+ Safer example for rule that can change non-root passwords. GNU
+ getopts allows options to follow arguments so we need to be able to
+ deny things like "passwd root -q". From Paul "Joey" Clark. Bug #772
+ [c809f1372811]
+
+2017-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Don't overwrite the return value of ldap_sasl_interactive_bind_s()
+ by the subsequent call to sudo_set_krb5_ccache_name(). From Paul
+ Zirnik of SUSE.
+ [448baff2b586]
+
+ * plugins/sudoers/env.c:
+ In sudo_unsetenv_nodebug(), decrement envp.env_len after removing
+ the variable. From Paul Zirnik of SUSE.
+ [3d87a008671c]
+
+2017-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/Makefile.in:
+ only run vsyslog_test if it exists
+ [5323dfcfb009]
+
+ * MANIFEST, configure, configure.ac, lib/util/Makefile.in,
+ lib/util/regress/vsyslog/vsyslog_test.c:
+ Add regress for vsyslog replacement.
+ [1f767b8f5940]
+
+2017-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Define HAVE_NANOSLEEP if we find nanosleep in librt
+ [ec8d949bf411]
+
+ * configure, configure.ac:
+ sudo_nanosleep not nanosleep in util.exp.in
+ [18a3bca78962]
+
+ * configure, configure.ac:
+ add nanosleep to util.exp.in if needed
+ [6ac2e9266d67]
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.19p2
+ [9c15593a007a]
+
+ * lib/util/vsyslog.c:
+ Double the size of new_fmt[] and remove an extraneous break in the
+ %m handling that was leftover from an earlier edit.
+ [fcb28dc9cd4e]
+
+ * lib/util/vsyslog.c:
+ Fix typo, want vsnprintf not snprintf.
+ [2717f2125ecd]
+
+ * plugins/sudoers/logging.c:
+ move va_start() in mysyslog()
+ [b58ec40bbfc3]
+
+ * plugins/sudoers/sudoers.c:
+ Only treat failure of expand_iolog_path() as fatal if
+ ignore_iolog_errors is not set.
+ [1ba009311cf7]
+
+2017-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/nanosleep.c,
+ mkdep.pl, src/exec_pty.c:
+ When waiting for the parent to grant us the tty, use nanosleep
+ instead of spinning to avoid hogging the CPU.
+ [76335b380d7c]
+
+ * src/sudo.c:
+ Use ROOT_UID instead of 0
+ [5ed03a4e0b0b]
+
+2017-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [99b26e2c523d]
+
+2017-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/interfaces.c,
+ plugins/sudoers/regress/visudo/test9.out.ok,
+ plugins/sudoers/regress/visudo/test9.sh, plugins/sudoers/visudo.c:
+ Fix crash in visudo introduced in sudo 1.8.9 when an IP address or
+ network is used in a host-based Defaults entry. Bug #766
+ [ff9001f126b5]
+
+2017-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, doc/LICENSE:
+ Avoid using the system strnlen/strndup on AIX < 6. Even if configure
+ correctly detects it is working on the build machine, the sudo
+ package may be run on a system with an old libc were it is broken.
+ [28d148db0aaa]
+
+2016-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.19p1
+ [7bfd43fa5caf]
+
+ * plugins/sudoers/defaults.c:
+ Fix logic bug when matching syslog priority and facility.
+ [576cc9eb850f]
+
+ * doc/HISTORY:
+ Dell spun off Quest so simplify the history by just talking about
+ Quest and not Dell.
+ [a66120495435]
+
+2016-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/LICENSE:
+ Fix copyright year
+ [3122e55195a6]
+
+ * NEWS:
+ typo
+ [ffe9e84928b6]
+
+2016-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_compat.h:
+ HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2
+ is, we need to check its value, not whether it is defined.
+ [849eb3113149]
+
+2016-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po:
+ sync with translationproject.org
+ [abf5d356a33b]
+
+2016-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo,
+ po/sr.po:
+ sync with translationproject.org
+ [fec672d5a4c7]
+
+ * config.h.in, configure.ac, include/sudo_compat.h,
+ plugins/sudoers/pwutil_impl.c, src/sudo.c:
+ Use getgrouplist_2() on macOS if available.
+ [3bf58af56d18]
+
+2016-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [3f4d52230317]
+
+ * plugins/sudoers/interfaces.c:
+ In set_interfaces() treat a parse error as fatal.
+ [7d0048108b1d]
+
+2016-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/regress/atofoo/atofoo_test.c:
+ Fix a clang warning on macOS
+ [58e9d192e907]
+
+2016-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ko.mo,
+ po/ko.po, po/vi.mo, po/vi.po:
+ sync with translationproject.org
+ [99cce0f5fddc]
+
+ * NEWS:
+ update for 1.8.19b2
+ [18cfc9b8b8e7]
+
+ * plugins/sudoers/timestamp.c:
+ Ignore a boot time that is in the future, which can happen when the
+ clock is corrected down after boot. Otherwise, the timestamp file
+ will be unlinked each time sudo is run and a password is always
+ required.
+ [dd3b2b7ae709]
+
+2016-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
+ Allow syslog priority to be negated or set to "none" to disable
+ logging successes or failures.
+ [624eddac4ab1]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ Allow stdin and ttyin to be displayed too. The only one that is
+ really useful in sudoreplay is stdin when input is from a pipe.
+ [5aa8b3a90c84]
+
+ * src/regress/noexec/check_noexec.c:
+ Solaris 10 wordexp() returns 127 on execve() failure like popen()
+ does.
+ [f927c50dda17]
+
+ * config.h.in, configure, configure.ac, include/sudo_debug.h,
+ lib/util/regress/atofoo/atofoo_test.c, lib/util/strtoid.c,
+ lib/util/sudo_debug.c, lib/util/util.exp.in:
+ id_t is 64-bits on FreeBSD so use strtoll() there. Fixes the strtoid
+ regress.
+ [448a9857e89f]
+
+2016-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ fix typo
+ [92ea657a87f5]
+
+ * plugins/sudoers/sudoers.c:
+ Fix the "all" setting for verifypw and listpw; nopass would never be
+ true even if all the user's entries had the NOPASSWD tag. Regression
+ introduce in sudo 1.8.17. Bug #762
+ [c672e3ebfbe2]
+
+2016-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/cs.mo,
+ plugins/sudoers/po/cs.po, plugins/sudoers/po/da.mo,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/el.mo, plugins/sudoers/po/eo.mo,
+ plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/hu.mo,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
+ plugins/sudoers/po/lt.mo, plugins/sudoers/po/nb.mo,
+ plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.mo,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/ru.mo, plugins/sudoers/po/sk.mo,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sr.mo,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo,
+ plugins/sudoers/po/zh_CN.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po,
+ po/es.mo, po/es.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po,
+ po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, po/ko.po,
+ po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po,
+ po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po:
+ sync with translationproject.org
+ [8a4ab570d132]
+
+2016-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/openbsd.c:
+ Just use malloc_options "S" on OpenBSD instead of "AFGJPR".
+ [2851cd2da1c7]
+
+2016-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update year in license
+ [e370bf3d1035]
+
+2016-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [d524f0306467]
+
+ * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat:
+ regen
+ [185328ea20c3]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/visudo.c, src/sudo.c:
+ Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register()
+ and check for it in places where we check the return value of
+ sudo_debug_register().
+ [d1e74c5f21a6]
+
+2016-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update for 1.8.19
+ [b248866c511d]
+
+2016-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c:
+ Add support for getpwnam_shadow() on OpenBSD
+ [4db7ed374c33]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, plugins/sudoers/policy.c, src/sudo.c:
+ Add umask to user_info passed in from the front end to the plugin.
+ [4a4eee52a717]
+
+ * plugins/sudoers/auth/rfc1938.c:
+ Fix sign compare warning.
+ [8732d632cbff]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac, m4/ax_append_flag.m4,
+ m4/sudo.m4:
+ Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct
+ modification of LDFLAGS.
+ [c1464dcd45e0]
+
+ * MANIFEST, configure, configure.ac, plugins/sudoers/aixcrypt.exp:
+ Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where
+ crypt() was not exported.
+ [785d57666d41]
+
+ * doc/TROUBLESHOOTING:
+ Remove obsolete solaris issue with snprintf
+ [3ce6cc899026]
+
+ * INSTALL:
+ SunOS 4.x is no longer supported
+ [2239eb30ff2c]
+
+2016-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/regress/sudo_conf/test1.in, lib/util/sudo_conf.c:
+ Plug memory leak when a particular Path is set more than once.
+ [debc97dac01d]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions and
+ use them to parse negated entries instead of doing it manually.
+ [12010b64afe5]
+
+ * plugins/sudoers/ldap.c:
+ Fix printing of sudoedit_follow in "sudo -l"
+ [2094a8f880c4]
+
+ * plugins/sudoers/sssd.c:
+ For "sudo -l" print sudoOption sudoedit_follow as FOLLOW.
+ [9c860b1fa721]
+
+ * config.h.in, configure, configure.ac, include/sudo_conf.h,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_conf/test1.out.ok, lib/util/sudo_conf.c,
+ lib/util/util.exp.in, plugins/sudoers/policy.c, src/exec_common.c,
+ src/load_plugins.c, src/parse_args.c:
+ Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH,
+ _PATH_SUDO_PLUGIN_DIR, even if only defined to NULL. This means the
+ accessors can always be present.
+
+ Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
+ noexec is available.
+
+ Add ENABLE_SUDO_PLUGIN_API and use it instead of
+ _PATH_SUDO_PLUGIN_DIR to tell when the plugin API is available.
+
+ Add sudo_conf_clear_paths() to clear the path values so the regress
+ tests are not affected by compile-time settings.
+ [2b05e4a143d9]
+
+ * plugins/sudoers/ldap.c:
+ Use readline() in sudo_ldap_read_secret()
+ [3f0506e5cbe3]
+
+2016-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/sudo_conf.c:
+ Get rid of struct sudo_conf_paths and just use #defined index values
+ to access the path values. Make all accessors available even when
+ the feature is not enabled.
+ [58d1ec6170a8]
+
+ * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ mkdep.pl, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS
+ to prevent libtool from strippign them out. Avoid using ASAN flags
+ when building sudo_noexec.so.
+ [9644dd92e586]
+
+2016-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Disable noexec for HP-UX 10.x which probably doesn't support
+ LD_PRELOAD
+ [d87bc5ea4688]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c:
+ Remove SunOS 4 support, it is not modern enough to run sudo.
+ [b6e15f8360b6]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c:
+ Remove HP-UX 9 support, it is not modern enough for sudo.
+ [226dda48c1e1]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/getspwuid.c:
+ Remove Ultrix support, modern sudo can't run on Ultrix anyway.
+ [95a11ef29a2b]
+
+ * MANIFEST, configure, configure.ac, lib/util/sudo_conf.c,
+ src/Makefile.in, src/exec_common.c,
+ src/regress/noexec/check_noexec.c, src/sudo_exec.h:
+ Add regress for noexec functionality
+ [2cadd8e04677]
+
+ * src/Makefile.in:
+ Unbreak sudo_noexec on macOS where shared libraries and dynamic
+ modules are different. We still want to install sudo_noexec.so
+ without the "lib" prefix so some hackery is required.
+ [93d7b69491a1]
+
+ * configure, configure.ac:
+ Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above.
+ [92cad0180239]
+
+2016-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Need to link sudo_noexec.so with -ldl for dlsym() on some platforms.
+ Otherwise, the wordexp(3) wrapper will fail due to an undefined
+ symbol. Bug #761
+ [120a317ce25b]
+
+ * plugins/sudoers/visudo.c:
+ In strict mode, go to the file/line with an undefined aliases or
+ aliases cycle directly.
+ [b4f51b79bd9e]
+
+2016-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/visudo.c:
+ Store the file/lineno for alias and userspec entries so we can
+ provide that info if there is an error.
+ [7deb4e41ca7b]
+
+2016-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/rcstr.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c:
+ Add simple reference-counted string allocator and use it for passing
+ around references to the sudoers path. This lets us avoid making
+ copies of the sudoers path for the errorfile as well as each
+ Defaults entry.
+ [afcff7b5b647]
+
+ * lib/util/sha2.c:
+ Cast len from size_t to uint64_t before bit shifting since we are
+ adding to count which is also uint64_t. Quiets a PVS-Studio warning.
+ [167210670b30]
+
+2016-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/visudo/test7.out.ok,
+ plugins/sudoers/regress/visudo/test7.sh,
+ plugins/sudoers/regress/visudo/test8.err.ok,
+ plugins/sudoers/regress/visudo/test8.out.ok,
+ plugins/sudoers/regress/visudo/test8.sh:
+ Add checks for sudoers_locale early Defaults
+ [582c08c9418c]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Add the argument vector allocated for -s and -i mode to the garbage
+ collector list. Avoids an ASAN warning on exit when the -s or -i
+ flags are used.
+ [652691a5216b]
+
+2016-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ add missing sudo_pw_delref/sudo_gr_delref to plug memory leak
+ [c4ba4c26e0c1]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c:
+ Go back to parsing Defaults entries in update_defaults instead of as
+ sudoers is read. Otherwise, we cannot properly support early
+ defaults like sudoers_locale.
+ [ff1328a86b97]
+
+ * mkpkg:
+ Use expr instead of POSIX sh numerical expression to avoid a syntax
+ error on older shells.
+ [638383bb40d5]
+
+2016-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
+ Bump plugin minor version to 10 for sudo_mode, sudo_group and
+ sudo_user.
+ [0c65dc1f2874]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Fix a bug in host matching where a negated sudoHost entry would
+ prevent other sudoHosts following it from matching.
+ [40cbd5790106]
+
+ * plugins/sudoers/defaults.c:
+ Zero out sd_un before calling parse_default() so we don't try to
+ free stack garbage in the ldap/sssd backends.
+ [6b64a8e3a19d]
+
+2016-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use "ret", not "rc" for the function return value.
+ [fdfe637adee6]
+
+ * include/sudo_compat.h, lib/util/strtomode.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c, src/sudo_edit.c:
+ Use sys/stat.h defines instead of bare octal values.
+ [215c80e09830]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/policy.c:
+ Pass iolog mode, group and user from policy plugin to I/O log
+ plugin.
+ [1ed4967771c8]
+
+2016-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c:
+ Instead of parsing sudoers Defaults twice, parse once while reading
+ sudoers and then just set the parsed value in update_defaults().
+ [370d51681c6e]
+
+ * plugins/sudoers/defaults.c:
+ Use "struct defaults *d" instead of "struct defaults *def"
+ throughout for consistency and to avoid confusino with "struct
+ def_values *def". Use "str" not "var" for the string argument to
+ convert and store in sd_un for the store_* functions.
+ [5cc3efc609df]
+
+ * plugins/sudoers/parse.c:
+ In display_bound_defaults() rename dtype arg -> deftype.
+ [b3323960e1db]
+
+2016-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/regress/sudo_conf/test4.err.ok,
+ lib/util/regress/sudo_conf/test5.err.ok,
+ plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test3.err.ok:
+ Update error output to match quoting changes.
+ [27bbf5004d1e]
+
+ * plugins/sudoers/defaults.c:
+ Avoid passing in a struct sudo_defs_types pointer to the store
+ functions. Pass in a pointer to the union to fill instead.
+ [ea956d00aae3]
+
+ * plugins/sudoers/defaults.h:
+ no longer need struct defaults forward referebce
+ [21e34ca85de5]
+
+2016-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/sudo_conf.c, plugins/sudoers/alias.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c, src/load_plugins.c:
+ Use "double quotes" in messages instead of a combination of the
+ accent (grave) mark and apostrophe.
+ [10dee3ecf3e1]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Add file:linenumber prefix to all Defaults warnings so we can see
+ them when running sudo too. For LDAP/SSSD we print the sudoRole
+ instead of the file name and omit the line number.
+ [5c6b95cd3792]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Use sudoedit in examples instead of "sudo vi"
+ [6008c208682c]
+
+2016-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c:
+ Only treat an unknown Defaults entry as a parse error in visudo, not
+ in sudo itself.
+ [8d8aa7ac5a32]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/visudo.c:
+ Instead of checking Defaults values after the fact, check them at
+ sudoers parse time. This makes it possible to display the file and
+ line number with the problem and for visudo to go right to the
+ error.
+ [ac66bd690d05]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h:
+ Refactor freeing of a member_list into free_members().
+ [d29daa01bb9c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ add_defaults() now calls sudoerserror() itself instead of the caller
+ assuming any error means out of member.
+ [a25e51321e0b]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/mkdir_parents.c:
+ s/rval/ret/g -- old habits die hard
+ [fa55d08b233a]
+
+2016-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse
+ error.
+ [052b0e112839]
+
+ * plugins/sudoers/visudo.c:
+ The fix for Bug #408 broke editing of files in an include dir that
+ have a syntax error. Normally, visudo does not edit those files, but
+ if a syntax error is detected in one, the user gets a chance to fix
+ it.
+ [6b00f9bfff31]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c:
+ Make a copy of the current sudoers path when assigning errorfile.
+ Fixes a potential use after free in visudo when there is an error in
+ one of the include files.
+ [eb6db5d15b61]
+
+ * plugins/sudoers/sudoers_debug.c:
+ sudoers_debug_register() was not setting the active debug instance
+ to sudoers_debug_instance when called from the I/O log plugin. This
+ is because it relied on sudo_debug_register to do that but
+ sudoers_debug_parse_flags() doesn't set debug_files[]
+ sudoers_debug_instance is already set (we can only init sudoers
+ debug once).
+
+ To work around this, just make sudoers_debug_instance the active
+ debug instance in sudoers_debug_register() when it is already set.
+ [71b0221c8c28]
+
+ * src/load_plugins.c:
+ Fix pasto when setting I/O plugin debug files
+ [03c3aab22e65]
+
+ * plugins/sudoers/iolog.c:
+ use cp instead of *cur when comparing against plugin_path
+ [f2dfe69549f5]
+
+2016-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/mkdir_parents.c:
+ In sudo_mkdir_parents() inherit the gid of / instead of using gid 0
+ for the first component.
+ [5f2bf33bccb5]
+
+ * plugins/sudoers/iolog.c:
+ We want to inherit the gid from the parent directory when not
+ setting permissions on intermerdiate directories.
+ [845f5a20b5fa]
+
+2016-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/mkdir_parents.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c:
+ Move io_mkdir_parents() to its own file and use it in ts_mkdirs().
+ [c1d55f588a60]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Make the I/O log file/dir permissions and owner configurable.
+ [e7a74f3dfa56]
+
+ * lib/util/Makefile.in, mkdep.pl:
+ Add vsyslog.lo
+ [18362a9ae32e]
+
+ * configure, configure.ac:
+ sudo 1.8.19
+ [97743604e6e3]
+
+2016-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c:
+ Don't try to syntax check an unrecognized Defaults value in visudo.
+ [e4972655b5d3]
+
+2016-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Create I/O log files with the same gid as the parent directory.
+ [0da5824e006d]
+
+ * plugins/sudoers/ldap.c:
+ Check for sudo_ldap_result_last_search() returning NULL. This can't
+ happen in practice because we always call
+ sudo_ldap_result_add_search() first which guarantees there is a
+ result to be found. Quiets a PVS-Studio warning.
+ [4f6074f40fbc]
+
+ * src/exec_pty.c:
+ Quiet a PVS-Studio warning about the spin loop when waiting for the
+ parent to assign us the terminal pgrp.
+ [d063a283477b]
+
+ * plugins/sudoers/env.c:
+ Fix incorrect strncmp() lengths. The check for USERNAME was only
+ looking at the first 5 characters (copy and paste error). The check
+ for SUDO_PS1 was not checking the trailing '=' character (off by one
+ error). Found by PVS-Studio.
+ [297380eb6940]
+
+ * plugins/sudoers/env.c:
+ When checking for old-style bash functions in the environment, check
+ for values starting with "() " (note the trailing space) rather than
+ "()". Bash will only treat the value as a function if the space
+ after "()" is present. The trailing space was already present in the
+ compare string but when it was added, the length passed to strncmp()
+ was not updated from 3 to 4. Found by PVS-Studio. No security
+ impact.
+ [7e35f39d356b]
+
+ * plugins/sudoers/set_perms.c:
+ Add some missing casts from uid_t/gid_t to int when printing uid/gid
+ values. We print these as signed so a value of -1 (no change) is
+ obvious. Quiets PVS-Studio warnings.
+ [9773e5b166e1]
+
+ * plugins/sudoers/timestamp.c:
+ def_timestamp_timeout is a double so compare against 0.0 not 0 to
+ avoid making it appear to be an integer type.
+ [8675db470ab7]
+
+ * plugins/sudoers/defaults.c:
+ When checking syslog facility or priority, move the string compare
+ into the body of the loop and return if it matches. If we finish the
+ loop it means we didn't find a match. This makes the code a little
+ bit more readable.
+ [d1df1649a01e]
+
+ * lib/util/strlcpy.c, lib/util/strnlen.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/logging.c,
+ plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec_pty.c:
+ Replace bare ";" in the body of for() loops with "continue;" for
+ improved readability.
+ [92eff8dbe5f8]
+
+2016-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Update from http://git.savannah.gnu.org/gitweb/?p=config.git
+ [86e6144dfdd7]
+
+ * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
+ m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to libtool 2.4.6
+ [8d85d9e8687b]
+
+2016-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/vsyslog.c:
+ Use a static buffer if possible.
+ [758ce6478994]
+
+ * MANIFEST, configure, configure.ac, include/sudo_compat.h,
+ lib/util/vsyslog.c, plugins/sudoers/logging.c:
+ add vsyslog() for systems without it.
+ [c6457f333252]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ There are now 14 tag values, not 10. Don't bother mentioning the
+ number since it keeps increasing. Bug #759
+ [17e4c900dc12]
+
+2016-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/logging.c:
+ Use vsyslog() if available.
+ [ea9b7a51eaec]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.c:
+ Add syslog_maxlen to control the max size of syslog messages.
+ [5f9872d2073f]
+
+2016-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/tgetpass.c:
+ Don't generate SIGTOU when restoring the terminal modes. It doen't
+ make sense to suspend the process only to restore the terminal
+ settings since in this case the shell has already taken ownership of
+ the tty.
+ [981c26f3fc8f]
+
+ * plugins/sudoers/sudoreplay.c, src/exec_pty.c, src/tgetpass.c:
+ The flush parameter of sudo_term_restore() is bool, not int.
+ [c2597f1881f3]
+
+2016-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Add wordexp() to the list of functions wrapped by sudo_noexec.so.
+ [2e847ce3f02f]
+
+2016-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_noexec.c:
+ Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on
+ AIX 5.1 at least.
+ [167a518d8129]
+
+ * src/sudo_noexec.c:
+ add missing guard around wordexp()
+ [7b8357b0a358]
+
+ * NEWS:
+ expand on 1.8.18p1 changes
+ [f560e06ad584]
+
+2016-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.18p1
+ [a36e17d1c5db]
+
+ * config.h.in, configure, configure.ac, src/sudo_noexec.c:
+ Fix configure check for seccomp filter on Linux
+ [5d88d7cda853]
+
+2016-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, src/sudo_noexec.c:
+ Use a seccomp filter on Linux to disable execve(2) and execveat(2).
+ This still relies on LD_PRELOAD to work so it has the same issues as
+ the existing mether with respect to running 32-bit binaries on a
+ 64-bit kernel.
+ [59d76bdc0f0c]
+
+ * src/Makefile.in:
+ regen
+ [9e313cb0900b]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [5ca77049e5cd]
+
+2016-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, config.h.in, configure, configure.ac, src/sudo_noexec.c:
+ Wrap wordexp(3) in sudo_noexec.
+ [e7d09243e51b]
+
+2016-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Clean .json files created by "make check"
+ [d214117fbda1]
+
+2016-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * po/ca.mo, po/da.mo, po/eo.mo, po/es.mo, po/eu.mo, po/fi.mo,
+ po/gl.mo, po/hr.mo, po/hu.mo, po/ko.mo, po/nl.mo, po/ru.mo,
+ po/sk.mo, po/sl.mo, po/sr.mo, po/tr.mo:
+ recompile .po files
+ [3d91cbf75744]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Fix matching when no sudoRunAsUser is present in a sudoRole. If only
+ a sudoRunAsGroup is present, match on the invoking user if the -g
+ option was specified and the group matched. If no sudoRunAsGroup is
+ present and the -g option was specified, allow it if it matches the
+ passwd gid of the runas user. This matches the behavior of the
+ sudoers backend.
+ [e1a52c34da5e]
+
+ * plugins/sudoers/match.c:
+ runas_pw can no longer be NULL
+ [020c6ddcae11]
+
+2016-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ RunAsGroup without RunAsUser issues
+ [52d1547c9d3a]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ user_matched and group_matched must be type int, not bool
+ [204d8de97a05]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
+ Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding
+ whether to check runas user/group instead of checking runas_pw or
+ runas_gr.
+ [d17f223e8313]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ When matching against runas_default use userpw_matches() instead of
+ just strcasecmp().
+ [ce70077c5861]
+
+ * plugins/sudoers/testsudoers.c:
+ Set RUNAS_USER_SPECIFIED when -u is specified and/or
+ RUNAS_GROUP_SPECIFIED when -g is specified.
+ [fa7a1035a058]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Fix printing of the default runas user when a RunAsGroup is
+ specified but no RunAsUser is present.
+ [c05dabd194a1]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Only match against runas_default if both sudoRunAsUser and
+ sudoRunAsGroup are missing.
+ [019084f428b2]
+
+ * plugins/sudoers/match.c:
+ runas_pw can no longer be NULL here
+ [e73dcebafa15]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
+ Update check for whether or not the runas user was set in the ldap
+ and sssd backends to match the sudoers file backend. Introduces the
+ runas_user_set() macro to improve readability. Previously, runas_pw
+ was set late, now it is set before checking sudoers.
+ [d8280d8a96c9]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Document that negated sudoHosts are only supported by 1.8.18 and
+ higher.
+ [f56824fe61bc]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Disable Address Sanitizer leak detection for tests which generate
+ parse errors. The parser leaks a bit on error.
+ [4b0ddb11df3a]
+
+ * plugins/sudoers/sssd.c:
+ Fix underflow in get_ipa_hostname() when trimming trailing
+ whitespace.
+ [875f2f5cd363]
+
+2016-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Document negated sudoHost entries.
+ [41d9853f89f7]
+
+ * plugins/sudoers/sssd.c:
+ Support negated sudoHost entries.
+ [7c25f9111633]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Document negated sudoHost entries.
+ [6c8444c6bc6c]
+
+ * plugins/sudoers/ldap.c:
+ Support negated sudoHost entries.
+ [1899906b8ef4]
+
+2016-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Don't check the username when matching a host netgroup unless
+ def_netgroup_tuple is enabled.
+ [238c8064542f]
+
+ * plugins/sudoers/match.c:
+ Move valid domain name check into a new valid_domain() function. Fix
+ memory leak if getdomainname(2) fails and avoid using heap garbage
+ for the domain name matching in this case.
+ [946f2441c90a]
+
+2016-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo,
+ po/it.po:
+ sync with translationproject.org
+ [40eab0801eae]
+
+2016-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Add back line mistakenly removed in 0cf2a9351740
+ [8622c83c1474]
+
+ * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
+ po/nb.po:
+ sync with translationproject.org
+ [f180826bb77b]
+
+2016-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Bug #757
+ [de67bc9e26f8]
+
+ * plugins/sudoers/sudoers.c:
+ Fix typo that broke short host name matching when the fqdn flag is
+ enabled. Bug #757
+ [605c03afc80f]
+
+2016-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_debug.h, lib/util/aix.c, lib/util/fnmatch.c,
+ lib/util/getgrouplist.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/strtoid.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec.c,
+ src/exec_pty.c, src/get_pty.c, src/hooks.c, src/load_plugins.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c,
+ src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c,
+ src/utmp.c:
+ Be consistent with the naming of the variable used to store the
+ function return value. Previously, some code used "rval", some used
+ "ret". This standardizes on "ret" and uses "rc" for temporary return
+ codes.
+ [017866310d24]
+
+2016-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ca.po, plugins/sudoers/po/cs.mo,
+ plugins/sudoers/po/cs.po, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/el.po, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.po, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/hu.po, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/ko.po, plugins/sudoers/po/lt.po,
+ plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/ru.po, plugins/sudoers/po/sk.po,
+ plugins/sudoers/po/sl.po, plugins/sudoers/po/sr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo,
+ plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo,
+ plugins/sudoers/po/zh_CN.po, po/ca.po, po/cs.mo, po/cs.po, po/da.po,
+ po/de.mo, po/de.po, po/eo.po, po/es.po, po/eu.po, po/fi.po,
+ po/fr.mo, po/fr.po, po/gl.po, po/hr.po, po/hu.po, po/it.po,
+ po/ja.mo, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/pl.mo,
+ po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.po, po/sk.po, po/sl.po,
+ po/sr.po, po/sv.mo, po/sv.po, po/tr.po, po/uk.mo, po/uk.po,
+ po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ sync with translationproject.org
+ [6312962695df]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, po/nn.mo, po/nn.po:
+ Norwegian Nynorsk translation of sudo from translationproject.org
+ [05203a266265]
+
+ * NEWS:
+ Fix for Bug #756
+ [89ff21579216]
+
+2016-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ In sudoers_main() avoid setting rval prematurely. Prevents a crash
+ when auditing fails after successfully authenticating. Bug #756
+ [d17a06bce04c]
+
+ * plugins/sudoers/defaults.c:
+ Apply match_group_by_gid early.
+ [1259c7fd66ca]
+
+2016-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update
+ [292a9e21474e]
+
+ * src/ttyname.c:
+ Don't disable large file support for Linux, just SVR4-style /proc.
+ Otherwise, stat(2) may fail on Linux when running a 32-bit sudo on a
+ 64-bit machine. Bug #755
+ [09450ce8b8a8]
+
+2016-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_util.h:
+ Make sudo_parseln() flags hex to make it more obvious that they are
+ bit flags.
+ [b912a078047e]
+
+ * plugins/sudoers/env.c:
+ Don't try to support line continuation in /etc/environment.
+ [d7e30e821c0e]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
+ No line continuation support in ldap.conf.
+ [211caaba2395]
+
+ * include/sudo_util.h, lib/util/parseln.c:
+ Add flag to sudo_parseln() to disable line continuation support.
+ [d2820247fc07]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ A comment character ('#') is only special at the beginning of the
+ line.
+ [b3b67b7e4fc0]
+
+ * include/sudo_util.h, lib/util/parseln.c,
+ lib/util/regress/sudo_parseln/parseln_test.c, lib/util/sudo_conf.c,
+ lib/util/util.exp.in, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudo_nss.c:
+ Add a flags option to sudo_parseln() and a flag to only mach
+ comments at the beginning of the line. Use the flag when parsing
+ ldap.conf.
+ [40c560fc9a10]
+
+ * src/sudo.c:
+ If get_process_ttyname() fails for errno != ENOENT, just warn
+ instead of making it a fatal error. Bug #755
+ [1a028b861801]
+
+2016-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/mkdefaults:
+ use strict
+ [681281bc0f6d]
+
+ * plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
+ Define def_foo in terms of the I_FOO index instead of a bare number.
+ [abb119f84ae6]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ sync with translationproject.org
+ [d339717f8692]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention that match_group_by_gid has no effect when sudoers is stored
+ in LDAP.
+ [5eb6ae45c699]
+
+ * include/sudo_compat.h, src/sudo.c:
+ Use W_EXITCODE to construct the wait status if sudo could not
+ execute the command. Fixes the sudo exit value for exec(3) failure.
+ [95eae2d60292]
+
+ * src/exec.c:
+ fix brace style
+ [54448c10b6b5]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [794b06ba727b]
+
+ * src/sudo.c:
+ It is possible for get_user_info() to fail for reasons other than
+ ENOMEM so print the warning message there rather than in main().
+ [8c24df8d6b78]
+
+2016-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ match_group_by_gid is only available in sudo 1.8.18 and above
+ [dd237eb540d0]
+
+ * doc/UPGRADE:
+ Mention match_group_by_gid
+ [417f27e9059a]
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document match_group_by_gid
+ [2234997acb8d]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/pwutil.c:
+ Add match_group_by_gid Defaults option to allow sites with slow
+ group lookups and a small number of groups in sudoers to match
+ groups by group ID instead of by group name.
+ [20714580da96]
+
+2016-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention "sudo -l command" bug fix.
+ [cb8ade186880]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Fix "sudo -l command" in the LDAP and SSS backends when the command
+ is not allowed.
+ [631038350b2a]
+
+2016-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c:
+ Use sudo_strsplit() instead of doing the equivalent manually.
+ [9eb6d1cc78bd]
+
+2016-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Move SIGPIPE bug fix to 1.8.18 where it belongs
+ [52509fd0100e]
+
+ * plugins/sudoers/defaults.c:
+ Fix memset size typo in previous commit.
+ [e00299f7c50f]
+
+ * plugins/sudoers/regress/visudo/test6.out.ok,
+ plugins/sudoers/regress/visudo/test6.sh:
+ Add regress for check_defaults() use-after-free bug.
+ [0b362678ca10]
+
+ * MANIFEST, plugins/sudoers/defaults.c:
+ Fix use-after-free in check_defaults(), reported by Radovan Sroka of
+ RedHat.
+ [ab3a4227c12f]
+
+2016-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ SIGPIPE bug fix
+ [24c9a12f7e59]
+
+ * src/signal.c:
+ Now that we ignore SIGPIPE in sudo we need to restore it at exec
+ time. Problem reported by Radovan Sroka of RedHat.
+ [3cfa7e3510ff]
+
+2016-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Fix appending to make_opts
+ [abe28b6b7663]
+
+ * NEWS:
+ Add Bug #753 and fix reference to Bug #752.
+ [e8c959e1cd6c]
+
+2016-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/da.mo,
+ po/da.po, po/pt_BR.mo, po/pt_BR.po:
+ sync with translationproject.org
+ [219c3f0aeee7]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen pot files
+ [d0c56a4ff553]
+
+2016-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with logging changes.
+ [f41beca23b99]
+
+ * plugins/sudoers/logging.c:
+ Avoid duplicate warnings when we cannot write to the log file. Also
+ send the warning in mail if possible.
+ [9b8509cff137]
+
+ * plugins/sudoers/iolog.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Move the ignoring of I/O log plugin errors into the I/O log plugin
+ itself.
+ [25b7fd056614]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Make the behavior when we cannot write to a log or audit file
+ configurable. File log failures are ignored by default for
+ consistency with syslog. Audit errors are ignored by default to
+ allow the admin to fix the issue. I/O log file errors are still
+ fatal by default since if I/O logging is activated it is usually to
+ have an audit trail. Bug #751
+ [dbd085e7c736]
+
+2016-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Make sure we print an error message to stderr (and not just send
+ mail) if do_logfile() fails. Bug #751
+ [7884a23a0cdc]
+
+2016-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c:
+ Separate out the supplemental group ID checks from the supplemental
+ group name checks in user_in_group(). We now call sudo_get_gidlist()
+ only when the group name in sudoers begins with a '#' (which is
+ seldom used).
+ [80534785d8b7]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Cache the user's group IDs and group names separately and only
+ resolve group IDs -> names when needed. If the sudoers file doesn't
+ contain groups we will no longer try to resolve all the user's group
+ IDs to names, which can be expensive on some systems.
+ [8ce3564e896e]
+
+2016-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c:
+ Remove the "op" parameter from all the store_foo() functions except
+ store_list() where it is actually needed. For the others, a NULL
+ value indicates the setting was negated. This unconfuses static
+ analyzers (and perhaps humans too).
+ [fca031b57f15]
+
+ * plugins/sudoers/defaults.c:
+ Flags always have a NULL value. Regression introduced by refactor of
+ set_default_entry().
+ [71fe4fad097b]
+
+ * plugins/sudoers/defaults.c:
+ Set rc to true when setting a flag Defaults value.
+ [cf016b6aedd4]
+
+ * src/utmp.c:
+ suppress a cppcheck false positive
+ [0d44aa7cf05c]
+
+ * plugins/sudoers/defaults.c:
+ Refactor the error parts of set_default_entry() so the switch() is
+ mostly just calls to store_foo() functions. Avoids a lot of
+ duplicated error checking and silences a cppcheck false positive.
+ [1112b894007c]
+
+ * plugins/sudoers/defaults.c:
+ In set_default_entry() check for unsupported Defaults type.
+ [beb1ae20179f]
+
+ * lib/util/aix.c:
+ Add missing break in switch that sets the max limit for
+ RLIMIT_NOFILE. Found by cppcheck.
+ [39b1979b1b92]
+
+ * plugins/sudoers/defaults.c:
+ Check sudoers_initlocale return value and treat as oom. Coverity CID
+ 141832
+ [b1cad9d6c49d]
+
+2016-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Set runas_pw early and adjust runaslist_matches() to deal. Since we
+ now set runas_default early there is no need to call update_defaults
+ with SETDEF_RUNAS after sudoers has been parsed.
+ [35e0b08219a8]
+
+2016-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Load sudoers group plugin via an early callback.
+ [0fc4382cd6e4]
+
+ * sudo.pp:
+ System Integrity Protection on Mac OS X won't allow us to write
+ directly to /etc or /var. We must install in /private/{etc,var}
+ instead.
+ [831c78241e78]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that fqdn, runas_default and sudoers_locale are parsed
+ early.
+ [beb4868c449e]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
+ doc/visudo.cat:
+ Regen for 1.8.18
+ [eb4feabb8fee]
+
+2016-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/sssd.c:
+ Avoid passing around struct defaults when it is not needed. As a
+ result, we no longer need to include gram.h in the LDAP and SSSD
+ backends.
+ [14d0bfdc8bd2]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Instead of deferring setting early defaults until we have traversed
+ the entire defaults list, just defer running the callbacks.
+ Otherwise, if the last early default setting we see has a bad value
+ we won't set any defaults of that type even if there was an earlier
+ one that was valid.
+ [552863e5a097]
+
+ * plugins/sudoers/defaults.c:
+ Run callbacks once in set_default_entry() instead of each of the
+ store_foo() functions.
+ [b92b51c67845]
+
+2016-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Use /proc/cpuinfo on Linux instead of running lscpu
+ [450ea436dbe4]
+
+ * mkpkg:
+ If using GNU make on a multi-cpu system, use the -j flag to run make
+ jobs in parallel, up to the number of cpus/cores.
+ [7a6670de96dc]
+
+2016-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Only check SUDO_USER if euid is 0
+ [f42d00c94817]
+
+2016-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Initialize sudo_user based on the SUDO_USER environment variable if
+ present. This allows things like :Defaults:username editor=foo" to
+ work when visudo is run via sudo.
+ [a526d6f74198]
+
+2016-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Add function name in "command resumed" debug message
+ [e209f199a79f]
+
+ * src/exec_pty.c:
+ If waitpid() returns 0 or -1, display a warning, this should never
+ happen. Add a check for unhandled wait status (also should never
+ happen).
+ [983a0b79b527]
+
+ * plugins/sudoers/defaults.c:
+ Flag settings have a NULL value so we can't use that to test whether
+ an entry in struct early_default is set or not. Add a "set" member
+ and use that instead.
+ [68a7c0de9b0e]
+
+2016-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Explicitly check for a continued process with waitpid(2). Otherwise,
+ waitpid() will return 0 when the command is resumed after being
+ suspended, which we were treating the same as -1. Fixes suspend and
+ resume on Linux and probably others.
+ [54a464b116ad]
+
+ * plugins/sudoers/defaults.c:
+ Fix --with-fqdn, the value should be NULL since it is a flag.
+ [95bc8b82911e]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Add support for early defaults to the ldap and sssd backends.
+ [3a034360c177]
+
+2016-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Repair symlink check in sudo_edit_openat_nofollow() on systems
+ without O_NOFOLLOW, it must be done relative to dfd. Previously the
+ lstat() would always fail, possibly leading to a false positive.
+ Also add an early symlink check like in sudo_edit() while here.
+ [f72901c7f7cc]
+
+ * src/sudo_edit.c:
+ On systems that lack the O_NOFOLLOW open(2) flag, check in
+ sudo_edit_open() whether the path to be opened is symlink before
+ opening it. This is racey but we detect losing the last post-open
+ and it is better to fail early if possible. When editing a link to a
+ non-existent file, a zero-length file will be left behind but it is
+ too dangerous to try and remove it after the fact. Bug #753
+ [dac04f305262]
+
+ * src/sudo_edit.c:
+ Update debug_decl for sudo_edit_openat_nofollow() Remove unused
+ variables when O_NOFOLLOW is not present.
+ [8dc0afb1de58]
+
+2016-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/visudo.c:
+ Split set_default_entry() out of set_default() so we can call it
+ from check_defaults() to validate the defaults value. In visudo,
+ suppress warnings from update_defaults() and rely on
+ check_defaults() to provide warnings.
+ [7d9b50f42d0b]
+
+ * plugins/sudoers/defaults.c:
+ Split binding match code out of default_type_matches() into
+ default_binding_matches(). We can now use default_type_matches() in
+ check_defaults().
+ [c158768b12c5]
+
+ * plugins/sudoers/visudo.c:
+ Pass quiet flag to init_parser() and update_defaults() when doing
+ first parse of sudoers.
+ [3af76c1a0d84]
+
+2016-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Update defaults in visudo after sudoers has been edited so we pick
+ up locale changes. The init_defaults() function will now re-init the
+ sudoers locale.
+ [ceb099392289]
+
+2016-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ Set sudoers locale before calling sudoersparse(). We don't need to
+ restore the user's locale since warnings are displayed in the user's
+ locale anyway.
+ [c44a38a496d1]
+
+ * plugins/sudoers/visudo.c:
+ Set the locale to the sudoers locale when parsing and restore the
+ user's locale afterward. Also set the warn/fatal locale helper
+ function so warning messages during a sudoers parse are displayed in
+ the user's own locale.
+ [a0b2cdb69d43]
+
+ * plugins/sudoers/logging.h:
+ Add forward decl of union sudo_defs_val to silence a gcc warning.
+ [9e717510f132]
+
+ * plugins/sudoers/sudoers.c:
+ Set the warn/fatal locale helper function in sudoers_policy_init()
+ so warning messages during sudoers loading are displayed in the
+ user's own locale.
+ [b6c7bab1ca80]
+
+ * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Move sudoers locale callback function to locale.c and user it in
+ visudo and testsudoers.
+ [7c4e9a71e252]
+
+ * plugins/sudoers/sudoers.c:
+ In cb_sudoers_locale() actually set the locale in addition to
+ storing its name. Otherwise, it won't take effect until sudoers
+ lookup time.
+ [ceb446c2168b]
+
+ * plugins/sudoers/defaults.c:
+ Fix regression that would cause early defaults entries to be set
+ multiple times.
+ [5f5cd02d5f0f]
+
+ * NEWS, configure, configure.ac:
+ sudo 1.8.18
+ [7c778904c39b]
+
+2016-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Only set early defaults once, regardless of how many times the
+ variable is set in sudoers. This avoids running an early callback
+ more than once. For example, we don't want to call cb_fqdn() if sudo
+ is compiled with FQDN set but sudoers has "Defaults !fqdn".
+ [0c5d80939ea2]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ Make strings const in functions that set defaults as they are not
+ modified.
+ [d01f22ab1902]
+
+ * plugins/sudoers/sudoers.c:
+ In cb_fqdn() just return if the fqdn flag is set to false.
+ [0cb3d78aa944]
+
+2016-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c:
+ Implement callbacks for defaults flags (T_FLAG).
+ [936adcc98800]
+
+ * plugins/sudoers/sudoers.c:
+ add debug_decl for cb_runas_default and cb_sudoers_locale
+ [4667b1e14172]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Convert fqdn to a callback and add it to the list of early defaults.
+ [df863787cf5e]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ Change defaults callbacks to take a union sudo_defs_val * instead of
+ a char *.
+ [c7730fa19e46]
+
+ * plugins/sudoers/defaults.c:
+ When updating defaults, process certain values fist since they can
+ influence how other defaults are parsed. Currently, runas_default
+ and sudoers_locale are processed early.
+ [32062737a1ae]
+
+2016-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke_util.c:
+ Fix typo introduced in last commit to fix fill_args() overflow
+ check.
+ [535d13b81c5d]
+
+ * plugins/sudoers/toke_util.c:
+ Fix underflow checl in fill_args().
+ [2c6852e65ad6]
+
+ * plugins/sudoers/toke_util.c:
+ Make sure we account for the trailing NUL when computing arg_size in
+ fill_args(). Bug #752
+ [c73c1ea4b230]
+
+ * plugins/sudoers/toke_util.c:
+ Make arg_size and arg_len unsigned since we do bitwise operations on
+ them.
+ [0a551c7a5e67]
+
+2016-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Only remove backup files as part of "make uninstall" when
+ INSTALL_BACKUP is set.
+ [c2541d2de89c]
+
+ * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Only keep backups of installed files on HP-UX where you cannot
+ unlink a shared library that is in use.
+ [8763a1d0d515]
+
+2016-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Ignore a missing or insecure #includedir, it is not a fatal error.
+ [8a82818c9f0d]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Make sure we always call sudoerserror() on error in
+ read_dir_files(), otherwise sudo will not treat it as a fatal error.
+ [1a38da425ca0]
+
+2016-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Set the sudoers locale before opening the sudoers file. Previously
+ the sudoers locale was used when evaluating sudoers but not during
+ the inital parse. Bug #748
+ [c8deb0da75b4]
+
+ * plugins/sudoers/locale.c:
+ Add debugging
+ [5fbe2f109b92]
+
+ * plugins/sudoers/Makefile.in:
+ Don't link test programs with the sudoers-specific locale code if we
+ don't need to.
+ [41224154534e]
+
+ * plugins/sudoers/Makefile.in:
+ sudoreplay does not need to link with the sudoers-specific locale
+ code.
+ [348638a68f69]
+
+2016-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ new_digest was prototyped as static but not explicitly declared
+ static.
+ [52949a024acb]
+
+ * configure, configure.ac:
+ Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if
+ _XOPEN_SOURCE_EXTENDED is defined. Only define
+ _XOPEN_SOURCE_EXTENDED if we can still compile net/if.h.
+ [0189ff7daa63]
+
+ * plugins/sudoers/Makefile.in:
+ Some versions of HP-UX make will ignore suffix rules if they are
+ empty.
+ [cffeee232752]
+
+2016-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Don't skip debug printfs in handle_sigchld() just because execve()
+ returned an error.
+ [0cf2a9351740]
+
+ * include/compat/charclass.h, include/sudo_compat.h, lib/util/aix.c,
+ lib/util/getaddrinfo.c, lib/util/sudo_debug.c,
+ plugins/sudoers/insults.h,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers_debug.c:
+ Add definition of nitems for those without it and use it throughout.
+ [4b30c8834fdd]
+
+2016-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Update copyright year.
+ [638c964e44fd]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.17p1
+ [bc30a172370c]
+
+ * src/sudo.c, src/sudo.h:
+ Set user groups in exec_setup() if they were not already set by
+ policy_init_session(). Bug #749
+ [3bf16489800c]
+
+2016-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Point the reader to the sudoers manual for the list of supported
+ arguments after the plugin path.
+ [40cbfa5deeb1]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ forgot to update date in last commit
+ [3872a46e229b]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Fix typo; cn=default should be cn=defaults
+ [06e097667465]
+
+2016-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Fold lines at 80 characters for the clean: target
+ [651623231cd8]
+
+ * lib/util/Makefile.in:
+ Remove mksiglist, siglist.c, mksigname, signame.c as part of
+ "distclean"
+ [ed7f58685633]
+
+2016-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
+ sync with translationproject.org
+ [a3bb8c15ef3d]
+
+ * plugins/sudoers/sssd.c:
+ LDAP sudoers doesn't support negated users, groups or netgroups.
+ [d6585245c24d]
+
+2016-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Bug #746
+ [e0bba3ae78c2]
+
+ * plugins/sudoers/match.c:
+ When matching paths with glob(3), check returned matches against
+ user_cmnd first if it is fully-qualified. This avoids a lot of
+ needless stat(2) calls and avoids a mismatch between safe_cmnd and
+ argv[0] if there are multiple matches with the same inode/dev due to
+ links. Bug #746.
+ [29bdba0cf2eb]
+
+ * NEWS:
+ Add execve failure in pty bug fix.
+ [941672cc6793]
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po:
+ sync with translationproject.org
+ [a4f789cedecc]
+
+ * src/exec_pty.c:
+ In handle_sigchld() fix the return value when we've already received
+ an exec error. We don't want to overwrite the error status but we do
+ need to indicate that the command is no longer running. Fixes as
+ hang on execve(2) error when running in a pty.
+ [797bed2c39a7]
+
+ * src/exec.c, src/exec_common.c:
+ Move sudo_debug_execve() call into sudo_execve().
+ [ab2ea3459a7c]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo,
+ po/sr.po, po/sv.mo, po/sv.po:
+ sync with translationproject.org
+ [046ba9a0fca8]
+
+2016-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update for 1.8.17 final
+ [a2f02775aba5]
+
+ * lib/util/aix.c:
+ Fix setting of hard stack limit when stack_hard is not specified in
+ /etc/security/limits. When 64-bit resource limits are supported we
+ can use the default value of 8388608 512-byte blocks directly. We
+ should only resort to using RLIM_SAVED_MAX for 32-bit resource
+ limits.
+ [cc4933fc41bd]
+
+2016-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [4ab85a46cf63]
+
+2016-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ Ignore empty ipa_hostname
+ [9421ade7b47f]
+
+ * plugins/sudoers/sssd.c:
+ Better martching of ipa_hostname in sssd.conf
+ [abd53491cb4b]
+
+2016-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.ac, pathnames.h.in,
+ plugins/sudoers/sssd.c:
+ Use the value of ipa_hostname from /etc/sssd/sssd.conf if present
+ instead of the system hostname.
+ [3f5cffcd8432]
+
+2016-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ When matching host, short-circuit the loop when we get a match. Only
+ check username as part of the netgroup when netgroup_tuple is
+ enabled.
+ [2eab4070dcf7]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Avoid using !strcmp()
+ [f976b3d973e0]
+
+2016-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ SSSD doesn't handle netgroups, we have to ensure they are correctly
+ filtered in sudo. The rules may contain mixed sudoUser specification
+ so we have to check not only for netgroup membership but also for
+ user and group matches. Adapted from a patch from Daniel Kopecek.
+ [50d8d88bcc28]
+
+2016-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Return PAM_CONV_ERR from the conversation function if getpass
+ returns NULL or the user pressed ^C.
+ [bec7e2ec26ff]
+
+ * plugins/sudoers/base64.c:
+ Make base64 decoding table-driven.
+ [2d001c111552]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Back out cfa26b99228f, it was already fixed differently. Caught by
+ regress checks.
+ [0584f80e9951]
+
+2016-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Allow double-quoted groups and netgroups to be part of a Defaults
+ spec. From Daniel Kopecek.
+ [cfa26b99228f]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8.
+ Also fix the section for ldap.conf cross-references.
+ [eb1c0a2b84a1]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". Add missing word
+ "order" in a sentence describing sudoOrder.
+ [653cb783f89b]
+
+ * plugins/sudoers/sssd.c:
+ For sudo -ll (long list) print the SSSD role just like we do for the
+ LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch
+ [46f962b1f3ef]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Setting timestamp_timeout less than zero only lasts until the next
+ reboot. Adapted from a RedHat patch.
+ [f8ce1dfebfe9]
+
+ * po/it.mo, po/it.po, po/nb.mo, po/nb.po:
+ sync with translationproject.org
+ [31b55426358b]
+
+2016-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/conversation.c:
+ fputs() is now specified as returning non-negative on success, not
+ explicitly zero. Fixes a failure on glibc.
+ [55f8a25d4af4]
+
+ * src/conversation.c:
+ Don't try to dereference replies[] if it is a NULL pointer.
+ [c4fdd838f2f5]
+
+ * plugins/sudoers/policy.c:
+ sudo_version should be unsigned
+ [7719d425c65a]
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo,
+ po/ca.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo,
+ po/de.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
+ po/ja.po, po/pl.mo, po/pl.po, po/sk.mo, po/sk.po, po/sv.mo,
+ po/sv.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ sync with translationproject.org
+ [e40cdc972d19]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/ko.mo,
+ plugins/sudoers/po/ko.po, po/ko.mo, po/ko.po:
+ Korean translation for sudo and sudoers from translationproject.org.
+ [188ffbed5bf2]
+
+ * NEWS, plugins/sudoers/auth/pam.c:
+ Ignore PAM_SESSION_ERR from pam_open_session() since this can
+ apparently happen on systems using Solaris-derived PAM. Other errors
+ from pam_open_session() are treated as fatal. This avoids the
+ "policy plugin failed session initialization" error message seen on
+ some systems.
+ [0f7f3e7ead21]
+
+2016-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, src/exec_pty.c:
+ Don't read from stdin when flushing final buffers in blocking mode.
+ Reading from the pipe can block too if the other end is not closed.
+ [a651f913a1ef]
+
+2016-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention visudo -x change.
+ [2fd35df055b2]
+
+ * plugins/sudoers/regress/sudoers/test1.json.ok,
+ plugins/sudoers/regress/sudoers/test14.json.ok,
+ plugins/sudoers/regress/sudoers/test15.json.ok,
+ plugins/sudoers/regress/sudoers/test16.json.ok,
+ plugins/sudoers/regress/sudoers/test2.json.ok,
+ plugins/sudoers/visudo_json.c:
+ There's no need to escape forward slashes in JSON output. While it
+ is legal to escape a forward slash, it is not required.
+ [044710f516a9]
+
+ * doc/UPGRADE:
+ Document that in 1.8.12 sudo started being able to check the NIS
+ domain on Solaris.
+ [bced94478c0e]
+
+2016-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Better description of the I/O logging pipe issue.
+ [6eee2f8a1fae]
+
+ * src/exec_pty.c:
+ In del_io_events(), avoid reading from the pty master in blocking
+ mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
+ another that could block if stdin is a pipe. This ensures we consume
+ the pipe until EOF.
+ [564ae2b4c305]
+
+ * lib/util/event.c:
+ Improve debug info in sudo_ev_add() and sudo_ev_del()
+ [ca839439ff22]
+
+ * src/exec_pty.c:
+ In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag so
+ the event loop will exit after a single run through. Otherwise, we
+ may hang at exit on non-BSD systems.
+ [e6c38d5a341b]
+
+2016-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * po/sudo.pot:
+ regen
+ [18a4570be506]
+
+2016-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF
+ for this because that corresponds to the value for atomic pipe
+ writes. The actual pipe buffer is much larger on modern systems and
+ 64K is what BSD and Linux support for large pipe buffers.
+ [3b5d995966ef]
+
+ * NEWS:
+ I/O logging bug fix
+ [934d755ac12c]
+
+ * src/exec_pty.c:
+ Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close
+ time, only when the user suspends sudo. Fixes a problem where all
+ buffers might not get flushed at exit when logging I/O. Reproducible
+ via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
+ [bbe0e18739ec]
+
+2016-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Don't try to fflush(export_fp) or ferror(export_fp) if export_fp is
+ NULL, which can happen on the error path.
+ [ccfb4dd260fa]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c,
+ src/tgetpass.c:
+ O_NOCTTY has no effect when opening /dev/tty as the open can only
+ succeed if there is already a controlling tty.
+ [9ca106c499b2]
+
+ * src/sudo.c:
+ Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on
+ first open like a physical terminal. By definition, if you have a
+ controlling tty, the first open (which might block) has already
+ occurred.
+ [15a5f006836a]
+
+ * src/selinux.c:
+ Use O_NOCTTY when opening a tty.
+ [5f9fd6458be4]
+
+ * src/Makefile.in:
+ regen
+ [105ef4533724]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ No need to set pass to NULL after freeing at the end of the loop it
+ since it is already set to NULL each time through the loop.
+ [2657b0b4260d]
+
+2016-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ SELinux fixes in 1.8.17.
+ [f743cf0d9c62]
+
+ * plugins/sudoers/logging.h, plugins/sudoers/logwrap.c:
+ Check fprintf() return value in writeln_wrap() and return the number
+ of characters actually written, or -1 on error.
+ [4739e0f58fa3]
+
+ * src/conversation.c:
+ Check fputs() return value.
+ [e85778cbe0e3]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Do not write directly to stdout/stderr, use sudo_printf which calls
+ the conversation function.
+ [e86d5ed4dca7]
+
+ * plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c:
+ Do not write directly to stdout/stderr, use sudo_printf which calls
+ the conversation function.
+ [002a30fdb4e0]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/visudo_json.c:
+ Use ferror() after fflush() to check the error status of the stdio
+ stream we wrote to.
+ [fa1db13fe9ac]
+
+2016-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ printf() returns < 0 on error, not explicitly -1
+ [2a2385b941de]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat:
+ Regen for 1.8.17
+ [e24b0f944000]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that you need to preserve EDITOR and/or VISUAL for
+ env_editor to be useful.
+ [ef0ce8917307]
+
+ * src/selinux.c:
+ Fix last commit, now that argc is not reset we need to explicitly
+ start the copy from argv[1]. From Daniel Kopecek
+ [f52403ef587a]
+
+2016-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/selinux.c:
+ cosmetic change to warning string
+ [a2893e3f9b70]
+
+ * plugins/sudoers/auth/pam.c:
+ Avoid adding an extraneous warning string to sudoers.pot.
+ [6b07043b48f7]
+
+ * lib/util/snprintf.c:
+ Use EOVERFLOW, not ENOMEM for overflow conditions. For snprintf()
+ and vsnprintf(), POSIX says we should return -1 and set errno to
+ EOVERFLOW if the size param is > INT_MAX; also zero out the string
+ in this case (not mandated by POSIX) for safety.
+ [294720fc981a]
+
+2016-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Now that pam_open_session() failure is fatal we should print and log
+ an error from it. Bug #744
+ [0e98a92ef910]
+
+ * src/selinux.c:
+ Repair SELinux support, broken by 397722cdd7ec. From Daniel Kopecek.
+ [1246583c7c1f]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the
+ caches as needed on demand. Also remove calls to sudo_freepwcache()
+ and sudo_freegrcache() that are immediately followed by execve(),
+ they are not needed.
+ [60448afe813d]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Eliminate use of setpwent()/endpwent() and setgrent()/endgrent().
+ Sudo never iterates over the passwd or group file. Rename
+ sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and use
+ sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
+ [66e6f5e7b51b]
+
+2016-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.h:
+ Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The only
+ place where the pointers could be NULL is in visudo_json.c but we
+ already check for "next" being NULL there. Quiets a cppcheck
+ warning.
+ [a0d84832c154]
+
+2016-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ In replay_session() free iov at the end of the function (if needed)
+ instead of after processing each line from the timing file. Coverity
+ CID 104843.
+ [5112f514af87]
+
+ * plugins/sudoers/sudoreplay.c:
+ Add io_log_read() and io_log_gets() to hide differences between
+ gzread/fread and gzgets/fgets. Check for premature EOF and error
+ from io_log_read(). Also sanity check the index in the timing file.
+ Coverity CID 104630.
+ [6a3b9932f567]
+
+ * src/exec_pty.c:
+ Break up io_callback() into read_callback() and write_callback() to
+ make it clear that we can't get an event with both read and write
+ set.
+ [cd3a1e182dd4]
+
+2016-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ In io_callback() make sure we clear SUDO_EV_READ if we close the fd.
+ It should not be possible for SUDO_EV_READ to be set when revent is
+ non-NULL but this makes static analyzers happier. Coverity CID
+ 104124.
+ [7acc249fa098]
+
+ * plugins/sudoers/ldap.c:
+ In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label
+ so we only have to cleanup in one place. Coverity CID 104577.
+ [0f189e70c59d]
+
+ * plugins/sudoers/ldap.c:
+ Fix memory leak in sudo_netgroup_lookup() in the non-error case.
+ Coverity CID 104572, 104573, 104574, 104575.
+ [7f9fb7a360b7]
+
+ * plugins/sudoers/ldap.c:
+ Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails.
+ Coverity CID 104571.
+ [d9434cdfb73c]
+
+ * plugins/sudoers/sudoreplay.c:
+ Free the events and event base before returning from
+ replay_session(). Coverity CID 104116, 104117.
+ [321216089e4a]
+
+ * src/sudo_edit.c:
+ In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp()
+ fails. Coverity CID 104114.
+ [713de09ff956]
+
+ * src/sudo_edit.c:
+ Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
+ returns an error. Coverity CID 104113.
+ [314a57004f00]
+
+ * src/sudo_edit.c:
+ Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). Coverity
+ CID 104112.
+ [ac7f0cbd07c9]
+
+ * plugins/sudoers/visudo.c:
+ Fix memory leak in get_editor() if resolve_editor() fails with an
+ error. Coverity CID 104107.
+ [e355b1f45bcb]
+
+ * src/sudo.c:
+ Fix memory leak on error if sudo_new_key_val() fails. Coverity CID
+ 104103.
+ [c2ee1557aef2]
+
+ * plugins/sudoers/visudo.c:
+ Ignore the return value of the initial sudoersparse(), before we
+ have actually edited any files. Coverity CID 104078.
+ [184d9c6aec65]
+
+ * src/exec.c:
+ Ignore the result of send() on exec error, if it fails the other end
+ of the pipe is gone and we are headed for exit. Coverity CID 104066.
+ [cdcd7dfcbca1]
+
+ * plugins/sudoers/toke_util.c:
+ In fill_args() clean up properly if there is an internal overflow
+ (which should not be possible). Coverity CID 104569.
+ [0bc710e91ec4]
+
+ * plugins/sudoers/gc.c:
+ Fix logic inversion in sudoers_gc_remove(), currently unused.
+ Coverity CID 104568
+ [e29df8da11ea]
+
+2016-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ In io_mkdirs(), change the order from stat then mkdir, to mkdir then
+ stat. This more closely matches what "mkdir -p" does. Coverity CID
+ 104120.
+ [e462528ff7ea]
+
+ * plugins/sudoers/timestamp.c:
+ In ts_mkdirs(), change the order from stat then mkdir, to mkdir then
+ stat. This more closely matches what "mkdir -p" does. Coverity CID
+ 104119.
+ [c0c0e2662883]
+
+ * plugins/sudoers/sudoers.c:
+ Newer versions of Ubuntu have switched from using the "admin" group
+ to the "sudo" group to align with Debian.
+ create_admin_success_flag() now accepts either one.
+ https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347
+ [17b4d725dac4]
+
+ * plugins/sudoers/timestamp.c:
+ Cast off_t printed via printf(3) instead of assuming it is long
+ long.
+ [b1d398f4a8dc]
+
+ * plugins/sudoers/sudoers.c:
+ Instead of using stat(2) to see if the admin flag file exists and
+ creating it if not, just try to create the file and treat EEXIST as
+ a non-error. Coverity CID 104121.
+ [bd58b0a35a3c]
+
+ * MANIFEST, plugins/sample/README:
+ README file for the sample plugin that tells the user how to build,
+ install and enable it.
+ [8d7096ce78cc]
+
+ * plugins/sample/sample_plugin.c:
+ Fix compilation error and export sample_policy struct. From Michael
+ Evans
+ [5280c1576e7f]
+
+ * NEWS:
+ Update for 1.8.17
+ [979688a5ef13]
+
+ * configure, configure.ac:
+ Sudo 1.8.17
+ [09311b2e9697]
+
+ * plugins/sudoers/logging.c:
+ Check return value of restore_perms() in vlog_warning(). Coverity
+ CID 104079.
+ [86555dd0942d]
+
+ * plugins/sudoers/editor.c:
+ Fix memory leaks in resolve_editor() in the error path. Coverity CID
+ 104109, 104110
+ [6ac3f7e3ada9]
+
+ * plugins/sudoers/policy.c:
+ Fix memory leak of gid_list in sudoers_policy_exec_setup() in the
+ error path. Coverity CID 104111.
+ [eac1e9489367]
+
+ * plugins/sudoers/logging.c:
+ Fix fd leak in do_logfile() if we fail to lock the log file.
+ Coverity CID 104115.
+ [164a693207a8]
+
+ * plugins/sudoers/sssd.c:
+ Fix memory leak of sss_result in sudo_sss_lookup() Coverity CID
+ 104106
+ [7dcee1e6d76f]
+
+ * plugins/sudoers/iolog.c:
+ Fix fd leak in open_io_fd() if gzdopen/fdopen fails. Coverity CID
+ 104105
+ [c4c2848c1167]
+
+ * plugins/sudoers/iolog.c:
+ Fix fd leak in io_nextid() in error path. Coverity CID 104104
+ [8920cdaab5bd]
+
+2016-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/timestamp.c:
+ Check lseek() return value. Coverity CID 104061.
+ [bf3bb4c80cfc]
+
+ * plugins/sudoers/timestamp.c:
+ Ignore ts_write() return value when disabling an entry with a bogus
+ timestamp. We ignore the timestamp entry even it doesn't succeed.
+ Coverity CID 104062.
+ [5e5925ebbc75]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/match.c,
+ plugins/sudoers/tsgetgrpw.c, src/exec.c, src/exec_pty.c, src/sudo.c:
+ Cast the return value of fcntl() to void when setting FD_CLOEXEC.
+ Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073,
+ 104074
+ [48720d2f6658]
+
+ * plugins/group_file/getgrent.c:
+ Cast the return value of fcntl() to void when setting FD_CLOEXEC.
+ Coverity CID 104075, 104076, 104077.
+ [7fe1d9f97321]
+
+ * plugins/sudoers/env.c:
+ Avoid a false positive. Coverity CID 104056.
+ [0256978219a6]
+
+ * plugins/sudoers/visudo_json.c:
+ Avoid calling fclose(NULL) on error in export_sudoers(). Coverity
+ CID 104091.
+ [2f73d86ab929]
+
+ * plugins/sudoers/toke_util.c:
+ In fill_args(), check for "arg_size == 0" instead of
+ "sudoerslval.command.args == NULL" since the latter leads Coverity
+ to imply that sudoerslval.command.args could be NULL later on.
+ Coverity CID 104093.
+ [bab505438881]
+
+ * plugins/sudoers/sudoers.c:
+ Avoid calling fclose(NULL) if the sudoers file is not secure and
+ restore_perms() fails. Coverity CID 104090.
+ [150db126c221]
+
+2016-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
+ In fill_args(), replace loop that increments arg_size() with a
+ simple add and mask. Should prevent a false positive from Coverity
+ CID 104094.
+ [411c7e398286]
+
+ * plugins/sudoers/sudoreplay.c:
+ In parse_expr(), move the "bad" label after the "default" case in
+ the switch(), not before it. This seemed to confuse Covertity,
+ resulting in a false positive, CID 104095.
+ [4371f26995fb]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ For "sudoreplay -l", not all predicates may be shortened to a single
+ character. Both 'c' and 't' have more than one possibility.
+ [29a5a9a313e2]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c:
+ pid_t is defined by POSIX as a signed integer type so we don't need
+ a cast when comparing to -1.
+ [98f0a86260a0]
+
+ * src/exec.c:
+ In dispatch_signal() for stopped processes check for tcgetpgrp()
+ returning -1. Also change checks from "saved_pgrp != -1" to "fd !=
+ -1". Coverity CID 104098.
+ [42ac4ad85900]
+
+ * src/selinux.c:
+ In relabel_tty() always jump to bad: on error, regardless of the
+ value of se_state.enforcing. On error, return -1 if enforcing, else
+ 0. Coverity CID 104099.
+ [db1a54d718f1]
+
+ * config.h.in, configure.ac:
+ Define NO_LEAKS when sudo is built with Coverity.
+ [f4209b9ade8c]
+
+ * src/exec_pty.c:
+ In io_callback() if we write the complete buffer and find that there
+ is no associated reader just return as there is nothing else to be
+ done. In practice is it not possible for SUDO_EV_READ to be set if
+ revent is NULL but an early return is harmless and possibly easier
+ to understand. Coverity CID 104124.
+ [3b3eb45b701e]
+
+ * src/sudo_edit.c:
+ Handle read() returning -1 when creating temporary files. Coverity
+ CID 104100
+ [e82af51e4f48]
+
+ * plugins/sudoers/policy.c:
+ Fix cut and paste error when checking cols for 0. Coverity CID
+ 104081
+ [22a3b7d9bce1]
+
+ * plugins/sudoers/pwutil.c:
+ Use a single debug message for cache hit or store to avoid another
+ situation where they get out of sync. Bug #743
+ [4cf484e9b016]
+
+ * plugins/sudoers/pwutil.c:
+ Sync the "cache hit" debug messages with the "cached" debug
+ messages. This fixes a bug where we could dereference a NULL pointer
+ when we look up a negative cached entry which is stored as a NULL
+ passwd or group struct pointer. Bug #743.
+ [1d13341d53ec]
+
+2016-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Remove the check for __sprintf_chk when checking for
+ _FORTIFY_SOURCE, Some implementations are purely header-file based.
+ As long as we can link a test program using sprintf() when
+ _FORTIFY_SOURCE=2 it should be safe to use.
+ [910af8ba4666]
+
+ * config.h.in, configure, configure.ac:
+ Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t
+ and ssize_t. These have been specified by either ANSI C or POSIX for
+ long enough that if the system doesn't support them, it is unlikely
+ to be able to compile sudo anyway.
+ [c9fd433cfe27]
+
+ * src/sudo.c:
+ Do group setup in policy_init_session() before calling out to the
+ plugin. This makes it possible for the pam_group module to change
+ the group in pam_setcred(). It's a bit bogus since pam_setcred() is
+ documented as not changing the group or user ID, but pam_group is
+ shipped with stock Linux-PAM so we need to support it.
+ [814cda602541]
+
+2016-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Add missing newline when logging to a file (not syslog) and
+ loglinelen is set to a non-positive number. Bug #742
+ [ef0a5428a574]
+
+2016-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ style fix; fork_cmnd should start on a new line
+ [e8211fe0f8d7]
+
+2016-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, src/signal.c, src/sudo.c, src/tgetpass.c:
+ Ignore SIGPIPE for the duration of sudo and not just in a few select
+ places. We have no control over what nss, PAM modules or sudo
+ plugins might do so ignoring SIGPIPE is safest.
+ [7c919101b8ec]
+
+ * src/selinux.c:
+ Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE
+ from flask.h. Avoids a warning with new SELinux includes.
+ [24f357b419c4]
+
+2016-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ When determining whether or not "sudo -l" or "sudo -b" should prompt
+ for a password, take all sudoers sources into account. In other
+ words, if both file and ldap sudoers sources are in use, "sudo -v"
+ will now require that all entries in both sources be have NOPASSWD
+ (file) or !authenticate (ldap) in the entries.
+ [51e2a5ecacc6]
+
+2016-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ If the auth_type setting in /etc/security/login.cfg is set to
+ PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
+ Skip the auth_type check if sudo is not compiled with PAM support.
+ [cdbe432c465c]
+
+2016-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).
+ [d3afd5bd550f]
+
+2016-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/policy.c:
+ hook_version and hook_type are unsigned so use 0, not -1 in the
+ final (empty) entry. Quiets a warning on Solaris Studio 12.2.
+ [4947de8e35b7]
+
+2016-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, config.h.in, configure, configure.ac,
+ plugins/sudoers/auth/pam.c:
+ Work around an ambiguity in the PAM spec with respect to the
+ conversation function. It is not clear whether the "struct
+ pam_message **msg" is an array of pointers or a pointer to an array.
+ Linux-PAM and OpenPAM use an array of pointers while Solaris/HP-
+ UX/AIX uses a pointer to an array. Bug #726.
+ [d2b926e2f7d6]
+
+2016-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/eo.mo,
+ po/eo.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ru.mo,
+ po/ru.po, po/sr.mo, po/sr.po:
+ sync with translationproject.org
+ [271c6738213d]
+
+2016-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Bug #738
+ [9e7974480cdc]
+
+2016-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
+ po/nb.po:
+ sync with translationproject.org
+ [6aa32f6e5240]
+
+ * lib/util/regress/fnmatch/fnm_test.in:
+ Better test for negated character classes.
+ [635e3c17bca1]
+
+ * lib/util/regress/fnmatch/fnm_test.in:
+ Add test for negated character class
+ [0d813e098864]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/pl.mo,
+ po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo,
+ po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ sync with translationproject.org
+ [9398ffdc7719]
+
+ * NEWS:
+ sync
+ [a27a7d40491e]
+
+ * lib/util/fnmatch.c:
+ Fix negation of character classes.
+ [aed07c013a41]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Fix the check for whether a user is allowed to lists another user's
+ privileges. The "matched" variable is not boolean, it can also have
+ the value UNSPEC so we need to check explicitly for true. Bug #738
+ [e8ed706fda03]
+
+ * plugins/sudoers/auth/pam.c:
+ Log the number of PAM messages in the conversation function at debug
+ level.
+ [3f16eea5875f]
+
+2016-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Don't check for posix_spawn() or posix_spawnp() if we were unable to
+ find spawn.h. This should only be a problem on systems with broken
+ headers. Bug #730
+ [5e5b0646dca4]
+
+2016-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update for 1.8.16
+ [bad5e6534f39]
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sudoers2ldif:
+ Fix documented bug with duplicate role names and turn on perl
+ warnings. Based on a diff from Aaron Peschel
+ [344a1c1f5c93]
+
+2016-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/aix.c:
+ Add declaration of getauthdb() for AIX 5.1
+ [f758960bcfd6]
+
+2016-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [e61e1241f15f]
+
+ * plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po:
+ sync with translationproject.org
+ [2f3dea24199b]
+
+ * INSTALL:
+ Add a note that --with-solaris-audit is only for Solaris 11 and
+ above. Bug #737
+ [6722331c2830]
+
+2016-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Remove last remnants of the deprecated --with-stow option.
+ [8616d6de7ecd]
+
+ * src/Makefile.in:
+ src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be
+ overridden via the Makefile like other consumers of _PATH_SUDO_CONF.
+ Bug #735
+ [10148ef883ec]
+
+2016-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, include/sudo_util.h, lib/util/aix.c,
+ lib/util/getgrouplist.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/set_perms.c, src/sudo.c:
+ Add an administrative domain to the passwd/group cache key for AIX
+ which can have different name <-> ID mappings depending on whether
+ the database is local, LDAP, etc.
+ [5319c11aefe9]
+
+ * mkpkg, sudo.pp:
+ Fedora dropped "core" from the name some time ago so just match on
+ f[0-9] for the rpm distro name provided by pp. Since the version
+ numbers of Fedora and RHEL are so different switch to defining
+ variables to indicate which features should be enabled. Works for
+ Fedora 23.
+ [4ec50b352293]
+
+2016-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Treat fedora core like centos/rhel for package building.
+ [0dfc607d07a1]
+
+2016-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Plug some memory leaks in the tests.
+ [ce76ba538867]
+
+ * plugins/sudoers/toke_util.c:
+ If realloc of sudoerslval.command.args fails, reset
+ sudoerslval.command.args as well as arg_len and arg_size after
+ freeing sudoerslval.command.args.
+ [6481bad56e6a]
+
+ * src/exec_pty.c:
+ When freeing the iobs after pty tear-down, also free the associated
+ event structures. Quiets a memory leak warnings from address
+ sanitizer and valgrind.
+ [f19c689a2ded]
+
+2016-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ iolog_compress should be bool, not int
+ [b437123a242b]
+
+ * plugins/sudoers/visudo.c:
+ Quiet address sanitizer leak detector.
+ [b7ce672331f6]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/gc.c, plugins/sudoers/sudoers.h:
+ Simple garbage collection (really a to-be-freed list) for the
+ sudoers plugin. Almost identical to what sudo.c uses. Currenly only
+ the environment strings are collected at exit time which is enough
+ to quiet address sanitizer's leak detector.
+ [47f32e047b1a]
+
+ * src/sudo.c:
+ Rename gc_cleanup to gc_run and remove I/O plugins from the plugin
+ list when freeing them.
+ [ea640f0b46f9]
+
+ * src/sudo.c:
+ Free up the garbage via an atexit() handler instead of requiring a
+ call to gc_exit.
+ [cc9c96d88595]
+
+ * src/sudo_edit.c:
+ Plug a memory leak in sudo_edit.
+ [cab9a13a669b]
+
+2016-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention --enable-asan
+ [ee2bc0f60c8b]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Try to deconfuse static analyzers a bit.
+ [7e728c76f5df]
+
+ * plugins/sudoers/sssd.c:
+ Avoid possible NULL deref found by clang analyzer.
+ [8bb3cbfe0446]
+
+ * config.h.in, configure, configure.ac:
+ Add --enable-asan configure flag to enable address sanitizer
+ [8aae250fb68e]
+
+ * src/sudo.c, src/sudo_plugin_int.h, src/ttyname.c:
+ Add support for garbage collecting info passed to the plugin before
+ exit to appease address sanitizer's leak detector (and valgrind's
+ leak checker). We can't free these sooner since the plugin may be
+ using the memory. For plugin API 2.0 it should be make clear that
+ the plugin must make a copy of the data in the arrays passed in to
+ the plugin's open() function. Only enabled if NO_LEAKS is defined.
+ [8458bcb165d8]
+
+ * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c:
+ auth_getpass() returns a dynamically allocated copy of the plaintext
+ password which needs to be freed after checking (and clearing) it.
+ [28d2c83c3ac4]
+
+ * src/sudo.c:
+ Remove sudo_fatalx() calls from format_plugin_settings().
+ [96a18a3ccc49]
+
+ * plugins/sudoers/sssd.c:
+ fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
+ a NULL poiner so there's no need to check before calling it. Add
+ missing initialization of sss_sudo_result to NULL in
+ sudo_sss_setdefs().
+ [fa1c8eaed6ac]
+
+ * plugins/sudoers/sssd.c:
+ Add missing return when user is not found in sudo_sss_result_get().
+ Previously we fell through to the default case which just logged a
+ debug message and returned so this just avoids the extra (generic)
+ debug message.
+ [68c2201f3a85]
+
+2016-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/gettime.c:
+ Fix a warning on AIX.
+ [4ebc19a143ff]
+
+ * src/sudo.c:
+ Pass updated user_env_out, not envp, to the I/O open function.
+ [f02e6f32f189]
+
+ * src/sudo.c:
+ Pass updated argv/envp to the I/O open function like the plugin API
+ documents.
+ [ff9f4fae5cf3]
+
+2016-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Add check for I/O log file handle being NULL. This could only happen
+ if the front-end calls iolog_open with argc == 0 but actually runs a
+ command.
+ [5113a3c04494]
+
+2016-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c:
+ Additional debugging for pwutil functions.
+ [908b83c3acbb]
+
+ * config.h.in, configure, configure.ac, lib/util/aix.c:
+ When calling setauthdb(), save the old registry value so we can
+ restore it properly. Previously we were setting the registry to
+ unrestricted instead of actually restoring it.
+ [5a2921412663]
+
+ * plugins/sudoers/sudoers.c:
+ Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin.
+ [79b012777e71]
+
+2016-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/sudo_debug.c:
+ When parsing debug entries, don't make a lower value override a
+ higher one. For example, for "pcomm@debug,all@warn" the "all@warn"
+ should not set pcomm to "warn" when it is already at "debug".
+ [031037a56e51]
+
+2016-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/policy.c:
+ Set sudoedit_checkdir=false in command_details when it is disabled
+ in sudoers.
+ [811dd43b29f5]
+
+ * include/sudo_compat.h, lib/util/strtobool.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sssd.c, src/sudo_edit.c:
+ Update copyright year
+ [5ec484920763]
+
+ * src/sudo_edit.c:
+ If the user runs "sudoedit /" we will receive ENOENT from openat(2)
+ and sudoedit will try to create a file with the null string. If path
+ is empty, open the cwd instead so sudoedit can give a sensible error
+ message.
+ [fc39d5804f1f]
+
+ * lib/util/strtobool.c:
+ Log an error for invalid boolean strings.
+ [004afa5e05c5]
+
+ * src/sudo.c:
+ Fix off by one error in new SET_FLAG macro.
+ [5bdce4edf8b9]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document the race with sudoedit_checkdir in 1.8.15.
+ [cb7aed3367e9]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document sudoedit_checkdir
+ [89f2452272ad]
+
+2016-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ There are no systems that support O_SEARCH/O_PATH that do not also
+ support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a
+ bit.
+ [a48f11ea53b3]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [8ae4d883ac59]
+
+ * NEWS, doc/UPGRADE:
+ Add 1.8.16 changes
+ [8d3a3f5cdf59]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/defaults.c,
+ src/sudo.c:
+ Make sudoedit_checkdir the default and update the documentation
+ accordingly.
+ [84bbc1b73411]
+
+ * src/sudo.c:
+ Add a SET_FLAG macro to simplify parsing command details boolean
+ flags. Previously, flags were only set and never cleared even if the
+ boolean value was false. This was not a problem as there were no
+ default flags for the plugin to enable. That will change in the
+ future.
+ [75f24ca13f41]
+
+2016-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Need to be root when switching to a different user.
+ [06d5f010b607]
+
+ * src/sudo_edit.c:
+ Use O_SEARCH on systems without O_PATH if present. It can be used
+ for a similar purpose.
+ [3f559a389bf9]
+
+ * config.h.in, configure, configure.ac, src/sudo_edit.c:
+ Use faccessat(2) for directory writability instead of doing the
+ checks manually where possible. This also allows us to remove the
+ #ifdef __linux__ bits since we no longer use fstat(2) on Linux with
+ an O_PATH fd.
+ [fe50d0c1f1b9]
+
+2016-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add "I/O LOG FILES" section to the manual and move many of the
+ details from the log_input and log_output descriptions to it.
+ [a604903f5ae3]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use "Nm sudoers" when talking about the plugin and "Em sudoers" when
+ talking about the sudoers file.
+ [727a68b02de7]
+
+2016-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/zlib/zlib.exp:
+ Remove gzopen_w which is only defined on Windows.
+ [a73236903e7b]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using
+ pread64() on that platform.
+ [31c4be934115]
+
+2016-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c, plugins/sudoers/testsudoers.c:
+ Add support for matching the entire netgroup tuple (user, host,
+ domain).
+ [9f694ba7c86d]
+
+ * plugins/sudoers/ldap.c:
+ Use asprintf() to generate the netgroup filter instead of using lots
+ of concatenation.
+ [f8290c040aea]
+
+ * lib/util/util.exp.in:
+ Add missing sudo_debug_exit_ssize_t_v1 symbol.
+ [9407fb25dfa4]
+
+2016-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Silence warning in digest_matches() on systems with no fexecve(2).
+ [0cd3cc8fa195]
+
+ * plugins/sudoers/sssd.c:
+ Fix free() of invalid pointer introduced in the commit that stripped
+ whitespace between a '!' and the name in a sudoOption.
+ [4d2c1761c752]
+
+ * plugins/sudoers/ldap.c:
+ Fix free() of invalid pointer introduced in the commit that stripped
+ whitespace between a '!' and the name in a sudoOption.
+ [14391603a9e5]
+
+ * src/sudo_edit.c:
+ Add missing dfd argument to the version of
+ sudo_edit_openat_nofollow() for systems without O_NOFOLLOW.
+ [574e4a840879]
+
+ * plugins/sudoers/ldap.c:
+ In sudo_netgroup_lookup() only build up the search filter once
+ instead of once per netgroup_base.
+ [a03440237078]
+
+ * plugins/sudoers/ldap.c:
+ It is safe to pass ldap_msgfree() a NULL pointer.
+ [abc2eaddbf83]
+
+ * plugins/sudoers/ldap.c:
+ On overflow, warn before freeing anything.
+ [2e3bcfa4a8f9]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Use user_runhost and user_srunhost instead of user_host and
+ user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd.
+ [e1abfdc82242]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Update description of sudoedit_checkdir. Reported by Sander Bos.
+ [ee44e7255096]
+
+ * src/sudo_edit.c:
+ No need to check whether the fd we opened is really a directory in
+ sudo_edit_open_nonwritable() since if not, the openat() will fail
+ with ENOTDIR anyway.
+ [b41c5b289f35]
+
+2016-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, include/sudo_compat.h, src/sudo_edit.c:
+ Rewritten sudoedit_checkdir support that checks all the dirs in the
+ path and refuses to follow symlinks in writable directories. This is
+ a better fix for CVE-2015-5602. Adapted from a diff by Ben
+ Hutchings. Bug #707
+ [c2e36a80a279]
+
+2016-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/ca.mo,
+ po/ca.po, po/fi.mo, po/fi.po, po/hu.mo, po/hu.po, po/sr.mo,
+ po/sr.po:
+ sync with translationproject.org
+ [94ffd6b18431]
+
+ * configure, configure.ac, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, src/exec.c, src/exec_common.c,
+ src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
+ Add support for using fexecve() if supported on commands that are
+ checksummed.
+ [397722cdd7ec]
+
+2015-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Call openat() with the basename not the full path. From Ben
+ Hutchings.
+ [33272418bb10]
+
+2015-12-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c:
+ Fix compilation with --disable-shared
+ [84c084618676]
+
+2015-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_common.c:
+ Check for existing dso in LD_PRELOAD and only add it if it is not
+ already present.
+ [15042e8999f7]
+
+2015-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Clarify when SIGINT and SIGQUIT are relayed by sudo to the command.
+ [8efed5784393]
+
+ * plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, src/load_plugins.c:
+ Actually use the plugin_dir Path setting in sudo.conf.
+ [bccc548127a2]
+
+ * lib/util/sudo_conf.c:
+ The Path setting for the plugin directory is "plugin_dir" not
+ "plugin".
+ [07c2677bbce5]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ lib/util/sudo_conf.c, src/exec_common.c:
+ Allow sudo.conf Path settings to disable path names (by setting the
+ value of NULL).
+ [81a44e011a40]
+
+2015-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/selinux.c, src/sudo.h:
+ Change noexec flag in selinux_execve() from int to bool.
+ [7cb872aac155]
+
+ * src/exec_common.c, src/sudo_exec.h:
+ Refactor code to set LD_PRELOAD (or the equivalent) in the
+ environment into a preload_dso() function. Also avoid allocating a
+ new copy of the environment array if the size of the array does not
+ change.
+ [72194b0b51f7]
+
+ * configure, configure.ac:
+ Add missing square brackets in configure option descriptions.
+ [6e25685c6349]
+
+2015-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document the names of the I/O log files and mention buffering.
+ Document that I/O logs are in gzip format by default.
+ [474838e7b365]
+
+2015-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas
+ [f206a9089a69]
+
+2015-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ When parsing sudoOptions that include an operator (!, +, +=, -=)
+ strip out any whitespace on either side of the operator.
+ [62041b5888e5]
+
+2015-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers2ldif:
+ Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries.
+ [dcc9d15b0f3c]
+
+2015-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document the race condition between the digest check and command
+ execution.
+ [24a3d9215c64]
+
+2015-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ When checking the query results, don't set user_matches in the
+ netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
+ This was preventing the mail_no_user sudoOption from being
+ effective.
+ [31004144421b]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST
+ regardless of whether or not there was an actual match. Otherwise,
+ warning mail may be sent which is not what we want in list mode.
+ This is consistent with what the sudoers file backend does.
+ [2809338a7b21]
+
+2015-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
+ Use size_t for length parameters in the fill functions used by the
+ lexer.
+ [0428c9067182]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Use yy_size_t for digest_len since newer flex uses yy_size_t for
+ yyleng. Old flex uses int for yyleng so we need to use a cast to
+ avoid a sign compare warning.
+ [4a3dc6fb8f99]
+
+2015-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README, configure, configure.ac,
+ plugins/sudoers/regress/sudoers/test1.in, sudo.pp:
+ Use https in sudo.ws urls
+ [04e5177022d3]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Use https in urls.
+ [855b05943b2d]
+
+ * configure, configure.ac:
+ sudo 1.8.16
+ [b745f7031aeb]
+
+ * plugins/sudoers/env.c:
+ When preserving variables from the invoking user's environment, if
+ there are duplicates only keep the first instance.
+ [d4dfb05db5d7]
+
+2015-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_debug.h, lib/util/parseln.c, lib/util/sudo_debug.c,
+ plugins/sudoers/timestamp.c:
+ Add debug_return_ssize_t
+ [d491ed281726]
+
+ * plugins/sudoers/timestamp.c:
+ Avoid compilation error on Solaris 10 with Stun Studio 12. Bug #727
+ [facd8ff1ee6c]
+
+2015-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo,
+ po/da.po:
+ sync with translationproject.org
+ [6711d740d3d0]
+
+ * NEWS:
+ Mention ssp configure fix.
+ [92d64fd724cc]
+
+2015-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/it.mo,
+ po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, po/pl.mo,
+ po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo,
+ po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ sync with translationproject.org
+ [9c8eb0062d8c]
+
+ * configure, configure.ac:
+ Don't use CPPFLAGS for the -fstack-protector check. Otherwise on
+ systems with _FORTIFY_SOURCE support we'll get an error due to the
+ lack of optimization flags. Bug #725
+ [1a9f8571a82d]
+
+ * configure, configure.ac:
+ When checking for stack protector support we need to actually link
+ the test program.
+ [ab4f94aac7de]
+
+2015-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Preserve LDFLAGS when checking for stack protector as they may
+ include rpath settings to allow the stack protector lib to be found.
+ Avoid using existing CFLAGS since we don't want the compiler to
+ optimize away the stack variable.
+ [e6bc59225c06]
+
+ * configure, configure.ac:
+ Better configure test for -fstack-protector. Some gcc installations
+ may be missing the ssp library even though the compiler supports it.
+ [4ade5d1249f4]
+
+2015-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Set errno to EISDIR instead of ENOTDIR if directory is writable
+ since ENOTDIR can be a legitimate errno. This avoids a bogus
+ "directory is writable" error in that case.
+ [97ee37d905ce]
+
+ * mkpkg:
+ Fix the check for whether to include 32-bit arch in Mac OS X
+ packages.
+ [a76654512f6b]
+
+2015-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [58277a8f418b]
+
+ * NEWS, src/sudo_edit.c:
+ When creating a new file, sudoedit will now check that the file's
+ parent directory exists before running the editor.
+ [65bc45510fb2]
+
+ * NEWS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/match.c:
+ Add always_query_group_plugin
+ [7e9060d4c13a]
+
+2015-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ABOUT-NLS, MANIFEST:
+ Add ABOUT-NLS from GNU gettext.
+ [971c168c065a]
+
+ * NEWS, config.h.in, configure, configure.ac, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers_version.h,
+ src/sudo.c, src/sudo.h, src/sudo_edit.c:
+ Add directory writability checks for sudoedit.
+ [f5349d059a98]
+
+2015-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Latest.
+ [9aae49302c60]
+
+ * src/conversation.c:
+ Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. This
+ was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which resulted in
+ a masked password instead of an echoed one.
+ [53f6a78d79e3]
+
+ * plugins/sudoers/auth/bsdauth.c:
+ Repair challenge/response prompting for BSD authentication which got
+ broken while it was converted to use the conversation function.
+ [2d0b0cec5e4f]
+
+ * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Use the auth_getpass (and the plugin conversation fuction) for Tru64
+ SIA. This prevents sudo from sleeping while holding the tty ticket
+ lock.
+ [9221eec812cf]
+
+ * NEWS, doc/UPGRADE, plugins/sudoers/env.c:
+ For env_reset, SHELL should be set based on the target user, not the
+ invoking user unless preserved via env_keep.
+ [b77adbc08c91]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ sync with translationproject.org
+ [adb927ad5e86]
+
+2015-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Hungarian and Slovak translations
+ [d3b6acece125]
+
+ * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/hu.mo,
+ plugins/sudoers/po/hu.po, plugins/sudoers/po/sk.mo,
+ plugins/sudoers/po/sk.po, po/sk.mo, po/sk.po:
+ Add new Slovak and Hungarian translations from
+ translationproject.org
+ [132ec9b7a927]
+
+2015-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Remove S_ISREG check from sudo_edit_open(), it is already done in
+ the caller.
+ [9fff8c0bb1f7]
+
+ * src/sudo_edit.c:
+ Open sudoedit files with O_NONBLOCK and fail if they are not regular
+ files.
+ [56b01164869c]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/tgetpass.c:
+ It is possible for WIFSTOPPED to be true even if waitpid() is not
+ given WUNTRACED if the child is ptraced. Don't exit the waitpid()
+ loop if WIFSTOPPED is true, just in case.
+ [a2cab04a03da]
+
+2015-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/de.mo,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/nb.mo,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo,
+ plugins/sudoers/po/zh_CN.mo, po/cs.mo, po/de.mo, po/fi.mo, po/fr.mo,
+ po/gl.mo, po/it.mo, po/ja.mo, po/nb.mo, po/pl.mo, po/pt_BR.mo,
+ po/uk.mo, po/vi.mo, po/zh_CN.mo:
+ rebuild .mo files
+ [676362ed6061]
+
+ * plugins/sudoers/po/pt_BR.po, po/pt_BR.po:
+ sync with translationproject.org
+ [be932694e600]
+
+2015-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, src/sudo_noexec.c:
+ There's no point in trying to interpose protected versions of the
+ exec family of functions. Many modern C libraries use hidden symbols
+ for the functions and syscalls defined in libc such that they cannot
+ be overridden inside libc itself. We have to just wrap all the exec
+ variants plus system and popen.
+ [30aa4bd6c15b]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ List all the functions wrapped by sudo_noexec.so.
+ [57a9db56f4e0]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ The section is now called "EXEC and NOEXEC" and it is above, not
+ below.
+ [9b0a2537f65d]
+
+ * src/sudo_noexec.c:
+ Also wrap popen(3).
+ [a826cd7787e9]
+
+ * src/sudo_noexec.c:
+ Also interpose system(3). On glibc systems you cannot interpose the
+ syscalls used internally by libc.
+ [58a5c06b5257]
+
+ * src/conversation.c:
+ Set active debug instance to sudo_debug_instance() during the
+ conversation function.
+ [22fb750d92a9]
+
+2015-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ LOGNAME and USERNAME are set the same way as USER
+ [54f170cf2536]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document behavior when the command dies from a signal in EXIT
+ STATUS.
+ [3c93d682e5e6]
+
+2015-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Bug #722
+ [5cca49bb0e02]
+
+ * src/sudo.c:
+ When the command sudo is running is killed by a signal, sudo will
+ now send itself the same signal with the default signal handler
+ instead of exiting. The bash shell appears to ignore some signals,
+ e.g. SIGINT, unless the command is killed by that signal. This makes
+ the behavior of commands run under sudo the same as without sudo
+ when bash is the shell. Bug #722
+ [153f016db8f1]
+
+2015-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Adjust set_logname description to new behavior when any of LOGNAME,
+ USER or USERNAME are preserved.
+ [89009c2dcf38]
+
+ * NEWS, plugins/sudoers/env.c:
+ If some, but not all, of the LOGNAME, USER or USERNAME environment
+ variables have been preserved from the invoking user's environment,
+ sudo will now use the preserved value to set the remaining variables
+ instead of using the runas user. This ensures that if, for example,
+ only LOGNAME is present in the env_keep list, that sudo will not set
+ USER and USERNAME to the runas user.
+ [54a60fe72b9a]
+
+2015-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Fix passing of the callback pointer to the conversation function.
+ This was preventing the on_suspend and on_resume functions from
+ being called on PAM systems.
+ [611246ded4ff]
+
+ * include/sudo_plugin.h:
+ Explicitly mark large hex constants unsigned.
+ [5b67b0090814]
+
+ * plugins/sudoers/timestamp.c:
+ Cast sizeof(entry) to off_t before making it a negative offset for
+ lseek(). Fixes "sudo -k" on Solaris and probably others.
+ [ed5d312f6baa]
+
+2015-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add explicit mention of sudo's netgroup semantics since they differ
+ from most other netgroup consumers.
+ [0e9030f8cf56]
+
+ * plugins/sudoers/po/fi.po, po/fi.po:
+ sync with translationproject.org
+ [f9236f25a616]
+
+ * plugins/sudoers/check.c:
+ Fix potential double free of the cookie when sudo is suspended at
+ the password prompt.
+ [cbecb3136155]
+
+2015-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/cs.po, plugins/sudoers/po/zh_CN.po, po/cs.po,
+ po/zh_CN.po:
+ sync with translationproject.org
+ [21138f16a3a6]
+
+2015-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/de.po, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.po, po/de.po, po/fr.po, po/gl.po, po/it.po,
+ po/ja.po, po/nb.po, po/pl.po, po/uk.po, po/vi.po:
+ sync with translationproject.org
+ [2d9f3e4c3ccf]
+
+ * NEWS:
+ Bug #719
+ [cfa393164a0f]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ SIGHUP is now relayed to the command. Bug #719
+ [8db7c492c52a]
+
+ * src/exec.c:
+ When a terminal device is closed, SIGHUP is sent to the controlling
+ process associated with that terminal. It is not sent to the entire
+ process group so sudo needs to relay SIGHUP to the command when it
+ is not being run in a new pty. Bug #719
+ [b408a792f31a]
+
+ * NEWS:
+ Mention visudo bug in 1.8.14
+ [0fec829807fd]
+
+ * plugins/sudoers/visudo.c:
+ We reserved two slots at the end of the editor argv for the line
+ number and the file name. However, resolve_editor() adds "--" before
+ the file names so the +line_number is interpreted as a file name,
+ not a line number so we need to overwrite the "--" as well.
+ [ff107430ee4b]
+
+2015-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, lib/util/sig2str.c,
+ lib/util/strsignal.c:
+ Remove checks for __sys_siglist and __sys_signame. They are internal
+ to libc and there are no known systems that export those symbols
+ that do not already export the single underbar or no- underbar
+ versions.
+ [2b3efe0a91f2]
+
+ * plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, po/es.mo,
+ po/es.po:
+ Sync with translationproject.org
+ [feb5eb934a9e]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [947e8320c557]
+
+2015-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/tgetpass.c:
+ Restore old signal handlers before tty settings. That way SIGTTOU is
+ at its original value if sudo_term_restore() should fail.
+ [69d2cc6c0702]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document what happens when the on_suspend/on_resume callbacks return
+ an error.
+ [d8c9dcf7a926]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h,
+ plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
+ plugins/system_group/system_group.c, src/hooks.c:
+ No need to have version macros for hooks, callbacks and the sudoers
+ group plugin. We can just use the main sudo API macros. The sudoers
+ group plugin macros are preserved for source compatibility but are
+ not documented.
+ [8c52bb83f991]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Properly escape the backslash before a comma in an example so the
+ example rule is parsable by visudo.
+ [6745d38e9876]
+
+ * src/tgetpass.c:
+ Ignore callbacks if major version doesn't match.
+ [f852e6ebff01]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/compat/timespec.h, lib/util/Makefile.in, lib/util/gettime.c,
+ lib/util/utimens.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/Makefile.in, src/sudo_edit.c:
+ Remove include/compat/timespec.h. Systems old enough to lack struct
+ timespec are too old to build a modern sudo.
+ [37812e10a449]
+
+ * NEWS:
+ Bug #713
+ [8a7245d76799]
+
+ * src/exec.c:
+ Fill in cstat if exec_setup() fails. Previously it was only filled
+ in for an execve() failure. Fixes an unkillable sudo process when
+ exec_setup() fails and I/O logging is enabled.
+ [ff1d39d9e505]
+
+ * src/sudo.c:
+ Fix running commands as non-root when neither setresuid() not
+ setreuid() are available. At this point we are already root so
+ setuid() must succeed. Bug #713
+ [34754ad586c7]
+
+ * src/sudo.c:
+ Cast uid_t to unsigned int when printing as %u
+ [669e2d5244a6]
+
+ * doc/UPGRADE:
+ Mention time stamp file locking changes, fix some spelling.
+ [c4563ea85e3a]
+
+ * NEWS:
+ Update with latest changes.
+ [2cbd50e7c158]
+
+2015-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_fatal.h,
+ include/sudo_plugin.h, lib/util/fatal.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h,
+ src/conversation.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h,
+ src/tgetpass.c:
+ Add a struct sudo_conv_callback that contains on_suspend and
+ on_resume function pointer args plus a closure pointer and at it to
+ the conversation function.
+ [5608cb4c18f2]
+
+ * config.h.in, configure, configure.ac, include/sudo_util.h,
+ lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
+ Lock individual records in the timestamp file instead of the entire
+ file. This will make it possible for multiple sudo processes using
+ the same tty to serialize their timestamp lookups.
+ [f4ad82e36d90]
+
+ * lib/util/term.c, plugins/sudoers/check.c,
+ plugins/sudoers/sudoreplay.c, src/tgetpass.c:
+ Implement suspend/resume callbacks for the conversation function. If
+ suspended, close the timestamp file (dropping all locks). On resume,
+ lock the record before reading the password.
+
+ For this to work properly we need to be able to run th callback when
+ tsetattr() suspends us, not just when the user does. To accomplish
+ this the term_* functions now return EINTR if SIGTTOU would be
+ generated. The caller now has to restart the term_* function (and
+ send itself SIGTTOU) instead of it being done automatically.
+ [572374035897]
+
+ * plugins/sudoers/timestamp.c:
+ Allow the time stamp lock to be interrupted by signals.
+ [aa5017f86210]
+
+ * plugins/sudoers/timestamp.c:
+ Adjust new locking to work when tty_tickets is disabled. We need to
+ use per-tty/ppid locking to gain exclusive access to the tty for the
+ password prompt but use a separate (short term) lock that is shared
+ among all sudo processes for the user.
+ [d6d7a0bb6bd0]
+
+ * lib/util/locking.c:
+ Set errno to EINVAL if sudo_lock_* is called with a bad type.
+ [cfba014f1c1a]
+
+ * src/exec_pty.c:
+ sudo_term_* already restart themselve for all but SIGTTOU so we
+ don't need to use our own restart loops.
+ [113924cd05c0]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/iolog.c,
+ plugins/sudoers/timestamp.c:
+ Use pread(2) and pwrite(2) where possible.
+ [86cd3f6bab9e]
+
+ * plugins/sudoers/timestamp.c:
+ Bring back the check for time stamp files that predate the boot
+ time. Instead of truncating we now unlink the file since another
+ process may be sleeping on the lock.
+ [9cdf7468d0f2]
+
+ * plugins/sudoers/check.c:
+ Avoid touching the time stamp directory for "sudo -k command"
+ [391d20c17775]
+
+2015-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
+ Make hook_version and hook_type unsigned.
+ [77cb84793f07]
+
+2015-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/base64.c, plugins/sudoers/match.c,
+ plugins/sudoers/regress/parser/check_base64.c:
+ When decoding base64, avoid using '=' in the decoded temporary array
+ as a sentinel as it can legitimately be present. Instead, just use
+ the count of bytes stored in the temp array to determine which bytes
+ to fold into the destination.
+ [6abef15d3954]
+
+2015-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c:
+ When parsing def_editor, break out of the loop when we find the
+ first valid editor. Bug #714
+ [c7508ed075c2]
+
+2015-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ The condition for adding a missing newline at the end of sudoers was
+ never reached. Keep track of the last character and write a newline
+ character if when copying to the temp file. Found by Radovan Sroka.
+ [86c20e7fc6bd]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c:
+ Remove extraneous while() from botched do {} while() loop conversion
+ to use sudo_strsplit. Noticed by Radovan Sroka.
+ [cd2d25510129]
+
+2015-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c:
+ In sudo_pam_begin_session() and sudo_pam_end_session() return
+ AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session()
+ treat anything other than AUTH_SUCCESS as a fatal error.
+ [3ad7296390f2]
+
+ * doc/CONTRIBUTORS, src/exec.c, src/exec_pty.c:
+ Linux sets si_pid in struct siginfo to 0 when the process that sent
+ the signal is in a different container since the PID namespaces in
+ different conatiners are separate. Avoid looking up the process
+ group by id when si_pid is 0 since getpgid(0) returns the process
+ group of the current process. Since sudo ignores signals sent by
+ processes in its own process group, this had the effect of ignoring
+ signals sent from other containers. From Maarten de Vries
+ [6d3f43b95a1f]
+
+ * plugins/sudoers/auth/pam.c:
+ Sprinkle some debugging.
+ [f5a94a3a1192]
+
+2015-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document that sudo uses the real uid to map from uid to passwd file
+ user name.
+ [04f6709675cc]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in:
+ disable_coredump can be set to no on modern OSes without security
+ consequences.
+ [ebe6d5bb2274]
+
+2015-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Emphasis on the never.
+ [39ca000281c7]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Explicitly tell people not to grant sudoedit to directories the user
+ can write to. While sudoedit will no longer open symbolic links,
+ hard links are still an issue.
+ [26e0afae9bae]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Add warning about writable directories and sudo/sudoedit.
+ [701ff725af42]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Emphasize that wildcards are not regexps. Bug #692
+ [1e071810c4cb]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Emphasize that wildcards in command line arguments are dangerous.
+ Document the failings of the passwd example on GNU systems. Bug #691
+ [54d793aea6b2]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Escape the colons in [[:alpha:]] as required by sudoers.
+ [ad875dd5ca64]
+
+ * po/sudo.pot, src/sudo_edit.c:
+ Change warning when user tries to sudoedit a symbolic link.
+ [b8f44e834c2f]
+
+2015-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ add .json regress files to MANIFEST
+ [03ddb3a9671b]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [5abaa0eeab86]
+
+ * doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
+ doc/visudo.cat:
+ regen
+ [43e6b445734c]
+
+ * doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, include/sudo_compat.h, include/sudo_plugin.h,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/sudoers/test1.in,
+ plugins/sudoers/regress/sudoers/test1.json.ok,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/regress/sudoers/test1.toke.ok,
+ plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo_json.c, src/sesh.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ Do not follow symbolic links in sudoedit by default. This behavior
+ can be controlled by the sudoedit_follow Defaults flag as well as
+ the FOLLOW/NOFOLLOW tags.
+ [9636fd256325]
+
+ * NEWS, aclocal.m4, configure, configure.ac:
+ Sudo 1.8.15
+ [bf18da363b06]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.json.ok,
+ plugins/sudoers/regress/sudoers/test10.json.ok,
+ plugins/sudoers/regress/sudoers/test11.json.ok,
+ plugins/sudoers/regress/sudoers/test12.json.ok,
+ plugins/sudoers/regress/sudoers/test13.json.ok,
+ plugins/sudoers/regress/sudoers/test14.json.ok,
+ plugins/sudoers/regress/sudoers/test15.json.ok,
+ plugins/sudoers/regress/sudoers/test16.json.ok,
+ plugins/sudoers/regress/sudoers/test2.json.ok,
+ plugins/sudoers/regress/sudoers/test3.json.ok,
+ plugins/sudoers/regress/sudoers/test4.json.ok,
+ plugins/sudoers/regress/sudoers/test5.json.ok,
+ plugins/sudoers/regress/sudoers/test6.json.ok,
+ plugins/sudoers/regress/sudoers/test7.json.ok,
+ plugins/sudoers/regress/sudoers/test8.json.ok,
+ plugins/sudoers/regress/sudoers/test9.json.ok:
+ Check JSON output of sudoers test files too.
+ [3d8517812b80]
+
+2015-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Move comment to match moved code.
+ [7a30f06462a8]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ maxseq is an int not a string
+ [bffd97d22064]
+
+2015-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/preserve_fds.c:
+ Include sys/types.h for id_t. Bug #711
+ [fda95d9ca1e9]
+
+2015-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/fnmatch.c:
+ Avoid a potential out of bounds read found by enh while fuzzing with
+ address sanitizer enabled.
+ [52d6b9916593]
+
+2015-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. Bug #710
+ [428421925a20]
+
+2015-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, src/Makefile.in:
+ The init.d files are generated from a .in file so we need to install
+ from top_builddir not top_srcdir. From Ross Burton. Bug #708
+ [df1e7a0d3182]
+
+2015-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/term.c:
+ Replace two "return 0" with debug_return_bool(false).
+ [49f8fb3dcd36]
+
+ * src/ttyname.c:
+ fix typo in previous commit
+ [094488696f2c]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.14p3
+ [0079c43d8247]
+
+2015-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Fix errno value from get_process_ttyname() when no tty is present.
+ [ff7b12bb0638]
+
+ * src/ttyname.c:
+ On AIX, only convert the tty device number from dev64_t to dev32_t
+ if dev_t is 32-bits.
+ [0e728a1eb07a]
+
+2015-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.14p2
+ [55fe56b28c7b]
+
+ * plugins/sudoers/timestamp.c:
+ Fix creation of the timestamp file; bug #704
+ [1ff77fd5cc8f]
+
+2015-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c, src/sudo.c, src/sudo.h,
+ src/ttyname.c:
+ Avoid needless memory allocation when resolving the tty name.
+ [c58cce92d5e0]
+
+2015-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.14p1
+ [973705806759]
+
+ * plugins/sudoers/sssd.c:
+ Fix typo in sudo_sss_attrcpy() that caused a memory allocation
+ error.
+ [0fa324a7bb56]
+
+2015-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
+ rebuild
+ [e4c7cda46475]
+
+2015-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/lbuf.c, plugins/sudoers/env.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c, src/hooks.c, src/net_ifs.c, src/sudo.c:
+ Add some debugging printfs when malloc fails and we don't have an
+ explicit call to sudo_warnx().
+ [07aebb5839c3]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Add missing warnings for memory allocation failure. Add function
+ name to memory allocation warnings.
+ [4f6027786a28]
+
+ * lib/util/parseln.c:
+ Return -1 if realloc() fails.
+ [707632291eac]
+
+ * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
+ Add line number to debug log for memory allocation errors.
+ [f4f3debdfcc5]
+
+ * plugins/sudoers/auth/pam.c:
+ Add warning if calloc() fails. Add debugging for other unexpected
+ errors.
+ [a1e0945237d8]
+
+ * plugins/sudoers/ldap.c:
+ Add missing check for calloc(3) return value.
+ [37fe3ca78e8e]
+
+2015-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that the values printed by "sudo -V" are affected by
+ Defaults settings in sudoers.
+ [80ec2572861b]
+
+2015-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sssd.c, src/load_plugins.c:
+ Avoid calling dlerror() multiple times since it clear the error
+ status after printing the error. Problem caused by
+ sudo_warn/sudo_fatal being macros...
+ [c0fd3b0fb9c3]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Attempt to clarify the conditions under which MAIL and HOME are set
+ to the target user.
+ [ebd269bebe64]
+
+2015-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Better checks for the libaudit package for Debian and error out if
+ we can't figure it out.
+ [225c1bfcb629]
+
+ * mkpkg:
+ Fix linux_audit setting on non-multiarch Debian.
+ [0a38e9d158f4]
+
+ * sudo.pp:
+ Fix typo that broke the linux_audit dependency on Debian.
+ [0917bd45acf1]
+
+ * NEWS:
+ Mention /proc/stat btime fix.
+ [754050a340e2]
+
+ * config.h.in, configure, configure.ac, lib/util/getaddrinfo.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c,
+ src/net_ifs.c:
+ Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in
+ resolv.h.
+ [dc0f62743845]
+
+ * plugins/sudoers/boottime.c:
+ Sprinkle debugging for boottime.
+ [dfb45c763179]
+
+ * mkpkg:
+ The old Solaris /bin/sh doesn't support POSIX $( .. ) syntax, use
+ backquotes instead.
+ [c9e33ffef2b1]
+
+2015-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Only use --with-sssd-lib on Debian/Ubuntu w/ multipackage. Use dpkg-
+ query to determine the name of the audit package for proper
+ dependencies.
+ [e9669389aa2f]
+
+ * mkpkg, plugins/sudoers/sudoers.in, sudo.pp:
+ Update Debian/Ubuntu packages to be more like the vendor ones. One
+ notable exception is that sudo.ws packages use /var/run, not
+ /var/lib for timestamp files.
+ [0f4c49a3768e]
+
+ * doc/CONTRIBUTORS:
+ Add Jakub Wilk
+ [78bfdf2e441b]
+
+ * plugins/sudoers/boottime.c:
+ Strip newline from /proc/stat btime line to avoid a strtonum()
+ failure. From Jakub Wilk.
+ [8a04f85a070f]
+
+ * src/exec_pty.c:
+ In io_callback() service writes before reads. That way, if both
+ SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF) we
+ don't close the fd before the write() is performed.
+
+ If the write() returns EPIPE, ENXIO, EIO or EBADF, clear
+ SUDO_EV_READ before we close the fd to avoid calling read() on a
+ closed fd.
+ [167548fd8af2]
+
+2015-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/regress/sudo_conf/conf_test.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
+ Check sudo_conf_read() return value and exit on fatal error (a
+ warning was already printed by sudo_conf_read()).
+ [d05797f4f197]
+
+ * NEWS:
+ Mention double-quoted sudoOption value support.
+ [55684a73f097]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Add support for parsing quoted strings in a sudoOption just like
+ sudoers Defaults settings.
+ [fe8291414179]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/da.mo,
+ po/da.po:
+ Sync with translationproject.org
+ [1c15d1a3dbdd]
+
+2015-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update year.
+ [6ca660e4a957]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/de.mo,
+ po/de.po, po/nb.mo, po/nb.po:
+ Sync with translationproject.org
+ [d7ede74dcb19]
+
+ * src/sudo.c:
+ Fix utmp setup broken by commit be0ca60facf8
+ [cd8a06f57f2b]
+
+2015-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo,
+ plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/fr.mo, po/fr.po, po/it.mo, po/it.po, po/pl.mo,
+ po/pl.po:
+ Sync with translationproject.org
+ [aa473519e66d]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [8f8aa321f043]
+
+ * plugins/sudoers/logging.c:
+ Fix typo in error message.
+ [220832711826]
+
+2015-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Bug #702 is the AIX timespec issue.
+ [c597a312e816]
+
+ * config.h.in, configure, configure.ac, lib/util/closefrom.c,
+ lib/util/getcwd.c, lib/util/glob.c, plugins/sudoers/match.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, src/ttyname.c:
+ We require POSIX so no need to conditionally include dirent.h. Add a
+ check for d_namlen and use the result in the NAMLEN macro.
+ [2728194cb6cf]
+
+ * lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
+ lib/util/getcwd.c, lib/util/gettime.c, lib/util/glob.c,
+ lib/util/lbuf.c, lib/util/locking.c, lib/util/mktemp.c,
+ lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/ttysize.c,
+ plugins/group_file/group_file.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c, plugins/system_group/system_group.c,
+ src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c,
+ src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c,
+ src/openbsd.c, src/parse_args.c, src/preserve_fds.c, src/signal.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/sudo_noexec.c,
+ src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ There's no need to conditionalize the #include <unistd.h>, we
+ require a POSIX system.
+ [79389c527c08]
+
+ * include/sudo_compat.h:
+ Remove some compatibilty defines that should no longer be needed.
+ [e9136646d1c6]
+
+2015-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Final changes in 1.8.14
+ [3a5cd4f2875a]
+
+ * include/sudo_compat.h:
+ Need to include stddef.h to get rsize_t on Mac OS X for
+ sudo_memset_s() prototype.
+ [9615efed4a9a]
+
+ * lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/strsplit/strsplit_test.c:
+ Add missing exit value.
+ [484202b53893]
+
+ * lib/util/regress/mktemp/mktemp_test.c:
+ Add missing fcntl.h include.
+ [020fe6252d96]
+
+ * configure, configure.ac:
+ Do check for inet_pton before inet_ntop since we may need to record
+ dependent libraries for inet_pton when linking our getaddrinfo
+ replacement.
+ [fde03eefd88d]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c:
+ Fix build on compilers w/o __func__ or __FUNCTION__
+ [196d75416cd5]
+
+ * lib/util/util.exp.in:
+ Remove sudo_evasprintf_v1, missed during alloc.c removal.
+ [7d0ac7e5909d]
+
+ * lib/util/snprintf.c:
+ Add missing fcntl.h include.
+ [23b886deb879]
+
+ * config.h.in, configure, configure.ac:
+ Add check for inline support.
+ [061dab0e411c]
+
+2015-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/LICENSE:
+ Add reallocarray.c license.
+ [b4b4d46309f3]
+
+2015-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Fix entry for Joel Pelaez Jorge.
+ [386434049903]
+
+2015-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_lbuf.h, lib/util/lbuf.c, lib/util/util.exp.in,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c:
+ Add an error flag to the lbuf struct to simplify error checking.
+ Callers of the lbuf functions now check the error flag to tell if a
+ memory allocation error ocurred.
+ [bc44b0fbc03b]
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h:
+ display_privs() and display_cmnd() may need to return -1 on error.
+ [b6d8826900bb]
+
+2015-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
+ Check restore_perms() return value in all cases, pushing the return
+ value back up the call stack.
+ [c9beeed2b614]
+
+ * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Return -1, not 0 from sudoers when there is an error (as opposed to
+ a policy denial).
+ [5d197fe29e0e]
+
+ * doc/CONTRIBUTORS:
+ Add Joel Pelaez Jorge
+ [55387b44d6e9]
+
+ * plugins/sudoers/auth/pam.c:
+ When checking whether the PAM prompt matches "Password:", also check
+ for the untranslated version. The PAM module might not be using the
+ localized string even though it exists. From Joel Pelaez Jorge.
+ Fixes Bug #701
+ [d87f6f2ccb42]
+
+2015-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Silence clang analyzer warning on glibc systems where the first
+ argument to qsort() is marked as non-NULL. Also change some counters
+ from into to unsigned int and two flags from int to bool.
+ [09e400445ca2]
+
+2015-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Silence clang analyzer warning on glibc systems where the first
+ argument to qsort() is marked as non-NULL.
+ [34fa7256f1e2]
+
+ * include/sudo_compat.h, include/sudo_debug.h, include/sudo_util.h,
+ src/preserve_fds.c:
+ Use our own bitmap macros instead of borrowing the ones from select.
+ [51ef403511d9]
+
+ * lib/util/sudo_debug.c:
+ Must call round_nfds() with fd+1 since it takes a count not the fd
+ number. In other words, the lowest value is 1, not 0.
+ [cc175cba5371]
+
+ * src/ttyname.c:
+ Quiet clang analyzer false positive.
+ [9ebecd6b6b29]
+
+ * src/sesh.c:
+ Fix uninitialized variables warnings in error case when src file
+ cannot be opened. At least one of these is a false positive.
+ [98b417c1307a]
+
+2015-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/getline.c, plugins/sudoers/toke_util.c:
+ It's safe to rely on C89 semantics for realloc(NULL, size).
+ [b633582413ac]
+
+ * plugins/sudoers/env.c:
+ malloc() sets errno to ENOMEM on failure so we don't need to set it
+ explicitly.
+ [09cb5ceaaec3]
+
+ * include/sudo_compat.h:
+ No longer need __malloc_like
+ [a41b69f256f6]
+
+ * lib/util/util.exp.in:
+ Remove symbols from the now-removed alloc.c.
+ [da0753d85d20]
+
+ * include/sudo_compat.h, lib/util/aix.c, lib/util/closefrom.c,
+ lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
+ lib/util/getaddrinfo.c, lib/util/getcwd.c, lib/util/getgrouplist.c,
+ lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c,
+ lib/util/gettime.c, lib/util/gidlist.c, lib/util/glob.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/parseln.c,
+ lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c, lib/util/setgroups.c,
+ lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c,
+ lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c,
+ lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
+ lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
+ plugins/sample/sample_plugin.c, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/editor.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
+ plugins/system_group/system_group.c, src/conversation.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c,
+ src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c,
+ src/openbsd.c, src/parse_args.c, src/preserve_fds.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
+ src/ttyname.c, src/utmp.c:
+ Only include stddef.h where it is needed.
+ [ce597fb7ffb9]
+
+2015-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [cad83b927f4e]
+
+ * lib/util/sudo_conf.c, plugins/sudoers/locale.c:
+ Better handling of setlocale() returning NULL.
+ [7cd4fcdb528c]
+
+ * lib/util/aix.c, lib/util/gidlist.c, lib/util/sudo_conf.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/conversation.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/parse_args.c, src/preserve_fds.c, src/selinux.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c:
+ Add function name to "unable to allocate memory" warnings.
+ [98c07e26a13e]
+
+ * configure, configure.ac, include/sudo_compat.h, lib/util/aix.c,
+ lib/util/closefrom.c, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c, lib/util/getaddrinfo.c, lib/util/getcwd.c,
+ lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c,
+ lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c,
+ lib/util/glob.c, lib/util/key_val.c, lib/util/lbuf.c,
+ lib/util/locking.c, lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c,
+ lib/util/reallocarray.c, lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c, lib/util/setgroups.c,
+ lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c,
+ lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c,
+ lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
+ lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/editor.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
+ plugins/system_group/system_group.c, src/conversation.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c,
+ src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c,
+ src/openbsd.c, src/parse_args.c, src/preserve_fds.c,
+ src/regress/ttyname/check_ttyname.c, src/signal.c, src/solaris.c,
+ src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c,
+ src/utmp.c:
+ We require ANSI C so stop using the obsolete STDC_HEADERS.
+ [35a5a680e5fe]
+
+ * lib/util/getgrouplist.c, lib/util/regress/glob/globtest.c,
+ lib/util/sudo_debug.c, plugins/group_file/getgrent.c,
+ plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/tsgetgrpw.c:
+ Use strtok_r() instead of strtok()
+ [6b8e3c253dcf]
+
+ * config.h.in, configure, configure.ac:
+ Add back _REENTRANT define on HP-UX to expose strtok_r on some
+ versions. We may need to define it on other systems too.
+ [12c36f12eed2]
+
+ * configure, configure.ac:
+ Fix check for strnlen() when cross-compiling.
+ [e501c508891a]
+
+ * plugins/sudoers/interfaces.c:
+ Use sudo_strsplit() in dump_interfaces.
+ [b76ee2f47f37]
+
+2015-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/inet_pton.c, lib/util/key_val.c, lib/util/lbuf.c,
+ lib/util/locking.c, lib/util/parseln.c,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/progname/progname_test.c,
+ lib/util/regress/strsplit/strsplit_test.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c, lib/util/sha2.c,
+ lib/util/snprintf.c, lib/util/strtobool.c, lib/util/term.c,
+ plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
+ plugins/sample/sample_plugin.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/editor.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_hexchar.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/system_group/system_group.c,
+ src/conversation.c, src/exec_pty.c, src/net_ifs.c, src/openbsd.c,
+ src/preserve_fds.c, src/regress/ttyname/check_ttyname.c,
+ src/solaris.c, src/sudo.c, src/tgetpass.c, src/ttyname.c,
+ src/utmp.c:
+ Remove obsolete memory.h include.
+ [0c1351d614a9]
+
+ * config.h.in, configure, configure.ac, lib/util/getcwd.c,
+ lib/util/gethostname.c, lib/util/glob.c, lib/util/locking.c,
+ lib/util/parseln.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
+ lib/util/snprintf.c, lib/util/strndup.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ src/env_hooks.c:
+ Remove support for the obsolete malloc.h header.
+ [2a118de27d4e]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.c:
+ Remove BROKEN_SYSLOG define which was for obsolete versions of HP-
+ UX. Remove last remnants of 4.2BSD syslog support.
+ [e234515f515d]
+
+ * lib/util/sudo_conf.c:
+ Use sudo_strsplit() instead of doing the equivalent manually.
+ [220f2e4a0e68]
+
+ * lib/util/regress/strsplit/strsplit_test.c:
+ Test strsplit behavior with an empty string.
+ [62ae80dcee4a]
+
+ * lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Allow "make LIBTOOL=/path/to/libtool" to work properly.
+ [f9e5f7109107]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/visudo.c:
+ Use a common function for resolviong the user's editor in sudoedit
+ and visudo. The find_path() function now returns a dynamically
+ allocated path instead of using a static string.
+ [97fe58966144]
+
+ * config.h.in, configure, configure.ac, lib/util/Makefile.in,
+ lib/zlib/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Replace use of OSDEFS with config.h defines. Rename DEFS in
+ Makefile.in to CPPDEFS and include in CPPFLAGS. Bring back
+ _BSD_SOURCE as a config.h define. Remove obsolescent _REENTRANT
+ define.
+ [0d76a12adca8]
+
+2015-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, include/sudo_alloc.h, lib/util/Makefile.in,
+ lib/util/alloc.c:
+ Remove now-unused sudo_alloc.h and alloc.c
+ [0fe70085c75c]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in, src/conversation.c,
+ src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_pty.c,
+ src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
+ src/preserve_fds.c, src/regress/ttyname/check_ttyname.c,
+ src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/ttyname.c:
+ Avoid using exiting allocators in the front end.
+ [be0ca60facf8]
+
+ * include/sudo_conf.h, include/sudo_lbuf.h, lib/util/Makefile.in,
+ lib/util/aix.c, lib/util/gidlist.c, lib/util/lbuf.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c:
+ Use non-exiting allocators in libsudo_util.
+ [d9b7cf17b9b4]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/logging.c:
+ Remove asprintf() return value warnings.
+ [fe25ce11f96a]
+
+ * config.h.in, configure, configure.ac:
+ Use AC_FUNC_STRNLEN to check for broken strnlen() on AIX. This
+ requires that we use AC_USE_SYSTEM_EXTENSIONS so remove things from
+ OSDEFS that are enabled by AC_USE_SYSTEM_EXTENSIONS.
+ [1f64269cab6e]
+
+ * plugins/sudoers/ldap.c:
+ Remove extraneous semicolons in CHECK_* macros.
+ [ef99aa3c9d70]
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Remove remaining SUDO_MAIN remnants.
+ [1c077699f444]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Use non-exiting allocatings in the sudoers plugin.
+ [a5668cb9c516]
+
+2015-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ Use non-exiting allocators in the sudoers SSSD backend.
+ [dba29b55ac0b]
+
+ * plugins/sudoers/ldap.c:
+ Use non-exiting allocators in the sudoers LDAP backend.
+ [37bfa441345a]
+
+ * lib/util/Makefile.in:
+ regen dependencies
+ [5be6eb005946]
+
+2015-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, lib/util/Makefile.in, mkdep.pl:
+ Add missing dependency info for reallocarray.lo in
+ lib/util/Makefile.in and regen configure to match last configure.ac
+ change.
+ [da1fc49b53dc]
+
+ * plugins/sudoers/ldap.c:
+ Use \28 and \29 instead of \( and \) in the ldap query as per RFC
+ 2254. Fixes netgroup queries on AIX. From Steven Soulen.
+ [33267d6243aa]
+
+2015-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/glob.c:
+ Move pattern length check until after we have initialized the glob_t
+ so we can call globfree() even on error. From Frank Denis.
+ [a246f9054395]
+
+2015-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ We need to unlimit RLIMIT_NPROC in sudoers as well as the sudo front
+ end since set_perms() and restore_perms change the read uid and may
+ fail with EAGAIN on Linux kernels prior to 3.1.
+ [e6a03c31f4e5]
+
+2015-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Fix underlining of "root" in -u option descriptions. Bug #699
+ [b3afe47d9798]
+
+ * doc/UPGRADE, src/load_plugins.c:
+ Remove support for converting plugin.so -> plugin.sl on HP-UX when
+ plugin.so can not be found. This was a temporary hack for using an
+ older (pre 1.8.7) sudoers plugin with a newer sudo front-end.
+ [561e2ce444ed]
+
+2015-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/event.c, lib/util/event_select.c:
+ Add debugging output on memory alloc failure. Add missing checks in
+ event_select.c for reallocarray() failure.
+ [0853c7bcbeaa]
+
+ * lib/util/event_poll.c:
+ Use non-exiting allocators.
+ [5ed0e276b551]
+
+2015-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Bring back VALIDATE_ERROR which will be used in the case of memory
+ allocation errors.
+ [784c885db95c]
+
+2015-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/snprintf.c:
+ If asprintf() or vasprintf() fail, set the dest pointer to NULL like
+ BSD and Solaris do. This appears to be the direction glibc is going
+ as well.
+ [92fb2283dc9a]
+
+2015-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Use a stack buffer for the validate_env_vars() error message.
+ [69df3a0cbc2b]
+
+2015-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/fatal.c:
+ Fix typo/thinko in static buffer conversion; use vsnprintf() not
+ snprintf()
+ [9d42fb3a94f6]
+
+ * plugins/sudoers/ldap.c:
+ Fix old gcc2 variadic macro support.
+ [fd951ed8865e]
+
+ * plugins/sudoers/visudo.c:
+ Restore old behavior where visudo prevents you from making the main
+ sudoers file zero length.
+ [b03ef908120f]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c:
+ Non-exiting allocators for log functions. If log_allowed() fails the
+ user may not run the command. We don't try to return early for
+ log_failure(), log_auth_failure() or log_denial() as we would not
+ run the command in that case.
+ [40c3d0dd75bc]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
+ Use non-exiting allocators in the parser (much of it already did).
+ [f14222e5ad1b]
+
+ * lib/util/aix.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c:
+ Use non-existing allocators in the passwd/group cache functions.
+ [86bbe840f348]
+
+ * MANIFEST, configure.ac, lib/util/alloc.c, lib/util/reallocarray.c:
+ Add standalone reallocarray.c from OpenBSD instead of rolling our
+ own.
+ [36ec5840729e]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/iolog.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Use non-exiting allocators in the redblack tree and fix the fallout.
+ Also switch to non-exiting allocators in affected code blocks.
+ [bca56cf769cb]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.h:
+ The error string returned by alias_add should be const.
+ [b378188a0a8f]
+
+ * plugins/sudoers/policy.c:
+ Fix typo, efree vs. free.
+ [9146ba7473ca]
+
+ * plugins/sudoers/policy.c, src/exec_common.c, src/sudo.c:
+ Add a few missing sudo_new_key_val() return value checks. Also use
+ non-exiting allocators for consistency.
+ [2ae76a679052]
+
+2015-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, lib/util/Makefile.in,
+ lib/util/regress/parse_gids/parse_gids_test.c,
+ lib/util/regress/strsplit/strsplit_test.c:
+ Add unit tests for strsplit and parse_gid_list.
+ [e08c5ff7b5f0]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/strsplit.c, lib/util/util.exp.in,
+ plugins/sudoers/sudoers.c:
+ Add sudo_strsplit(), similar to strtok_r() but non-destructive and
+ operates on non-C strings (requires a length parameter).
+ [45fb50775249]
+
+ * lib/util/fatal.c:
+ Use a static buffer for sudo_warn/sudo_fatal messages where
+ possible.
+ [6e1d6ecc022d]
+
+ * include/sudo_compat.h:
+ Fix sudo_strnlen() prototype.
+ [1367bd9227b3]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/Makefile.in, lib/util/strndup.c,
+ mkdep.pl:
+ Add strndup() for those without it. As strndup.c uses strnlen(), use
+ our own if it is missing.
+ [cf904a9c68f7]
+
+ * lib/util/strnlen.c:
+ Add missing sudo_ prefix and include sudo_compat.h.
+ [d5e5dfc3fd20]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, lib/util/strnlen.c:
+ Add strnlen() replacement needed for glob.c. Only used if no glob()
+ and no strnlen().
+ [bb6b7c4549b1]
+
+2015-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.h, plugins/sudoers/sudoers.h:
+ Get rid of SUDO_MAIN. Modern compilers don't warn about mixing
+ extern and auto declarations unless they conflict.
+ [a273b73bca6d]
+
+ * config.h.in, configure.ac, include/compat/endian.h,
+ include/compat/fnmatch.h, include/compat/getaddrinfo.h,
+ include/compat/getopt.h, include/compat/glob.h,
+ include/compat/nss_dbdefs.h, include/compat/sha2.h,
+ include/compat/stdbool.h, include/compat/timespec.h,
+ include/sudo_alloc.h, include/sudo_compat.h, include/sudo_conf.h,
+ include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h,
+ include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h,
+ include/sudo_plugin.h, include/sudo_queue.h, include/sudo_util.h,
+ lib/util/fatal.c, plugins/sudoers/bsm_audit.h,
+ plugins/sudoers/check.h, plugins/sudoers/defaults.h,
+ plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
+ plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog.h, plugins/sudoers/linux_audit.h,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c, src/net_ifs.c, src/sudo.h,
+ src/sudo_exec.h, src/sudo_plugin_int.h, src/sudo_usage.h.in:
+ Avoid using a leading underbar in defines as they are reserved in
+ ISO C.
+ [a442d88c6490]
+
+ * Makefile.in, doc/Makefile.in, examples/Makefile.in,
+ include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c,
+ plugins/system_group/Makefile.in, src/Makefile.in, src/selinux.c:
+ Add target for "make splint". A few files need extra guards to avoid
+ errors on systems where they would not otherwise be compiled. No
+ warnings from splint.
+ [64fc04debc58]
+
+2015-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sia.c:
+ Use reallocarray() instead of sudo_emallocarray() and return an
+ error on allocation failure.
+ [fee12ac1e0c8]
+
+ * plugins/sudoers/auth/kerb5.c:
+ In our krb5_get_init_creds_opt_alloc() replacement use malloc()
+ instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation
+ failure. Only old versions of Kerberos V will need this.
+ [95ac6c5b7b60]
+
+ * lib/util/event.c, lib/util/event_select.c:
+ Use non-exiting allocators.
+ [91bbc657901d]
+
+2015-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, src/sudo.c:
+ There should be no need to check for tzset() as it is POSIX.
+ [50825eb75c97]
+
+ * configure, configure.ac:
+ Add sudo_reallocarrary to util.exp.in if reallocarray is not found.
+ [32588e00bb33]
+
+2015-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ NLS now works on Mac OS X properly.
+ [1485c9e51b04]
+
+ * configure, configure.ac, src/Makefile.in:
+ Force flat namespace on darwin to make the getenv() hooking work as
+ it does on ELF.
+ [0837cc3559ce]
+
+2015-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/alloc.c, lib/util/snprintf.c,
+ plugins/sample/sample_plugin.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke_util.c:
+ No need to cast malloc() return value.
+ [09c7236d3e1a]
+
+ * lib/util/getcwd.c, lib/util/getline.c, lib/util/glob.c,
+ plugins/sudoers/env.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Use reallocarray where possible.
+ [2b5957a38baa]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/alloc.c:
+ Add reallocarray() for those without it.
+ [3ac5a4abe077]
+
+2015-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ The getenv() hook still doesn't work on Mac OS X.
+ [d9297b9ff54c]
+
+2015-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_fatal.h, lib/util/fatal.c:
+ In sudo_warn_gettext_v1() call dgettext() not gettext() to make sure
+ the domain is set correctly. The sudoers plugin uses its own text
+ domain.
+ [f7ce0100ff5c]
+
+2015-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ man pages should explicitly depend on config.status since it is used
+ to substitute in variables/settings.
+ [bebe8e19d767]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/visudo.cat:
+ regen
+ [2e613d7bb477]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.14
+ [66e33bc0d18e]
+
+ * INSTALL, MANIFEST, aclocal.m4, config.h.in, configure, configure.ac,
+ include/sudo_fatal.h, lib/util/Makefile.in, lib/util/fatal.c,
+ lib/util/locale_weak.c, lib/util/util.exp.in,
+ m4/ax_sys_weak_alias.m4, mkdep.pl, plugins/sudoers/Makefile.in,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, src/Makefile.in, src/locale_stub.c:
+ Instead of trying to make weak functions work on all platforms, just
+ use a registration function for a plugin-specific setlocale
+ function. The sudoers version just wraps sudoers_setlocale().
+ [0eef64f41cdf]
+
+ * src/parse_args.c:
+ Fix indentation of -a flag help line.
+ [a2ed556b6454]
+
+ * include/sudo_compat.h:
+ Fix compilation when HAVE_DECL_SIG2STR_MAX is not defined.
+ [31aa465affaa]
+
+ * doc/Makefile.in:
+ Add lint target to run "mandoc -Tlint" over the manuals.
+ [63ed14d91adc]
+
+2015-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_compat.h:
+ HAVE_DECL_SIG2STR_MAX is always defined so use a
+ !HAVE_DECL_SIG2STR_MAX check instead of #ifndef.
+ [65cc03302d39]
+
+2015-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/tgetpass.c:
+ Sync tty_present() with sudoers version.
+ [040c05e68627]
+
+ * src/load_plugins.c:
+ sudo_check_plugin() returns bool.
+ [15b2851bfb90]
+
+ * plugins/sudoers/match.c:
+ In usergr_matches() matched should be bool but we have to take care
+ to handle group_plugin_query() returning a value other than 0/1.
+ [c120901f71c7]
+
+ * plugins/sudoers/ldap.c:
+ sudo_ldap_check_non_unix_group() returns bool, not int.
+ [d12e9242454f]
+
+ * plugins/sudoers/logging.c:
+ Convert two debug_return_int to debug_return_bool.
+ [594d0fc8efda]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, src/sudo.c:
+ Previously, debug_return_bool was the same as debug_return_int
+ except that it logged true/false for 1/0. However, this appears to
+ trigger a bug in some compilers. To avoid this, debug_return_bool
+ now uses bool, not int. Callers that were passing it an int have
+ been converted to use debug_return_int instead.
+ [ca142b5a9433]
+
+ * src/get_pty.c, src/sudo.h:
+ get_pty() should return bool
+ [2c72c8d3603b]
+
+ * src/sudo.h, src/tgetpass.c:
+ Make tty_present static to tgetpass.c
+ [bb73a2cc8754]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Add configure check for SIG2STR_MAX, which may be missing on
+ UnixWare.
+ [e9dcac23c639]
+
+ * m4/ax_sys_weak_alias.m4:
+ Need to quote $GCC as it may include arguments. From Tim Rice.
+ [9ed8a3be94bf]
+
+ * MANIFEST:
+ Add missing m4/ax_sys_weak_alias.m4
+ [269a8d5bfb49]
+
+2015-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ There's no point in building i386 binaries for Mac OS X 10.7 and
+ higher.
+ [e8876ea36d14]
+
+2015-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, po/ja.mo,
+ po/ja.po:
+ Sync with translationproject.org
+ [414c51286530]
+
+2015-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/bsm_audit.c:
+ Only fall back on AUE_DARWIN_sudo if au_preselect() fails.
+ [aea2f3a60b46]
+
+2015-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/bsm_audit.c:
+ Work around a problem on Mac OS X 10.10 which defines AUE_sudo but
+ where au_preselect() only accepts AUE_DARWIN_sudo (the old value).
+ [b5d32d6453d1]
+
+2015-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/env_hooks.c:
+ Don't use dlsym() to find the libc getenv() since this may allocate
+ memory on some systems (glibc) which leads to a hang if malloc()
+ calls getenv() (jemalloc).
+ [441846664820]
+
+ * include/sudo_debug.h, src/sudo.c:
+ Split variable declaration out of debug_decl into debug_decl_vars()
+ so we can use it in main() when we know sudo_debug_enter() cannot
+ succeed.
+ [6931948a57f8]
+
+ * src/sudo.c:
+ Defer conversation initialization until right before plugins are
+ initialized.
+ [83db53d4945c]
+
+2015-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ When creating a passwd struct from a uid that is not in the passwd
+ database, set pw_gid to the user's gid instead of whatever the user
+ specified via the -g flag (or 0 if no -g).
+ [4154970432df]
+
+2015-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Add some ldap_err2string() debugging when the LDAP search fails.
+ Adapted from a diff from Steven Soulen.
+ [e08d38481041]
+
+2015-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo,
+ po/sr.po:
+ Sync with translationproject.org
+ [cbf24072ad07]
+
+2015-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add David Michael and Andrey Klyachkin.
+ [e153a9b46e1f]
+
+ * sudo.pp:
+ Sync tmpfiles.d/sudo.conf with init.d/sudo.conf.in
+ [9e3945c1fe6e]
+
+ * include/sudo_util.h:
+ Avoid struct assignment when stashing mtime since AIX at least uses
+ a struct st_timespec that differs from struct timespec. From Andrey
+ Klyachkin.
+ [e267ea5b019e]
+
+2015-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Work around a bug in pp that caused a warning when exampledir is a
+ subdir of docdir.
+ [d81db98f215f]
+
+ * plugins/sudoers/solaris_audit.c:
+ Add sys/types.h
+ [e0794f05e95c]
+
+ * lib/util/getopt_long.c, lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/glob/globtest.c, lib/util/sha2.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_hexchar.c:
+ Include sys/types.h instead of unistd.h to get uid_t and gid_t. Add
+ missing include of sys/types.h to a few places.
+ [86eb67f3c41a]
+
+2015-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Remove unintended commit
+ [2eeeb74b9174]
+
+ * init.d/sudo.conf.in:
+ Add tmpfiles.d/sudo.conf template.
+ [ead9bb7b5328]
+
+2015-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore, INSTALL, MANIFEST, Makefile.in, configure, configure.ac,
+ mkpkg, src/Makefile.in, sudo.pp:
+ Create template tmpfiles.d/sudo.conf for installation instead of
+ creating one via echo commands in the Makefile.
+
+ Add --enable-tmpfiles.d configure option to enable/disable use of
+ tmpfiles.d and override the default directory.
+
+ Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore
+ tmpfiles.d/sudo.conf in sudo.pp.
+ [930983f88927]
+
+ * sudo.pp:
+ Fix setting of pp_rpm_version when there is no patchlevel present.
+ Also tighten up the regexp for pp_rpm_release.
+ [d6a89aafd99d]
+
+2015-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
+ examples/Makefile.in, mkpkg, sudo.pp:
+ Make exampledir configurable and default to
+ DATAROOTDIR/examples/sudo on BSD systems.
+ [4c1271298712]
+
+ * src/Makefile.in, sudo.pp:
+ Install /usr/lib/tmpfiles.d/sudo.conf on systems with systemd but do
+ not package it. For packages we create /usr/lib/tmpfiles.d/sudo.conf
+ as needed in the postinstall script.
+ [522666bc079f]
+
+2015-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix "mandoc -Tlint" warnings. Sync AUTHORS section in man pages.
+ Regenerate all man pages.
+ [34e4149bb225]
+
+ * lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
+ Make libsudo_util depend on libintl instead of requiring users of
+ libsudo_util to link with libintl directly. Bug #690
+ [f2508d1a21ee]
+
+2015-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Use saved errno in vlog_warning() before calling
+ sudo_vwarn_nodebug(). Fixes the error message printed if set_perms()
+ fails.
+ [68bd7297137e]
+
+2015-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for 1.8.13 final.
+ [4c03db3a740f]
+
+2015-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ For sudoedit, run the editor with the user's original environment as
+ per the documentation (and as in sudo 1.7.x). Bug #688
+ [a5081c8f6950]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, po/fr.mo,
+ po/fr.po:
+ Sync with translationproject.org
+ [0b820c5ecb0c]
+
+2015-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/term.c:
+ Update function names in debug_decl.
+ [b83f153b2f43]
+
+ * lib/util/term.c:
+ Use TCSAFLUSH instead of TCSANOW in sudo_term_copy(). Be consistent
+ with where we put TCSASOFT in the action flags.
+ [6ffeec3aa184]
+
+2015-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/da.mo,
+ po/da.po, po/fi.mo, po/fi.po, po/zh_CN.mo, po/zh_CN.po:
+ Sync with translationproject.org
+ [0d20f88c0a83]
+
+2015-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/sha2.c:
+ Include unistd.h since sudo_compat.h uses gid_t.
+ [da491d83e5dc]
+
+2015-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.ac:
+ Add --disable-weak-symbols option to disable use of weak symbols in
+ libsudo_util.
+ [3edf2bccb4d8]
+
+ * configure:
+ regen
+ [ff1abfcd2b61]
+
+ * m4/ax_sys_weak_alias.m4:
+ When checking for weak aliases, check the gcc attribute format last
+ since some C compilers just ignore unsupported attributes.
+ [e172cbbfa615]
+
+ * sudo.pp:
+ Update copyright year.
+ [67bcd24c6477]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/it.mo,
+ po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo,
+ po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po:
+ Sync with translationproject.org
+ [ceb62f98364c]
+
+ * configure, configure.ac, include/compat/sha2.h:
+ Fix symbol name collision with systems that have their own sha2
+ implementation. This can result in PAM using the wrong sha2
+ implementation on Solaris systems configured to use SHA512 for
+ passwords.
+ [3a25c4896804]
+
+ * src/Makefile.in:
+ Use SSP_LDFLAGS when linking sudo_noexec.la
+ [6187b17fad90]
+
+2015-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/compat/utime.h, lib/util/Makefile.in, lib/util/utimens.c:
+ Remove compat/utime.h, it was only useful for ancient systems that
+ are no longer capable of compiling sudo.
+ [94e4f02868db]
+
+2015-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, lib/util/Makefile.in:
+ Link libsudo_util with -lrt on systems where clock_gettime is in
+ -lrt.
+ [44a9a0d0af69]
+
+ * NEWS:
+ Update.
+ [811c8d7090c0]
+
+ * lib/util/strlcat.c, lib/util/strlcpy.c:
+ Update OpenBSD CVS Ids
+ [933788497ee4]
+
+ * lib/util/strlcat.c:
+ Make comment match code.
+ [b1b68810929d]
+
+ * lib/util/utimens.c:
+ Fix compilation error on systems without futimes().
+ [4d55a58ea12e]
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/gettime.c, lib/util/util.exp.in, lib/util/utimens.c,
+ lib/util/utimes.c, mkdep.pl, plugins/sudoers/Makefile.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/Makefile.in, src/sesh.c,
+ src/sudo_edit.c:
+ Use futimens() and utimensat() instead of futimes() and utimes().
+ [8400f91466d8]
+
+ * plugins/sudoers/visudo.c:
+ Fix compiler warning on systems where mode_t is not unsigned int,
+ such as 32-bit Solaris.
+ [1eeeea1c203d]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Fix logic for verifypw/listpw all in sudoers LDAP and sssd.
+ [5bc60a34a477]
+
+ * src/tgetpass.c:
+ Fix cut & pasto that prevented the SIGPIPE handler from being
+ restored before returning from tgetpass(). From mancha
+ [230b0a86876e]
+
+2015-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sesh.c, src/sudo_edit.c:
+ Our utimes() emulation support futime() too.
+ [439851535285]
+
+2015-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [40aa9164563f]
+
+ * plugins/sudoers/testsudoers.c:
+ Define YYDEBUG to 0 if not already defined so we can protect use of
+ sudoersdebug with "#if YYDEBUG" like the generated parser does. From
+ David Michael.
+ [394e1c237aac]
+
+2015-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that Aliases may not be redefined and that "sudo -f
+ /etc/sudo.d/foo" will not catch the redefinition.
+ [3bff3b5f7eb1]
+
+ * sudo.pp:
+ Only create /usr/lib/tmpfiles.d/sudo.conf if
+ /usr/lib/tmpfiles.d/systemd.conf also exists. Some other package may
+ have created /usr/lib/tmpfiles.d even though it is not used.
+ [cf013d95b7d7]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [4dde632c35cd]
+
+ * sudo.pp:
+ Clear the ts dir instead of just making sure it exists.
+ [c49b6e3e2360]
+
+ * configure, configure.ac:
+ Only substiture init.d scripts that we are going to use.
+ [301f16bd04c5]
+
+2015-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, sudo.pp:
+ Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used.
+ [532dc61e7bb7]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/visudo.c, src/sudo_edit.c,
+ src/utmp.c:
+ Check the return value of gettimeofday(), even though it should
+ never fail.
+ [747715d8a11c]
+
+2015-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, configure, configure.ac, include/sudo_compat.h,
+ lib/util/Makefile.in, lib/util/clock_gettime.c, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
+ plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c:
+ We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as it
+ may be present but not implemented. Add sudo_gettime_real() and
+ sudo_gettime_mono() functions to get the real and monotonic times
+ respectively. Now sudo_gettime_mono() checks the value of
+ sysconf(_SC_MONOTONIC_CLOCK) before calling
+ clock_gettime(CLOCK_MONOTONIC) and falls back on sudo_gettime_real()
+ as needed. The Mach version of sudo_gettime_mono() uses
+ mach_absolute_time().
+
+ This should fix problems with timestamp files on systems where the
+ CLOCK_MONOTONIC is defined but not actually implemented.
+ [cd04a21af4c5]
+
+ * include/sudo_compat.h, plugins/sudoers/timestamp.c:
+ Check clock_gettime() return value and warn if it fails. Currently,
+ the timestamp will be ignored if clock_gettime() fails.
+ [3658154638da]
+
+2015-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/sudo_debug.c:
+ Plug memory leak when debug file cannot be opened. Use %zu printf
+ format now that our snprintf support it.
+ [a168a002cd19]
+
+ * plugins/sudoers/auth/pam.c:
+ Pam conversation function changes: o use PAM_BUF_ERR as the return
+ value when calloc() fails. o sanity check the value of num_msg o
+ remove the workaround for old Apple PAM o PAM_AUTH_ERR is not a
+ valid PAM conversation function return value
+
+ If getpass_error is set after a call to pam_verify (usually because
+ the user pressed ^C), return AUTH_INTR immediately instead of
+ checking the pam_verify return value.
+ [8d378f40fe1f]
+
+ * INSTALL, NEWS, configure, configure.ac,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ On AIX use the value of auth_type in /etc/security/login.cfg to
+ determine whether to use LAM or PAM unless the user specified the
+ --with-pam or --with-aixauth configure flags.
+ [cb314c1ed5f8]
+
+ * lib/util/parseln.c:
+ Fix cast.
+ [4f56047e2bc4]
+
+2015-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, lib/util/snprintf.c:
+ Update snprintf.c from OpenBSD. The floating point and wide
+ character code has been retained but is not compiled by default.
+ [6801a77398fc]
+
+2015-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test1.in,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/regress/sudoers/test1.toke.ok:
+ Update the regression test that check that all tags are parsed.
+ [d0f9af2f9d45]
+
+ * MANIFEST, configure, configure.ac, lib/util/Makefile.in,
+ lib/util/mktemp.c, lib/util/regress/mktemp/mktemp_test.c, mkdep.pl:
+ Add regress for mkdtemp and mkstemps from OpenBSD
+ [18714ae9bffd]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [b77490dd9b33]
+
+ * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, po/tr.mo,
+ po/tr.po:
+ Sync with translationproject.org
+ [b2946065653d]
+
+ * config.h.in, configure.ac:
+ Correct SECURE_PATH comment.
+ [3fd6132d5dba]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.13
+ [32c1183b0666]
+
+2015-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/gethostname.c, lib/util/util.exp.in,
+ plugins/sudoers/match.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/sudo.c:
+ Avoid using HOST_NAME_MAX directly and use
+ sysconf(_SC_HOST_NAME_MAX) instead.
+ [97036b819d58]
+
+ * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
+ Historically, crypt() returned the empty string on error, which
+ ensured that crypt("", "") would return "", which supported matcing
+ empty encrypted passwords with no additional code. Some modern
+ versions of crypt() (such as glibc) return NULL on error so we need
+ an explicit test to match an empty plaintext password and an empty
+ encrypted password.
+ [b88eb9da5e57]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Sort tags lexically in the sudoers manual
+ [66716c0b7a13]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo_json.c:
+ Add support for MAIL and NOMAIL command tags to toggle mail sending
+ behavior on a per-command (or Cmnd_Alias) basis.
+ [04f30a064c25]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h,
+ lib/util/closefrom.c, lib/util/setgroups.c,
+ plugins/sudoers/pwutil_impl.c, src/sudo.c:
+ Almost no systems actually define OPEN_MAX since it is dynamic on
+ modern OSes. If sysconf(_SC_OPEN_MAX) ever fails, fall back on
+ _POSIX_OPEN_MAX instead. We can assume modern systems have
+ sysconf(). Also remove checks for strrchr() and strtoll() for which
+ the HAVE_* defines are no longer used.
+ [c3058a6cca86]
+
+ * lib/util/getline.c, plugins/group_file/getgrent.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/tsgetgrpw.c:
+ All modern systems should have LINE_MAX.
+ [117322b6d86c]
+
+ * Makefile.in, sudo.pp:
+ Don't need to pass exampledir to polypkg now that it is just under
+ docdir.
+ [9f24f0184a78]
+
+2015-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Fix packaging of the example dir.
+ [4c7cbc3fc190]
+
+ * lib/util/mktemp.c:
+ Fix mkstemps() extension handling. Sudoedit will now preserve the
+ extension properly when the system libc lacks mkstemps().
+ [b86f54331972]
+
+2015-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, aclocal.m4, config.h.in, configure, configure.ac,
+ lib/util/Makefile.in, lib/util/locale_weak.c,
+ m4/ax_sys_weak_alias.m4, mkdep.pl, src/Makefile.in,
+ src/locale_stub.c:
+ Use weak symbols for sudo_warn_gettext() and sudo_warn_strerror() so
+ distros using "-Wl,--no-undefined" in LDFLAGS don't run into
+ problems.
+ [708418615aae]
+
+ * lib/util/mksiglist.c, lib/util/mksigname.c:
+ Include unistd.h in siglist.c and signame.c to get gid_t which is
+ used by sudo_compat.h. Bug #686
+ [0ab6450a96ec]
+
+2015-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
+ Add mail_all_cmnds to always mail when a user runs a command (or
+ tries to) including sudoedit. The mail_always flag goes back to its
+ old semantic of always mailing when sudo is run.
+ [edc904502061]
+
+2015-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Minor change in description of TZ path handling.
+ [579b02f0dbe0]
+
+ * Makefile.in, examples/Makefile.in:
+ Move example dir under the doc dir to conform to Debian guidelines.
+ Bug #682.
+ [494d9a0484b6]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that a leading ':' is skipped when checking TZ for a fully-
+ qualified path name.
+ [91859f613b88]
+
+2015-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Typo.
+ [b9257ea66116]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix typos.
+ [ac1467f71ac0]
+
+ * plugins/sample/sample_plugin.c:
+ Fix compilation on systems w/o __dso_public
+ [b773ef9127fa]
+
+2015-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po:
+ Russian translation for sudoers from translationproject.org.
+ [8a7fc2e00072]
+
+2015-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ru.mo,
+ plugins/sudoers/po/ru.po:
+ Russian translation for sudoers from translationproject.org.
+ [1d5869e4d4af]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Add check for getresuid() declaration, which may be missing on HP-
+ UX. When checking for getdomainname() prototype, look in netdb.h
+ too.
+ [0ba583590b17]
+
+ * INSTALL, NEWS, configure, configure.ac, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
+ plugins/sudoers/env.c:
+ Sanity check the TZ environment variable by special casing it in
+ env_check. The --with-tzdir configure option can be used to specify
+ the zoneinfo directory if configure doesn't find it.
+ [650ac6938b59]
+
+ * NEWS:
+ Mention crash fixes.
+ [f759c993e172]
+
+ * src/parse_args.c:
+ Bail with usage() early if argc <= 0.
+ [aaba56c9a797]
+
+2015-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c:
+ Remove extraneous casts of node->data (which is void *).
+ [950749570a00]
+
+ * doc/CONTRIBUTORS:
+ Add Stephane Chazelas
+ [a6c7becabee7]
+
+ * plugins/sudoers/pwutil.c:
+ Fix a potential crash when getpwnam() of the running user fails and
+ we don't replace the negative cached entry with a faked up one. From
+ Stephane Chazelas
+ [9088f041bbad]
+
+ * src/parse_args.c, src/sudo.c:
+ Don't assume argv[0] is set without first checking argc.
+ [aabdc9d0ba26]
+
+ * lib/util/progname.c:
+ Call setprogname("sudo") if getprogname() returns NULL or the empty
+ string.
+ [45438f7227b1]
+
+ * plugins/sudoers/set_perms.c:
+ Handle sudo_get_grlist() returning NULL which can happen if
+ getgrouplist() fails even after allocating the appropriate amount of
+ memory. From Stephane Chazelas
+ [25747a0ead7c]
+
+ * config.h.in, configure, configure.ac:
+ Remove configure checks for strrchr() and strtoll() for which the
+ HAVE_* defines are no longer used.
+ [f04216435aba]
+
+ * config.h.in, configure, configure.ac, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ Require POSIX regular expression support for sudoreplay.
+ [1486747cd470]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Check whether getdomainname(), innetgr(), setresuid() and
+ setresgid() are declared and add prototypes in sudo_compat.h as
+ needed.
+ [03aa144afce4]
+
+ * plugins/sudoers/policy.c:
+ The plugin no longer needs to call initprogname() now that it links
+ with the same libsudo_util as sudo.
+ [78b65a352ac5]
+
+2015-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add /usr/local/share/examples/ directory to parentdirs so it is
+ explicitly added to the package.
+ [ef1aa52b0aad]
+
+ * plugins/sudoers/po/da.mo, po/da.mo:
+ Sync with translationproject.org
+ [943986acd31c]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/nl.mo,
+ po/nl.po:
+ Sync with translationproject.org
+ [4977ac967bdd]
+
+2015-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
+ Regen with yacc skeleton that the clang analyzer doesn't complain
+ about.
+ [e15991fd4ab1]
+
+ * configure, configure.ac, lib/util/alloc.c, lib/util/glob.c,
+ plugins/sudoers/env.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y:
+ Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX
+ systems doesn't include stdint.h itself.
+ [9fbd35811743]
+
+ * configure, configure.ac:
+ SIZE_MAX may be in limits.h on pre-C99 compilers.
+ [d3b554f7e0e5]
+
+ * config.h.in, configure, configure.ac, lib/util/aix.c:
+ Add missing prototypes for usrinfo() and setauthdb() for AIX.
+ [aa4b205296cf]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/match.c:
+ Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to
+ get the host's NIS domain.
+ [9234c62a1469]
+
+2015-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Remove AC_PROG_GCC_TRADITIONAL and add AC_PROG_CC_STDC since we need
+ C99.
+ [005775f5662b]
+
+ * plugins/sudoers/match.c:
+ Actually use the check for prior initialization in
+ sudo_getdomainname().
+ [06368385ad0d]
+
+ * configure, configure.ac:
+ We need to add OSDEFS to CFLAGS to expose LLONG_MAX et al on glibc
+ when not explicitly asking for c99.
+ [ae9435631600]
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/logging.c:
+ Don't send mail about pseudo-command failure unless it is an
+ authentication failure.
+ [deddcfc1f2ab]
+
+ * configure, configure.ac:
+ Fix check for SIZE_MAX, which should be in stdint.h not limits.h.
+ [47bf0ab7dfca]
+
+ * lib/util/glob.c:
+ Need to include inttypes.h for SIZE_MAX
+ [a11f42f40294]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [d35b24f95ef8]
+
+2015-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_debug.h, lib/util/aix.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
+ lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c,
+ lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c,
+ lib/util/ttysize.c, lib/util/util.exp.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
+ src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
+ src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
+ src/ttyname.c, src/utmp.c:
+ Go back to a 2 args debug_decl and just use the "default" instance,
+ now renamed "active".
+ [7130b7478355]
+
+2015-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/LICENSE:
+ Update copyright year.
+ [e1dad7b195e4]
+
+2015-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ When querying LDAP netgroups, use the NIS domain if it is sent but
+ also match nisNetgroupTriple entries that have no domain.
+ [5a0fa3ac26f7]
+
+ * plugins/sudoers/sudoreplay.c:
+ Avoid setting the tty to non-blocking mode so "sudoreplay | cat"
+ (for example) works as expected. We only read a single byte from the
+ keyboard and only when interactive anyway so this should be fine.
+ [9615a932545b]
+
+ * lib/zlib/Makefile.in, plugins/sudoers/Makefile.in:
+ regen
+ [f19c6e000850]
+
+ * plugins/sudoers/sudoreplay.c:
+ Avoid a cppcheck warning about undefined behavior (using the address
+ of a stack buffer - 1) and fix a memory leak of the iov when doing
+ nl->crnl conversion.
+ [e26f9008c2e4]
+
+ * doc/CONTRIBUTORS:
+ Add Steven Soulen
+ [17a47303d5fe]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix handling of partial writes from writev() which can occur with
+ large output buffers.
+ [1065dbeaa13d]
+
+2015-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
+ Add support for querying netgroups directly via LDAP since there is
+ no other way to look up all the netgroups for a user (unlike regular
+ groups). This introduces netgroup_base and netgroup_search_filter
+ options to ldap.conf. Based on a diff from Steven Soulen.
+ [7e3d55983e71]
+
+2015-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Sort ldap.conf options.
+ [264608124698]
+
+2015-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Add macros to ease the checking of strlcpy, strlcat and
+ sudo_ldap_value_cat return values.
+ [e9122413d4fa]
+
+2015-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Rename VALIDATE_OK -> VALIDATE_SUCCESS Rename VALIDATE_NOT_OK ->
+ VALIDATE_FAILURE
+ [4379cac9f75d]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.h:
+ Remove now-unused VALIDATE_ERROR define.
+ [569d4936b761]
+
+ * plugins/sudoers/logging.c:
+ should_mail() now returns bool.
+ [0316d1fb08c3]
+
+ * lib/util/sudo_debug.c:
+ If sudo_debug_register() fails return
+ SUDO_DEBUG_INSTANCE_INITIALIZER, not -1. Otherwise we could end up
+ setting the instance to -1 which is invalid.
+ [032bb1db6db5]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix typo.
+ [014be972780c]
+
+ * doc/Makefile.in:
+ Use "mandoc -Tascii" to generate .cat pages to avoid locale-specific
+ characters.
+ [0ec42d8924fc]
+
+2015-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, m4/sudo.m4:
+ Use AC_PATH_PROG to find programs instead of checking the path
+ manually.
+ [2b5d9893a7a7]
+
+2015-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/strlcat.c, lib/util/strlcpy.c:
+ Sync with OpenBSD version
+ [22c073c42a9e]
+
+2015-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Use AC_CHECK_HEADERS_ONCE and AC_CHECK_FUNCS_ONCE where possible and
+ quote the first args in AC_CHECK_FUNCS calls.
+ [84aa40ab410a]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Avoid inadvertantly defining things like PATH_MAX simply because the
+ source file doesn't include limits.h.
+ [d2e7c4093f55]
+
+2015-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
+ m4/ltversion.m4:
+ Update to libtool 2.4.4 + HP-UX patches
+ [859b7378bc37]
+
+ * src/ttyname.c:
+ Document why we need sys/param.h.
+ [f21a4d7122f0]
+
+ * configure, m4/sudo.m4:
+ Don't need sys/param.h.
+ [6aa24ecfc9d4]
+
+ * lib/util/closefrom.c:
+ Don't appear to need sys/param.h for pstat_getproc() on HP-UX even
+ though the man page lists it.
+ [47d75f3db288]
+
+ * lib/util/inet_ntop.c, lib/util/inet_pton.c:
+ Should not need sys/param.h here.
+ [5c83cebcd75f]
+
+2014-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match_addr.c:
+ Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs.
+ [d30313d726eb]
+
+2014-12-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Update link to gq LDAP editor, now on sourceforge.
+ [706dadea1abb]
+
+2014-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/compat/glob.h, lib/util/glob.c:
+ Add support for GLOB_LIMIT from OpenBSD (not currently used) and
+ also a limit on the max recursion depth for glob().
+ [6f9e26b88612]
+
+ * lib/util/glob.c:
+ Quiet compiler sign compare warning.
+ [c4f35c02122c]
+
+2014-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ fnmatch fix
+ [07542b07ac67]
+
+ * lib/util/fnmatch.c:
+ Remove artificial limit on length of pattern and string. It is
+ possible to use fnmatch() on things other than paths (such as
+ arguments) so a limit of PATH_MAX does not make sense. Fixes a bug
+ where rules would fail to match if the length of the arguments were
+ larger than PATH_MAX (usually 1024).
+ [942770c20422]
+
+2014-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Remove the extra /sudo in sudo.ws urls
+ [0b804e3a1008]
+
+2014-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Reference bugzilla.sudo.ws
+ [7dc11bbe6f13]
+
+2014-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ sync
+ [da17d5a611ce]
+
+2014-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Require that a digest be specified with a real command, not an alias
+ or pseudo-command. Found via a crash by afl.
+ [55f6166cab63]
+
+ * NEWS:
+ sync
+ [4b31247735c4]
+
+ * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/fr.mo,
+ plugins/sudoers/po/fr.po:
+ French translation for sudoers from translationproject.org.
+ [5c592350c4b0]
+
+2014-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Defer registration of the SIGCHLD handler until just before we exec
+ the command. Fixes a problem where pam_gnome_keyring installs its
+ own SIGCHLD handler and may not restore the original one. As a
+ result, we now have to explicitly wait for the askpass helper to
+ finish. Bug #657
+ [f499500fef71]
+
+2014-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Mention sssd support in the sudoers.ldap manual and cross-reference
+ sssd-sudo(5).
+ [32f84fbf210c]
+
+2014-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Reorder an entry.
+ [5d15735294f1]
+
+2014-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Prevent cppcheck from getting confused by our compat definition of
+ the va_copy macro for pre-C99.
+ [61d94525be2e]
+
+2014-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Fix potential NULL pointer deref found by cppcheck.
+ [668967e031e0]
+
+ * plugins/sudoers/alias.c:
+ Quiet a cppcheck false positive.
+ [35a16ae4660c]
+
+ * lib/util/sudo_debug.c:
+ If there are multiple outputs, ap will be re-used so make a copy and
+ operate on it instead.
+ [f4f19df43c93]
+
+ * src/hooks.c:
+ Fix typo in hook return value check.
+ [b12839dc6e78]
+
+ * NEWS:
+ Mention visudo use of sudoers plugin args to set default sudoers
+ file name and owner/mode.
+ [7f2733b53431]
+
+ * NEWS:
+ Mention fix for bug #678
+ [7f7a6d8b985b]
+
+2014-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ In set_fqdn() we neeed to set user_runhost/user_srunhost at the same
+ time we set user_host/user_shost since that is what
+ hostlist_matches() uses. Bug #678
+ [4f75b01d4884]
+
+2014-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/hooks.c:
+ Do not call sudo_warnx() on invalid value from the env hook
+ functions as the printf() family may call getenv() for locale
+ reasons.
+ [547fc25acb7c]
+
+ * doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ No need to keep specifying ".Nm foo" since the Nm macro remembers
+ the argument it was first called with and uses it if none is
+ specified. Also fix a few minor formatting errors and regen bulleted
+ lists in the .man.in files.
+ [d2669e94add4]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Add sudo.conf to SEE ALSO and rename section on sudo.conf
+ [d4cc8ad2c2b4]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Mention sudo.conf use for debugging
+ [9393fb061bcd]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in,
+ doc/sudoreplay.cat:
+ regen
+ [1d34d21b2136]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Document sudo.conf usage now that visudo will parse the sudoers
+ arguments.
+ [78a413c019a9]
+
+2014-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid,
+ sudoers_gid, and sudoers_mode in visudo.
+ [1c7408b5ff7e]
+
+ * plugins/sudoers/visudo.c:
+ Use sudoers_file, sudoers_uid, sudoers_gid, and sudoers_mode symbols
+ from toke.l instead of the upper case defines.
+ [21ba15518c7d]
+
+ * lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
+ Use SSP_LDFLAGS when creating shared objects.
+ [2428de97d2c2]
+
+ * lib/util/Makefile.in:
+ We only build .lo (not .o) files for libsudo_util
+ [2c1e0475cddc]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
+ po/eo.po, po/fi.mo, po/fi.po, po/it.mo, po/it.po, po/nb.mo,
+ po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo,
+ po/ru.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po:
+ Sync with translationproject.org
+ [e51055fdffe1]
+
+2014-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [aab14a9942e0]
+
+2014-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c:
+ Make sure that SIGCHLD is not treated as a user-generated signal in
+ which case it could be ignored. Bug #676
+ [a4caaaaa47a8]
+
+2014-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, lib/util/mktemp.c:
+ Use arc4random() for mkstemp/mkdtemp if available. If not, try to
+ seed from /dev/urandom before falling back to the gettimeofday seed.
+ [7a7096ab82c9]
+
+ * lib/util/sudo_debug.c:
+ Use a static buffer for sudo_debug_execve2() if possible.
+ [abf1fd5891ab]
+
+2014-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to libtool 2.4.3 + HP-UX patches
+ [9ddfd96f3bea]
+
+2014-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, include/sudo_compat.h, lib/util/mktemp.c:
+ If a system lacks mkdtemp() or mkstemps(), use our own mkdtemp() and
+ mkstemps(). Previously we only exposed the missing one but since the
+ guts are the same we might as well use them.
+ [12d4ac64462f]
+
+ * src/env_hooks.c:
+ Mark the putenv(), setenv() and unsetenv() symbols as global, not
+ hidden. Fixes a mismatch where a plugin (or its loaded dso) would
+ call setenv() to set a variables but be unable to find it later with
+ getenv().
+ [96127ac4bbb3]
+
+2014-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix install-nls target from builddir.
+ [da63bc37f6c5]
+
+ * Makefile.in:
+ Fix dependency on sudo.pp, it needs to relative to srcdir.
+ [c76088da98e8]
+
+ * src/sesh.c:
+ Adapt to new debug subsystem registration.
+ [8e13b349b44b]
+
+2014-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/zlib/Makefile.in, lib/zlib/zlib.exp:
+ Add missing zlib.exp file and common LT_LDFLAGS Makefile.in.
+ [0bc0092d3e03]
+
+ * lib/util/sudo_conf.c:
+ Fix path settings broken in rev 9731.
+ [2b33916eb287]
+
+ * MANIFEST, lib/util/regress/sudo_conf/test4.err.ok:
+ Adjust regress test now that boolean settings display an error for
+ invalid input.
+ [73a7365f492e]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add sudoers_debug_deregister() and use it instead of calling
+ sudo_debug_deregister() directly.
+ [819b0e08196e]
+
+ * configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
+ Use AC_PROG_AWK
+ [945cf6deb18d]
+
+ * NEWS:
+ Mention shared zlib.
+ [094bdada1106]
+
+ * MANIFEST:
+ Add lib/zlib/zlib.exp
+ [7b5011e3eea9]
+
+ * INSTALL, configure, configure.ac, lib/zlib/Makefile.in,
+ lib/zlib/zconf.h.in:
+ Add support for installing a shared zlib
+ [6875ab6ca44f]
+
+ * lib/util/Makefile.in:
+ fix comment typo
+ [35c3dda27eec]
+
+ * configure, configure.ac, lib/zlib/Makefile.in:
+ Newer zlib uses HAVE_HIDDEN to turn on symbol hiding so we don't
+ need to disable it with NO_VIS.
+ [b3eee86f015f]
+
+ * po/sudo.pot:
+ regen
+ [687bc1ea88ac]
+
+ * configure.ac, include/sudo_debug.h, lib/util/sudo_debug.c,
+ lib/util/util.exp.in:
+ Version the symbols for sudo_debug.c now that the API is stable.
+ [873850a062a8]
+
+2014-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/sudo_conf.c:
+ Go back to parsing sudo.conf in place for settings and paths and
+ improve debugging info for unsupported entries and parse errors.
+ [264e1f7d6551]
+
+ * include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/sudo_conf.c, lib/util/util.exp.in,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
+ Add a flag argument to sudo_conf_read() so we can decide which bits
+ get parsed. This lets us parse Debug statements first and init the
+ debug subsystem early.
+ [56dbf1e671de]
+
+2014-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/zlib/gzguts.h:
+ Include stdio.h after zlib.h, not before. We need the large file
+ defines to come first.
+ [b42b53d10252]
+
+ * doc/LICENSE, lib/zlib/compress.c, lib/zlib/crc32.c,
+ lib/zlib/crc32.h, lib/zlib/deflate.c, lib/zlib/deflate.h,
+ lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
+ lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c,
+ lib/zlib/inflate.c, lib/zlib/inftrees.c, lib/zlib/trees.c,
+ lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h,
+ lib/zlib/zutil.c, lib/zlib/zutil.h:
+ Update zlib to version 1.2.8
+ [f95280e0448d]
+
+ * configure, configure.ac:
+ Don't add -Wold-style-definition to CFLAGS as it causes problems
+ with 3rd party libraries such as zlib.
+ [1d7613d1c177]
+
+ * src/load_plugins.c:
+ Free up plugin info structs after converting to plugin containers.
+ [1168e873d778]
+
+ * INSTALL, MANIFEST, Makefile.in, configure, configure.ac,
+ doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE, doc/sample.pam,
+ doc/sample.sudo.conf, doc/sample.sudoers, doc/sample.syslog.conf,
+ examples/Makefile.in, examples/pam.conf, examples/sudo.conf,
+ examples/sudoers, examples/syslog.conf, sudo.pp:
+ Move sample.* files to a sudo examples dir
+ [b53e3df56c66]
+
+ * sudo.pp:
+ Fix a packaging problem with the sudoedit man page link on Debian.
+ [8ad77a37048e]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
+ Initialize the debug subsystem in sudoers early. Currently this
+ means iterating over the settings list twice.
+ [93b12ea08405]
+
+ * lib/util/sudo_debug.c:
+ No need to convert sudoedit -> sudo in sudo_debug_get_instance() as
+ we store the actual program name and only do the sudoedit -> sudo
+ conversion when reading the sudo.conf file. Fixes debugging when
+ invoked as sudoedit.
+ [535c01d83b14]
+
+ * lib/util/sudo_conf.c, lib/util/sudo_debug.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/exec_pty.c,
+ src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
+ In the plugin registers with the debug framework at open time, the
+ sudo front-end will now set the default debug instance appropriately
+ before calling into the plugin. This means the plugin no longer
+ needs to do the sudo_debug_set_default_instance() dance.
+ [10dd45a7884f]
+
+ * Makefile.in:
+ Remove duplicate -U__NBBY in CPPCHECK_OPTS
+ [ad518cb36279]
+
+2014-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Older shells don't support unset.
+ [8762e40871ab]
+
+ * configure, configure.ac, include/sudo_compat.h,
+ lib/util/inet_ntop.c, src/net_ifs.c:
+ Fix inet_ntop() replacement on older systems without it. We only
+ expose the prototype for net_ifs.c due to the use of socklen_t.
+ [18b95ca378ab]
+
+ * lib/util/sudo_debug.c:
+ Dynamically allocate debug_fds bitmap and realloc as needed.
+ [e858199414f6]
+
+ * Makefile.in, include/sudo_debug.h, lib/util/Makefile.in,
+ lib/util/sudo_debug.c, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h,
+ plugins/system_group/Makefile.in, src/Makefile.in, src/exec.c:
+ Use generic bitmap macros instead of select-style fd_set.
+ [c382edc413be]
+
+ * lib/util/sudo_debug.c:
+ Replace sudo_debug_num_instances with sudo_debug_max_instance
+ [12625fd174a4]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
+ Don't call into the debug subsystem after we've deregistered the
+ plugin's instance.
+ [fca7279d2f40]
+
+ * lib/util/sudo_debug.c:
+ Only fill in subsystem_ids[] for the instance if the caller passed
+ in an array for it. If the caller only wants the default subsystems
+ we don't actually need ids[].
+ [07939da6d3a5]
+
+ * lib/util/Makefile.in:
+ Link with -ldl if needed when built with --disable-shared-libutil/
+ [542eeffaf57d]
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix includes order.
+ [ddd58edba5af]
+
+ * lib/util/util.exp.in:
+ Remove extra newline mistakenly introduced in rev 9682.
+ [36a40e308bbc]
+
+ * plugins/sudoers/Makefile.in:
+ Fix typo in unset.
+ [2c5fbe4c9a54]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/sesh.c:
+ Set debug instance for standalone programs.
+ [306225438408]
+
+ * plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
+ src/net_ifs.c:
+ Fix compilation issues, fallout from the debug changes.
+ [aff5bb3d0322]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ regen
+ [bbb69f299d1f]
+
+ * configure, configure.ac:
+ Sudo 1.8.12
+ [8d9b15c1de44]
+
+ * NEWS:
+ Update with debug system changes and revent bug fixes.
+ [44133de1dee2]
+
+ * include/sudo_debug.h, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h:
+ When registering with the debug subsystem, the caller now passes in
+ an arrary of ints that gets filled in with the subsytem IDs to be
+ used in debug_decl.
+ [80e80ba194f7]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ sudoers_debug_instance is now included in libparsesudoers so we
+ don't need to declare it here.
+ [a56f79e6fcf8]
+
+2014-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, include/sudo_debug.h, lib/util/sudo_debug.c,
+ lib/util/ttysize.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c:
+ The sudoers plugin now defines its own list of debugging subsystem
+ names and defines.
+ [e85d0375e059]
+
+ * MANIFEST, include/sudo_debug.h, lib/util/aix.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/gidlist.c,
+ lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
+ lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c,
+ lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/term.c,
+ lib/util/ttysize.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
+ plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
+ src/Makefile.in, src/exec.c, src/exec_common.c, src/exec_pty.c,
+ src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c,
+ src/parse_args.c, src/preserve_fds.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Add support for multiple Debug lines per program. Callers may
+ register arbitrary debug facilities or use built-in defaults. We now
+ use separate Debug statements for plugins and programs.
+ [5e553cbbfbb1]
+
+ * MANIFEST, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_conf.h, include/sudo_debug.h,
+ lib/util/Makefile.in, lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_conf/test7.in,
+ lib/util/regress/sudo_conf/test7.out.ok, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/solaris_audit.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h, src/hooks.c,
+ src/load_plugins.c, src/parse_args.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ Change how sudo.conf is parsed. We now do a quick parse and then set
+ the values after the entire file has been parsed. This lets us init
+ the debug system earlier. Plugin-specific debug flags are now stored
+ in struct plugin_info and struct plugin_container and passed to the
+ plugin via one or more debug_flags settings.
+ [62fb1102e1e2]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Return settings from parse_args as struct sudo_settings and format
+ for the plugin at plugin open time. This will allow for additional,
+ plugin-specific settings to be added to the array.
+ [167929871b94]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/load_plugins.c,
+ src/sudo.c, src/sudo_plugin_int.h:
+ Pass plugin path in the settings array.
+ [45bc2d087115]
+
+ * plugins/sudoers/parse.c:
+ Remove an unneeded NULL check to quiet a cppcheck warning.
+ [64cb92122658]
+
+2014-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Set locale to C for visudo and testsudoers regression tests. Bug
+ #672
+ [adf7997a0a65]
+
+2014-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/linux_audit.c:
+ Fix logic bug. We only want to return -1 from linux_audit_open()
+ when audit_open() fails and errno is not one of EINVAL,
+ EPROTONOSUPPORT, or EAFNOSUPPORT. For those errno values, we return
+ AUDIT_NOT_CONFIGURED which is not a fatal error. Bug #671
+ [6f0d8f1c7648]
+
+2014-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add back fix for Bug #663
+ [a3dfc76ee776]
+
+2014-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ The older style bash function exporting is not used by post-
+ shellshock versions of bash.
+ [223efe328e86]
+
+ * plugins/sudoers/env.c:
+ Apple uses a different variant of the BASH_FUNC prefix for bash
+ functions.
+ [ea13c8c2a716]
+
+2014-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Remove change that is part of 1.8.12 not 1.8.11p1
+ [8fdad4c4f314]
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.11p1
+ [80e9898f7c04]
+
+ * src/regress/ttyname/check_ttyname.c:
+ Only check stdin for the tty and avoid the check entirely if we
+ don't have a way to get the tty from the kernel. Bug #643
+ [deb799e16416]
+
+ * lib/util/sudo_debug.c:
+ Make a copy of ap in sudo_debug_vprintf2() in case the static buffer
+ is not big enough and we need to call vasprintf().
+ [a5d32b9d63be]
+
+ * src/sudo.c:
+ Avoid comparing new cwd with old one if getcwd() failed. Bug #670
+ [e99093578ca7]
+
+ * plugins/sudoers/env.c:
+ Fix debugging printout output for env_should_keep()
+ [a9e7ea4b6751]
+
+2014-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, include/Makefile.in:
+ Use INSTALL_OWNER instead of -O/-G flags so we can work with the
+ autotools install-sh too. Bug #669
+ [a5f87f6a52b7]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Move sudo_printf to policy.c to match sudo_conv.
+ [f2d6065c3daf]
+
+2014-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, include/sudo_fatal.h, lib/util/Makefile.in,
+ lib/util/fatal.c, lib/util/sudo_printf.c, lib/util/util.exp.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sudo_printf.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Add sudo_warn_set_conversation() to specify a conversation function
+ to use for warn/fatal. If no conversation function is specified, the
+ standard error will be used. We now only need sudo_printf() for
+ things that use the parser.
+ [d6049e53e3e3]
+
+2014-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Use correct names when referring to subsections in the sudoers
+ manual.
+ [7a016916f0ab]
+
+2014-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.ac,
+ lib/util/inet_ntop.c, src/net_ifs.c:
+ Use inet_ntop() instead of inet_ntoa() and include a version for
+ systems that are missing it.
+ [1a1a70dba9c0]
+
+2014-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Fix detection of functions in network libs like -lsocket, -lnsl and
+ -linet when we have already added those libs to NET_LIBS. Fixes a
+ problem where inet_pton() was not detected on Solaris.
+ [27e10183649e]
+
+ * NEWS:
+ Mention --disable-shared-libutil fix.
+ [7efe70688237]
+
+ * src/Makefile.in:
+ Always use --tag=disable-static to avoid installing a static
+ sudo_noexec.
+ [5d7d58879f99]
+
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Instead of building libutil statically for --disable-shared-libutil,
+ just treat it as a convenience library. Do the same with sudoers for
+ --enable-static-sudoers. Fixes link errors on Solaris among others
+ when --disable-shared-libutil is used.
+ [c5357fe78ab7]
+
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
+ Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the
+ compiler-specific option to restrict symbol exporting.
+ [09e8dab6f528]
+
+ * src/preload.c:
+ Include sys/types.h to get gid_t, etc used in sudo_compat.h. Fixes a
+ build issue on Solaris.
+ [b8917967df41]
+
+2014-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix cust & pasto in error message when there is a mismatch between
+ the sudo and libc ttys. From Diego Elio Petteno'. Bug #643
+ [87d5f1a49535]
+
+2014-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Add BASH_FUNC_* to environment blacklist for newer-style bash
+ functions.
+ [b6e66c4a782e]
+
+ * Makefile.in:
+ Pull additional password prompts out of mkpkg instead of hard-coding
+ them.
+ [d2a6da883b34]
+
+ * NEWS:
+ Add post-1.8.11 changes
+ [11169ace8fa4]
+
+ * Makefile.in, configure.ac, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/po/sudoers.pot:
+ Add a space after "Password:" in default password prompt so it is
+ easier to read when pwfeedback is enabled.
+ [a7750d845b5b]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Simplify how we count the password tries
+ [71b9f2021561]
+
+ * plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c:
+ Block SIGINT and SIGQUIT while verifying passwords so that
+ authentication modules that use sleep() are not interrupted. If the
+ user interrupted authentication, exit the loop.
+ [1cfafd7fcb13]
+
+ * configure, configure.ac:
+ Remove Convex support; it is not modern enough to run sudo 1.8.
+ [c3bdfbb2ee11]
+
+ * configure, configure.ac:
+ Only check for -lshadow if we haven't already found getspnam() in
+ libc. Rather than treat this specially, just add -lshadow as another
+ place to search in addition to -lgen.
+ [fdf06757f25d]
+
+2014-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ If all authentication methods fail init/setup, fail with an error.
+ [4cd0481bf05e]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Move pass_warn() so that it is defined before it is called().
+ [6ea697e89fef]
+
+2014-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Remove duplicate Requires: line in generated rpm spec file.
+ [335703b110c7]
+
+ * pp:
+ In pp_files_expand() set _target to be empty. Fixes a problem with
+ Solaris sh where simply using typeset doesn't causes the variable to
+ be treated as local so we can inadvertantly inherit a value from a
+ previous call.
+ [f3cecca3c7b0]
+
+2014-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Fix version for release.
+ [39f6a2e9a098]
+
+2014-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, pathnames.h.in:
+ Only redefine _PATH_BSHELL on AIX if we included paths.h.
+ [2dd4e808f69f]
+
+ * NEWS:
+ Bug 661
+ [7f2b278086b2]
+
+ * pathnames.h.in, src/exec_common.c, src/sudo.c:
+ On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh
+ (which is usually ksh). This makes sudo's behavior when executing a
+ shell without the #! magic number match execvp() on AIX.
+ [2b438ff99991]
+
+ * pathnames.h.in:
+ Whitespace changes.
+ [107f66ecfa54]
+
+ * configure, m4/sudo.m4:
+ Prefer /usr/bin/sh to /bin/sh to match modern systems.
+ [9e2ccb5b239f]
+
+ * NEWS, lib/util/Makefile.in:
+ Don't use SSP_CFLAGS or PIE_CFLAGS when building mksiglist/mksigname
+ as they are built with the host compiler which may be different when
+ cross-compiling. From Gustavo Zacarias. Bug 662.
+ [f1a6d58c0baa]
+
+2014-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
+ po/fi.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo,
+ po/pt_BR.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo,
+ po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ Sync with translationproject.org
+ [588c41d2eab5]
+
+2014-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Make sure we can't insert an nss entry in the list that has already
+ been used before.
+ [b5fab945991b]
+
+ * plugins/sudoers/visudo_json.c:
+ Use correct gettext macro with sudo_warnx()
+ [0a532986b016]
+
+ * NEWS:
+ Make nsswitch.conf bug fix description more accurrate. It affects
+ the "files" nsswitch source too.
+ [a29cce3a3ee9]
+
+ * NEWS:
+ Mention nsswitch.conf duplicate entry fix.
+ [f8a45b59a577]
+
+2014-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudoers.h:
+ Make sudoers file nsswitch functions static to parse.c since they
+ are self-contained.
+ [cf22385d0659]
+
+ * plugins/sudoers/sudo_nss.c:
+ Fix infinite loop when mulitple sudoers entries are present in
+ nsswitch.conf. From Daniel Kopecek.
+ [e773e0eee736]
+
+2014-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Fix for bug #660
+ [e25192ad79cc]
+
+ * src/get_pty.c:
+ Fix compilation on systems without openpty(), _getpty() or
+ grantpt(). From Vasilyy Balyasnyy
+ [897280412e3e]
+
+2014-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/conversation.c:
+ Remove remaining use of SUDO_CONV_DEBUG_MSG.
+ [4ee756b687ea]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
+ SUDO_CONV_DEBUG_MSG is no longer supported.
+ [7bf46cf06578]
+
+ * doc/sudo.conf.cat, doc/sudoers.cat:
+ regen
+ [5bff0d4d3956]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/sudo_printf.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
+ There is no longer a reason for the plugin to init the debug
+ subsystem itself. It will always be initialized by the front-end if
+ needed.
+ [970dd80a9e3c]
+
+ * include/sudo_alloc.h, include/sudo_compat.h, include/sudo_fatal.h:
+ Add function arg names to prototypes where missing.
+ [e78dc4c48521]
+
+ * lib/util/alloc.c:
+ Remove obsolete definition of SIZE_T which is now handled by
+ sudo_compat.h and rename the format arg to fmt in
+ sudo_evasprintf_v1() for consistency with sudo_easprintf_v1().
+ [72c0fc5e5114]
+
+ * src/parse_args.c:
+ If we were invoked with any name ending in "edit", treat as
+ sudoedit.
+ [d307572f08bc]
+
+2014-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * po/sudo.pot:
+ regen
+ [31c115ffbba8]
+
+ * src/exec.c, src/exec_pty.c, src/signal.c:
+ Check return value of sigaction(), even though it should never fail.
+ [75c578e6a07c]
+
+2014-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/Makefile.in, src/Makefile.in:
+ regen
+ [2fcb390e8e89]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_hexchar.c:
+ Add hexchar unit test
+ [de65e0ded4a2]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ Avoid division by zero if there was no test data.
+ [de3324077ba0]
+
+2014-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/event.c:
+ Remove confusing comment.
+ [ee1765a06b94]
+
+ * lib/util/sudo_debug.c:
+ Use a stack buffer for the debug message when possible, most are
+ small.
+ [945fb94a7aaf]
+
+2014-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po, po/ca.mo,
+ po/ca.po:
+ Sync with translationproject.org
+ [661d536a7599]
+
+2014-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Convert a debug printf to a user-visible warning.
+ [c3866eaea3ec]
+
+ * include/sudo_fatal.h, include/sudo_util.h, lib/util/fatal.c:
+ Move sudo_printf extern to sudo_util.h
+ [50275ef999e9]
+
+ * include/sudo_fatal.h, include/sudo_lbuf.h, lib/util/fatal.c,
+ lib/util/lbuf.c:
+ Some versions of the HP C Compiler don't export functions that take
+ function pointers as arguments unless a typedef is used.
+ [97cc0525dbd7]
+
+ * include/sudo_lbuf.h:
+ Work around a bug in the HP C compiler.
+ [5c902aefeba6]
+
+ * lib/util/lbuf.c:
+ Don't need sudo_fatal.h
+ [bccfe4df4794]
+
+2014-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * po/da.mo, po/da.po:
+ Sync with translationproject.org
+ [7910e3fc0f3e]
+
+ * src/exec.c:
+ Remove signal_event from evbase before calling sudo_ev_loopexit()
+ when the command has exited or been killed. It is possible that we
+ could receive another signal on the pipe if they are delivered out
+ of order.
+ [b8ed1c9482b4]
+
+2014-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Treat EOF on signal pipe (which should never happen) as ECONNRESET.
+ [eb57e9047a2c]
+
+ * include/sudo_event.h, lib/util/event.c, src/exec_pty.c:
+ Don't allow sudo_ev_loopcont() to override sudo_ev_loopexit()
+ [b6b53eacbc61]
+
+ * include/sudo_event.h, lib/util/event.c, lib/util/event_poll.c,
+ lib/util/event_select.c:
+ Add some internal convenience functions.
+ [b01063d82347]
+
+2014-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Fix osrelease sed expression. It wasn't matching distros with a
+ single digit version such as sles9.
+ [44f3e9b7e6c0]
+
+ * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
+ po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
+ po/fi.po, po/it.mo, po/it.po, po/nb.mo, po/nb.po, po/pl.mo,
+ po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/uk.mo,
+ po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
+ Sync with translationproject.org
+ [5b2c6063db75]
+
+ * plugins/sudoers/iolog.c:
+ Return -1 from logging functions if we get a write error.
+ [a3ae43d54101]
+
+ * NEWS:
+ Mention I/O plugin changes.
+ [0bd2e99fe87a]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c:
+ Change behavior when plugin I/O logging function returns 0 or -1.
+ For -1 (error) return, we now kill the command and disable the I/O
+ logging function that returned the error. For a 0 (reject) return,
+ we no longer display the rejected output to the user's terminal. The
+ plugin API revision is now 1.6.
+ [27bb504860f3]
+
+ * doc/sudoers.cat:
+ regen to fix version.
+ [641ea29b7dd3]
+
+ * plugins/sample/sample_plugin.c:
+ Add trivial dirty word check to the sample output logging function.
+ [a14494b87b4d]
+
+2014-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for 1.8.11b2
+ [72ac1f26ba78]
+
+ * src/sudo_edit.c:
+ Fix restoration of effective uid/gid in command_details. This masked
+ the effects an unset (really zero) egid. Bug 656
+ [b75eed459386]
+
+ * src/sudo.c:
+ Set runas egid to the same value as runas gid if egid not specified
+ by the plugin. Only affects new files created by sudoedit. Bug #656
+ [f2daabba4912]
+
+ * src/sudo_edit.c:
+ Don't leak temp fd in sudo_edit_copy_tfiles(). Fix fd leak in error
+ path in sudo_edit_copy_tfiles().
+ [465d6a79b5cf]
+
+2014-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ fix typo
+ [a4659abcbc1d]
+
+ * src/signal.c:
+ We write an unsigned char, not an int, to the signal pipe.
+ [fae4217be608]
+
+2014-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Sprinkle some debugging around uid/gid setting in sudoedit.
+ [15e4a337f0b0]
+
+ * src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/sudo_exec.h:
+ Make sudoedit work with SELinux RBAC. Adapted from RedHat patches
+ (Daniel Kopecek) but made to behave a bit more like the non-SELinux
+ bits.
+ [8f3f7969220f]
+
+ * src/sudo_edit.c:
+ Refactor code that copies temp files into separate functions.
+ [b1057f4bee87]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Fix typo, .em should be .Em
+ [ec28aa3bdd6a]
+
+2014-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sesh.c:
+ Add missing call to initprogname().
+ [71040679765f]
+
+ * lib/util/sudo_debug.c, lib/util/sudo_printf.c:
+ Don't recurse infinitely until we blow the stack when the debug file
+ can't be opened in the front-end. The conversation-type debug mode
+ will be removed in the future.
+ [38cd1a6343c2]
+
+2014-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Only use the first two digits of the version number. Fixes a problem
+ on RHEL 7 which has version numbers like 7.0.1406
+ [272727fd57fb]
+
+ * plugins/sudoers/linux_audit.c:
+ Fix return value when kernel has no audit support.
+ [7ca1c9857058]
+
+ * lib/util/progname.c:
+ remove unused label
+ [4179ea1ffa3a]
+
+2014-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, autogen.sh:
+ Update to automake 1.14 (no code changes).
+ [5e04db4f7c5d]
+
+2014-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document the interaction between sudoers environment handling and
+ the pam_env module.
+ [bd56868f078c]
+
+ * plugins/sudoers/env.c:
+ Don't allow pam_env to overwrite existing variables when env_reset
+ is disabled unless the variables match the black list and would
+ normally be removed. It may just be better to never overwrite when
+ env_reset is disabled.
+ [e0ae88fce535]
+
+2014-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Update year range to include 2014
+ [6b3b5f3fa791]
+
+2014-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/Makefile.in:
+ Remove regress .err files in distclean target.
+ [d66a4f1db130]
+
+ * lib/util/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in:
+ Remove generated files for linker as part of distclean.
+ [5d1bf6c32c6b]
+
+ * .hgignore:
+ Ignore .out and .err files in lib/util regress
+ [9f4d91e77c0f]
+
+ * NEWS:
+ Add additional 1.8.11 changes and fix typos.
+ [7980e2abb6ea]
+
+ * configure, configure.ac, plugins/sudoers/Makefile.in:
+ Avoid building/running the check_symbols test program unless we are
+ building a shared sudoers plugin.
+ [a6bde1a12111]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Remove two instances of -no-fast-install that were missed before.
+ [8a2c89cdf252]
+
+ * INSTALL, NEWS, configure, configure.ac, lib/util/Makefile.in:
+ Add --disable-shared-libutil configure option. It may only be used
+ in conjunction with the --enable-static-sudoers option.
+ [e19c71464399]
+
+2014-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Remove noop man.sed files Use full path instead of $@.in when
+ calling config.status with --file=-
+ [53c69928427e]
+
+ * src/preserve_fds.c:
+ Fix "sudo -C" when we have internal fds to preserve from
+ closefrom().
+ [942db66345ea]
+
+2014-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/env.c:
+ Add explicit support for matching the full environment string
+ (name=value). Bash functions may now be preserved for full matches,
+ but not for name-only matches.
+ [f4d816e11f66]
+
+2014-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ Ignore lib/util/util.exp
+ [e08306ca6a6d]
+
+2014-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Fix exporting of asprintf/vasprintf symbols.
+ [5ff59bdeb501]
+
+ * configure, configure.ac:
+ Don't export getaddrinfo symbols if we found the function in a
+ library.
+ [3bf4a5d3cfdb]
+
+ * src/sudo_edit.c:
+ It is now sudo_efree() not efree(). Don't try to free a pointer to
+ garbage on error.
+ [51a1ddaa220d]
+
+ * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+ Regen .pot files
+ [8c46fe51d32e]
+
+2014-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Plug memory leak, even though we are headed for exit.
+ [e2b28ddffabe]
+
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ If getaddrinfo() is missing libsudoutil may need to pull in
+ networking libraries.
+ [4d6724d54927]
+
+ * MANIFEST, configure, configure.ac, include/sudo_compat.h,
+ lib/util/Makefile.in, lib/util/util.exp, lib/util/util.exp.in,
+ m4/sudo.m4:
+ Only include functions in util.exp that are actually in the library.
+ Fixes a problem on Solaris where undefined functions that are listed
+ as exported in the map file result in a link error. Also make sure
+ we use our glob.c if the system is missing glob().
+ [3121ad215f1e]
+
+ * configure, configure.ac:
+ Make sure shadow libs don't end up in LIBS, only SUDOERS_LIBS (and
+ SUDO_LIBS if set_auth_parameters() or initprivs() are present.
+ [fb084b157c76]
+
+ * configure.ac:
+ No need to AC_SUBST HAVE_BSM_AUDIT and HAVE_SOLARIS_AUDIT
+ [5d73ccf3a7b9]
+
+2014-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
+ Attempt to handle systems with SA_SIGINFO but that lack SI_USER.
+ [0c8b09861ad5]
+
+ * config.h.in, configure, configure.ac, include/sudo_compat.h:
+ Replace use of HAVE_GETCWD with PREFER_PORTABLE_GETCWD. It is safe
+ to assume getcwd() exists, we just need to handle broken ones.
+ [e897223a8f38]
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/Makefile.in:
+ Add check for inet_ntoa() since it may live in libnsl. Make getcwd()
+ replacement private to the SunOS 4 section.
+ [8e2cd0fdd6cd]
+
+ * plugins/sudoers/match.c:
+ Avoid mixing declarations and code for non-C99 compilers.
+ [1fa5cf2356fd]
+
+ * include/sudo_debug.h:
+ For C89, use "const char __func__[]" instead of "const char
+ *__func__".
+ [c4e9f9d6691b]
+
+ * plugins/sudoers/match.c:
+ Fix compilation on systems w/o netgroups.
+ [57deb66ef8ff]
+
+2014-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/preserve_fds.c:
+ Back out old workaround for sudoedit hang when debugging was
+ enabled.
+ [f547bf80c436]
+
+ * src/sudo_edit.c:
+ Don't memcpy() the preserved_fds TAILQ as the pointers into the head
+ will be wrong. All we need to do is save the old command details and
+ restore them after calling run_command(). Fixes a hang with sudoedit
+ when debugging is enabled.
+ [84ff8e1f490a]
+
+2014-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ The default policy close function should only print an error message
+ if the error_code is non-zero.
+ [2032c9e33e3f]
+
+ * src/preserve_fds.c:
+ If there the preserved fds list is empty, add a new element with
+ TAILQ_INSERT_HEAD instead of TAILQ_INSERT_TAIL to avoid an infinite
+ loop on AIX, Solaris and possibly others when debug mode is active.
+ [63cefe22c515]
+
+ * lib/util/progname.c:
+ Remove support for getting program name via /proc as pr_fname is
+ usually filled in after symbolic links have been processed, even on
+ Solaris.
+ [0460c613753c]
+
+ * lib/util/Makefile.in:
+ Use shlib_enable instead of soext when determining whether to
+ install the library.
+ [d46640a7733c]
+
+ * lib/util/regress/atofoo/atofoo_test.c:
+ Avoid potential division by zero
+ [6411d276a138]
+
+ * lib/util/Makefile.in:
+ Don't link progname test with libsudo_util, just link in progname.lo
+ directly since that is all we need. Avoid a linker issue on darwin.
+ [ee6210ee5cc0]
+
+ * lib/util/progname.c:
+ Remove pstat_getproc() path as pst_ucomm on HP-UX will return the
+ target of a symbolic link and not the name of the link itself. Avoid
+ using pr_fname on AIX for the same reason. Bug 654
+ [36aced8e3714]
+
+ * MANIFEST, lib/util/Makefile.in,
+ lib/util/regress/progname/progname_test.c:
+ Add test for getprogname() and symbolic links; bug 654
+ [fbbe9faeda46]
+
+2014-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Document tracing
+ [cfd7f14d596d]
+
+2014-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lib/util/util.exp:
+ sudo_term_{erase,kill} are regular symbols not functions.
+ [3454a9c1328b]
+
+2014-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Fix NULL deref if base64_decode returns -1.
+ [d03e207b1bb8]
+
+ * MANIFEST, include/missing.h, include/sudo_compat.h,
+ lib/util/Makefile.in, lib/util/aix.c, lib/util/alloc.c,
+ lib/util/clock_gettime.c, lib/util/closefrom.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c,
+ lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c,
+ lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c,
+ lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c,
+ lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c,
+ lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c,
+ lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
+ lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/glob/globtest.c,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
+ lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c,
+ lib/util/strsignal.c, lib/util/strtobool.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/sudo_printf.c,
+ lib/util/term.c, lib/util/ttysize.c, lib/util/utimes.c,
+ plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/audit.c, plugins/sudoers/base64.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/hexchar.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/locale.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in,
+ src/locale_stub.c, src/net_ifs.c, src/preload.c,
+ src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h,
+ src/sudo_noexec.c:
+ Rename missing.h -> sudo_compat.h
+ [ddcc945a0f87]
+
+ * MANIFEST, include/secure_path.h, include/sudo_util.h,
+ lib/util/Makefile.in, lib/util/secure_path.c, lib/util/sudo_conf.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Merge secure_path.h -> sudo_util.h
+ [0385dfbf2e2d]
+
+ * include/secure_path.h, include/sudo_alloc.h, include/sudo_conf.h,
+ include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h,
+ include/sudo_lbuf.h, include/sudo_util.h, lib/util/aix.c,
+ lib/util/alloc.c, lib/util/event.c, lib/util/fatal.c,
+ lib/util/gidlist.c, lib/util/key_val.c, lib/util/lbuf.c,
+ lib/util/locking.c, lib/util/parseln.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/strtobool.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/sudo_dso.c,
+ lib/util/term.c, lib/util/ttysize.c, lib/util/util.exp,
+ plugins/sudoers/locale.c, src/locale_stub.c:
+ Version the functions in libsudo_util
+ [c6d6eba95bb4]
+
+2014-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/gettext.h, include/sudo_gettext.h, lib/util/Makefile.in,
+ lib/util/aix.c, lib/util/alloc.c, lib/util/fatal.c,
+ lib/util/gidlist.c, lib/util/strsignal.c, lib/util/strtoid.c,
+ lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ src/Makefile.in, src/locale_stub.c, src/net_ifs.c, src/sesh.c,
+ src/sudo.h:
+ Rename gettext.h -> sudo_gettext.h
+ [7f6b44473b8f]
+
+ * include/fatal.h, include/sudo_fatal.h, lib/util/Makefile.in,
+ lib/util/aix.c, lib/util/alloc.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c,
+ lib/util/getopt_long.c, lib/util/gidlist.c, lib/util/lbuf.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/locale.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
+ src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
+ Rename fatal.h -> sudo_fatal.h
+ [bef3401dbb24]
+
+ * include/queue.h, include/sudo_conf.h, include/sudo_event.h,
+ include/sudo_queue.h, lib/util/Makefile.in, lib/util/fatal.c,
+ lib/util/regress/tailq/hltq_test.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ src/Makefile.in, src/hooks.c:
+ Rename queue.h -> sudo_queue.h to avoid collisions with the system
+ version.
+ [473614fdde5a]
+
+ * include/sudo_debug.h, lib/util/sudo_debug.c:
+ Conver sudo_debug_write() to a macro
+ [0f110f27a23c]
+
+2014-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh, doc/fixmdoc.sh:
+ Fix man page post-processing; it was deleting more than intended.
+ [716af03dcfb7]
+
+2014-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Remove double $(srcdir) when running sed scripts.
+ [16add67ae550]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ "an EXEC tag" not "a EXEC tag"
+ [9ac1b8e322f9]
+
+ * doc/sudoers.cat:
+ Document that I/O logging is not enabled by default.
+ [08fca95dd5a4]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that exec_background is off by default.
+ [87fe5defff58]
+
+2014-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sesh.c:
+ Error out if sesh is run as a login shell but the shell it needs to
+ run has no slash. This shouldn't happen in practice.
+ [10ff502888ee]
+
+ * MANIFEST, include/compat/mksiglist.h, include/compat/mksigname.h,
+ lib/util/Makefile.in, lib/util/mksiglist.c, lib/util/mksiglist.h,
+ lib/util/mksigname.c, lib/util/mksigname.h:
+ Move mksiglist.h and mksigname.h to lib/util where they belong.
+ [d01046c69060]
+
+ * config.h.in, configure, configure.ac, include/missing.h,
+ lib/util/progname.c, lib/util/util.exp, plugins/sudoers/Makefile.in:
+ Avoid passing -no-fast-install to libtool as this results in the
+ build dir being left in the library path of the installed
+ executable. Instead, we remove the "lt-" prefix from the program
+ name in initprogname() so that the regress test output is unaffected
+ by libtool's binary wrapper.
+ [75d1563e95b4]
+
+ * sudo.pp:
+ Fix syntax error with some shells.
+ [91e8da7702c5]
+
+2014-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Force libtool to use runtime linking on AIX so that it installs the
+ plugins as .so files and not .a files.
+ [ae66488bd9ca]
+
+ * plugins/sudoers/ldap.c:
+ Be sure to NUL-terminate the decoded secret when converting from
+ base64.
+ [b3dc463c8882]
+
+ * plugins/sudoers/ldap.c:
+ Fix a pointer signednes warning calling base64_decode().
+ [74f7354867a3]
+
+ * lib/util/getgrouplist.c:
+ Use sudo_strtoid() now that it is located in the same library.
+ [4868532e2d65]
+
+ * lib/util/strtoid.c:
+ Skip leading space (ala strtol) so that we can pick up the sign even
+ if it is not the first character of the string.
+ [148ee633c6a4]
+
+2014-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ For sudoedit, audit the actual editor being run, not just the
+ sudoedit command.
+ [59a5b0ad36af]
+
+ * src/selinux.c:
+ Audit failed user role changes. RedHat bz #665131
+ [cf9777687124]
+
+ * plugins/sudoers/Makefile.in:
+ Avoid running check_symbols for static sudoers
+ [71b13bada1ce]
+
+ * plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Adapt to unused alias changes.
+ [4b58e36c3d8f]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/visudo.c:
+ An unused alias is not really an error, even in strict mode. RedHat
+ bz #604297
+ [f10b3b7ec5a6]
+
+ * src/sesh.c:
+ When running a login shell via sesh, make new argv[0] -shell, not
+ /path/to-shell. RedHat bz #1065418
+ [414cb512f102]
+
+2014-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ The RHEL sudo package allows users in group wheel to run sudo.
+ [9f22020a57cf]
+
+ * Makefile.in, sudo.pp:
+ Avoid packaging parent directories when they are system directories.
+ Currently we just skip this when prefix is /usr
+ [93ccede545cd]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634
+ [1c99a4fd9c7d]
+
+ * mkpkg:
+ RHEL 6 and above use /etc/sudo-ldap.conf not /etc/ldap.conf
+ [ce3216e4390a]
+
+ * pp:
+ For rpm, do not specify a mode in %attr for symbolic links. Avoids
+ the warning "Explicit %attr() mode not applicaple to symlink"
+ [3f5a80ed5081]
+
+2014-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_alloc.h, lib/util/aix.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c,
+ lib/util/lbuf.c, lib/util/sudo_conf.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c,
+ src/net_ifs.c, src/preserve_fds.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sudo.c,
+ src/ttyname.c:
+ efree -> sudo_efree for consistency
+ [7dfd16fbb6cf]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
+ doc/sudoers.cat, doc/sudoreplay.cat, doc/visudo.cat:
+ regen
+ [a1d38600d34c]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
+ Add support for base64 secrets in ldap.conf and ldap.secret. Based
+ on an idea from anthony AT rlost DOT com
+ [4999b78f8b6d]
+
+2014-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Don't use the HP compiler in preference to gcc. Some versions have
+ trouble compiling lbuf.c.
+ [322daf03ab6f]
+
+2014-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Remove @SOEXT@ and @SHLIB_EXT@ now that we use libtool to install
+ shared objects. Instead, use the new @SHLIB_ENABLE@ that is set to
+ the value of $enable_dlopen. For sudo_noexec.so there is nothing
+ special to do since the install-noexec target is only called when
+ noexec is enabled by configure.
+ [4447190f212b]
+
+ * configure, configure.ac:
+ Make dynamic shared objects non-writable on HP-UX. Using writable
+ DSOs can substantially increase the load time.
+ [8715aff11063]
+
+ * include/fatal.h, lib/util/fatal.c, lib/util/util.exp,
+ plugins/sudoers/locale.c, src/locale_stub.c:
+ Add sudo_warn_strerror() that wraps strerror() with calls to
+ setlocale() in sudoers so we always get the error string in the
+ user's locale. Also change _warning() to take the error number as a
+ parameter instead of examining errno.
+ [cc38a8389a7b]
+
+2014-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, lib/util/Makefile.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Avoid a cppcheck warning when NSIG is not defined.
+ [f8e5e92bab60]
+
+ * include/missing.h:
+ Fix typos in utimes/futimes macros.
+ [10f022d933c2]
+
+2014-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e351d905c0c9]
+
+ * configure.ac:
+ Fix sudo when --disable-shared configure option was specified.
+ [07899f6b43f0]
+
+ * configure, m4/libtool.m4:
+ Do not set an internal name for HP-UX modules, only archives. This
+ works around a problem with some versions of HP-UX ld where setting
+ an internal name that doesn't end in .sl causes link errors.
+ [9a049adb22aa]
+
+ * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/system_group/Makefile.in:
+ Never build build static versions of other plugins.
+ [52123c4c17bc]
+
+ * lib/util/Makefile.in:
+ Don't build a static libsudo_util.a unless we are linking sudoers
+ statically.
+ [9c3327977dff]
+
+2014-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, lib/util/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Use libtool to install/uninstall the plugins and sudo_noexec.
+ [18ae09c53f2e]
+
+ * configure, ltmain.sh, m4/libtool.m4:
+ Fix my typos in the HP-UX libtool patch
+ [6e70066d86bb]
+
+2014-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention Solaris audit.
+ [d90efa19ca16]
+
+ * INSTALL, MANIFEST, config.h.in, configure, configure.ac, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/solaris_audit.c, plugins/sudoers/solaris_audit.h:
+ Add Solaris audit support; from Gary Winiger at Oracle.
+ [6f68a27e53f5]
+
+ * MANIFEST:
+ Sync MANIFEST with file name changes.
+ [d9958df5f9da]
+
+ * plugins/sudoers/toke.c:
+ regen
+ [ad82b20093c3]
+
+ * include/sudo_util.h, lib/util/Makefile.in, lib/util/atobool.c,
+ lib/util/atoid.c, lib/util/atomode.c, lib/util/getgrouplist.c,
+ lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
+ lib/util/sudo_conf.c, lib/util/util.exp,
+ plugins/group_file/getgrent.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/policy.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo_json.c,
+ plugins/system_group/system_group.c, src/sudo.c:
+ atobool -> sudo_strtobool atoid-> sudo_strtoid atomode ->
+ sudo_strtomode
+ [aefe6f09f4a4]
+
+ * lib/util/alloc.c, lib/util/event_select.c:
+ Fix regexp damage when renaming erecalloc() -> sudo_erecalloc()
+ [d772a34032cc]
+
+ * src/sudo_edit.c:
+ Handle systems like AIX that lack a way to set the modification time
+ on open fds.
+ [b93c0a55c21b]
+
+ * MANIFEST:
+ update MANIFEST for alloc.h -> sudo_alloc.h change
+ [ce240c682554]
+
+ * include/alloc.h, include/sudo_alloc.h, lib/util/Makefile.in,
+ lib/util/aix.c, lib/util/alloc.c, lib/util/event.c,
+ lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c,
+ lib/util/gidlist.c, lib/util/lbuf.c, lib/util/sudo_conf.c,
+ lib/util/sudo_debug.c, lib/util/util.exp,
+ plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/conversation.c, src/env_hooks.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/hooks.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/preserve_fds.c,
+ src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
+ src/sudo.c, src/sudo.h, src/sudo_edit.c, src/ttyname.c:
+ Add sudo_ prefix to alloc.c functions and rename alloc.h ->
+ sudo_alloc.h
+ [3a19f5391442]
+
+ * lib/util/fatal.c:
+ Remove extra sudo_ prefix from vfatalxnodebug and vfatalx_nodebug.
+ [819ad8075005]
+
+ * MANIFEST, include/fileops.h, include/sudo_util.h,
+ lib/util/Makefile.in, lib/util/fileops.c, lib/util/locking.c,
+ lib/util/parseln.c, lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/sudo_conf.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoers.h, src/Makefile.in, src/sudo.h:
+ Split fileops.c into parseln.c and locking.c
+ [361ea81e88d9]
+
+ * include/fatal.h, include/gettext.h, lib/util/aix.c,
+ lib/util/alloc.c, lib/util/fatal.c, lib/util/getopt_long.c,
+ lib/util/gidlist.c, lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/tailq/hltq_test.c, lib/util/sudo_conf.c,
+ lib/util/util.exp, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c, src/exec.c, src/exec_common.c,
+ src/exec_pty.c, src/hooks.c, src/load_plugins.c, src/locale_stub.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c,
+ src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace
+ pollution in libsudo_util.so.
+ [4eb69f501113]
+
+2014-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_util.h, lib/util/term.c, lib/util/ttysize.c,
+ lib/util/util.exp, plugins/sudoers/sudoreplay.c, src/exec_pty.c,
+ src/sudo.c, src/tgetpass.c:
+ Reduce name space pollution in libsudo_util.so
+ [215e4413529a]
+
+ * src/solaris.c:
+ Use sudo_dso_load() from libsudo_util.so instead of dlopen() since
+ we no longer link sudo directly with libdl.so.
+ [fe6942873c2d]
+
+ * MANIFEST, Makefile.in, doc/Makefile.in, include/alloc.h,
+ include/compat/fnmatch.h, include/compat/getaddrinfo.h,
+ include/compat/getopt.h, include/compat/glob.h,
+ include/compat/sha2.h, include/fatal.h, include/fileops.h,
+ include/lbuf.h, include/missing.h, include/secure_path.h,
+ include/sudo_conf.h, include/sudo_debug.h, include/sudo_dso.h,
+ include/sudo_event.h, include/sudo_util.h, install-sh,
+ lib/util/Makefile.in, lib/util/fatal.c, lib/util/getaddrinfo.c,
+ lib/util/pw_dup.c, lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/sudo_dso.c, lib/util/sudo_printf.c, lib/util/term.c,
+ lib/util/util.exp, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/match.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
+ plugins/system_group/Makefile.in, src/Makefile.in, src/parse_args.c,
+ src/preload.c:
+ Add exported libsudo_util functions to util.exp and mark in headers
+ using __dso_public.
+ [18faff6ab915]
+
+ * include/fatal.h, lib/util/fatal.c, lib/util/util.exp,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c:
+ Remove use of setjmp/longjmp in the sudoers plugin. We no longer
+ call fatal() except in the malloc wrappers and due to libsudo_util
+ there is now a single copy of fatal/fatalx.
+ [109407210f9c]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.11
+ [5fb775825aab]
+
+ * include/fileops.h, lib/util/fileops.c, lib/util/util.exp,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
+ Remove touch() from fileops.c and just call utimes/futimes directly.
+ Rename lock_file -> sudo_lock_file to avoid namespace pollution
+ [ec08128b6900]
+
+ * MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
+ lib/util/fmt_string.c, lib/util/key_val.c, lib/util/util.exp,
+ plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
+ src/Makefile.in, src/exec_common.c, src/parse_args.c, src/sudo.c:
+ Rename fmt_string -> sudo_new_key_val to better describe its
+ function.
+ [f9061e319cc3]
+
+ * include/sudo_util.h, lib/util/gidlist.c, lib/util/util.exp,
+ plugins/sudoers/policy.c, src/sudo.c:
+ Rename parse_gid_list -> sudo_parse_gids to avoid namespace
+ pollution.
+ [d88f3cab97e1]
+
+ * MANIFEST, Makefile.in, include/lbuf.h, include/sudo_lbuf.h,
+ lib/util/Makefile.in, lib/util/lbuf.c, lib/util/util.exp,
+ plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, src/Makefile.in, src/parse_args.c:
+ Don't pollute the namespace with lbuf struct and functions
+ [7859e3c22fb9]
+
+ * config.h.in, configure, configure.ac, include/compat/fnmatch.h,
+ include/compat/getaddrinfo.h, include/compat/getopt.h,
+ include/compat/glob.h, include/missing.h, lib/util/clock_gettime.c,
+ lib/util/closefrom.c, lib/util/fnmatch.c, lib/util/getaddrinfo.c,
+ lib/util/getcwd.c, lib/util/getgrouplist.c, lib/util/getline.c,
+ lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c,
+ lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mktemp.c,
+ lib/util/pw_dup.c, lib/util/sig2str.c, lib/util/snprintf.c,
+ lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strsignal.c,
+ lib/util/strtonum.c, lib/util/utimes.c:
+ Prefix all libc replacements with sudo_ and #define the real name to
+ the sudo_ version. That way we don't pollute the libc namespace.
+ [5cf7101479b8]
+
+ * .hgignore, MANIFEST, Makefile.in, common/Makefile.in, common/aix.c,
+ common/alloc.c, common/atobool.c, common/atoid.c, common/atomode.c,
+ common/event.c, common/event_poll.c, common/event_select.c,
+ common/fatal.c, common/fileops.c, common/fmt_string.c,
+ common/gidlist.c, common/lbuf.c, common/progname.c,
+ common/regress/atofoo/atofoo_test.c,
+ common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_conf/test1.in,
+ common/regress/sudo_conf/test1.out.ok,
+ common/regress/sudo_conf/test2.in,
+ common/regress/sudo_conf/test2.out.ok,
+ common/regress/sudo_conf/test3.in,
+ common/regress/sudo_conf/test3.out.ok,
+ common/regress/sudo_conf/test4.in,
+ common/regress/sudo_conf/test4.out.ok,
+ common/regress/sudo_conf/test5.err.ok,
+ common/regress/sudo_conf/test5.in,
+ common/regress/sudo_conf/test5.out.ok,
+ common/regress/sudo_conf/test6.in,
+ common/regress/sudo_conf/test6.out.ok,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/sudo_parseln/test1.in,
+ common/regress/sudo_parseln/test1.out.ok,
+ common/regress/sudo_parseln/test2.in,
+ common/regress/sudo_parseln/test2.out.ok,
+ common/regress/sudo_parseln/test3.in,
+ common/regress/sudo_parseln/test3.out.ok,
+ common/regress/sudo_parseln/test4.in,
+ common/regress/sudo_parseln/test4.out.ok,
+ common/regress/sudo_parseln/test5.in,
+ common/regress/sudo_parseln/test5.out.ok,
+ common/regress/sudo_parseln/test6.in,
+ common/regress/sudo_parseln/test6.out.ok,
+ common/regress/tailq/hltq_test.c, common/secure_path.c,
+ common/setgroups.c, common/sudo_conf.c, common/sudo_debug.c,
+ common/sudo_dso.c, common/sudo_printf.c, common/term.c,
+ common/ttysize.c, compat/Makefile.in, compat/charclass.h,
+ compat/clock_gettime.c, compat/closefrom.c, compat/endian.h,
+ compat/fnmatch.c, compat/fnmatch.h, compat/getaddrinfo.c,
+ compat/getaddrinfo.h, compat/getcwd.c, compat/getgrouplist.c,
+ compat/getline.c, compat/getopt.h, compat/getopt_long.c,
+ compat/glob.c, compat/glob.h, compat/inet_pton.c, compat/isblank.c,
+ compat/memrchr.c, compat/memset_s.c, compat/mksiglist.c,
+ compat/mksiglist.h, compat/mksigname.c, compat/mksigname.h,
+ compat/mktemp.c, compat/nss_dbdefs.h, compat/pw_dup.c,
+ compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
+ compat/regress/glob/globtest.c, compat/regress/glob/globtest.in,
+ compat/sha2.c, compat/sha2.h, compat/sig2str.c, compat/siglist.in,
+ compat/snprintf.c, compat/stdbool.h, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/strtonum.c,
+ compat/timespec.h, compat/utime.h, compat/utimes.c, configure,
+ configure.ac, include/compat/charclass.h, include/compat/endian.h,
+ include/compat/fnmatch.h, include/compat/getaddrinfo.h,
+ include/compat/getopt.h, include/compat/glob.h,
+ include/compat/mksiglist.h, include/compat/mksigname.h,
+ include/compat/nss_dbdefs.h, include/compat/sha2.h,
+ include/compat/stdbool.h, include/compat/timespec.h,
+ include/compat/utime.h, lib/util/Makefile.in, lib/util/aix.c,
+ lib/util/alloc.c, lib/util/atobool.c, lib/util/atoid.c,
+ lib/util/atomode.c, lib/util/clock_gettime.c, lib/util/closefrom.c,
+ lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
+ lib/util/fatal.c, lib/util/fileops.c, lib/util/fmt_string.c,
+ lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c,
+ lib/util/getgrouplist.c, lib/util/getline.c, lib/util/getopt_long.c,
+ lib/util/gidlist.c, lib/util/glob.c, lib/util/inet_pton.c,
+ lib/util/isblank.c, lib/util/lbuf.c, lib/util/memrchr.c,
+ lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c,
+ lib/util/mktemp.c, lib/util/progname.c, lib/util/pw_dup.c,
+ lib/util/regress/atofoo/atofoo_test.c,
+ lib/util/regress/fnmatch/fnm_test.c,
+ lib/util/regress/fnmatch/fnm_test.in, lib/util/regress/glob/files,
+ lib/util/regress/glob/globtest.c, lib/util/regress/glob/globtest.in,
+ lib/util/regress/sudo_conf/conf_test.c,
+ lib/util/regress/sudo_conf/test1.in,
+ lib/util/regress/sudo_conf/test1.out.ok,
+ lib/util/regress/sudo_conf/test2.in,
+ lib/util/regress/sudo_conf/test2.out.ok,
+ lib/util/regress/sudo_conf/test3.in,
+ lib/util/regress/sudo_conf/test3.out.ok,
+ lib/util/regress/sudo_conf/test4.in,
+ lib/util/regress/sudo_conf/test4.out.ok,
+ lib/util/regress/sudo_conf/test5.err.ok,
+ lib/util/regress/sudo_conf/test5.in,
+ lib/util/regress/sudo_conf/test5.out.ok,
+ lib/util/regress/sudo_conf/test6.in,
+ lib/util/regress/sudo_conf/test6.out.ok,
+ lib/util/regress/sudo_parseln/parseln_test.c,
+ lib/util/regress/sudo_parseln/test1.in,
+ lib/util/regress/sudo_parseln/test1.out.ok,
+ lib/util/regress/sudo_parseln/test2.in,
+ lib/util/regress/sudo_parseln/test2.out.ok,
+ lib/util/regress/sudo_parseln/test3.in,
+ lib/util/regress/sudo_parseln/test3.out.ok,
+ lib/util/regress/sudo_parseln/test4.in,
+ lib/util/regress/sudo_parseln/test4.out.ok,
+ lib/util/regress/sudo_parseln/test5.in,
+ lib/util/regress/sudo_parseln/test5.out.ok,
+ lib/util/regress/sudo_parseln/test6.in,
+ lib/util/regress/sudo_parseln/test6.out.ok,
+ lib/util/regress/tailq/hltq_test.c, lib/util/secure_path.c,
+ lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
+ lib/util/siglist.in, lib/util/snprintf.c, lib/util/strlcat.c,
+ lib/util/strlcpy.c, lib/util/strsignal.c, lib/util/strtonum.c,
+ lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
+ lib/util/sudo_printf.c, lib/util/term.c, lib/util/ttysize.c,
+ lib/util/utimes.c, lib/zlib/Makefile.in, lib/zlib/adler32.c,
+ lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/crc32.h,
+ lib/zlib/deflate.c, lib/zlib/deflate.h, lib/zlib/gzclose.c,
+ lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
+ lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c,
+ lib/zlib/inffast.h, lib/zlib/inffixed.h, lib/zlib/inflate.c,
+ lib/zlib/inflate.h, lib/zlib/inftrees.c, lib/zlib/inftrees.h,
+ lib/zlib/trees.c, lib/zlib/trees.h, lib/zlib/uncompr.c,
+ lib/zlib/zconf.h.in, lib/zlib/zlib.h, lib/zlib/zutil.c,
+ lib/zlib/zutil.h, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, po/README, po/ca.mo, po/ca.po,
+ po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po,
+ po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po,
+ po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/gl.mo, po/gl.po,
+ po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po,
+ po/nb.mo, po/nb.po, po/nl.mo, po/nl.po, po/pl.mo, po/pl.po,
+ po/pt_BR.mo, po/pt_BR.po, po/ru.mo, po/ru.po, po/sl.mo, po/sl.po,
+ po/sr.mo, po/sr.po, po/sudo.pot, po/sv.mo, po/sv.po, po/tr.mo,
+ po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
+ po/zh_CN.po, src/Makefile.in, src/po/README, src/po/ca.mo,
+ src/po/ca.po, src/po/cs.mo, src/po/cs.po, src/po/da.mo,
+ src/po/da.po, src/po/de.mo, src/po/de.po, src/po/eo.mo,
+ src/po/eo.po, src/po/es.mo, src/po/es.po, src/po/eu.mo,
+ src/po/eu.po, src/po/fi.mo, src/po/fi.po, src/po/fr.mo,
+ src/po/fr.po, src/po/gl.mo, src/po/gl.po, src/po/hr.mo,
+ src/po/hr.po, src/po/it.mo, src/po/it.po, src/po/ja.mo,
+ src/po/ja.po, src/po/nb.mo, src/po/nb.po, src/po/nl.mo,
+ src/po/nl.po, src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo,
+ src/po/pt_BR.po, src/po/ru.mo, src/po/ru.po, src/po/sl.mo,
+ src/po/sl.po, src/po/sr.mo, src/po/sr.po, src/po/sudo.pot,
+ src/po/sv.mo, src/po/sv.po, src/po/tr.mo, src/po/tr.po,
+ src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po, zlib/Makefile.in, zlib/adler32.c,
+ zlib/compress.c, zlib/crc32.c, zlib/crc32.h, zlib/deflate.c,
+ zlib/deflate.h, zlib/gzclose.c, zlib/gzguts.h, zlib/gzlib.c,
+ zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffast.c,
+ zlib/inffast.h, zlib/inffixed.h, zlib/inflate.c, zlib/inflate.h,
+ zlib/inftrees.c, zlib/inftrees.h, zlib/trees.c, zlib/trees.h,
+ zlib/uncompr.c, zlib/zconf.h.in, zlib/zlib.h, zlib/zutil.c,
+ zlib/zutil.h:
+ Top level directory reorg Move src/po -> po Combine common and
+ compat -> lib/util Move zlib -> lib/zlib
+ [d699ccb60e7e]
+
+ * configure, ltmain.sh, m4/libtool.m4:
+ libtool patches for HP-UX to support DESTDIR
+ [9df98a9582bd]
+
+ * pp:
+ Update polypkg from trunk.
+ [4dc362248196]
+
+ * plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c:
+ Fix sssd compiler warnings and fix the sha2 digest support.
+ [2975b030b298]
+
+2014-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Don't call gss_krb5_ccache_name() with a NULL pointer when restoring
+ the old credential cache file name. This can happen if there was no
+ old name returned by gss_krb5_ccache_name(). Fixes a crash on
+ kerberized LDAP on some platforms.
+ [4090029e463e]
+
+2014-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/el.mo,
+ plugins/sudoers/po/el.po:
+ Add Greek PO file for sudoers from translationproject.org
+ [6c0cc2def911]
+
+2014-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c:
+ Ignore signals sent by the command's process group, not just the
+ command itself. If we cannot determine the process group ID of the
+ sender (as it may no longer exist), just check the process ID.
+ [7ffa2eefd3c0]
+
+2014-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ In handler_user_only() only forward the signal if it was not
+ generated by the command. This should fix a problem with programs
+ that catch SIGTSTP, perform cleanup, and then re-send the signal to
+ their process group (of which sudo is the leader).
+ [d590c899e194]
+
+ * src/exec.c, src/exec_pty.c, src/signal.c:
+ Handle EINTR from write(2) when writing to pipes and socket pairs.
+ [d26a40d21d7a]
+
+2014-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po:
+ Norwegian Bokmaal translation for sudoers from
+ translationproject.com
+ [92e4aea46c1e]
+
+2014-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS, src/po/nb.mo, src/po/nb.po:
+ Norwegian Bokmaal translation for sudo from translationproject.com
+ [3497f74028fe]
+
+2014-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/visudo.c:
+ Try to be clearer about which are the input and output files in
+ export mode.
+ [66167511a410]
+
+ * plugins/sudoers/visudo_json.c:
+ In -x mode, require that the input and output files be different.
+ This won't currently catch collisions between the output file and an
+ include file.
+ [0c19b82a75e7]
+
+ * plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h:
+ BSM and Linux audit do not yet use the argc function argument.
+ [3291695d1dfb]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.h,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c:
+ Pass argc to audit functions too. Will be needed for Solaris audit
+ support.
+ [d2114897a44e]
+
+2014-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fatal.c, include/fatal.h, plugins/sudoers/policy.c:
+ Do not allow the same callback function to be registered more that
+ once in fatal_callback_register(). Add fatal_callback_deregister()
+ to deregister a callback.
+ [eff74fb9d274]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test15.in,
+ plugins/sudoers/regress/sudoers/test15.out.ok,
+ plugins/sudoers/regress/sudoers/test15.toke.ok,
+ plugins/sudoers/regress/sudoers/test16.in,
+ plugins/sudoers/regress/sudoers/test16.out.ok,
+ plugins/sudoers/regress/sudoers/test16.toke.ok:
+ Add trivial sudoedit parsing tests.
+ [291ba6f4d6fd]
+
+ * MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po:
+ Catalan translation for sudoers from translationproject.org.
+ [b102f8cfeed1]
+
+2014-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/ca.mo, src/po/ca.po, src/po/gl.mo, src/po/gl.po:
+ Sync with translationproject.org
+ [62e5b4842834]
+
+2014-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ lockf() is broken on the Hurd -- use flock instead Bug #647
+ [7b8935a0c8b9]
+
+ * plugins/sudoers/visudo.c:
+ Don't try to install the temporary sudoers file if we didn't edit
+ it. By default, visudo does not edit files in a #includedir. Fixes a
+ NULL pointer defef on GNU hurd; Bug #647
+ [3a677c4773e5]
+
+2014-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c:
+ When comparing tty names, resolve the tty for fds 0-3 and compare
+ each one instead of just using the first that resolves.
+ [c37946b280a5]
+
+ * compat/getgrouplist.c, configure, configure.ac:
+ Solaris 8 doesn't export _nss_initf_group() so we need to provide
+ out own for getgrouplist().
+ [d494b39e9376]
+
+2014-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getgrouplist.c, plugins/group_file/group_file.c,
+ plugins/system_group/system_group.c:
+ deal with NULL gr_mem here too
+ [0db43ed71001]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.10p3
+ [3f415a180023]
+
+2014-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/timestamp.c:
+ Rename log_warning flags and only send mail if SLOG_SEND_MAIL is set
+ instead of mailing by default like we used to.
+ [5b3882833aa1]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/timestamp.c:
+ Add log_warningx
+ [feef646cb8b1]
+
+ * src/exec_pty.c:
+ Add debugging info for when we delete I/O events that still have
+ buffered data in them.
+ [7f17992cdf22]
+
+ * common/event.c:
+ Fix non-blocking mode. We only want to exit the event loop when
+ poll() or select() returns 0 and there are no active events. This
+ fixes a problem on some systems where the last buffer was not being
+ written when the command exited.
+ [deb6b1a7b241]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Change return value of switch_dir() to an int so we can distinguish
+ between an error and an empty dir in push_includedir().
+ [d0462b84782e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Move code to fill in the list of dirs out of switch_dir and into its
+ own function. Quiets a false positive from cppcheck which got
+ confused due to variable reuse.
+ [6d6296f46255]
+
+ * plugins/sudoers/audit.c:
+ Avoid unused variable warning if auditing is not supported.
+ [5e6fd2ffe039]
+
+2014-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Fix library order when linking binaries.
+ [3fec51f98ae1]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Include limits.h and inttypes.h for SIZE_MAX define.
+ [41f8be660384]
+
+ * include/missing.h, plugins/sudoers/env.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y:
+ Move SIZE_MAX compat define into missing.h where it belongs.
+ [1bb108cf9df3]
+
+2014-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c:
+ Remove now-unused log_fatal()
+ [53478df3bb1e]
+
+ * plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/env.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just
+ pass back a return value.
+ [d7f2be8f2740]
+
+2014-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
+ Make get_boottime() return bool.
+ [9ff15a995d01]
+
+ * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
+ Fix fd leak on Linux when determing boot time. This is usually
+ masked by the closefrom() call in sudo. From Jamie Anderson. Bug
+ #645
+ [0b4c430e8b88]
+
+2014-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/audit.c:
+ Handle the (currently impossible) case where both BSM and Linux
+ auditing are supported. Pacifies cppcheck.
+ [899cd6b5e487]
+
+ * plugins/sudoers/iolog.c:
+ Don't call ferror() on a closed stream, just check the return value
+ of fclose() instead. Found by cppcheck.
+ [e843f3c8f5d8]
+
+2014-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
+ Use calloc() instead of malloc(n * s) followed by memset(). From
+ Jean-Philippe Ouellet.
+ [f416cebd3d8e]
+
+ * plugins/sudoers/sudoers.c:
+ Format string safety in error path.
+ [956fd6dbba80]
+
+ * common/alloc.c, common/event_poll.c, common/gidlist.c,
+ common/sudo_conf.c, include/alloc.h, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/env_hooks.c, src/exec_common.c, src/parse_args.c, src/selinux.c,
+ src/sudo.c, src/sudo_edit.c, src/ttyname.c:
+ Rename emalloc2() -> emallocarray() and erealloc3() ->
+ ereallocarray().
+ [db3941093c68]
+
+ * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
+ Add missing rule for building sha2.lo when not supported by libc or
+ libmd.
+ [70a16e10ddcd]
+
+2014-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.in:
+ Disable I/O logging for halt and poweroff in addition to reboot in
+ commented out example.
+ [40a7f11686ce]
+
+ * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
+ Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
+ changing the user. This is the correct flag to use with a program
+ that changes the uid like su or sudo and fixes a role problem on
+ Solaris. From Gary Winiger; Bug #642
+ [ec23c3bf41bb]
+
+ * plugins/sudoers/defaults.c:
+ pam_setcred should default to true; from Gary Winiger Bug #642
+ [23e6628ec546]
+
+2014-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/policy.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c:
+ Make set_perms() and restore_perms() return an error instead of
+ calling exit() on failure.
+ [b1a1a36abdb4]
+
+ * plugins/sudoers/sudoers.c:
+ Eliminate calls to fatal() in sudoers.c and just pass back a return
+ value.
+ [e4d87a036f6d]
+
+ * plugins/sudoers/logging.c:
+ Elimate calls to fatal() in the logging code.
+ [9847acdf7066]
+
+2014-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/regress/atofoo/atofoo_test.c:
+ Quiet a compiler warning on Solaris.
+ [3b9827834800]
+
+ * MANIFEST, common/Makefile.in, compat/Makefile.in, compat/sha2.c,
+ compat/sha2.h, config.h.in, configure, configure.ac, m4/sudo.m4,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/match.c,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/sudoers/test14.toke.ok,
+ plugins/sudoers/sha2.c, plugins/sudoers/sha2.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Move the sha2 code into libreplace and add configure checks for
+ SHA224Update in libc and libmd. Solaris uses "void *" where we use
+ "unsigned char *" so we need a check for that too. Solaris sha2.h
+ defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens.
+ Adapted from changes from Vladimir Marek in bug #641.
+ [cd02732f0704]
+
+ * MANIFEST, plugins/sudoers/match.c,
+ plugins/sudoers/regress/testsudoers/test6.out.ok,
+ plugins/sudoers/regress/testsudoers/test6.sh,
+ plugins/sudoers/regress/testsudoers/test7.out.ok,
+ plugins/sudoers/regress/testsudoers/test7.sh:
+ Fix matching of uids and gids broken in sudo 1.8.9.
+ [315eff4add59]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix -P option in usage()
+ [50753b6222b7]
+
+2014-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/set_perms.c:
+ Remove a few more unnecessary uses of fatal().
+ [8cfb205831dc]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Use log_warning() not log_fatal() for the "Invalid authentication
+ methods compiled into sudo" message. We return -1 on error anyway.
+ [c8da5cf74348]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Return MODE_ERROR from sudoers_policy_deserialize_info() instead of
+ calling fatalx().
+ [6faefdd188f2]
+
+ * common/gidlist.c, src/sudo.c:
+ parse_gid_list() now returns -1 on error instead of calling
+ fatalx().
+ [ccf19c4a0d5b]
+
+2014-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Forward SIGINFO to running command if supported. If the command is
+ being run in the background (or exec_background is set in sudoers),
+ it is the sudo process, not the actual command, that receives the
+ ^T.
+ [d2b020bdf0d5]
+
+ * plugins/sudoers/defaults.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Remove calls to log_fatal() in I/O log functions and just pass an
+ error back to the caller.
+ [e89593d9dc35]
+
+2014-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/alloc.c, plugins/sudoers/env.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/policy.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Make "internal error, %s overflow" arguments consistent, using
+ __func__ where possible (when debugging is allowed).
+ [84e2c40d101b]
+
+2014-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke_util.c, src/net_ifs.c:
+ Use common printf format when warning of buffer overflow prevention.
+ [8b0d732b0eae]
+
+ * Makefile.in:
+ Remove init.d/*.sh in distclean
+ [99cd1eaf4684]
+
+ * .hgignore:
+ Correctly ignore init.d/*.sh
+ [04aabe1893e5]
+
+ * plugins/sudoers/ldap.c:
+ Remove remaining calls to fatalx(); just pass the error to the
+ caller.
+ [a8bcf903d84b]
+
+2014-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h:
+ Make a password/group cache collision a warning rather than fatal.
+ This should not be possible in practice and we can safely return the
+ new (potentially duplicate) item as it will be freed by the caller.
+ Make sudo_set_grlist() return an error on failure instead of calling
+ fatalx().
+ [5e8d3006862d]
+
+ * plugins/sudoers/timestamp.c:
+ Use log_warning() instead of log_fatal() if the ticket or lecture
+ path is too long and just return an error. This can only happen from
+ a misconfiguration so just ignoring the ticket/lecture file is safe.
+ [864c5de8345b]
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ In find_path(), return NOT_FOUND_ERROR instead of calling fatal() if
+ the path is too long. Remove an extraneous check against PATH_MAX in
+ set_cmnd() since find_path() already contains such a check.
+ [183106753690]
+
+ * plugins/sudoers/sudoers.h:
+ Remove unused MODE_LISTDEFS define and correct a comment.
+ [fb47e59ce5fe]
+
+ * plugins/sudoers/hexchar.c, plugins/sudoers/match.c,
+ plugins/sudoers/toke_util.c:
+ Make hexchar() return -1 on invalid input instead of calling
+ fatalx(). Callers used to check that the string was hex before
+ calling hexchar(). Now callers must check for a -1 return value
+ instead.
+ [1be217c71ce7]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
+ Propagate errors in audit code to caller instead of using fatal().
+ If we fail to audit an otherwise successful command, return an error
+ from the policy. For Linux audit, sudo may be compiled with audit
+ support but auditing may not be setup, so we don't consider that an
+ error.
+ [9a5753bfcb95]
+
+ * plugins/sudoers/boottime.c:
+ Remove unused variable on Linux.
+ [f63d7b86797d]
+
+ * plugins/sudoers/timestamp.c:
+ Fix warning on systems where mode_t is not unsigned int (Solaris).
+ [acd1457c23ec]
+
+2014-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c:
+ Audit path too long errror. Add comments about non-audit events and
+ placeholders for future audit hooks.
+ [434ee47c83dc]
+
+ * src/net_ifs.c:
+ Fix aliasing warning in old-style interface probe code.
+ [1d6ce6f46da1]
+
+ * plugins/sudoers/set_perms.c:
+ Fix some sign comparision warnings.
+ [20c6068db104]
+
+ * common/aix.c, common/gidlist.c, compat/getgrouplist.c,
+ include/sudo_util.h, src/sudo.c:
+ Don't call fatal/fatalx in common/*.c
+ [ebf5e55a1ec1]
+
+2014-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/sudoers.h:
+ Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
+ or targetpw is set. Bug #639
+ [dff0208d1194]
+
+2014-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.10p2
+ [774ebec63b41]
+
+ * plugins/sudoers/timestamp.c:
+ Don't write an empty timestamp record when timestamp_timeout is
+ zero. If we find an empty record in the timestamp file, overwrite it
+ with a good one, truncating the file as needed.
+ [9c226d81b660]
+
+2014-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix typos in description of the -x option. Bug #637
+ [6ff2bfaaf99d]
+
+2014-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.10p1
+ [33828a3385ad]
+
+ * plugins/sudoers/timestamp.c:
+ Fix typo/thinko that prevented "Defaults !tty_tickets" from working.
+ [f65cc29dbcc7]
+
+ * plugins/sudoers/parse.c:
+ Fix "sudo -l command" output when the matching command is negated.
+ Bug #636
+ [b4a92803f733]
+
+2014-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c,
+ common/regress/sudo_conf/test5.err.ok,
+ common/regress/tailq/hltq_test.c:
+ The atofoo_test and hltq_test tests now display their own test error
+ rate. Display pass/fail count separately for sudo_conf and
+ sudo_parseln tests. Check stderr output for the sudo_conf test.
+ [5c814709ac70]
+
+ * src/Makefile.in:
+ Don't run the check_ttyname test if cross compiling.
+ [874ecc1c3db0]
+
+ * plugins/sudoers/Makefile.in:
+ CWD no longer used.
+ [13b2f3c4269b]
+
+ * plugins/sudoers/Makefile.in:
+ Fix diff of toke and err output files in "make check"
+ [485cdf3c75e7]
+
+2014-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/de.mo, src/po/de.po:
+ sync with translationproject.org
+ [d246c72a2350]
+
+2014-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Check whether ber.h is needed before ldap.h even if we are not using
+ any ber functions. Needed for older versions of nss ldap.
+ [c2310324dc34]
+
+ * plugins/sudoers/sssd.c:
+ Fix compiler warning in debug code.
+ [8ee4cb6cafad]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po:
+ Catalan translation for sudo from translationproject.org.
+ [d6af7d06ee36]
+
+2014-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Document negation fix in JSON output.
+ [37a85423ae49]
+
+2014-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Fix handling of '!' operator when converting sudoers. We now add a
+ "negated" boolean flag to objects that have the '!' operator.
+ [071926c10280]
+
+2014-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
+ Czech translation for sudoers from translationproject.org
+ [c0aae297f7c1]
+
+2014-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Try -libmldap before -lldap in case there is no link from
+ libibmldap.so to libldap.so. Since IBM ldap is installed under /opt
+ we should only be able to reach it if --with-ldap was given an
+ explicit path.
+
+ Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined.
+ [89d50c29d737]
+
+2014-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Fix typo in setreuid() PERM_ROOT error message.
+ [533415f53165]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Remove unused FLAG_USER auth flag. We have no auth methods that
+ require that authentication be run as the invoking user.
+ [4a9a9f557cb1]
+
+ * mkpkg:
+ No longer need to disable setresuid() on debian.
+ [96ba687c35f0]
+
+2014-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/timestamp.c:
+ Fix conversion of timestamp_timeout from double to struct timeval.
+ Also quiet a printf format warning on 32-bit systems.
+ [59d1f3094dda]
+
+2014-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po:
+ Serbian translation for sudoers from translationproject.org.
+ [7134b386d658]
+
+2014-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add Ingo Schwarze
+ [114cdf286987]
+
+ * NEWS, plugins/sudoers/visudo_json.c:
+ When exporting sudoers in JSON format, use the same type of Options
+ object for both Defaults and Cmnd_Specs.
+ [caa57043e197]
+
+2014-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/inet_pton.c:
+ Silence cppcheck false positive.
+ [b2781c42a80f]
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
+ sync with translationproject.org
+ [baba43a6d682]
+
+ * NEWS, doc/UPGRADE:
+ Mention init.d scripts on AIX and HP-UX Mention sudoers group
+ mismatch fix
+ [0259cb1f7cae]
+
+ * INSTALL:
+ Talk about clearing files at boot time, not reboot time since it
+ happens when the system comes up, not down.
+ [e8e480bc34fd]
+
+ * plugins/sudoers/sudoers.c:
+ We also need to open the sudoers file as root if there is a GID
+ mismatch.
+ [2fb2ba6fc4e6]
+
+ * sudo.pp:
+ Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX
+ rpm packages.
+ [4aca1d318599]
+
+2014-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Remove init.d file and link in uninstall target.
+ [249a9f105cdd]
+
+ * configure, configure.ac, sudo.pp:
+ Fix INIT_DIR for real this time.
+ [5444eb1afbc5]
+
+ * configure, configure.ac, sudo.pp:
+ Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and
+ init.d dirs.
+ [809b54ef95f8]
+
+ * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in,
+ init.d/hpux.sh.in, src/Makefile.in, sudo.pp:
+ First cut add installing an init.d file for HP-UX and AIX to remove
+ old sudo timestamp files at boot time.
+ [ec6d35c62d88]
+
+2014-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -"
+ for the default login class. From Ingo Schwarze.
+ [f13ea603760e]
+
+ * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in,
+ doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
+ Remove some extraneous markup; from Ingo Schwarze
+ * No need to explicitly end a macro with No before | because | counts
+ as middle punctuation and falls out of the macro, anyway.
+ * No need to explicitly re-open in-line macros after | because |
+ counts as middle punctuation and the macros resume afterwards,
+ anyway.
+ * Simplify the mnemonic remarks regarding the option letters, no need
+ for manual font and spacing control with No and Ns.
+ * Trim Ns No to just Ns, it already implies No.
+ [cc63d66c6655]
+
+ * doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Move zerowidth space in :alpha: after the colon for consistency.
+ [799f6656c6e8]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ regen
+ [14d682732b6f]
+
+ * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
+ Remove extraneous keeps in SYNOPSIS now that mandoc does implied
+ keeps when converting from mdoc to man.
+ [0f48fc289f29]
+
+ * doc/sudoers.mdoc.in:
+ Properly escape the : in :alpha:
+ [e41d4533a55f]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From
+ Jan Stary.
+ [90ec488905de]
+
+2014-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Fix indentation of Defaults entries. The initial indent should be
+ outside the loop iterating over the entries.
+ [dc493c888fb2]
+
+2014-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
+ sync with translationproject.org
+ [fc517bc0908e]
+
+ * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c,
+ common/fatal.c, common/gidlist.c, common/sudo_conf.c,
+ common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c,
+ plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
+ src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h:
+ We must include gettext.h before missing.h as it includes system
+ headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
+ audit code that does not include sudoers.h.
+ [3ac4aa43ce40]
+
+ * common/sudo_dso.c:
+ When emulating DSO_NEXT with shl_get() we need to skip the program's
+ handle. This used to be documented as being index -2 but now it
+ seems to be index 0. As this is not guaranteed we need to look up
+ the real handle value for PROG_HANDLE and skip it when interating
+ through all the DSOs. Fixes infinite recursion on HP-UX in the
+ getenv() replacement.
+ [ade1b3045232]
+
+ * src/env_hooks.c:
+ Export getenv() so it is visible to shared objects we link with.
+ [1ac08446a3a7]
+
+2014-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/regress/atofoo/atofoo_test.c,
+ common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/tailq/hltq_test.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Add some initprogname() calls to the test programs.
+ [e4320585a88b]
+
+2014-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [038d066a866d]
+
+ * doc/UPGRADE:
+ Mention that there is now a default LDAP search filter.
+ [6351da3f8377]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Minor word choice change.
+ [7e59ab3eb453]
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c:
+ Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup
+ support requires an expensive substring match on the server. If
+ netgroups are not needed, this option can be disabled to reduce the
+ load on the LDAP server.
+ [e6bd6c103390]
+
+2014-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Update copyright year.
+ [1299eed430a5]
+
+ * NEWS:
+ Mention LDAP changes.
+ [512b1e363587]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
+ Use a default LDAP search filter of (objectClass=sudoRole). When
+ constructing the netgroup query, add (sudoUser=*) to the query so we
+ don't fall below the 3 character OpenLDAP substring threshold.
+ Otherwise the index for sudoUser will never be used for that query.
+ Pointed out by Michael Stroeder.
+ [54856973af41]
+
+ * plugins/sudoers/timestamp.c:
+ Don't warn about an insecure lecture dir twice. Display warnings in
+ the user's locale.
+ [2c56b8b6d6f9]
+
+2014-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention the fix for ^Z at the password prompt when sudo was started
+ in the background.
+ [352d52ad1f7d]
+
+ * common/term.c, src/exec_pty.c:
+ In term_restore(), only restores the terminal if we are in the
+ foregroup process group. Instead of calling tcgetpgrp(), which is
+ racy, we set a temporary handler for SIGTTOU and check whether it
+ was received after a failed call to tcsetattr().
+ [94979d51daa2]
+
+ * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in,
+ configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl,
+ plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c:
+ Use inet_pton() instead of inet_aton() and include a version from
+ BIND for those without it.
+ [fe61a27c76d3]
+
+ * common/regress/atofoo/atofoo_test.c:
+ Quiet a gcc warning.
+ [f197821892ea]
+
+ * compat/getaddrinfo.c:
+ Need to include limits.h for USHRT_MAX.
+ [d1d8bd9a0e01]
+
+2014-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/term.c, include/sudo_util.h:
+ Use bool for function return values instead of 1 or 0.
+ [99e357c0800b]
+
+ * configure, configure.ac:
+ Warn the user if the rundir needs to be cleared in the rc files.
+ Neither AIX not HP-UX clear /var/run (if it even exists).
+ [6cdbf57a2f9e]
+
+ * NEWS:
+ Update for sudo 1.8.9p5
+ [efb737c32615]
+
+ * src/preserve_fds.c:
+ When the closefrom limit is greater than any of the preserved fds,
+ the pfds list will be non-empty but lastfd will be -1 triggering an
+ ecalloc(0) assertion. Instead, test for lastfd being -1 and make
+ sure we always update it, even if dup() fails. Also restore initial
+ value of lowfd after we are done relocating. Fixes bug #633
+ [a11206a31f28]
+
+ * common/term.c:
+ Document function return values.
+ [267bc85f6fbb]
+
+2014-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ term_restore() now restarts itself so we don't need to do it
+ ourselves.
+ [a17e885d0b0a]
+
+ * common/term.c:
+ syscall restarting is broken on Mac OS X when interrupted by a tty
+ signal so restart tcsetattr() by hand. For details, see.
+ http://openradar.appspot.com/radar?id=6402578615107584
+ [3997b2a0577e]
+
+ * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c:
+ Add regress for atobool(), atoid() and atomode()
+ [e1cbdf86d6e2]
+
+ * plugins/sudoers/Makefile.in:
+ Add back boottime.lo
+ [0b7ddc31e13e]
+
+ * INSTALL:
+ Mention that rundir and vardir may be the same and what to do if
+ they are.
+ [301df9a31d43]
+
+ * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c:
+ Bring back boot time checking code and zero out time stamp files
+ that predate the boot time. This should help systems w/o /var/run
+ where the admin has setup rc.d to clear the timestamp directory.
+ [e09389a8b1ca]
+
+ * configure, configure.ac:
+ Check libraries for inet_pton() if not in libc.
+ [9f9bd83895e8]
+
+2014-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Fix clock_gettime() detection when it lives in librt. Some systems
+ have inet_aton() in libresolv (older Solaris).
+ [e5f7c8bc9a81]
+
+ * sudo.pp:
+ Avoid duplicate directories if vardir and rundir are the same.
+ [c5df5ebc191b]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [740b2cc42fea]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Elaborate on time stamp error message causes.
+ [2838fea2e21a]
+
+2014-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Remove the time stamp dir and its contents when uninstalling. We
+ currently leave the lecture status files installed until there is a
+ better way to detect upgrades.
+ [61532b7113ff]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Update time stamp error messages and regen.
+ [edf570c98cd5]
+
+ * plugins/sudoers/timestamp.c:
+ Restore warning when sudoers is unable to update the time stamp
+ file.
+ [86648a771250]
+
+ * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
+ m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp:
+ Replace --with-timedir and --with-lecture_dir with --with-rundir and
+ --with-vardir which are the parent directories of the time stamp and
+ lecture dirs. These directories need to be searchable by non-root so
+ that the timestampowner setting can function.
+ [5c38d77a2d0c]
+
+ * plugins/sudoers/timestamp.c:
+ Fix use of timestampowner in the new time stamp world order. Parent
+ directories for timestampdir and lecture_dir are now created with
+ the execute bit set so that we can traverse them as non-root.
+ [9ff6f07c0a5d]
+
+2014-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Regen Makefiles.
+ [59542bcdb222]
+
+ * common/sudo_debug.c, config.h.in, include/sudo_util.h,
+ plugins/sample/sample_plugin.c:
+ Move ctim_get and mtim_get to sudo_util.h
+ [d565391f5491]
+
+ * plugins/sudoers/timestamp.c:
+ sprinkle some debug printfs and add function header comments
+ [1842d9b8170d]
+
+ * plugins/sudoers/timestamp.c:
+ Properly handle the case where /var/run/sudo/ts doesn't exist.
+ [895f3ad6ad60]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ fix typo
+ [50041ebb6ce6]
+
+ * NEWS:
+ Mention "sudo -K" change.
+ [e99bd7657aae]
+
+ * doc/UPGRADE:
+ Upgrade info for 1.8.10
+ [0867718b9af5]
+
+2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/timestamp.c:
+ Warn on ftruncate failure().
+ [d2081876da25]
+
+ * plugins/sudoers/timestamp.c:
+ Fix checking of lecture status.
+ [e12d78234d17]
+
+ * mkpkg:
+ Do not override timedir on Debian.
+ [283fa2e69a0a]
+
+ * common/event.c, common/event_select.c, include/missing.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
+ Use sudo_timeval macros and remove compat macros from missing.h
+ [1de76d8b811e]
+
+ * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c,
+ config.h.in, configure, configure.ac, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h,
+ include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.h, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, src/Makefile.in:
+ Switch to new time stamp file format. Each user now has a single
+ file which may contain multiple records when per-tty time stamps are
+ in use (the default). The time stamps use a monotonic timer where
+ available and are once again stored in /var/run/sudo. The lecture
+ status is now stored separately from the time stamps in a different
+ directory.
+ [7e16eb37bacc]
+
+ * common/atomode.c:
+ Zero out errstr when there is no error; fixes bug #632
+ [74950ef1a0dc]
+
+2014-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/check.c:
+ When listing a user's privileges, always prompt the user for their
+ own password, regardless of the value of target_pw, root_pw or
+ runas_pw.
+ [73a13ccc7933]
+
+2014-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, plugins/sudoers/interfaces.c,
+ plugins/sudoers/match_addr.c:
+ Use inet_aton() instead of inet_addr() as it allows us to
+ distinguish between the address (or mask 255.255.255.255) and an
+ error. In the future we may consider switching to inet_pton() for
+ IPv4 too.
+ [b6b4e4c77e9a]
+
+2014-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Fix typo, ULONG_MAX vs. ULLONG_MAX
+ [5d274daa9fb1]
+
+ * plugins/sudoers/sudo_nss.c:
+ Fix typo in the AIX case.
+ [ee531c950fce]
+
+ * plugins/sudoers/sudo_nss.c:
+ Size pointer for sudo_parseln() should be size_t not ssize_t. This
+ was already correct for the nsswitch.conf case.
+ [cfaf895c1db4]
+
+2014-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c:
+ It is now possible to disable network interface probing in sudo.conf
+ by changing the value of the probe_interfaces setting.
+ [e9dc28c7db60]
+
+2014-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match_addr.c:
+ If inet_addr() returns INADDR_NONE, return false instead of
+ iterating through the interfaces looking for a match that will never
+ happen.
+ [1559c301caec]
+
+ * configure, configure.ac, src/Makefile.in:
+ Add explicit dependency on sudoers.la to sudo target when sudoers is
+ compiled statically into the sudo binary.
+ [d08cc66e18bd]
+
+2014-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c:
+ Do not assume localtime(), gmtime() and ctime() always return non-
+ NULL.
+ [a1b5b67436de]
+
+2014-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Update copyright years
+ [37d2aaa92544]
+
+ * plugins/sudoers/visudo_json.c:
+ Eliminate dead store found by clang checker.
+ [86874d5340f1]
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p4
+ [f79ab7c6c1c5]
+
+ * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
+ When relocating fds, update the debug fd if it is set so we are
+ guaranteed to get debugging output.
+ [b1deaa472aa6]
+
+2014-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ If the event loop exits due to an error and we are not logging I/O,
+ kill the command if still running. Fixes a bug where sudo could exit
+ while the command was still running.
+ [844018ff8a8c]
+
+ * src/preserve_fds.c:
+ When relocating preserved fds, start with the highest ones first to
+ avoid moving fds around more than we have to. Now uses a bitmap to
+ keep track of which fds are being preserved. Fixes a bug where the
+ debugging fd could be relocated to the same fd as the error
+ backchannel temporarily, resulting in debugging output being printed
+ to the backchannel if util@debug was enabled.
+ [55e006dbeaf3]
+
+ * src/preserve_fds.c:
+ When restoring fds traverse list from high -> low, not low -> high
+ to avoid implicitly closing an fd we want to relocate.
+ [6351225f47d7]
+
+ * src/exec.c:
+ If not logging I/O we may get EOF when the command is executed and
+ the other end of the backchannel is closed. Just remove the
+ backchannel event in this case or we will continue to receive the
+ event. Bug #631
+ [a204b69d91f7]
+
+ * src/po/sr.mo, src/po/sr.po:
+ sync with translationproject.org
+ [987087ce4658]
+
+2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
+ [3448dffe9701]
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p3
+ [22e5a6f69999]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Do not leak old istack if realloc fails; found by cppcheck. Also
+ modify yyless() to avoid a harmless cppcheck warning every time it
+ is used.
+ [021077017a23]
+
+ * common/term.c:
+ Add suppression line to quiet a bogus (inconclusive) cppcheck
+ warning.
+ [065207271e5d]
+
+ * plugins/group_file/plugin_test.c:
+ Make this compile again
+ [f0ff8df475e8]
+
+ * plugins/sudoers/logwrap.c:
+ Remove dead store; found by cppcheck
+ [a59833af3401]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Add cppcheck target to run cppcheck on all source files.
+ [d207c2ef49a2]
+
+2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p2
+ [2e7fe6e371a4]
+
+ * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
+ m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to libtool-2.4.2.418
+ [d1dbed89d733]
+
+ * config.guess, config.sub:
+ Update from http://git.savannah.gnu.org/gitweb/?p=config.git
+ [2b5e32d23be5]
+
+2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sesh.c:
+ Quiet a cppcheck warning about a negative subscript.
+ [ab98b72f5bdf]
+
+ * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h:
+ Make noexec parameter to sudo_execve() bool.
+ [daa75e4c248a]
+
+ * plugins/sudoers/sudoreplay.c:
+ Quiet a few innocuous cppcheck warnings.
+ [90ffa16d27b1]
+
+ * plugins/sudoers/sssd.c:
+ Handle in_res being NULL for sudo_debug_printf() in
+ sudo_sss_filter_result().
+ [8595cc05d2a8]
+
+ * plugins/sudoers/iolog.c:
+ When writing length to timing file, use %u not %d as it is unsigned.
+ [a7f2fcb6919e]
+
+ * plugins/sudoers/visudo_json.c:
+ Close export_fp in the error path too, but do not close stdout.
+ [5c918718ab45]
+
+ * plugins/sudoers/auth/secureware.c:
+ Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck.
+ [f2619d2eb7a8]
+
+ * NEWS:
+ Sudo 1.8.9 also fixes bug #617
+ [cc5c18228719]
+
+2014-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ The fix for the hang was already in the 1.8.9 tarballs.
+ [f038ebcc1071]
+
+ * NEWS, configure, configure.ac:
+ Update for sudo 1.8.9p1
+ [732fca0003cf]
+
+ * common/atobool.c, common/event.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c:
+ Update copyright year.
+ [fdeb5956810e]
+
+ * plugins/sudoers/parse.h:
+ Go back to making the bit fields in struct cmndtag explicitly
+ signed. This fixes a problem on gcc 4.8 (at least) which appears to
+ be treating the value as unsigned by default.
+ [46b9a7bb10ac]
+
+ * common/atobool.c:
+ Use debug_return_int() instead of bare return for debugging support.
+ [c273f822de5f]
+
+2014-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/event.c:
+ Fix infinite loop that could be triggered by sudo_ev_loopbreak() and
+ sudo_ev_loopcontinue().
+ [1723561c46b0]
+
+ * NEWS:
+ Update for 1.8.9 final.
+ [d49c14d21410]
+
+2014-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Handle a sequence file with no trailing newline.
+ [aa29306e4f6d]
+
+2014-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Truncate io log and timing files on open when recycling them. Only
+ an issue when the sequence number wraps around.
+ [01b2dfe15ff0]
+
+ * plugins/sudoers/iolog.c:
+ Repair reading of the iolog sequence number that got broken when
+ adding stricter strtoul() checks.
+ [e0f4a11c3437]
+
+ * src/exec.c:
+ If invoked as sudoedit we can't just exec the command directly since
+ the temporary files need to be updated before sudo exits.
+ [508503be1c4f]
+
+ * src/preserve_fds.c:
+ Fix restoration of the close-on-exec flag when moving a relocated fd
+ back into its original position.
+ [5572f1f8b48a]
+
+2014-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add "see below" to reference "Secure editing" section in "Preventing
+ shell escapes".
+ [b2db990a36b3]
+
+2014-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add initial "Secure editing" section.
+ [0d7a192e0e25]
+
+ * doc/LICENSE:
+ Update copyright year.
+ [4a639d9207a9]
+
+2013-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo,
+ src/po/eo.po, src/po/fi.mo, src/po/fi.po:
+ sync with translationproject.org
+ [5c15a411b10d]
+
+ * plugins/sudoers/policy.c:
+ Make user_cwd and user_tty dynamically allocated even for the
+ "unknown" case.
+ [015454bf97f8]
+
+2013-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Use -fstack-protector-strong in preference to -fstack-protector-all
+ or -fstack-protector.
+ [bdd1066eefc4]
+
+ * doc/HISTORY:
+ Dell acquired Quest
+ [3d5b7d27a313]
+
+2013-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo,
+ src/po/ru.po, src/po/vi.mo, src/po/vi.po:
+ sync with translationproject.org
+ [f964671d08ce]
+
+2013-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po,
+ src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po,
+ src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [5f5becf5fb7a]
+
+ * doc/sudoers.ldap.cat:
+ regen
+ [77745e6bc0d5]
+
+ * NEWS:
+ Update for recent changes.
+ [365b9084268a]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Fix typo; we want setlocale(LC_ALL, "") since we are setting the
+ locale for the first time.
+ [e2b9660e9d48]
+
+2013-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Use sudoers_initlocale() in main() startup, not sudoers_setlocal()
+ as the latter assumes we are already in the user's locale which may
+ not be the case. For sudoreplay, we can just use setlocale()
+ directly as there is no sudoers locale.
+ [12235e50dea0]
+
+2013-12-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/preserve_fds.c, src/sudo.c, src/sudo.h:
+ Redo preserve_fds support to remap high fds so we can get the most
+ out of closefrom(). The fds are then restored after closefrom().
+ [7d712ec49db7]
+
+ * plugins/sudoers/Makefile.in:
+ Fix install-plugin when sudoers is compiled statically.
+ [36a8bf3b588d]
+
+2013-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in,
+ src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c,
+ src/sudo.h, src/sudo_exec.h:
+ Add support for preventing fds from getting clobbered by
+ closefrom().
+ [269f45964ff0]
+
+2013-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [b8f458379b5b]
+
+2013-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/alloc.c:
+ Need to include limits.h here too.
+ [b53c6edef597]
+
+2013-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.ac, plugins/sudoers/parse.h:
+ No need to use __signed.
+ [05f9648d1953]
+
+ * plugins/sudoers/regress/logging/check_wrap.c:
+ Need limits.h here too.
+ [54aac3bbf66a]
+
+ * compat/closefrom.c:
+ Still need limits.h here.
+ [0abc6b2be208]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [386b47ced07f]
+
+ * compat/closefrom.c:
+ Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX
+ lacks /proc/self and it has F_CLOSEM.
+ [b5735fbcfdce]
+
+2013-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Use a switch to map digest type to name instead of an array of
+ strings.
+ [ab17ceb4dd60]
+
+ * compat/closefrom.c:
+ Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X.
+ [e70df3b3144b]
+
+ * compat/snprintf.c:
+ Remove _MAX and _MIN compat; we rely on missing.h for that. We
+ already require the compiler handle long long so there's no need to
+ use HAVE_LONG_LONG_INT everywhere.
+ [2bda15071439]
+
+ * common/ttysize.c, include/missing.h:
+ Remove _MAX and _MIN defines that any system from the last 20 years
+ should have. Add ULLONG_MAX in case it is missing.
+ [2db0cee4aaa8]
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
+ Change visudo -x to take a file name argument, which may be '-' to
+ write the exported sudoers file to stdout.
+ [84cb72c3c391]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c:
+ Move symbol extern defs into sudoers.h
+ [b631a0b57fae]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/logging/check_wrap.c:
+ Add missing sudo_util.h
+ [ed0edc2e2d0c]
+
+2013-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Warn if the time stamp in the I/O log file does not fit in time_t.
+ Warn if the info line is not well-formed instead of silently
+ ignoring it.
+ [37a050de5be5]
+
+2013-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
+ Rename libcommon libsudo_util
+ [df3ffd4229e5]
+
+2013-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c,
+ common/atoid.c, common/atomode.c, common/fmt_string.c,
+ common/gidlist.c, common/progname.c, common/setgroups.c,
+ common/sudo_conf.c, common/term.c, common/ttysize.c,
+ include/missing.h, include/sudo_util.h,
+ plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h:
+ Move prototypes for functions provided by libcommon that don't have
+ their own header files into sudo_util.h.
+ [43f423a24416]
+
+2013-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/mkdefaults:
+ Now that we have proper number parsing functions we should store
+ T_UINT defaults values as unsigned int, not int.
+ [67d8c2244f1d]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ Don't use int where we really mean enum def_tuple. When this code
+ was written it was assumed that we may have multiple tuple types.
+ However, that hasn't happened and probably never will.
+ [8491f970f343]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regen after string parsing changes.
+ [fd6bf79c3286]
+
+ * common/atoid.c, common/atomode.c, compat/strtonum.c, configure,
+ configure.ac, include/missing.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c:
+ The OpenBSD strtonum() uses very short error strings that can't be
+ translated usefully. Convert them to longer strings on error. Also
+ use the longer strings for atomode() and atoid().
+ [dace028594da]
+
+2013-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
+ Add atomode() function for parsing a file mode.
+ [44e29629aa5e]
+
+ * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in,
+ compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c,
+ configure, configure.ac, include/missing.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c,
+ src/parse_args.c, src/sudo.c, src/ttyname.c:
+ Use strtonum() instead of atoi(), strtol() or strtoul() where
+ possible.
+ [e4a1fc84b893]
+
+ * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in,
+ configure, configure.ac, include/missing.h, mkdep.pl:
+ Add strtonum.c to compat for simpler number parsing.
+ [a4c69b003da0]
+
+2013-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_common.c:
+ Fix a warning on Solaris, we need to use debug_return_const_ptr.
+ [932aa94c0cac]
+
+ * plugins/sudoers/Makefile.in:
+ check_symbols needs to link with SUDO_LIBS in order to get -lpthread
+ on HP-UX for libldap (which uses threads). It would be better to
+ have a separate variable for the pthread library but this is no
+ worse than it used to be.
+ [94591b765371]
+
+2013-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ add missing comma
+ [7dcbd1c6dd25]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Make -c option description more accurate.
+ [3f305ae6037e]
+
+2013-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c:
+ When checking whether a user may change the login class, just check
+ pw_uid of the runas user, which was passed in to set_loginclass().
+ [aaf736440441]
+
+2013-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Use atoid() when parsing user/group IDs and print them as unsigned
+ int.
+ [40c77459a36a]
+
+2013-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Correctly parse 64-bit times in I/O log files.
+ [d053ee75adc3]
+
+ * compat/getgrouplist.c, plugins/group_file/getgrent.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Use atoid() not atoi() when parsing uids/gids.
+ [491146596626]
+
+ * plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/sudoers.h:
+ Better match debugging. Sprinkle const in match functions.
+ [4cd8d793f165]
+
+2013-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document that plugins can be compiled statically into the sudo
+ binary.
+ [434061cf909f]
+
+2013-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ sudo_sss_filter_user_netgroup(): fix comment typos, break out of
+ loop early if we match ALL or netgroup.
+ [0691731f4b12]
+
+ * plugins/sudoers/sssd.c:
+ When filtering netgroups, use the passwd struct stashed in the
+ handle, not user_name since we may be listing another users
+ privileges.
+ [f2669cf7b70c]
+
+ * mkpkg:
+ RHEL 6 and above builds sudo with SSSD support
+ [afc3d894851e]
+
+ * plugins/sudoers/sssd.c:
+ Avoid passing NULL domainname to sudo_debug_printf().
+ [b08abe5e6d23]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document sssd debug subsystem.
+ [250c3ab1bcf0]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Document "event" debug subsystem.
+ [85d220b48edc]
+
+ * plugins/sudoers/match.c:
+ Use atoid() instead of atoi() when parsing uids/gids so we get
+ proper range checking.
+ [5c3e2f3f6cb9]
+
+ * plugins/sudoers/sssd.c:
+ Add user netgroup filtering for SSSD. Previously, rules for a
+ netgroup were applied to all even when they did not belong to the
+ specified netgroup. RedHat Bugzilla 880150.
+ [784848b5462c]
+
+ * plugins/sudoers/sssd.c:
+ Fix several issues found by the clang static analyzer; Daniel
+ Kopecek
+ [520261dd7461]
+
+2013-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Mention how to dump sudoers info from LDAP.
+ [a53c93790a30]
+
+ * src/exec_common.c:
+ On Solaris, disabling the proc_exec privilege appears to interfere
+ with DAC file permissions. Adding DAC override permissions to the
+ inheritable set works around this for commands run as root without
+ giving extra permissions to other users. Bug #626
+ [391ad44026c3]
+
+2013-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in,
+ compat/getprogname.c, configure, configure.ac, include/missing.h,
+ mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/parse_args.c,
+ src/regress/ttyname/check_ttyname.c, src/sudo.c:
+ Instead of setprogname(), add initprogname() which gets the program
+ name for getprogname() using /proc or pstat() if possible.
+ [e2d48d81456f]
+
+2013-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to
+ return this in certain situations but it appears to be harmless at
+ least insofar as retrieving the tty goes.
+ [105bea4e1c20]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po,
+ src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po,
+ src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
+ src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po,
+ src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ Sync with translationproject.org
+ [3694d7ad4c9d]
+
+2013-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Add missing newline in help message after export option.
+ [1c0bff0c181e]
+
+2013-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in
+ Makefile.in so we can make it last. Fixes a linking problem on
+ Ubuntu precise.
+ [f8d3bddbe742]
+
+2013-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, m4/ax_func_getaddrinfo.m4:
+ Do not rely on NULL being defined for getaddrinfo() test. Fixes the
+ check on HP-UX 11.23.
+ [a5dcf0283693]
+
+2013-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regen for sudo 1.8.9b1
+ [945f27a7aa1c]
+
+ * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po:
+ Sync with translationproject.org
+ [52abae16ccfa]
+
+2013-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c,
+ compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in,
+ configure, configure.ac, include/sudo_dso.h, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sssd.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in,
+ src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c,
+ src/sudo.h:
+ Add wrapper functions for dlopen() et al so that we can support
+ statically compiling in the sudoers plugin but still allow other
+ plugins to be loaded. The new --enable-static-sudoers configure
+ option will cause the sudoers plugin to be compiled statically into
+ the sudo binary. This does not prevent other plugins from being
+ loaded as per sudo.conf.
+ [9425770e9d2b]
+
+2013-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Handle non-unix groups correctly. Get rid of runasuser and
+ runasgroup types and use username and usergroup instead. The fact
+ that the user or group is inside a Runas_List doesn't affect its
+ underlying type.
+ [ea1789258c11]
+
+2013-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ Simplify Defaults list option object. The name and value strings are
+ superfluous.
+ [5852b0184669]
+
+ * compat/dlopen.c:
+ Back out unintended change.
+ [85156e49e96e]
+
+ * MANIFEST, aclocal.m4, configure, configure.ac,
+ m4/ax_func_getaddrinfo.m4:
+ Add dedicated test for getaddrinfo(). Tru64 UNIX contains two
+ versions of getaddrinfo and we must include netdb.h to get the
+ proper definition.
+ [9882e3e1e8e3]
+
+ * compat/dlopen.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Define RTLD_GLOBAL for older systems without it. Bug #621
+ [ed38ac84f1da]
+
+2013-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/snprintf.c, include/missing.h:
+ Rename snprintf replacement rpl_snprintf since we may now replace
+ the libc version and #define rpl_snprintf snprintf in missing.h so
+ we get our version when needed. This is consistent with how we
+ replace glob and fnmatch.
+ [309aa17d0dfe]
+
+ * common/Makefile.in, common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/tailq/hltq_test.c, src/Makefile.in:
+ libcommon tests need locale_stub.lo to link.
+ [baae40f36de5]
+
+ * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure,
+ configure.ac, m4/ax_func_snprintf.m4:
+ Add check for C99 compliant (v)snprintf function.
+ [79e02551543c]
+
+ * compat/sig2str.c, configure, configure.ac:
+ Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and
+ SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug
+ #621; from Daniel Richard G.
+ [2a59ccb8c966]
+
+ * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c:
+ Add definition of U_ for --disable-nsl Don't define warning_gettext
+ if --disable-nsl Bug #621; from Daniel Richard G.
+ [c0054eb89c2b]
+
+2013-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo_json.c:
+ When merging Defaults entries we need to check the type of the next
+ entry and not just assume it is the same as the previous one.
+ [e97d9b9cf0d5]
+
+ * plugins/sudoers/visudo_json.c:
+ runasgroups not runasgroup in the Cmnd_Spec.
+ [92ea5dc20e4d]
+
+ * plugins/sudoers/visudo_json.c:
+ Fix some syntax errors and change how lists are handled.
+ [027b8dea44b2]
+
+ * common/sudo_debug.c, config.h.in, configure, configure.ac,
+ include/fatal.h, include/sudo_debug.h:
+ Allow sudo to compile without variadic macro support in cpp.
+ Debugging support will be limited (no file info from warnings.) From
+ Daniel Richard G.; Bug #621
+ [51b8b868cd4b]
+
+ * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c,
+ common/sudo_conf.c, include/fatal.h, include/gettext.h,
+ include/missing.h, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
+ src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c,
+ src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
+ Add warning_gettext() wrapper function that changes to the user
+ locale, then calls gettext(). Add U_ macro that calls
+ warning_gettext() instead of gettext(). Rename warning2()/error2()
+ back to warning_nodebug()/error_nodebug().
+ [f3bb207db201]
+
+2013-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c,
+ compat/utimes.c, configure.ac, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c,
+ src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c:
+ Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug
+ #624; from Daniel Richard G.
+ [b212e4694018]
+
+ * include/sudo_debug.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/ldap.c, src/exec_common.c:
+ Add debug_return_const_str and debug_return_const_ptr for returning
+ a const string or pointer. Using const for the normal versions
+ produces warnings with the Tru64 compiler.
+ [45018a149cb4]
+
+ * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure,
+ configure.ac, m4/sudo.m4:
+ Fixes for building under Tru64; from Daniel Richard G. Bug #624
+ [fc4a6cbae1ba]
+
+2013-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ log_{fatal,warning} now logs to the debug file itself.
+ log_{fatal,warning} now calls warningx2() after setting the locale
+ itself instead of using the wrapper macros. This removes the only
+ use of warningx(ngettext(...)).
+ [930129361e0a]
+
+2013-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.ac:
+ Add -Wpointer-arith to --enable-warnings
+ [2043ae306d1b]
+
+ * configure, configure.ac:
+ Fix more instances of #include directives where the '#' was not in
+ column 1. From Daniel Richard G. (bug #622)
+ [75f36f39dcab]
+
+ * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
+ plugins/sudoers/visudo_json.c:
+ Add support to visudo to export sudoers in JSON format.
+ [1697b2b4bfd2]
+
+2013-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.h:
+ Remove unused digest field from struct cmndspec, the digest really
+ lives in struct sudo_command.
+ [e9a1e2e112d6]
+
+ * config.h.in, configure:
+ Regen with autoconf 2.69
+ [275f69f98f9e]
+
+ * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in,
+ doc/Makefile.in:
+ Rename configure.in -> configure.ac
+ [0aeafe425373]
+
+ * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure,
+ configure.in, ltmain.sh, m4/sudo.m4:
+ From Daniel Richard G. (bug #622) Add an autogen.sh script that
+ rebuilds the autoconf world. Move old aclocal.m4 contents to
+ m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include
+ directives. Some tests had #include directives where the '#' was not
+ in column 1. Updated obsolete macro usage via autoupdate.
+ [5fe8de5a56df]
+
+2013-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_exec.h:
+ Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The
+ likelihood of receiving a partial message is quite low so this is
+ not a big deal.
+ [900a304f9548]
+
+ * configure, configure.in:
+ HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for
+ MSG_WAITALL to be visible.
+ [f08b1a00a30a]
+
+ * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok,
+ plugins/sudoers/regress/visudo/test5.sh:
+ Add regress test for bug #623
+ [8e83cfccaf14]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Cope with a comment on the last line of the file with no newline.
+ Bug #623
+ [f826243bc4e6]
+
+ * compat/getaddrinfo.c:
+ Include arpa/inet.h for HP-UX; from Daniel Richard G.
+ [d4d7a4303bae]
+
+ * doc/Makefile.in:
+ Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel
+ Richard G.
+ [f664c8d2f961]
+
+2013-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/fatal.h:
+ In v{warning,fatal}x?() make a new copy of ap for the debug
+ functions. It is not legal to use ap twice without reinitializing
+ it. Noticed by Daniel Richard G.
+ [6ca8bc48ecb3]
+
+ * include/fatal.h:
+ Remove errant warning_restore_locale() call.
+ [4ef7aecefcbb]
+
+ * include/missing.h, plugins/sudoers/logging.c:
+ Move va_copy compat macro to missing.h
+ [c873e4cc4c8a]
+
+ * common/Makefile.in, compat/Makefile.in, mkdep.pl,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Uniquify header dependencies so we don't end up with duplicates when
+ a header file includes other headers. The header dependencies are
+ sorted so the generated order is stable.
+ [95747db2f07a]
+
+ * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS,
+ mkdep.pl:
+ Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From
+ Daniel Richard G.
+ [e94ee99a52a9]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix pasto
+ [5262735e78e0]
+
+2013-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.mdoc.in:
+ Fix typo.
+ [6b11a4eec6b6]
+
+2013-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
+ regen
+ [995ca9f21862]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c:
+ Fix warnings from -Wold-style-definition
+ [a748c5c7b423]
+
+ * configure, configure.in:
+ Add -Wold-style-definition to --enable-warnings
+ [0484de0deb59]
+
+ * common/event_poll.c:
+ Extra debugging for ready fds.
+ [91fb85cdecbb]
+
+ * common/event_select.c:
+ When deleting an event, check ev->events to determine whether to
+ remove from readfds or writefds instead of blinding removing from
+ both. Also fix highfd adjustment.
+ [7384db65ca9c]
+
+2013-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/event_select.c:
+ Only check an fd that is >= 0. Timeout-only events may have a
+ negative fd.
+ [fa0e5cbc3cc2]
+
+2013-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/event.c:
+ Don't call sudo_ev_{add,del}_impl() for timeout-only events. This
+ makes it possible to pass sudo_ev_alloc() an fd of -1 for events
+ only use SUDO_EV_TIMEOUT.
+ [6838657a1a2f]
+
+2013-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/alloc.c, common/event_select.c, include/sudo_event.h:
+ Make a copy of readfds/writefds before calling select() instead of
+ calculating it each time. Keep track of high fd in the base.
+ [6048b78f2e94]
+
+2013-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add Stephen Gelman
+ [0028c7a91a4f]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
+ Fix sign comparison warning.
+ [914cb36b9ed2]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix potential NULL dereference in non-interactive mode.
+ [9233428d3f32]
+
+2013-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c:
+ Use MSG_WAITALL when receiving struct command_status over the Unix
+ domain socket since we no longer use datagrams. This should avoid
+ the need to handle incomplete reads, though in theory it is still
+ possible.
+ [28a92888a908]
+
+ * plugins/sudoers/sudoreplay.c:
+ SIGKILL is not catchable
+ [79f82e4cb11d]
+
+ * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c:
+ Add sudo_ev_get_timeleft() to get the amount of time left before an
+ event times out and use it in sudoreplay.
+ [d5b17ee30fa4]
+
+2013-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
+ plugins/sudoers/sudoreplay.c:
+ If the user presses <return> or <enter> in sudoreplay, skip to the
+ next event. Useful for skipping past long pauses in the data.
+ [43343f45c94d]
+
+ * common/event.c, common/event_poll.c, common/event_select.c:
+ Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we
+ clear active flag from unprocessed events if sudo_ev_loopbreak() or
+ sudo_ev_loopcontinue() are used. Remove bogus optimization when the
+ timeout is zero or negative; it could prevent an I/O event from
+ being triggered.
+ [a13603fb3134]
+
+ * plugins/sudoers/sudoreplay.c:
+ Move session replay into its own function.
+ [e323f7729595]
+
+ * common/event.c, common/event_poll.c, common/event_select.c,
+ include/sudo_event.h:
+ Get rid of cur and pending pointers in struct sudo_event_base. We
+ now pop the first event off the active queue instead of using a
+ foreach loop with deferred removal of the event. Add
+ SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the
+ event on the event queue and timeouts queue respectively. No longer
+ need to compare the timeout to {0,0} or compare the event's base
+ pointer to NULL to determine queue membership.
+ [f2b2251fd523]
+
+ * common/event_poll.c:
+ rename sudo_ev_loop_impl() -> sudo_ev_scan_impl()
+ [614faaff04e3]
+
+ * MANIFEST, common/event.c, common/event_poll.c,
+ common/event_select.c, compat/Makefile.in, compat/nanosleep.c,
+ config.h.in, configure, configure.in, include/missing.h,
+ include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c:
+ Add support for libevent-style timed events. Adding a timed event is
+ currently O(n). The only consumer of timed events is sudoreplay
+ which only used a singled one so O(n) == O(1) for now. This also
+ allows us to remove the nanosleep compat function as we now use a
+ timeout event instead.
+ [db41c08e92dc]
+
+2013-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c:
+ Now that sudo_ev_base_free() removes all events before freeing we
+ don't need to do this by hand.
+ [b59d43658c5f]
+
+ * common/event.c, common/event_poll.c, common/event_select.c,
+ include/sudo_event.h:
+ Add a list of active events in the base that the back end sets when
+ it calls poll or select. This allows the front end to iterate over
+ the events instead of having that code in both back ends. It will
+ also simplify support for timeout events. Also make sure we can't
+ touch freed memory if a callback frees its own event.
+ [933b99b3f2bc]
+
+ * common/event.c:
+ Remove any existing events before freeing the event base.
+ [2543c6620cf1]
+
+2013-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ mon_handler() should be static
+ [b1a62ef65c96]
+
+2013-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ If user specified start_tls and ldaps, display a warning and ignore
+ start_tls. There's no reason to make this a fatal error.
+ [bf446dd1e740]
+
+ * src/exec_pty.c:
+ Add missing else when the connection from the monitor to the parent
+ sudo process is broken (due to the parent dying). Prevents a
+ spurious "unexpected reply type on backchannel" warning.
+ [5c44053cef08]
+
+ * src/exec_pty.c:
+ When flushing output we don't care whether we are the foreground
+ process or not, we still need to flush to /dev/tty. If we are in the
+ background, it is OK to get SIGTTOU.
+ [9716892d1fb5]
+
+ * plugins/sudoers/ldap.c:
+ Should not attempt start_tls on an ldaps connection.
+ [9d01d461c52c]
+
+2013-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/parser/check_fill.c:
+ Fix sign compare warning.
+ [6130fa8df758]
+
+ * doc/Makefile.in:
+ Eliminate warning about circular dependency from GNU make.
+ [7ed5df762089]
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ src/ttyname.c:
+ More sign compare fixes. On Solaris id_t is signed so use uid_t in
+ the set_perms.c ID macro instead.
+ [8166dcc50d0b]
+
+ * common/fileops.c, common/lbuf.c, common/secure_path.c,
+ common/sudo_debug.c, include/secure_path.h,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.h,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c,
+ src/ttyname.c:
+ Quiet sign comparision warnings.
+ [e34f45dad10c]
+
+ * configure, configure.in:
+ Add -Wsign-compare to --enable-warnings
+ [d560e274a6ae]
+
+ * plugins/sudoers/ldap.c:
+ Ignore SIGPIPE when connecting to the LDAP server so we can get a
+ proper error message with the IBM LDAP libs. Also return
+ LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that
+ return an int.
+ [611a4ed9b8ee]
+
+ * plugins/sudoers/regress/parser/check_base64.c,
+ plugins/sudoers/regress/parser/check_digest.c:
+ Quiet compiler warnings.
+ [7d82dcca7126]
+
+2013-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ sudo_ldap_parse_uri() should join multiple URIs in the string list
+ together but it was clearing the host entry each time through the
+ loop. Fixes a bug with multiple URI entries in ldap.conf where only
+ the last one was being honored.
+ [83cee19b136d]
+
+ * src/exec_pty.c:
+ Avoid a double free introduced when plugging a memory leak in
+ safe_close(). A new ev_free_by_fd() function is used to remove and
+ free any events sharing the specified fd. This can be used after
+ safe_close() to make sure we don't try to select() on a closed fd.
+ [54f48a281147]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c:
+ Quiet some llvm check false positives. The common idiom of using
+ TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a
+ TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is
+ probably faster anyway).
+ [bd1b8c11f416]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_open_session() fails don't call pam_getenvlist() with a NULL
+ pam handle.
+ [352e0329acba]
+
+ * plugins/sudoers/defaults.c:
+ Fix newly introduced use after frees found by llvm checker.
+ [a81080230f1f]
+
+ * common/event_select.c:
+ Remove an errant list_next() call that should have been removed in
+ the TAILQ conversion.
+ [3bbf8d117ce4]
+
+ * MANIFEST, common/Makefile.in, common/list.c,
+ common/regress/tailq/hltq_test.c, include/list.h, include/queue.h,
+ plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add "headless" tail queues and use them in place of the semi-
+ circular lists in sudoers. Once the headless tail queue is built up
+ it is converted to a normal TAILQ. This removes the last consumer of
+ list.c and list.h so those can now be removed.
+ [5986ba762a24]
+
+ * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/env.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c,
+ src/hooks.c:
+ Use SLIST and STAILQ macros instead of doing headless singly linked
+ lists manually. As a bonus we now use a tail queue for ldap.c and
+ sudoreplay.c.
+ [c31bc2d99082]
+
+ * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c,
+ common/event_select.c, common/list.c,
+ common/regress/sudo_conf/conf_test.c, common/sudo_conf.c,
+ doc/LICENSE, include/list.h, include/missing.h, include/queue.h,
+ include/sudo_conf.h, include/sudo_event.h,
+ plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c,
+ src/sudo.c, src/sudo.h, src/sudo_plugin_int.h:
+ Convert sudo to use BSD TAILQ macros instead of home ground tail
+ queue functions. This includes a private queue.h header derived from
+ FreeBSD. It is simpler to just use our own header rather than try to
+ deal with macros that may or may not be present in various queue.h
+ incarnations.
+ [450bce095d7c]
+
+2013-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix AND operator broken by changes to fix OR.
+ [a4d3485ee943]
+
+2013-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix OR operator.
+ [f5c1c90ee284]
+
+2013-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Fix memory leak of I/O buffer events in safe_close().
+ [08cd790cfbba]
+
+2013-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c:
+ Don't allow the debug subsystem to be initialized twice. Otherwise
+ we can exhuast our stack when built in static mode.
+ [fadacb6a4617]
+
+ * common/event_poll.c:
+ Make sure we do not try to usie index -1 in base->pfds[].
+ [beeb922aba3f]
+
+2013-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ Bump version to 1.8.9
+ [758dbb464796]
+
+2013-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Convert the monitor process to the event subsystem.
+ [c4fe8e2ba53c]
+
+ * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
+ Convert the main sudo event loop to use the event subsystem. Read
+ events for I/O buffers are added before the loop starts. Write
+ events are added on demand as the buffers are filled.
+ [72a603e997e0]
+
+ * INSTALL, MANIFEST, common/Makefile.in, common/event.c,
+ common/event_poll.c, common/event_select.c, common/list.c,
+ common/sudo_debug.c, config.h.in, configure, configure.in,
+ include/list.h, include/sudo_debug.h, include/sudo_event.h,
+ mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in,
+ src/exec_pty.c:
+ Simple event subsystem that uses poll() or select(). Basically a
+ simplied subset of libevent2. Currently only fd events are supported
+ (since that's all we need). The poll() backend is used by default,
+ except on Mac OS X where poll() is broken for devices (including
+ /dev/tty and ptys).
+ [8773142b4117]
+
+ * src/exec.c, src/exec_pty.c:
+ Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent
+ semantics when the other end closes. This should make the conversion
+ to poll() less problematic.
+ [b6a321722a91]
+
+2013-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c:
+ Fix removal of trailing newlines in a debug message.
+ [6f5ce5ac64e0]
+
+2013-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ When checking for unused Runas_Aliases, count those used as part of
+ a Runas Group too. Fixes a false positive warning.
+ [f13271a4a377]
+
+2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Include stddef.h for rsize_t and errno_t on systems that support it
+ natively.
+ [bc547d47e9c6]
+
+ * MANIFEST:
+ Fix braino.
+ [67b79747312f]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
+ Rebuild message catalog files.
+ [0a9befb0674e]
+
+ * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
+ src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
+ src/po/vi.mo, src/po/zh_CN.mo:
+ Rebuild message catalog files.
+ [25191089ddf2]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
+ Czech translation for sudo from translationproject.org.
+ [8bc0ed069ddb]
+
+2013-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
+ src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
+ src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
+ src/po/zh_CN.po:
+ Sync with translationproject.org
+ [c16f9bb4579e]
+
+ * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Change "next" back to 2. In the context of "next Friday" we really
+ do want the friday of the upcoming (not current) week.
+ Unfortunately, this means that things like "next week" and "next
+ year" will match one more than we really want. Fixing this will
+ require some fairly major changes to the grammar.
+ [7f863c930121]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Mention that relative times don't always do what you might expect.
+ [710a9b0dd36f]
+
+2013-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add diacritical for Zdenek Behan.
+ [78d333f88e6c]
+
+2013-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Do not fail if ttyname() cannot determine the tty but sudo can.
+ Should fix problems with running "make check" under pbuilder.
+ [e6fc06a6c5cf]
+
+ * plugins/sudoers/Makefile.in:
+ Remove extraneous $$CWD; from Bdale Garbee
+ [4d040ddd7446]
+
+2013-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Make "this" and "next" qualifiers work a bit better. There is still
+ room for improvement as "this week" will use the current time
+ instead of the beginning of the week. That's a separate issue
+ though.
+ [e844c02f754a]
+
+2013-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_parseln/parseln_test.c:
+ Mark main() public to silence a warning on HP-UX.
+ [ac0b869b9842]
+
+2013-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
+ Be specific that we are talking about the Unix epoch; bug #615
+ [25887775371b]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
+ src/po/sudo.pot, src/selinux.c:
+ Do not use "setup" as a verb; bug #614
+ [17c4750aac5f]
+
+ * plugins/sudoers/iolog.c:
+ Fix logic goof when checking open() status.
+ [76ece1445d71]
+
+ * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
+ src/po/nl.po, src/po/ru.mo, src/po/ru.po:
+ Sync with translationproject.org
+ [21351498000f]
+
+ * NEWS, plugins/sudoers/sudoreplay.c:
+ Work around a bug in sudo 1.8.7 timing files where the indexes are
+ off by two.
+ [4aa0cd58af58]
+
+ * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
+ plugins/sudoers/sudoreplay.c:
+ Repair writing of the I/O log file indices broken in sudo 1.8.7.
+ [6a5f867884f5]
+
+2013-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Try to improve the PAGERS noexec example a bit.
+ [226f11118daa]
+
+2013-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Document comment character in ldap.conf Clarify what is and is not
+ supported in TLS_KEYPW Mention that gsk8capicmd can be used to
+ create a stash file
+ [fb8f06ab4458]
+
+2013-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ New bugs fixed for 1.8.8.
+ [c158df7cd9d2]
+
+ * plugins/sudoers/visudo.c:
+ Fix setting of quiet flag when -q / --quiet is specified. Do not
+ print "sudoers: parsed OK" in quiet mode.
+ [df55acd57ce6]
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
+ src/po/fi.po, src/po/it.mo, src/po/it.po:
+ Updated translations from translationproject.org
+ [e9e8abd23a28]
+
+ * plugins/sudoers/check.c:
+ Don't allow root to change its SELinux role without a password. Bug
+ #611
+ [f8b599acb29d]
+
+2013-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention new Mac OS X symbol interposition.
+ [98293b7c4e0f]
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
+ src/po/eo.po, src/po/fr.mo, src/po/fr.po:
+ Updated translations from translationproject.org
+ [865be7454354]
+
+ * config.h.in, configure, configure.in, src/sudo_noexec.c:
+ Add configure checks for the exec functions we will dummy out. This
+ is only really needed on Mac OS X when symbol interposition is being
+ performed but won't hurt elsewhere.
+ [49c20cf6bab0]
+
+2013-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/Makefile.in,
+ src/sudo_noexec.c:
+ Fix installation of sudo_noexec on Mac OS X. Use library symbol
+ interposition on Mac OS X 10.4 and higher so we don't need to set
+ DYLD_FORCE_FLAT_NAMESPACE=1.
+ [a82999dff8e6]
+
+2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Fix typo in tls_key example for Tivoli
+ [36599f424ac4]
+
+ * src/parse_args.c:
+ Don't escape '$' when running "sudo -i command". Bug #564
+ [17542d52f714]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix typo in comment.
+ [d0510ed5eaba]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix comment.
+ [4e89e0bfd6af]
+
+ * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
+ Quiet some gcc -Wformat=2 false positives
+ [28a2014b9822]
+
+2013-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Remove now-obsolete arg to env_merge()
+ [ba015cf5d935]
+
+ * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
+ src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ Updated translations from translationproject.org
+ [72b6aeaba505]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
+ French translation for sudo from translationproject.org.
+ [a72321771860]
+
+ * plugins/sudoers/logging.h:
+ Add __printflike to audit_failure.
+ [1686b3699d41]
+
+ * include/missing.h:
+ Use __nonnull__ attribute in __printflike.
+ [d123613a1fb6]
+
+2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ When merging the PAM environment, allow environment variables set in
+ PAM to override ones set by sudo as long as they do not match the
+ env_keep or env_check lists.
+ [f3c64967fed7]
+
+ * plugins/sudoers/auth/pam.c:
+ Call pam_getenvlist() after we've opened the session to get the
+ session-specific environment variables.
+ [b413fb9e1c77]
+
+ * plugins/sudoers/ldap.c:
+ Fix error display from ldap_ssl_client_init(). There are two error
+ codes. The return value can be decoded via ldap_err2string() but the
+ ssl reason code cannot (you have to look it up in a table online).
+ [0267125ce9f0]
+
+2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ option not flag
+ [08c31af7b818]
+
+ * compat/getopt_long.c, config.h.in, configure, configure.in:
+ Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
+ a check for optreset which is a BSD extension and provide a
+ definition in getopt_long.c if it is not present.
+ [3393e8d83400]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [f38f65830118]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
+ Use lower case for the long option arguments to match the manual.
+ This is inconsistent with GNU but it is better to match the sudo
+ documentation.
+ [8fac2d64f5d2]
+
+ * NEWS:
+ Sudo 1.8.8
+ [105c73752474]
+
+ * src/parse_args.c:
+ Use lower card for the long option arguments to match the manual.
+ This is inconsistent with GNU but it is better to match the sudo
+ documentation.
+ [af243dd39850]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Describe how remote command execution can be implemented.
+ [3eba7f93b7f6]
+
+ * doc/sudoers.ldap.cat:
+ Bump version.
+ [0ee7f02f3627]
+
+2013-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Make it a fatal error if the plugin returns invalid or out of range
+ command info.
+ [8a7e56c7584a]
+
+ * plugins/sudoers/policy.c:
+ Use strtol() instead of atoi() and perform error checking of
+ parameters passed from the sudo front-end.
+ [05e05be3c6c4]
+
+ * plugins/sudoers/auth/pam.c:
+ It is not possible for auth to be NULL here.
+ [771500e776e9]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Initialize user_runhost and user_srunhost to user_host and
+ user_shost in visudo and testsudoers.
+ [c47cca74e1fc]
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
+ common/list.c, common/sudo_conf.c, common/sudo_debug.c,
+ compat/Makefile.in, compat/getopt_long.c, include/error.h,
+ include/fatal.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
+ src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
+ Rename error.h -> fatal.h now that there is no error() function.
+ [3a3827f10f04]
+
+ * common/sudo_debug.c, include/sudo_debug.h:
+ Add support to the debug subsystem for zero-length strings. This can
+ happen for things like warning(NULL) or fatal(NULL) where we just
+ want to log the errno string.
+ [3ed739c5cc91]
+
+ * include/error.h:
+ Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
+ [57e65ed595d2]
+
+ * plugins/sudoers/audit.c:
+ Need to include gettext.h for BSM audit.
+ [a87fda2d0123]
+
+ * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
+ src/parse_args.c, src/sudo.c:
+ Change some fatalx(NULL) that should be fatal(NULL).
+ [8b1efda9f578]
+
+ * include/error.h, include/missing.h:
+ Use __printf0like for warning() and fatal() since the fmt string may
+ be NULL.
+ [858a890f00ad]
+
+ * compat/pw_dup.c:
+ Quiet a gcc "used uninitialized in this function" false positive.
+ [98f47f89ce60]
+
+ * mkpkg:
+ Enable bsm audit on Mac OS X and Solaris >= 11.
+ [8607488f986c]
+
+ * plugins/sudoers/bsm_audit.c:
+ Fix compilation on Solaris 11.
+ [01aa46298ed7]
+
+ * plugins/sudoers/bsm_audit.c:
+ Add missing missing.h
+ [080de69a55a1]
+
+ * plugins/sudoers/sudoers.c:
+ Move the -C (user_closefrom) check until after set_cmnd() so that
+ closefrom_override can be used in a command-specific Defaults line.
+ Fixes bug #610 from Mengtao Sun.
+ [413565c6ff6b]
+
+2013-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ If not using a pty and the child process gets SIGTTOU or SIGTTIN and
+ sudo is the foreground process, make the child the foreground
+ process and continue it.
+ [5ff433443bc4]
+
+ * src/sudo.c:
+ If sudo is not setuid and was not invoked with a full path, look in
+ the user's PATH for the sudo binary to give a better error message.
+ [a740129a38f0]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.h:
+ Add limited support for "sudo -l -h other_host". Since group lookups
+ are done on the local host, rules that use group membership may be
+ incorrect if the group database is not synchronized between hosts.
+ [2c8b222a5f7f]
+
+ * src/parse_args.c:
+ Fix parsing of "-h host" when used in conjunction with the -l flag.
+ [62f3d726d52b]
+
+ * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
+ src/sudo_usage.h.in:
+ Simplify usage messages a bit and make --help output more closely
+ resemble GNU usage wrt long options. Sync usage and man page
+ SYNOPSYS sections and improve long options in the manual pages. Now
+ that we have long options we don't need to give the mnemonic for the
+ single-character options in the description.
+ [17b7e386955a]
+
+2013-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Fix setting of mailer argv[0] to basename of mailerpath. No need to
+ strdup() mailerpath as it is not modified.
+ [8843cdd958ee]
+
+ * plugins/sudoers/logging.c:
+ Make sure the mailer exists and is a regular file before trying to
+ exec it.
+ [b73d6214014f]
+
+ * plugins/sudoers/timestamp.c:
+ If tty_tickets are enabled but there is no tty, use a ticket file
+ based on the parent pid.
+ [75408bd61ced]
+
+ * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
+ Allow default plugin dir to be configured in sudo.conf.
+ [478883594cc5]
+
+ * doc/CONTRIBUTORS:
+ UTF8 for Ruusamae, Elan; from Tae Wong
+ [02e0c95b4fa6]
+
+2013-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/regress/sudo_conf/test5.in,
+ common/regress/sudo_conf/test5.out.ok,
+ common/regress/sudo_conf/test6.in,
+ common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
+ doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
+ Don't allow max_groups to be set to zero, it just complicates things
+ needlessly. Fixes an assertion in visudo when there is a group-
+ based Defaults entry.
+ [d62a8ea32db9]
+
+2013-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/gidlist.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
+ src/sudo.h:
+ Refactor code to parse list of gids into its own function that is
+ shared by the sudo front-end and the sudoers module. Make uid/gid
+ parse error be fatal, not just a warning.
+ [da3b2b06605c]
+
+ * common/atoid.c:
+ Add function comment block.
+ [09a324de716f]
+
+ * common/atoid.c:
+ Default text domain is now sudo, not sudoers.
+ [1acb1da6f304]
+
+ * common/Makefile.in:
+ Update dependency for atoid.lo
+ [5e367cd44288]
+
+ * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
+ src/sudo.h:
+ Add endpointer and separator args to atoid()
+ [2077e4ed8578]
+
+2013-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getgrouplist.c:
+ Use private version of atoid() to avoid a dependency on libcommon.a
+ (since that already depends on libreplace.a).
+ [7c12d63b0560]
+
+ * doc/CONTRIBUTORS:
+ More UTF8 in names; from Tae Wong
+ [512b263f51c8]
+
+ * compat/getgrouplist.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
+ Use atoid() in more places.
+ [06f4ae57c707]
+
+ * MANIFEST, common/Makefile.in, common/atoid.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
+ Move atoid() to common so it can be used in src and compat too.
+ [095d730701e4]
+
+ * compat/closefrom.c:
+ Avoid a crash on Mac OS X 10.8 (at least) when we close
+ libdispatch's fds out from under it before executing the command.
+ Switch to just setting the close on exec flag instead.
+ [349ebf4987df]
+
+ * doc/CONTRIBUTORS:
+ Convert to last, first for easier sorting and use UTF8 (including a
+ BOM).
+ [8c30d221bd75]
+
+ * plugins/sudoers/atoid.c:
+ Add atoid() function to convert a string to an id_t (uid, gid or
+ pid). We have to be careful to choose() either strtol() or strtoul()
+ depending on whether the string appears to be signed or unsigned.
+ Always using strtoul() is unsafe on 64-bit platforms since the uid
+ might be represented as a negative number and (unsigned long)-1 on a
+ 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
+ with uids larger than 0x7fffffff on 32-bit platforms.
+ [5d818e399157]
+
+ * MANIFEST, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h:
+ Add atoid() function to convert a string to an id_t (uid, gid or
+ pid). We have to be careful to choose() either strtol() or strtoul()
+ depending on whether the string appears to be signed or unsigned.
+ Always using strtoul() is unsafe on 64-bit platforms since the uid
+ might be represented as a negative number and (unsigned long)-1 on a
+ 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
+ with uids larger than 0x7fffffff on 32-bit platforms.
+ [cd92246a710f]
+
+ * plugins/sudoers/sudoers.c:
+ Avoid "perm stack underflow" error when logging the unknown uid
+ error.
+ [871514c713b7]
+
+ * plugins/sudoers/set_perms.c:
+ In rewind_perms() there is nothing to do if perm_stack_depth == 0.
+ [98de335f47f0]
+
+2013-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
+ Add pam_setcred sudoers option to allow the user to control whether
+ pam_setcred() is called on the user's behalf.
+ [4260a8e43073]
+
+ * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add pam_service and pam_login_service sudoers settings to control
+ the service name passed to pam_start.
+ [5ea0e3588f3a]
+
+ * mkpkg:
+ Newer Xcode places the SDKs under Xcode.app
+ [4b54379d5c45]
+
+2013-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/zero_bytes.c,
+ compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
+ configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
+ mkdep.pl, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
+ src/tgetpass.c:
+ Implement memset_s() and use it instead of zero_bytes(). A new
+ constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
+ max conversation reply length. This constant can be used as a max
+ value for memset_s() when clearing passwords filled in by the
+ conversation function.
+ [264ec146028e]
+
+2013-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/system_group/Makefile.in:
+ Do not try to install plugins when shared modules are disabled
+ (sudoers already had the check).
+ [3d582c042042]
+
+ * plugins/sudoers/Makefile.in:
+ Update dependencies to take into account compat/getopt.h and
+ compat/dlfcn.h.
+ [301fb31cd121]
+
+ * src/Makefile.in:
+ Update dependencies now that sudo_usage.h is always included from
+ the build dir.
+ [c1ff70ec9515]
+
+2013-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Add some warnings and debugging to sasl ccname handling.
+ [467f415861f0]
+
+ * plugins/sudoers/ldap.c:
+ Fix write loop invariant in sudo_krb5_copy_cc_file()
+ [6948cf6e9b9f]
+
+2013-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Strip off leading FILE: or WRFILE: prefix before trying to copy the
+ user's credential cache.
+ [56c16feab62f]
+
+2013-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
+ just save RLIMIT_NPROC in exec_setup() before the final setuid() and
+ restore it immediately after. We don't need to modify RLIMIT_NPROC
+ for simple euid changes, just for changing the real (and saved) uids
+ before we exec. This also means we no longer need to worry about
+ _SC_CHILD_MAX returning -1. Bug #565
+ [1372f1909039]
+
+2013-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, src/preload.c:
+ Now that the ldap code runs with the real and effective uid set to
+ 0, it is not possible for the gssapi libs to find the user's krb5
+ credential cache file. To work around this, we make a temporary copy
+ of the user's credential cache specified by KRB5CCNAME (opened with
+ the user's effective uid) and point gssapi to it. To set the
+ credential cache file name, we dynamically look up
+ gss_krb5_ccache_name() and use it if available, otherwise fall back
+ to setting KRB5CCNAME.
+ [8b86c134541a]
+
+2013-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
+ doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
+ doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c:
+ Long option support for visudo and sudoreplay.
+ [91427968be71]
+
+2013-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
+ src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
+ Add support for long options and fix inclusion of sudo_usage.h with
+ modern gcc broken in 8597:1fcb7ba13018.
+ [d13134819944]
+
+ * src/Makefile.in:
+ Add rule to rebuild sudo_usage.h when the .in file changes.
+ [59a32899e251]
+
+ * compat/Makefile.in, mkdep.pl, src/Makefile.in:
+ Add make rules for building getopt_long.c
+ [5f57593b3a8b]
+
+ * src/parse_args.c:
+ Make "-h hostname" work. Optional args in GNU getopt() only work
+ when there is no space between the option flag and the argument.
+ [b8258659cabb]
+
+2013-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
+ configure, configure.in, doc/LICENSE, src/parse_args.c:
+ Use getopt_long() so we can make the -h flag take an optional
+ argument. Includes a version for those without it.
+ [d1dd66c8a86b]
+
+2013-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document that the -h option can be used specify a host name for
+ future plugins.
+ [8470c74cf326]
+
+ * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
+ Overload -h option to specify an optional hostname for remote
+ access. This is future-proofing; no policy plugins currently support
+ this.
+ [0e01d8c3c623]
+
+ * configure, configure.in:
+ Bump version to 1.8.8
+ [a1155bfaa28f]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document the remote_host setting (-h host)
+ [c737db906f5d]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ fix "the the"
+ [0025464a3942]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Do not error out if arg to -U option cannot be resolved, that is for
+ the plugin to decide. There is no need for runas_user and
+ runas_group to be global, make them local to parse_args() instead.
+ [fb02a62a72ba]
+
+ * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
+ plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
+ src/po/pt_BR.mo, src/po/pt_BR.po:
+ Sync with translationproject.org
+ [e8f4772d918a]
+
+2013-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Remove old bits about sudo setuid problems that should have been
+ cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
+ sudo to 04755 to match current packaging.
+ [1e3904cdc2de]
+
+ * plugins/sudoers/auth/pam.c:
+ Go back to ignoring the return value of pam_setcred() since with
+ stacked PAM auth modules a failure from one module may override
+ PAM_SUCCESS from another. If the first module in the stack fails,
+ the others may be run (and succeed) but an error will be returned.
+ This can cause a spurious warning on systems with non-local users
+ (e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
+ [b6022e26135a]
+
+ * src/net_ifs.c:
+ Remove unused variable.
+ [93dde7d82fde]
+
+ * NEWS:
+ Fix typo
+ [5ef79671c2c7]
+
+2013-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sssd.c:
+ Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
+ From Dan Harnett.
+ [4a0af6f12765]
+
+2013-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Fix formatting typo; from Eric S. Raymond
+ [058b533ba460]
+
+2013-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Use -gxcoff on aix so dbx can be used to debug sudo.
+ [4950e019ed2d]
+
+2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix typo; bug 605
+ [41f7b46a6e51]
+
+2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
+ src/po/tr.mo:
+ Regen .mo files that were out of date.
+ [9e25a254f9db]
+
+2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ On Solaris 11 and higher, tag binaries for ASLR if supported by the
+ linker.
+ [a2a6cafa3e60]
+
+ * mkpkg:
+ No longer need to disable PIE on Solaris.
+ [cf90019ae67e]
+
+2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
+ Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
+ OpenBSD also supports PIE but enables it by default so we don't need
+ to do anything. This fixes problems on systems with a version of GNU
+ ld that accepts -pie but where the run-time linker doesn't actually
+ support PIE. Also verify that a trivial PIE binary works unless PIE
+ is explicitly enabled.
+ [3c5f125efeb1]
+
+2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
+ where we can end up crashing due to malloc() failures. Sems OK when
+ Using Sun as and ld.
+ [b8ba412102ab]
+
+ * NEWS:
+ Update with final changes.
+ [78ff6d2ed47a]
+
+2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add -fPIE to PIE_LDFLAGS as per gcc manual.
+ [fe900cbb0780]
+
+2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in, compat/Makefile.in:
+ Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
+ [f84bc7482b78]
+
+ * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/visudo/test4.out.ok,
+ plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
+ Replace sequence number-based cycle detection in visudo with a
+ "used" flag in struct alias. The caller is required to call
+ alias_put() when it is done with the alias. Inspired by a patch from
+ Daniel Kopecek.
+ [0bdbac1b3b39]
+
+2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Eliminate a few relocations related to sudoers_io.
+ [18e9e2cc3367]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
+ Sync with translationproject.org
+ [f38cc128a2ad]
+
+2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Clarify a comment.
+ [7a045ee06e95]
+
+2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Handle d_type == DT_UNKNOWN when resolving the device to a name and
+ sprinkle some more debugging.
+ [8774133747d9]
+
+2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Add message about disabling PIE if sudo gets SIGSEGV.
+ [c786af2a6751]
+
+ * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
+ No longer store the ctime of a devpts tty. The handling of ctime on
+ devpts in Linux has been changed to conform to POSIX. As a result we
+ can no longer assume that the ctime will stay unchanged throughout
+ the life of the session. We store the session ID in the time stamp
+ file so there is a much smaller chance of the time stamp file being
+ reused by a new login. While here, store the uid/gid in the
+ timestamp file too for good measure.
+ [7028b21f7a9b]
+
+ * configure, configure.in:
+ PIE is broken on FreeBSD/arm
+ [f232c60d6229]
+
+ * mkpkg:
+ Add explicit sendmail path for Linux since we may not have sendmail
+ installed in the build chroot.
+ [1ba2f84f4ff0]
+
+2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
+ Quiet a few -Wunused-result compiler warnings.
+ [ef12afb61423]
+
+2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention what SHA-2 formats are supported.
+ [bf298d0fdf8a]
+
+ * doc/CONTRIBUTORS:
+ List code and translations separately.
+ [826547bc1295]
+
+2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
+ Sync with translationproject.org
+ [9499a6f438b8]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [cce449e284a6]
+
+ * Makefile.in:
+ Fix c-format for fatal/fatalx
+ [4ad81d3faaeb]
+
+2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
+ Change some error/errorx -> fatal/fatalx in comments and xgettext
+ flags.
+ [9d9b64fa2ec9]
+
+ * NEWS:
+ There is now a Turkish translation of sudoers.
+ [701c5af6aa76]
+
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ Updated translations from translationproject.org including new
+ Turkish translation.
+ [9cedbb50d90f]
+
+2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that sudoers will re-use existing I/O log paths unless they
+ are mktemp-style with trailing X's.
+ [4f43bd13d9e7]
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ Allow ldap_conf and ldap_secret to be specified as plugin arguments
+ in sudo.conf
+ [37c6c425b565]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ sudoers_debug is now deprecated in favor of the sudo debugging
+ framework.
+ [1195be1ec254]
+
+ * plugins/sudoers/ldap.c:
+ Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
+ SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
+ debug file with the ldap subsystem. The sudoers_debug setting in
+ ldap.conf is still honored for now but will be removed in a future
+ release.
+ [cfa42b4b913e]
+
+2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers2ldif:
+ Add support for converting sudoers files with SHA-2 command digests.
+ [dc0d03485946]
+
+ * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
+ plugins/sudoers/sudoers2ldif:
+ Add copyright notice to scripts
+ [5e8bd4e6083f]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok:
+ Add regress for SHA-2 digests.
+ [0b258c2a2a95]
+
+ * compat/getgrouplist.c:
+ Solaris maps negative gids to GID_NOBODY.
+ [57050e5c750f]
+
+ * plugins/sudoers/visudo.c:
+ Clear up an llvm checker warning which appears to be a false
+ positive and fix an old XXX while I'm at it.
+ [9ee13133e596]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Correct last change date
+ [3bc1fa5b0f76]
+
+ * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
+ No need to translate this error message.
+ [4d9941970a26]
+
+ * doc/UPGRADE:
+ Mention .sl vs. .so extension handling on HP-UX Mention group
+ membership changes Fix typos
+ [40ac0efbdb2b]
+
+ * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
+ common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
+ common/setgroups.c, common/term.c, common/ttysize.c,
+ compat/Makefile.in, compat/dlopen.c, compat/endian.h,
+ compat/getline.c, compat/getprogname.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
+ include/Makefile.in, include/alloc.h, include/fileops.h,
+ include/gettext.h, include/lbuf.h, include/missing.h,
+ include/sudo_plugin.h, pathnames.h.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in,
+ src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
+ src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
+ src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
+ src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
+ src/utmp.c:
+ Update copyright years.
+ [5c6d72661bad]
+
+ * plugins/sudoers/mon_systrace.h:
+ Systrace support was removed long ago.
+ [10a038a2da77]
+
+2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.out.ok:
+ Remove some files that were mistakenly added.
+ [833502da26de]
+
+ * common/sudo_debug.c, config.h.in, configure, configure.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
+ Use time(&now) instead of now = time(NULL) when storing the current
+ time in a time_t (better compiler error checking). Better parsing
+ and printing of 64-bit time_t on 32-bit platforms.
+ [c227dc72c04e]
+
+2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Don't check the tty of the parent process. Now that we get the
+ controlling tty device number from the kernel there is no need. If
+ the process has really disassociated from the tty then reporting
+ "unknown" is appropriate.
+ [62fb66e565db]
+
+2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/error.c:
+ Use EXIT_FAILURE instead of 1 as the fatal() exit value.
+ [ed94c2c5e88a]
+
+ * src/sesh.c:
+ Change remaining errorx -> fatalx
+ [3f6d70e19303]
+
+2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
+ error if the entry already exists in the cache.
+ [94d45970400a]
+
+ * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
+ Change "foo: failed" to just "foo" since we print the string form of
+ errno. Gets rids of some useless translations.
+ [476f37349dbc]
+
+2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Fix pasto in debug_decl
+ [08650186a239]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [acf4c34fba2c]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Rename log_error() -> log_warning() for consistency with
+ warning()/fatal()
+ [474ed5a0e335]
+
+ * plugins/sudoers/auth/API:
+ The NO_EXIT flag was removed a while ago.
+ [e0a4be270226]
+
+ * common/aix.c, common/alloc.c, common/error.c, include/error.h,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
+ src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
+ src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
+ src/utmp.c:
+ Rename error/errorx -> fatal/fatalx and remove the exit value as it
+ was always 1.
+ [ea66f58c4da5]
+
+ * NEWS:
+ digests are supported in sudoers ldap too
+ [77d6c25f7653]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Print test failures to stdout like the final count so the outputis
+ not displayed out of order.
+ [f541b78ecb93]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
+ src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
+ src/po/it.po, src/po/tr.po:
+ Sync with translationproject.org
+ [cbd70678b99f]
+
+ * Makefile.in:
+ Check for any uncommitted changes in dist target and add force-dist
+ target that omit check-dist.
+ [78dc3f41e37e]
+
+2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix logic bug when checking tty via ttyname().
+ [279aee076194]
+
+ * compat/endian.h:
+ Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
+ __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
+ [fe35e0b04502]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [0ddebccd3045]
+
+ * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document digest support.
+ [d794c7b9a7bc]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_base64.c:
+ Simple bas64 decode unit test.
+ [344b0df0fe50]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ Move base64_decode into its own source file.
+ [30497e7f88bc]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Only check year against 2038 if time_t is 32-bit.
+ [9c1f2e3fc3ba]
+
+2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c:
+ Add digest support for sudoers in ldap and sss.
+ [314937b5e59e]
+
+ * INSTALL, configure, configure.in:
+ Error out in configure if the compiler doesn't support "long long".
+ [d3645c1d50d1]
+
+ * plugins/sudoers/match.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Include stdint.h or inttypes.h before sha2.h
+ [20ad1c20313d]
+
+ * common/lbuf.c:
+ Simplify lbuf append functions by moving the realloc code into
+ lbuf_expand(). We now expand as needed each time bytes need to be
+ written to the lbuf. Also handle a NULL pointer being passed in for
+ paranoia's sake.
+ [6283ee562ef4]
+
+ * plugins/sudoers/iolog.c:
+ Zero out struct iolog_details early to avoid a potential (though
+ unlikely) dereference of stack garbage if we hit a fatal error
+ before iolog_deserialize_info() is called.
+ [2eeca8be05fb]
+
+2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Update copyright year.
+ [b843c6a43238]
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump SUDOERS_GRAMMAR_VERSION for new digest support.
+ [188556fb8156]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Sanity check digest in parser so visudo can catch errors. Add base64
+ support
+ [b8586d5cc7ed]
+
+ * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
+ For big endian architectures just use memcpy() instead of BE macros
+ in a loop.
+ [c71a0f4a8a8e]
+
+2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_digest.out.ok,
+ plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Initial implementation of checksum support in sudoers. Currently
+ supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
+ validation in parser and base64 support. checksum support for ldap
+ sudoers
+ [b8f196346eca]
+
+2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
+ SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
+ domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
+ respectively.
+ [7511d07c0a83]
+
+2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add sudo 1.8.6p8
+ [0666fd0321ae]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
+ Add missing "not" in error message when mixing standalone and non-
+ standalone authentication methods.
+ [7eba4439db73]
+
+ * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
+ Check for crypt() returning NULL. Traditionally, crypt() never
+ returned NULL but newer versions of eglibc have a crypt() that does.
+ Bug #598
+ [887b9df243df]
+
+ * plugins/sudoers/auth/pam.c:
+ Better PAM error messages
+ [fd7eda53cdd7]
+
+ * plugins/sudoers/auth/kerb5.c:
+ Better error messages
+ [98142874a2f4]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use same error message for getauid() failure.
+ [07f0d88cb1df]
+
+ * plugins/sudoers/sssd.c:
+ Start warning with a lower case letter for consistency and to match
+ existing translated strings.
+ [b719ac52c9e3]
+
+2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Disable PIE on Solaris where it is not really supported.
+ [c36c84cdcc7a]
+
+ * src/ttyname.c:
+ AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
+ before we try to match it against st_rdev.
+ [5dab449fb962]
+
+ * src/ttyname.c:
+ Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
+ a problem finding the tty name when it is not in /dev/pts.
+ [6c205d087fa0]
+
+ * compat/snprintf.c:
+ Support %lld and %llu
+ [feabfa06c954]
+
+ * .hgignore, MANIFEST, src/Makefile.in,
+ src/regress/ttyname/check_ttyname.c:
+ Add ttyname test.
+ [e987038f8c07]
+
+2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
+ src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
+ src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
+ src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ Sync with translationproject.org
+ [4d7b73b22079]
+
+ * plugins/sudoers/timestamp.c:
+ Log timestampfile to debug file.
+ [e997281146c0]
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
+ Don't add the "Password: " string we look up in the PAM text domain
+ to the sudoers.pot file.
+ [771b52244abf]
+
+2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Synce with regcomp() error message change.
+ [fc6d3dfb8eb8]
+
+ * plugins/sudoers/sudoreplay.c:
+ Be consistent with error message when regcomp() fails.
+ [de6c69ba04e4]
+
+2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Use group -1 instead of 1 as the invalid group since the running
+ user might have group 1 as their default group.
+ [71404a9fa75d]
+
+ * plugins/sudoers/Makefile.in:
+ PWD may be a shell builtin, use CWD instead.
+ [c443105c5091]
+
+2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Split up check_user().
+ [ce7cc0767589]
+
+2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Cosmetic fixes in the comments.
+ [640abee43c14]
+
+2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
+ message for visibility checks when the test fails.
+ [99665477ee55]
+
+ * config.h.in:
+ regen
+ [00c22606719a]
+
+ * configure, configure.in:
+ We no longer use mbr_check_membership() and setrlimit64() is AIX-
+ specific.
+ [43caf685a1f1]
+
+ * Makefile.in:
+ The first (all) target must be by itself or some makes will choose
+ the run the entire target list.
+ [16cf3def49f5]
+
+ * configure, configure.in:
+ Do exec_prefix expansion when enable_shared even if noexec is not
+ enabled.
+ [7ed28cb32d8d]
+
+ * compat/getgrouplist.c:
+ Use free() not efree() since we don't include alloc.h here
+ [1a008737be24]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [b939f941346f]
+
+ * plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Pass in expected gid to testsudoers in addition to the uid that
+ matches the test sudoers files.
+ [6a1710e8cac1]
+
+2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Tru64 5.x does declare innetgr() and getdomainname().
+ [c75598e69c7e]
+
+ * plugins/sudoers/match.c:
+ Fix compilation when getdomainame() is not present.
+ [e831b017a962]
+
+ * config.h.in, configure.in, include/missing.h:
+ Move SET/CLR/ISSET from config.h.in to missing.h
+ [3a3dd29fd7f0]
+
+ * configure, configure.in:
+ Fix getgrouplist() check.
+ [12a2adf60e98]
+
+ * MANIFEST:
+ No more timestamp.h
+ [5677e26afc0f]
+
+ * plugins/sudoers/check.c:
+ Neded sys/time.h for struct timeval in struct sudo_tty_info.
+ [aceaadd8c400]
+
+ * plugins/sudoers/Makefile.in:
+ regen depends
+ [21675a8b67e5]
+
+ * NEWS:
+ Mention libibmldap on HP-UX
+ [75b4e4b22950]
+
+ * NEWS, plugins/sudoers/match.c:
+ Instead of checking the domain name explicitly for "(none)", just
+ check for illegal characters.
+ [ce35dda811db]
+
+ * plugins/sudoers/visudo.c:
+ Only warn once when we are unable to open the sudoers file.
+ [9e27e3aa5b10]
+
+ * plugins/sudoers/sudoers.c:
+ Fall back to opening /dev/tty to determine whether there is a tty if
+ the system doesn't have kernel support for determing the tty.
+ [2775bcf9a9b5]
+
+ * compat/getprogname.c:
+ Update guard to take __progname into account
+ [60eae3f20232]
+
+ * compat/snprintf.c:
+ Some older systems have inttypes.h but not stdint.h
+ [ed1ef160015f]
+
+ * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
+ compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
+ compat/getline.c, compat/getprogname.c, compat/glob.c,
+ compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c:
+ Add guards in compat source files. Not really needed since we only
+ include them in the Makefile if they are needed but should not hurt
+ either.
+ [8cbd3b4595b9]
+
+2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Don't include gram.h in gram.y, its contents are already included.
+ Move sudoerserror to the end of gram.y so COMMENT is declared when
+ we need to use it.
+ [7d72ebdd7222]
+
+2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Remove some pre-ANSI cruft.
+ [6a95704b2116]
+
+ * plugins/sudoers/match.c:
+ Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
+ when it is set.
+ [da40c550ffed]
+
+ * NEWS, plugins/sudoers/iolog_path.c:
+ We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
+ just leave it as-is.
+ [9a22de140d28]
+
+2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Add missing semicolon in rule.
+ [817d3f1b2a21]
+
+ * plugins/sudoers/sudoers.c:
+ Now that we can determine the terminal even when file descriptors
+ are redirected we can check user_ttypath rather than opening
+ /dev/tty when enforcing requiretty.
+ [56a28bc09041]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Stash umask in struct sudo_user so we don't need to look it up
+ later.
+ [9f85749199dc]
+
+ * plugins/sudoers/sudoers.c:
+ Minor cosmetic change
+ [c373e106ed49]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ No longer need to declare interfaces
+ [d7ff7e579557]
+
+ * plugins/sudoers/logging.c:
+ Fix compilation in SUDOERS_NO_SEQ case
+ [9a6db9247534]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ No longer need to define sudo_printf
+ [578ad13c3546]
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/timestamp.c:
+ Pass auth_pw to the timestamp functions.
+ [f603649177d6]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix SUDOERS_NO_SEQ
+ [17881f9bcd68]
+
+ * plugins/sudoers/locale.c:
+ Don't need all of sudoers.h in here
+ [c518150c6483]
+
+ * plugins/sudoers/sudoers.c:
+ Don't need to include sudoers_version.h here.
+ [8abb31102119]
+
+2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ DEFAULT_LECTURE is no longer used.
+ [f565c00a68c1]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Move sudo_conv into policy.c
+ [f699aee7136b]
+
+ * plugins/sudoers/pwutil.c:
+ cosmetic fixes
+ [930e60389ca8]
+
+ * plugins/sudoers/match.c:
+ RHEL (and perhaps other Linux distros) use the string "(none)"
+ instead of an empty string when there is no actual NIS-style domain
+ name. Bug #596
+ [11aec11489ac]
+
+ * plugins/sudoers/match.c:
+ Fix return values when NAME_MATCH is defined.
+ [ce030be9ccef]
+
+2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
+ Update copyright year.
+ [7e4b8d49addd]
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
+ Add sudo_set_grlist(), currently unused by the back end.
+ [b37ac1d0e8fc]
+
+ * plugins/sudoers/pwutil.c:
+ Remove unused macros, fix a debug_decl
+ [6136fb4a0d3b]
+
+ * include/missing.h:
+ Tru64 Unix doesn't prototype innetgr() or getdomainname().
+ [585ac1874dfe]
+
+ * include/missing.h:
+ Whitespace fixes
+ [0bb28cd91d97]
+
+ * common/error.c:
+ Don't need to include setjmp.h here, error.h already includes it.
+ [fd05ab00e186]
+
+2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in, plugins/sudoers/Makefile.in:
+ regen depends
+ [57991f5e16b4]
+
+ * plugins/sudoers/check.h:
+ Rename guard define.
+ [ccf4dba241d6]
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Move contents of timestamp.h into check.h.
+ [c139757a9283]
+
+ * plugins/sudoers/sudoers.h:
+ expand_prompt() is now in prompt.c sudo_printf extern is now in
+ error.h
+ [219bd74ca62b]
+
+ * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
+ plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
+ plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
+ plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
+ plugins/sudoers/toke.h:
+ Change multiple inclusion guards to be _SUDOERS_FOO_H
+ [faace6d55e78]
+
+2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
+ New Dutch translation for sudo and sudoers New Turkish translation
+ for sudo From translationproject.org
+ [bc918b7b23a4]
+
+2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Fix a typo in a comment and make sure we don't mistakenly include
+ _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
+ [694d12ac70ec]
+
+2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Don't build check_symbols if we are linking sudoers in statically.
+ [f6602723bab7]
+
+ * configure, configure.in:
+ Use $host_os not $host when we only care about the os name and
+ version.
+ [05e4f4fcba06]
+
+ * aclocal.m4, configure, configure.in:
+ Suppress duplicate -L and -I flags.
+ [228f2f581aed]
+
+ * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
+ Fix regress tests on non-OpenBSD platforms.
+ [9d91bc859c50]
+
+ * configure, configure.in:
+ If we find sasl/sasl.h there's no need to check for sasl.h too
+ [889efaa86012]
+
+ * aclocal.m4, configure, configure.in:
+ Add -R flags at the very end after configure link tests are done
+ since we can only count on libtool to accept -R, the compiler front
+ end may not. Also unify the libldap and libibmldap tests using
+ AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
+ libibmldap (but is not an explicit dependency).
+ [ab1451894351]
+
+2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Back out changes that broke detection of skey, opie and ldap
+ libraries.
+ [ffa82b8f8641]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/regress/visudo/test1.sh,
+ plugins/sudoers/regress/visudo/test2.sh,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Add explicit "exit 0" to prevent the check target from ending
+ prematurely.
+ [cca411b492bd]
+
+ * plugins/sudoers/Makefile.in:
+ Fix exit values in check target so we don't have to ignore errors.
+ [cbc429c409e9]
+
+ * plugins/sudoers/Makefile.in:
+ Fail a test if there is unexpected stderr output.
+ [4fc24d536bec]
+
+ * MANIFEST:
+ Fix path to sudo.conf manuals; remove non-existant test2.err.ok
+ [6b8bcd60dd85]
+
+ * src/load_plugins.c:
+ Fix compilation in dynamic mode.
+ [679856fa0774]
+
+ * configure, configure.in:
+ On HP-UX, libibmldap has a hidden dependency on libCsup
+ [22994709d77c]
+
+ * compat/dlopen.c:
+ Pass BIND_VERBOSE to shl_load()
+ [0060b9cfa9ab]
+
+ * configure, configure.in:
+ Only create static helper libs when --disable-shared is specified.
+ [1fcdb1a437e0]
+
+ * src/load_plugins.c:
+ Ubreak static build.
+ [4ac9f96be285]
+
+ * INSTALL, aclocal.m4, configure, configure.in:
+ Replace --with-rpath and --with-blibpath with --disable-rpath. Now
+ that we use libtool for linking we can just use the -R flag and have
+ libtool translate it to the proper linker flag.
+ [09798fad6888]
+
+2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Bump I/O buffer size 32K
+ [4ef793225309]
+
+2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in:
+ Document sesh Path setting.
+ [34b0b903b4f8]
+
+ * src/exec.c, src/exec_common.c:
+ Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
+ [06aa1956f38d]
+
+ * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
+ src/selinux.c:
+ Make sesh path configurable in sudo.conf
+ [91d331f273b7]
+
+ * configure, configure.in:
+ Use -fno-pie and -nopie if supported when --disable-pie is
+ specified.
+ [777138c04dcc]
+
+2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document direct execution of the command if the policy plugin has no
+ close function.
+ [6a14145c6e80]
+
+2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Only delete creds if we actually established them. Print an error if
+ pam_setcred() fails and we actually authenticated.
+ [1e015314903b]
+
+ * common/Makefile.in, plugins/group_file/Makefile.in:
+ regen
+ [dd8cee2a5e1b]
+
+ * common/alloc.c, include/alloc.h:
+ Convert efree() to a macro that just casts to void * and does
+ free(). If the system free() can't handle free(NULL) this may crash
+ but C89 was a long time ago.
+ [efd0ff9270fb]
+
+ * configure, configure.in:
+ Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
+ Fixes a problem with errno sometimes not being set on error on HP-
+ UX.
+ [54b419d58320]
+
+ * common/sudo_debug.c:
+ Fix debug logging from the plugin when there is no error number.
+ This was broken in the big debugging reorg for 1.8.7.
+ [2ea7e145e928]
+
+2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/load_plugins.c:
+ Always install plugins with a .so extension regardless of what
+ extension the system uses for shared libraries. That way the
+ group_plugin sudoers setting can be shared between heterogenous
+ systems.
+ [a7e6ecff6fdf]
+
+ * plugins/sudoers/match.c:
+ Mac OS X has netgroup functions in netdb.h.
+ [243881a974aa]
+
+ * plugins/sudoers/parse.h:
+ Tags in struct cmndtag can be set to IMPLIED as well.
+ [cb6926988cc8]
+
+ * plugins/sudoers/parse.c:
+ Quiet a compiler warning.
+ [14e608c2001d]
+
+ * plugins/sudoers/testsudoers.c:
+ Quiet an llvm checker warning.
+ [2eeb9f3d08f3]
+
+ * plugins/sudoers/parse.c:
+ Quiet gcc -Wuninitialized false positive
+ [643ad987503d]
+
+2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Document group_file and system_group plugins.
+ [b56511e79230]
+
+ * NEWS:
+ Sudo 1.8.7
+ [e95183b8fa27]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Try to clarify that sudoedit in sudoers should not include a leading
+ pathname.
+ [7b2beac92a9c]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Make sure groupname_len is at least 32 just to be on the safe side.
+ It is better to allocate a little extra and not need it than to have
+ to reallocate and start over.
+ [6d3e1ba47de9]
+
+ * include/alloc.h, include/missing.h:
+ Add __malloc_like macro to apply __malloc__ attribute to emalloc,
+ ecalloc and estrdup. It cannot be applied to realloc since that may
+ return the same pointer.
+ [8d70cb81d1f1]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix potential double free in an error path.
+ [657573feb6a4]
+
+ * src/exec_pty.c:
+ When running the command in a pty, defer the call to exec_setup()
+ until just before we exec the command. This is consistent with the
+ non-pty path. As a side effect, the monitor process runs as root and
+ not the runas user.
+ [e2a7f8c7ee4c]
+
+2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/closefrom.c:
+ Update copyright year.
+ [9b652af4dfc0]
+
+2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/closefrom.c:
+ Use pst_highestfd from pstat_getproc() on HP-UX.
+ [09f3fea46a3d]
+
+2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, common/Makefile.in, doc/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Clean up generated test files and other minor housekeeping.
+ [f5f4fdd908e1]
+
+ * plugins/sudoers/iolog.c:
+ Add back gettimeofday() call inadvertantly removed in e1abb9810a83
+ [675cce8401ae]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Use pstat() on HP-UX to determine the tty device.
+ [2884af22a9df]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix PAM compilation: def_pam_session, not just pam_session.
+ [5417d7acc6ea]
+
+ * doc/fixmdoc.sh:
+ Don't remove the -S option description when trimming out selinux.
+ Bug #592
+ [8a94f2cfa0a0]
+
+2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for Sudo 1.8.6p7
+ [0858a73e9c40]
+
+2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document when sudo may exec the command directly instead of forking.
+ [da41951edc28]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document that close and version be NULL for plugin API >= 1.3 and
+ that sudo may execute the command directly if there is no close, or
+ pty or timeout needed.
+ [e5f929ddeaf8]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix debug_decl for sudo_auth_begin_session and
+ sudo_auth_end_session.
+ [58243392c0df]
+
+ * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add pam_session sudoers option.
+ [d994465db9f1]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h:
+ Dummy out close function if there is no end_session for the auth
+ method and the front-end can handle a NULL close function. Avoids
+ the extra sudo process when we don't actually need it.
+ [74886d5b0fb6]
+
+2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4:
+ Add m4/ to paths m4_include parameters so we don't need to use
+ autoconf's -I flag.
+ [4fd86e7a84f3]
+
+ * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
+ src/sudo_plugin_int.h:
+ If the policy plugin does not provide a close function, there is no
+ command timeout and no pty is required, skip the event loop and just
+ exec the command directly.
+ [ad532f107170]
+
+ * src/sudo.c:
+ Do not crash if the plugin close and version functions are not
+ defined. If there is no policy close function, simply print a
+ warning that the command was not found.
+ [c789a9dd54e8]
+
+2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix typos in selinux/solaris privs specific code.
+ [9af3999361b4]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, src/parse_args.c:
+ Pass the default plugin directory to the plugin via the settings
+ list. Could be used by a stacking plugin.
+ [688e771fc145]
+
+ * plugins/sudoers/timestamp.c:
+ Completely ignore time stamp file if it is set to the epoch,
+ regardless of what gettimeofday() returns.
+ [df58842af660]
+
+ * doc/CONTRIBUTORS:
+ Add Nikolai Kondrashov
+ [df59791438f9]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Use userpw_matches() for username matching so #uid works for
+ sudoRunAsUser.
+ [a124062334df]
+
+ * plugins/sudoers/sssd.c:
+ Avoid calling realloc3() with a zero size parameter when all
+ retrieved sssd rules fail. Otherwise we'll get a run-time error due
+ to malloc(0) checking.
+ [84dfcb73ebd7]
+
+ * plugins/sudoers/sssd.c:
+ Do not send error mail if a user is not found in SSSD. Local users
+ can run sudo too. From Nikolai Kondrashov
+ [3d2ae99ee468]
+
+2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/regress/sudo_conf/test4.in,
+ common/regress/sudo_conf/test4.out.ok:
+ Test setting disable_coredump to illegal value.
+ [3c71c6c49027]
+
+ * common/sudo_conf.c:
+ Fix atobool() usage.
+ [d40c9f4d06b0]
+
+ * common/regress/sudo_conf/conf_test.c:
+ Remove unused variable.
+ [328b524b365b]
+
+ * plugins/sudoers/sudoers.c:
+ Make "sudo -l non_existent_command" warn that non_existent_command
+ doesn't exist, not the "list" pseudo-command.
+ [9dc0388fc4f3]
+
+ * plugins/sudoers/parse.c:
+ Make sudoers file long list output better match the format used by
+ ldap sudoers. Tags are now converted to options and there is a
+ single command per line.
+ [6e6dc3f20d84]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use the correct the sudoers policy symbol names and undo an editor
+ goof committed when adding max_groups to sudo.conf.
+ [2a6f7ddf5cc3]
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
+ For "sudo -l" start a new line if the runas list changes to make the
+ output easier to read.
+ [7dc3d724c924]
+
+2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
+ For "sudo -l" and "sudo -ll" only print the runas info for
+ subsequent commands in a list if the runas info has changed. If we
+ have new runas info, print out the tags again so as to be less
+ confusing to the user. For "sudo -ll" set the line continuation
+ indent to 8.
+ [b5ec02fe7fc1]
+
+2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
+ plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c,
+ plugins/sample_group/sample_group.exp:
+ Rename sample_group plugin to group_file. Install group_file and
+ system_group plugins by default.
+ [951b3e446fae]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add maxseq sudoers option to limit the max number of I/O log files.
+ [e1abb9810a83]
+
+2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Log lines and columns in the iolog file.
+ [03adb6230e05]
+
+2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_conf/test1.in,
+ common/regress/sudo_conf/test1.out.ok,
+ common/regress/sudo_conf/test2.in,
+ common/regress/sudo_conf/test2.out.ok,
+ common/regress/sudo_conf/test3.in,
+ common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
+ include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
+ src/sudo.c:
+ Add simple regress tests for sudo.conf parsing.
+ [3c36b61bf61c]
+
+ * src/sudo.c:
+ Always display the I/O plugin version as long as its open functions
+ doesn't return an error. Previously it was only displayed if the
+ plugin open returned 1.
+ [4b0277db3f8c]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
+ of poking around in struct utmpx.
+ [2c0cc5c42958]
+
+ * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
+ #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
+ build directory and not the src dir when using a separate build
+ directory.
+ [1fcb7ba13018]
+
+2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fileops.c:
+ If a line was longer that 0x80000000 the bit hack to round to the
+ next power of two would roll over to zero.
+ [f4f729cf6f0f]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ Use max_groups in front-end and plugin.
+ [bf1e74166831]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, src/parse_args.c:
+ Pass max_groups to plugin in settings list.
+ [d7d76e8651f4]
+
+ * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, include/sudo_conf.h:
+ Add max_groups setting to sudo.conf (currently unused) and remove
+ unused return value from setters.
+ [f6494f71e1f0]
+
+2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Reorganize configure options
+ [23475de8039f]
+
+2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add Sudo 1.8.6p7
+ [5192fc511cbe]
+
+2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.configure:
+ Sync with autoconf 2.68
+ [985e5c8efa4e]
+
+ * INSTALL, README:
+ Remove obsolete OS notes and move build requirements to INSTALL.
+ [bf0dd53ca164]
+
+2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Sort elements of the settings, user_info and command_info lists.
+ [663062ada5b7]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Remove trailing white space
+ [027916a6c8e7]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Store the session ID in the tty ticket file too. A tty may only be
+ in one session at a time so if the session ID doesn't match we
+ ignore the ticket.
+ [4eb2cb8df48b]
+
+2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move tzset() call from sudoers plugin to sudo front end.
+ [3c058dad8772]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Mention line continuation
+ [399873f8c805]
+
+ * MANIFEST, common/Makefile.in, common/fileops.c,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/sudo_parseln/test1.in,
+ common/regress/sudo_parseln/test1.out.ok,
+ common/regress/sudo_parseln/test2.in,
+ common/regress/sudo_parseln/test2.out.ok,
+ common/regress/sudo_parseln/test3.in,
+ common/regress/sudo_parseln/test3.out.ok,
+ common/regress/sudo_parseln/test4.in,
+ common/regress/sudo_parseln/test4.out.ok,
+ common/regress/sudo_parseln/test5.in,
+ common/regress/sudo_parseln/test5.out.ok,
+ common/regress/sudo_parseln/test6.in,
+ common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
+ include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudo_nss.c:
+ Add line continuation support to sudo_parseln() and make it use
+ getline() instead of fgets() internally.
+ [d02bf3973fc5]
+
+2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c:
+ Fix memory leak in error path; found by llvm checker
+ [d090c26a5b00]
+
+ * plugins/sudoers/sudoreplay.c:
+ Remove useless store detected by llvm checker.
+ [12a4db91651a]
+
+ * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
+ src/load_plugins.c, sudo.pp:
+ Sudo now stores its libexec files in a "sudo" subdirectory instead
+ of in libexec itself. For backwards compatibility, if the plugin is
+ not found in the default plugin directory, sudo will check the
+ parent directory default directory ends in "/sudo".
+ [5de67de76489]
+
+ * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
+ plugins/system_group/system_group.c:
+ Add missing __dso_public to plugin structs so they are exported.
+ [dde703577621]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Mention that sudoers has its own plugins too.
+ [0a6c6203b512]
+
+2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Correct last change date.
+ [45894291d792]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Remove duplicated sudo.conf info in the sudo, sudoers and
+ sudo_plugin manuals and cross-reference the new sudo.conf manual.
+ [b808ba29cf3a]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Fix typos
+ [0e70964150c6]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Fix some typos.
+ [94ae045cfbc6]
+
+ * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in:
+ Add standalone sudo.conf manual page.
+ [d64d949b700c]
+
+ * doc/sample.sudo.conf:
+ add group_source example
+ [118c1ba1c014]
+
+ * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
+ doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
+ [f5bd6006dc1c]
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
+ src/po/it.po:
+ Sync with translationproject.org
+ [a6f2b9aac371]
+
+2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
+ src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
+ src/po/vi.po:
+ Sync with translationproject.org
+ [ba546666969d]
+
+2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
+ plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
+ src/po/es.po, src/po/gl.po:
+ Sync with translationproject.org
+ [cdc454e34c03]
+
+2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Clarify ttyname changes.
+ [cbf2f80fe582]
+
+ * NEWS:
+ Add 1.8.6p6
+ [3aa591e98b3b]
+
+ * src/ttyname.c:
+ Remove ttyname() fall back code on systems where we can query the
+ kernel for the tty device via /proc or sysctl(). If there is no
+ controlling tty, it is better to just treat the tty as unknown
+ rather than to blindly use what is hooked up to std{in,out,err}.
+ [b2bd3005d2e4]
+
+2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
+ Add group_source setting in sudo.conf to allow the admin to specify
+ how a user's groups are looked up. Legal values are static (just the
+ kernel list from getgroups), dynamic (whatever the group database
+ includes) and adaptive (only use group db if kernel group list is
+ full).
+ [87a5b02e22ad]
+
+ * plugins/sudoers/policy.c:
+ Pass back exec_background to front end if it is enabled in sudoers.
+ [8230e1cd0bbd]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention that exec_background is for 1.8.7 and higher only.
+ [fdf0d5a3e182]
+
+2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ Add missing test files.
+ [1165389aa5e6]
+
+ * plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/regress/visudo/test3.out.ok,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Add regress test for bug 361
+ [54c7fb61b82d]
+
+ * plugins/sudoers/iolog.c:
+ Add __dso_public to extern declaration of declaration to match
+ actual definition.
+ [4695ded501e6]
+
+ * NEWS:
+ Add 1.8.6p5
+ [b07b28c5c4d7]
+
+2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test2.out.ok,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for visudo cycle check core dump; test case from Daniel
+ Kopecek
+ [41074541147a]
+
+ * plugins/sudoers/visudo.c:
+ Fix potential stack overflow due to infinite recursion in alias
+ cycle detection. From Daniel Kopecek.
+ [d7e018a87434]
+
+ * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
+ Ignore duplicate entries in sudo.conf and report the line number
+ when there is an error. Warn, don't abort if there is more than one
+ policy plugin.
+ [dfcb5a698f0a]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Use strtoul() not atoi().
+ [58a52cf9b6b8]
+
+2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in:
+ regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
+ [9b44e9d26d16]
+
+ * compat/nss_dbdefs.h:
+ Fix typo that breaks the build on HP-UX.
+ [b9ab6ba23485]
+
+ * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
+ configure, configure.in:
+ Use nss_search() to implement getgrouplist() where available. Tested
+ on Solaris and HP-UX. We need to include a compatibility header for
+ HP-UX which uses the Solaris nsswitch implementation but doesn't
+ ship nss_dbdefs.h.
+ [d29dbc4dc06d]
+
+2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
+ Remove extra flag to sudo_sigaction(). We want to trap the signal
+ regardless of whether or not it is ignored by the underlying command
+ since there's no way to know what signal handlers the command will
+ install. Now we just use sudo_sigaction() to set a flag in
+ saved_signals[] to indicate whether a signal needs to be restored
+ before exec.
+ [c042d52c7192]
+
+2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getgrouplist.c, config.h.in, configure, configure.in:
+ Use _getgroupsbymember() on Solaris to get the groups list. Fixes
+ performance problems with the getgroupslist() compat on Solaris
+ systems with network-based group databases.
+ [287d3ae2ce8d]
+
+2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document signal handler behavior in plugin API 1.3
+ [20dc9d1c105f]
+
+ * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
+ src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
+ Move signal code into its own source file and add sudo_sigaction()
+ wrapper that has an extra flag to check the saved_signals list to
+ only install the handler if the signal is not already ignored. Bump
+ plugin API version for the new front-end signal behavior.
+ [5d2f27a1b404]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
+ src/sudo_exec.h:
+ Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
+ the command. If we get SIGINT or SIGQUIT, call the plugin close()
+ functions as if the command was interrupted. If we get SIGTSTP,
+ uninstall the handler and deliver SIGTSTP to ourselves.
+ [332baf3a81b7]
+
+ * src/exec.c, src/exec_pty.c:
+ Rename handle_signals() to dispatch_signals(). Block other signals
+ in handler() so we don't have to worry about the write() being
+ interrupted.
+ [666e95c9a0f1]
+
+2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/tgetpass.c:
+ Rename signal handler to avoid name clash with one in exec.c
+ [8913101a29b6]
+
+2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Add missing call to save_signals().
+ [47d075d7326b]
+
+2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Fill in the comment block at the top of the .pot files and preserve
+ it when regenerating them.
+ [6449497b76db]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Add exec_background option in plugin command info and a sudoers
+ option to match. When set, commands are started in the background
+ and automatically foregrounded as needed. There are issues with some
+ ill-mannered programs (like Linux su) so this is not the default.
+ [c0b32b0938f2]
+
+ * common/Makefile.in:
+ regen
+ [2b2b220e7aea]
+
+ * src/Makefile.in:
+ Add SESH_OBJS variable for sesh object files.
+ [d3e04ae8fd1f]
+
+ * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
+ Update copyright year.
+ [61a0f0cedb13]
+
+ * src/exec_pty.c:
+ Always resume the command in the foreground if sudo itself is the
+ foreground process. This helps work around poorly behaved programs
+ that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
+ worst, sudo will go into the background but upon resume the command
+ will be runnable. Otherwise, we can get into a situation where the
+ command will immediately suspend itself.
+ [c368ac3eb2e4]
+
+ * configure, configure.in:
+ Use -fstack-protector-all in preference to -fstack-protector where
+ supported.
+ [f930c95ceb51]
+
+2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only test for -fstack-protector and -fvisibility=hidden on GNU
+ compatible compilers.
+ [796f4696d863]
+
+2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add Sudo 1.8.6p4
+ [8a928de8e717]
+
+ * common/Makefile.in, compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Break out stack smashing protector options into SSP_CFLAGS and
+ SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
+ [01be114fc9fb]
+
+2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
+ In rbrepair(), make sure we never try to change the color of the
+ sentinel node, which is the first entry, not the root. From Michael
+ King
+ [3fc4dc4004ec]
+
+2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ No need to restore default signal handler for SIGSTOP as it is not
+ catchable. Attempting to do so is harmless but sigaction() will fail
+ and set errno to EINVAL which makes it looks like there is an error.
+ [be7c0b759e9a]
+
+ * src/exec.c:
+ Print SIGCONT_FG and SIGCONT_BG properly in debug output.
+ [93e59e301c8f]
+
+2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
+ [9ed48f696595]
+
+2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Add howmany() macro since some systems have this in sys/param.h
+ which we no longer include.
+ [2c5efaa16c45]
+
+2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
+ Remove errant file.
+ [a91699beffc6]
+
+2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Remove obsolete sudoers_cleanup() stubs.
+ [89153025a2ae]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/secure_path.c,
+ common/sudo_conf.c, common/sudo_debug.c, common/term.c,
+ compat/closefrom.c, compat/getcwd.c, compat/glob.c,
+ compat/snprintf.c, include/missing.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/get_pty.c,
+ src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
+ src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
+ MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
+ HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
+ MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
+ [f4807d46f504]
+
+ * include/missing.h, plugins/sudoers/match.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
+ (sys/param.h or netdb.h).
+ [2544f5e306dd]
+
+2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Move debug_decl() in log_failure() to be after the variable
+ declarations for C89.
+ [f48d2035ab44]
+
+2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/error.c, include/error.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Cannot wrap sigsetjmp() or we end up returning to the wrong place.
+ Use a macro instead.
+ [749ee6acdad8]
+
+2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/policy.c:
+ Fix return in sudoers_policy_open that should be debug_return.
+ [a78b795b6846]
+
+2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
+ too.
+ [acfa891c229e]
+
+ * src/solaris.c:
+ Quiet a gcc warning and add comment about needing to keep the handle
+ open.
+ [f954f228960f]
+
+2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention --disable-shared
+ [6954d39e2d0f]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Add missing command_info argument in I/O plugin open() prototype.
+ Bug #579
+ [72beb07aba0e]
+
+2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c:
+ Regen for proper line numbers.
+ [6cf6e132e764]
+
+ * configure, configure.in:
+ Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
+ [d604dc8ca38a]
+
+ * common/sudo_printf.c:
+ Include missing.h for __printflike.
+ [a33640600faf]
+
+ * plugins/sudoers/iolog.c:
+ Saner loop invariant in io_mkdirs (cosmetic only).
+ [dc30274afe38]
+
+ * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
+ configure, configure.in, include/error.h, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
+ src/sesh.c:
+ Move warn/error into common and make static builds work.
+ [4d3f374f4e4c]
+
+ * MANIFEST, common/Makefile.in, common/sudo_debug.c,
+ common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/conversation.c, src/sesh.c:
+ Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
+ Add sudo_printf function pointer that is initialized to
+ _sudo_printf() instead of requiring a sudo_conv function pointer
+ everywhere. The plugin will reset sudo_printf to point to the
+ version passed in via the plugin open function. Now plugin_error.c
+ can just call sudo_printf in all cases. The sudoers binaries no
+ longer need their own version of sudo_printf.
+ [9b09d3f63790]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
+ need error_jmp to be extern. Also add plugin_clearjmp() that clears
+ a flag so error()/errorx() knows when to call exit() vs. longjmp().
+ [5a4617148e70]
+
+ * plugins/sudoers/set_perms.c:
+ Let warning() call gettext() for us.
+ [ab8d502ba4ac]
+
+ * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
+ Do locale swapping in the warning()/error() macros themselves
+ instead of in the underlying functions.
+ [4cd205540e17]
+
+ * common/alloc.c, common/list.c, include/error.h,
+ plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
+ src/hooks.c:
+ Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
+ [48346393634d]
+
+ * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
+ src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
+ Call gettext() on parameters for warning()/warningx() instead of
+ having warning() do it for us.
+ [c71088bc9d3e]
+
+ * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
+ Call gettext() in sudoerserror() in the user's locale and pass the
+ untranslated string to it.
+ [cdbfc231b848]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Allow sudoers programs (visudo, sudoreplay, visudo) to use
+ plugin_error.c instead of the error.c from the front-end. This means
+ sudoers_setlocale() needs to be independent of the sudo_user struct
+ and the defaults table. The sudoers locale is now updated via a
+ callback.
+ [e356f5f8cd6a]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
+ Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
+ warning/error functions work when sudo_conv is NULL
+ [7365ee24a779]
+
+ * src/error.c:
+ No need to change locale in front-end warning()/error().
+ [23dc1df7f93b]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Ignore bad lines in passwd/group file instead if stopping processing
+ when we hit one.
+ [79b790559075]
+
+ * plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Bash doesn't let you set UID to use MYUID instead.
+ [5be56335f059]
+
+ * plugins/sudoers/visudo.c:
+ Avoid NULL deref for unknown Defaults in strict mode.
+ [545c21c1e7d6]
+
+ * common/sudo_conf.c, common/sudo_debug.c:
+ See DEFAULT_TEXT_DOMAIN
+ [3d723e1d27db]
+
+2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ Add signame.c and mksigname.
+ [d59bbf423f00]
+
+ * plugins/sudoers/Makefile.in:
+ Fold preinstall into install-plugin and pass the path to the plugin
+ binary to the preinstall command.
+ [2c2205af8bb7]
+
+ * pp:
+ sync with upstream
+ [a4b7336b3256]
+
+ * src/sudo.h:
+ repair spacing
+ [f5c1255ce514]
+
+2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c:
+ Set group on sudo_debug when creating it to gid 0 so systems without
+ BSD group semantics don't get the invoking user's group.
+ [7dda01196554]
+
+ * plugins/sudoers/iolog.c:
+ Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
+ path is a temporary, in which case the final component is created
+ via mkdtemp() instead of mkdir().
+ [79c0c4e7ed58]
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
+ For PERM_ROOT set egid to 0 so log files are not created with the
+ gid of the user.
+ [5b964ea43474]
+
+ * plugins/sudoers/logging.c:
+ Add calls to set_perms(PERM_ROOT) becore logging to a file. We
+ should already be root but since we cache the current permission
+ status it is basically free. That way, if more of sudoers runs as
+ non-root in the future logging will still work correctly.
+ [c591d4973f41]
+
+ * common/sudo_conf.c, config.h.in, configure, configure.in,
+ include/gettext.h, plugins/sudoers/locale.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
+ #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
+ [41f6bb4926f4]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Mention that sudo.conf is parsed in the C locale.
+ [f711c416e30c]
+
+ * common/sudo_conf.c:
+ Parse sudo.conf in the "C" locale.
+ [776658f651ea]
+
+ * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.h:
+ Fix compilation on systems w/o setlocale()
+ [6940d1c1c1ce]
+
+ * doc/TROUBLESHOOTING:
+ Sudo now includes a workaround for the Solaris 11 locale issue.
+ [ab93787a552c]
+
+2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/gettext.h, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/locale.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Always include locale.h from gettext.h so we no longer need to
+ include locale.h from the .c files.
+ [93d39182ccfa]
+
+ * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
+ src/solaris.c, src/sudo.c, src/sudo.h:
+ Add os-specific initialization functions for solaris (workaround
+ setuid locale problem in Solaris 11) and openbsd (set malloc_options
+ if SUDO_DEVEL). Also move set_project() to solaris.c.
+ [1d6581afbaf4]
+
+2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Avoid strerror() when possible and just rely on warning/error to
+ handle errno in the proper locale.
+ [bf612caae97c]
+
+ * plugins/sudoers/logging.c:
+ Set sudoers locale in log_allowed()
+ [2dd0ac704cae]
+
+ * plugins/sudoers/check.c:
+ Make the sudo lecture translatable.
+ [3cdfc183d72d]
+
+ * Makefile.in:
+ Add the values of badpass_message, passprompt and mailsub to
+ sudoers.pot so they can be translated.
+ [51cbe8adcb94]
+
+ * plugins/sudoers/logging.c:
+ Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
+ up by xgettext.
+ [c5b74115caf0]
+
+2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/sudoers.h:
+ Make expand_prompt() args const and free the prompt when we are done
+ with it.
+ [995ef8519fe6]
+
+ * plugins/sudoers/policy.c:
+ Fix cut and pasto
+ [e002921c1d15]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
+ Expand def_mailsub in the sudoers locale, not the user's.
+ [a4775f2fb385]
+
+ * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c, src/error.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
+ Display warning/error messages in the user's locale.
+ [00a04165c0cf]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/timestamp.c:
+ Call gettext inside log_error et al instead of having the caller do
+ it. This way we can display any messages to the user in their own
+ locale but log in the sudoers local.
+ [286e0444f785]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add simple locale switching to make it easy to switch from the
+ user's locale to the sudoers locale without making excessive
+ setlocale() calls when we don't need to.
+ [5c61582fdeee]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c:
+ Convert setlocale() to sudoers_setlocale() in the sudoers module.
+ This only converts existing uses, there are more places where we
+ need to sprinkle sudoers_setlocale() calls.
+ [8ee0cbf0d0a9]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ audit_failure() now calls gettext itself using the sudoers locale.
+ [d77f1d78799a]
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/plugin_error.c, src/error.c:
+ Add variants of warn/error and sudo_debug_printf that take a va_list
+ instead of a variable number of args.
+ [00392bdc063c]
+
+ * INSTALL, doc/TROUBLESHOOTING:
+ Document Solaris 11 locale issues and workarounds.
+ [05f7d34af3ae]
+
+ * Makefile.in, configure, configure.in:
+ Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
+ locales. Make links from localdir/lang -> localdir/lang.UTF-8
+ [5ca9326480e2]
+
+2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
+ Do not inform the user that the command was not permitted by the
+ policy if they do not successfully authenticate. This is a
+ regression introduced in sudo 1.8.6.
+ [c1279df08bfb]
+
+ * plugins/sudoers/Makefile.in:
+ Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
+ the rpath in HP-UX SOM shared libraries for the LDAP libs.
+ [b07185657b42]
+
+ * src/parse_args.c:
+ The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
+ [22c73cbe3ff9]
+
+2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Allow the user to specify and alternate libtool
+ [c9d6fc9521fd]
+
+2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
+ Allow sudo to be build with sss support without also including ldap
+ support. From Stephane Graber.
+ [b992a80ebea1]
+
+2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Refactor policy plugin interface code from sudoers.c into policy.c
+ [393e62910b8a]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Refactor command_info setting into its own function.
+ [a952b948324c]
+
+ * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Make interfaces pointer private to interfaces.c and add
+ get_interfaces() accessor.
+ [b69b9334ed3c]
+
+2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.h:
+ Make user_cwd const since it is either a string literal or passed in
+ from the front-end.
+ [90751b81e8bc]
+
+ * configure, configure.in:
+ sudo 1.8.7
+ [bf727adb8af0]
+
+ * plugins/sudoers/sudoers.c:
+ Avoid nested strtok() calls.
+ [9d9f22ab52a9]
+
+2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
+ Move expand_prompt() into its own source file for easier unit
+ testing.
+ [b419b48a436f]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Make check.c independent of the underlying timestamp implementation.
+ [895071bd6065]
+
+ * plugins/sudoers/iolog_path.c:
+ Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
+ [8ac38f02dd6d]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use a list for the possible values of Tag_Spec with a minimal indent
+ to improve readability. In the pod version, these were =head3. Also
+ use .St -p1003.1 instead of just POSIX when talking about glob() and
+ fnmatch().
+ [361a6f7a5c44]
+
+2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ sudo_ttyname_dev() is unused if there is no /proc or sysctl().
+ [6598dbf81e16]
+
+ * compat/mksiglist.c, compat/mksigname.c,
+ compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
+ Explicitly mark main() as public in executables to avoid an HP-UX ld
+ warning.
+ [72a40ce218be]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Remove grep from SEE ALSO section.
+ [c7cafee1621f]
+
+ * common/alloc.c:
+ If vasprintf() fails, just use the errno it sets instead of assuming
+ ENOMEM.
+ [1be5bfdc0cab]
+
+2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Mention HP-UX pam.conf settings.
+ [8b8e745b49fd]
+
+2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestamp.h:
+ Split off timestamp functions into their own source file.
+ [d5833332511d]
+
+2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention how !foo is not the same as ALL,!foo
+ [51f8e470757d]
+
+2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Start commands in the background when I/O logging is enabled. We
+ can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
+ which returns EINTR on signal instead of restarting automatically.
+ [83b1d59146f7]
+
+ * src/exec_pty.c:
+ Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
+ string in deliver_signal().
+ [2cefea7a976e]
+
+2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Fix running commands that need the terminal in the background when
+ I/O logging is enabled. E.g. "sudo vi &". When the command is
+ foregrounded, it will now resume properly.
+ [0bc13a253429]
+
+ * plugins/sudoers/match.c:
+ Add rudimentary support for name-based matching as a compile-time
+ option. This unsafe when used in conjunction with the '!' operator.
+ [f93bc8e6db15]
+
+2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
+ Split out implementation-specific back end code out of pwutil.c into
+ pwutil_impl.c. This will allow the main pwutil code to be used for
+ lookup methods other than getpw* and getgr*.
+ [999c2dde60e4]
+
+2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6p3
+ [97fef3d9ed65]
+
+2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh:
+ Don't use embedded newline when matching, use \n. This got expanded
+ at some point. Bug #573
+ [6652f834b8f5]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
+ really needed due to the #defines that yacc makes but it is less
+ confusing this way as the lexer calls sudoerserror().
+ [a0577be6527d]
+
+ * common/alloc.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/env.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ src/exec_common.c, src/parse_args.c, src/sudo.c:
+ No need to translate "unable to allocate memory" when we can just
+ use the system translation via strerror().
+ [377499e5827c]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
+ all file systems support d_type. Bug #572
+ [8b861c62945f]
+
+ * plugins/sudoers/sudoreplay.c:
+ Avoid calling fclose(NULL) in the error path when we cannot open an
+ I/O log file.
+ [9401d5c4bb05]
+
+2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ Sudo 1.8.6p2
+ [6e32496280f2]
+
+ * src/exec.c:
+ When setting the signal handler for SIGTSTP to the default value in
+ non-I/O log mode, store the old handler value for when we restore it
+ after resume.
+ [242628694e42]
+
+ * plugins/sudoers/env.c:
+ Replace the guts of sudo_setenv_nodebug() with our old setenv.c
+ which supports non-standard BSD and glibc semantics. sudo_setenv()
+ now simply calls sudo_setenv2().
+ [57ffb6c9efaa]
+
+2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document non-Unix group support in LDAP sudoers.
+ [33c89f3aeee6]
+
+ * plugins/sudoers/ldap.c:
+ Enable non-Unix group support for LDAP sudoers. We now check for
+ non-Unix groups and netgroups with the same query in the second
+ pass. Bug #571
+ [eb98fdff54d9]
+
+2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c:
+ Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
+ [cb6c0d93215e]
+
+2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention support for SUCCESS=return in /etc/nsswitch.conf
+ [ef1f35aa0863]
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6p1
+ [73a5e1f004b3]
+
+2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Avoid setting LOGNAME, USER and USERNAME variables twice when
+ set_logname is enabled.
+ [0de4f5fbd1d4]
+
+ * plugins/sudoers/env.c:
+ Fix duplicate detection in sudo_putenv(), do not prune out the
+ variable we just set when overwriting an existing instance. Fixes
+ bug #570
+ [854ee714c831]
+
+ * plugins/sudoers/env.c:
+ Add some debuggging
+ [a25cd3305823]
+
+2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Disable word wrap in list mode when stdout is a pipe to make "sudo
+ -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
+ [65ade04511fd]
+
+ * common/lbuf.c:
+ Print a trailing newline in lbuf_print() when there is not enough
+ space to do word wrapping and the lbuf does not end with a newline.
+ [c0200e19cd09]
+
+ * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
+ Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
+ Kopecek
+ [5c480316e3ce]
+
+ * MANIFEST:
+ Add sssd.c
+ [9cadd014ef97]
+
+2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
+ plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
+ src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
+ regen .po files
+ [62423d4d143d]
+
+ * MANIFEST, plugins/sudoers/po/vi.mo:
+ Add Vietnamese sudoers translation from translationproject.org
+ [33666a605525]
+
+ * NEWS:
+ mention PIE
+ [05032e5304c6]
+
+ * MANIFEST, plugins/sudoers/po/vi.po:
+ Add Vietnamese sudoers translation from translationproject.org
+ [015c2204bae2]
+
+2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, mkdep.pl:
+ Add missing signame dependency
+ [e493bfb01929]
+
+ * src/exec.c, src/ttyname.c:
+ Silence compiler warnings.
+ [1c5374b66d9b]
+
+ * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
+ config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
+ src/exec.c, src/exec_pty.c:
+ Replace strsigname() with sig2str(), emulating it as needed.
+ [1e348cca1fa6]
+
+ * config.h.in, configure, configure.in, src/utmp.c:
+ Use fseeko() for legacy utmp handling if available.
+ [b4bbd8d2c0e9]
+
+2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/strsigname.c, config.h.in, configure, configure.in:
+ Detect sys_sigabbrev[] and use it in place of sys_signame[] if
+ present. For some reason glibc does not declare sys_sigabbrev so we
+ must add an extern definition of our own.
+ [b38f3fbd7078]
+
+ * compat/strsignal.c, compat/strsigname.c:
+ Handle NULL entries in sys_siglist and sys_signame.
+ [a388959d9654]
+
+ * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
+ compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
+ Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
+ [711e41aba59a]
+
+2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [5a2522488754]
+
+ * src/exec.c:
+ Pass on SIGTSTP to the command if it was sent by a user process (not
+ the kernel or the terminal) when we are not I/O logging and set the
+ default SIGTSTP handler when we re-send the signal to ourself,
+ restoring our handler after we resume.
+ [4259c47e31c0]
+
+ * src/exec.c:
+ Shells typically change their process group when they start up so
+ that they can implement job control. Most well-behaved shells change
+ the pgrp back to its original value before suspending so we must not
+ try to restore in that case, lest we race with the child upon
+ resume, potentially stopping sudo with SIGTTOU while the command
+ continues to run. Some shells, such as pdksh, just suspend the shell
+ by sending SIGSTOP to themselves without restoring the pgrp. In this
+ case we need to change the pgrp back for them. Should fix bug #568
+ [6ac6751ffd17]
+
+2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, compat/Makefile.in, compat/mksigname.c,
+ compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
+ config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
+ src/exec.c, src/exec_pty.c:
+ Use strsigname() to print signal names in the debug output. If the
+ system has no strsigname(), use our own.
+ [0735f18906b9]
+
+2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test5.inc,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Remove generated file and change path for temporary include file.
+ [4e9fa830c6b5]
+
+ * plugins/sudoers/Makefile.in:
+ When running regress tests, list pass/fail rate for each dir
+ (testsudoers and visudo) instead of the total. Also prevent the
+ result files from clobbering each other by keeping them in the
+ relevant directories.
+ [6aac53baff7d]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Don't print an error message in yyerror() if open_sudoers() fails,
+ we've already printed an error message. Also restore the check for
+ sudoers_warnings in yyerror().
+ [aa6036df5fb2]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Avoid printing the >>> parse error <<< message for testsudoers when
+ the -t flag is specified.
+ [76f3433c8992]
+
+2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix NULL deref when an entry has no Runas_Entry
+ [4b14983ff6e7]
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [440e9c9b37de]
+
+ * NEWS:
+ sync
+ [3142ba2dce60]
+
+ * plugins/sudoers/check.c:
+ Correct the check_user() comment header.
+ [73da30308fff]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Change a log_fatal() into log_error() when no auth methods are
+ configured. The caller already checks the return value.
+ [05f5c39793a7]
+
+ * plugins/sudoers/logging.c:
+ Add missing debug_return
+ [3a76bb7c2fe7]
+
+2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Make the capitalization consistent for .Ss and .Sx
+ [5c5735ee4b2f]
+
+ * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.mdoc.in:
+ Add COMMAND EXECUTION section that describes how sudo runs the
+ command, the extra sudo processes and signal handling.
+ [dff2d88e984e]
+
+2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Happy Easter
+ [4b9d697c6b83]
+
+2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in:
+ Don't echo the awk command when building siglist.in
+ [21daa72921e6]
+
+ * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Cosmetic changes.
+ [19259528e9ad]
+
+ * doc/Makefile.in:
+ The HISTORY, LICENSE and CONTRIBUTORS files are not longer
+ generated.
+ [ea6ac9e981e6]
+
+ * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
+ plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
+ src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
+ src/po/uk.po, src/po/vi.po:
+ Sync with translationproject.org and add Italian sudoers
+ translation.
+ [9276740aea59]
+
+2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Expand description of fqdn to talk about systems where the hosts
+ file is searched before DNS.
+ [4ee812ca6116]
+
+2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ For cat pages there is nothing to make unless DEVEL is set.
+ [fab4a5b68708]
+
+ * configure, configure.in, doc/Makefile.in:
+ Always use mandoc to format cat pages and remove now-extraneous
+ nroff configure tests.
+ [5747f4ed5762]
+
+ * pp:
+ sync polypkg from git
+ [89ddf6ea3e3f]
+
+ * plugins/sudoers/sudoers.c:
+ Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
+ is not always the same as "fully qualified".
+ [7c1d9c098386]
+
+2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.mdoc.in:
+ Fix some typos. Describe error messages not related to policy
+ permissions.
+ [f5ebf9030d85]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/visudo.c:
+ Add new check_defaults() function to check (but not update) the
+ Defaults entries. Visudo can now use this instead of update_defaults
+ to check all the defaults regardless instead of just the global
+ Defaults entries.
+ [3fa879ce1b65]
+
+2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document sudoers log format.
+ [08998a7061ab]
+
+ * NEWS:
+ Update for sudo 1.8.5p3
+ [6e102a5d4e8d]
+
+ * src/load_plugins.c:
+ Add missing check for I/O plugin API version when checking for the
+ presence of I/O plugin hooks.
+ [ef05c7eeaf81]
+
+ * src/hooks.c:
+ Can't call debug code in the process_hooks_xxx functions() since
+ ctime() may look up the timezone via the TZ environment variable.
+ [2179fb26bd8e]
+
+2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_common.c, src/sesh.c, src/utmp.c:
+ Include signal.h before sudo_exec.h since it uses sigset_t * in the
+ fork_pty prototype.
+ [94fc0d859600]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Remove OPTIONS section; options now go inside DESCRIPTION
+ [a619fc58a746]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [44719d80bc06]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
+ src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
+ Sync with translationproject.org and add new Slovenian translation.
+ [34b4b966bbac]
+
+ * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Reduce the number of "internal error, foo overflow" messages that
+ need to be translated.
+ [93ffa2b3d53f]
+
+ * NEWS:
+ Mention HP-UX reboot fix.
+ [1e39b5aa32ac]
+
+ * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
+ doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
+ Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
+ data source. From Daniel Kopecek and Pavel Brezina.
+ [3f85e95d6928]
+
+2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_conf.c, src/load_plugins.c:
+ If sudo.conf contains an I/O plugin but no policy plugin, use
+ sudoers for the policy plugin. If a policy plugin is specified
+ without an I/O plugin, only the policy plugin will be loaded.
+ [ea192df2439d]
+
+ * doc/Makefile.in, doc/sudoers.man.in:
+ Do not modify the .Os section when building the .man.in file from
+ .mdoc.in.
+ [a9f9628e147f]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Add a note about wildcards matching multiple words and include an
+ example. Also mention that for sudoedit, a wildcard in command line
+ args does not match a slash.
+ [fcb9fbac14e0]
+
+2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c, src/sudo_exec.h:
+ Fix a comment, update a variable name in a prototype; all cosmetic.
+ [e89f10cbd6e1]
+
+ * plugins/sudoers/iolog.c:
+ Cast 2nd argument of lseek() to off_t if it is a constant for
+ systems with 64-bit off_t but without a proper lseek() prototype.
+ [d8779da135d0]
+
+ * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/visudo.c:
+ Fix some warnings from clang checker-267
+ [1e44ef7860b5]
+
+ * plugins/sample/sample_plugin.c:
+ Fix memory leak found by clang checker-267
+ [f8a43617fdfb]
+
+2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
+ If we receive a signal from the command we executed, do not forward
+ it back to the command. This fixes a problem with BSD-derived
+ versions of the reboot command which send SIGTERM to all other
+ processes, including the sudo process. Sudo would then deliver
+ SIGTERM to reboot which would die before calling the reboot() system
+ call, effectively leaving the system in single user mode.
+ [4ffab9ab9e98]
+
+2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh, doc/fixmdoc.sh:
+ Remove section about Solaris 10 on other systems. Add missing
+ sudoers.man.in bit to fixman.sh.
+ [176559199ba7]
+
+2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Expand section on Solaris privileges.
+ [3a1bfa2f1743]
+
+ * NEWS:
+ Expand a bit on the Solaris priv set changes.
+ [bffb78b4a520]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ The second argument to init_parser() is now bool.
+ [fb727a4fb651]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Fix printing of parse error message to stderr.
+ [dea6b420b84f]
+
+ * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
+ If a command matches using an empty Runas_List (i.e. Runas_List is
+ present but empty) and the -u option was not specified, set runas_pw
+ to user_pw instead of using runas_default. This is intended to be
+ used in conjunction with the Solaris Privilege Set support for rules
+ that grant privileges without changing the user.
+ [e84a081f3c11]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
+ Add support for parsing an empty Runas_List, which only allows the
+ command to be run as the invoking user. This can be used in
+ conjunction with the Solaris Privilege Set support to grant
+ privileges without changing the user.
+ [dc34373792fc]
+
+2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/fixman.sh:
+ Fix HP-UX, just use ".TH name section" like the vendor manuals.
+ [559738237c92]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix compilation on Solaris
+ [2d310302207c]
+
+ * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
+ doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
+ doc/sudoers.mdoc.sh:
+ Generate a sed script file when munging *.mdoc or *.man instead of
+ passing sed expressions on the command line. Older seds do not
+ support \n in a replacement so generate and run a sed script
+ instead.
+ [0bcce3f1ca18]
+
+ * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
+ doc/visudo.man.in:
+ Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
+ [fe0f10b63776]
+
+2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ When checking whether a signal is user-generated, compare si_code
+ against SI_USER instead of <= 0 since on HP-UX, terminal-related
+ signals get a code of 0.
+ [4e9021243343]
+
+ * src/sudo.c:
+ SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
+ interchangably. This causes problems when setting RLIMIT_NPROC to
+ RLIM_INFINITY due to a bug in bash where bash tries to honor the
+ value of _SC_CHILD_MAX but treats a value of -1 as an error, and
+ uses a default value of 32 instead.
+
+ Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
+ restored the previous value of RLIMIT_NPROC. However, that makes it
+ impossible to set nproc to unlimited. We now only restore the nproc
+ resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases,
+ pam_limits will set RLIMIT_NPROC for us.
+ [cb71cc8d0b08]
+
+2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Active Directory apparently requires that tenths of a second be
+ present in a date so append .0 to the "now" value in the time
+ filter. Also remove space for the global AND from TIMEFILTER_LENGTH
+ since it was not being used consistently. Buffers of
+ TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
+ [d28619ff6e45]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix SELinux build
+ [cc0d1f4e851b]
+
+2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
+ were not being kept in sync.
+ [fc3ad1847cb1]
+
+ * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
+ doc/license.pod:
+ Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
+ were not being kept in sync.
+ [950363dffe3a]
+
+2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Fix printing of the permission denied message to standard error when
+ a user is not allowed to run a command. This got broken by the
+ recent logging changes.
+ [b7af63da3ca1]
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump grammar version for Solaris privs.
+ [2a2baf024477]
+
+ * doc/schema.ActiveDirectory:
+ Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
+ were added. From David Hicks.
+ [3fc432a8edb4]
+
+2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Remove lex.yy.c when building toke.c
+ [72bb9e62b289]
+
+ * doc/Makefile.in:
+ Fix building docs in a build dir.
+ [7a6f435af022]
+
+ * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
+ doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
+ doc/sudoreplay.pod, doc/visudo.pod:
+ Remove pod versions of the manual; we now use mdoc.
+ [5c967d2dd5db]
+
+ * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
+ doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
+ Add post-processing scripts to strip out login class, BSD auth,
+ SELinux and privilege set bits when they are not supported.
+ [d0d51f72f597]
+
+ * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
+ doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
+ Merge in Solaris privilege support by Darren Moffat and John
+ Zolnowsky
+ [3aa0a64f2f5c]
+
+2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/contributors.pod:
+ Sync with CONTRIBUTORS file
+ [9a0852306ad9]
+
+ * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.man.in:
+ Regen .man.in files with my private mandoc.
+ [dc3c9fc449eb]
+
+ * doc/Makefile.in:
+ add MANDOC variable
+ [35527e66afc5]
+
+2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
+ Regen .man.in files with hacked mandoc to avoid issues with historic
+ nroff.
+ [d45cfa7d665f]
+
+2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
+ Fix groff warnings.
+ [111d522ca807]
+
+ * doc/Makefile.in:
+ Fix dependencies for .man.in files.
+ [aefeffe1af2b]
+
+ * .hgignore:
+ Add doc/*.mdoc to ignore file
+ [1e4de6ef2ad8]
+
+ * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.mdoc.in:
+ Build .man.in and .cat files from .mdoc.in files. Add new --with-man
+ and --with-mdoc configure options.
+ [c963fd7e8f80]
+
+2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
+ Sudo manuals formatted in mdoc, to replace the pod versions.
+ [e6dca4030451]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
+ More minor costmetic fixes.
+ [a7287a68385a]
+
+2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Minor cosmetic fixes.
+ [9c48bdaf3946]
+
+2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
+ Use "a password is required" instead of "password required" when the
+ -n flag is used and we need to read a password.
+ [a3c30fc41648]
+
+2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention logging changes.
+ [8238fd6e02e8]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [e2cf634ba63b]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document that other mail_* flags have precedence over mail_badpass.
+ [9f4cc9188f40]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Move log_denial() calls and logic to log_failure(). Move
+ authentication failure logging to log_auth_failure(). Both of these
+ call audit_failure() for us.
+
+ This subtly changes logging for commands that are denied by sudoers
+ but where the user failed to enter the correct password. Previously,
+ these would be logged as "N incorrect password attempts" but now are
+ logged as "command not allowed". Fixes bug #563
+ [cad35f0b3ad7]
+
+2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/aix.c:
+ Do not set a resource limit to zero when we are unable to fetch a
+ value from /etc/security/limits.
+ [62bfb0a7895e]
+
+2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add "Provides: sudo" to debian sudo-ldap package
+ [beb8afa0beb2]
+
+2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, zlib/Makefile.in:
+ Define NO_VIZ for zlib when gcc doesn't support symbol visibility
+ attributes.
+ [9fdcbf526386]
+
+ * configure, configure.in:
+ Use the autoconf cache when checking for symbol export control
+ support.
+ [03c2cce8711f]
+
+ * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
+ configure.in, mkpkg, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in:
+ Add configure check for building PIE executables instead of doing it
+ in mkpkg.
+ [02b5b78ef258]
+
+ * sudo.pp:
+ MacOS pp backend doesn't like modes longer than 4 characters.
+ [01b49022bf01]
+
+2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
+ -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
+ will strip -fstack-protector from the linker flags and we always
+ link with libtool.
+ [0a0a0250ac2b]
+
+2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Regen for sudo 1.8.6
+ [1657ee28b496]
+
+ * NEWS, doc/sudoers.ldap.pod:
+ Document improved Tivoli Directory Server support.
+ [fb411edf4687]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
+ Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
+ option to specify Tivoli key db password. Allow TLS ciphers to be
+ configured for Tivoli.
+ [737e17c91e60]
+
+2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Tivoli Directory Server 6.3 libs always return a (bogus) error when
+ setting LDAP_OPT_CONNECT_TIMEOUT.
+ [504406637c38]
+
+ * NEWS:
+ Update
+ [687a755604e8]
+
+ * plugins/sudoers/ldap.c:
+ Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
+ same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
+ set an ldap option fatal.
+ [17cf93ae3304]
+
+2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Zero pointers in sudo_user struct after freeing, just in case.
+ [8eff1f80b943]
+
+ * plugins/sudoers/sudoers.c:
+ Free user_gids in close function if it has not already been freed.
+ [cbce28877f37]
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Defer group ID to name resolution until we actually need it.
+ [463e75b81e89]
+
+ * src/sudo.c:
+ It is safe to read in sudo.conf before calling user_info().
+ [3290b6434e3c]
+
+ * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
+ Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
+ prevent potential truncation. Bug #562.
+ [29d9fc4e0c4e]
+
+2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ If installing with installp, error out if there is already an
+ instance of the rpm package installed.
+ [ec24c6faba22]
+
+ * mkpkg:
+ Add --disable-nls for AIX
+ [192ac2f7d65e]
+
+2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Debian sudo-ldap packages should now depend on libldap-2.4-2, not
+ libldap2.
+ [cbcec71e6b58]
+
+2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add Homepage and Bugs to debian control file.
+ [0f19d7d14e66]
+
+2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ fix typo when setting aix_freeware
+ [2fd6feb50195]
+
+ * common/Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
+ Don't run regress tests or sudoers sanity check (using the newly-
+ built visudo) when cross compiling. Bug #560
+ [0c4e3f68b2f5]
+
+ * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
+ plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.exp,
+ plugins/sample_group/sample_group.map,
+ plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
+ plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.exp,
+ plugins/system_group/system_group.map,
+ plugins/system_group/system_group.sym:
+ Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
+ it on demand Use a loader option file for HP-UX ld to explicitly
+ export symbols
+ [2402ff5302ab]
+
+ * src/Makefile.in:
+ Remove extraneous backslash
+ [8ca054de138c]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Don't check for errorx as an exported symbols as it is now a macro.
+ Check for user_in_group() instead.
+ [7b02c8ecd3ea]
+
+2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Adjust ld map file support to use an anonymous scope to match the
+ updated .map files.
+ [49be44282d9e]
+
+2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, include/gettext.h:
+ Older versions of Solaris lack ngettext()
+ [028af10dfa5f]
+
+ * configure, configure.in:
+ Move the check for -static-libgcc until after AC_LANG_WERROR has
+ been called and use AX_CHECK_COMPILE_FLAG().
+ [a7b09120e7ff]
+
+ * include/gettext.h:
+ Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
+ [3aa2780d4a4e]
+
+ * include/error.h, include/sudo_debug.h:
+ Fix gcc 2.x variant macro support.
+ [8e71c2370997]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
+ Fix compilation on gcc 2.95 and other compilers that only allow
+ variable declarations at the beginning of a block.
+ [9d80c802bb46]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Link check_symbols with SUDO_LIBS to make sure we link with the
+ requisite libraries to successfully dlopen sudoers.so. This is
+ needed on HP-UX where a program dlopen()ing a shared object that
+ uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
+ pthreads).
+ [b8961cd82337]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Add check for exported local symbols. This will cause a "make check"
+ failure on systems where we don't support symbol hiding.
+ [8aa549389bb1]
+
+ * configure, configure.in:
+ Additional ${foo} -> $(foo) Makefile tweaks.
+ [046bbde18f52]
+
+ * plugins/sample/sample_plugin.map,
+ plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
+ plugins/system_group/system_group.map:
+ No need to provide a name for the scope in the map file since we
+ don't use the it for versioning.
+ [5ed4b997560d]
+
+2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Add regress test for symbol visibility.
+ [9adddd4e0518]
+
+2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ sudo 1.8.6
+ [57008a7afb77]
+
+ * configure, configure.in, include/missing.h:
+ Add support for controlling symbol visibility using the HP and
+ Solaris C compilers.
+ [46d5b468979e]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.h:
+ Use the expanded io log dir when updating the sequence number.
+ Includes a workaround for older versions of sudo where the sequence
+ number was stored in the unexpanded io log dir.
+ [210797dab9a8]
+
+2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Simplify "sudo -s" argv rewriting.
+ [7be143dae7c5]
+
+ * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in,
+ src/sudo_noexec.map:
+ Don't use a map file for sudo_noexec.so since Solaris ld doesn't
+ allow '*' in the global section. The libtool export flag is now
+ added to LT_LDFLAGS instead of commenting/uncommenting lines.
+ [38fc37a66b04]
+
+2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, include/missing.h:
+ The visibility attribute was actually added in gcc 3.3.x, not 4.0.
+ Just assume that if -fvisibility=hidden works that the attribute is
+ usable.
+ [d3904d6faf14]
+
+ * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
+ plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
+ plugins/system_group/system_group.c:
+ Export group cache from sudoers.so for system_group.so to use.
+ [16695d207fc5]
+
+ * MANIFEST, configure, configure.in, include/missing.h,
+ plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
+ plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.map, src/sudo_noexec.c,
+ src/sudo_noexec.map:
+ Use gcc's visibility attribute to specify when symbols are visible
+ or hidden, if available. If not available, use an ELF version script
+ if it is supported. If all else fails, fall back to using libtool's
+ -export-symbols.
+ [64e889921727]
+
+2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add mode for installed locale files but leave the directories with
+ default mode and owner.
+ [142237dbb31f]
+
+2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Install AIX packages under /opt/freeware with links in /usr/bin and
+ /usr/sbin. This matches the layout of the sudo package from AIX
+ freeware.
+ [0b79d47bbe01]
+
+ * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
+ Install shared objects with mode 0644 except on HP-UX which needs
+ the executable bit set.
+ [ae416af0ba6c]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Make installed file modes consistent with the file modes in the sudo
+ package.
+ [307386373289]
+
+2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ Add "%:" prefix when talking about QAS non-Unix group support.
+ [7cb25f6861f8]
+
+ * pp, sudo.pp:
+ Fix packaging of symbolic links on HP-UX when the link source
+ already exists in the filesystem.
+ [c9bb48031596]
+
+ * mkpkg:
+ Only specify prefix if we are overriding the default value. Fixes
+ the man dir (/usr/local/man vs. /usr/local/share/man).
+ [65351b6c1697]
+
+ * sudo.pp:
+ Fix setting of sudoedit_man variable.
+ [9beed9ae5bba]
+
+ * doc/Makefile.in:
+ Echo the command when linking the sudoedit manual.
+ [6c83b5657b55]
+
+2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Build .deb packages with selinux support.
+ [3fd9cb1b4526]
+
+2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Don't list paths for unstripped binaries in the lintial overrides.
+ [4c8e16f1773b]
+
+ * pp:
+ Add support for Installed-Size header in control file, required by
+ newer debian versions.
+ [e97d76234bee]
+
+ * pp:
+ Fix extended description in .deb files.
+ [d35e27ace146]
+
+ * sudo.pp:
+ Add Depends, Replaces and Conflicts headers for .deb packages.
+ [76eb6c4b3278]
+
+2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ If there are no privs to print, write the message to the lbuf
+ instead of printing it directly.
+ [ecd56226abb7]
+
+2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set -e in %pos and %preun for debian to quiet a lintian warning.
+ [8bb908514df9]
+
+ * doc/Makefile.in, src/Makefile.in, sudo.pp:
+ Install sudoedit and the sudoedit manual as symbolic links, not hard
+ links and package them as such.
+ [f317ff3cf3e7]
+
+ * sudo.pp:
+ Make sudo binary permissions 755 instead of 111 Add lintian
+ overrides file for .deb files.
+ [991cd7d7f0e1]
+
+ * configure, configure.in, doc/Makefile.in, mkpkg:
+ Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
+ MANCOMPRESSEXT which can be used to compress the installed manual
+ pages. Compress the man pages for .deb files to appease lintian.
+ [4e34083b41d2]
+
+ * sudo.pp:
+ Debian fixes:
+ * fix modes to be more in line with what Debian expects
+ * add section
+ * install LICENSE as copyright and ChangeLog as changelog
+ * create stub changelog.debian
+ [7f6c5647f588]
+
+ * pp:
+ Fix find command to properly skip files in the DEBIAN dir when
+ building md5sums.
+ [8918bde941fa]
+
+ * pp, sudo.pp:
+ Use a debian-compliant package maintainer field.
+ [fc51a94170eb]
+
+2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ No need to loop over atomic_writev(), it guarantees to write all
+ data or return an error.
+
+ Fix handling of stdout/stderr that contains "\r\n" and handle a
+ "\r\n" pair that spans a buffer.
+ [8aaf02d90c45]
+
+2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.8.5p2
+ [d369d4d40a19]
+
+ * plugins/sudoers/sudoreplay.c:
+ Instead of doing extra write()s when replaying stdout, build up a
+ vector for writev() instead. This results in far fewer system calls.
+ [303d866c025c]
+
+2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
+ Provide unhooked version of getenv() and use it when looking up
+ DISPLAY and SUDO_ASKPASS in the environment.
+ [04dbdccf4a14]
+
+2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ When replaying a log of stdout or stderr, do newline to carriage
+ return + linefeed conversion. We cannot have termios do this for us
+ since we've disabled output postprocessing (POST) when setting raw
+ mode.
+ [61352a7d996f]
+
+2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ When checking for -fstack-protector, treat warnings as fatal errors.
+ [4124cd12d511]
+
+2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix test for -z relro
+ [548bdb6f5c4a]
+
+ * MANIFEST:
+ Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
+ [ed063264a2a1]
+
+ * INSTALL, aclocal.m4, configure, configure.in,
+ m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
+ Build with -fstack-protector and link with -zrelo where supported.
+ Added --disable-hardening option to disable hardening options.
+ [0b6c1a1ceb03]
+
+2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.out.ok,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.inc,
+ plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/testsudoers.c:
+ Add tests for sudoers mode, owner and group checks.
+ [a7607443aba0]
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ If sudoers_mode is group-readable but the actual sudoers file is
+ not, open the file as uid 0, not uid 1. This fixes a problem when
+ sudoers has a more restrictive mode than what sudo expects to find.
+ In older versions, sudo would silently chmod the file to add the
+ group-readable bit.
+ [c056b6003e6f]
+
+ * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
+ No longer throw an error if sudoers is a symbolic link. Deprecated
+ the --with-stow option as that is now (effectively) the default.
+ [8ce783e54886]
+
+2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test2.inc,
+ plugins/sudoers/regress/testsudoers/test2.out.ok,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.d/root,
+ plugins/sudoers/regress/testsudoers/test3.out.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh:
+ Add basic tests for #include and #includedir
+ [b303e4218951]
+
+ * plugins/sudoers/testsudoers.c:
+ Add -U sudoers_uid option to testsudoers.
+ [3f8ed13501ba]
+
+2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ Update for 1.8.5p1
+ [c33c49bf5b4b]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix #includedir; from Mike Frysinger
+ [d4833d4e39a0]
+
+ * plugins/sudoers/check.c:
+ Don't prompt for a password if the user is in the exempt group, is
+ root, or is running the command as themselves even if the -k option
+ was specified. This makes "sudo -k command" consistent with the
+ behavior one would get if the user ran "sudo -k" immediately before
+ running the command.
+ [632b3961df00]
+
+2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Fix capitalization
+ [7258aa977caf]
+
+ * mkpkg:
+ Build PIE executable on Mac OS X 10.5 and above.
+ [2a5c7ef92182]
+
+2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.8.4p5
+ [21164f508b68]
+
+ * plugins/sudoers/match_addr.c:
+ Add missing break between AF_INET and AF_INET6 in
+ addr_matches_if_netmask()
+ [672a4793931a]
+
+ * plugins/sudoers/mon_systrace.c:
+ Move systrace monitor code to the attic
+ [d6faf4754e9c]
+
+2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ The pointer to the siginfo_t struct in a signal handler may be NULL.
+ [41a4ee934b53]
+
+2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c:
+ Fix an alignment problem on NetBSD systems with a 64-bit time_t and
+ strict alignment. Based on a patch from Martin Husemann.
+ [1e5ba3c18f17]
+
+ * include/missing.h:
+ Add offsetof macro for those without it.
+ [e44cb51d2587]
+
+ * MANIFEST:
+ add system_group plugin
+ [6169793b510c]
+
+2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/dlopen.c:
+ Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
+ [85bd03bc5d94]
+
+2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention system_group plugin
+ [05393dd4bdb8]
+
+ * Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in:
+ update depends
+ [6feb0b824fc4]
+
+ * plugins/system_group/system_group.c:
+ Only call gr_delref() when use sudo's password caching functions.
+ [1103442e21fa]
+
+ * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
+ Add missing dependency on libreplace.la
+ [05bfd9d4657f]
+
+ * compat/dlopen.c:
+ Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
+ PROG_HANDLE.
+ [2382d0693acc]
+
+ * Makefile.in, configure, configure.in,
+ plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c,
+ plugins/system_group/system_group.sym:
+ Add group plugin that does lookups by name using the system group
+ database.
+ [2ddbb604112f]
+
+ * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
+ src/po/pl.po:
+ sync with translationproject.org
+ [4ef05df4226d]
+
+2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
+ src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
+ src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
+ src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [115c3f828fc5]
+
+2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Add mode for docdir and use '-' (default) for localedir mode. Fixes
+ a problem on Linux when building in a directory with the setgid bit
+ set.
+ [582279c8bcb1]
+
+2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Match CentOS 6.0
+ [1e99ef210f98]
+
+2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with recent changes
+ [c5fc220ba696]
+
+ * pp:
+ Fix version check on AIX
+ [d272e39112f4]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [72b23509465a]
+
+ * plugins/sudoers/ldap.c:
+ Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
+ SDK.
+ [87b685e70b9a]
+
+ * plugins/sudoers/ldap.c:
+ Fix printing of invalid uri
+ [645aa53acdde]
+
+ * plugins/sudoers/auth/pam.c:
+ Pass PAM_SILENT when deleting creds to remove an annoying warning
+ message on Solaris.
+ [1dd0301ef293]
+
+2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/utmp.c:
+ Fix the setutxent and endutxent compatibility defines (this time
+ correctly) when only setutent and endutent are available.
+ [d136d2867db9]
+
+ * plugins/sudoers/ldap.c:
+ sudo_ldap_set_options_global() should not take an LDAP handle as an
+ argument since the options affect the global settings.
+ [1dc39b9d20f2]
+
+ * mkpkg:
+ Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
+ [c7716291a856]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
+ src/sudo.h:
+ Call the policy's init_session() function before we fork the child.
+ That way, the session is created and destroyed in the same process,
+ which is needed by some modules, such as pam_mount.
+ [ece552ba002e]
+
+ * doc/TROUBLESHOOTING:
+ Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
+ not specified.
+ [bd293e100b28]
+
+ * plugins/sudoers/auth/pam.c:
+ Delete creds after closing the PAM session.
+ [5158d726d6a5]
+
+ * plugins/sudoers/ldap.c:
+ Provide a more useful error message if using a Mozilla-style LDAP
+ SDK and you forgot to specify TLS_CERT in ldap.conf.
+ [7cb78feb899c]
+
+ * src/exec_pty.c:
+ Add missing initialization of a sigaction structure when I/O
+ logging. Fixes a potential problem when suspending the command.
+ [f4480f2ba816]
+
+ * plugins/sudoers/ldap.c:
+ Split global and per-connection LDAP options into separate arrays.
+ Set global LDAP options before calling ldap_initialize() or
+ ldap_init(). After we have an LDAP handle, set the per-connection
+ options. Fixes a problem with OpenLDAP using the nss crypto backend;
+ bug #342
+ [265c9d2dc12b]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
+ src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [6d7fe44be21e]
+
+2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c, src/sudo.h:
+ Move struct passwd pointer into struct command details.
+ [d6fb1eff2065]
+
+2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Sync with upstream for Mac OS X (and other) fixes.
+ [c2f4998d01b0]
+
+ * mkpkg:
+ Only built Mac intel universal binary on an intel machine.
+ [0009e0b7e5a8]
+
+ * src/Makefile.in:
+ Do not pass libtool the -static-libtool-libs option when building
+ sudo and sesh. Otherwise, libtool may prefer a static version of an
+ installed library over a dynamic one when linking.
+ [6fbac9adc885]
+
+2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
+ Add German translation for sudo Add Croatian translation for sudoers
+ [fa4da1a6530c]
+
+ * plugins/sudoers/iolog.c:
+ typo fix in comment
+ [abd721d1288e]
+
+2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with recent changes
+ [6fa11e8448b9]
+
+ * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Sort xgettext output by file name.
+ [f650841810f0]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
+ Clarify what "sudoreplay -l" displays and mention that it is sorted.
+ [84031c117bd6]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Use AC_HEADER_MAJOR to determine where major/minor are defined.
+ [3c949650a223]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Include sys/mkdev.h if present instead of sys/sysmacros.h for
+ minor(). This is needed on Solaris (at least) where the makedev
+ macros in sysmacros.h are obsolete and library functions should be
+ used instead.
+ [343928acf81e]
+
+ * mkpkg:
+ When building on Mac OS X, only set SDK_FLAGS if specified osversion
+ doesn't match host.
+ [d84c6efac872]
+
+2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Add back buf and tty variables for _ttyname() case that were
+ inadvertantly removed.
+ [a4a820b22a44]
+
+2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [5446b12c1250]
+
+ * configure, configure.in:
+ Remove b8 from version number.
+ [5adc4dcec061]
+
+ * src/ttyname.c:
+ remove some XXX
+ [187579a5f593]
+
+ * src/ttyname.c:
+ When looking for a device match, do a breadth-first search instead
+ of depth-first. We already special case /dev/pts/ so chances are
+ good that if it is not a pseudo-tty it is in the base of /dev/. Also
+ avoid a stat(2) when possible if struct dirent has d_type.
+ [0183f8a1b278]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/sudo.c, src/sudo.h:
+ Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
+ [f0574d878491]
+
+ * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
+ src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
+ src/po/vi.mo:
+ sync with translationproject.org
+ [4527ea78fbd5]
+
+ * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
+ src/po/hr.mo, src/po/hr.po:
+ New Croatian and Galician translations from translationproject.org
+ [ad4bd924b4de]
+
+ * src/ttyname.c:
+ Add depth-first traversal of /dev/ for the /proc case when not
+ /dev/pts/N
+ [499bd3456774]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
+ If struct dirent has d_type, use it to avoid an extra stat().
+ [741dabbe4bcd]
+
+ * plugins/sudoers/sudoreplay.c:
+ Sort output of "sudoreplay -l"
+ [c0615795bd4b]
+
+2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix duplicate free introduced in last rev
+ [efdaabe69d75]
+
+2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Instead of treating ^C from tgetpass() specially, always return
+ AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
+ like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
+ [a3b17298d4d0]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Rototill code to determine the tty. For Linux, we now look up the
+ tty device in /proc/pid/stat instead of trying to open
+ /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
+ device number to a string. On BSD, we can use devname(). On Solaris,
+ _ttyname_dev() does what we want. TODO: write /dev/ traversal code
+ for the generic sudo_ttyname_dev().
+ [6b22be4d09f0]
+
+2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Define PRNODEV for those w/o it.
+ [f17290e64559]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Check for SVR4-style struct psinfo.pr_ttydev and use that to
+ determine the tty if std{in,out,err} are not ttys.
+ [76ad33a91f4b]
+
+ * src/ttyname.c:
+ Better support for SVR4-style /proc entries where we can't use
+ ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
+ attempt to map the device number back to the correct pseudo-tty
+ slave device.
+ [4f9f48cc79eb]
+
+ * src/ttyname.c:
+ When trying to determine the tty name, check parent's stderr in
+ addition to its stdin and stdout.
+ [604644056c7d]
+
+ * src/exec_pty.c:
+ Treat a tty read failure like EOF as it usually means the pty has
+ gone away. Handle write() on the tty returning EIO.
+ [16957f4a706f]
+
+ * src/exec.c, src/exec_pty.c:
+ Linux select() may return ENOMEM if there is a kernel resource
+ shortage. Older Solaris select() may return EIO instead of EBADF
+ when the tty goes away. If we get an unhandled select() failure,
+ kill the child and exit cleanly.
+ [d93940a311ab]
+
+ * src/ttyname.c:
+ Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
+ block in open.
+ [a9f809d09d52]
+
+2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Fix restoration of AIX permissions.
+ [30c717115988]
+
+ * src/parse_args.c:
+ Allow the -k flag to be used along with the -i and -s flags.
+ [0653b17c97f1]
+
+ * plugins/sudoers/sudoreplay.c:
+ Plug memory leak in parse_logfile() in the error path.
+ [9cce86fa833b]
+
+ * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
+ src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
+ src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [14af43d0b170]
+
+2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/regress/glob/globtest.c, config.h.in, configure,
+ configure.in, plugins/sudoers/match.c:
+ Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
+ glob() and fnmatch() results to be consistent.
+ [4226750d73c2]
+
+2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
+ src/ttysize.c:
+ Move ttysize.c to common so sudoreplay can use it.
+ [b4a0aa514cd4]
+
+ * plugins/sudoers/sudoreplay.c:
+ If I/O log file includes rows + cols, warn if the user's tty is not
+ big enough.
+ [b980ef89efff]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix printing of TSID in "sudoreplay -l"
+ [4221e3e108b4]
+
+ * common/sudo_debug.c, include/sudo_debug.h,
+ plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c:
+ Log the process id in the debug file output. Since we don't want to
+ keep calling getpid(), stash the value at init time and when we
+ fork().
+ [2782d30c024d]
+
+ * src/exec_pty.c:
+ Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
+ is better to receive EIO from read()/write() than to be suspended
+ when we don't expect it. Fixes a problem when our terminal is
+ revoked which can happen when, e.g. our sshd is killed
+ unceremoniously. Also, only change the value of "alive" from true to
+ false, never from false to true. It is possible for us to receive
+ notification of the child having stopped after it is already dead.
+ This does not mean it has risen from the grave.
+ [26c9fe8ce0f9]
+
+ * src/exec_pty.c:
+ Distinguish between signals we received from the parent vs. those
+ delivered explicitly to the monitor process in debugging info.
+ [40716cb180e5]
+
+2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
+ Update tty_is_devpts() to match so we can determine when the tty has
+ been reused.
+ [2689665df027]
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
+ Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
+ and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
+ This allows consumers of sudo_debug_printf() to log that data
+ without having to specify it manually.
+ [7c94c4879208]
+
+ * src/exec_pty.c:
+ Make this compile after last change.
+ [ee09034f3266]
+
+ * src/exec_pty.c:
+ Don't try to restore the terminal if we are not the foreground
+ process. Otherwise, we may be stopped by SIGTTOU when we try to
+ update the terminal settings when cleaning up.
+ [c48b24335456]
+
+ * src/exec.c:
+ If select() return EBADF in the main event loop, one of the ttys
+ must have gone away so perform any I/O we can and close the bad fds.
+ [3bc8678c03ce]
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
+ function, file and line number in the debug log for warning() and
+ error().
+ [894cd131f11d]
+
+2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ src/conversation.c:
+ Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
+ Use this flag when wrapping error() and warning() so the debug
+ output includes the error string.
+ [1e2c67adaf1f]
+
+2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.8.5
+ [7d2b62b823fe]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [718ad9de92cd]
+
+ * doc/CONTRIBUTORS:
+ sync
+ [f48013aea641]
+
+ * plugins/sudoers/pwutil.c:
+ Use ecalloc()
+ [fabd23c1f271]
+
+ * src/exec_pty.c:
+ Don't need zero_bytes() after ecalloc()
+ [1a9d95cd10ef]
+
+ * config.h.in, configure, configure.in, src/sudo_noexec.c:
+ Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
+ sudo_noexec.c.
+ [cbaa1d4b0f8a]
+
+ * src/utmp.c:
+ Fix compat setutxent and endutxent macros for systems with
+ setutent() but not setutxent(). From Gustavo Zacarias
+ [d7ce622fc5f2]
+
+2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Add ignore_result definition to AH_BOTTOM
+ [8d4096838a98]
+
+ * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Fix compiler warnings on some platforms and provide a better method
+ of defeating gcc's warn_unused_result attribute.
+ [9a8f804fcc75]
+
+ * configure, configure.in:
+ Fix building the builtin zlib from a build dir. When a zlib dir was
+ specified, prepend its include path instead of appending so we get
+ the right zlib headers.
+ [5f61d591b186]
+
+ * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
+ zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
+ zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
+ zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
+ zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Update zlib to version 1.2.6
+ [173c4bc4d4fc]
+
+2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ g/c __unused which is no longer used
+ [7ef3f23edcd6]
+
+ * src/env_hooks.c:
+ Fix compilation if RTLD_NEXT is not defined.
+ [d5605f468b71]
+
+ * src/po/sr.mo, src/po/sr.po:
+ sync with translationproject.org
+ [27d559f7985d]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.man.in:
+ regen
+ [f9f63ce478b6]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [59035d82d15a]
+
+ * Makefile.in:
+ Ignore Project-Id-Version when comparing pot files.
+ [22feb9ede46b]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use error() instead of log_fatal()
+ [54130bda4b50]
+
+ * plugins/sudoers/env.c:
+ Fix signedness of didvar in env_update_didvar()
+ [77048a80b3e4]
+
+ * plugins/sudoers/iolog.c:
+ Quiet a compiler warning on some platforms.
+ [8fdcaece0400]
+
+ * compat/fnmatch.c:
+ cast ctype(3) function/macro arguments from char to unsigned char to
+ avoid potential negative subscripting.
+ [bdcf7eef21ef]
+
+ * common/setgroups.c:
+ Quiet a warning on systems where the gids array in setgroups() is
+ not prototyped as being const, even though it really is.
+ [fdd758c6302d]
+
+ * src/env_hooks.c:
+ Quiet a compiler warning on systems where the argument to putenv(3)
+ is const.
+ [51bae2193b53]
+
+ * plugins/sudoers/sudoreplay.c:
+ Undo an incorrect int -> bool conversion.
+ [b9a4ce320f14]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
+ src/po/sv.mo, src/po/sv.po:
+ Add Swedish sudo and sudoers translations from
+ translationproject.org
+ [f7ce1de9073f]
+
+ * plugins/sudoers/env.c:
+ No need to preserve ODMDIR on AIX now that we always read
+ /etc/environment.
+ [4aa04b2f0125]
+
+2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/env.c:
+ When initializing the environment for env_reset, start out with the
+ contents of /etc/environment on AIX and login.conf on BSD.
+ [5717bdc321e2]
+
+ * doc/TROUBLESHOOTING, src/sudo.c:
+ If we are not running with an effective uid of 0, try to give the
+ user enough information to debug the problem.
+ [fa4894896d8a]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
+ Quiet a clang-analyzer false positive.
+ [c4c0c1b9c8b0]
+
+ * src/tgetpass.c:
+ If there is nothing to read from the askpass program, set errno to
+ EINTR. This makes the cancel button behave like the user entered ^C
+ at the password prompt when PAM is used.
+ [594302cb9caf]
+
+ * src/sudo.h, src/tgetpass.c:
+ Fetch the value of "askpass" from the sudo conf struct.
+ [4593ee8f1bd3]
+
+ * common/sudo_conf.c:
+ Fix matching of "Path askpass" and "Path noexec"
+ [4df28d62afb9]
+
+2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Quiet a clang-analyzer dead store warning.
+ [dd90bf385a3f]
+
+ * plugins/sudoers/sudoers.c:
+ If the "timestampowner" user cannot be resolved, use ROOT_UID
+ instead of exiting with a fatal error.
+ [8d62aae99715]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/env.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ Remove the NO_EXIT flag to log_error() and add a log_fatal()
+ function that exits and is marked no_return. Fixes false positives
+ from static analyzers and is easier for humans to read too.
+ [a0fe785c2a3d]
+
+2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
+ src/po/eo.po:
+ sync with translationproject.org
+ [df5e8777de13]
+
+2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/da.mo, src/po/da.po:
+ sync with translationproject.org
+ [629d99548b78]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ sync with translationproject.org
+ [9d122a2860d6]
+
+2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/it.mo, src/po/it.po:
+ sync with translationproject.org
+ [6397593b15cf]
+
+ * common/sudo_conf.c, plugins/sudoers/alias.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
+ src/load_plugins.c:
+ Use ecalloc() when allocating structs.
+ [8b5888868db2]
+
+ * common/alloc.c, include/alloc.h:
+ Add ecalloc() and commented out recalloc(). Use inline strnlen()
+ instead of strlen() in estrndup().
+ [7fb9aa46c1e0]
+
+2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
+ src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
+ src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ sync with translationproject.org
+ [45a032c37334]
+
+2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Remove unused label
+ [2660bb0c1313]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document what changed in each plugin API revision
+ [59b30a6fc4d1]
+
+ * plugins/sudoers/set_perms.c:
+ Remove bogus optimization that could lead to a double free of the
+ group list.
+ [b0bfbd2a83a8]
+
+2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Expand AIX /etc/security/privcmds entry.
+ [9f3f072e034e]
+
+ * NEWS:
+ Update for sudo 1.8.5
+ [086049011f25]
+
+ * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
+ include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ Rename plugin "args" to "options"
+ [f25624951bd2]
+
+ * doc/CONTRIBUTORS:
+ Add Lithuanian and Vietnamese translators
+ [2b4c075b69e3]
+
+ * Makefile.in:
+ Ignore comments when comparing new and old pot files.
+ [f872999347b3]
+
+ * src/Makefile.in:
+ regen
+ [c8193b1b11c7]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
+ regen
+ [15e3c17e8a3a]
+
+ * doc/sudo_plugin.pod, include/sudo_plugin.h,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
+ src/sudo.c, src/sudo.h:
+ Pass a pointer to user_env in to the init_session policy plugin
+ function so session setup can modify the user environment as needed.
+ For PAM authentication, merge the PAM environment with the user
+ environment at init_session time. We no longer need to swap in the
+ user_env for environ during session init, nor do we need to disable
+ the env hooks at init_session time.
+ [3f5277b359d8]
+
+ * plugins/sample/sample_plugin.c:
+ Add explicit NULL entries for init_session, register_hooks and
+ deregister_hooks with appropriate comments.
+ [727a57978b40]
+
+ * compat/pw_dup.c:
+ Quiet a gcc "used uninitialized in this function" false positive.
+ [f14b68379ce9]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ We should always call warning() with a format string or a string
+ literal. In this case, the argument (path) is not user-controlled.
+ [e9ef51224024]
+
+2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/selinux.c:
+ Include sudo_exec.h for the sudo_execve() prototype.
+ [769e58065edc]
+
+ * config.h.in, configure, configure.in:
+ Add check for pam_getenvlist()
+ [36bde3f26c60]
+
+ * common/sudo_conf.c:
+ Set args to NULL in default plugin info struct when there is no
+ Plugin line in sudo.conf.
+ [93ec67708f01]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [a9287677795c]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [a242769d7962]
+
+ * configure, configure.in:
+ Bump version to 1.8.5
+ [e8618f0c2505]
+
+ * doc/sudo_plugin.pod:
+ Document hooks API
+ [e6ad07d27958]
+
+2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
+ [fd72340042d3]
+
+ * include/sudo_plugin.h:
+ Use sudo_hook_fn_t in struct sudo_hook.
+ [938f93112d6e]
+
+ * doc/TROUBLESHOOTING:
+ If cross compiling, --host must include the OS in the tuple. E.g.
+ --host powerpc-unknown-linux
+ [b8c010070c1e]
+
+2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix bogus int -> bool conversion; tags can have a value of -1.
+ [e63d6434a303]
+
+ * plugins/sudoers/env.c:
+ Add env_should_keep() and env_should_delete() wrapper functions to
+ simplify things a bit and hide the fact that matches_env_check() is
+ not bool.
+ [7a03d7a12b50]
+
+ * sudo.pp:
+ Fix application of debian-specific sudoers mods when building
+ packages as non-root.
+ [34bf4c52c425]
+
+ * plugins/sudoers/env.c:
+ matches_env_check() returns int, not boolean
+ [0ad915b8d5cb]
+
+ * src/sudo_edit.c:
+ Fix compilation when seteuid() is not available.
+ [8a722f998000]
+
+ * src/ttyname.c:
+ Simply move the free of ki_proc outside the realloc() loop.
+ [217b786da760]
+
+ * src/ttyname.c:
+ Bring back the erealloc() for the ENOMEM loop and just zero the
+ pointer after we free it.
+ [29a016e45127]
+
+ * src/ttyname.c:
+ Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
+ [266e08844065]
+
+2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Use normal error path if unable to set sudoers gid.
+ [01c816918c99]
+
+ * plugins/sudoers/set_perms.c:
+ Make this work again on systems w/o seteuid().
+ [2e67f7421e97]
+
+2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Fix compilation if no seteuid/setreuid/setresuid available.
+ [d0b3c1f88eb4]
+
+ * plugins/sudoers/set_perms.c:
+ Better error messages, and added debugging throughout. Fixed
+ seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
+ AIX version of restore_perms(). Added checks to avoid changing
+ uid/gid when we don't have to. Never set gid/uid state to -1, use
+ the old value instead.
+ [29188d469b5c]
+
+ * src/exec_pty.c, src/ttyname.c:
+ Fix format string warning on Solaris with gcc 3.4.3.
+ [d1eeb6e1dd0f]
+
+ * src/sudo.c:
+ Always declare environ now that we swap it around unilaterally.
+ [aaa3e92e7d0d]
+
+ * src/Makefile.in:
+ Honor LDFLAGS when linking sesh; from Vita Cizek
+ [498b41438f6e]
+
+ * src/sesh.c:
+ Include alloc.h for estrdup() prototype; from Vita Cizek
+ [93203655a320]
+
+2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Don't read /etc/environment on Linux when using PAM, PAM should set
+ the environment variables as needed via pam_env.
+ [b1ef62cb2d40]
+
+ * INSTALL:
+ Fix editor goof.
+ [0c3dd3bb8b57]
+
+ * src/hooks.c, src/sudo.c, src/sudo.h:
+ Disable environment hooks after we get user_env back to make sure a
+ plugin can't to modify user_env after we "own" it. This is kind of a
+ hack but we don't want the init_session plugin function to modify
+ user_env.
+ [8e6d119452a5]
+
+ * src/hooks.c, src/sudo.c:
+ Add support for deregistering hooks. If an I/O log plugin fails to
+ initialize, deregister its hooks (if any).
+ [ac00c93900c5]
+
+2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
+ setenv.
+ [e75469dd9908]
+
+ * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
+ compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
+ configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
+ src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Initial cut at a hooks implementation. The plugin can register hooks
+ for getenv, putenv, setenv and unsetenv. This makes it possible for
+ the plugin to trap changes to the environment made by authentication
+ methods such as PAM or BSD auth so that such changes are reflected
+ in the environment passed back to sudo for execve().
+ [61cffa06f863]
+
+2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, src/po/vi.mo, src/po/vi.po:
+ Add Vietnamese sudo translation from translationproject.org
+ [96df426790d5]
+
+2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
+ doc/sudoers.pod:
+ List sudo_noexec.so not noexec.so in the sample sudo.conf
+ [53844e190ec5]
+
+ * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
+ doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ Add support for plugin args at the end of a Plugin line in
+ sudo.conf. Bump the minor number accordingly and update the
+ documentation. A plugin must check the sudo front end's version
+ before using the plugin_args parameter since it is only supported
+ for API version 1.2 and higher.
+ [587f1f819536]
+
+2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ update depends
+ [6d2da44e11e5]
+
+ * MANIFEST:
+ secure_path.c is in common, not compat
+ [619c4a663dde]
+
+ * configure, configure.in:
+ Add check for variadic macro support in cpp.
+ [756854caf675]
+
+2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add type param to sudo_secure_path() and add sudo_secure_file() and
+ sudo_secure_dir() wrappers which get by #includedir in sudoers.
+ [2ec2d3d8df04]
+
+2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
+ Check the owner and mode in -c (check) mode unless the -f option is
+ specified. Previously, the owner and mode were checked on the main
+ sudoers file when the -s (strict) option was given, but this was not
+ documented.
+ [b2d6ee1e547a]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
+ of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
+ [159f6a50456a]
+
+2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS:
+ Add Eric Lakin for patch in bug #538
+ [490c29c234c6]
+
+ * src/exec_pty.c:
+ Fix typo in safe_close() made while converting to debug framework
+ that prevented it from actually closing anything.
+ [a66422a62afd]
+
+ * src/exec_pty.c:
+ Add some more debugging.
+ [b5667947dda9]
+
+ * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
+ include/Makefile.in:
+ We need sysconfdir in compat/Makfile to get the proper sudo.conf
+ path. Add standard prefix and foodir expansion in all Makefiles to
+ avoid this problem in the future.
+ [62b6ce4ecae9]
+
+2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
+ New Lithuanian sudoers translation from translationproject.org
+ [10436b649035]
+
+ * plugins/sudoers/po/ja.po:
+ Update from translationproject.org
+ [acb8db5f8ef1]
+
+2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ When adding gids to the LDAP filter, only add the primary gid once.
+ This is consistent with the space computation/allocation. From Eric
+ Lakin
+ [35d9d99c92c6]
+
+ * doc/TROUBLESHOOTING:
+ Add entry for AIX enhanced RBAC config.
+ [5e10b6f8def7]
+
+ * mkpkg:
+ Target Mac OS X 10.5 when building packages.
+ [06fce9bbebee]
+
+2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/secure_path.c,
+ common/sudo_conf.c, include/secure_path.h,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
+ Relax the user/group/mode checks on sudoers files. As long as the
+ file is owned by the right user, not world-writable and not writable
+ by a group other than the one specified at configure time (gid 0 by
+ default), the file is considered OK. Note that visudo will still set
+ the mode to the value specified at configure time.
+ [241174babfcc]
+
+2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Add AIX-specific version of permission setting code to make sure
+ that the saved uid gets restored properly.
+ [9a6f5d22c301]
+
+ * config.h.in, configure, configure.in, src/exec_common.c:
+ Check for LD_PRELOAD variants in configure instead of checkign cpp
+ symbols. In disable_execute(), compute the length of the new envp
+ and allocate it once instead of reallocating on demand. Also append
+ old value of LD_PRELOAD (if any) to the new value.
+ [680266346917]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Fix the description of noexec.
+ [6a6d142f3c80]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ The "op" parameter to set_default() must be int, not bool since it
+ is set to '+' or '-' for list add and subtract.
+ [8da5b137bea2]
+
+ * sudo.pp:
+ Make sure sudoers is writable before calling ed script.
+ [95352ab6336b]
+
+2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, doc/contributors.pod:
+ Update contributors. Now includes translators and authors of compat
+ code.
+ [4fb5b616b50a]
+
+2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/sudo.pot:
+ regen
+ [2c86e2c328fe]
+
+ * pp, sudo.pp:
+ Build flat packages, not package bundles, on Mac OS X.
+ [57bda3cd5520]
+
+2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Move macos section to be with the other OS-specific sections.
+ [51423bb2973a]
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ Sync with translationproject.org
+ [8ce41cbb8da0]
+
+ * configure, configure.in:
+ Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
+ [fa979aa6fe7d]
+
+ * sudo.pp:
+ Add Mac OS X support, printing the latest chunk of the NEWS file and
+ the license text in the installer.
+ [ffeab72387c0]
+
+ * sudo.pp:
+ Add explicit file modes that match those used by "make install"
+ [7eb37242c920]
+
+ * pp:
+ Sync with upstream for Mac OS X fixes.
+ [97cba179041e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Got back to using "install-sh -M" for files installed as non-
+ readable by owner. This fixes "make install" as non-root for package
+ building.
+ [967804ee77d6]
+
+2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
+ Sync with translationproject.org
+ [0e53db12039a]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Use -m not -M for install-sh for everything except setuid. Install
+ locale .mo files mode 0444, not 0644. If timedir parent doesn't
+ exist, use default dir mode, not 0700.
+ [8b6f64c92090]
+
+2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Re-sync with upstream; no longer need a local patch.
+ [97a2c7be5e59]
+
+ * mkpkg:
+ Add support for building Mac OS X packages.
+ [94d49ac223a4]
+
+ * pp:
+ Sync with upstream
+ [1c97654fc841]
+
+ * src/Makefile.in:
+ No longer need to define _PATH_SUDO_CONF here.
+ [2560905b7482]
+
+ * src/exec_common.c:
+ Fix noexec for Mac OS X.
+ [b7a744bca2c0]
+
+2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in:
+ Move _PATH_SUDO_CONF override to common to match sudo_debug.c
+ [f0788972a63a]
+
+ * plugins/sudoers/set_perms.c:
+ More complete fix for LDR_PRELOAD on AIX. The addition of
+ set_perm(PERM_ROOT) before calling the nss open functions (needed to
+ avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
+ and then real uid to 0 for PERM_ROOT works around the issue.
+ [5888eda051af]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [997fe403e219]
+
+ * src/sudo.c:
+ Set real uid to root before calling sudo_edit() or run_command() so
+ that the monitor process is owned by root and not by the user.
+ Otherwise, on AIX at least, the monitor process shows up in ps as
+ belonging to the user (and can be killed by the user).
+ [d4772d7d2fc5]
+
+ * plugins/sudoers/set_perms.c:
+ For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
+ the call to setuid(0) if the current euid is non-zero. This
+ effectively restores the state of things prior to rev 7bfeb629fccb.
+ Fixes a problem on AIX where LDR_PRELOAD was not being honored for
+ the command being executed.
+ [b9b40325b4dc]
+
+ * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
+ include/missing.h, src/sudo.c:
+ Make a copy of the struct passwd in exec_setup() to make sure
+ nothing in the policy init modifies it.
+ [b721261c921f]
+
+2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ update copyright
+ [f9d229d1f65e]
+
+ * common/sudo_debug.c, include/sudo_debug.h:
+ g/c now-unused debug subsystems
+ [8f21726e698f]
+
+ * doc/sudo.pod, doc/sudoers.pod:
+ Enumerate the debug subsystems used by sudo and sudoers.
+ [ac4f84293d14]
+
+2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
+ include/sudo_conf.h, src/sudo.c:
+ Normally, sudo disables core dumps while it is running. This
+ behavior can now be modified at run time with a line in sudo.conf
+ like "Set disable_coredumps false"
+ [ad14e0508b0d]
+
+ * NEWS:
+ Mention Spanish translation
+ [600f3205bd6e]
+
+ * common/sudo_debug.c:
+ Make sure we don't try to fall back to using the conversation
+ function for debugging in the main sudo process if we are unable to
+ open the debug file.
+ [ffa329aa908c]
+
+ * MANIFEST, src/po/es.mo, src/po/es.po:
+ Add sudo Spanish translation from translationproject.org
+ [c1906654e740]
+
+2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Better debug subsystem usage
+ [1a31f115743c]
+
+ * src/sudo.c:
+ Remove duplicate function prototypes
+ [ae04b00532eb]
+
+2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Error out if user specified --with-pam but we can't find the headers
+ or library. Also throw an error if the headers are present but the
+ library is not and vice versa.
+ [d6bf3e3d0aae]
+
+2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix the sudoers permission check when the expected sudoers mode is
+ owner-writable.
+ [8b0b7e770a22]
+
+2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Verify that we can link executables built with -D_FORTIFY_SOURCE
+ before using it.
+ [7578215d1a95]
+
+ * src/exec_common.c:
+ Fix potential off-by-one when making a copy of the environment for
+ LD_PRELOAD insertion. Fixes bug #534
+ [cc699cd551b6]
+
+ * configure, configure.in:
+ Add rudimentary check for _FORTIFY_SOURCE support by checking for
+ __sprintf_chk, one of the functions used by gcc to support it.
+ [a992673d2ef8]
+
+ * compat/stdbool.h, config.h.in, configure, configure.in:
+ Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
+ [8ba1370884b3]
+
+2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [1e0b38397705]
+
+2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/sudo.c:
+ The change in 818e82ecbbfc that caused to exit when the monitor dies
+ created a race condition between the monitor exiting and the status
+ being read. All we really want to do is make sure that select()
+ notifies us that there is a status change when the monitor dies
+ unexpectedly so shutdown the socketpair connected to the monitor for
+ writing when it dies. That way we can still read the status that is
+ pending on the socket and select() on Linux will tell us that the fd
+ is ready.
+ [7fb5b30ea48d]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
+ src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
+ src/sudo_exec.h:
+ Refactor disable_execute() and my_execve() into exec_common.c for
+ use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
+ disabling exec in exec_setup(), disable it immediately before
+ executing the command. Adapted from a diff by Arno Schuring.
+ [ec4d8b53db6b]
+
+2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Add custom version of AC_CHECK_LIB that uses the extra libs in the
+ cache value name. With this we no longer need to rely on a modified
+ version of autoconf.
+ [1c3b1d482d6c]
+
+2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Better handling of network functions that need -lsocket -lnsl
+ [cc386342ec2b]
+
+ * src/sudo.c:
+ When setting up the execution environment, set groups before
+ gid/egid like sudo 1.7 did.
+ [928e1c5fa6c1]
+
+ * configure, configure.in:
+ Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
+ [84b23cdf138f]
+
+ * plugins/sudoers/sudoers.c:
+ For "sudo -g" prepend the specified group ID to the beginning of the
+ groups list. This matches BSD convention where the effective gid is
+ the first entry in the group list. This is required on newer FreeBSD
+ where the effective gid is not tracked separately and thus
+ setgroups() changes the egid if this convention is not followed.
+ Fixes bug #532
+ [782d6909108b]
+
+2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix sh warning; use "test" instead of "["
+ [c6ee3407f65e]
+
+ * src/exec.c:
+ When not logging I/O, use a signal handler that only forwards
+ SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
+ Fixes a race in the non-I/O logging path where the command may
+ receive two keyboard-generated signals; one from the kernel and one
+ from the sudo process.
+ [9638684e786a]
+
+ * src/exec.c:
+ Back out change that put the command in its own pgrp when not
+ logging I/O. It causes problems with pipelines.
+ [4fc9c6e1e770]
+
+2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in, configure, configure.in:
+ Only run compat regress tests on compat objects we actually build.
+ Fixes "make check" in the compat dir for systems that don't
+ implement character classes in fnmatch() or glob(). Bug #531
+ [a7addc305e83]
+
+2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ Update po files from translationproject.org
+ [5ea066af1356]
+
+2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Include parent directories in case they don't already exist. This
+ fixes a directory permissions problem with the AIX package when the
+ /usr/local directories don't already exist.
+ [a14f783dc827]
+
+ * pp:
+ sync with git version
+ [2f79d0543661]
+
+ * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
+ regen dependencies
+ [24c92ca6c64d]
+
+ * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
+ Move tty name lookup code to its own file.
+ [58faf072cbf4]
+
+2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update with latest sudo 1.8.4 changes.
+ [a4ffe4f42528]
+
+ * config.h.in, configure, configure.in:
+ Remove obsolete template for HAVE_TIMESPEC
+ [75709007c906]
+
+ * src/sudo.c:
+ Add a check for devname() returning a fully-qualified pathname. None
+ of the devname() implementations do this today but you never know
+ when this might change.
+ [16813ace38f9]
+
+2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ For "visudo -c" also list include files that were checked when
+ everything is OK.
+ [ad6f85b35c9c]
+
+ * src/sudo.c:
+ The device name returned by devname() does not include the /dev/
+ prefix so we need to add it ourselves.
+ [b55285abb7ed]
+
+ * src/sudo.c:
+ Add debug warning if KERN_PROC sysctl fails or devname() can't
+ resolve the tty device to a name.
+ [b5a23916ba3a]
+
+ * common/sudo_debug.c:
+ The result of writev() is never checked so just cast to NULL.
+ [4be4e9b58d5b]
+
+ * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
+ Update Esperanto, Finnish, Polish and Ukrainian translations from
+ translationproject.org.
+ [bb91bc6ad7e9]
+
+2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/sudo.c:
+ Add support for determining tty via sysctl on other BSD variants.
+ [fd15f63f719a]
+
+ * configure, configure.in:
+ Only check for struct kinfo_proc.ki_tdev on systems that support
+ sysctl.
+ [109b3f07a39d]
+
+ * src/sudo.c:
+ For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
+ ttyname() of std{in,out,err}.
+ [95969b70bd68]
+
+2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/sudo.c:
+ On newer FreeBSD we can get the parent's tty name via sysctl().
+ [3207290501ee]
+
+ * plugins/sudoers/testsudoers.c:
+ Include locale.h
+ [a602cd0b8c2d]
+
+ * src/sudo.c:
+ Silence a gcc warning.
+ [8c6d0e3cd534]
+
+ * plugins/sudoers/bsm_audit.c:
+ Need to include gettext.h and sudo_debug.h; from John Hein
+ [447912aa7300]
+
+ * plugins/sudoers/iolog.c:
+ Initialize the debug framework from the I/O plugin too.
+ [ce1bf44d96d2]
+
+2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ Enable debugging via sudo.conf.
+ [d85669c749d0]
+
+2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Use SUDO_DEBUG_ALIAS for alias checking functions.
+ [fb84af30dc76]
+
+ * configure, configure.in:
+ More complete test for getaddrinfo() that doesn't rely on the
+ network libraries already being added to LIBS.
+ [cbaf2369f4f0]
+
+2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/aix.c:
+ Add debug support.
+ [def1bdf24485]
+
+ * configure, configure.in:
+ Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
+ [a2ea1c2eac61]
+
+ * compat/getaddrinfo.c:
+ Include errno.h and missing.h
+ [7d15e17cc2f2]
+
+ * .hgignore:
+ ignore doc/varsub
+ [417f9fc3231b]
+
+ * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Update copyright year.
+ [5d0ffc7dd567]
+
+ * NEWS:
+ Update for sudo 1.8.4
+ [841e3eff9844]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [c509cb45b66a]
+
+ * plugins/sudoers/sudoreplay.c:
+ Enable debugging via sudo.conf.
+ [5087aaee8484]
+
+ * plugins/sudoers/visudo.c:
+ Enable debugging via sudo.conf.
+ [04b067c16ed3]
+
+ * plugins/sudoers/visudo.c:
+ Allow "visudo -c" to work when we only have read-only access to the
+ sudoers include files.
+ [d8c6713fe5c1]
+
+ * doc/sudo.pod, doc/visudo.pod:
+ Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
+ HISTORY section in sudo that points to HISTORY file.
+ [d1f1bcb051c5]
+
+ * doc/sudo.pod, doc/sudo_plugin.pod:
+ Document Debug setting in sudo.conf and debug_flags in plugin.
+ [acfc505aa4a9]
+
+2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
+ bug where a pattern like "/usr/*" include /usr/bin/ in the results,
+ which would be incorrectly be interpreted as if the sudoers file had
+ specified a directory. From Vitezslav Cizek.
+ [0cdb6252188c]
+
+ * INSTALL, config.h.in, configure, configure.in,
+ plugins/sudoers/auth/kerb5.c:
+ Add --enable-kerb5-instance configure option to allow people using
+ Kerberos V authentication to use a custom instance. Adapted from a
+ diff by Michael E Burr.
+ [e83af8bb7aa7]
+
+ * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
+ Remove -D debug_level option.
+ [cbcd05094347]
+
+ * doc/LICENSE:
+ Update copyright year.
+ [9f43dd7aa852]
+
+2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ parse_error is now bool, not int
+ [5ea7fb6fda38]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c:
+ Print a more sensible error if yyparse() returns non-zero but
+ yyerror() was not called.
+ [d44ec88f1183]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
+ plugins/sudoers/gram.c:
+ Replace y.tab.c with the correct filename in #line directives.
+ [3c84fcb7e959]
+
+2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
+ if the main process's fds 0-2 are not hooked up to a tty. Adapted
+ from a diff by Zdenek Behan.
+ [b9dfce12af85]
+
+ * src/exec.c:
+ When not logging I/O, put command in its own pgrp and make that the
+ controlling pgrp if the command is in the foreground. Fixes a race
+ in the non-I/O logging path where the command may receive two
+ keyboard-generated signals; one from the kernel and one from the
+ sudo process.
+ [d0e263ce496c]
+
+2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Quiet a bogus gcc warning.
+ [2009669e0608]
+
+ * src/parse_args.c, src/sudo.h:
+ Fix warnings related to sudo.conf accessors.
+ [08ddc29ba50b]
+
+ * common/sudo_conf.c, include/sudo_conf.h:
+ Separate sudo.conf parsing from plugin loading and move the parse
+ functions into the common lib so that visudo, etc. can use them.
+ [f1fc659a8079]
+
+ * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
+ src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
+ Separate sudo.conf parsing from plugin loading and move the parse
+ functions into the common lib so that visudo, etc. can use them.
+ [e1f2cf6bd57a]
+
+ * doc/sudoers.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/sudoers.c, src/sudo.c:
+ Remove support for noexec_file in sudoers and the plugin API
+ [3e2fd58879b5]
+
+ * plugins/sudoers/sudoers.c:
+ Don't dump interfaces if there are none.
+ [9081bb4d3e9e]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
+ Add missing %s printf escape to the group_plugin, iolog_dir and
+ iolog_file descriptions.
+ [7db03f2b737e]
+
+2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
+ Fix typo in visiblepw description; from Joel Pickett
+ [2fb4b26d5c2c]
+
+2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ When running a login shell with a login_class specified, use
+ LOGIN_SETENV instead of rolling our own login.conf setenv support
+ since FreeBSD's login.conf has more than just setenv capabilities.
+ This requires us to swap the plugin-provided envp for the global
+ environ before calling setusercontext() and then stash the resulting
+ environ pointer back into the command details, which is kind of a
+ hack.
+ [ad4f1190143b]
+
+ * plugins/sudoers/Makefile.in:
+ If srcdir is "." just use the basename of the yacc/lex file when
+ generating the C version. This matches the generated files currently
+ in the repo.
+ [0b11c3df87a8]
+
+ * doc/Makefile.in, plugins/sudoers/Makefile.in:
+ Clean up the DEVEL noise
+ [9de2afe457fd]
+
+ * src/exec.c:
+ Handle different Unix domain socket (actually socketpair) semantics
+ in BSD vs. Linux. In BSD if one end of the socketpair goes away
+ select() returns the fd as readable and the read will fail with
+ ECONNRESET. This doesn't appear to happen on Linux so if we notice
+ that the monitor process has died when I/O logging is enabled,
+ behave like the command has exited. This means we log the wait
+ status of the monitor, not the command, but there is nothing else we
+ can do at that point. This should only be an issue if SIGKILL is
+ sent to the monitor process.
+ [818e82ecbbfc]
+
+ * src/exec_pty.c:
+ Catch common signals in the monitor process so they get passed to
+ the command. Fixes a problem when the entire login session is killed
+ when ssh is disconnected or the terminal window is closed.
+ Previously, the monitor would exit and plugin's close method would
+ not be called.
+ [0e4658263138]
+
+ * INSTALL, configure, configure.in:
+ Mention how to configure pam_hpsec on HP-UX to play nicely with
+ sudo.
+ [a7294cd8ce98]
+
+2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Escape values in the search expression as per RFC 4515.
+ [c2adbc5db92b]
+
+ * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ No need for install target to depend explicitly on install-dirs, the
+ install-foo targets all depend on it.
+ [62a36ed98279]
+
+2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ ignore src/sesh
+ [463d492f6782]
+
+ * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/Makefile.in:
+ Add support for setenv entries in login.conf. We can't use
+ LOGIN_SETENV since the plugin sets up the envp the command is
+ executed with. Also regen the Makefile.in files while here. Fixes
+ bug #527
+ [088d507926e2]
+
+2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
+ config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
+ src/net_ifs.c:
+ Add getaddrinfo() for those without it, written by Russ Allbery
+ [4cf9ac831222]
+
+ * doc/Makefile.in:
+ Restore PACKAGE_TARNAME, it is used in docdir
+ [9d65e893edb1]
+
+ * MANIFEST, compat/stdbool.h:
+ SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
+ the MANIFEST
+ [e67700dc5621]
+
+ * common/atobool.c, common/term.c, src/exec.c:
+ Remove duplicate return statements.
+ [48a20d5215fd]
+
+ * plugins/sudoers/auth/bsdauth.c:
+ Remove inaccurate comment
+ [e7f0265cf657]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
+ Fetch the login class for the user we authenticate specifically when
+ using BSD authentication. That user may have a different login class
+ than what we will use to run the command. When setting the login
+ class for the command, use the target user's struct passwd, not the
+ invoking user's. Fixes bug 526
+ [21bf0af892f7]
+
+ * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
+ [8ee6e0891f27]
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Fix "make check" fallout from the sudo_conv changes in sudo_debug.
+ [b0aaa63c9081]
+
+ * common/fileops.c, common/sudo_debug.c, configure, configure.in,
+ include/fileops.h, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
+ src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
+ src/sudo_plugin_int.h, src/utmp.c:
+ Use stdbool.h instead of rolling our own TRUE/FALSE macros.
+ [dcb0bbc42fc9]
+
+2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/stdbool.h, config.h.in, configure, configure.in:
+ Add stdbool.h for systems without it.
+ [18bd9dda1dcd]
+
+ * aclocal.m4, config.h.in, configure, configure.in:
+ No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
+ includes have unistd.h in them. Add check for socklen_t for upcoming
+ getaddrinfo compat.
+ [d705465bef69]
+
+ * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
+ configure.in, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
+ plugins/sudoers/sudoreplay.c, src/net_ifs.c:
+ Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
+ HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
+ [fa187c9bd2be]
+
+ * src/sudo_noexec.c:
+ No longer need to include time.h here as missing.h does not use
+ time_t.
+ [fa3a089bf5b1]
+
+2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Fix mode on sudoers as needed when the -f option is not specified.
+ [7a1c40b0dc03]
+
+ * MANIFEST, src/po/sr.mo, src/po/sr.po:
+ Add Serbian translation for sudo from translationproject.org
+ [9a0c25e25cba]
+
+ * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
+ src/parse_args.c:
+ No longer pass debug_file to plugin, plugins must now use
+ CONV_DEBUG_MSG
+ [810cda1abb0b]
+
+ * mkpkg:
+ Build PIE executables for newer Debian and Ubuntu
+ [1c5f25f8904a]
+
+ * common/sudo_debug.c:
+ Include time.h for ctime() prototype.
+ [10090cf3bca1]
+
+2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
+ src/exec_pty.c:
+ Do not close error pipe or debug fd via closefrom() as we need them
+ to report an exec error should one occur.
+ [732f6587fafa]
+
+ * doc/sudoers.ldap.pod:
+ Document that a sudoUser may now be a group ID.
+ [2fef46b9d3d3]
+
+ * plugins/sudoers/ldap.c:
+ Add support for permitting access by group ID in addition to group
+ name.
+ [b9450fdf1f69]
+
+ * plugins/sudoers/ldap.c:
+ Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
+ [d62a1e7cff4f]
+
+ * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
+ Replace UCB fnmatch.c with a non-recursive version written by
+ William A. Rowe Jr.
+ [354d3384adb8]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix typo, return_debug vs. debug_return
+ [1b522efcbb0d]
+
+2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
+ Update Japanese sudoers translation from translationproject.org
+ [ec0f2beaad36]
+
+ * doc/sudoers.pod:
+ Make the env_reset descriptions consistent.
+ [41c056f02688]
+
+2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Do multiple expansion when expanding paths to the noexec file, sesh
+ and the plugin directory. Adapted from a diff by Mike Frysinger
+ [d7e16c876c66]
+
+ * common/Makefile.in:
+ regen
+ [9d729e09c186]
+
+2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ Add ignore file; from Mike Frysinger
+ [1fa8d52425f8]
+
+ * mkdep.pl:
+ no longer save old Makefile.in to .old
+ [378dd2395545]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ regen
+ [769faf517720]
+
+ * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
+ m4/ltoptions.m4, m4/ltversion.m4:
+ Update to libtool 2.4.2
+ [9dac78d84b4f]
+
+2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump grammar version for #include and #includedir relative path
+ support.
+ [82a4f7cd8f71]
+
+2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add support for relative paths in #include and #includedir
+ [4d6e3bd0c24f]
+
+ * plugins/sudoers/Makefile.in:
+ Fix install-plugin when shared objects are unsupported or disabled.
+ [cbdd770a7a1b]
+
+ * plugins/sudoers/goodpath.c:
+ Don't write to sbp if it is NULL
+ [fc438f8e8570]
+
+2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
+ only install matching .mo files
+ [c1dc30ab4ebc]
+
+2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, src/conversation.c:
+ Fix non-dynamic (no dlopen) sudo build.
+ [b0bd3fa925a3]
+
+ * configure, configure.in:
+ Don't error out if the user specified --disable-shared
+ [cf035dd1e5cc]
+
+ * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/conversation.c:
+ Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
+ the debug file.
+ [640c62f83251]
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/sudoers.h:
+ Make sudo_goodpath() return value bolean
+ [fea2d59a6e55]
+
+ * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
+ Remove obsolete securid auth method.
+ [4e54f860214b]
+
+ * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Prefix authentication functions with a "sudo_" prefix to avoid
+ namespace problems.
+ [581d74063ea1]
+
+ * INSTALL, MANIFEST, config.h.in, configure, configure.in,
+ doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
+ Remove the old Kerberos IV support
+ [2e4b4a44209d]
+
+2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Don't print garbage at the end of the custom lecture.
+ [44bb788fafaa]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add lexer tracing as debug@parser
+ [d850f3f9d414]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c:
+ Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
+ <def_data.h> and not "def_data.h" when generating the parser in a
+ build dir.
+ [7da701def753]
+
+2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdep.pl, plugins/sudoers/Makefile.in:
+ Better devdir support in mkdep.pl
+ [7dcec57bd155]
+
+ * plugins/sudoers/Makefile.in:
+ Add devdir before srcdir in include path and fix up dependecies
+ accordingly.
+ [6e9958eca485]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
+ #include "gram.h" not <gram.h> and "def_data.h" and not
+ <def_data.h>.
+ [003bdb078a15]
+
+ * sudo.pp:
+ Mark libexec files as optional. If we build without shared object
+ support, libexec is not used.
+ [4bffcf482219]
+
+ * src/load_plugins.c:
+ Change Debug sudo.conf setting to take a program name as the first
+ argument. In the future, this will allow visudo and sudoreplay to
+ use their own Debug entries.
+ [cfb8f7e4867c]
+
+ * src/sudo.c:
+ fix sudo_debug_printf priority
+ [dcb67e965609]
+
+ * plugins/sudoers/sudoers.c:
+ add missing debug_return_int
+ [d88ec450c592]
+
+2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
+ Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
+ [dcee8efc294f]
+
+ * doc/UPGRADE:
+ Add missing word in HOME security note.
+ [fd844fdcc1ac]
+
+ * plugins/sudoers/testsudoers.c:
+ Prevent "testsudoers -d username" from trying to malloc(0).
+ [839126e56e8c]
+
+2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test10.in,
+ plugins/sudoers/regress/sudoers/test10.out.ok,
+ plugins/sudoers/regress/sudoers/test10.toke.ok,
+ plugins/sudoers/regress/sudoers/test10.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test11.in,
+ plugins/sudoers/regress/sudoers/test11.out.ok,
+ plugins/sudoers/regress/sudoers/test11.toke.ok,
+ plugins/sudoers/regress/sudoers/test11.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test12.in,
+ plugins/sudoers/regress/sudoers/test12.out.ok,
+ plugins/sudoers/regress/sudoers/test12.toke.ok,
+ plugins/sudoers/regress/sudoers/test13.in,
+ plugins/sudoers/regress/sudoers/test13.out.ok,
+ plugins/sudoers/regress/sudoers/test13.toke.ok,
+ plugins/sudoers/regress/sudoers/test9.in,
+ plugins/sudoers/regress/sudoers/test9.out.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.out.ok:
+ Tests for empty sudoers (should parse OK) and syntax errors within a
+ line (should report correct line number) both with and without the
+ trailing newline.
+ [d57c879c4718]
+
+ * plugins/sudoers/regress/sudoers/test4.out.ok,
+ plugins/sudoers/regress/sudoers/test5.out.ok,
+ plugins/sudoers/regress/sudoers/test7.out.ok,
+ plugins/sudoers/regress/sudoers/test8.out.ok,
+ plugins/sudoers/testsudoers.c:
+ Print line number when there is a parser error.
+ [5444ef6ac6dc]
+
+2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Keep track of the last token returned. On error, if the last token
+ was COMMENT, decrement sudolineno since the error most likely
+ occurred on the preceding line. Previously we always uses
+ sudolineno-1 which will give the wrong line number for errors within
+ a line.
+ [d661a03a64da]
+
+2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ update with sudo 1.8.3p1 info
+ [0f79ff31f602]
+
+ * plugins/sudoers/sudoers.c:
+ Fix crash when "sudo -g group -i" is run. Fixes bug 521
+ [a3087ae337c4]
+
+2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Make alias_remove_recursive() return TRUE/FALSE as its callers
+ expect and remove two unused arguments. Fixes bug 519.
+ [2ee3b2882844]
+
+ * plugins/sudoers/regress/visudo/test1.out.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Add regress test for bugzilla 519
+ [48000ebedf97]
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Disable warning/error wrapping in regress tests.
+ [373c589ba561]
+
+2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Do compile-po as part of sync-po so that the .mo files get rebuild
+ automatically when we sync with translationproject.org
+ [83f3cbfc2f33]
+
+ * plugins/sudoers/Makefile.in:
+ check_addr needs to link with the network libraries on Solaris
+ [322bd70e316e]
+
+ * plugins/sudoers/match.c:
+ When matching a RunasAlias for a runas group, pass the alias in as
+ the group_list, not the user_list. From Daniel Kopecek.
+ [766545edf141]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
+ We need to init the auth system regardless of whether we need a
+ password since we will be closing the PAM session in the monitor
+ process. Fixes a crash in the monitor on Solaris; bugzilla #518
+ [e82809f86fb3]
+
+2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Get rid of done: label. If the child exits we still need to close
+ the pty, update utmp and restore the SELinux tty context.
+ [cc127bf48405]
+
+2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/list.c,
+ common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
+ src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
+ src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/tgetpass.c, src/ttysize.c, src/utmp.c:
+ Add debug_decl/debug_return (almost) everywhere. Remove old
+ sudo_debug() and convert users to sudo_debug_printf().
+ [8f3bbf907b67]
+
+ * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/error.c:
+ Wrap error/errorx and warning/warningx functions with debug
+ statements. Disable wrapping for standalone sudoers programs as well
+ as memory allocation functions (to avoid infinite recursion).
+ [562ed7b5ae8d]
+
+ * README, config.h.in, configure, configure.in:
+ Add checks for __func__ and __FUNCTION__ and mention that we now
+ require a cpp that supports variadic macros.
+ [314cfe4c5d23]
+
+ * MANIFEST, common/Makefile.in, common/sudo_debug.c,
+ include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
+ src/load_plugins.c, src/parse_args.c, src/sudo.c,
+ src/sudo_plugin_int.h:
+ New debug framework for sudo and plugins using /etc/sudo.conf that
+ also supports function call tracing.
+ [cded741e9f10]
+
+2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
+ Update Japanese sudoers translation from translationproject.org
+ [c24725775e32]
+
+2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Override and ignore the --disable-static option. Sudo already runs
+ libtool with -tag=disable-static where applicable and we need non-
+ PIC objects to build the executables.
+ [aff1227b853a]
+
+2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add sudoedit fix
+ [74655c7ccad1]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen pot files
+ [28d89a831ed3]
+
+ * plugins/sudoers/env.c:
+ Ignore set_logname (which is now the default) for sudoedit since we
+ want the LOGNAME, USER and USERNAME environment variables to refer
+ to the calling user since that is who the editor runs as. This
+ allows the editor to find the user's startup files. Fixes bugzilla
+ #515
+ [6c5dddf5ff05]
+
+ * plugins/sudoers/pwutil.c:
+ Instead of trying to grow the buffer in make_grlist_item(), simply
+ increase the total length, free the old buffer and allocate a new
+ one. This is less error prone and saves us from having to adjust all
+ the pointers in the buffer. This code path is only taken when there
+ are groups longer than the length of the user field in struct utmp
+ or utmpx, which should be quite rare.
+ [5587dc8cffaf]
+
+ * src/po/it.mo:
+ Add Italian translation for sudo from translationproject.org
+ [1b3dd886e7e3]
+
+ * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
+ src/po/ja.mo, src/po/ja.po:
+ Japanese translation for sudo and sudoers from
+ translationproject.org
+ [c06dd866be6e]
+
+2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ sudoreplay depends on timestr.lo too; from Mike Frysinger
+ [b9e73214b2f1]
+
+2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Regen sudoers pot file.
+ [019588bafdb3]
+
+ * NEWS:
+ Update with latest sudo 1.8.3 news
+ [6868042a88e9]
+
+ * plugins/sudoers/sudoers.c:
+ It appears that LDAP or NSS may modify the euid so we need to be
+ root for the open(). We restore the old perms at the end of
+ sudoers_policy_open().
+ [2da67a5497ef]
+
+ * plugins/sudoers/set_perms.c:
+ Better warning message on setuid() failure for the setreuid()
+ version of set_perms().
+ [07abcfe7bd9a]
+
+2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Delref auth_pw at the end of check_user() instead of getting a ref
+ twice.
+ [cb665f55e6a5]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
+ Make sudo_auth_{init,cleanup} return TRUE on success and check for
+ sudo_auth_init() return value in check_user().
+ [92631c919356]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Do not return without restoring permissions.
+ [59ef40b6696a]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen pot files
+ [9f320a340b7c]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Modify the authentication API such that the init and cleanup
+ functions are always called, regardless of whether or not we are
+ going to verify a password. This is needed for proper PAM session
+ support.
+ [19a53f3fb596]
+
+ * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
+ Add missing dependency for getspwuid.lo and regen other depends.
+ [f7f70eae819a]
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
+ Fix a PAM_USER mismatch in session open/close. We update PAM_USER to
+ the target user immediately before setting resource limits, which is
+ after the monitor process has forked (so it has the old value).
+ Also, if the user did not authenticate, there is no pamh in the
+ monitor so we need to init pam here too. This means we end up
+ calling pam_start() twice, which should be fixed, but at least the
+ session is always properly closed now.
+ [fbc063a2a872]
+
+ * src/utmp.c:
+ Add check for old being NULL in utmp_setid(); from Steven McDonald
+ [e87126442f2e]
+
+2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If the invoking user cannot be resolved by uid fake the struct
+ passwd and store it in the cache so we can delref it on exit.
+ [a27e2f8b9f5e]
+
+2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Don't error out if the group plugin cannot be loaded, just warn.
+ [0fbfcd381e33]
+
+2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Quiet a false positive found by several static analysis tools. These
+ tools don't know that log_error() does not return (it longjmps to
+ error_jmp which returns to the sudo front-end).
+ [33d0469df21b]
+
+2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
+ Add Italian translation for sudo from translationproject.org Regen
+ .mo files
+ [c3c888a82be6]
+
+2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Update to current reality and add bit about ssh auth
+ [184a1e7c2eeb]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Make "verbose" static; fixes a namespace clash with
+ pam_ssh_agent_auth (and it doesn't need to be extern these days).
+ [cc38d2eb2f4c]
+
+ * config.h.in, configure, configure.in, src/get_pty.c:
+ FreeBSD has libutil.h not util.h
+ [dab4c94b6d4f]
+
+ * configure, configure.in:
+ Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
+ [41c362f0a92a]
+
+2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
+ Update po files from translationproject.org
+ [1e99e147c7fa]
+
+2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for DEREF in ldap.conf.
+ [3c1937a98547]
+
+ * Makefile.in:
+ install target should depend on ChangeLog too, not just install-doc
+ [1a7c83941175]
+
+ * doc/sudoers.pod:
+ Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
+ [0eca47d60a2c]
+
+ * NEWS:
+ Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
+ [0501415cc5ff]
+
+ * doc/UPGRADE:
+ Document group lookup change and possible side effects.
+ [585743e1ebf7]
+
+ * configure, configure.in:
+ Fix some square brackets in case statements that needed to be
+ doubled up. While here, use $OSMAJOR when it makes sense.
+ [8973343f4696]
+
+ * plugins/sudoers/pwutil.c:
+ Fix a crash in make_grlist_item() on 64-bit machines with strict
+ alignment.
+ [c89508c73c46]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
+ Remove list_options() function that is no longer used now that "sudo
+ -L" is gone.
+ [fcc6a776c135]
+
+ * configure, configure.in:
+ Error message if user tries --with-CC
+ [ec5b478f813a]
+
+ * configure, configure.in:
+ Check for -libmldap too when looking for ldap libs, which is the
+ Tivoli Directory Server client library.
+ [bb3007a97206]
+
+2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Honor NOPASSWD tag for denied commands too.
+ [8dd92656db92]
+
+2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Remove --with-CC option; it doesn't work correctly now that we use
+ libtool. Users can get the same effect by setting the CC environment
+ variable when running configure.
+ [ec22bd1a55e0]
+
+2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
+ src/sudo_edit.c:
+ Assume all modern systems support fstat(2).
+ [6a5a8985f6a0]
+
+2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/regress/glob/globtest.c, config.h.in, configure,
+ configure.in, include/missing.h, plugins/sudoers/sudoers.h,
+ src/sudo.h, src/sudo_noexec.c:
+ Add configure test for missing errno declaration and only declare it
+ ourselves if it is missing.
+ [456e76c809a2]
+
+ * plugins/sudoers/alias.c:
+ Include errno.h before sudo.h to avoid conflicting with the system
+ definition of errno.
+ [d0b97e392512]
+
+2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ Only print individual check status when there is a failure.
+ [2ac704c91441]
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c:
+ Add calls to setprogname() for test programs.
+ [a8d9b420e826]
+
+ * configure, configure.in:
+ Add -Wall and -Werror after all tests so they don't cause failures.
+ [2661188ff3fa]
+
+ * plugins/sudoers/Makefile.in:
+ Actually run check_addr in the check target
+ [0b2778bc86bf]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_addr.in:
+ Split out address matching into its own file and add regression
+ tests for it.
+ [12b9a2bf8dba]
+
+2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ When matching an address with a netmask in sudoers, AND the mask and
+ addr before checking against the local addresses.
+ [9747bb6d7b1c]
+
+2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Fix netmask matching.
+ [a3c8f8cc1464]
+
+ * plugins/sudoers/visudo.c:
+ Don't assume all editors support the +linenumber command line
+ argument, use a whitelist of known good editors.
+ [21d43a91fd10]
+
+2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c, src/sudo.c:
+ Silence compiler warnings on Solaris with gcc 3.4.3
+ [da620bae6fdb]
+
+ * mkpkg:
+ Fix building on RHEL 3
+ [f3227fb2a252]
+
+ * INSTALL, configure, configure.in:
+ Add --enable-werror configure option.
+ [fec2cdb95543]
+
+ * common/setgroups.c:
+ setgroups() proto lives in grp.h on RHEL4, perhaps others.
+ [de91c0de5a98]
+
+ * configure, configure.in:
+ Use PAM by default on AIX 6 and higher.
+ [e16493208e5f]
+
+2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ src/po/eo.mo, src/po/eo.po:
+ Add new Esperanto translation from translationproject.org
+ [0d9a59e04c64]
+
+2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Quiet an innocuous valgrind warning.
+ [0582b6027161]
+
+2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data:
+ Fix expansion of strftime() escapes in log_dir and add a regress
+ test that exhibited the problem.
+ [a5c7c1c4c589]
+
+ * plugins/sudoers/Makefile.in:
+ Fix "make check" return value.
+ [33b58e175230]
+
+2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regen pot files
+ [063841aac19b]
+
+ * Makefile.in:
+ Fix logic inversion in pot file up to date check.
+ [f6a8ca8654df]
+
+2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add caching for gettext() checks.
+ [01b7200f6105]
+
+ * configure, configure.in:
+ Better handling of libintl header and library mismatch.
+ [9a49b1d4db69]
+
+2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Also check sudoers gid if sudoers is group writable.
+ [23ef96ca0d33]
+
+2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ If dlopen is present but libtool doesn't find it, error out since it
+ probably means that libtool doesn't support the system.
+ [a9da0a5f7941]
+
+ * mkpkg:
+ configure args on the command line should override builtin defaults.
+ Disable NLS for non-Linux/Solaris unless explicitly enabled.
+ [b2fb05614504]
+
+ * plugins/sudoers/auth/aix_auth.c:
+ Fix loop that calls authenticate(). If there was an error message
+ from authenticate(), display it.
+ [063a0c4f0b9a]
+
+2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * m4/libtool.m4, m4/ltversion.m4:
+ Update to autoconf 2.68 and libtool 2.4
+ [5a912a6eb67b]
+
+ * config.guess, config.sub, configure, configure.in, ltmain.sh:
+ Update to autoconf 2.68 and libtool 2.4
+ [931ab56aecf6]
+
+ * doc/sudoers.pod:
+ Fix typo; OPT should be OTP
+ [e97bd2e46544]
+
+ * plugins/sudoers/Makefile.in:
+ Rename libsudoers convenience library to libparsesudoers to avoid
+ libtool confusion.
+ [2a89a613f537]
+
+2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
+ Add Danish sudoers translation from translationproject.org
+ [27b96e85eb13]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
+ Add dedicated callback function for runas_default sudoers setting
+ that only sets runas_pw if no runas user or group was specified by
+ the user.
+ [b8382d8eea34]
+
+2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
+ src/po/ru.po:
+ Update Finish, Polish, Russian and Ukrainian translations from
+ translationproject.org.
+ [f9339aff664e]
+
+ * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c:
+ Go back to using a callback for runas_default to keep runas_pw in
+ sync. This is needed to make per-entry runas_default settings work
+ with LDAP-based sudoers. Instead of declaring it a callback in
+ def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
+ bit naughty, but avoids requiring stub functions in visudo and the
+ tests.
+ [9aaefb908415]
+
+2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Add check for out of date message catalogs when doing "make dist".
+ [e45a29b612f4]
+
+2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [d6f9ad26774a]
+
+ * configure.in:
+ Make sure compiler supports static-libgcc before using it.
+ [b01bd9566e50]
+
+2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
+ [c99c7ab3edef]
+
+2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
+ plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
+ src/po/zh_CN.mo:
+ Add new Russian sudo translation from translationproject.org and
+ rebuild the other translation files.
+ [e20015459056]
+
+2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
+ Update Finish and Polish translations from translationproject.org
+ [4e3dbba4a1de]
+
+ * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
+ Go back to escaping the command args for "sudo -i" and "sudo -s"
+ before calling the plugin. Otherwise, spaces in the command args are
+ not treated properly. The sudoers plugin will unescape non- spaces
+ to make matching easier.
+ [dfa2c4636f33]
+
+2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Fix some potential problems found by the clang static analyzer, none
+ serious.
+ [ff64aa74aae6]
+
+ * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
+ src/po/zh_CN.po:
+ Updated Ukranian and Chinese (simplified) po files from
+ translationproject.org
+ [ec792becb48e]
+
+2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/pl.po:
+ Updated Polish translation from translationproject.org
+ [a3af53cb649c]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Rebuild pot files
+ [c650524c0f0a]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
+ Don't try to audit failure if the runas user does not exist. We
+ don't have the user's command at this point so there is nothing to
+ audit. Add a NULL check in audit_success() and audit_failure() just
+ to be on the safe side.
+ [2a0007c2022f]
+
+ * mkpkg:
+ Add -g to CFLAG for PIE builds.
+ [32a0a9693c9c]
+
+2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ Remove fallback to per-group lookup when matching groups in sudoers.
+ The sudo front-end will now use getgrouplist() to get the user's
+ list of groups if getgroups() fails or returns zero groups so we
+ always have a list of the user's groups. For systems with
+ mbr_check_membership() which support more that NGROUPS_MAX groups
+ (Mac OS X), skip the call to getgroups() and use getgrouplist() so
+ we get all the groups.
+ [51b3ed8c600b]
+
+2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/setgroups.c:
+ Fix setgroups() fallback code on EINVAL.
+ [2b6faecd56a4]
+
+ * plugins/sudoers/set_perms.c:
+ Fix two PERM_INITIAL cases that were still using user_gids.
+ [9680bab0acc6]
+
+ * MANIFEST:
+ Add Polish sudo message catalog
+ [8bb40c3ba576]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ user_group is no longer used, remove it
+ [9acede0fe6c5]
+
+2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
+ Add Polish translation from translationproject.org
+ [afac5c638573]
+
+ * MANIFEST, common/Makefile.in, common/setgroups.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Add a wrapper for setgroups() that trims off extra groups and
+ retries if setgroups() fails. Also add some missing addrefs for
+ PERM_USER and PERM_FULL_USER.
+ [224dfd8aae5c]
+
+ * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
+ configure, configure.in, include/missing.h, mkdep.pl,
+ plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
+ Instead of keeping separate groups and gids arrays, create struct
+ group_info and use it to store both, along with a count for each.
+ Cache group info on a per-user basis using getgrouplist() to get the
+ groups. We no longer need special to special case the user or list
+ user for user_in_group() and thus no longer need to reset the groups
+ list when listing another user.
+ [0ad849a8b2d5]
+
+ * src/preload.c:
+ Don't rely on NULL since we don't include a header for it.
+ [b40937f1890c]
+
+2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ Fix typo
+ [c1035360e169]
+
+2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Do not shadow global sudo_mode with a local variable in set_cmnd()
+ [0c72969503ad]
+
+2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ bash 2.x doesd not support the -l flag and exits with an error if it
+ is specified so use --login instead. This causes an error with bash
+ 1.x (which uses -login instead) but this version is hopefully less
+ used than 2.x.
+ [5c4c296e30e6]
+
+ * src/po/pl.mo, src/po/pl.po:
+ Add Polish translation from translationproject.org
+ [48592dd6edcf]
+
+2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Make error strings translatable.
+ [414c5c484768]
+
+ * mkpkg:
+ Only run configure with --with-pam-login for RHEL 5 and above.
+ [6c16e4de4026]
+
+ * sudo.pp:
+ Fix typo in summary
+ [9ac618c9a749]
+
+2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logwrap.c:
+ Add missing logwrap.c
+ [c12a413ecc1d]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/logging/check_wrap.in,
+ plugins/sudoers/regress/logging/check_wrap.out.ok:
+ Split out log file word wrap code into its own file and add unit
+ tests. Fixes an off-by one in the word wrap when the log line length
+ matches loglinelen.
+ [52ed277f6690]
+
+2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ For SuSE, only use /usr/lib64 as libexec if generating 64-bit
+ binaries.
+ [645ab903cf77]
+
+ * src/load_plugins.c, src/sudo.c:
+ Fix build error when --without-noexec configure option is used.
+ [b994f7b0d8b4]
+
+ * configure, configure.in:
+ Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
+ and above.
+ [c2a6f9b472f3]
+
+2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Resolve the list of gids passed in from the sudo frontend (the
+ result of getgroups()) to names and store both the group names and
+ ids in the sudo_user struct. When matching groups in the sudoers
+ file, match based on the names in the groups list first and only do
+ a gid-based match when we absolutely have to. By matching on the
+ group name (as it is listed in sudoers) instead of id (which we
+ would have to resolve) we save a lot of group lookups for sudoers
+ files with a lot of groups in them.
+ [8dc19353f148]
+
+2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Workaround for "sudo -i command" and newer versions of bash which
+ don't go into login mode when -c is specified unless -l is too.
+ [9393762b80f3]
+
+2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Rewrite logfile word wrapping code to be more straight-forward and
+ actually wrap at the correct place.
+ [f712a0c90f55]
+
+2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
+ Set use_pty=true in command details when use_pty is set in sudoers.
+ From Ludwig Nussel
+ [8d95a163dfc1]
+
+2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/zh_CN.mo, src/po/zh_CN.po:
+ Sync Chinese (simplified) PO files from translationproject.org
+ [acce8eb7be18]
+
+2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
+ plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
+ Add Danish translation from translationproject.org and add missing
+ Basque mo files.
+ [0c22bb21b9c4]
+
+ * Makefile.in, configure, configure.in:
+ No longer need to specify LINGUAS in configure, "make install-nls"
+ now just installs all the .mo files it finds.
+ [fcd45cf04885]
+
+2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
+ Build CONTRIBUTORS from newly-added contributors.pod
+ [8b192f2720f4]
+
+ * doc/CONTRIBUTORS:
+ Rework the wording in the leading paragraph
+ [312044145cdd]
+
+2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, doc/CONTRIBUTORS:
+ Add a CONTRIBUTORS file with the names of folks who have contributed
+ code or patches to sudo since I started maintaining it (plus the
+ original authors).
+ [b8bdd8b59528]
+
+2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Preserve SHELL variable for "sudo -s". Otherwise we can end up with
+ a situation where the SHELL variable and the actual shell being run
+ do not match.
+ [b8b3974aee3e]
+
+2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only enable Solaris project support when setproject() is present in
+ libproject.
+ [49ad7857ab89]
+
+ * sudo.pp:
+ Explicitly set mode and owner of /etc/sudoers instead of relying on
+ "cp -p" to work in the postinstall script. On AIX 6.1 at least the
+ postinstall script runs before the final file permissions are set.
+ [e41ffc0212b2]
+
+2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.pod, doc/sudoers.pod:
+ Refer the user to the "Command Environment" section in description
+ of sudo's -i option.
+ [263cc3be7eef]
+
+ * doc/sudo.pod:
+ Fix typo
+ [35dfac450f4d]
+
+2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdep.pl:
+ If there is no old dependency for an object file, use the MANIFEST
+ to find its source.
+ [d15e3b9899f9]
+
+ * compat/Makefile.in:
+ Remove dependency for getgrouplist.lo as we don't ship that source
+ file.
+ [312a6d5fe6b0]
+
+2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Do not declare yyparse() static as the actual function generated by
+ yacc is extern.
+ [9017b79dcf55]
+
+2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Remove locale files in "make uninstall"
+ [201ff261ecbe]
+
+ * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/uk.po, src/po/eu.po:
+ Add Basque translation and sync Finish and Ukranian translations.
+ [66d2c78c8a13]
+
+ * configure, configure.in:
+ FreeBSD no longer needs the main sudo binary to link with -lpam now
+ that plug-ins are loaded with RTLD_GLOBAL.
+ [96c710df2457]
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
+ problems with pam modules not having access to symbols provided by
+ libpam on some platforms. Affects FreeBSD and SLES 10 at least.
+ [0d016983ec84]
+
+ * Makefile.in:
+ Move xgettext invocation out of update-po target into update-pot
+ [19a73c6d017c]
+
+2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Regenerate .pot files for 1.8.2rc2
+ [c3037f591dd8]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Move nls targets to the top level Makefile so the paths in the pot
+ file are saner
+ [65b9285cd8d9]
+
+ * src/po/fi.mo:
+ Add compiled version of sudo Finish translation
+ [8f2405384ea3]
+
+ * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
+ Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
+ files
+ [a165e70fa9ec]
+
+ * configure, configure.in, plugins/sudoers/po/fi.po:
+ Add Finish translation from translationproject.org
+ [4466f8a96ceb]
+
+2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ The group named by exempt_group should not have a % prefix.
+ [df084d6b32c8]
+
+2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
+ [5113699a3f8b]
+
+2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c:
+ Fix compressed io log corruption in background mode by using _exit()
+ instead of exit() to avoid flushing buffers twice.
+
+ Improved background mode support. When not allocating a pty, the
+ command is run in its own process group. This prevents write access
+ to the tty. When running in a pty, stdin is not hooked up and we
+ never read from /dev/tty, which results in similar behavior.
+ [87c15149894c]
+
+ * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
+ Clean up regress files Generate proper dependencies for regress objs
+ in compat
+ [88bfc728c1e7]
+
+ * plugins/sudoers/Makefile.in:
+ Add missing dependency for check_fill.o.
+ [0bd6362e3e17]
+
+2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Add support for --enable-nls[=location]
+ [b90db44a050f]
+
+2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/linux_audit.c:
+ Include gettext.h
+ [7f909a6e48cb]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
+ Quiet gcc warnings.
+ [b41a6cdca583]
+
+ * configure, configure.in:
+ Don't install .mo files if gettext was not found.
+ [1397b34cc165]
+
+2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Always allocate a pty when running a command in the background but
+ call setsid() after forking to make sure we don't end up with a
+ controlling tty.
+ [b6454ba172e8]
+
+ * plugins/sudoers/iolog.c:
+ Add missing space between command name and the first command line
+ argument.
+ [fe217f0a36d4]
+
+ * plugins/sudoers/sudoreplay.c:
+ Quiet a compiler warning on some platforms.
+ [de9f2849f236]
+
+ * plugins/sudoers/po/README, src/po/README:
+ README file that directs people to translationproject.org
+ [30c0fc323281]
+
+ * plugins/sudoers/po/uk.po, src/po/fi.po:
+ Sync translations with TP
+ [1d7d64559cba]
+
+ * Makefile.in:
+ Add 'sync-po' target to top-level Makefile to rsync the po files
+ from translationproject.org.
+ [20508211aaa3]
+
+ * plugins/sudoers/Makefile.in:
+ install nls files from install target
+ [5fc07b6cab38]
+
+ * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
+ Include .mo files in sudo binary packags.
+ [278d4821a916]
+
+ * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
+ plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ Add simplified chinese translation
+ [2b33ffc755b9]
+
+2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/sudoers/po/uk.mo,
+ plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
+ Add ukranian translation
+ [2d8102688e93]
+
+ * compat/Makefile.in:
+ refer to siglist.c, not ./siglist.c since not all makes will treat
+ foo and ./foo the same.
+ [6639d293ffba]
+
+ * plugins/sudoers/sudoers.c:
+ Set def_preserve_groups before searching for the command when the -P
+ flag is specified.
+ [0edc7942f875]
+
+ * Makefile.in, compat/Makefile.in, mkdep.pl,
+ plugins/sudoers/Makefile.in:
+ Add dependency for siglist.lo in compat. This is a generated file so
+ "make depend" needs to depend on it.
+ [28d0932f8b50]
+
+ * compat/Makefile.in:
+ More dependency fixes.
+ [aad0d05cd020]
+
+ * compat/Makefile.in:
+ Fix a few dependencies.
+ [eb21aa35a032]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Place compiled mo files in the src dir, not the build dir. When
+ installing compiled mo files, display a status message.
+ [e15634c29cd3]
+
+2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Tivoli Directory Server requires that seconds be present in a
+ timestamp, even though RFC 4517 states that they are optional.
+ [55fe23dd4ef9]
+
+ * plugins/sudoers/sudo_nss.h:
+ Add missing bit of copyright
+ [d2eba3c364ca]
+
+ * doc/visudo.pod:
+ Mention cycle detection warnings
+ [a76bef15ab67]
+
+ * plugins/sudoers/visudo.c:
+ When checking aliases, also check the contents of the alias in case
+ there are problems with an alias that is referenced inside another.
+ Replace the self reference check with real alias cycle detection.
+ [a66c904cf53b]
+
+ * plugins/sudoers/alias.c:
+ Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
+ ENOENT in alias_find() and alias_remove() if the entry could not be
+ found.
+ [b4f0b89e433c]
+
+ * plugins/sudoers/visudo.c:
+ Increment alias_seqno before calls to alias_remove_recursive() to
+ avoid false positives with the alias loop detection. Fixes spurious
+ warnings about unused aliases when they are nested.
+ [a344483b8193]
+
+ * MANIFEST:
+ add mkdep.pl
+ [86b7ed33eab2]
+
+ * plugins/sudoers/Makefile.in:
+ Add dependency on convenience libs to binaries
+ [cd3078b3c997]
+
+ * Makefile.in:
+ mkdep.pl only works when run from the src dir
+ [f35a5e47c944]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
+ Auto-generate Makefile dependencies with a perl script.
+ [a3e4afcd7975]
+
+2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ If the user specifies a runas group via sudo's -g option that
+ matches the runas user's group in the passwd database and that group
+ is not denied in the Runas_Spec, allow it. Thus, if user root's gid
+ in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
+ no groups are present in the Runas_Spec.
+ [e3f9732dc564]
+
+2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Add dependencies on gettext.h
+ [a3a9dc51f78b]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix install-nls target with HP-UX sh when gettext is not present.
+ [0c6b9655cd41]
+
+2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
+ src/Makefile.in, src/po/sudo.pot:
+ regenerate .pot files for lbuf changes
+ [918ded125a0b]
+
+ * configure, configure.in:
+ Add missing "checking" message for gettext when using the cache.
+ [9c21187ad1d2]
+
+ * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
+ src/parse_args.c:
+ Add primitive format string support to the lbuf code to make
+ translations simpler.
+ [ee71c7ef5299]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
+ Add message catalog template files for sudo and the sudoers module.
+ [f3f8acb1f014]
+
+ * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
+ config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
+ src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Add gettext.h convenience header. This is similar to but distinct
+ from the one included with the gettext package.
+ [930a0591f73c]
+
+2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add checks for nroff -c and -Tascii flags
+ [19ca990b3149]
+
+ * configure, configure.in:
+ Add check for HP bundled C Compiler (which cannot create shared
+ libs)
+ [517716a7072d]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix C format warnings.
+ [6514326013fa]
+
+ * include/error.h:
+ Add __printflike
+ [e1749a30a406]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/parse_args.c:
+ Translate help / usage strings.
+ [ee1cc9b1a8bd]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Set --msgid-bugs-address to the bugzilla url
+ [5a0aa250ca21]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
+ configure.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
+ Add scaffolding to update .po files and install .mo files.
+ [f05f4eed1fe1]
+
+ * doc/license.pod:
+ update copyright year
+ [fa0c62523875]
+
+ * INSTALL, README:
+ No need to include version number at the top of these files.
+ [9f2981325351]
+
+2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c:
+ Minor warning/error cleanup
+ [9236dc85aeab]
+
+ * config.h.in, configure.in:
+ Emulate ngettext for the non-nls case
+ [13571d63fa36]
+
+ * plugins/sudoers/ldap.c:
+ Do not mark untranslatable strings for translation
+ [735f5d4413fe]
+
+ * plugins/sudoers/check.c:
+ Use ROOT_UID not 0.
+ [09a268db8da4]
+
+ * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
+ src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
+ Minor warning/error message cleanup
+ [3c7b1a7939b5]
+
+ * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c, src/net_ifs.c, src/selinux.c:
+ cannot -> "unable to" in warning/error messages
+ [31c3897649e9]
+
+ * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
+ src/sudo.c, src/utmp.c:
+ can't -> "unable to" in warning/error messages
+ [127b75f15291]
+
+ * configure, configure.in:
+ FreeBSD needs the main sudo executable to link with -lpam when
+ loading dynaic pam modules for some reason.
+ [944522cc9bef]
+
+2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
+ We don't want to translate debugging messages.
+ [56a1a365815a]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/sesh.c, src/sudo.c:
+ Add calls to bindtextdomain() and textdomain() Currently there are
+ two domains, one for the sudo front-end and one for the sudoers
+ plugin and its associated utilities.
+ [0426138f789e]
+
+ * configure, configure.in:
+ Fix caching of libc gettext check.
+ [942142d2c43a]
+
+ * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/mkdefaults:
+ Mark defaults descriptions for translation
+ [5b27f018e6cf]
+
+ * NEWS:
+ Update for sudo 1.8.1p2
+ [747c4dee2ca7]
+
+2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Quiet compiler warning when SELinux is enabled.
+ [1fbf77dda240]
+
+ * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
+ src/error.c, src/net_ifs.c, src/sesh.c:
+ Add missing includes of libintl.h.
+ [bc1d66316082]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix gettext marker.
+ [a5cf4ed66c66]
+
+ * common/aix.c, common/alloc.c, compat/strsignal.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
+ Include libint.h where needed.
+ [2b0e5a663c7b]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
+ Prepare sudoers module messages for translation.
+ [7212ae1909c5]
+
+ * plugins/sudoers/sudoers.c:
+ Only check gid of sudoers file if it is group-readable.
+ [50e3bc0cb242]
+
+ * plugins/sudoers/auth/aix_auth.c:
+ For AIX, keep calling authenticate() until reenter reaches 0.
+ [e240815b74b1]
+
+2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Cache the status of the initial gettext() check.
+ [32751ebe1704]
+
+ * INSTALL, configure, configure.in:
+ Add --disable-nls flag and improve checks for gettext.
+ [c7e6b17052de]
+
+ * configure, configure.in:
+ When building with gcc on HP-UX, use -march=1.1 to produce portable
+ binaries on a pa-risc2 host. Previously, the +Dportable option was
+ used for the HP-UX C compiler but gcc always produced native
+ binaries.
+ [8f4c749324d7]
+
+2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
+ src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
+ src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
+ src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
+ Prepare sudo front end messages for translation.
+ [2fc2fabceccb]
+
+2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
+ Add initial scaffolding to support localization via gettext()
+ [7d47b59fcf95]
+
+ * compat/fnmatch.h, compat/glob.h:
+ Don't let the fnmatch/glob macros expand the function prototype.
+ [a9014aa0288e]
+
+2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
+ Resolve namespace collisions on HP-UX ia64 and possibly others by
+ adding a rpl_ prefix to our fnmatch and glob replacements and
+ #defining rpl_foo to foo in the header files.
+ [caa9b690a15d]
+
+2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Split ALL, ROLE and TYPE into their own actions. Since you can only
+ have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
+ the non-SELinux case. This is safe because the actions are in one
+ big switch() statement.
+ [7473fc2cfa2c]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
+ [9be3480c2865]
+
+2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE, doc/sudoers.pod:
+ askpass moved from sudoers to sudo.conf in sudo 1.8.0
+ [b2c2956cec4e]
+
+ * doc/sudoers.pod:
+ Remove obsolete warning about runas_default and ordering. Move
+ syslog facility and priority lists into the section where the
+ relevant options are described.
+ [e57b8dc3f779]
+
+2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sia.c:
+ Fix SIA support; we no longer have access to the real argc and argv
+ so allocate space for a fake one and use the argv passed to the
+ plugin with "sudo" for argv[0].
+ [1c0552772ad2]
+
+2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/net_ifs.c:
+ Remove useless realloc when trying to get the buffer size right.
+ [792225380a62]
+
+ * plugins/sudoers/set_perms.c:
+ Be explicit when setting euid to 0 before call to setreuid(0, 0)
+ [7bfeb629fccb]
+
+2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Need to do checks for krb5_verify_user, krb5_init_secure_context and
+ krb5_get_init_creds_opt_alloc regardless of whether or not
+ krb5-config is present.
+ [9d1b98ece1d3]
+
+2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ Work around weird AIX saved uid semantics on setuid() and
+ setreuid(). On AIX, setuid() will only set the saved uid if the euid
+ is already 0.
+ [069fc08150ca]
+
+2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ update copyright year
+ [1c42d579ba6e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Treat a missing includedir like an empty one and do not return an
+ error.
+ [92f71d8cbfd4]
+
+2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Fix ARCH setting in cross-compile Solaris packages.
+ [b0de281cc889]
+
+ * sudo.pp:
+ Fix aix version setting.
+ [98437dbfb085]
+
+ * plugins/sudoers/ldap.c:
+ Remove extraneous parens in LDAP filter when sudoers_search_filter
+ is enabled that causes a search error. From Matthew Thomas.
+ [1d75bf1fc8d9]
+
+2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ Correct sizeof() to fix test failure.
+ [fd2f7c0c0572]
+
+ * plugins/sudoers/Makefile.in:
+ "install" target should depend on "install-dirs". Fixes "make -j"
+ problem and closes bz #487. From Chris Coleman.
+ [083902d38edb]
+
+2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add HAVE_RFC1938_SKEYCHALLENGE
+ [a94cb33758a8]
+
+2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention plugin loading and libgcc changes
+ [e11b30b5026a]
+
+ * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
+ Load plugins after parsing arguments and potentially printing the
+ version. That way, an error loading or initializing a plugin doesn't
+ break "sudo -h" or "sudo -V".
+ [1b76f2b096a2]
+
+ * Makefile.in:
+ When using a sub-shell to invoke the sub-make, exec make instead of
+ running it inside the shell to avoid an extra process.
+ [fd2c04a71fbf]
+
+ * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
+ Stop testing unspecified behavior in fnmatch Make glob test more
+ portable
+ [229803093725]
+
+ * compat/Makefile.in:
+ No need to add current dir to include path and having it breaks the
+ test programs that expect to get the system glob.h and fnmatch.h
+ [68085f624be4]
+
+ * INSTALL, configure, configure.in:
+ Fix and document --with-plugindir; partially from Diego Elio Petteno
+ [07edc52ea89e]
+
+ * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
+ compat/regress/glob/globtest.in:
+ Fix fnmatch and glob tests to not use hard-coded flag values in the
+ input file. Link test programs with libreplace so we get our
+ replacement verions as needed.
+ [c2cca448f660]
+
+ * Makefile.in:
+ If make in a subdir fails, fail the target in the upper level
+ Makefile too. Adapted from a patch from Diego Elio Petteno
+ [76fc9a0d96fd]
+
+ * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
+ Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
+ has this. Adapted from a patch from Diego Elio Petteno
+ [a97279a59b93]
+
+ * plugins/sudoers/Makefile.in:
+ Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
+ directly.
+ [47b884029b3b]
+
+ * configure, configure.in:
+ Fix warnings when -without-skey, --without-opie, --without-kerb4,
+ --without-kerb5 or --without-SecurID were specified.
+ [71ad150f4d24]
+
+ * MANIFEST:
+ Add plugins/sudoers/sudoers_version.h
+ [7423966de440]
+
+ * configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
+ Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
+ now include LDFLAGS in the sudoers Makefile.in. Add missing settng
+ of @LDFLAGS@ in plugin Makefile.in files.
+ [b835826f889c]
+
+2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention %#gid support in User_List and Runas_List
+ [5a983dff017a]
+
+ * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/visudo.c:
+ Keep track of sudoers grammar version and report it in the -V
+ output.
+ [52901a3c0296]
+
+ * plugins/sudoers/sudo_nss.h:
+ Add multiple inclusion guard
+ [50853aed046e]
+
+ * configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
+ The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
+ LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
+ set it to -Wc,-static-libgcc if not using GNU ld so we don't have a
+ dependency on the shared libgcc in sudoers.so.
+ [66ad8bc5e32d]
+
+ * doc/sudoers.pod:
+ Fix typo; from Petr Uzel
+ [f9a7afd80892]
+
+2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ In dump-only mode, use "root" as the default username instead of
+ "nobody" as the latter may not be available on all systems.
+ [0c48e6414337]
+
+2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c:
+ Remove NewArgv/NewArgc, they are no longer needed.
+ [16e18f734c7e]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix setting of user_args
+ [aa29e0d0a54a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add '!' token to lex tracing
+ [5227ad266235]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh:
+ Use group bin in test, not wheel as most systems have the bin group
+ but the same is no longer true of wheel.
+ [718802b3b45e]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Avoid using pre or post increment in a parameter to a ctype(3)
+ function as it might be a macro that causes the increment to happen
+ more than once.
+ [78e281152c3a]
+
+2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Strip off the beta or release candidate version when building AIX
+ packages.
+ [28fe31668559]
+
+ * configure, configure.in:
+ We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
+ structure checks for glibc which only has __e_termination visible
+ when _GNU_SOURCE is *not* defined.
+ [59ae1698911f]
+
+ * common/aix.c:
+ getuserattr(user, ...) will fall back to the "default" entry
+ automatically, there's no need to check "default" manually.
+ [3c7a47a61fdb]
+
+2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE:
+ Document parser changes.
+ [ec415503308d]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ If there is an existing sudoers file, only install if it passes a
+ syntax check.
+ [37427c73e8cb]
+
+ * plugins/sudoers/regress/sudoers/test6.out.ok,
+ plugins/sudoers/testsudoers.c:
+ Add runasgroup support to testsudoers
+ [047ea5571f33]
+
+ * plugins/sudoers/Makefile.in:
+ For "make check", keep going even if a test fails.
+ [ce6a0a73c372]
+
+ * plugins/sudoers/testsudoers.c:
+ More useful exit codes:
+ * 0 - parsed OK and command matched.
+ * 1 - parse error
+ * 2 - command not matched
+ * 3 - command denied
+ [1d2ce1361903]
+
+ * doc/sudoers.pod:
+ Document %#gid, and %:#nonunix_gid syntax.
+ [492d4f9696c4]
+
+ * plugins/sudoers/pwutil.c:
+ Add support to user_in_group() for treating group names that begin
+ with a '#' as gids.
+ [20240c94a134]
+
+ * config.h.in, configure, configure.in, src/utmp.c:
+ Add explicit check for struct utmpx.ut_exit.e_termination and struct
+ utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
+ ut_exit if we detect one or the other.
+ [b4e8cab777e6]
+
+2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c:
+ Add back missing #include of config.h
+ [9ab3897a1b2e]
+
+ * plugins/sudoers/iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data:
+ Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
+ strftime() does.
+ [93395762cdcd]
+
+ * aclocal.m4:
+ Quote first argument to AC_DEFUN(); from Elan Ruusamae
+ [97f53ad31d77]
+
+2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ add new sudoers tests
+ [476af91b3da3]
+
+ * plugins/sudoers/regress/sudoers/test8.in,
+ plugins/sudoers/regress/sudoers/test8.out.ok,
+ plugins/sudoers/regress/sudoers/test8.toke.ok:
+ Add test for a newline in the middle of a string when no line
+ continuation character is used.
+ [de2394bc86ab]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Use bitwise AND instead of modulus to check for length being odd. A
+ newline in the middle of a string is an error unless a line
+ continuation character is used.
+ [bdb1d762a1d5]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Move lexer globals initialization into init_lexer.
+ [1ce62211aadb]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix a potential crash when a non-regular file is present in an
+ includedir. Fixes bz #452
+ [1586760c3525]
+
+ * pp:
+ On some Linux systems, "uname -p" contains detailed processor info
+ so check "uname -m" first and then "uname -p" if needed. Recognize
+ PLD Linux.
+ [b8535cb9012e]
+
+2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/redblack.c:
+ Don't need all sudoers.h here.
+ [8c0929f42dab]
+
+ * src/sudo.c:
+ Print sudo version early, in case policy plugin init fails.
+ [47cddc4358bc]
+
+2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test4.toke.ok:
+ Update to match change in input.
+ [4a3af8e68790]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Make an empty group or netgroup a syntax error.
+ [66f51ddc2ff6]
+
+ * plugins/sudoers/regress/sudoers/test7.in,
+ plugins/sudoers/regress/sudoers/test7.out.ok,
+ plugins/sudoers/regress/sudoers/test7.toke.ok:
+ An empty group or netgroup should be a syntax error.
+ [bd5bf1e2edce]
+
+ * plugins/sudoers/regress/sudoers/test6.in,
+ plugins/sudoers/regress/sudoers/test6.out.ok,
+ plugins/sudoers/regress/sudoers/test6.toke.ok:
+ Check that uids work in per-user and per-runas Defaults Check that
+ uids and gids work in a Command_Spec
+ [c5e848e6082b]
+
+ * plugins/sudoers/regress/sudoers/test5.in,
+ plugins/sudoers/regress/sudoers/test5.out.ok,
+ plugins/sudoers/regress/sudoers/test5.toke.ok:
+ Test empty string in User_Alias and Command_Spec
+ [3a084d777e03]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Allow a group ID in the User_Spec.
+ [bc2859eb71dc]
+
+2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Return an error for the empty string when a word is expected. Allow
+ an ID for per-user or per-runas Defaults.
+ [915c259b00ff]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix printing "User_Alias FOO = ALL"
+ [ba58c3d548b3]
+
+2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Better error message about invalid -C argument
+ [c9a8d15bbf5d]
+
+ * NEWS:
+ fix typo
+ [cdcfbafed013]
+
+ * doc/sudoers.pod:
+ Fix placement of equal size ('=') in user specification summary.
+ [5ad7178b230d]
+
+2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ update to match sudoers regress
+ [e04db0648717]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Restore ability to define TRACELEXER and have trace output go to
+ stderr.
+ [d9531e4d1b20]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Restore old behavior of setting sawspace = TRUE for command line
+ args when a line continuation character is hit to avoid causing
+ problems for existing sudoers files.
+ [fd930ad25550]
+
+ * plugins/sudoers/regress/sudoers/test4.in,
+ plugins/sudoers/regress/sudoers/test4.out.ok,
+ plugins/sudoers/regress/sudoers/test4.toke.ok:
+ Add test for line continuation and aliases
+ [29ab538ca6bb]
+
+ * plugins/sudoers/Makefile.in:
+ Make test output line up nicely for parse vs. toke
+ [257ef82c1434]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/sudoers/test1.in,
+ plugins/sudoers/regress/sudoers/test1.out.ok,
+ plugins/sudoers/regress/sudoers/test1.toke.ok,
+ plugins/sudoers/regress/sudoers/test2.in,
+ plugins/sudoers/regress/sudoers/test2.out.ok,
+ plugins/sudoers/regress/sudoers/test2.toke.ok,
+ plugins/sudoers/regress/sudoers/test3.in,
+ plugins/sudoers/regress/sudoers/test3.out.ok,
+ plugins/sudoers/regress/sudoers/test3.toke.ok,
+ plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test1.out.ok,
+ plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Move parser tests to sudoers directory and test the tokenizer output
+ too.
+ [44f529b3cdb6]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ If we match a rule anchored to the beginning of a line after parsing
+ a line continuation character, return an ERROR token. It would be
+ nicer to use REJECT instead but that substantially slows down the
+ lexer.
+ [355478293f8c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Move LEXTRACE macro to toke.h so we can use it in yyerror().
+ [72ee7a06d3ca]
+
+2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Make lex tracing settable at run-time in testsudoers via the -t
+ flag. Trace output goes to stderr. Will be used by regress tests to
+ check lexer.
+ [93bd53c413c8]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Allow whitespace after the modifier in a Defaults entry. E.g.
+ "Defaults: username set_home"
+ [9dfcf8dd8a3a]
+
+2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Don't set CC when cross-compiling.
+ [4b95b0c04e1c]
+
+ * NEWS:
+ Credit Matthew Thomas for the sudoers_search_filter changes.
+ [a65998ab09f7]
+
+ * MANIFEST:
+ Add the .sym files to the MANIFEST
+ [f599225cc861]
+
+ * NEWS:
+ Update for sudo 1.8.1 beta
+ [71021e854c49]
+
+ * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
+ user_shell -> run_shell to avoid confusion with the user's SHELL
+ variable.
+ [dc0ac6dafc21]
+
+ * src/exec_pty.c:
+ Save the controlling tty process group before suspending in pty
+ mode. Previously, we assumed that the child pgrp == child pid (which
+ is usually, but not always, the case).
+ [10b2883b7875]
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for sudoers_search_filter setting in ldap.conf. This can
+ be used to restrict the set of records returned by the LDAP query.
+ [b0f1b721d102]
+
+2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove the hack to disable -g in CFLAGS unless --with-devel
+ [89822cf84ef4]
+
+ * doc/sudoers.pod:
+ The '@' character does not normally need to be quoted.
+ [7823f5ed829a]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
+ if that whitespace is followed by a comma, we want to treat it as
+ part of a list and not transition.
+ [1ca6943e1824]
+
+ * plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh:
+ Add check for whitespace when a User_List is used for a per-user
+ Defaults entry.
+ [91f75e6dd19a]
+
+ * plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh:
+ Expand quoted name checks to cover recent fixes.
+ [ce4f76bca146]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix parsing of double-quoted names in Defaultd and Aliases which was
+ broken in 601d97ea8792.
+ [424b0d6c1dc4]
+
+ * plugins/sudoers/Makefile.in:
+ toke_util.c lives in $(srcdir) not $(devdir)
+ [94866bebee83]
+
+2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Change trunk version to 1.8.x to distinguish from real 1.8.0.
+ [a9781e61d064]
+
+ * NEWS, doc/UPGRADE:
+ Document major changes in 1.8.1 and add upgrade notes.
+ [f2cf51b0d9ce]
+
+ * plugins/sudoers/match.c:
+ Be careful not to deref user_stat if it is NULL. This cannot
+ currently happen in sudo but might in other programs using the
+ parser.
+ [06a2334dd674]
+
+ * mkpkg:
+ configure will not add -O2 to CFLAGS if it is already defined to add
+ -O2 to the CFLAGS we pass in when PIE is being used.
+ [1ce6481ece59]
+
+ * doc/sudoers.pod:
+ Warn about the dangers of log_input and mention iolog_file and
+ iolog_dir in the log_input and log_output descriptions.
+ [ae854ffb0768]
+
+ * pp:
+ sync with git version
+ [a993e39ce3cb]
+
+ * doc/sudoers.pod:
+ It seems that h comes after i
+ [0f621109220d]
+
+ * doc/sudoers.pod:
+ Move log_input and log_output to their proper, sorted, location.
+ Document set_utmp and utmp_runas.
+ [273b234b9c34]
+
+ * src/exec.c:
+ Save the controlling tty process group before suspending so we can
+ restore it when we resume. Fixes job control problems on Linux
+ caused by the previous attemp to fix resuming a shell when I/O
+ logging not enabled.
+ [f03a660315ee]
+
+ * common/lbuf.c:
+ Fix printing of the remainder after a newline. Fixes "sudo -l"
+ output corruption that could occur in some cases.
+ [25d83fb501fc]
+
+2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/exec_pty.c,
+ src/sudo_exec.h, src/utmp.c:
+ Add support for ut_exit
+ [b574c13f1bba]
+
+ * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
+ src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
+ Add support for controlling whether utmp is updated and which user
+ is listed in the entry.
+ [44a81632133f]
+
+ * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
+ plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
+ plugins/sudoers/parse.c:
+ Fix typo; tupple vs. tuple
+ [697744acb710]
+
+ * src/utmp.c:
+ For legacy utmp, strip the /dev/ prefix before trying to determine
+ slot since the ttys file does not include the /dev/ prefix.
+ [7ad5b81ff90c]
+
+ * aclocal.m4, configure, configure.in, pathnames.h.in:
+ Add check for _PATH_UTMP
+ [21e638029bfd]
+
+2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ Adapt check_iolog_path to sessid changes
+ [728b5fe2be6f]
+
+ * config.h.in, configure, configure.in, src/Makefile.in,
+ src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
+ Redo utmp handling. If no getutent()/getutxent() is available,
+ assume a ttyslot-based utmp. If getttyent() is available, use that
+ directly instead of ttyslot() so we don't have to do the stdin dup2
+ dance.
+ [18aa455cd140]
+
+2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
+ src/utmp.c:
+ Move utmp handling into utmp.c
+ [f6eae6c8e012]
+
+ * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
+ compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/logging.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
+ src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/tgetpass.c:
+ Update copyright years.
+ [16aa39f9060a]
+
+ * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/parse_args.c:
+ Add "user_shell" boolean as a way to indicate to the plugin that the
+ -s flag was given.
+ [fb1ef0897b32]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.h:
+ Move sessid out of sudo_user.
+ [ba298ddb57f4]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Log the TSID even if it is not a simple session ID.
+ [d7cc1b9c513c]
+
+ * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
+ Document noexec in sample.sudo.conf and add back noexec_file section
+ in sudoers with a note that it is deprecated.
+ [4a6e961e494d]
+
+ * plugins/sudoers/set_perms.c:
+ Fix running commands as non-root on systems where setreuid() changes
+ the saved uid based on the effective uid we are changing to.
+ [df0769b71b34]
+
+2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
+ src/sudo.h:
+ Move noexec path into sudo.conf now that sudo itself handles noexec.
+ Currently can be configured in sudoers too but is now undocumented
+ and will be removed in a future release.
+ [6fa8befdc110]
+
+ * doc/sudo.pod, doc/sudoers.pod:
+ Document "Path noexec ..." in sudo.conf. No longer document
+ noexec_file in sudoers, it will be removed in a future release.
+ [24eee3a0b3e5]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
+ Move noexec handling to sudo front-end where it is documented as
+ being.
+ [3ed4f10d7052]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
+ src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
+ src/sudo_exec.h:
+ Add support for disabling exec via solaris privileges. Includes
+ preparation for moving noexec support out of sudoers and into front
+ end as documented.
+ [dec843ed553e]
+
+ * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
+ plugins/sample_group/Makefile.in,
+ plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
+ plugins/sudoers/sudoers.sym:
+ Only export the symbols corresponding to the plugin structs.
+ [8d8d03b0ca54]
+
+ * configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
+ Install plugins manually instead of using libtool. This works around
+ a problem on AIX where libtool will install a .a file containing the
+ .so file instead of the .so file itself.
+ [796971cfbddb]
+
+ * Makefile.in:
+ Move check into its own rule since some versions of make will run
+ both targets as the default rule.
+ [34d759979176]
+
+ * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4:
+ Update to libtool 2.2.10
+ [34c130de6af7]
+
+2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ In handle_signals(), restart the read() on EINTR to make sure we
+ keep up with the signal pipe. Don't return -1 on EAGAIN, it just
+ means we have emptied the pipe.
+ [d5b9c8eb9000]
+
+ * compat/mktemp.c:
+ Reorder functions to quiet a compiler warning.
+ [c9e9a23729f0]
+
+ * mkpkg:
+ Use the Sun Studio C compiler on Solaris if possible
+ [11a86e27891e]
+
+2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Fix default setting of osversion variable.
+ [52e49ca1cedd]
+
+ * doc/sudo_plugin.pod:
+ Make two login_class entris consistent.
+ [18ff1fa94a91]
+
+ * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
+ src/sudo_exec.h:
+ Add support for adding a utmp entry when allocating a new pty.
+ Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
+ Currently only creates a new entry if the existing tty has a utmp
+ entry.
+ [32db72b81d80]
+
+ * plugins/sudoers/boottime.c:
+ Avoid pulling in headers we don't need on Linux For getutx?id(),
+ call setutx?ent() first and always call endutx?ent().
+ [5dad21e1ee1b]
+
+ * configure, configure.in:
+ Add some more libs to SUDOERS_LIBS instead of relying on them to be
+ pulled in by SUDO_LIBS.
+ [18a7c21c09a7]
+
+ * plugins/sudoers/sudoers.c:
+ Fix return value of "sudo -l command" when command is not allowed,
+ broken in [c7097ea22111]. The default return value is now TRUE and a
+ bad: label is used when permission is denied. Also fixed missing
+ permissions restoration on certain errors. On error()/errorx(), the
+ password and group files are now closed before returning.
+ [4f2d0e869ae5]
+
+2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
+ Fix passing of login class back to sudo front end.
+ [6f70a784ce48]
+
+ * mkpkg:
+ Add --osversion flag to specify OS instead of running "pp
+ --probeonly"
+ [a8efdccb7bc1]
+
+ * sudo.pp:
+ Fix expr usage w/ GNU expr
+ [48895599ee63]
+
+2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix exit value for validate and list mode.
+ [c7097ea22111]
+
+ * plugins/sudoers/sudoers.c:
+ Fix non-interactive mode with sudoers plugin.
+ [172f29597bd2]
+
+2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoreplay.pod:
+ sudoreplay can now find IDs other than %{seq} and display the
+ session.
+ [fc3dd3be67e9]
+
+2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Add support for replaying sessions when iolog_file is set to
+ something other than %{seq}.
+ [ca3131243874]
+
+ * plugins/sudoers/visudo.c:
+ If we are killed by a signal, display the name of the signal that
+ got us.
+ [994bb76a990e]
+
+ * configure, configure.in:
+ Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
+ where they belong.
+ [40f94b936fa4]
+
+ * configure.in:
+ Fix bug in skey/opie check that could cause a shell warning.
+ [83c043072be5]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ No longer need sudo_getepw() stubs.
+ [bbee15c36912]
+
+2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Fix exit value of "sudo -l command" in sudoers module.
+ [a6541867521b]
+
+2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/regress/glob/globtest.c:
+ Use fgets() not fgetln() for portability.
+ [df1bb67fb168]
+
+ * sudo.pp:
+ Don't use the beta or release candidate version as the rpm release.
+ [d661ef78021a]
+
+2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ version 1.8.0
+ [f6530d56f6ae] [SUDO_1_8_0]
+
+ * NEWS:
+ update sudo 1.8 section
+ [f2ee2cf95d18]
+
+2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test2.sh:
+ fix test description
+ [cd5730fa9f09]
+
+ * plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ convert test2 to use testsudoers
+ [b5ec3f0b69f1]
+
+ * include/sudo_plugin.h, src/sudo_plugin_int.h:
+ Move struct generic_plugin to sudo_plugin_int.h
+ [6f7bc629329c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Allow sudoers file name, mode, uid and gid to be specified in the
+ settings list. The sudo front end does not currently set these but
+ may in the future.
+ [22f38a0fda2a]
+
+2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ 1.8.0rc1
+ [5d4588b9c057]
+
+ * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/parse_args.c, src/sudo.h:
+ add help text to sudo, visudo and sudoreplay for the -h option
+ [52e7378d8476]
+
+2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/snprintf.c:
+ avoid using "howmany" for a parameter name since it is a select-
+ related macro
+ [a14d565401a1]
+
+ * doc/sudoers.pod:
+ mention group_plugin when describing nonunix_group
+ [e0d1d0034b17]
+
+ * doc/sudo_plugin.pod:
+ Add missing period at end of sentence
+ [6744d7e9056d]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ add localstatedir; closes bug 471
+ [7aefcab85088]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
+ src/exec.c, src/exec_pty.c:
+ The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
+ Bug 470
+ [927ed6740f32]
+
+ * configure.in:
+ add missing AH_TEMPLATE for ENV_RESET
+ [16300010c986]
+
+ * src/exec.c:
+ SVR5 systems return non-zero for success on socketpair(), check for
+ -1 instead. Closes Bug 469
+ [4d276494bf8e]
+
+2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ 1.8.0b5
+ [d611cd5d73d3]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [85e96eeaed82]
+
+ * doc/sudo.pod:
+ Document that a sudo.conf file with no Pligin lines uses the default
+ sudoers plugins.
+ [88bd52da977f]
+
+ * src/load_plugins.c:
+ If sudo.conf contains no Plugin lines, use the default sudoers
+ policy and I/O plugins.
+ [fd8f4cb811ab]
+
+2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Avoid printing empty "Runas and Command-specific defaults for user"
+ line.
+ [2dd330fe4f8b]
+
+ * common/lbuf.c:
+ Truncate the buffer at buf.len before printing in the non-wordwrap
+ case.
+ [901e9833f80d]
+
+ * common/lbuf.c:
+ Remove extra newline when the tty width is very small or unavailable
+ [245c05506c0e]
+
+2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/alias.c:
+ Remove unneeded variable.
+ [2c086d30b796]
+
+2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Prefer getutxid over getutid
+ [3f3322e9c93e]
+
+ * plugins/sudoers/boottime.c:
+ Include utmp.h / utmpx.h before missing.h as apparently including it
+ afterwards causes a compilation problem on GNU Hurd.
+ [a528029ae962]
+
+2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
+ #include "foo.h", not <foo.h> for local includes.
+ [f65ec693998e]
+
+ * src/parse_args.c:
+ remove bogus XXX
+ [9136c17d53ce]
+
+ * compat/mksiglist.c:
+ Fix typo
+ [1a3bb7b455c9]
+
+ * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c:
+ return foo not return(foo)
+ [5c9e0647359a]
+
+2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Remove duplicate FD_SET of signal_pipe[0]
+ [3096527d2215]
+
+2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/mksiglist.c:
+ Use "missing.h" not <missing.h> in generated code.
+ [d8e09cffbe09]
+
+2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure:
+ fix --with-iologdir=no
+ [a89699cb5f5f]
+
+ * aclocal.m4, configure:
+ fix typo that broke --with-iologdir
+ [91b54eb22403]
+
+2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ Bump version to 1.8.0b4
+ [e2b7f2cdc02e]
+
+ * NEWS:
+ sync
+ [decf5a0a8a33]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Attempt to clarify how users and groups interact in Runas_Specs
+ [e6fb3a2dbd77]
+
+ * plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for quoted group that contains escaped double quotes
+ [44596c48c629]
+
+ * src/exec.c, src/exec_pty.c:
+ Pass SIGUSR1/SIGUSR2 through to the child.
+ [c3108a827b01]
+
+ * src/exec_pty.c, src/sudo_exec.h:
+ Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
+ SIGUSR2 to indicate whether the child should be continued in the
+ foreground or background.
+ [35ca47cc6785]
+
+ * src/exec.c:
+ Use pid_t not int and check the return value of kill()
+ [36ae7d37d7f9]
+
+2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Remove obsolete comment
+ [baebef4919f6]
+
+ * src/exec.c:
+ In non-pty mode before continuing the child, make it the foreground
+ pgrp if possible. Fixes resuming a shell.
+ [fef5b1d02ddb]
+
+ * src/exec_pty.c:
+ If we get a signal other than SIGCHLD in the monitor, pass it
+ directly to the child.
+ [b3ecb28163a0]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.h:
+ Save signal state before changing handlers and restore before we
+ execute the command.
+ [faf7475dc4bf]
+
+2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Use a char array to map a number to a base36 digit.
+ [257576c51f8b]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
+ Be clear about what versions of sudo support new LDAP attributes.
+ Fix up some formatting of attribute names. Minor other tweaks.
+ [39f65df71f65]
+
+2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ match quoted strings the same way whether in a Defaults line or as a
+ user/group/netgroup name. Fixes escaped double quotes in quoted
+ user/group/netgroup names.
+ [601d97ea8792]
+
+ * plugins/sudoers/Makefile.in:
+ 'make check' depends on visudo and testsudoers
+ [127c5a24df8f]
+
+ * plugins/sudoers/sudoers2ldif:
+ Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
+ [9029163a58c3]
+
+2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE:
+ Mention LDAP attribute compatibility status.
+ [2c3595aaec63]
+
+2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Mention phpQLAdmin
+ [9304c9064fbe]
+
+ * INSTALL, NEWS, config.h.in, configure, configure.in,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
+ Add --disable-env-reset configure option.
+ [8a753aa13a46]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document that sudoers_locale also affects logging and email.
+ [998d6ac11277]
+
+ * NEWS, config.h.in, configure, configure.in,
+ plugins/sudoers/logging.c:
+ Do logging and email sending in the locale specified by the
+ "sudoers_locale" setting ("C" by default). Email send by sudo
+ includes MIME headers when the sudoers locale is not "C".
+ [cb7e55408400]
+
+2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix indentation
+ [65ae7e92b9e4]
+
+2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, src/parse_args.c, src/sudo.c:
+ Perform command escaping for "sudo -s" and "sudo -i" after
+ validating sudoers so the sudoers entries don't need to have all the
+ backslashes.
+ [4e168c103f4b]
+
+2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Prepend "list " to the command logged when "sudo -l command" is used
+ to make it clear that the command was listed, not run.
+ [f392a6056cd6]
+
+ * plugins/sudoers/parse.c:
+ cosmetic change
+ [7c0951dbc2dd]
+
+ * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
+ common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/regress/glob/globtest.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo_noexec.c, src/tgetpass.c:
+ standardize on "return foo;" rather than "return(foo);" or "return
+ (foo);"
+ [32d76c5aaf8c]
+
+ * plugins/sudoers/sudoers.c:
+ Do not reject sudoers file just because it is root-writable.
+ [0febc579185b]
+
+2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [1ab03f8278ff]
+
+ * plugins/sudoers/sudo_nss.c:
+ For "sudo -U user -l" if user is not authorized on the host, say so.
+ [289afe6dd15c]
+
+ * plugins/sudoers/ldap.c:
+ In sudo_ldap_lookup(), always do the initial sudoers check as the
+ invoking user. If we are listing another user's privs we will do a
+ separate lookup using list_pw later.
+ [e52bc15de76d]
+
+2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ add parser fill tests
+ [4f65140d3515]
+
+ * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Don't test features not supported by the bundled glob()
+ [8ec7ace11949]
+
+ * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
+ compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
+ doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
+ Update copyright year to 2011
+ [ac1b45cb1809]
+
+ * plugins/sudoers/sudo_nss.c:
+ When listing, use separate lbufs for the defaults and the privileges
+ and only print something if the number of privileges is non-zero.
+ Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
+ [d0854d39f8ef]
+
+ * plugins/sudoers/ldap.c:
+ Stash pointer to user group vector in LDAP handle and only reuse the
+ query if it has not changed. We always allocate a new buffer when we
+ reset the group vector so a simple pointer check is sufficient.
+ [88861d4eba69]
+
+ * plugins/sudoers/sudo_nss.c:
+ Check initgroups() return value.
+ [3bdaf58408a7]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Add tests for the fill functions in toke_util.c
+ [bca587ab4956]
+
+2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ fix copyright year
+ [e2038cdaf055]
+
+ * NEWS:
+ sync
+ [56ca5d5eaebe]
+
+2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/term.c:
+ Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
+ [b91f266624ec]
+
+2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Add Requires line for audit-libs >= 1.4 for RHEL5+
+ [6c02f976171b]
+
+ * pp:
+ sync with git version
+ [d301c32d5865]
+
+2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ fix typo
+ [39353f92976f]
+
+2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.7.4p5
+ [b444da76901f]
+
+ * doc/schema.OpenLDAP, doc/schema.iPlanet:
+ Add sudoNotBefore and sudoNotAfter attributes as optional attributes
+ to the sudoRole object class. From Andreas Mueller
+ [dacfad7e7a95]
+
+2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention "sudo -g group" password check fix.
+ [1eb8fb14e53b]
+
+ * plugins/sudoers/sudoers.c:
+ Fix "sudo -g" support in the sudoers module.
+ [07d1b0ce530e]
+
+ * plugins/sudoers/check.c:
+ If the user is running sudo as himself but as a different group we
+ need to prompt for a password.
+ [caf1fcc9a117]
+
+2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
+ Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
+ LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
+ derived LDAP SDKs but we can pass the timeout parameter to
+ ldap_search_ext_s() or ldap_search_st() when possible.
+ [5537049991f7]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [5b361c3c4324]
+
+ * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
+ with OpenLDAP ldap.conf files.
+ [e97843bd16fb]
+
+ * plugins/sudoers/pwutil.c:
+ If user has no supplementary groups, fall back on checking the group
+ file expliticly.
+ [5223ad4eb690]
+
+2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
+ constify
+ [6e132a4cca61]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Move fill macro to toke.h
+ [623d430798cf]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Split tokenizer utility functions out into toke_util.c
+ [89a97bd51618]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ ANSIfy
+ [ca0eba1dfaa9]
+
+2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ sync
+ [a43f94064bb3]
+
+ * plugins/sudoers/Makefile.in:
+ Add visudo tests to check target
+ [8c82fb4ed40f]
+
+ * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
+ compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Add my regress tests for fnmatch() and glob() from OpenBSD.
+ [6e8c1f211723]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Add regress test for command tags using visudo -c
+ [18b0ef207c0f]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test1.sh:
+ Add support for regress tests using testsudoers
+ [1fa94bd2671b]
+
+ * plugins/sudoers/testsudoers.c:
+ Need to set user_name explicitly due to internal changes made when
+ converting sudoers to a plugin.
+ [1fa54e86a364]
+
+2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
+ zlib/Makefile.in:
+ Add regression tests for iolog_path()
+ [afa4b416e559]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Add support for "make Makefile" to regenerate Makefile from
+ Makefile.in
+ [98bd2dda3294]
+
+ * plugins/sudoers/iolog_path.c:
+ Quiest a bogus compiler warning.
+ [5ff932a7ad67]
+
+2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Protect call to setlocale() with HAVE_SETLOCALE
+ [2c29ee3ccc81]
+
+2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ mkstemps.c was renamed mktemp.c
+ [ae299c3b1827]
+
+ * NEWS:
+ Update from 1.7 branch
+ [20817d79717b]
+
+ * Makefile.in:
+ Use "mv -f" when regenerating ChangeLog
+ [c163635206c6]
+
+ * plugins/sudoers/match.c:
+ Fix NULL dereference with "sudo -g group" when the sudoers rule has
+ no runas user or group listed. Fixes RedHat bug Bug 667103.
+ [41a6a1243d9e]
+
+2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Correct the default sudo.conf example
+ [4e791698cad1]
+
+2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Reset slashp if we allocate a new buffer for strftime()
+ [e491daa4203b]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add extra out parameter to expand_iolog_path() to allow the caller
+ to split the path into dir and file components if needed.
+ [88346bc5ae39]
+
+2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ mkdir_iopath() returns size_t now that it uses strlcpy() and not
+ snprintf()
+ [3c4c64d265eb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
+ Trim leading slashes from iolog_file and trailing slashes from
+ iolog_dir
+ [a803b51f8948]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Pass a single I/O log file name in command_details instead of
+ separate dir + file parameters.
+ [d672a3e46e80]
+
+ * plugins/sudoers/sudoreplay.c:
+ change an error() to errorx()
+ [8013dcfdd69d]
+
+ * plugins/sudoers/iolog.c:
+ Add missing cwd line to I/O log info file that got dropped when
+ iolog_deserialize_info() was added
+ [7cf84f208423]
+
+2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Avoid relying on globals filled in by the sudoers policy module for
+ the sudoers I/O log module. The I/O log open function now pulls the
+ bits it needs out of user_info and command_info.
+ [c02f6951b0cc]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If no iolog file is specified by the policy plugin, use io_nextid()
+ to determine the next file in the sequence.
+ [faa1130b1020]
+
+2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document iolog_compress in command_info
+ [58895c7d12f5]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add support for the iolog_compress variable in command_info.
+ [36f13a2fd1c1]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add sigsetjmp() calls to all plugin entry points just to be safe.
+ [3fa482355bc4]
+
+ * src/sudo.c, src/sudo.h:
+ Don't need iolog variables in struct command_details, they are for
+ the I/O log plugins to handle.
+ [5111579ffd9d]
+
+2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document use of mkdtemp() for iolog path teplates
+ [5db6101408a9]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [1ee11fd6d4eb]
+
+ * doc/sudo_plugin.pod, doc/sudoers.pod:
+ Document iolog_file and supported escape sequences for sudoers.
+ Clarify that iolog_file can contain directories.
+ [da611dedcbdb]
+
+ * compat/Makefile.in, configure, configure.in:
+ Fix building of mkstemps/mkdtemp replacements.
+ [793a5e303122]
+
+ * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
+ configure.in, include/missing.h:
+ Provide mkdtemp() for systems without it.
+ [b0527dfa965c]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix typo
+ [277f6c514cba]
+
+ * plugins/sudoers/iolog.c:
+ Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
+ glibc mkdtemp() returns EINVAL.
+ [2e7323b05579]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Allow sudoers to specify the iolog file in addition to the iolog
+ dir. Add escape sequence support to iolog file and dir: sequence
+ number, user, group, runas_user, runas_group, hostname and command
+ in addition to any escape sequence recognized by strftime(3).
+ [75cd32ee0435]
+
+ * plugins/sudoers/iolog.c:
+ Add missing sigsetjmp() call in I/O plugin open function. Fixes a
+ crash when the I/O plugin calls error(), errorx() or log_error().
+ [1a6718bd817d]
+
+2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Give the policy module fine-grained control over what the I/O plugin
+ logs.
+ [d29784fd2a66]
+
+ * common/term.c:
+ Clear OPOST from c_oflag like we used to. Fixes screen-based editors
+ such as vi.
+ [506ad5ae9b4e]
+
+ * doc/sudoers.pod:
+ Clarify umask option description. From Reuben Thomas.
+ [1294ac84222b]
+
+2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Pick last match in LDAP sudoers too
+ [fbfd8e85703b]
+
+ * doc/sudo_plugin.pod:
+ Document iolog_file, iolog_dir and use_pty
+ [26120a59c20e]
+
+ * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Adapt plugins to version I/O logging ABI 1.1
+ [880dd64bc1e8]
+
+ * src/exec.c, src/sudo.h:
+ Add use_pty command_info flag for policies to indicate that a pty
+ should be allocated even if no I/O logging is performed.
+ [e7b167f8a6e5]
+
+ * src/sudo.c:
+ Add remaining plugin convenience functions
+ [ffeaf96da031]
+
+ * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Change I/O log API to pass in command info to the I/O log open
+ function. Add iolog_file and iolog_dir parameters to command info.
+ This allows the policy plugin to specify the I/O log pathname. Add
+ convenience functions for calling plugin functions that handle ABI
+ backwards compatibility.
+ [9b81dce76ce5]
+
+ * compat/dlopen.c:
+ Remove useless cast
+ [7cecce969739]
+
+2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Bump version to 1.8.0b3
+ [1dc9f040aae0]
+
+2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Remove extraneous newline
+ [71c94551eea5]
+
+2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
+ Make I/O log dir configurable.
+ [99b576667a38]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.pod:
+ Rename io_logdir to iolog_dir
+ [0731662acc8d]
+
+2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Add missing '*' that prevented the generic ELF case from matching.
+ [be77ca26bfb2]
+
+ * pp:
+ If file(1) can't identify the ELF binary type, try readelf(1).
+ [38a18d32a9e3]
+
+2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, src/sudo.c:
+ Use %u to print uid/gid, not %lu and adjust casts to match.
+ [03c43b8749cf]
+
+ * doc/sudoers.ldap.pod:
+ Clarify ordering of entries and attributes.
+ [924e2a6bb603]
+
+ * doc/sudoers.ldap.pod:
+ Fix typo and editing goof.
+ [79dc7ccd85a8]
+
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod:
+ Merge in ordered LDAP entry support from Andreas Mueller.
+ [ea5885989bad]
+
+ * plugins/sudoers/ldap.c:
+ Make sure we don't dereference a NULL handle.
+ [1a9f9ee15371]
+
+2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Add support for RHEL 6 file modes that include a trailing dot on
+ files with an SELinux security context
+ [dc09be959547]
+
+2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ exec_setup() does not need to setuid(0), the Ubuntu issue was in the
+ sudoers module.
+ [d6dd99fc6062]
+
+ * plugins/sudoers/sudoers.c:
+ create_admin_success_flag() should use restore_perms() rather than
+ set_perms() to restore the uid.
+ [eba7a91c1f57]
+
+ * src/sudo.c:
+ In exec_setup() call setuid(0) to make certain the subsequent uid
+ and gid changes will succeed. Fixes a problem on Ubuntu.
+ [c5d32abf0645]
+
+ * src/sudo_edit.c:
+ Error out if we cannot change to root's uid so we catch the failure
+ early.
+ [7a2e7f8f2c80]
+
+2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ fix typo; from Michael T Hunter
+ [a574a9d0db5b]
+
+ * plugins/sudoers/match.c:
+ In sudoedit mode, assume command line arguments are paths and pass
+ FNM_PATHNAME to fnmatch().
+ [ce0abff8ce9f]
+
+2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add workaround for an error in sys/types.h on HP-UX 11.23 when large
+ file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
+ broken bits of the header file.
+ [e337217f097a]
+
+ * aclocal.m4:
+ Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
+ [fbbcee28961f]
+
+ * sudo.pp:
+ For Tru64, strip off beta version.
+ [eeccd762df5e]
+
+ * MANIFEST, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
+ Avoid conflicts with system definitions in grp.h and pwd.h
+ [b219ffe1da09]
+
+ * zlib/gzguts.h:
+ Include stdio.h after zlib.h, not before. We need the large file
+ defines to come first.
+ [21d6df39790f]
+
+2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [3ff8750d0aac]
+
+ * Makefile.in:
+ Don't clean ChangeLog
+ [ab0d30d289d4]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add prototype for cleanup()
+ [75626fd3769a]
+
+2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c:
+ Avoid deferencing group_plugin if it is NULL in
+ group_plugin_query(). This should not happen.
+ [4f2933c8da7e]
+
+ * plugins/sudoers/group_plugin.c:
+ group plugin init function return TRUE when successful
+ [198024477030]
+
+2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Enlarge the array of entry wrappers int blocks of 100 entries to
+ save on allocation time. From Andreas Mueller
+ [375c916bb03b]
+
+ * plugins/sudoers/ldap.c:
+ Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
+ that was mistakenly dropped.
+ [1555f5bc132d]
+
+2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Mention that sudo needs "ar" to build.
+ [65582ace2d09]
+
+ * configure, configure.in:
+ Fail with a more useful error if "ar" is not found.
+ [d1cb83719c17]
+
+2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Merge in ordered LDAP entry support from Andreas Mueller and add
+ local changes from the 1.7 branch.
+ [bca29e461618]
+
+2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add timed entry support from Andreas Mueller.
+ [e18d1df46a8d]
+
+ * plugins/sudoers/group_plugin.c:
+ Don't try to unload if group_plugin is NULL. Don't call dlclose() if
+ group_handle is NULL
+ [de2273da37d5]
+
+ * plugins/sudoers/sudoers.h:
+ It is now plugin_cleanup(), not cleanup()
+ [da62a4e1a78c]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ Call plugin_cleanup(), not cleanup()
+ [e800ad8b33ad]
+
+2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use efree() not free() and remove malloc.h include since we never
+ directly call malloc() or free().
+ [107fffd134bb]
+
+2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ set PSTAMP for Solaris and move the backend-specific bits to their
+ own %if [xxx] %endif blocks in %set.
+ [a94ebe8920c1]
+
+ * pp:
+ sync with git repo
+ [75ff509696b4]
+
+ * configure, configure.in:
+ Only substitute file zlib files when using the builtin zlib
+ [6c8145b2deb4]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Give up on using VPATH to find sources as it is implemented
+ inconsistenly in different versions of make.
+ [60517c69aaee]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
+ plugins/sudoers/gram.c, plugins/sudoers/toke.c:
+ Include config.h before any other includes to make sure we get the
+ right value for _FILE_OFFSET_BITS.
+ [8fb007ca832e]
+
+ * MANIFEST:
+ Add zlib
+ [04a3e23dfaa9]
+
+ * zlib/Makefile.in:
+ Add missing targets
+ [40e45a177168]
+
+ * src/Makefile.in:
+ g/c unused $(GENERATED)
+ [c8758068c1bc]
+
+2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c:
+ Zero out group_plugin on unload just to be safe.
+ [0b10f4d101ca]
+
+ * plugins/sudoers/group_plugin.c:
+ Unload group plugin if its init function fails.
+ [6552cdac4b7c]
+
+ * src/sudo.c:
+ Only chdir to cwd if it is different from the current cwd or there
+ is a new root (chroot).
+ [b8203e875e84]
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Bump version to 1.8.0b2
+ [6dadeb75a878]
+
+2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Better --enable-zlib description
+ [e0da54fa59a6]
+
+ * mkpkg:
+ Use system zlib on Linux Let configure decide on Solaris For all
+ others, use builtin zlib
+ [3d52eddb523c]
+
+ * zlib/zconf.h.in:
+ Add large file support.
+ [bec01215270d]
+
+ * config.h.in:
+ Add large file support.
+ [244e95b034ec]
+
+ * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
+ zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
+ zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
+ zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
+ zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
+ zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
+ zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
+ zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Add local copy of zlib for systems that lack it.
+ [7542ca465c5a]
+
+2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ If perform_io() fails, kill the child before exiting so it doesn't
+ complain about connection reset. We can get an I/O error if, for
+ example, and we get EIO reading from stdin.
+ [e59a05fa729f]
+
+2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Fix complilation on systems with set_auth_parameters() Sprinkle
+ volatile to quiet warnings from gcc 2.8.0
+ [a34c2b924ba7]
+
+ * compat/dlfcn.h, compat/dlopen.c:
+ Avoid potential namespace issues with dlopen() emulation.
+ [aedfababd6ca]
+
+ * MANIFEST:
+ sync
+ [6afb97e6d308]
+
+ * plugins/sudoers/interfaces.c:
+ Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
+ exist).
+ [ddfca5af1a36]
+
+ * Makefile.in:
+ Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
+ [e9d04bfa4505]
+
+ * configure, configure.in:
+ HP-UX 10.20 libc has an incompatible getline
+ [2e7bc202e78d]
+
+ * plugins/sudoers/visudo.c:
+ Quiet an HP-UX compiler warning.
+ [55b9d587ac8c]
+
+ * configure, configure.in:
+ Check for vi even with --with-editor specified; the sample plugin
+ needs it.
+ [94dfc3643f76]
+
+2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/dlopen.c:
+ Fix remaining syntax errors.
+ [9d729b5b577e]
+
+ * src/Makefile.in:
+ sudo binary depends on the libtool-generated libs
+ [9e6148406adb]
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
+ include the local or system dlfcn.h
+ [68cfe4c1089b]
+
+ * pp:
+ Don't use run_as_superuser=false on HP-UX
+ [532242370b09]
+
+ * src/net_ifs.c:
+ Use memset() instead of zero_bytes() since we don't include
+ sudoers.h
+ [a187c18c2472]
+
+ * plugins/sudoers/interfaces.c:
+ Fix pasto; AF_INET not AF_INET6
+ [2d2e9d7dc6f9]
+
+ * compat/dlopen.c:
+ Actually call shl_load()
+ [ed8153b8a3cd]
+
+ * pp:
+ Update from git repo. Debian: version numbers now compliant with
+ policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
+ 10.20
+ [ecf2692bceeb]
+
+ * configure, configure.in:
+ Fix dlopen() detection for systems where dlopen() is in a separate
+ library.
+ [fa6b175582b6]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
+ useful message and return AUTH_FATAL so sudo does not keep trying to
+ validate the user.
+ [1be8857e5291]
+
+ * src/preload.c:
+ sudo_preload_table is an array
+ [b7704e72a9da]
+
+ * compat/dlopen.c:
+ Quiet a compiler warning and fix sudo_preload_table external
+ definition.
+ [8234987664cc]
+
+ * compat/dlfcn.h:
+ Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
+ [8bab6a4053cc]
+
+ * plugins/sudoers/group_plugin.c:
+ Make this compile correctly when no dlopen is available.
+ [57643879bd2b]
+
+2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Having a timestamp file defined is no longer indicative of tty
+ tickets being enabled. Check def_tty_tickets directly.
+ [efcc11ad157f]
+
+ * src/exec_pty.c, src/sudo.h, src/ttysize.c:
+ Fix TCGETWINSZ compat.
+ [da3a8b17cf7a]
+
+2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c, src/ttysize.c:
+ Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
+ [926492dd10a6]
+
+2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move set_project() from sudoers module into sudo proper.
+ [beabafac03b4]
+
+ * configure, configure.in:
+ Fix typo and regenerate
+ [4a3caf4234f3]
+
+ * plugins/sudoers/ldap.c:
+ When iterating over returned LDAP entries, keep looking at remaining
+ matches even if we have a positive match. This catches negative
+ matches that may exist in other entries and more closely match the
+ sudoers file behavior.
+ [f47db6e609b0]
+
+ * pp:
+ Add support for multiple package instances on Solaris.
+ [7f2a8b942545]
+
+ * src/exec.c:
+ Add missing signal_pipe[0] to fdsr for the non-pty case.
+ [79d01e11b19c]
+
+ * mkpkg:
+ Add --with-project for Solaris
+ [ffa4c2bb93f7]
+
+ * README:
+ Need ar and ranlib too
+ [5c2f679172ef]
+
+2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Preserve ODMDIR environment variable by default on AIX.
+ [bd47cb1e804f]
+
+2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
+ config.h.in, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
+ src/preload.c:
+ Add dlopen() emulation for systems without it. For HP-UX 10, emulate
+ using shl_load(). For others, link sudoers plugin statically and use
+ a lookup table to emulate dlsym().
+ [e92edfb3c642]
+
+2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
+ compat/nanosleep.c, compat/utimes.c:
+ When including compat headers, use the compat dir as part of the
+ path so we are sure to get the correct header.
+ [6c2a45da6af5]
+
+2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/linux_audit.c:
+ Ignore ECONNREFUSED from audit_log_user_command() which will occur
+ if auditd is not running.
+ [d314fe4c8d03]
+
+2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Sync with git version
+ [1c0357744222]
+
+2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fileops.c, plugins/sudoers/defaults.c:
+ Cast isblank argument to unsigned char.
+ [c822dbb3ca54]
+
+2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
+ Implement --with-umask-override configure flag.
+ [863e3047df22]
+
+ * plugins/sudoers/env.c:
+ Take MODE_LOGIN_SHELL into account when initially setting reset_home
+ instead of special-casing it later.
+ [5d6b16480fd6]
+
+ * plugins/sudoers/sudoers.c:
+ In login mode, make a copy of the runas user's pw_shell for
+ NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
+ freed before exec.
+ [1d1ccb568dfa]
+
+ * plugins/sudoers/env.c:
+ Reset HOME for "sudo -i" even if HOME was listed in env_keep.
+ [c1c1c65a2d63]
+
+ * src/sudo.c:
+ Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
+ [7443454e5f88]
+
+ * src/sudo.c:
+ Reset signal mask at sudo startup time; we need to be able to rely
+ on normal signal delivery to control the child process.
+ [95800163ff94]
+
+2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Use sed instead of expr to split a flag from its argument. Fixes a
+ problem with expr interpreting its arguments as a flag when they
+ start with a dash.
+ [736065e14301]
+
+ * common/lbuf.c:
+ Do not need sys/time.h after all
+ [91f6f668ccda]
+
+ * common/lbuf.c:
+ Include sys/time.h for utimes() and struct timeval. No longer need
+ ioctl.h or termios.h
+ [2d75273d3213]
+
+ * compat/snprintf.c:
+ Quiet bogus compiler warnings.
+ [fe252e1968f5]
+
+ * include/missing.h:
+ Declare innetgr() for HP-UX which is missing a declaration. Declare
+ domainname() for HP-UX and Solaris which are missing a declaration.
+ [b37c50751138]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use __sun for consistency with the rest of the sources.
+ [6b086b61ccb6]
+
+ * plugins/sudoers/group_plugin.c:
+ Quiet a bogus compiler warning.
+ [ebc069842c4a]
+
+ * plugins/sudoers/pwutil.c:
+ Don't try to delref a NULL group.
+ [f6ff0838be21]
+
+ * common/alloc.c, common/lbuf.c:
+ Include memory.h on systems that need it.
+ [4e676da81c6f]
+
+2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2).
+ [0532da0b7cf7]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ sudo_plugin is in section 8; from Ted Percival
+ [b4506a0de87e]
+
+ * plugins/sudoers/Makefile.in:
+ testsudoers depends on libsudoers.la, not sudoreplay
+ [cdb1cc3bf06a]
+
+2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Read as many signals on the signal pipe as we can before returning.
+ [b181671da047]
+
+ * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
+ Instead of using a array to store received signals, open a pipe and
+ have the signal handler write the signal number to one end and
+ select() on the other end. This makes it possible to handle signals
+ similar to I/O without race conditions.
+ [ee84d65c16b6]
+
+2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
+ Make "visudo -c -f -" check the standard input.
+ [195a3d2a9a26]
+
+ * doc/sudoers.pod:
+ set_home and always_set_home have an effect if HOME is present in
+ the env_keep list.
+ [159d0b9dc5c8]
+
+ * plugins/sudoers/env.c:
+ Make -H flag work when HOME is listed in env_keep. Also makes
+ "set_home" and "always_set_home" override override HOME in env_keep.
+ [a3e5b966193f]
+
+2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/net_ifs.c:
+ Convert sudoers plugin to use interface list passed in settings.
+ [87d9b5f4f586]
+
+ * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
+ src/parse_args.c, src/sudo.h:
+ Query local network interfaces in the main sudo driver and pass to
+ the plugin as "network_addrs" in the settings list.
+ [7f35bcfe77a7]
+
+ * plugins/sudoers/bsm_audit.c:
+ Solaris BSM audit return EINVAL when auditing is not enabled,
+ whereas OpenBSM returns ENOSYS.
+ [411b980ec58b]
+
+2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c:
+ missing.h should come before most local includes
+ [53921a7b8b5b]
+
+ * plugins/sudoers/sudoreplay.c:
+ missing.h should come before most local includes
+ [e9abb0db1aac]
+
+ * plugins/sudoers/sudoers.h:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets.
+ [09de4faa9547]
+
+ * plugins/sudoers/sudoers.c:
+ Always fill in NewArgv for audit code.
+ [7c3aca60519f]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
+ [007cf6560f92]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
+ common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
+ src/sudo_noexec.c, src/ttysize.c:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets. Also g/c
+ unused compat.h.
+ [e57070dc8f04]
+
+2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ When matching the runas user and runas group (-u and -g command line
+ options), keep track of runas group and runas user matches
+ separately. Only return a positive match if we have a match for both
+ runas user and runas group (if specified).
+ [815219e04cc8]
+
+2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple URI lines by joining the contents and
+ passing the result to ldap_initialize.
+ [a47cae3b72e8]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
+ Do not return -1 on error from the display functions; the caller
+ expects a return value >= 0.
+ [101456a7dd00]
+
+ * plugins/sudoers/sudoers.c:
+ Do not set both MODE_EDIT and MODE_RUN
+ [8faa36694d54]
+
+2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Move includes to the top of the file.
+ [a51436798e8c]
+
+2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add missing definition of timedir
+ [458a749c2c5e]
+
+ * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
+ compat/mksiglist.c, compat/strsignal.c,
+ plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
+ Add #include of sys/types.h for .c files that include missing.h to
+ be sure that size_t and ssize_t are defined.
+ [08e3132dbf4f]
+
+ * plugins/sudoers/Makefile.in:
+ Install sudoers file from the build dir not hte src dir.
+ [ca89e962dbf4]
+
+2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ If runas_pw changes, reset the stashed runas aux group vector.
+ Otherwise, if runas_default is set in a per-command Defaults
+ statement, the command runs with root's aux group vector (i.e. the
+ one that was used when locating the command).
+ [24f9107cedd2]
+
+ * plugins/sudoers/Makefile.in:
+ Add target to generate sudoers file Remove generated sudoers file as
+ part of distclean
+ [fb7422e90f03]
+
+2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ When not logging I/O install a handler for SIGCONT and deliver it to
+ the command upon resume. Fixes bugzilla #431
+ [495dce52a5aa]
+
+2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.h:
+ g/c unused auth_pw extern definition
+ [40eb7477ba17]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
+ Move get_auth() into check.c where it is actually used.
+ [e31db0ce3a61]
+
+2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/lbuf.c:
+ Convert a remaining puts() and putchar() to use the output function.
+ [d69e363a506b]
+
+ * plugins/sudoers/plugin_error.c:
+ Plug memory leak
+ [68895469ea8d]
+
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Set dupcheck to TRUE when setting new HOME value if !env_reset but
+ always_set_home is true. Prevents a duplicate HOME in the
+ environment (old value plus the new one) introduced in f421f8827340.
+ [9ca19183794f]
+
+ * configure, configure.in, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.in:
+ Substitute sysconfdir in the installed sudoers file to get the
+ correct path for sudoers.d.
+ [86072b6cd55d]
+
+2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/get_pty.c:
+ Fix typo that prevented compilation on Irix; Friedrich Haubensak
+ [b48be51b65fc]
+
+2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
+ compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ include/missing.h, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
+ src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
+ Merge compat.h and missing.h into missing.h
+ [572909ae9716]
+
+2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ If the user hits ^C while a password is being read, error out before
+ reading any further passwords in the pam conversation function.
+ Otherwise, if multiple PAM auth methods are required, the user will
+ have to hit ^C for each one.
+ [23782631748c]
+
+2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Update comment
+ [a5296cb3a20a]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudo_conv_t function and sudo_printf_t return values.
+ [745c0017814c]
+
+ * src/conversation.c:
+ Make _sudo_printf return the number of characters printed on success
+ like printf(3).
+ [8eeefe8d7e77]
+
+2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ sudoers.h includes sudo_plugin.h for us
+ [cabe68e07807]
+
+ * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ Use gettimeofday() directly instead of via the gettime() wrapper.
+ [7490426c99ae]
+
+ * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
+ compat/strerror.c, config.h.in, configure, configure.in,
+ include/compat.h, include/missing.h, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Remove some obsolete configure tests, ancient Unix systems are no
+ longer supported.
+ [2be6218c3a36]
+
+2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set pp_kit_version and strip off patch level
+ [aacfda1b676d]
+
+ * sudo.pp:
+ Better handling of versions with a patchlevel. For rpm and deb, use
+ the patchlevel+1 as the release. For AIX, use the patchlevel as the
+ 4th version number. For the rest, just leave the patchlevel in the
+ version string.
+ [638bd35f2346]
+
+2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ For non-standalone auth methods, stop reading the password if the
+ user enters ^C at the prompt.
+ [82c2911bb264]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/pwutil.c:
+ No need to look up shadow password unless we are doing password-
+ style authentication. This moves the shadow password lookup to the
+ auth functions that need it.
+ [ba9e3eba2b72]
+
+ * plugins/sudoers/sudoers.c:
+ Retain final passwd/group refs until the policy close() function.
+ Note that this doesn't get called in all cases so putting this in a
+ cleanup function is probably better.
+ [bbe214cb4119]
+
+ * plugins/sudoers/check.c:
+ Fix mismerge
+ [395115f89dd6]
+
+ * plugins/sudoers/check.c:
+ When removing/resetting the timestamp file ignore the tty ticket
+ contents.
+ [b709f5667a0b]
+
+ * plugins/sudoers/sudoers.c:
+ delref sudo_user.pw, runas_pw and runas_gr immediately before we
+ return.
+ [4d67d15dfd3b]
+
+2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Reference count cached passwd and group structs. The cache holds one
+ reference itself and another is added by sudo_getgr{gid,nam} and
+ sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
+ group structs are persistent for now.
+ [e544685523c3]
+
+ * doc/UPGRADE:
+ fix typo
+ [e32f2d35e6c9]
+
+2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Do not produce a warning for "sudo -k" if the ticket file does not
+ exist.
+ [1598f6061b75]
+
+ * plugins/sudoers/pwutil.c:
+ Instead of caching struct passwd and struct group in the red-black
+ tree, store a struct cache_item which includes both the key and
+ datum. This allows us to user the actual name that was looked up as
+ the key instead of the contents of struct passwd or struct group.
+ This matters because the name in the database may not match what we
+ looked up, due either to case folding or truncation (historically at
+ 8 characters). Also mark the disabled calls to sudo_freepwcache()
+ and sudo_freegrcache() as broken since we use cached data for things
+ like set_perms() and the logging functions. Fixing this would
+ require making a copy of the structs for user and runas or adding a
+ reference count (better).
+ [225d4a22f60e]
+
+ * plugins/sudoers/Makefile.in:
+ Fix path to mkinstalldirs
+ [b4968379b12d]
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2) and others.
+ [c99f138960e0]
+
+2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add %option noinput
+ [72b9cd49b4f1]
+
+ * aclocal.m4, configure, configure.in:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
+ back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
+ cross-compiling.
+ [e385c176d0ee]
+
+2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
+ Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+ and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+ [cf3e60d9c440]
+
+2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Update to latest version
+ [32f93be33961]
+
+2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Let pp determine pp_aix_version itself.
+ [7cf0245d84ed]
+
+ * INSTALL, config.h.in, configure, configure.in, mkpkg,
+ plugins/sudoers/sudoers.c:
+ Add support for Ubuntu admin flag file and enable it when building
+ Ubuntu packages.
+ [00e27cff2dfb]
+
+ * plugins/sudoers/sudoers, sudo.pp:
+ Add commented out SuSE-like targetpw settings
+ [4605d47b7413]
+
+ * configure, configure.in:
+ Only try to use +DAportable for non-GCC on hppa
+ [75d0f284ccf7]
+
+ * configure, configure.in:
+ Prevent configure from adding the -g flag unless in devel mode
+ [b1fd3f8d45c0]
+
+2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Go back to sudo-flavor to match existing packages and only use an
+ underscore for those that need it.
+ [d737069d1e1c]
+
+ * sudo.pp:
+ Use sudo_$flavor instead of sudo-$flavor since that causes the least
+ amount of trouble for the various package managers.
+ [71f547af35fc]
+
+ * mkpkg:
+ Fix handling of the ldap flavor Remove destdir unless --debug was
+ specified Make distclean before running configure if there is a
+ Makefile present
+ [6316f08de7d3]
+
+ * sudo.pp:
+ Add back include file.
+ [195627bf68b8]
+
+ * mkpkg:
+ Pass extra args on to configure on HP-UX, if we don't have the HP C
+ compiler, disable zlib to prevent gcc from finding it in
+ /usr/local/lib.
+ [473efa0e2bac]
+
+ * mkpkg:
+ Use the HP ANSI C compiler on HP-UX if possible
+ [fb249b6b175d]
+
+ * plugins/sudoers/sudoreplay.c:
+ Some getline() implementations (FreeBSD 8.0) do not ignore the
+ length pointer when the line pointer is NULL as they should.
+ [2410a1a3543c]
+
+ * plugins/sudoers/sudoreplay.c:
+ Don't need to check for *cp being non-zero, isdigit() will do that.
+ [7df11ea8a487]
+
+ * plugins/sudoers/sudoreplay.c:
+ Add setlocale() so the command line arguments that use floating
+ point work in different locales. Since sudo now logs the timing data
+ in the C locale we must Parse the seconds in the timing file
+ manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
+ the number of seconds with the user's locale so if the decimal point
+ is not '.' try using the locale-specific version.
+ [4d385765f23b]
+
+ * src/exec.c:
+ Do I/O logging in the C locale so the floating point numbers in the
+ timing file are not locale-dependent.
+ [5961cec044ec]
+
+ * plugins/sudoers/sudoreplay.c:
+ Use errorx() not error() for thingsthat don't set errno.
+ [0fe5e692af84]
+
+2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Better support for 1.2.3 style versions in Tru64 kits
+ [997c549bb777]
+
+ * sudo.pp:
+ Add Tru64 kit support
+ [e273a954f981]
+
+ * pp:
+ Remove apparently unnecessary use of sudo
+ [be8840d85125]
+
+ * Makefile.in, plugins/sudoers/Makefile.in:
+ Create timedir as part of install-dirs target.
+ [c736bc2fb14f]
+
+ * src/exec_pty.c:
+ Handle ENXIO from read/write which can occur when reading/writing a
+ pty that has gone away.
+ [fa2e8059879f]
+
+ * plugins/sudoers/pwutil.c:
+ sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
+ [3a045475d5ee]
+
+ * mkpkg:
+ platform is a pp flag not a variable
+ [12eba39a47c1]
+
+ * Makefile.in, mkpkg, sudo.pp:
+ Add simple arg parsing for mkpkg so we can set debug, flavor or
+ platform.
+ [ada839fe252d]
+
+ * pp:
+ Make rpm backend work on AIX 5.x
+ [549a76d11393]
+
+2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers:
+ Add commented out Defaults entry for log_output
+ [7e67d7588900]
+
+2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Remove sudo docdir completely
+ [dce8e82878ef]
+
+ * doc/sample.sudo.conf:
+ Add sample sudo.conf
+ [aafdba3fc411]
+
+ * src/Makefile.in:
+ Pass install-sh -b~ here too.
+ [c3f5eb446c38]
+
+ * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Install binary files with -b~ to make a backup. Fixes "text file
+ busy" error on HP-UX during install.
+ [81f306f54f8c]
+
+ * install-sh:
+ "mv -f" on HP-UX doesn't unlink the destination first so add an
+ explicit rm before moving the temporary into place.
+ [fb719a79582d]
+
+ * configure, configure.in:
+ Some more ${foo} -> $(foo) conversion for consistent Makefiles.
+ [0aa098770074]
+
+ * doc/Makefile.in, plugins/sudoers/Makefile.in:
+ Install sudoers2ldif in the doc dir
+ [33ac3b53d7f5]
+
+2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in:
+ Add missing include of maillock.h for Solaris
+ [5a58883be23a]
+
+ * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
+ doc/sample.syslog.conf, doc/sudoers.cat:
+ Change the default syslog facility from local2 to authpriv (or auth
+ if the operating system doesn't support authpriv).
+ [3b70ba514f49]
+
+ * Makefile.in, sudo.pp:
+ Install sudoers as /etc/sudoers on RPM and debian systems where the
+ package manager will not replace a user-modified configuration file.
+ This fixes upgrades from the vendor sudo packages.
+ [d886b6d60b5b]
+
+ * pp:
+ RPM: use %config(noreplace) instead of %config for volatile This
+ results in the new file being installed with a .rpmnew suffix
+ instead of the file being replaced and the old one renamed with a
+ .rpmsave suffix.
+ [58be2119f8e8]
+
+ * plugins/sudoers/Makefile.in:
+ Add PACKAGE_TARNAME for docdir
+ [930c92b8f8f0]
+
+2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/mkstemps.c, plugins/sudoers/boottime.c:
+ Include time.h for struct timeval
+ [ddf8b04f0276]
+
+ * src/exec_pty.c:
+ The return value of strsignal() may be const and should be treated
+ as const regardless.
+ [620074ae1e77]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Mention that 127.0.0.1 will not match, nor will localhost unless
+ that is the actual host name.
+ [8b574122eb8f]
+
+ * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
+ Rename WHATSNEW -> NEWS
+ [d1a2c8c47d89]
+
+ * pp:
+ Updated pp with latest patches
+ [98e16b9b8f62]
+
+ * WHATSNEW:
+ Sync with 1.7.4
+ [65ac4dafeef7]
+
+ * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/sudoers:
+ Add commented out line to add HOME to env_keep and add a warning to
+ the note about the HOME change in UPGRADE.
+ [0d6a775bb6c8]
+
+2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c:
+ Add LINE_MAX define for those without it.
+ [446d9dbe7859]
+
+ * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
+ doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/defaults.c:
+ The tty_tickets option is now on by default.
+ [a01c48206d80]
+
+ * WHATSNEW:
+ Mention that AIX authdb support has been fixed.
+ [87bd7f4eba6a]
+
+ * common/aix.c:
+ setauthdb() only sets the "old" registry if it was set by a previous
+ call to setauthdb(). To restore the original value, passing NULL (or
+ an empty string) to setauthdb() is sufficient.
+ [470da190a254]
+
+2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/env.c:
+ Reset HOME when env_reset is enabled unless it is in env_keep
+ [f421f8827340]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ The default for set_logname has been "true" for some time now.
+ [f489da5674c3]
+
+ * plugins/sudoers/boottime.c:
+ Add missing include of time.h
+ [624d7014932f]
+
+ * plugins/sudoers/logging.c:
+ Fix check for dup2() return value.
+ [140ea2d50d20]
+
+ * plugins/sudoers/env.c:
+ Add PYTHONUSERBASE to initial_badenv_table
+ [3149aae5b12c]
+
+ * plugins/sudoers/visudo.c:
+ Treat an unknown defaults entry as a parse error.
+ [b3ebad73efb2]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Check return value of setdefs() but don't stop setting defaults if
+ we hit an unknown one.
+ [945e752239ab]
+
+ * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
+ doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
+ plugins/sudoers/env.c:
+ If env_reset is enabled, set the MAIL environment variable based on
+ the target user unless MAIL is explicitly preserved in sudoers.
+ [a1b03e2e0e96]
+
+2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ decode debian code names
+ [8741280d9960]
+
+ * WHATSNEW:
+ fix typo
+ [a8a19451110b]
+
+2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Merge with 1.7.4
+ [9348fa7e15b8]
+
+ * src/sudo.c:
+ Restore RLIMIT_NPROC after the uid switch if it appears that
+ runas_setup() did not do it for us. Fixes a bash script problem on
+ SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
+ [786fb272e5fd]
+
+ * INSTALL:
+ document --with-pam-login
+ [ea93e4c6873c]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ The tag is NOSETENV, not UNSETENV. From Petr Uzel.
+ [2ac90d8de36e]
+
+2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Restore the dot removal in the os version reported by polypkg. Adapt
+ mkpkg and sudo.pp to the change.
+ [dcafdd53b88f]
+
+ * sudo.pp:
+ Include flavor in solaris package name
+ [e605f6364c9f]
+
+ * mkpkg:
+ Older shells don't support IFS= so set explictly to space, tab,
+ newline.
+ [7773960bc8a0]
+
+ * mkpkg:
+ Use '=' not '==' in test
+ [c99d42bc48e6]
+
+ * mkpkg:
+ Fix typo that prevented debian from matching
+ [84421078fcb7]
+
+ * mkpkg:
+ Add missing prefix setting for debian
+ [6466f23de4aa]
+
+ * sudo.pp:
+ Use tab indents to reduce the chance of problem with <<- Fix the
+ debian %set section, pp does not set pp_deb_distro Uncomment %sudo
+ line in sudoers for debian Uncomment some env_keep lines for RHEL,
+ SLES and debian to more closely match the vendor sudoers files. Add
+ /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
+ debian for ldap flavor
+ [c5b49feb1a0c]
+
+ * plugins/sudoers/sudoers:
+ Add commented out env_keep entries, sample Aliases and a %sudo line
+ for debian.
+ [387719e52d0f]
+
+ * configure, configure.in:
+ Move zlib check later on in the script to avoid a strange shell
+ problem on SLES11.
+ [1a3153bb1291]
+
+ * configure.in:
+ Remove check for egrep; configure has its own
+ [a3b9d98cb5d2]
+
+2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Enable zlib for linux distros
+ [8fa51a1405a4]
+
+ * mkpkg:
+ Add ldap flavor to default build
+ [97644f5a555f]
+
+ * mkpkg, sudo.pp:
+ Simplify rpm linux distro settings
+ [b9dcf10cdf20]
+
+ * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
+ Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
+ [2c549c1acde9]
+
+ * Makefile.in:
+ Fix ChangeLog creation from build dir
+ [3d0c7904f173]
+
+ * plugins/sudoers/sudoers.c:
+ Handle getcwd() failure.
+ [aef7bef87394]
+
+ * doc/Makefile.in, mkpkg, sudo.pp:
+ Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
+ environment variable.
+ [be6ed611b7a8]
+
+ * sudo.pp:
+ Create sudo group on debian
+ [6ed6c032042e]
+
+ * mkpkg, sudo.pp:
+ Add debian 4/5/6 and use the dot when doing version matches
+ [6bcb664d1f4f]
+
+ * aclocal.m4, configure:
+ Use a loop when searching for mv, sendmail and sh
+ [d5e9369f8d13]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Remove spurious "and"; from debian
+ [a21e6f7c5b99]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
+ doc/visudo.man.in, doc/visudo.pod:
+ Substitute the value of EDITOR into the sudoers and visudo manuals.
+ [cd79e587dd7f]
+
+2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, pp, sudo.pp:
+ Initial support for debian 4.0
+ [ac6707915fa8]
+
+ * mkpkg:
+ Some platforms need -fPIE instead of -fpie
+ [fd6be19e5bc2]
+
+ * plugins/sudoers/auth/pam.c:
+ Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
+ On Linux it causes a DNS lookup via libaudit.
+ [1e10105ade5b]
+
+ * MANIFEST:
+ Update MANIFEST to match packaging changes
+ [ef86ee557b5b]
+
+ * sudo.psf:
+ We now use pp to generate HP-UX packages
+ [f7aa8da7844e]
+
+ * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
+ Remove vestiges of old binary package bits.
+ [afffd005452f]
+
+ * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ install-man -> install-doc
+ [99b5fa05567c]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
+ plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
+ Use http://rc.quest.com/topics/polypkg/ for packaging
+ [5ca8eb75b223]
+
+ * install-sh:
+ Just ignore the -c option, it is the default Add support for -d
+ option
+ [a8b6b0a131e8]
+
+2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
+ Use _PATH_STDPATH instead of _PATH_DEFPATH
+ [137fa911908e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Do not strip binaries.
+ [20166e287176]
+
+ * INSTALL, configure, configure.in:
+ Add --insults=disabled configure option to allow people to build in
+ insult support but have the insults disabled unless explicitly
+ enabled in sudoers.
+ [523b8c552e90]
+
+ * compat/mkstemps.c:
+ Add prototype for gettime()
+ [275eee40473b]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add support for a sudo-i pam.d file to be used for "sudo -i".
+ Adapted from a RedHat patch.
+ [06d34f16520b]
+
+2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Fix mkstemps() prototype
+ [2421841e815b]
+
+ * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
+ config.h.in, configure, configure.in, include/missing.h,
+ src/sudo_edit.c:
+ Use mkstemps() instead of mkstemp() in sudoedit. This allows
+ sudoedit to preserve the file extension (if any) which may be used
+ by the editor (like emacs) to choose the editing mode.
+ [d33172d2c086]
+
+2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
+ TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
+ TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
+ code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
+ should avoid disabling TLS_CHECKPEER is possible.
+ [196622436212]
+
+2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Make sudo_plugin format a bit more like a man page
+ [048d596e32da]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add suport for negated user/host/command lists in a Defaults entry.
+ E.g. Defaults:!baduser noexec
+ [d41112cf0342]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Add uninstall target
+ [fea66ebf136a]
+
+ * common/Makefile.in, compat/Makefile.in:
+ Remove unused AR, SED and RANLIB variables
+ [2ff9928bfdb3]
+
+ * Makefile.in:
+ Do not install sample plugins
+ [5443b87bd1c3]
+
+2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
+ configure.in, plugins/sudoers/env.c:
+ Now that sudoers is a dynamically loaded module we cannot override
+ the libc environment functions because the symbols may already have
+ been resolved via libc. Remove getenv/putenv/setenv/unsetenv
+ replacements from sudoers and add replacements for setenv/unsetenv
+ for systems that lack them.
+ [3f2b43cb8851]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Link testsudoers with -ldl when needed
+ [f79606f9fcd7]
+
+ * plugins/sample_group/plugin_test.c:
+ Remove unused time.h and add limits.h for PATH_MAX
+ [3f5d0074d621]
+
+ * doc/sudoers.ldap.pod:
+ Fix typo.
+ [bc855fd57397]
+
+2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample_group/plugin_test.c:
+ Do not depend on strlcpy/strlcat
+ [6e7e2b5af051]
+
+ * plugins/sample_group/plugin_test.c:
+ Standalone test driver for sudoers group plugin.
+ [eb1235fc3b8e]
+
+2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
+ aid.
+ [2a34e616229b]
+
+ * plugins/sample_group/sample_group.c:
+ Fix style nit in function declarations
+ [ab87c7c76bf9]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document group_plugin syntax.
+ [ed1faf72ddcb]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document the sudoers group plugin.
+ [f19a62dc8cfc]
+
+ * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
+ configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
+ plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Replace built-in non-unix group support with a sudoers group plugin.
+ Include a sample plugin that can read Unix-format group files.
+ [8fc58ce0b1a8]
+
+ * configure, configure.in, src/load_plugins.c:
+ Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
+ [5c491dddb8ef]
+
+2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod:
+ Move sudoers-specific bits out of sudo(8) and into sudoers(5)
+ [e8a5a5830cfe]
+
+ * aclocal.m4, configure, configure.in:
+ Substitute @io_logdir@ for the sudoers I/O log directory.
+ [21a75ca7b0ab]
+
+2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/getgrouplist.c, compat/getline.c, compat/glob.c,
+ compat/snprintf.c, config.h.in, configure, configure.in,
+ include/fileops.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Set usrinfo for AIX Set adminstrative domain for the process when
+ looking up user's password or group info and when preparing for
+ execve(). Include strings.h even if string.h exists since they may
+ define different things. Fixes warnings on AIX and others.
+ [cf8b93e872c9]
+
+ * Makefile.in:
+ Add a separate all target for AIX make which was using the entire
+ LHS (not just the first entry) of the first target as the implicit
+ target.
+ [a45b980a01ef]
+
+ * plugins/sudoers/env.c:
+ Do not rely on env.env_len when unsetting a variable, just use the
+ NULL terminator.
+ [ca6eb239c829]
+
+ * plugins/sudoers/env.c:
+ In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
+ [7046ba7caa4e]
+
+2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/vasgroups.c:
+ Use warningx() instead of log_error() since the latter is not
+ available to visudo or testsudoers. This does mean that they don't
+ end up in syslog.
+ [152b7c50f426]
+
+ * plugins/sudoers/sudoers.c:
+ Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
+ closed the sudoers sources. From Quest sudo.
+ [c1cd573bab94]
+
+ * plugins/sudoers/pwutil.c:
+ Ignore case when matching user/group names in the cache. From Quest
+ sudo.
+ [2aa4ecc7d7f5]
+
+2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/selinux.c:
+ Add check for setkeycreatecon() when --with-selinux is specified.
+ [affae247b4e0]
+
+ * configure, configure.in:
+ Error out if libaudit.h is missing or ununable when --with-linux-
+ audit was specified
+ [d82e743fac04]
+
+ * doc/HISTORY, doc/history.pod:
+ Add =head3 entries, mostly for the html version
+ [ee93112d0308]
+
+2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/HISTORY, doc/history.pod:
+ Mention when LDAP was incorporate.
+ [2923dc17f79c]
+
+2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+ not covered by _ALL_SOURCE.
+ [c92fd69809d0]
+
+2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Add a cast to quiet a compiler warning.
+ [a200e07ee1bc]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Quiet a compiler warning.
+ [c9acfc927cea]
+
+ * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
+ Call set_fqdn() after sudoers has parsed instead of inline as a
+ callback.
+ [5f4e5d075f2d]
+
+ * WHATSNEW, plugins/sudoers/sudoers.c:
+ Do not call set_fqdn() until sudoers parses (where is gets run as a
+ callback).
+ [09040fca6d40]
+
+ * WHATSNEW:
+ mention the change in tty ticket behavior when there is no tty
+ [575a1fd98f05]
+
+ * plugins/sudoers/check.c:
+ Do not update tty ticket if there is no tty.
+ [63f9c33ce6a7]
+
+ * doc/LICENSE, doc/license.pod:
+ Update copyright year
+ [0722ab5d404b]
+
+ * doc/Makefile.in:
+ Do not rely on BSD make's $>
+ [936a86398bd9]
+
+ * configure, configure.in:
+ Set timedir to /var/db/sudo for darwin to match Apple sudo's
+ location
+ [d5b9b03096f1]
+
+2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.h:
+ Add stub declarations for struct stat and struct timeval
+ [f6d90551a4fd]
+
+ * MANIFEST:
+ Remove compat/sigaction.c
+ [d0ed6d9a770e]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Check for zlib.h in addition to libz.
+ [6e191b4a6065]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
+ src/sudo_exec.h:
+ Move functions and symbols shared between exec.c and exec_pty.c into
+ sudo_exec.h.
+ [14ae63403544]
+
+ * doc/Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [3cf7e5606a85]
+
+ * doc/Makefile.in:
+ Comment out rules to build .man.in and .cat files unless --with-
+ devel
+ [d30495b0e29e]
+
+ * src/parse_args.c:
+ Quote any non-alphanumeric characters other than '_' or '-' when
+ passing a command to be run via the shell for the -s and -i options.
+ [d633f74fe2d9]
+
+ * doc/Makefile.in:
+ Add back .man suffix
+ [6e63b60a2739]
+
+ * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
+ src/selinux.c:
+ Add Linux audit support.
+ [5a2f445e0bd4]
+
+2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Remove an XXX
+ [a170cbe651d1]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ plugins/sudoers/sudoreplay.c:
+ Add -f (filter) option to sudoreplay to allow certain streams to be
+ replayed and others ignored.
+ [62e51b432ea1]
+
+ * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
+ src/tgetpass.c:
+ Fix -A flag when askpass is specified in sudo.conf or if sudo
+ doesn't need to read a password.
+ [2e401e4a00e3]
+
+ * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
+ Clean up some XXXs
+ [689f0b002d3d]
+
+ * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple sudoers_base entries in ldap.conf. From
+ Joachim Henke
+ [e3e4a3c2bd5b]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
+ src/exec_pty.c:
+ remove setsid check, we require a POSIX system
+ [cc73cb9e22c0]
+
+ * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
+ src/sudo.c, src/tgetpass.c:
+ Check for dup2() failure.
+ [5d46d66794f5]
+
+ * config.h.in, configure, configure.in:
+ Remove dup2() check, it is not optional.
+ [5f1d56de4384]
+
+2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ sync with sudo 1.7.3
+ [88e5c0bd6d59]
+
+ * INSTALL:
+ SunOS does not ship with an ANSI compiler
+ [f13c85c67069]
+
+ * INSTALL:
+ Update OS specific notes. Delete some really ancient ones and move
+ older ones to the end of the list.
+ [59ce592c4c52]
+
+ * README:
+ Sudo can be downloaded from the web site too Mention "OS dependent
+ notes" section in INSTALL
+ [191871538984]
+
+ * src/exec_pty.c, src/selinux.c:
+ Call selinux_restore_tty() as part of cleanup() so it gets called
+ from error()/errorx()
+ [bb017da6b6da]
+
+ * MANIFEST, doc/PORTING:
+ Remove obsolete porting guide
+ [321e35591344]
+
+ * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
+ Move union sudo_in_addr_un into interfaces.h
+ [b2c8b19ee094]
+
+ * doc/Makefile.in:
+ Remove useless circular dependencies
+ [5682181b59cf]
+
+ * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
+ Convert to ANSI C function declarations
+ [a4f76927d034]
+
+ * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
+ common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
+ compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
+ compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/timespec.h, compat/utime.h,
+ compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
+ include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
+ include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
+ plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
+ src/conversation.c, src/error.c, src/load_plugins.c,
+ src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
+ Update copyright year
+ [26ac7991f7d8]
+
+ * doc/Makefile.in:
+ Fix commented DEVDOCS when not in devel mode.
+ [e0a97eaf3793]
+
+ * plugins/sudoers/match.c:
+ Quiet a compiler warning.
+ [b2a17ebd5d38]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Quiet a compiler warning.
+ [687843bc593d]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
+ Make all functions in ldap.c static
+ [b2111e89eeba]
+
+ * doc/schema.ActiveDirectory:
+ Updates from Alain Roy to provide better examples for importing the
+ schema and to fix problems caused by Windows validating attributes
+ which have not yet been added before committing the changes.
+ [69f4c5ccaf89]
+
+2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
+ doc/visudo.cat, doc/visudo.man.in:
+ Leave rules to build .man.in and .cat files uncommented but only
+ make them part of the "all" rule in devel mode. Generate .cat files
+ directly from .man.in instead of .man using default values in
+ configure.in
+ [c3054a44f6a5]
+
+ * configure, configure.in:
+ Bump sudo version to 1.8.0b1
+ [8f79c85135e1]
+
+ * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
+ Print configure args with verbose version information.
+ [1ce690660ed2]
+
+ * TODO, plugins/sudoers/visudo.c:
+ Remove tfd from struct sudoersfile; it is not used. Add prev pointer
+ to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
+ Use tq_append to append sudoers entries to the tail queue.
+ [1743f9a286e4]
+
+2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Describe tty timestamp improvements
+ [e214e863a313]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ A comment character may not be part of a command line argument
+ unless it is quoted with a backslash. Fixes parsing of: testuser
+ ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
+ [ea2e990f85ed]
+
+ * doc/sudoers.pod:
+ Make this read a little bit better when passwd_timeout is 0.
+ [39d362757f31]
+
+ * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
+ Attempt to handle a default password prompt timeout of zero more
+ gracefully.
+ [ea47d43acf5b]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Do not override value of keepopen global, instead restore it to the
+ value we pushed onto the stack when popping.
+ [fe282e5a3402]
+
+ * plugins/sudoers/Makefile.in:
+ Add dependency for utility programs on libreplace and libcommon
+ [2339aba64928]
+
+ * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
+ plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Remove sigaction emulation Use SA_INTERRUPT in sa_flags
+ [7dd61f1bd8d2]
+
+ * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
+ We don't use getgrouplist() at the moment so there's no need to
+ provide a compat version.
+ [1597536fbada]
+
+ * TODO:
+ sync with reality
+ [9e1a874e7885]
+
+ * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
+ src/conversation.c, src/sudo.h, src/tgetpass.c:
+ Fix visiblepw sudoers option; the plugin API portion still needs
+ documenting
+ [60b6933ef5e0]
+
+ * src/sudo.c:
+ Print sudo version as well.
+ [987ed459b459]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Use sudo_printf for I/O log version Clarify policy plugin version
+ string
+ [5a58b7e8c80b]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
+ Silence some compiler warnings
+ [afb1eba90915]
+
+ * src/load_plugins.c, src/tgetpass.c:
+ Store askpass path in a global instead of uses setenv() which many
+ systems lack.
+ [b440bcc0e660]
+
+2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/check.c, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
+ src/tgetpass.c:
+ Move askpass path specification from sudoers to sudo.conf.
+ [5507ab867c26]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Use a flag bit in struct command_details for selinux instead of a
+ separate field.
+ [c59ca4acded9]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Implement background mode. If I/O logging we use pipes instead of a
+ pty.
+ [c07a4b356cbd]
+
+ * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
+ src/exec.c, src/exec_pty.c, src/tgetpass.c:
+ Move compat definition of NSIG to compat.h
+ [ab0385467f25]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Mention plugins in the sudo manual and add some missing path
+ substitution in the sudo_plugin manual.
+ [570f831f47a3]
+
+ * src/Makefile.in:
+ Set _PATH_SUDO_CONF based on $(sysconfdir)
+ [fde51869cf07]
+
+ * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
+ src/exec.c, src/exec_pty.c, src/ttysize.c:
+ Require POSIX termios to build sudo
+ [9ec6b41f3f95]
+
+ * src/tgetpass.c:
+ Ignore SIGPIPE for "sudo -S"
+ [7ad27fde0c06]
+
+ * src/tgetpass.c:
+ Fix uninitialized variable in TGP_ECHO case and print a newline if
+ the user interrupted password input.
+ [ce19204d8dd4]
+
+ * src/tgetpass.c:
+ Make TGP_ECHO override TGP_MASK and don't try to restore the
+ terminal if we didn't modify it.
+ [a7e11abfe7e4]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
+ src/conversation.c, src/sudo.h, src/tgetpass.c:
+ Add SUDO_CONV_PROMPT_MASK define which corresponds to the
+ "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set.
+ [e0550590cabe]
+
+ * src/exec_pty.c:
+ Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
+ [762448182fe3]
+
+ * src/exec_pty.c:
+ Remove commented out copy of old sudo_execve() function.
+ [9c5e21380472]
+
+2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/compat.h:
+ No longer need NGROUPS_MAX define
+ [cae4c49d7077]
+
+ * compat/nanosleep.c, config.h.in, configure, configure.in,
+ include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/visudo.c, src/sudo_edit.c:
+ Replace timerfoo macros with timevalfoo since the timer macros are
+ known to be busted on some systems.
+ [4f97d79f2d41]
+
+ * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
+ Add selinux_enabled flag into struct command_details and set it in
+ command_info_to_details(). Return an error from selinux_setup()
+ instead of exiting. Call selinux_setup() from exec_setup().
+ [011bea23a5a0]
+
+ * plugins/sudoers/sudoers.c:
+ Fix setting selinux type on command line.
+ [814b20a0b3be]
+
+ * plugins/sudoers/iolog.c:
+ In sudoers_io_close(), skip NULL io_fds[] elements.
+ [4011ff7d4daf]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_open_session() fails, pass its status to pam_end.
+ [1d8de4cf8ff3]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ If a file in a #includedir has improper permissions or owner just
+ skip it. This prevents packages that incorrectly install a file into
+ /etc/sudoers.d from breaking sudo so easily. Syntax errors in
+ #includedir files still result in a parse error (for now).
+ [ade99a4549a4]
+
+ * src/exec_pty.c:
+ Remove duplicate call to selinux_setup().
+ [82bd52764e21]
+
+ * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
+ Add use_pty sudoers option to force use of a pty even when not
+ logging I/O.
+ [b280a8972a79]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Make env_init() void as it never fails.
+ [d3890e55daa7]
+
+ * plugins/sudoers/env.c:
+ No longer use _NSGetEnviron so don't need crt_externs.h
+ [9b4e0e139881]
+
+ * plugins/sudoers/env.c:
+ Remove unused VNULL define
+ [a42cacb263e3]
+
+2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Add #define for maximum session id
+ [9e18c17a28c2]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
+ Split exec.c into exec.c and exec_pty.c
+ [d52376327332]
+
+ * MANIFEST:
+ Sync with source file moves.
+ [4a62c6c9e846]
+
+ * src/Makefile.in, src/get_pty.c, src/pty.c:
+ Rename pty.c -> get_pty.c
+ [5696a12bd29b]
+
+2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Only use I/O input log file if def_log_input is set and output file
+ if def_log_output is set.
+ [d866992f1681]
+
+2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/strsignal.c:
+ Update copyright year
+ [a96f2593fd4e]
+
+ * src/pty.c:
+ uid -> ttyuid
+ [c3454d74ebcb]
+
+ * plugins/sudoers/sudoers.c:
+ For sudoedit, make a local copy of editor string si become part of
+ argv. If no editor environment variable, split def_editor on ':'
+ since it may be a colon-delimited path.
+ [2ee298506a6e]
+
+ * src/sudo_edit.c:
+ Remove unneeded endpwent()/endgrent()
+ [623f6743d101]
+
+ * doc/Makefile.in:
+ Use value of nroff from configure
+ [b2ce649125ab]
+
+ * src/exec.c:
+ Add missing const to I/O log action function
+ [d764a3955e04]
+
+ * plugins/sudoers/check.c:
+ Update copyright year and fix whitespace
+ [e648c35b16be]
+
+ * configure, configure.in:
+ Fix typo
+ [8e0bdfc47da4]
+
+ * plugins/sudoers/iolog.c:
+ Remove redundant tty signal blocking in log function.
+ [f17f575dabd4]
+
+2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Place static keyword where it belongs
+ [b01aec7c86b4]
+
+ * plugins/sudoers/logging.c:
+ Always use a printf format string for send_mail()
+ [13b1ada644c9]
+
+ * common/atobool.c, plugins/sudoers/ldap.c:
+ Extend atobool() so we can use it in the LDAP code.
+ [73f8e6807044]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Sudo now stashes tty ctime for tty_tickets on Solaris too.
+ [e82df13ad3fd]
+
+ * plugins/sudoers/boottime.c:
+ Fix dummy version of get_boottime()
+ [01d69c06013b]
+
+2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Enable tty_is_devpts() support for Solaris with the "devices"
+ filesystem.
+ [237c6b25fa84]
+
+ * src/exec.c:
+ Unbreak the non-io logging case.
+ [4822b9f709fb]
+
+ * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Fix symbol name conflict with sudo_printf.
+ [0d44eab0a8f6]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix OpenPAM detection for newer versions.
+ [1b2abed232d8]
+
+ * plugins/sudoers/vasgroups.c:
+ Sync with Quest sudo git repo
+ [f1d98b3cba02]
+
+ * aclocal.m4, configure, configure.in:
+ HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+ Add missing template for ENV_DEBUG Adapted from Quest sudo
+ [695dbd7b28f4]
+
+ * README.LDAP:
+ Fix typos; from Quest Sudo
+ [4eba9da33b8e]
+
+2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add back -I$(top_srcdir); we need it for including compat/foo.h
+ since we cannot rely on "foo.h" being found relative to the source
+ file when the cwd is different.
+ [bbf24695f325]
+
+ * src/exec.c:
+ Fix a bug where we could treat EAGAIN as a permanent error. Also set
+ cstat if perform_io() returns an error.
+ [200475c4326f]
+
+ * common/alloc.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/sudoers.c:
+ Add casts to quiet compiler warnings.
+ [85eb1c336697]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Fix typo in ternary operator usage.
+ [6492ac1450e2]
+
+2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
+ [92121d693b30]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
+ Update docs to match sudoers I/O logging changes
+ [18d651989e49]
+
+ * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
+ pathnames.h.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c:
+ Break sudoers transcript feature up into log_input and log_output.
+ [db3c1248d2ad]
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Use setprogname() as needed.
+ [6beee63a4553]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
+ Adapt sudoreplay to iolog changes.
+ [581f52c05f0f]
+
+2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Log all input and output into separate files and store a number on
+ each timing file line to indicate which file the data is in.
+ [fb460c5273dd]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Make sudoers_io functions static to iolog.c
+ [b2df3cc3eecb]
+
+2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Completely remove the -L flag from the sudo front end.
+ [3d220030b720]
+
+ * plugins/sudoers/sudoreplay.c:
+ Fix EAGAIN handling when writing to stdout.
+ [4766d77cea49]
+
+ * plugins/sudoers/sudoers.c:
+ Eliminate unused variables
+ [83bd711e79c4]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
+ Re-enable cleanup functions in sudoers plugin and sudo driver for
+ error()/errorx().
+ [43093f937dd8]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Use sudo_printf to display verbose version information.
+ [435cc9f8d4a2]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Minor Makefile cleanup: fix a typo, change the removal order in the
+ clean targets, and remove a superfluous include path for the sudoers
+ plugin.
+ [6e3b2d6b4437]
+
+ * plugins/sudoers/env.c:
+ Handle duplicate variables in the environment. For unsetenv(), keep
+ looking even after remove the first instance. For sudo_putenv(),
+ check for and remove dupes after we replace an existing value.
+ [c1bbb88d0435]
+
+2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Use explicit path to source file instead of $< for files that live
+ in devdir and top_srcdir.
+ [358ab7f6cc64]
+
+ * plugins/sudoers/Makefile.in:
+ Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
+ ending LIBSUDOERS_OBJS with a backslash
+ [481a5c96d47e]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in:
+ Link libcommon before libreplace since libcommon may use functions
+ only present in libreplace.
+ [1847c496ff5b]
+
+ * common/Makefile.in:
+ Move code common to sudo and the sudoers plugin to a convenience
+ library, libcommon. Removes the need to make links in the sudoers
+ plugin dir and reduces re-compilation of duplicate object files.
+ [4c8986352937]
+
+ * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
+ common/term.c, common/zero_bytes.c, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
+ src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
+ src/zero_bytes.c:
+ Move code common to sudo and the sudoers plugin to a convenience
+ library, libcommon. Removes the need to make links in the sudoers
+ plugin dir and reduces re-compilation of duplicate object files.
+ [1d1d98bd55b9]
+
+ * src/exec.c, src/sudo.c, src/sudo.h:
+ Rename script_execve to sudo_execve and rename script_foo in exec.c
+ [a35ec80de96a]
+
+ * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
+ rename script.c exec.c and fix up the MANIFEST file
+ [36bc3bff9578]
+
+ * src/script.c, src/sudo.c, src/sudo.h:
+ Rename script_setup() to pty_setup() and call from script_execve()
+ directly.
+ [899b0fb2a14d]
+
+ * configure, configure.in:
+ bump version to 1.8.0a2
+ [0b1c1ca9d4e5]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document init_session
+ [b5324785a406]
+
+ * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h:
+ Clean up the sudoers auth API a bit and update the docs.
+ [c40fd4cb6e68]
+
+ * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
+ Add init_session function to struct policy_plugin that gets called
+ before the uid/gid/etc changes. A struct passwd pointer is passed
+ in,which may be NULL if the user does not exist in the passwd
+ database.The sudoers module uses init_session to open the pam
+ session as needed.
+ [d71723320ee8]
+
+2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add open/close session to sudo auth, only used by PAM. This allows
+ us to open (and close) the PAM session from sudoers.
+ [2665e2920d0d]
+
+ * plugins/sudoers/Makefile.in:
+ Add explicit rule to build getdate.o for HP-UX make.
+ [7f049e989956]
+
+ * plugins/sudoers/Makefile.in:
+ Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
+ rules as an alternate way to prevent HP-UX make (and others) from
+ trying to rebuild the parser in non-dev mode.
+ [f84badad98c5]
+
+ * plugins/sudoers/sudoers.c:
+ Re-enable PATH_MAX check for command
+ [40d8a50da136]
+
+ * Makefile.in:
+ For distclean, clean the main directory last since the subdirs need
+ to be able to run libtool to clean things.
+ [8949a9861634]
+
+ * compat/Makefile.in:
+ Fix generation of mksiglist.h
+ [b7cdc9b36650]
+
+ * src/script.c:
+ Now that we defer sending cstat until the end of script_child() we
+ cannot reuse cstat when reading command status from parent.
+ [25c882643466]
+
+2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Use numeric registers to handle conditionals instead of trying to do
+ it all with text processing.
+ [478079c3fd4b]
+
+ * doc/sudoers.pod:
+ Document per-command SELinux settings
+ [13840d566805]
+
+ * plugins/sudoers/sudoers.c:
+ Repair "sudo -l -U username"
+ [10a0dcdf2ddf]
+
+ * plugins/sudoers/sudoers.c:
+ Set selinux role and type in command details.
+ [8ae6d35a126d]
+
+ * src/script.c, src/selinux.c, src/sudo.h:
+ Rework SELinux support.
+ [83279cc94bf2]
+
+2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c, src/selinux.c, src/sudo.h:
+ Make SELinux support compile again. Needs more work to be complete.
+ [3d3addebcf82]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
+ src/sudo.h:
+ Bring back closefrom settings.
+ [b1c6257d4bbb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If running a command or sudoedit in transcript mode, call
+ io_nextid() before log_allowed() so the session id is logged.
+ [c42f3ae40150]
+
+ * configure, configure.in:
+ Use mandoc(1) if nroff(1) is not present.
+ [daad4bbd04af]
+
+ * doc/Makefile.in:
+ Use the --file argument to config.status instead of setting
+ CONFIG_FILES in the environment.
+ [c89411a8bf70]
+
+ * plugins/sudoers/Makefile.in:
+ We cannot conditionally update gram.h or the dependency ordering
+ gets messed up in devel mode.
+ [c938953231d9]
+
+2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Substitute @SHELL@ into Makefiles
+ [36aa6a095335]
+
+ * config.sub:
+ Fix typo
+ [16d294d26b58]
+
+ * config.guess, config.sub, configure, configure.in:
+ Update to autoconf 2.65
+ [4fa6ea8caea3]
+
+ * Makefile.in:
+ Fix libtool target (space vs. tabs)
+ [755cf3892618]
+
+ * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
+ Remove use of RETSIGTYPE; all modern systems have signal handlers
+ that return void.
+ [42b4e3aee668]
+
+ * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
+ ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+ m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Update to libtool-2.2.6b. I haven't made any local modifications
+ this time, which should be OK since we install sudo_noexec.so by
+ hand now.
+ [6f79ced593bb]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Use libtool to clean objects
+ [1581057d6472]
+
+ * include/Makefile.in:
+ Install sudo_plugin.h as part of "make install" and make other
+ install targets callable from the top-level Makefile
+ [aaaeb027d774]
+
+ * configure, configure.in:
+ regen with autoupdate to eliminate AC_TRY_LINK
+ [5d5541c230f5]
+
+ * Makefile.in, compat/Makefile.in, configure, configure.in,
+ doc/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Install sudo_plugin.h as part of "make install" and make other
+ install targets callable from the top-level Makefile
+ [b258b8401b1c]
+
+ * plugins/sample/sample_plugin.c:
+ The sample plugin doesn't support being run with no args so return a
+ usage error in this case.
+ [473b3cf965be]
+
+ * plugins/sudoers/iolog.c:
+ Set close on exec flag for descriptors used for I/O logging so they
+ are not present in the command being run.
+ [2c7e8708df76]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Set close on exec flag in private versions of setpwent() and
+ setgrent().
+ [64fef78cb833]
+
+ * src/script.c:
+ Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
+ Fixes extra fds being present in the command when it is part of a
+ pipeline.
+ [060451617713]
+
+ * plugins/sudoers/sudoers.c:
+ Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
+ is used when logging). Note that user_ttypath will still be NULL if
+ there is no tty.
+ [31b69a6ecda7]
+
+ * src/script.c, src/sudo.h:
+ Cosmetic changes: add comments, remove orphaned prototype and make a
+ global static.
+ [f7851af0143e]
+
+2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Move check for maxfd == -1 to flush_output where it belongs.
+ [b826a95b4491]
+
+ * src/script.c:
+ Break out of select loop if all the fds we want to select on are -1.
+ [f5b387024238]
+
+ * src/sudo.c:
+ Avoid possible malloc(0) if plugin returns an empty groups list.
+ [9765a8fe5ce7]
+
+ * src/sudo.c:
+ Add debugging info when calling plugin close function
+ [95a273c7ff66]
+
+ * src/script.c:
+ Avoid closing stdin/stdout/stderr when we are piping output.
+ [330e76423caf]
+
+ * src/script.c:
+ When execve() of the command fails, it is possible to receive
+ SIGCHLD before we've read the error status from the pipe. Re-order
+ things such that we send the final status at the very end and prefer
+ error status over wait status.
+ [b0dcf825244f]
+
+2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix compilation for non PAM/BSD auth/AIX auth
+ [e382b39d2e4f]
+
+2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Additional checks to make sure we don't close /dev/tty by mistake.
+ When flushing, sleep in select as long as we have buffers that need
+ to be written out.
+ [8139cbd3dd54]
+
+ * src/script.c:
+ Now that we can use pipes for stdin/stdout/stderr there is no longer
+ a need to error out when there is no tty. We just need to make sure
+ we don't try to use the tty fd if it is -1.
+ [666621635d26]
+
+2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
+ Add argc and argv to I/O logger open function.
+ [0d7faa007d27]
+
+ * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c, src/sudo.c, src/sudo_edit.c:
+ Remove check_sudoedit function pointer in struct sudo_policy.
+ Instead, sudo will set sudoedit=true in the settings array. The
+ plugin should check for this and modify argv_out as appropriate in
+ check_policy.
+ [c0328e3276b8]
+
+2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ If plugin sets "sudoedit=true" in the command info, enable sudoedit
+ mode even if not invoked as sudoedit. This allows a plugin to enable
+ sudoedit when the user runs an editor.
+ [96d67b99e42e]
+
+2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ gram.h must not depend on gram.y if we want to avoid unnecessary
+ rebuilding of targets dependent on gram.h when gram.y changes.
+ [9db4b767fdca]
+
+ * plugins/sample/sample_plugin.c:
+ Refactor common bits of check_policy and check_edit
+ [ac4d366a04cf]
+
+ * plugins/sample/sample_plugin.c:
+ Add sudoedit support
+ [a1a6cc4c0cef]
+
+2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Rely more on VPATH; fixes a dependency issue with the parser.
+ [45e406ebdea2]
+
+ * include/compat.h:
+ Fix typo introduced in last commit
+ [3ccb0f853d11]
+
+ * include/compat.h:
+ Emulate seteuid using setreuid() or setresuid() as needed. There are
+ still a few places that call seteuid() directly.
+ [36e8efa3a99d]
+
+ * src/parse_args.c, src/sudo_edit.c:
+ Attempt to fix building on systems that only have setuid.
+ [8e9ba4083318]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Clarify sudoedit a tad.
+ [d39dfaa14ade]
+
+2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo_edit.c:
+ Fix compilation on HP-UX
+ [f6e47843d139]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudoedit
+ [4cbf5196d993]
+
+ * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
+ Change how we handle the sudoedit argv. We now require that there be
+ a "--" in argv to separate the editor and any command line arguments
+ from the files to be edited.
+ [20623d549a3c]
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
+ src/sudo.h, src/sudo_edit.c:
+ Work in progress support for sudoedit. The actual interface used by
+ the plugin for sudoedit is likely to change.
+ [c31262a31997]
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
+ Make find_path() a little more generic by not checking def_foo
+ variables inside it. Instead, pass in ignore_dot as a function
+ argument.
+ [9c23101a094d]
+
+ * plugins/sudoers/env.c:
+ Add version of getenv(3) that uses our own environ pointer.
+ [0e3783e63534]
+
+2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Avoid a potential race condition if SIGCHLD is received immediately
+ before we call select().
+ [99adc5ea7f0a]
+
+ * plugins/sudoers/sudoers.c:
+ Call env_init() before we open the sudoers sources as those may call
+ our setenv() replacement.
+ [5f82601f5ab0]
+
+ * plugins/sudoers/env.c:
+ Initialize env_len in env_init()
+ [7ae02b3029b5]
+
+2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
+ Document time stamp shortcomings under SECURITY NOTES Use "time
+ stamp" instead of timestamp.
+ [2b86120815b2]
+
+ * doc/Makefile.in:
+ Make sed substitution of mansectsu and mansectform global.
+ [94588632dba0]
+
+ * plugins/sudoers/check.c:
+ If the tty lives on a devpts filesystem, stash the ctime in the tty
+ ticket file, as it is not updated when the tty is written to. This
+ helps us determine when a tty has been reused without the user
+ authenticating again with sudo.
+ [0e62a31bceb0]
+
+ * src/tgetpass.c:
+ Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
+ is what our compat checks set.
+ [df50f0a040c9]
+
+ * configure, configure.in:
+ Add check for whether sudo need to link with -ldl to get dlopen().
+ This is a bit of a hack that will get reworked when libtool is
+ updated.
+ [63bdcf579533]
+
+ * plugins/sudoers/check.c:
+ Fix timestamp removal with -k/-K
+ [6b4639fef973]
+
+ * plugins/sudoers/Makefile.in:
+ audit.c is now private to the sudoers plugin
+ [1974f342ae0b]
+
+ * configure, configure.in:
+ Link with -lpthread on HP-UX since a plugin may be linked with
+ -lpthread and dlopen() will fail if the shared object has a
+ dependency on -lpthread but the main program is not linked with it.
+ [d42139391263]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
+ Add separate test for getresuid() since HP-UX has setresuid() but no
+ getresuid().
+ [910fe727a374]
+
+ * doc/Makefile.in:
+ Remove errant backslash
+ [dd5464257c69]
+
+ * src/script.c:
+ Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout
+ we need to pass any SIGPIPE we receive to the running command.
+ [3f6b1991f4fd]
+
+ * src/script.c:
+ Also start the command in the background if stdin is not a tty.
+ [d93bc33a3740]
+
+2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
+ No need to use pseudo-cbreak mode now that we use pipes when stdout
+ is not a tty. Instead, check whether stdin is a tty and if not,
+ delay setting the tty to raw mode until the command tries to access
+ it itself (and receives SIGTTIN or SIGTTOU).
+ [e68315cf8c6b]
+
+ * src/tgetpass.c:
+ Use an array for signals received instead of a single variable so we
+ don't lose any when there are multiple different signals.
+ [2ac726dac864]
+
+ * src/tgetpass.c:
+ Do signal setup after turning off echo, not before. If we are using
+ a tty but are not the foreground pgrp this will generate SIGTTOU so
+ we want the default action to be taken (suspend process).
+ [bebb6209c795]
+
+2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Flush the iobufs on suspend or child exit using the same logic as
+ the main event loop.
+ [c627feee1035]
+
+ * src/script.c:
+ Free memory after we are done with it.
+ [8db9b611b45a]
+
+2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/HISTORY:
+ Quest now sponsors Sudo development
+ [6cc490083bc7]
+
+2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/Makefile.in:
+ Install sudo_plugin man page.
+ [c253729790b2]
+
+ * src/script.c:
+ Go back to reseting io_buffer offset and length (and now also the
+ EOF handling) in the loop we do the FD_SET, not after we drain the
+ buffer after write() since we don't know what order reads and writes
+ will occur in.
+ [5f38bfa8497f]
+
+ * MANIFEST:
+ audit files moved to sudoers plugin directory
+ [b1ead182428e]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document plugin_printf and new logging functions.
+ [fe9430b60ab5]
+
+ * src/script.c:
+ Add support for logging stdin when it is not a tty. There is still a
+ bug where "cat | sudo cat" has problems because both cat and sudo
+ are trying to read from the tty.
+ [04c9c59fcfba]
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/sudoers.c, src/script.c:
+ Add separate I/O logging functions for tty in/out and
+ stdin/stdout/stderr. NOTE: stdin logging does not currently work and
+ is disabled for now.
+ [a36dfd4ca935]
+
+2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
+ Add pointer to a printf like function to plugin open functon. This
+ can be used instead of the conversation function to display info and
+ error messages.
+ [98734eea8ef1]
+
+ * Makefile.in:
+ Stop if make in a subdir fails
+ [228bb3ad2dbc]
+
+ * src/script.c:
+ Only set user's tty to blocking mode when doing the final flush.
+ Flush pipes as well as pty master when the process is done.
+ [20ff67218666]
+
+2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use print_error() when displaying ldap config info in debugging
+ mode.
+ [d142e0cacb22]
+
+ * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
+ No longer need strdup() or strndup() replacements.
+ [df53697174ec]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h:
+ Add print_error() function that uses the conversation function to
+ print a variable number of error strings and use it in log_error().
+ [b1fa2861b575]
+
+ * src/script.c, src/sudo.h, src/term.c:
+ Do not need the opost flag to term_copy() now that we use pipes for
+ stdout/stderr when they are not a tty.
+ [f42811f70a19]
+
+ * src/script.c:
+ Use pipes to the sudo process if stdout or stderr is not a tty.
+ Still needs some polishing and a decision as to whether it is
+ desirable to add additonal entry points for logging
+ stdout/stderr/stdin when they are not ttys. That would allow a
+ replay program to keep things separate and to know whether the
+ terminal needs to be in raw mode at replay time.
+ [1a945e0ab2da]
+
+2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
+ src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
+ Move audit sources into the sudoers plugin dir; the driver does not
+ use them.
+ [50ec36422cd0]
+
+ * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
+ compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
+ plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
+ src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
+ src/term.c, src/ttysize.c:
+ Use angle brackets when including headers that can only be found
+ when an -I flag is specified. The files in the compat dir could get
+ away with double quotes here but I've converted all the source files
+ to use angle brackets for consistency.
+ [9e30a8fc6d4b]
+
+ * plugins/sudoers/Makefile.in:
+ Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
+ dir can be found when building outside the source tree.
+ [1150934b79dd]
+
+ * plugins/sudoers/Makefile.in:
+ Clean up links in distclean
+ [78595028be8b]
+
+ * plugins/sudoers/Makefile.in:
+ Hack around VPATH semantic differences by symlinking files we need
+ from ../../src into the current directory and build those. A better
+ fix would be to either make a .a or .la file with those files in it
+ or simply use a single, flat, Makefile instead of per-subdirs
+ Makefiles.
+ [892c332d3f05]
+
+ * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
+ fmt_string is used by the sudoers plugin too so do not include
+ sudo.h (which is not really needed here anyway)
+ [231c35e3941f]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix building with non-BSD versions of make such as GNU make.
+ Requires VPATH support, which should be in any non-neolithic make.
+ [dc174f135919]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
+ src/Makefile.in:
+ Re-enable bsm audit. Currently auditing is done within the sudoers
+ plugin itself. If possible, this should really be done in the main
+ driver but we don't presently have the needed data to do that. This
+ will be re-evaluated when Linux audit support is added.
+ [1d05a3236bfe]
+
+ * compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
+ of explicit rules in the dependency.
+ [88f80efd25f0]
+
+ * plugins/sudoers/visudo.c:
+ Fix mismerge; alias_remove_recursive() now returns int
+ [6257a4849641]
+
+2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/visudo.c:
+ Fix a crash when checking a sudoers file that has aliases that
+ reference themselves. Based on a diff from David Wood.
+ [545d194484a7]
+
+ * src/script.c:
+ Print signal info after restoring the tty mode, not before.
+ [a68618e67435]
+
+ * src/script.c:
+ Defer call to alarm() until after we fork the child. Pass correct
+ pid to terminate_child() If the command exits due to signal, set
+ alive to false like we do when it exits normally. Add missing check
+ for errpipe[0] != -1 before using it in FD_ISSET
+ [22f0a1549391]
+
+2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/boottime.c:
+ Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
+ [0e627170c6e8]
+
+2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in:
+ Simplify dependencies by using .c.o and .c.lo rules.
+ [6abcaef5d1ac]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Substitute in @PROGS@ into src/Makefile to add sesh
+ [cc46d3b6208f]
+
+2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Add back calls to log_denial() if sudoers does not allow the
+ command.
+ [9783316207f0]
+
+ * plugins/sudoers/sudoers.c:
+ Pass in correct pwflag for list and validate.
+ [973dd56d4b81]
+
+ * plugins/sudoers/env.c:
+ Add missing check for NULL in validate_env_vars
+ [1d6eb6957824]
+
+ * src/Makefile.in:
+ Add sudo_noexec.la to "all" target, otherwise it only gets built at
+ install time.
+ [644a9694d2ef]
+
+ * plugins/sudoers/sudoers.c:
+ Only set sudo_user.env_vars if the env_add list is empty.
+ [fccdf6f0e0e2]
+
+ * plugins/sudoers/sudoers.c:
+ Set sudo_user.env_vars so that environment variables specified on
+ the command line get logged correctly.
+ [9b51012c491e]
+
+ * plugins/sudoers/env.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Re-enable environment files and setting environment variables on the
+ command line.
+ [5662d5645dbd]
+
+2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
+ a pointer to time_t as tv_sec in struct timeval may be long.
+ [4de0c46e788e]
+
+ * plugins/sudoers/check.c:
+ Don't stash ctime in on-disk tty ticket info for now; on many
+ (most?) systems the ctime is updated when the tty is written to.
+ Once I have a better idea of what systems do not update ctime on
+ ttys (and have a way to test for this) the ctime stash will be
+ conditionally re-enabled.
+ [a90eeec0f648]
+
+2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in:
+ Add back "dist" target, this time using a MANIFEST file
+ [29277c05499f]
+
+ * Makefile.in:
+ Remove Makefile in distclean target
+ [83d695f4f450]
+
+ * Makefile.in, src/Makefile.in:
+ Update clean and cleandir targets
+ [ad7b2afeb9c1]
+
+ * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
+ src/sudo.h:
+ Move fileops.c defines and prototypes to filesops.h
+ [4545e9b6892d]
+
+ * plugins/sudoers/check.c:
+ Lock the tty timestamp when writing. We shouldn't have to lock when
+ reading since the file is updated via a single write system call.
+ [0c7276f02696]
+
+2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/alias.c, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
+ Convert to ANSI C function declarations
+ [9c45def57cf7]
+
+ * plugins/sudoers/sudoers.h:
+ Remove extraneous bits and classify by source file.
+ [e8ea9f109ebb]
+
+ * include/compat.h:
+ Add timercmp macro for systems without it
+ [d3bf87b1d08e]
+
+ * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/sudoers.h:
+ get_boottime() now fills in a timeval struct
+ [3573c3f44e11]
+
+ * plugins/sudoers/check.c:
+ Store info from stat(2)ing the tty in the tty ticket when tty
+ tickets are in use. On most systems, this closes the loophole
+ whereby a user can log out of a tty, log back in and still have the
+ timestamp be valid.
+ [53380f9f5242]
+
+ * config.h.in, configure.in:
+ Add timespec2timeval and use it when getting ctime/mtime
+ [4cb7f7caec2c]
+
+2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/testsudoers.c:
+ Convert perm setting to push/pop model; still needs some work Use
+ the stashed runas groups instead of using getgrouplist() Reset perms
+ to the initial value on error
+ [09c072ebde8b]
+
+ * config.h.in, configure.in:
+ fix ctim_get and mtim_get macros
+ [58773dc1e360]
+
+ * config.h.in, configure, configure.in, include/compat.h,
+ plugins/sudoers/check.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
+ Use timeval directly instead of converting to timespec when dealing
+ with file times and time of day.
+ [a0ce1ae00a67]
+
+ * plugins/sudoers/Makefile.in:
+ Don't like sudoreplay with libsudoers.la due to a yacc symbol
+ conflict.
+ [f1a59cc63a15]
+
+2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Darwin >= 9.x has real setreuid(2)
+ [7ec942a64275]
+
+2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
+ Ansify env.c
+ [f58551bad10a]
+
+ * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Remove remaining references to the environ pointer.
+ [96faa530816a]
+
+2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, plugins/sudoers/env.c:
+ Don't change the environ directly in the sudoers plugin
+ [6db48ed3f7e0]
+
+2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix typo
+ [4aa452b07f8f]
+
+ * plugins/sudoers/alias.c:
+ Fix use after free in error message when a duplicate alias exists.
+ [ce1d2812ee34]
+
+2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/parse_args.c:
+ Add a "noninteractive" boolean to the settings passed in to the
+ plugin's open function that is set when the user specifies the -n
+ flag.
+ [68f8d9d6d4d0]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/env.c:
+ Add workaround for the lack of the environ pointer on Mac OS X in
+ dlopen()ed modules. Use of environ in the sudoers plugin should
+ ultimately be removed but this will do for the moment.
+ [80c61647434f]
+
+ * plugins/sudoers/visudo.c:
+ Set errorfile to the sudoers path if we set parse_error manually.
+ This prevents a NULL dereference in printf() when checking a sudoers
+ file in strict mode when alias errors are present.
+ [45e249ca99f7]
+
+ * plugins/sudoers/sudoers.c:
+ Main sudo no longer print "unable to execute" on exec failure so do
+ it here.
+ [50aaf62b43b5]
+
+2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Use a pipe to pass back errno to the parent if execve() fails. If we
+ get an error in script_child(), kill the command and exit.
+ [dc3bf870f91b]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ src/parse_args.c, src/sudo.c:
+ Handle plugin's open function returning -2 (usage error).
+ [aadf900c1de8]
+
+ * src/script.c:
+ If execve() fails, leave it to the plugin to print an error string.
+ [e25748f2d5b9]
+
+ * src/script.c:
+ If execve fails in logging mode, pass the errno directly to the
+ grandparent on the backchannel and exit. The immediate parent will
+ get SIGCHLD and try to report that status but its parent will no
+ longer be listening. It would probably be cleaner to pass this over
+ a pipe in script_child().
+ [cb122acc81a8]
+
+ * plugins/sudoers/sudoers.c:
+ Don't override rval with results of check_user() unless it failed.
+ [46fb7e87ac7d]
+
+2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Fix typo
+ [ccd0b693f3da]
+
+ * src/parse_args.c:
+ NULL-terminate env_add
+ [2c534368a0c3]
+
+2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Call the I/O log open function before the I/O version function.
+ [e88bf898990b]
+
+ * plugins/sudoers/iolog.c:
+ Remove io_conv and just use sudo_conv
+ [a280052468eb]
+
+ * plugins/sudoers/set_perms.c:
+ Fix set/restore perms for systems w/o setresuid
+ [4160517f6666]
+
+2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Primitive set/restore permissions. Will be replaced by a push/pop
+ model.
+ [aae102290866]
+
+ * src/script.c:
+ Only need to take action on SIGCHLD in parent if no I/O logger. If
+ there is an I/O logger we will receive ECONNRESET or EPIPE when we
+ try to read from the socketpair.
+ [e1e4560401f6]
+
+2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.pod, plugins/sudoers/find_path.c:
+ Merge fb4d571495fa from the 1.7 branch to trunk.
+ [c8fb424ad4d2]
+
+ * find_path.c:
+ Qualify the command even if it is in the current working directory,
+ e.g. "./foo" instead of just returning "foo". This removes an
+ ambiguity between real commands and possible pseudo-commands in
+ command matching.
+ [fb4d571495fa] <1.7>
+
+2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Don't set SA_RESTART when registering SIGALRM handler. Do set
+ SA_RESTART when registering SIGWINCH handler.
+ [173472b76525]
+
+ * doc/Makefile.in:
+ Add dev targets for *.man.in and *.cat that don't specfify the
+ $(srcdir) prefix.
+ [b62f425da2e4]
+
+ * src/script.c:
+ If log_input or log_output returns false, terminate the command.
+ [074f4c0c34a0]
+
+ * src/script.c:
+ Better signal handling. Instead of using a single variable to store
+ the received signal, use an array so we can't lose a signal when
+ multiple are sent. Fix process termination by SIGALRM in non-I/O
+ logger mode. Fix relaying terminal signals to the child in non-I/O
+ logger mode.
+ [7a4723aca99d]
+
+ * src/script.c:
+ Fix a race between when we get the child pid in the parent and when
+ the child process exits. The problem exhibited as a hang after a
+ short-lived process, e.g. "sudo id" when no IO logger was enabled.
+ [80bcc0aca70b]
+
+2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Add a note about the security implications of the fast_glob option.
+ [c37a92ab7c93]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add a note about the security implications of the fast_glob option.
+ [84f8097553d9] <1.7>
+
+ * memrchr.c:
+ Remove duplicate includes
+ [3e8d90f4c30f] <1.7>
+
+2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Fix up some AC_DEFINE descriptions and regen config.h.in
+ [f4655adc0db3]
+
+2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ No longer check for strdup or strndup for LIBOBJ replacement.
+ [fdc764ee8109]
+
+ * src/script.c:
+ Avoid installing signal handlers that are io-logger specific. Fixes
+ job control when no io logger is enabled.
+ [0853dd0906d4]
+
+ * doc/Makefile.in:
+ Only regen man pages from pod when configured with --with-devel
+ [ab1995f8103d]
+
+2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile, Makefile.in, configure, configure.in:
+ Top-level Makefile.in. Nothing is currently substituted but this is
+ needed for separate build dirs.
+ [e80873cbd201]
+
+ * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ Fix out-of-tree builds
+ [59a35bef07b8]
+
+ * Merge
+ [386b848047e9]
+
+ * doc/Makefile.in:
+ We always install sudoreplay in 1.8
+ [ce52ba6617c9]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Free str after using it in the version method. Use sudo_conv, not
+ io_conv since we don't have the IO conversation function pointer in
+ the I/O version method anymore now that io_open is delayed.
+ [f2ed132adeb0]
+
+2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/siglist.in:
+ SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
+ [6d69e1b05faf]
+
+2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ No need to provide strdup() or strndup(), sudo uses estrdup() and
+ estrndup()
+ [57ec23b72958]
+
+ * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
+ compat/siglist.in:
+ Add license to mksiglist.c and note that the bits from pdksh are
+ public domain
+ [d8121a2467e8]
+
+ * compat/Makefile.in:
+ Fix LIBOBJDIR vs. srcdir wrt the siglist bits
+ [164160148421]
+
+ * plugins/sudoers/Makefile.in:
+ Add sudoreplay testsudoers and visudo to clean target
+ [138a17e51c0c]
+
+ * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
+ compat/siglist.in, compat/strsignal.c, configure, configure.in,
+ include/missing.h, src/script.c:
+ Create our own sys_siglist for systems without it for use by
+ strsignal()
+ [2e5da011ebc3]
+
+ * compat/Makefile.in:
+ Remove duplicate $(LIBOBJDIR)
+ [adf9abc9432f]
+
+2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
+ Main sudo should not block signals; the plugin should do this in
+ check_policy.
+ [3f3736a7c5ed]
+
+2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Fix a sizeof(ptr) vs. sizeof(*ptr)
+ [aa1bcf5afcce]
+
+ * src/script.c:
+ Unlike most operating systems, HP-UX select() is not interrupted by
+ SIGCHLD when the signal is registered with SA_RESTART. If we clear
+ SA_RESTART when calling sigaction() for SIGCHLD we get the expected
+ behavior and the code in the select() loops already handles EINTR
+ correctly.
+ [9eba0115e35a]
+
+ * compat/getprogname.c:
+ progname should be const
+ [130228f062b7]
+
+ * plugins/sudoers/Makefile.in:
+ Move --tag=disable-static to when we link sudoers.la, not when we
+ install.
+ [ceb5e6c3b78b]
+
+ * src/load_plugins.c:
+ Load the sudoers I/O plugin by default too now that it is hooked up.
+ [ea38befd0742]
+
+2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/pty.c:
+ It looks like AIX doesn't need to push STREAMS modules for ptys.
+ [22da618ba0a1]
+
+2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c, src/sudo.c:
+ Delay calling the I/O plugin open function until the policy plugin
+ returns success.
+ [f3297c325b48]
+
+2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add back io logging (transcript) support. Currently, the open
+ function runs too early and it is not possible to use the io module
+ independently of the policy module.
+ [9bd932f66226]
+
+ * plugins/sudoers/set_perms.c:
+ Comment out dead code; will be removed when set_perms is rewritten.
+ [af7a995284f8]
+
+2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Fix off by one error when allocating user_groups.
+ [6281fcf9c3bb]
+
+2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
+ [fbce3e9eda3a]
+
+ * plugins/sudoers/sudoers.c:
+ Fix typo in preserve groups case
+ [1fd72024fb5a]
+
+ * plugins/sudoers/sudoers.c:
+ In command_info it is "runas_groups" not "groups".
+ [5c64dce4f285]
+
+ * src/sudo.c:
+ Fix iteration over runas_groups list.
+ [b3c45a0cd643]
+
+ * configure, configure.in, plugins/sudoers/env.c,
+ plugins/sudoers/match.c, src/script.c:
+ Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
+ [a8108a0776c2]
+
+ * compat/getgrouplist.c:
+ getgrouplist(3) for those without it
+ [4ab4d21e3b16]
+
+ * configure, configure.in:
+ Fix installation of sudoers.ldap in "make install" when --with-ldap
+ was specified without a directory. From Prof. Dr. Andreas Mueller
+ [5177a284b9ff] <1.7>
+
+ * plugins/sudoers/sudoers.c:
+ Set preserve_groups or groups list in command_info
+ [1266119ad654]
+
+ * src/sudo.c:
+ Fix setting of groups list
+ [e75315e40bd4]
+
+ * config.h.in, configure, configure.in, include/compat.h,
+ include/missing.h:
+ Add checks for getgrset and getgrouplist and use replacement
+ getgrouplist if the system doesn't support it.
+ [a62b8ba50863]
+
+ * src/parse_args.c:
+ Pass in preserve_groups when the -P flag is specified as per the
+ design
+ [7420c5d15474]
+
+ * plugins/sudoers/sudoers.c:
+ Check preserve_groups and ignore_ticket args with atobool instead of
+ assuming they are true if present.
+ [71c905702697]
+
+2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
+ plugins/sudoers/plugin_error.c:
+ Rename plugin-specific error.c to plugin_error.c Wire up visudo,
+ sudoreplay and testsudoers in the build
+ [9d581d5fa4d4]
+
+ * src/Makefile.in, src/term.c:
+ term.c does not needto include sudo.h
+ [f6683cdcd2dd]
+
+ * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod:
+ Document the -2 return in the check_policy section too
+ [e9cb4c34bbcf]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ src/parse_args.c, src/sudo.c, src/sudo.h:
+ Fix the -s and -i flags and add support for the "implied_shell"
+ option. If the user does not specify a command, sudo will now pass
+ in the path to the user's shell and set impied_shell=true. The
+ plugin can them either check the command normally or return -2 to
+ cause sudo to print a usage message and exit.
+ [bf889c38f229]
+
+2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
+ Darwin where libraries end in .dylib but modules end in .so
+ [2c56aaa38e21]
+
+ * plugins/sudoers/parse.c:
+ Better prefix determination now that we can't rely on len==0 to tell
+ the beginning on an entry.
+ [622bf18179e9]
+
+ * plugins/sudoers/ldap.c:
+ display_bound_defaults() stub should return 0, not 1 since it is a
+ count, not a boolean.
+ [0327a6c3d55d]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document progname in settings
+ [42031d56a2e3]
+
+ * compat/getprogname.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
+ src/parse_args.c, src/sudo.c:
+ Rewrite compat/getprogname.c and add setprogname(). The progname is
+ now passed to the plugin via the settings array.
+ [25d8663e6006]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in:
+ Fix --with-ldap
+ [b64b633f426d]
+
+ * plugins/sudoers/sudo_nss.c:
+ Add missing whitespace for Runas and Command-specific defaults
+ [65f4ddf5545e]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
+ plugins/sudoers/sudo_nss.c:
+ Use embedded newlines in lbuf instead of multiple calls to
+ lbuf_print.
+ [eed3af9cc3e1]
+
+ * src/lbuf.c:
+ Add support for embedded newlines.
+ [e11f79b18deb]
+
+2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getprogname.c:
+ If system doesn't support getprogname or __programe and we are
+ building a shared object don't bother with Argc/Argv, just return
+ "sudo"
+ [aebde9062be7]
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
+ appears to always install a shared object with the .so suffix.
+ [f9bbd0c0e9d3]
+
+ * compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in:
+ Play more nicely with libtool and let it build libreplace (was
+ libmissing) for us.
+ [a4c6ebb2495c]
+
+ * include/missing.h:
+ Include stdarg.h for va_list rather than requiring all consumers of
+ missing.h to include stdarg.h themselves.
+ [37382df948de]
+
+ * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
+ src/parse_args.c:
+ Pass in output function to lbuf_init() instead of writing to stdout.
+ A side effect is that the usage info can now go to stderr as it
+ should.
+ [6d261261a072]
+
+2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/lbuf.h, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
+ src/parse_args.c, src/sudo.c:
+ Use number of tty columns that is passed in user_info instead of
+ getting it directly in the lbuf code.
+ [8a16635c2638]
+
+ * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c:
+ Kill __P in sudoers
+ [63601e6cb171]
+
+ * config.h.in, configure, configure.in, src/load_plugins.c:
+ Set the sudoers plugin name in configure so we get the extension
+ right.
+ [edad89924cd1]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document lines/cols in user_info
+ [a808872394f3]
+
+ * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
+ Add tty size to user info
+ [23f3d27e77a7]
+
+ * src/script.c:
+ Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
+ [a2208dd09051]
+
+2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
+ out if we fail to lookup the user's name that is passed in
+ [e4e3728ed482]
+
+ * plugins/sudoers/error.c:
+ Pass the error value back via siglongjmp.
+ [667b8ad575ce]
+
+ * plugins/sudoers/check.c:
+ Use conversation function for lecture.
+ [1ab4719f509b]
+
+ * plugins/sudoers/check.c:
+ Don't update ticket file if verify_user returns FALSE.
+ [2bbc46a39a2b]
+
+2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Wire up invalidate and validate methods for sudoers
+ [c0630c7bca47]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add support for -k flag with a command.
+ [edad239b098b]
+
+ * src/parse_args.c:
+ Allow -k to be specified with a command.
+ [43a45add9974]
+
+ * plugins/sudoers/sudoers.c:
+ Wire up policy_list
+ [27cc35699eca]
+
+ * plugins/sudoers/error.c:
+ Add newline at the end of message and space after the colon in
+ warning message
+ [5a591aa8e744]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Add missing newline after pass password warning
+ [337dba3870a7]
+
+ * plugins/sudoers/sudoers.c:
+ Set user_groups and user_ngroups based on user_info
+ [61bee85128c8]
+
+ * plugins/sudoers/error.c:
+ Make this compile
+ [7041c441e1c8]
+
+ * Makefile:
+ Build sudoers plugin
+ [5cdf06e66978]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Use warningx in yyerror() so the conversation function gets used
+ when built as part of sudoers.
+ [85f964215eef]
+
+ * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
+ Make _warning in error.c use the conversation function and remove
+ commented out warning/warningx in sudoers.c.
+ [7c9b09024b63]
+
+ * plugins/sudoers/logging.c:
+ Use siglongjmp() in log_error for fatal errors
+ [b50e26f1c73f]
+
+ * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
+ Quiet a libtool warning
+ [b2331fb006bc]
+
+2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Rename sudo_conv to conversation to avoid a namespace conflict.
+ [1ad359d36be9]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/error.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
+ Initial bits of sudoers plugin; still needs work.
+ [af2a2c59a952]
+
+ * config.h.in:
+ Add HAVE_STRDUP and HAVE_STRNDUP
+ [50a3c0dd510f]
+
+ * compat/Makefile.in, configure, configure.in:
+ Build libmissing in two flavors (one PIC one non-PIC) and link with
+ the appropriate one.
+ [b62f411a4c18]
+
+ * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
+ compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
+ Build libmissing in two flavors (one PIC one non-PIC) and link with
+ the appropriate one.
+ [e1e04972b5fe]
+
+2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Add strdup and strndup and fix strsignal
+ [c159babe2896]
+
+2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/strdup.c, compat/strndup.c, configure, configure.in,
+ plugins/sample/Makefile.in, src/Makefile.in:
+ Add strdup and strndup to compat
+ [25c9fd399a4d]
+
+ * plugins/sample/sample_plugin.c:
+ Need to include compat.h before missing.h
+ [c94f7aad380f]
+
+ * compat/strsignal.c:
+ Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
+ it doesn't exist configure will set it to 0.
+ [384580566389]
+
+ * compat/glob.c:
+ Fix botched ANSI C coversion of globexp2()
+ [4a344b8cbe49]
+
+ * configure, configure.in:
+ Remove redundant getgroups check
+ [0b16ec210c81]
+
+ * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
+ Require either termios or termio, no more sgtty.
+ [9b2fa2f17a1c]
+
+ * compat/strsignal.c, config.h.in, configure, configure.in:
+ Change the sys_siglist check to use AC_CHECK_DECLS and also check
+ for _sys_siglist and__sys_siglist
+ [2e078fed2408]
+
+2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, src/Makefile.in:
+ Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
+ use SUDO_OBJS for the main driver as part of OBJS.
+ [9ae4a80a5ade]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Mention in the conversation function section that a newline is not
+ implicit.
+ [04a233b6c491]
+
+ * include/compat.h:
+ Add definition of WCOREDUMP for systems without it. This is known to
+ work on AIX and SunOS 4, but may be incorrect on other systems that
+ lack WCOREDUMP.
+ [c85b3ce6b77d]
+
+2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c, src/conversation.c:
+ conversation function no longer puts a newline at the end of info or
+ error messages.
+ [c534cae1ac4a]
+
+ * match.c:
+ When doing a glob match, short circuit if gl.gl_pathc is 0. From
+ Mark Kettenis.
+ [549f8f7c2463] <1.7>
+
+2010-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Use parent process group id instead of parent process id when
+ checking foreground status and suspending parent. Fixes an issue
+ when running commands under /usr/bin/time and others.
+ [eac86126e335] <1.7>
+
+ * env.c:
+ In setenv(), if the var is empty, return 1 and set errno to EINVAL
+ instead of returning EINVAL directly.
+ [d202091ec15e] <1.7>
+
+2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Use parent process group id instead of parent process id when
+ checking foreground status and suspending parent. Fixes an issue
+ when running commands under /usr/bin/time and others.
+ [564f528c3bb7]
+
+2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ transcript option is now --with not --enable
+ [0646fac4cf93]
+
+ * plugins/sample/sample_plugin.c:
+ Add support to -u and -g flags Check fmt_string retval Add timeout
+ for debugging purposes
+ [cfefa4fa60b5]
+
+ * src/script.c, src/sudo.c:
+ Wire up SIGALRM handler Set close on exec flag for child side of the
+ socketpair Fix signal handling when not doing I/O logging
+ [379581ec7272]
+
+ * src/sudo.c:
+ g/c unused SIGCHLD handler
+ [0afa03912dce]
+
+ * src/fmt_string.c, src/parse_args.c, src/sudo.c:
+ Don't use emalloc() in fmt_string(); we want to be able to use it
+ from a plugin.
+ [ade64d368147]
+
+ * include/list.h:
+ tq_remove not list_remove
+ [0e0e1fd5c31c]
+
+ * configure, configure.in:
+ AUTH_OBJS should contain .lo files not .o files.
+ [c64c82c9d5a2]
+
+2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/parse_args.c:
+ Simplify conversion of command line args to name=value pairs.
+ [75ab127c6a94]
+
+ * plugins/sample/sample_plugin.c:
+ Handle NULL reply from conversation function
+ [6ce09b6cb204]
+
+ * compat/getline.c:
+ Don't depend on emalloc/erealloc
+ [73df09e2109f]
+
+ * plugins/sample/Makefile.in:
+ Use $(OBJS) instead of sample_plugin.lo
+ [2d995db9aa99]
+
+ * plugins/sample/sample_plugin.c:
+ runas_user is in settings not user_info
+ [7ee12068bc57]
+
+ * src/parse_args.c:
+ Fix a mismatch between sudo_settings and settings_pairs that causes
+ some settings to get the wrong values.
+ [b1bc6d81a65f]
+
+2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
+ src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
+ Convert to ANSI C
+ [d03b6e4a3b75]
+
+ * src/load_plugins.c:
+ Fix strlcpy() return value check.
+ [7cd66999a374]
+
+ * INSTALL, configure, configure.in:
+ No longer need to substitute in script.o and pty.o; I/O logging
+ support is always built.
+ [45250024c5dc]
+
+2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Add fallback to /bin/sh when execve() fails with ENOEXEC.
+ [7684a15a1352]
+
+ * include/alloc.h, src/alloc.c:
+ Add estrndup()
+ [47621c83bed9]
+
+2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c, src/sudo.c:
+ Refactor script_execve() a bit so that it can be used in non-script
+ mode. Needs more cleanup.
+ [f09e022d547c]
+
+ * src/sudo.c:
+ Ignore empty entries in command_info list
+ [1eea9a8de21c]
+
+ * include/list.h, src/list.c:
+ Add tq_remove
+ [40908a617cb2]
+
+ * src/conversation.c:
+ Pass timeout to tgetpass()
+ [9e66c918b771]
+
+ * Makefile:
+ Add ChangeLog target
+ [da4a39150838]
+
+ * README, WHATSNEW:
+ Bump version and update things slightly for sudo 1.8.0
+ [4b73cc45e2d4]
+
+ * configure, configure.in:
+ Sudo now requires an ANSI/ISO C compiler
+ [1e51f72e6964]
+
+ * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
+ src/sudo_noexec.c:
+ Convert to ANSI C
+ [5cbd315dbde8]
+
+ * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
+ include/list.h, include/missing.h:
+ Convert to ANSI C
+ [3f5016ff64f4]
+
+ * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
+ compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/glob.h,
+ compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
+ compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
+ compat/utimes.c:
+ Convert to ANSI C
+ [0d635c85461c]
+
+2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c, src/tgetpass.c:
+ Make user_details extern so tgetpass can get at the uid and gid. Set
+ uid/gid to user before executing askpass program. Check environment
+ for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
+ set the askpass program itself
+ [d33606396176]
+
+ * src/sudo.c:
+ No longer need sudo_usage.h in sudo.c
+ [063e2946c382]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
+ src/sudo_usage.h.in:
+ Document -D level command line flag which maps to the debug_level
+ setting.
+ [61f1e2ab3ac1]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document debug_level in plugin doc. Still need to document the -D
+ flag in sudo itself.
+ [8c62daea3e9b]
+
+2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Check for pseudo-command by looking at the first character of the
+ command in sudoers instead of checking the user-supplied command for
+ a slash.
+ [88f3181692fe] <1.7>
+
+2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c:
+ include missing,h for vasprintf
+ [92503de49b39]
+
+ * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
+ [14cfb4775238]
+
+ * plugins/sample/sample_plugin.c:
+ Need to include limits.h
+ [bda7f74343d2]
+
+ * compat/glob.c:
+ No more sudo_getpw*
+ [232e52907634]
+
+ * plugins/sample/Makefile.in, src/Makefile.in:
+ Add missing compat bits
+ [4843dd000e08]
+
+ * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
+ compat files should not include sudo.h wire up compat in sample
+ plugin
+ [a175b8185e0f]
+
+ * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
+ Fix up compat dependencies. Fix distclean target in doc/Makefile.in
+ [57e49bc20857]
+
+ * configure, configure.in:
+ Fix typo
+ [333655e3d5fe]
+
+ * plugins/sample/sample_plugin.c:
+ Log input and output to temp files for proof of concept.
+ [ae1dfc34f7d6]
+
+ * Makefile, configure, configure.in, doc/Makefile.in:
+ Add doc Makefile.in and wire it up
+ [6a310443c87d]
+
+ * src/script.c:
+ Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
+ suspending a shell with the "suspend" builtint.
+ [3d65f182819a]
+
+ * src/script.c:
+ In child, handle parent side of the pipe going away.
+ [a29c14d78cd9]
+
+ * src/script.c:
+ No longer need to check for explicit death of the child (process #2)
+ since if it dies we will get EPIPE from the socketpair. Fix a
+ sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
+ sudo_debug.
+ [24c55dd4ff60]
+
+ * src/sudo.c:
+ Make sudo_debug do a single vfprintf() which will result in a single
+ write call on most systems. Avoids problems with interleaved debug
+ printf from different processes. Also remove an extraneous error
+ case since recv() can't return a short read and add some more XXX.
+ [b37a8533ef1e]
+
+2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/script.c:
+ Fix uninitialized variable.
+ [e012a0a30890]
+
+ * src/Makefile.in:
+ Fix sudo install target
+ [1417fa4b4ab9]
+
+ * src/parse_args.c, src/sudo.c, src/sudo.h:
+ Wire up debug_level
+ [144fab289c73]
+
+ * src/Makefile.in:
+ Fix dependencies
+ [5170940af2ce]
+
+ * configure, configure.in:
+ Fix setting of plugin dir
+ [144eda170a72]
+
+ * Makefile:
+ add clean targets
+ [d53f6f6f5c3a]
+
+ * src/atobool.c:
+ Add missing source for sudo front end
+ [42487de9c489]
+
+ * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
+ Sample plugin demonstrating the sudo plugin API
+ [f1fd62d7644f]
+
+ * Makefile, configure, configure.in, install-sh, pathnames.h.in,
+ plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
+ src/fileops.c, src/fmt_string.c, src/load_plugins.c,
+ src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
+ sudo_usage.h.in:
+ Modular sudo front-end which loads policy and I/O plugins that do
+ most the actual work. Currently relies on dynamic loading using
+ dlopen(). See doc/plugin.pod for the plugin API.
+ [924f6eb2fbba]
+
+ * doc/plugin.pod, include/sudo_plugin.h:
+ Sudo plugin API
+ [374ccbbd24ae]
+
+ * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
+ compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
+ plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/fileops.c, src/sudo_edit.c:
+ Replace emul/include.h with compat/include.h to match new source
+ tree layout.
+ [7eccd10449a1]
+
+ * src/lbuf.c:
+ Include missing.h for memrchr() proto
+ [03abd63a8a33]
+
+ * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
+ TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
+ alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
+ auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
+ closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
+ compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
+ compat/getline.c, compat/getprogname.c, compat/glob.c,
+ compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
+ compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
+ compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
+ compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
+ compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
+ def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
+ doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
+ doc/license.pod, doc/sample.pam, doc/sample.sudoers,
+ doc/sample.syslog.conf, doc/schema.ActiveDirectory,
+ doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
+ doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
+ doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
+ emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
+ error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
+ getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
+ gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
+ include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
+ include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
+ interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
+ list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
+ mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
+ nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/API,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
+ plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
+ plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/boottime.c, plugins/sudoers/check.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
+ plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
+ plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
+ plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/logging.h,
+ plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
+ plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
+ plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
+ plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
+ sample.pam, sample.sudoers, sample.syslog.conf,
+ schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
+ selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
+ src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
+ src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
+ src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
+ src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
+ sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
+ sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
+ sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
+ visudo.man.in, visudo.pod, zero_bytes.c:
+ Rework source layout in preparation for modular sudo.
+ [7fc1978c6ad5]
+
+2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Avoid a duplicate fclose() of the sudoers file.
+ [5dba851088c1]
+
+ * Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [0a2935061e33]
+
+ * Use setrlimit64(), if available, instead of setrlimit() when setting
+ AIX resource limits since rlim_t is 32bits.
+ [353db89bac61]
+
+ * Fix use after free when sending error messages. From Timo Juhani
+ Lindfors
+ [e50dbd902382]
+
+ * ChangeLog, Makefile.in:
+ Generate the ChangeLog as part of "make dist" instead of having it
+ in the repo.
+ [251b70964673]
+
+2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.l:
+ Avoid a duplicate fclose() of the sudoers file.
+ [164d39108dde] <1.7>
+
+ * toke.l:
+ Fix size arg when realloc()ing include stack. From Daniel Kopecek
+ [8900bccef219] <1.7>
+
+2010-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c, config.h.in, configure, configure.in:
+ Use setrlimit64(), if available, instead of setrlimit() when setting
+ AIX resource limits since rlim_t is 32bits.
+ [2cbb14d98fc1] <1.7>
+
+ * logging.c:
+ Fix use after free when sending error messages. From Timo Juhani
+ Lindfors
+ [caf183fd9d94] <1.7>
+
+2010-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, Makefile.in:
+ Generate the ChangeLog as part of "make dist" instead of having it
+ in the repo.
+ [836c31615859] <1.7>
+
+2010-01-18 convert-repo <convert-repo>
+
+ * .hgtags:
+ update tags
+ [9b7aa44ae436]
+
+2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Generate correct ChangeLog for 1.7 branch.
+ [586dd90b8878] <1.7>
+
+ * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
+ auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
+ fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
+ gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
+ isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
+ logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
+ mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
+ pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
+ sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
+ term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+ utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
+ Remove CVS $Sudo$ tags.
+ [de683a8b31f5]
+
+2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_usage.h.in:
+ make this match sudoers SYNOPSIS
+ [c74ba66944c2]
+
+ * lbuf.c, parse.c:
+ Print a newline between Runas and Command-specific defaults in sudo
+ -l.
+ [b5bdfcc9ce4b]
+
+ * term.c:
+ Use SET and CLR macros in term_raw
+ [50ca42609d6c]
+
+ * sudoreplay.c:
+ Set stdin to non-blocking mode early instead of in check_input. Use
+ term_raw instead of term_cbreak since the data we get has already
+ been expanded via OPOST.
+ [51c47e803d62]
+
+2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c, term.c:
+ Enable/disable all postprocessing instead of just nl->crnl
+ processing since things like tab expansion matter too. However, if
+ stdout is a tty leave postprocessing on in the pty since we run into
+ problems doing it only on the real stdout with .e.g nvi.
+ [62666e309673]
+
+2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ If tty_tickets is enabled and there is no tty, prompt for a
+ password. Do not lecture user for "sudo -k command" if user has a
+ timestamp.
+ [5880200c5f6b]
+
+ * INSTALL:
+ Document missing options: --with-efence and --with-bsm-audit
+ [d83afcdf9ff3]
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+ sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ username -> user name groupname -> group name hostname -> host name
+ [10c85646f45d]
+
+ * INSTALL, README.LDAP, sudoers.pod:
+ filename -> file name like the rest of the docs
+ [1ef8ab5a9018]
+
+2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of entries with multiple host entries on a single line.
+ [226ceaf91d8d]
+
+2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Mention that targetpw affects the timestamp file name.
+ [a26e22e4f72e]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
+ sudoers.pod:
+ Add compress_transcript option.
+ [6e94f8cb9dfb]
+
+2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ bump to 1.7.3b2
+ [906d7e347d15]
+
+ * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
+ Better split of membership vs. traditional group check in
+ user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
+ [6ebc55d4716b]
+
+2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Fix pasto and add default return value.
+ [7973b5e4599c]
+
+ * check.c, match.c, pwutil.c, sudo.h:
+ refactor group member checking into user_in_group()
+ [48ca8c2eddf8]
+
+ * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
+ sudo.h:
+ Add support for mbr_check_membership() as present in darwin.
+ [5501aed02b9f]
+
+2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Rename label to be accurate
+ [3af17dd960f7]
+
+ * Makefile.in, boottime.c, check.c, config.h.in, configure,
+ configure.in, sudo.h:
+ Treat timestamp files from before we booted as old. Idea from and
+ Apple patch.
+ [5c96e484c05a]
+
+2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -u flag to be used in conjunction with the -v flag as per
+ older versions of sudo.
+ [591e9fc13c1a]
+
+ * logging.c:
+ fix typo in last commit
+ [4fd0c692dcf0]
+
+2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Convert fmt_first and fmt_confd into macros.
+ [32e870158b29]
+
+ * sudoers.pod:
+ timeouts can be floats now
+ [89de639a9679]
+
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, mkdefaults:
+ Add support for floating point timeout values (e.g. 2.5 minutes).
+ [210ffa291733]
+
+2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ The -L flag will be removed in sudo 1.7.4
+ [ffd026084333]
+
+2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Fix a bug due to order of operators.
+ [938d34464283]
+
+2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ cmnd_matches() already deals with negation so _cmndlist_matches()
+ does not need to do so itself. Fixes a bug with negated entries in a
+ Cmnd_List.
+ [71c845f6ce73]
+
+2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't exit() from open_sudoers, just return NULL for all errors.
+ [8cfa832f972a]
+
+ * script.c:
+ Can't rely on the shell sending us SIGCONT when transitioning from
+ backgroup to foreground process.
+ [3c6c5b6cb4b3]
+
+ * toke.c, toke.l:
+ Add missing extern def for parse_error
+ [45b7b59d03b7]
+
+2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Avoid a parse error when #includedir doesn't find any files. Closes
+ bug #375
+ [1ce1b850e9e6]
+
+ * Makefile.in:
+ Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
+ [6a22e32da108]
+
+2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Start command out in foreground mode if stdout is a tty. Works
+ around issues with some curses-based programs that don't handle
+ tcsetattr getting interrupted by a signal. Still allows us to avoid
+ hogging the tty if the command is part of a pipeline.
+ [1c32f2b94769]
+
+ * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
+ Use a socketpair to pass signals from parent to child. Child will
+ now pass command status change info back via the socketpair. This
+ allows the parent to distinguish between signals it has been sent
+ directly and signals the command has received. It also means the
+ parent can once again print the signal notifications to the tty so
+ all writes to the pty master occur in the parent. The command is now
+ always started in background mode with tty signals handled by the
+ parent.
+ [c6790b82986d]
+
+2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix a few typos in the descriptions; from Jeff Makey Only do the
+ check for krb5_get_init_creds_opt_free() taking two arguments if we
+ find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
+ positive when using our own krb5_get_init_creds_opt_free which takes
+ only a single argument.
+ [845a9ff6f93d]
+
+2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove a spurious comma in the kerb5 bits.
+ [3433eab083db]
+
+ * auth/kerb5.c:
+ Call krb5_get_init_creds_opt_init() in our emulated
+ krb5_get_init_creds_opt_alloc() for MIT kerberos.
+ [7ffb40bf43e9]
+
+2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add HAVE_ZLIB
+ [9297bde61ecc]
+
+ * script.c:
+ Need to ignore SIGTT{IN,OU} in child when running the command in the
+ background. Also some minor cleanup.
+ [dc208d982319]
+
+2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Instead of calling sigsuspend when waiting for SIGUSR[12] from
+ parent, install the signal handlers w/o SA_RESTART and let them
+ interrupt waitpid().
+ [759c7d18203b]
+
+ * script.c:
+ Pass along SIGHUP and SIGTERM from parent to child.
+ [035b0e254568]
+
+ * script.c:
+ Close unused bits of script_fds in processes that don't need them.
+ Restore default SIGCONT handler in child.
+ [e037378ab0c1]
+
+ * script.c:
+ Update foreground/background status in SIGCONT handler in parent
+ process.
+ [3f7f91333264]
+
+2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Defer setting terminal into raw mode until just before we fork() and
+ only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
+ and sudo is already in the foreground be sure to set raw mode before
+ continuing the child.
+ [1102ef40832c]
+
+2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
+ give the command the controlling tty if the main sudo process is the
+ foreground process.
+ [cf3a91cb5682]
+
+ * script.c:
+ Don't bother with sudo_waitpid() here for now.
+ [9086de480c2d]
+
+ * script.c:
+ fix non-zlib case
+ [a258bff0f9a6]
+
+2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Remove non-wroking code that crept into rev 1.55
+ [2802dd55cff5]
+
+2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in, script.c, sudoreplay.c:
+ First pass at zlib support for transcript data files
+ [5d10260807da]
+
+ * Makefile.in:
+ remove vestiges of ZLDFLAGS
+ [1fa0caf1c0fb]
+
+ * script.c:
+ Add missing variable declaration for when TIOCSCTTY is not defined.
+ Need to include sys/termio.h for TIOCSCTTY on some systems.
+ [ee7f41ac2709]
+
+ * script.c:
+ when resuming command, send SIGCONT to its pgrp not just pid
+ [5cd63c1d565b]
+
+ * selinux.c:
+ remove unused variable
+ [df67df4be228]
+
+ * script.c:
+ include selinux.h for is_selinux_enabled() proto
+ [85ebaa880cc1]
+
+ * script.c:
+ Don't use log_error() in the child process.
+ [def65fe2a433]
+
+ * script.c:
+ Do I/O in parent instead of child since the parent can have both
+ /dev/tty as well as the pty fds open. The child just sets things up
+ and waits for its grandchild and writes the signal description to
+ the pty master if the command was killed by a signal.
+ [95e473208982]
+
+2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * missing.h, sudo.h:
+ Move two struct forward declarations from sudo.h to missing.h
+ [90ad28294a8c]
+
+ * script.c:
+ Make comment at the top of script_exec() match reality.
+ [c5042d27dbe0]
+
+ * sudo.c:
+ if neither stdin nor stdout is a tty, check stderr
+ [c532ff20c8d8]
+
+ * Makefile.in:
+ Add back dependecy of gram.h on gram.y
+ [c58382b7fcca]
+
+ * script.c:
+ Make transcript mode work as long as we can figure out our tty, even
+ if it is not stdin. We'd like to use /dev/tty but that won't be
+ valid after the setsid().
+ [7b8bba8d99e7]
+
+2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, pty.c:
+ Add support for IRIX-style dynamic ptys
+ [bedc9bac44c1]
+
+ * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
+ Move alloc.c protos into alloc.h
+ [b6a90649617d]
+
+ * missing.h:
+ Move prototypes for missing libc functions to missing.h
+ [dda9ae1ccaf8]
+
+ * Makefile.in, sudo.h, sudoreplay.c:
+ Move prototypes for missing libc functions to missing.h
+ [7483166b577b]
+
+2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Disable transcript support if no tcsetpgrp until we support older
+ BSD-style job control.
+ [27ac1d8163df]
+
+ * configure, configure.in, pty.c, script.c:
+ Break out pty code into pty.c
+ [e85509b25d41]
+
+ * compat.h, config.h.in, configure, configure.in:
+ add killpg macro if no killpg function
+ [3a125f4a51f0]
+
+ * config.h.in, configure, configure.in, script.c:
+ Push ptem and ldterm for STERAMS-based systems when allocating a
+ pty.
+ [36bb39b30ff2]
+
+2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
+ [d94bd5c9bf4e]
+
+ * script.c:
+ Call tcgetpgrp() in the parent, not the child and have the child
+ spin until it is granted. Fixes a race on darwin.
+ [6e8d435339ce]
+
+ * script.c:
+ Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
+ reopen slave.
+ [0bdc63c019ca]
+
+2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ In script mode, if the command is killed by a signal, print the
+ signal description as well as a core dump notification like the
+ shell does.
+ [9df61738df07]
+
+ * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
+ sudo.h:
+ Add check for strsignal() and a simple implementation if it is not
+ there but sys_siglist is
+ [61421a188ef4]
+
+ * script.c:
+ Add missing WUNTRACED and store the signal that stopped the
+ grandchild in suspended, not signo.
+ [df65042b200e]
+
+ * script.c:
+ g/c unused code
+ [40d8cb5c9203]
+
+ * script.c:
+ Associate the grandchild's pgrp with the tty instead of the child's
+ and just get suspend notifications via SIGCHLD instead of directly.
+ This fixes a hang with programs that try to set terminal attributes
+ and is more consistent with how the shell handles things.
+ [6865abff7e94]
+
+2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Move setpgid() of child into the parent side of the fork() where it
+ belongs.
+ [3defa782777c]
+
+2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ fix typo
+ [b6a612b3622c]
+
+ * script.c:
+ Run command in its own pgrp (like the shell does) for easier
+ signalling. No need to relay SIGINT or SIGQUIT to parent, just send
+ to grandchild. Don't want grandchild stopped events in the child
+ (only termination). Flush output after suspending grandchild before
+ signalling parent.
+ [db556bf2176f]
+
+ * script.c:
+ Back out revision 1.34; the problem lies elsewhere.
+ [85f590a03275]
+
+ * script.c:
+ Don't set stdout to blocking mode when flushing remaining output. It
+ can cause us to hang when trying to exit. Need to investigate why.
+ [6f803a3e33ca]
+
+ * script.c:
+ Handle SIGTTOU and remove some debugging.
+ [52d17279053e]
+
+ * term.c:
+ Back out revision 1.10 as the signal that interrupts us may be
+ SIGTTOU or SIGTTIN which the caller must handle.
+ [7e2fa9107975]
+
+ * script.c:
+ Apparently we need to send SIGSTOP to the command as well as ourself
+ when we get SIGTSTP, the kernel doesn't automatically stop the
+ process for us.
+ [1a936e9309c4]
+
+ * script.c:
+ Use an extra process to act as the glue bewteen the sessions
+ associated with the user's controlling tty (what the shell uses) and
+ the tty that sudo is using to do its logging. Basically, this means
+ that if we get, e.g. SIGTSTP from the process sudo is running, we
+ relay the signal to the parent so it's shell can do the job control.
+ [6dd296988060]
+
+ * term.c:
+ Handle getting/setting terminal attributes when the fd is in non-
+ blocking mode.
+ [ae5ae535ea7b]
+
+2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add support for pausing and changing the speed in interactive mode.
+ [72a2063780a7]
+
+ * script.c:
+ Already define O_NOCTTY in compat.h, don't need it here
+ [b5d80ed3e5ce]
+
+2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add missing protos
+ [c4cb4e7f4d8a]
+
+2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Always update the stashed mtime of the temp file instead of using
+ what we have for the original because the time resolution of the
+ filesystem the temporary is on may not match that of the filesystem
+ that holds the original. Should fix bz #371 found by Philippe Levan.
+ [c86ca4bec60c]
+
+ * sudoreplay.c:
+ Use cbreak mode instead of raw mode and add signal handlers to
+ restore the tty on interrupt.
+ [84dd283da41c]
+
+ * script.c, sudo.h, term.c:
+ Retain NL to NLCR conversion on the real tty and skip it on the pty
+ we allocate. That way, if stdout is not a pty there are no extra
+ carriage returns.
+ [32e4f570414e]
+
+ * script.c:
+ Fix log_output(); just pass in a string and a length.
+ [ca980cc0a3fb]
+
+2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ do not use errno when complaining out lack of a tty
+ [8f9b8c55ab8e]
+
+2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudoreplay.c, term.c:
+ Instead of messing with line endings, just set terminal to raw mode
+ in sudoreplay.
+ [90943fa87acb]
+
+ * term.c:
+ When copying the terminal attributes to the pty, be sure not to set
+ ONLCR. This prevents extra carriage returns from ending up in the
+ script output file.
+ [e6b5475ac2aa]
+
+ * script.c:
+ Convert a do {} while into a while
+ [e461310d2c77]
+
+ * Makefile.in:
+ Use if then instead of test && when installing binaries that may not
+ exist.
+ [ad4f9490d971]
+
+ * script.c:
+ Add O_NOCTTY when opening a tty device. Explicitly disconnect from
+ old tty before associatng with new one.
+ [0e0ca634b80c]
+
+ * script.c, selinux.c, sudo.c, sudo.h:
+ First cut at refactoring some of the selinux code so it can be used
+ in conjunction with sudo's transcript support.
+ [779b0d8f9d29]
+
+2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Fix default case of transcript_enabled being unset.
+ [f8aa96186e6b]
+
+ * script.c, sudoreplay.c:
+ Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
+ [2844a7a851fa]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
+ Hook up --disable-transcript and --enable-transcript=DIR
+ [b3fa7e6b2480]
+
+2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in, pathnames.h.in:
+ _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
+ transcript=DIR option to specify the directory
+ [b0bb76d43cda]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [c7a8a0a9027c]
+
+ * configure, configure.in, sudoers.man.pl, sudoers.pod:
+ Substitute in default value for secure_path
+ [c8f9ac6dbf93]
+
+ * sudo.pod:
+ Mention that the password must be followed by a newline with the -S
+ option.
+ [2fc589a3ee7e]
+
+2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Go back to dropping out of the select() loop when the process dies;
+ Linux ptys apparently don't behave the same as BSD in regards to
+ select(). No need to flush remaining output to the transcript, only
+ to stdout. Add back code to check the master pty for additional data
+ when we exit the main select loop.
+ [abed9a9cbc6b]
+
+2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Add getline.o to COMMON_OBJS
+ [04ef7643cbc2]
+
+ * Makefile.in:
+ sudoreplay depends on libsudo.a
+ [142bd0472631]
+
+ * Makefile.in:
+ More pwutil.o into COMMON_OBJS
+ [4a016b933629]
+
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Remove my_* redirection in pwutil.c for testsudoers and just use the
+ normal libc get{pw,gr}* names.
+ [9b76d637d86b]
+
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ More time and date examples
+ [c6ee0175ec56]
+
+ * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
+ Move nanosleep() emulation into its own file Check librt.a for
+ nanosleep if we don't find it in libc
+ [4da0cc26aad7]
+
+ * Makefile.in, configure, configure.in:
+ Build libsudo with the common bits and link things against that.
+ [2b53bc0b081a]
+
+ * script.c:
+ Fix final flush.
+ [6da287d833da]
+
+ * script.c:
+ Keep reading from the pty master -> log file until read returns <=
+ 0. Do our best to write everything to stdout when flushing any
+ remaining bits.
+ [2a45d4ae280c]
+
+ * sudoreplay.c:
+ Use unbuffered I/O when writing to stdout and make sure we write the
+ entire buffer.
+ [f39ef9844a47]
+
+2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Only use max_wait if it is non-zero
+ [f6c10604d2e8]
+
+ * getdate.c, getdate.y, getline.c:
+ Need compat.h here
+ [5d6722e225a0]
+
+ * sudoreplay.c:
+ Fix nanosleep emulation
+ [34e5e5d72a76]
+
+ * script.c:
+ Fix comment after #endif
+ [bd1347718b25]
+
+ * sudoreplay.c:
+ Add protos for missing libc bits
+ [644f496427a2]
+
+ * configure, configure.in:
+ add missing line continuation char
+ [db13c0d402cd]
+
+ * config.h.in, configure, configure.in, getline.c:
+ Implement getline() in terms of fgetln() if we have it.
+ [3ab786eaadc5]
+
+ * sudoreplay.c:
+ Print year when formatting log line
+ [90be669e3443]
+
+ * sudoreplay.pod:
+ Document cwd, attempt to document time/date formats.
+ [6290fb9b65c6]
+
+ * sudoreplay.c:
+ Fix getline return value check.
+ [d696d6657261]
+
+ * Makefile.in, config.h.in, configure, configure.in, getline.c,
+ sudoreplay.c:
+ Use getline() if the system has it, else use provide our own for
+ sudoreplay.
+ [afca1d6fbe5e]
+
+ * script.c:
+ Refactor code to update output and timing files.
+ [361491332b1a]
+
+2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Make sudo_getln() behave more like glibc getline.
+ [40c9f2ea29e6]
+
+ * script.c:
+ When flushing remaining output, also update timing file.
+ [5a9a5a627549]
+
+ * sudoreplay.c:
+ Use get_timestr() and make the -l output look like the regular sudo
+ log.
+ [452ba9d436c9]
+
+ * logging.c, sudo.h, timestr.c:
+ Make get_timestr() take a time_t so we can use it properly in
+ sudoreplay.
+ [82e67cc53c9c]
+
+ * script.c:
+ Create session dir earlier now that we update the seq number early.
+ [797fe8d6dc61]
+
+2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Use fromdate and todate as the keywords instead of from and to; the
+ short forms will still be accepted.
+ [d14d9b116df4]
+
+ * sudoreplay.c:
+ Fix reading long liensin sudo_getln()
+ [58dadd74118c]
+
+ * script.c, sudoreplay.c:
+ Log the cwd in the script log file. Add sudo_getln() to read
+ arbitrarily long lines.
+ [faceb802ab8f]
+
+ * Makefile.in, logging.c, sudo.h, timestr.c:
+ Move get_timestr() into its own source file so sudoreplay can use
+ it.
+ [99b054bfa20a]
+
+2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Add to and from perdicates (date ranges); needs documentation
+ [1d629174dcf4]
+
+2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, getdate.c, getdate.y:
+ Fix warning and add generated getdate.c
+ [b877a86b5a03]
+
+ * Makefile.in, getdate.y:
+ Add getdate.y to be used for sudoreplay date parsing.
+ [b8e26fbb7a40]
+
+2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ Check more than just the first character of a predicate
+ [4fe53728adb1]
+
+ * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+ Add examples, sort predicates
+ [70f8075cbccc]
+
+ * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+ sudoreplay.pod:
+ Implement search expressions in sudoreplay similar in concept to
+ what find or tcpdump uses. TODO: date ranges
+ [f7ce4fb4cf3a]
+
+2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Remove vhangup as it was hanging up the wrong tty. Should really
+ vhangup in the child after it as set its tty.
+ [2eed9df73010]
+
+ * sudoers.pod:
+ Fix cut at documenting transcript support.
+ [e6c533a5568a]
+
+ * logging.c:
+ ID= -> TSID= for transcript ID
+ [1bf755a35333]
+
+2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Move fast_glob description to where it belongs in sorted order
+ [5901cfb0d25f]
+
+ * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, sudo.c:
+ Rename script -> transcript
+ [e06cf823122c]
+
+2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ Add timeradd and timersub for those without them
+ [929f8aa06c2b]
+
+ * script.c:
+ Sanity check sessid before using it.
+ [aa8ca5211d43]
+
+ * sudo.c:
+ Only set the session id if we are running a command or editing a
+ file.
+ [7205d717c098]
+
+ * script.c:
+ Actually. qsort is fine since most versions fal back to a cheaper
+ sort when the number of elements to sort is small (like in our
+ case).
+ [d11c7cd352fe]
+
+ * config.h.in, configure, configure.in, script.c:
+ Check for dup2 and use dup instead if we don't have it.
+ [98bd89830f8a]
+
+ * script.c, sudo.c, sudo.h:
+ Move the code to dup2 the script fds to low numbered descriptors
+ into script_duplow() and fix the fd sorting.
+ [9453fdc5fba6]
+
+ * script.c, sudo.c, sudo.h:
+ Move script_setup() back to immediately before we drop privs and
+ call the new script_nextid() in its place, which will set
+ sudo_user.sessid for the logging functions.
+ [8434d0c8ff08]
+
+2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Install sudoreplay
+ [6acf2cdb4d3f]
+
+ * sudoreplay.c:
+ remove unused variable
+ [2316360bb992]
+
+2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, script.c, sudo.c, sudo.h:
+ Log the session ID, if there is one. Currently logs ID=XXXXXX,
+ perhaps should be SESSIONID or SESSID.
+ [53976905b0a6]
+
+ * Makefile.in, configure, configure.in, sudoreplay.cat,
+ sudoreplay.man.in, sudoreplay.pod:
+ Add sudoreplay docs
+ [da4f14f0e64c]
+
+ * sudoreplay.c:
+ add -V (version) flag
+ [b5e743639ee3]
+
+ * sudoreplay.c:
+ Hook up max_wait.
+ [2ec5697a92ba]
+
+ * script.c, sudoreplay.c:
+ Use base36 number for the ID and store script files with paths like
+ /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
+ (2,176,782,336) unique IDs.
+ [6aab019d07aa]
+
+2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Add check for regcomp
+ [44c3ebd7ff34]
+
+ * sudoreplay.c:
+ Add support for selecting by pattern and tty when listing.
+ [66189f840c52]
+
+2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay.c:
+ The beginnings of a list mode.
+ [8d0150b4a52c]
+
+2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fix pasto
+ [616b4640b8a8]
+
+ * Makefile.in, config.h.in, configure.in:
+ Add scaffolding for building sudoreplay
+ [a32958505dbe]
+
+ * sudoreplay.c:
+ include error.h first arg to nanotime is const
+ [fe5a7bb31bc5]
+
+ * sudoreplay.c:
+ Initial cut at sudoreplay; replay a sudo session.
+ [f149fba372bd]
+
+2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * script.c:
+ Fix wait() usage and use correct wait status.
+ [f4745ed7ad05]
+
+ * sudo.c, sudo.h, tgetpass.c:
+ Add protos for term_* to sudo.h
+ [14fe1abd7e7b]
+
+ * script.c:
+ Fix detection of the child process exiting. Since the child is in
+ its own session we should only ever get SIGCHLD for that process but
+ better safe than sorry.
+ [7edfdadd8505]
+
+ * config.h.in:
+ Add UNIX98 pty support.
+ [82f4b53a0e8f]
+
+ * configure, configure.in, script.c:
+ Add UNIX98 pty support.
+ [795b8bb0a3a1]
+
+2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * term.c:
+ For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
+ if it is defined.
+ [40f8b83baf69]
+
+ * auth/pam.c:
+ Set PAM_RUSER and PAM_RHOST early so they can be used during
+ authentication. Based on a patch from Jamie Beverly.
+ [3d567b453a6a]
+
+ * match.c:
+ Close dir before returning if strlcpy() reports overflow. From
+ Martynas Venckus.
+ [6a82f96473e5]
+
+ * config.h.in, configure, configure.in, script.c:
+ On Linux, the openpty proto libes in pty.h
+ [98643a018d1c]
+
+ * script.c:
+ Call vhangup on exit if the system has it Use setpgrp() if no
+ setsid()
+ [3a9e13149829]
+
+2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Add checks for revoke and vhangup if we don't have openpty
+ [fcb04572e994]
+
+ * script.c:
+ Session logging guts that got forgotten in the previous commit.
+ [c2af08a63ea9]
+
+ * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
+ configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
+ gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
+ tgetpass.c:
+ First cut at session logging for sudo. Still need to write get_pty()
+ for Unix 98 and old-style BSD ptys. Also needs documentation and
+ general cleanup.
+ [77e3f5e25738]
+
+2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Fix a bug introduced with def_closefrom. The value of def_closefrom
+ already includes the +1.
+ [7291c136300d]
+
+2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Generate sudo distributions with pax in ustar mode. No longer need
+ to use a temp file or have the source dir name match the version.
+ [9778177a8272]
+
+2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Fix expansion of %h in #include names. Fixes bugzilla 363
+ [6e346879ba24]
+
+2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdefaults:
+ If no arg assume def_data.in
+ [c1dd28c0e675]
+
+ * README, WHATSNEW:
+ Update for 1.7.2
+ [f5ad45f69f05] [SUDO_1_7_2]
+
+ * ChangeLog:
+ sync
+ [6283549396ff]
+
+2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add missing single quotes around a colon in Runas_Spec definition.
+ From Elias Benali.
+ [ccc6ee4fca83]
+
+2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [546e75304ebf]
+
+ * redblack.c:
+ In rbrepair, re-color the root or the first non-block node we find
+ to be black. Re-coloring the root is probably not needed but won't
+ hurt.
+ [34d01ebe241b]
+
+ * sudo.cat, sudoers.cat:
+ regen
+ [bebf5a39f54f]
+
+2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * redblack.c:
+ When repairing the tree, don't touch the root node.
+ [9841f0d5d789]
+
+2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
+ Reported by Josef Schmid.
+ [ed044b1eb879]
+
+2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Document that we accept env_pam-style environment files
+ [e3b545456352]
+
+ * env.c:
+ Adapt to accept pam_env-style /etc/environment which allows shell-
+ style lines such as: export EDITOR="/usr/bin/vi"
+ [752eb75bf007]
+
+ * sudoers.pod:
+ Make it clear that env_delete only works when !env_reset. From Loïc
+ Minier
+ [3bd3f8e351ba]
+
+2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod:
+ Add non-unix group bits, adapted from Quest
+ [8ce427de8dea]
+
+ * Makefile.in:
+ build the .cat page in the current working dir, not the src dir
+ [00e87a307674]
+
+ * env.c:
+ Return EINVAL in setenv() if var is NULL or the empty string to
+ match glibc behavior.
+ [23fd7c247142]
+
+2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
+ [fedd4a3e2a85]
+
+2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [7b9f461a40b3]
+
+2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Document --with-libvas and --with-libvas-rpath
+ [a071e6d96c89]
+
+2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudoers.ldap.pod:
+ For netscape-derived LDAP SDKs the cert and key paths may be a
+ directory or a file. However, version 5.0 of the SDK only seems to
+ support using a directory. If ldapssl_clientauth_init fails and the
+ cert or key paths look like they could be files, strip off the last
+ path element and try again.
+ [ac4e49d83043]
+
+ * Makefile.in:
+ Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
+ [4547cc1a335f]
+
+2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, match.c, sudo.c, vasgroups.c:
+ Update non-Unix group support from Quest, as reworked by me.
+ [1abafce29dc6]
+
+ * toke.c:
+ regen
+ [01bfca9148b7]
+
+ * toke.l:
+ Add support for escaped hex chars in names, e.g. \x20 for space.
+ [3c7be8e58a39]
+
+2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
+ auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
+ fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
+ logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
+ set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
+ sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
+ tgetpass.c, toke.l, visudo.c:
+ Update copyright years.
+ [e615f676c764]
+
+2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c, lbuf.c:
+ Minor fixes for Minix-3
+ [898c510d23f9]
+
+2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Handle getgroups() returning 0. Also add missing check for
+ HAVE_GETGROUPS.
+ [d73b958f9ffd]
+
+2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c,
+ version.h, visudo.c:
+ Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
+ [5050579a264d]
+
+2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Remove group setting code in setusercontext case, we will do it
+ ourselves later on in runas_setup. Set the gid after
+ initgroups/setgroups is called, since on Mac OS X it seems to change
+ the egid.
+ [09dc21d8b42d]
+
+2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
+ vasgroups.c:
+ Initial bits of non-unix group support using Quest Authentication
+ Services
+ [1eecab0ff27e]
+
+ * toke.c, toke.l:
+ Accept %:foo as a non-Unix group
+ [4c4b5dd899a6]
+
+ * toke.c, toke.l:
+ Allow user/group to be double quoted in the case of non-Unix groups
+ which contain spaces.
+ [47a3d568b7e8]
+
+2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Don't allow the user to specify the default runas user if their
+ sudoers entry only allows them to run as a group.
+ [4d726177227c]
+
+2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Must call audit_success before we change uids.
+ [04a9e6ce6e55]
+
+ * logging.c, set_perms.c, sudo.h, testsudoers.c:
+ Add option for set_perm to not exit on failure and use this in the
+ logging routines.
+ [833dce7b7f42]
+
+ * parse.c:
+ In -l mode, if the user is only allowed to run as a group, display
+ the user's name, not root's before the allowed group.
+ [ef92ff99d265]
+
+ * sudo.c:
+ Fix -g mode, broken by rev 1.503 which had the side effect of
+ setting the runas user to root unilaterally.
+ [50a2f7df4385]
+
+2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fileops.c:
+ When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
+ [30fbe832dcf3]
+
+ * pwutil.c:
+ Only cache by the method we fetched for pwd and grp lookups.
+ Previously we cached both by namd and id but this can cause problems
+ for entries that share the same id. Also add more info in the error
+ message in case the insert fails (which should now be impossible).
+ [ef95a4f0bab5]
+
+2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Add a clarification from Nick Sieger
+ [1eadad329561]
+
+2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Inline the setting of the environment string.
+ [9515d11c6295]
+
+2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ setenv(3) in Linux treats a NUL value as the empty string setenv(3)
+ in BSD doesn't return an error if the name has '=' in it, it just
+ treats the '=' as end of string.
+ [941260bf94d2]
+
+2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Not all systems have d_namlen
+ [e377b18d8e2d]
+
+2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix up some pod2html issues.
+ [823a1f10ab60]
+
+2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
+ Quest Software.
+ [73de36653131]
+
+ * sudoers.pod:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [7871fad702db]
+
+ * toke.c, toke.l:
+ Ignore files ending in '~' in sudo.d (emacs backup files)
+ [53fded2a469f]
+
+2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
+ For #includedir, ignore any file containing a dot
+ [a7daa1bce6c2]
+
+ * Makefile.in, version.h:
+ Bump version
+ [ef60f14ffc44]
+
+ * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
+ visudo.c:
+ Implement #includedir directive. Files in an includedir are not
+ edited by visudo unless they contain a syntax error.
+ [3923d85a6c79]
+
+ * ChangeLog:
+ sync
+ [8741ed61a78b] [SUDO_1_7_1]
+
+ * WHATSNEW:
+ Forgot umask_override
+ [7c86a21a5504]
+
+ * ChangeLog, TODO:
+ sync
+ [57339ca6bccf]
+
+2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Rewind stream if we fdopen sudoers since it may not be at the
+ beginning. Set the keepopen flag on already-open files too so the
+ lexer doesn't close them out from under us.
+ [61292d819aff]
+
+ * visudo.c:
+ Print the proper file name when there is a parse error in an include
+ file.
+ [b0e85d4aedde]
+
+2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ Sync
+ [997e5d485ea3]
+
+2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix a warning when --without-ldap is specified.
+ [d91fd9481b30]
+
+2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, parse.h, visudo.c:
+ Store aliases that we remove during check_aliases in a freelist and
+ free them at the end so we don't leak memory.
+ [805e2272f6a3]
+
+2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Check aliases in -c mode too.
+ [9199e188d9f2]
+
+ * alias.c, parse.h, visudo.c:
+ Make alias_remove return the alias struct instead of freeing it
+ directly. Fixes a use after free in alias_remove_recursive, the only
+ consumer.
+ [a04b61804800]
+
+ * alias.c, match.c, parse.c, parse.h, visudo.c:
+ Rename find_alias -> alias_find for consistency.
+ [48b0a82924f3]
+
+2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ When checking for unused aliases, recurse if the alias points to
+ another alias.
+ [2d4d1a7f3a41]
+
+2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Back out rev 1.105 for now. Real ldapux_client.conf support will be
+ done later after some refactoring.
+ [8ad72e69b277]
+
+2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Treat ldap_hostport the same as "host" for ldapux.
+ [3281dcc66da8]
+
+ * configure, configure.in:
+ Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
+ Fixes compilation with ldapux.
+ [ca1ed585ef0e]
+
+2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fileops.c:
+ fix char subscript
+ [41e51f080d00]
+
+2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ remove errant carriage returns
+ [e9e258a31c7b]
+
+ * audit.c, env.c:
+ fix K&R compilation
+ [d182e8920f13]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [791a5cbf04e5]
+
+2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Add missing HAVE_BSM_AUDIT
+ [49ad1bb96f04]
+
+ * WHATSNEW:
+ Add 1.7.1 features
+ [f107f1604c61]
+
+ * INSTALL:
+ Mention --with-netsvc
+ [d1e90d147795]
+
+ * sudoers.ldap.pod:
+ Document netsvc.conf support
+ [e78f8abce6af]
+
+ * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
+ sudo_nss.h:
+ Add support for AIX netsvc.conf (like nsswitch.conf).
+ [1df56a84dee5]
+
+2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, env.c:
+ Add --enable-env-debug flag to enable environment sanity checks.
+ [128cdd8832e7]
+
+ * sudoers.ldap.pod, sudoers.pod:
+ Work around some pod2html issue.
+ [e733b9609bd2]
+
+2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Only sync environ for putenv, setenv, and unsetenv. We need to make
+ sure that sudo_putenv and sudo_setenv only modify env.envp, not
+ environ.
+ [be3ac732243c]
+
+2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Really fix UNSETENV_VOID
+ [08ab7e882507]
+
+ * env.c:
+ Fix unsetenv when UNSETENV_VOID
+ [d3038b3f2f15]
+
+ * aclocal.m4, configure:
+ Fix SUDO_FUNC_PUTENV_CONST
+ [de35569c572b]
+
+ * ldap.c:
+ tivoli-based ldap does not have ldapssl_err2string
+ [c63fd90d5e99]
+
+ * configure:
+ regen
+ [f38f1ee828ad]
+
+2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for Tivoli-based LDAP start TLS as seen in AIX.
+ Untested.
+ [8f8771829f85]
+
+ * env.c:
+ Add sanity checks for setenv/unsetenv
+ [adbd1d95856b]
+
+ * Makefile.in:
+ Include bsm_audit.h in the tarball
+ [4a4aa02b2c32]
+
+ * Makefile.in, version.h:
+ bump version for sudo 1.7.1
+ [362c71d21595]
+
+ * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
+ env.c, ldap.c, sudo.h:
+ Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
+ provide our own setenv/unsetenv/putenv that operates on own env
+ pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
+ [276edcd23032]
+
+2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Make "sudoedit -h" work as expected
+ [2bcbbb45d389]
+
+ * auth/pam.c:
+ Make sure def_prompt is always defined. This is a workaround for pam
+ configs that prompt for a password in the session but don't have an
+ auth line. A better fix is to expand the sudo prompt earlier and set
+ def_prompt to that when initializing.
+ [ee073c04aec3]
+
+ * sudo.pod:
+ Mention that the helper for -A may be graphical.
+ [b64a940c4082]
+
+ * TROUBLESHOOTING:
+ Document what happens if there is no tty.
+ [313d58a856a5]
+
+ * sudo.c:
+ cosmetic changes
+ [894f5e3b0c3e]
+
+ * term.c:
+ Fix term_restore
+ [6c6315ff14bc]
+
+ * sudo.c:
+ Fix "sudo -k" with no other args
+ [59e94dc419c6]
+
+2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
+ Allow the -k flag to be specified in conjunction with a command or
+ another option that may require authentication.
+ [5960ff20355d]
+
+2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
+ [e86ab69c4a57]
+
+ * Makefile.in:
+ Parallel make fix. From Diego E. 'Flameeyes'
+ [1289d7ee27db]
+
+2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Implement umask_override
+ [8b87a3f7c5aa]
+
+ * toke.c:
+ regen
+ [79d7ca9ac873]
+
+ * sudoers.pod, toke.l, visudo.c:
+ Implement %h escape in sudoers include filenames.
+ [a7f288dd64f0]
+
+ * audit.c:
+ Need to include compat.h
+ [c0dc07ce2f70]
+
+ * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
+ Make audit_success and audit_failure generic functions in
+ preparation for integrating linux audit support.
+ [7df020a8fd6f]
+
+ * term.c:
+ remove duplicate include
+ [1dfcd01a7e46]
+
+2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * bsm_audit.c:
+ Add missing include
+ [fb56e08c37ee]
+
+ * sudo.c:
+ May need to update the runas user after parsing command-based
+ defaults.
+ [246f130d7802]
+
+2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ Add missing pair of braces introduced with character class support.
+ [0e2afa2e03e9]
+
+2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
+ Rename pwstars to pwfeedback
+ [a9f85a57ebac]
+
+2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * bsm_audit.c, bsm_audit.h:
+ Add const to make MacOS happy.
+ [4274432d6627]
+
+ * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
+ configure.in, sudo.c:
+ Add bsm audit support from Christian S.J. Peron
+ [bef61cd8693d]
+
+ * term.c:
+ This is new code, no DARPA notice.
+ [ec6ad09b9c23]
+
+2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Rename simple_glob -> fast_glob
+ [68d9ed803cc1]
+
+ * match.c:
+ g/c unused var
+ [693fa0464eb6]
+
+ * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+ Add simple_glob option to use fnmatch() instead of glob(). This is
+ useful when you need to specify patterns that reference network file
+ systems.
+ [77ba634f6949]
+
+ * tgetpass.c:
+ add term_* proto
+ [520f5149d073]
+
+ * sudoers.pod:
+ mention glob()
+ [ddaab8e03c52]
+
+2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Delete any pwstars we wrote after the user hits return. That way
+ there is no record on screen as to the user's password length.
+ [fae25cda762b]
+
+2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * term.c:
+ Move terminal setting bits from tgetpass.c to term.c
+ [03d43325ee99]
+
+ * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
+ tgetpass.c:
+ Add pwstars sudoers option that causes sudo to print a star every
+ time the user presses a key.
+ [7aab417e184d]
+
+2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
+ [64f70e879816]
+
+2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
+ indicate no limit. From Mark Janssen.
+ [e2c5732d54f5]
+
+2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Comments that begin with #- should not be parsed as uids.
+ [a72a50f12f41]
+
+2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Do not try to set the close on exec flag if we didn't actually open
+ sudoers.
+ [ece3ca256904]
+
+2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [e11f0e4c1bdd] [SUDO_1_7_0]
+
+2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sync
+ [5b8954462bb3]
+
+2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
+ password prompt.
+ [8563601cb3de]
+
+ * configure, configure.in:
+ Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
+ as it cannot generate shared objects.
+ [6d4262ef9669]
+
+ * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
+ K&R compilation fixes
+ [77921678d17c]
+
+ * parse.c:
+ Use tq_foreach_fwd when checking pseudo-commands to make it clear
+ that we are not short-circuiting on last match. When pwcheck is
+ 'all', initialize nopass to TRUE and override it with the first non-
+ TRUE entry.
+ [96b209f4778f]
+
+2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Do not short circuit pseudo commands when we get a match since,
+ depending on the settings, we may need to examine all commands for
+ tags.
+ [fdbaf89d6f35]
+
+2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [1ecce7c1b841]
+
+ * sudoers.pod:
+ hostnames may also contain wildcards
+ [82b76695601c]
+
+ * Makefile.in:
+ remove stamp-* files and linux core files in clean target
+ [22003f091467]
+
+2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.h, config.h.in, configure, configure.in:
+ Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+ [6905bede8410]
+
+2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ correctly enable SIA on Digital UNIX
+ [a51881d13995]
+
+ * TODO:
+ checkpoint
+ [af0fe8d94d42]
+
+ * ChangeLog:
+ sync
+ [831f623cf99c]
+
+2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.h, tgetpass.c:
+ Even if neither stdin nor stdout are ttys we may still have /dev/tty
+ available to us.
+ [20f306ba883b]
+
+2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [76d97c4c318f]
+
+ * sudoers.pod:
+ fix typos; Markus Lude
+ [bff8bc1e2066]
+
+ * ChangeLog:
+ sync
+ [f108552531cd]
+
+ * toke.c:
+ regen
+ [de828413c67e]
+
+ * toke.l:
+ Fix matching of a line that only consists of a comment char
+ [09c953d8d5ca]
+
+2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ MacOS pam will retry conversation function if it fails so just treat
+ ^C as an empty password.
+ [d056058930bc]
+
+ * visudo.c:
+ When checking for alias use, also check defaults bindings.
+ [2647f82c7dbd]
+
+ * redblack.c:
+ unused var
+ [b7ff71c17c18]
+
+ * redblack.c:
+ Replace my rbdelete with Emin's version (which actually works ;-)
+ [21b133dd0c72]
+
+2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c:
+ malloc debugging
+ [0fb446fa3279]
+
+ * visudo.c:
+ malloc options in devel mode for visudo too
+ [98d06c6afeef]
+
+2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix compilation on non-C99; from Theo
+ [7c304e16c536]
+
+ * visudo.c:
+ fix check_aliases
+ [83f30a3b1765]
+
+ * alias.c:
+ when destroying an alias, free the correct data pointer
+ [6e1a8bd86c01]
+
+ * auth/sudo_auth.h:
+ add proto for aixauth_cleanup; from Dale King
+ [eba94ffc8f63]
+
+2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [409fa57fff83]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ standardize on the term 'option' for command line options (not flag)
+ [228caefc2e36]
+
+2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Add note on configuring HP-UX pam
+ [f7674a581baf]
+
+2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c:
+ Move tty checks into check_user() so we only do them if we actually
+ need a password.
+ [7d997d7106d6]
+
+ * sudo.c:
+ Don't error out if no tty or askpass unless we actually need to
+ authenticate.
+ [9f23b83ed66c]
+
+2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [23f9aef32da6]
+
+ * pathnames.h.in, sudo.c:
+ s/overriden/overridden/; from Tobias Stoeckmann
+ [9f7459a8fac5]
+
+2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, visudo.c:
+ check sudoers owner and mode in strict mode
+ [a3468c5ac1c4]
+
+ * gram.c, toke.c:
+ regen
+ [7d6b515a5443]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ Update copyright years.
+ [52d340cb8cba]
+
+ * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+ auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
+ closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
+ gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
+ interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
+ parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
+ sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
+ testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [b4e6bf2beafa]
+
+ * emul/charclass.h, fnmatch.c, glob.c:
+ add my copyright
+ [28681385014a]
+
+2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ The loop in fill_cmnd() was going one byte too far past the end,
+ resulting in a NUL being written immediately after the buffer end.
+ [a5a49d603cd7]
+
+ * UPGRADE, WHATSNEW:
+ add sections on tgetpass changes
+ [2e6929b6a102]
+
+ * tgetpass.c:
+ Treat EOF w/o newline as an error.
+ [aa02b1db9240]
+
+2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix "sudo -v" when NOPASSWD is set.
+ [f4914711ea80]
+
+ * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ No longer treat an empty password at the prompt as special. To quit
+ out of sudo you now need to hit ^C at the password prompt.
+ [980f760ad419]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [6ca21a2cd869]
+
+ * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+ Sudo will now refuse to run if no tty is present unless the new
+ visiblepw sudoers flag is set.
+ [0cc56943252e]
+
+2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
+ defined
+ [24fc6f712d5c]
+
+ * aix.c:
+ fix fallback value for RLIM_SAVED_MAX
+ [e09e04e1af89]
+
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ Move clearing of AUTHSTATE into aixauth_cleanup.
+ [e14ae7bd259c]
+
+ * auth/aix_auth.c, env.c:
+ Unset AUTHSTATE after calling authenticate() as it may not be
+ correct for the user we are running the command as.
+ [d14f68f1b0ab]
+
+ * isblank.c:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [16cba30b283f]
+
+2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ expound on sudo and cd
+ [8e0fa9033637]
+
+2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ regen
+ [40cf320a10fc]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [7cac761ae2c6]
+
+ * sudoers.pod:
+ mention defauts parse order
+ [4e2ce86d1394]
+
+2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, compat.h, configure:
+ Add isblank() function for systems without it. Needed for POSIX
+ character class matching in fnmatch.c and glob.c.
+ [a1ab55da8424]
+
+ * Makefile.in:
+ add emul/charclass.h to HDRS
+ [7e8a019dcaa4]
+
+2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ checkpoint
+ [afeb9bc1baed]
+
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ Move update_defaults into defaults.c and call it properly from
+ visudo and testsudoers.
+ [f4dbb369461f]
+
+ * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
+ tsgetgrpw.c:
+ use zero_bytes() instead of memset() for consistency
+ [4cee0465f4a8]
+
+ * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
+ visudo.c:
+ Zero out sigaction_t before use in case it has non-standard entries.
+ [120092225459]
+
+ * match.c:
+ quiet gcc
+ [098a1df49b23]
+
+ * match.c:
+ Short circuit glob() checks if basename(pattern) !=
+ basename(command). Refactor code that checks for a command in a
+ directory and use it in the glob case if the resolved pattern ends
+ in a '/'.
+ [3c46fd317acb]
+
+2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
+ Defer setting runas defaults until after runaspw/gr is setup.
+ [12e75ee49c0c]
+
+2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, sudo.c, testsudoers.c:
+ Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
+ systems do not include space for the NUL in the size. Also manually
+ NUL-terminate buffer from gethostname() since POSIX is wishy-washy
+ on this.
+ [7266ab3296a3]
+
+2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudoers.pod:
+ When setting the umask, use the union of the user's umask and the
+ default value set in sudoers so that we never lower the user's umask
+ when running a command.
+ [4e804b004e38]
+
+ * sudo.c:
+ Don't try to read from a zero-length sudoers file. Remove the bogus
+ Solaris work-around for EAGAIN. Since we now use fgetc() it should
+ not be a problem.
+ [bb8e5f68d944]
+
+2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ In update_defaults() check the return value of user*_matches against
+ ALLOW so we don't inadvertantly match on UNSPEC.
+ [4e422fa1527e]
+
+2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen man pages; no more hyphenation
+ [15de4fe2fe01]
+
+ * sudo.c:
+ Don't error out on a zero-length sudoers file. With the advent of
+ #include the user could create a situation where sudo is unusable.
+ [6eb461319fa5]
+
+2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c, config.h.in, configure, configure.in:
+ Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
+ krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
+ all. Add configure tests to handle all the cases.
+ [4b554a98470d]
+
+2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ resort ENVIRONMENT
+ [f4f20f40653e]
+
+ * sudoers.pod:
+ document sudoers_locale
+ [0bffd2dbe806]
+
+ * sudo.pod, sudo_edit.c:
+ add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
+ or EDITOR
+ [0ef8cb248cee]
+
+ * toke.c, toke.l:
+ In fill_cmnd(), collapse any escaped sudo-specific characters.
+ Allows character classes to be used in pathnames.
+ [5685244c8e44]
+
+2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c:
+ fix typo in non-C89 function declaration
+ [99a7113b3a05]
+
+ * sudoers.pod:
+ Mention POSIX characters classes now that out fnmatch() and glob()
+ support them.
+ [9c916f1230c3]
+
+ * sample.sudoers, sudoers.pod:
+ Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
+ locale agnostic.
+ [a60a62bec244]
+
+ * parse.h:
+ use __signed char if we are going to assign a negative value since
+ on Power, char is unsigned by default
+ [2877b319df17]
+
+ * config.h.in, configure, configure.in:
+ Add tests for __signed char and signed char.
+ [5eb874fdf1d4]
+
+ * aix.c:
+ Fix AIX limit setting. getuserattr() returns values in disk blocks
+ rather than bytes. The default hard stack size in newer AIX is
+ RLIM_SAVED_MAX. From Dale King.
+ [3db67415ecc3]
+
+2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/charclass.h, fnmatch.c, glob.c:
+ Add character class support to included glob(3) and fnmatch(3).
+ [6b5b4ad77899]
+
+2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/fnmatch.h:
+ Remove UCB advertising clause and some compatibility defines.
+ [2ade7bee74e1]
+
+2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
+ or sudo. This allows one to set EDITOR to sudoedit without getting
+ into an infinite loop of sudoedit running itself until the path gets
+ too big.
+ [aa49ab68f82d]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
+ Add sudoers_locale Defaults option to override the default sudoers
+ locale of "C".
+ [0639886a35bf]
+
+2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Set locale to system default except for during sudoers parse.
+ [016dd2736728]
+
+2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Redo change in 1.34 to use pointer arithmetic.
+ [f9e7b63bb450]
+
+2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Fix a dereference (read) of a freed pointer. Reported by Patrick
+ Williams.
+ [69877b633753]
+
+2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Set locale to "C" to avoid interpretation issues with character
+ ranges in sudoers. May want to make the locale a sudoers option in
+ the future.
+ [098a95de1746]
+
+2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ we no longer use setproctitle
+ [c7f20fb747ea]
+
+ * sudo.h:
+ remove #if 1
+ [a368ee6816c6]
+
+ * LICENSE, mkstemp.c:
+ Use my replacement mkstemp() from the mktemp package.
+ [d07c2beb0f9e]
+
+2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen with yacc skeleton bug fixed
+ [24784571cbb8]
+
+ * sudoers.pod:
+ Remove duplicate "as root". From Martin Toft.
+ [97241acfee5e]
+
+2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, sudo.c, sudo.h, testsudoers.c:
+ Flesh out the fake passwd entry used for running commands as a uid
+ not listed in the passwd database. Fixes an issue with some PAM
+ modules.
+ [a6648227f3f2]
+
+2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Error out in -i mode if the user has no shell. This can happen when
+ running commands as a uid with no password entry.
+ [0c174bef36ff]
+
+2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Better fix for line continuation inside double quotes. Now accepts
+ whitespace between the backslash and the newline like the main
+ lexer.
+ [64efcdf86d31]
+
+2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Fix line continuation in strings. It was only being honored if
+ preceded by whitespace.
+ [96c21271a3e4]
+
+2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, logging.c:
+ Replace the double fork with a fork + daemonize.
+ [328505441e67]
+
+2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ The -i flag should imply env_reset. This got broken in sudo 1.6.9.
+ [3caedfeaec87]
+
+ * logging.c, sudo.c, sudo_edit.c, visudo.c:
+ Change how the mailer is waited for. Instead of having a SIGCHLD
+ handler, use the double fork trick to orphan the child that opens
+ the pipe to sendmail. Fixes a problem running su on some Linux
+ distros.
+ [b59ce60a393d]
+
+2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix configure test for dirfd() on Linux where DIR is opaque.
+ [b8f729cdfecc]
+
+2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
+ this problem we'll need to revisit this again.
+ [c17fee8ad530]
+
+2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Ignore SIGPIPE instead of blocking it when piping to the mailer. If
+ we only block the signal it may be delivered later when we unblock.
+ Also, there is no need to block SIGCHLD since we no longer do the
+ double fork. The normal SIGCHLD handler is sufficient.
+ [e94a49e992e5]
+
+2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add description for NO_PAM_SESSION, from a redhat patch.
+ [b9e4c939ec09]
+
+2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Fix typos in -i usage
+ [2d7ce5de0235]
+
+2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Redo the test for dgettext() in a way that hopefully will work
+ around the libintl_dgettext() undefined problem.
+ [d27beb0cf85e]
+
+2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * schema.ActiveDirectory:
+ change filename in comment
+ [733da4ee9ac5]
+
+2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Reference schema.ActiveDirectory
+ [d6aec537800e]
+
+2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * schema.OpenLDAP, schema.iPlanet:
+ Mark sudoRunAs as deprecated.
+ [00c50df807af]
+
+ * schema.ActiveDirectory:
+ add sudoRunAsUser and sudoRunAsGroup
+ [19bcce6f72fb]
+
+ * schema.ActiveDirectory:
+ Active Directory schema by Chantal Paradis and Eric Paquet
+ [06a09c92c6a5]
+
+2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ remove an XXX that was fixed
+ [b88038062fa2]
+
+ * ChangeLog:
+ sync
+ [8fc27c17270e]
+
+ * parse.c:
+ Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
+ fixes a problem where the tag value printed was influenced by
+ defaults set in the first pass through the parser.
+ [588ccd630367]
+
+2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudo.psf:
+ No point in packaging the TODO file
+ [9590248fffe1]
+
+ * ChangeLog:
+ sync
+ [152acf4c6813]
+
+2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
+ sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Add env_file Defaults option that is similar to /etc/environment on
+ some systems.
+ [1daf53d51e18]
+
+2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
+ sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+ version.h, visudo.cat, visudo.man.in:
+ change version to 1.7.0
+ [d41d126b9bd8]
+
+ * UPGRADE:
+ initial valgrind pass done
+ [c59c3876d8ca]
+
+2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Fix typo/think in sudo_ldap_read_secret() when storing the secret.
+ [830d246c09b0]
+
+2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ define LDAPS_PORT if the system headers do not
+ [247b12325701]
+
+2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c, gram.y:
+ Fix another memory leak in init_parser().
+ [7bba47deba11]
+
+ * configure, configure.in:
+ There was a missing space before the ldap libs in SUDO_LIBS for some
+ configurations.
+ [7524cfc93759]
+
+ * alias.c, gram.c, gram.y, toke.c, toke.l:
+ Clean up some memory leaks pointed out by valgrind.
+ [a965866ece1a]
+
+2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix "sudo -s" broken by mode/flags breakout
+ [acffe984d408]
+
+ * configure, configure.in:
+ remove duplicate check for dgettext
+ [58145529133c]
+
+2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ Fall back to default stanza if no user-specific limit is found.
+ [7b8cb29123ee]
+
+2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ include stdint.h if present
+ [f0ec38529306]
+
+ * snprintf.c:
+ Use LLONG_MAX, not the old QUAD_MAX
+ [01041ce508fb]
+
+2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.pod:
+ fix cut and pasto
+ [34240fdef5ab]
+
+2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Add #ifdef PURITY
+ [ce1b571ad526]
+
+2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/bsdauth.c:
+ remove useless cast
+ [494f8a862e1d]
+
+2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ sync
+ [f5c97ffaabcc]
+
+ * TODO:
+ sync
+ [96ff1c44c182]
+
+ * sudo.h:
+ Split MODE_* defines into primary and flags.
+ [c02ee3027cb9]
+
+2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aix.c:
+ It turns out the logic for getting AIX limits is more convoluted
+ than I realized and differs depending on whether the soft and/or
+ hard limits are defined.
+ [cf8d3f85d395]
+
+2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in:
+ Back out AIX-specific change to set the sudo_noexec path to the .a
+ file, we do really want to use the .so file. Since libtool doesn't
+ do that correctly, just install the .so file ourselves in the
+ Makefile.
+ [05c6f33177d9]
+
+ * install-sh:
+ If the file given to install is a path, only use the basename of the
+ file when building the destination path.
+ [695ba4e429ce]
+
+2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ parse_args() cleanup: Sort command line options in the getopt()
+ switch The -U option requires a parameter Normalize a few ISSET
+ calls Split mode into mode and flags and retire the now-obsolete
+ excl variable
+ [0d156835f861]
+
+ * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
+ sudo_usage.h.in:
+ Add -n (non-interactive) flag.
+ [e3e50400d32d]
+
+ * sudo.c:
+ Move version printing, etc. into a separate function.
+ [18c91b476e2c]
+
+ * sudo.c:
+ Don't try to cleanup nsswitch if it has not been initialized.
+ [aeb1ca1b399d]
+
+2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Block SIGPIPE in send_mail() so sudo is not killed by a problem
+ executing the mailer.
+ [f130e7924cca]
+
+2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ AIX shared libs end in .a, not .so.
+ [a5deb07020d8]
+
+2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Preserve HOME by default too. Matches documentation and previous
+ behavior.
+ [c16f17f1047c]
+
+2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Use getopt() to parse the command line. We need to be able to
+ intersperse env variables and options yet still honor "--"" which
+ complicates things slightly.
+ [60f271ce5c16]
+
+2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ sync
+ [685e67964eda]
+
+ * acsite.m4, configure, ltmain.sh:
+ update to libtool-1.5.26
+ [4c9a8c3d3b40]
+
+ * config.guess, config.sub:
+ update from libtool-1.5.26 distribution
+ [c6641aef2527]
+
+ * aix.c, sudo.h:
+ attempt to fix compilation errors on AIX
+ [edb13e5b2184]
+
+ * Makefile.in:
+ fix typo in last commit
+ [25ba7f7ceae4]
+
+ * Makefile.in:
+ Add WHATSNEW file to the distribution
+ [213f4115de8f]
+
+ * visudo.c:
+ use warningx instead of fprintf(stderr, ...)
+ [a3494b8ccb19]
+
+ * list.c:
+ add DEBUG to list2tq
+ [115d24a3000c]
+
+ * ChangeLog, TODO:
+ sync
+ [60e6f4d1fac0]
+
+ * WHATSNEW:
+ mention mailfrom
+ [e2498f9e18d6]
+
+ * Makefile.in, aix.c, config.h.in, configure, configure.in,
+ set_perms.c, sudo.h:
+ Add aix_setlimits() to set resource limits on AIX using a
+ combination of getuserattr() and setrlimit(). Currently untested.
+ [9b1441fd89ca]
+
+2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod:
+ Add mailfrom Defaults option that sets the value of the From: field
+ in the warning/error mail. If unset the login name of the invoking
+ user is used.
+ [029b9f05d3d9]
+
+ * defaults.c:
+ store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
+ [a90e407d5e00]
+
+ * gram.c, gram.y:
+ When adding a default, only call list2tq() once to do the list to tq
+ conversion. It is not legal to call list2tq multiple times on the
+ same list since list2tq consumes and modifies the list argument.
+ [fbc25d245c4a]
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ comment out XXXs for now
+ [595a1d43309d]
+
+ * WHATSNEW:
+ mention askpass
+ [b993e0837c22]
+
+2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Error out if both -A and -S are specified Error out if -A is
+ specified but no askpass is configured
+ [24f1df2638f6]
+
+ * configure, configure.in:
+ we are not going to ship a sudo-specific askpass
+ [61949e7a3943]
+
+2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ fix definition of TGP_ASKPASS
+ [0447c57ba4c3]
+
+ * def_data.c, def_data.in:
+ make askpass boolean-capable
+ [e0885893a325]
+
+ * INSTALL:
+ document --with-askpass
+ [c76e15ba97cf]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.man.in, visudo.cat:
+ regen
+ [8d16242980b7]
+
+2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudo_usage.h.in, sudoers.pod:
+ document -A and askpass
+ [02c07505a78c]
+
+ * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
+ def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
+ sudo_usage.h.in, tgetpass.c:
+ Add support for running a helper program to read the password when
+ no tty is present (or when specified with the -A flag). TODO: docs.
+ [05780f5f71fd]
+
+ * def_data.c, def_data.in:
+ add missing printf format to SELinux role and type strings
+ [2b32774715e7]
+
+2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Disable use of gss_krb5_ccache_name() by default and add
+ --enable-gss-krb5-ccache-name configure option to enable it. It seems
+ that gss_krb5_ccache_name() doesn't work properly with some
+ combinations of Heimdal and OpenLDAP.
+ [f61ebd3b19bd]
+
+2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * selinux.c:
+ Ignore setexeccon() failing in permissive mode. Also add a call to
+ setkeycreatecon() (though this is probably insufficient). From Dan
+ Walsh.
+ [52564fc1c069]
+
+ * auth/pam.c:
+ Only set std_prompt for the PAM_PROMPT_* cases. The conversation
+ function may be called for non-password reading purposes so we must
+ be careful not to use def_prompt in cases where it may not be set.
+ [29d88ca575ba]
+
+2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * selinux.c:
+ Don't free the new tty context, we need to keep it around when we
+ restore the tty context after the command completes
+ [5b4bd39b6ea8]
+
+2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * selinux.c:
+ s/newrole/sudo/
+ [21b8a96ff8df]
+
+ * sudo.man.pl, sudo.pod:
+ Only put login_cap(3) in SEE ALSO section if we have login.conf
+ support
+ [05250ddff2c0]
+
+2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [301e5c5ccdbe]
+
+ * Makefile.in, configure, configure.in:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [9a02bd6a6658]
+
+ * sudo.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [0c56d4750ac3]
+
+ * sudo.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [acdbdfd24e1d]
+
+ * sudoers.man.pl:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [6c88f30b878a]
+
+ * sudoers.pod:
+ Substitute in comment characters for lines partaining to login.conf,
+ BSD auth and SELinux and only enable them if pertinent.
+ [c1c98fa163ce]
+
+ * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
+ Remove the =cut on the first line (above the copyright notice) to
+ quiet pod2man. Also remove the hackery in the FILES section and just
+ deal with the fact that there will a newline between each pathname.
+ [2ac1ab191835]
+
+2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ run sudo.man.pl when generating sudo.man.in
+ [859727369168]
+
+ * configure, configure.in, sudo.man.pl:
+ comment out SELinux manual bits unless --with-selinux was specified
+ [97ff4212b649]
+
+ * sudoers.pod:
+ document role and type defaults for SELinux
+ [870f303366b3]
+
+ * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
+ Document "sudo -ll" and make "sudo -l -l" be equivalent.
+ [3ce6dc429ea3]
+
+2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
+ Debian GNU/kFreeBSD.
+ [c4efa567a328]
+
+2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
+ verify_krb_v5_tgt()
+ [f80538e5a6fa]
+
+ * logging.c, logging.h, sudo.c:
+ Remove dependence on VALIDATE_NOT_OK in logging functions. Split
+ log_auth() into log_allowed() and log_denial() Replace mail_auth()
+ with should_mail() and a call to send_mail()
+ [58aac9997557]
+
+2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add debugging so we can tell if the krb5 ccache is accessible
+ [c679322527bb]
+
+ * INSTALL:
+ mention --with-selinux
+ [9efbe0b52194]
+
+2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [467a834f867c]
+
+ * selinux.c:
+ add Sudo tag
+ [d004ee669bed]
+
+ * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
+ sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+ testsudoers.c, toke.c, toke.l:
+ Add support for SELinux RBAC. Sudoers entries may specify a role and
+ type. There are also role and type defaults that may be used. To
+ make sure a transition occurs, when using RBAC commands are executed
+ via the new sesh binary. Based on initial changes from Dan Walsh.
+ [1d4abfe2c004]
+
+ * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+ def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+ pathnames.h.in, selinux.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role and
+ type. There are also role and type defaults that may be used. To
+ make sure a transition occurs, when using RBAC commands are executed
+ via the new sesh binary. Based on initial changes from Dan Walsh.
+ [6b421948286e]
+
+ * sesh.c:
+ Add support for SELinux RBAC. Sudoers entries may specify a role and
+ type. There are also role and type defaults that may be used. To
+ make sure a transition occurs, when using RBAC commands are executed
+ via the new sesh binary. Based on initial changes from Dan Walsh.
+ [1e3b395ce049]
+
+2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
+ Add long list (sudo -ll) support for printing verbose LDAP and
+ sudoers file entries. Still need to update manual.
+ [2875be37935c]
+
+2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
+ Unify the -l output for file and ldap based sudoers and use lbufs
+ for both. The ldap output does not currently include options that
+ cannot be represented as tags. This will be remedied in a long list
+ output mode to come.
+ [b2e429456596]
+
+2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Use a specific error message for errno == EAGAIN when setuid() et al
+ fails. On Linux systems setuid() will fail with errno set to EAGAIN
+ if changing to the new uid would result in a resource limit
+ violation.
+ [08d0aecd9f03]
+
+ * sudo.c:
+ Unlimit nproc on Linux systems where calling the setuid() family of
+ syscalls causes the nroc resource limit to be checked. The limits
+ will be reset by pam_limits.so when PAM is used. In the non-PAM case
+ the nproc limit will remain unlimited but there doesn't seem to be a
+ way around that other than having sudo parse
+ /etc/security/limits.conf directly.
+ [df024b415a8d]
+
+ * env.c, sudo.c, sudo.pod:
+ Only read /etc/environment on Linux and AIX
+ [90669e2aefdb]
+
+2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
+ ldap.conf and ldap.secret paths from going into config.h. Avoid
+ single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
+ since in some versions of bash they will end up literally in the
+ resulting define.
+ [25390f3ef10a]
+
+2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ mention --with-nsswitch=no
+ [c509df927263]
+
+ * configure, configure.in:
+ ldap_ssl.h depends on ldap.h being included first
+ [d96d90e9b21f]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Include ldap_ssl.h if we can find it. Needed for the
+ ldapssl_set_strength defines on HP-UX at least.
+ [9e530470948a]
+
+ * sudoers.ldap.pod:
+ sync
+ [b9d101f4673a]
+
+ * TODO:
+ sync
+ [2ce951b2ecd0]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+ sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+ regen
+ [b61d793987e0]
+
+ * Makefile.in:
+ Use 78n line length when formatting cat pages.
+ [761bee9d5759]
+
+ * README.LDAP:
+ Remove redundant info that is now in sudoers.ldap.pod
+ [01828dcce59e]
+
+2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Reorganize the first section a bit. Substitute the proper path for
+ /etc/sudoers.
+ [11ae165e065d]
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
+ schema into EXAMPLES
+ [ab6509d1dde7]
+
+ * configure, configure.in:
+ Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
+ sudoers.ldap.man.
+ [6e689972f465]
+
+ * configure, configure.in:
+ substitute for sudoers.ldap.man
+ [5a4a25766dee]
+
+ * Makefile.in:
+ Fix cut & pasto introduced when adding sudoers.ldap man page.
+ [a7b069af8894]
+
+ * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+ Fill in some of the missing pieces. Still needs some reorganization
+ and editing.
+ [5e7331722166]
+
+2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
+ sudoers.ldap.pod:
+ Beginnings of a sudoers.ldap man page. Currently, much of the
+ information is adapted from README.LDAP.
+ [aad28c8a922d]
+
+2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ When copying gr_mem we must guarantee that the storage space for
+ gr_mem is properly aligned. The simplest way to do this is to simply
+ store gr_mem directly after struct group. This is not a problem for
+ gr_passwd or gr_name as they are simple strings.
+ [af58fc76f1ed]
+
+ * ldap.c:
+ Fix a typo/thinko in one of the calls to
+ sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+ [70b2eb8097f5]
+
+2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ include <mps/ldap_ssl.h> in ldap.c if available
+ [34346206ef16]
+
+2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c, gram.y:
+ Make sure we define SIZE_MAX for yacc's skeleton.c
+ [d8a45c7a3c42]
+
+ * tgetpass.c:
+ Use TCSAFLUSH when restoring terminal settings (and echo) to
+ guarantee that any pending output is discarded
+ [549a184479e5]
+
+2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers:
+ no longer need to specify SETENV when user has sudo ALL
+ [3051b41f8032]
+
+ * testsudoers.c:
+ sync user_args size calculation with sudo.c Add -g group option,
+ renaming old -g to -G Add set_runasgr() and set_runaspw() and use
+ them
+ [0850325180f0]
+
+ * sudo.c, sudo.h:
+ Make set_runaspw static void
+ [5d44d7a340ce]
+
+ * testsudoers.c, visudo.c:
+ g/c set_runaspw stub
+ [79ebb5e2cc38]
+
+ * configure, configure.in:
+ Don't add -llber twice.
+ [4356d302eef4]
+
+2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ fix typo
+ [249cecc557e9]
+
+2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [2f94ea375b67]
+
+ * configure, configure.in:
+ Fix check that determines whether -llber is required.
+ [6afa99523379]
+
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ For netscape-based LDAP, use ldapssl_set_strength() to implement the
+ checkpeer ldap.conf option.
+ [16ae24d73795]
+
+ * auth/kerb5.c:
+ Delay krb5_cc_initialize() until we actually need to use the cred
+ cache, which is what krb5_verify_user() does. Better cleanup on
+ failure.
+ [d12e5f1695b8]
+
+2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Rewrite verify_krb_v5_tgt() based on what heimdal's
+ krb5_verify_user() does.
+ [05b5815f86c9]
+
+2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ The U suffix on constants is an ANSI feature
+ [c6dfce3167f1]
+
+ * configure, configure.in:
+ Add check for ber_set_option() in -llber
+ [43d0c0566074]
+
+2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ default if no nsswitch.conf is files only
+ [c13001d9c998]
+
+2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ don't tell people to mail aaron about LDAP stuff
+ [8165ec1ef0c6]
+
+ * README.LDAP:
+ timelimit and bind_timelimit
+ [44f74cbed167]
+
+ * ChangeLog:
+ sync
+ [aba1a0ab02bd]
+
+ * ldap.c:
+ Move ldap.secret reading into a separate function.
+ [1948acc9f7a4]
+
+ * check.c:
+ user_runas -> runas_pw
+ [334490fc2bae]
+
+2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sync
+ [c7b165cc47c6]
+
+ * check.c, sudo.pod, sudoers.pod:
+ Add and document the %p escape in the password prompt. Based on a
+ patch from Patrick Schoenfeld.
+ [3972d4f31ffa]
+
+ * ldap.c:
+ Check strlcpy() return values.
+ [9b42f3ae8ff1]
+
+ * ldap.c:
+ refactor ldap binding code into sudo_ldap_bind_s()
+ [cb0c66a4d955]
+
+ * README.LDAP:
+ Make it clear that host and uri can take multiple parameters. URI is
+ now supported for more than just openldap nsswitch.conf does't
+ accept "compat"
+ [f610dea656d6]
+
+ * sudo.c:
+ comment cleanup and update (c) year
+ [6cd69c810ca5]
+
+ * parse.c, sudo_nss.c:
+ Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
+ This should make it possible to build an LDAP-only sudo binary.
+ [61c3f27066a0]
+
+ * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
+ Improve chaining of multiple sudoers sources by passing in the
+ previous return value to the next in the chain
+ [2c0b722b1b2d]
+
+ * gram.y:
+ Free up parser data structures in sudo_file_close().
+ [2251531d4519]
+
+ * gram.c, parse.c:
+ Free up parser data structures in sudo_file_close().
+ [8371f130f401]
+
+ * ldap.c:
+ Parse uri ourself if no ldap_initialize() is present Use
+ ldap_create() instead of deprecated ldap_init() Use
+ ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+ [85d3825b1953]
+
+ * config.h.in, configure, configure.in:
+ Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
+ CFLAGS
+ [240524512bc5]
+
+2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ add check for ldap_create
+ [3089badd73b8]
+
+2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
+ dn using the mechanism appropriate for the LDAP SDK in use. Use
+ ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
+ ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
+ [6deeca3d00cc]
+
+ * lbuf.c:
+ include unistd.h
+ [8419ed0bae7f]
+
+ * config.h.in, configure.in:
+ fix typo in mtim_getnsec
+ [2d5f21230a60]
+
+2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ add check for st__tim in struct stat as used by SCO
+ [587060ea2a89]
+
+ * ldap.c:
+ use ldap_search_ext_s instead of deprecated ldap_search_s
+ [5fc44fe3b44c]
+
+ * Makefile.in, TODO, sudo.cat, sudo.man.in:
+ add sudo_nss.h to HDRS
+ [86f01a70ff29]
+
+ * ldap.c:
+ Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
+ ldap_rdn2str().
+ [aa217002cfae]
+
+2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Use ldap_get_values_len()/ldap_value_free_len() instead of the
+ deprecated ldap_get_values()/ldap_value_free().
+ [e22dceb85e57]
+
+ * ChangeLog:
+ sync
+ [adad27b36107]
+
+ * TODO:
+ sync
+ [c449eb47e0ef]
+
+ * gettime.c, sudo.c:
+ Remove some already fixed XXXs
+ [532788d0e6da]
+
+ * ldap.c:
+ Same return value as non-existent sudoers if LDAP was unable to
+ connect.
+ [5819810e8e4e]
+
+ * sudo.pod:
+ mention /etc/environment
+ [ea8e6102f853]
+
+ * README.LDAP, UPGRADE, WHATSNEW:
+ Update to reflect recent developments.
+ [ed1fb026fe77]
+
+ * sudo.c:
+ Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
+ [55b68a58260d]
+
+ * ldap.c:
+ When building up a query don't list groups in the aux group vector
+ that are the same as the passwd file group. On most systems the
+ first gid in the group vector is the same as the passwd entry gid.
+ [4bb51e297e0d]
+
+ * env.c, ldap.c:
+ Define LDAPNOINIT before calling ldap_init(), etc. to disable user
+ ldaprc and system defaults that could affect how LDAP works.
+ [ce5036440db2]
+
+ * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
+ sudo_nss.c, sudo_nss.h:
+ Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
+ to specify nsswitch.conf path or disable it. If --with-nsswitch=no
+ but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
+ file and --with-ldap-secret-file
+ [ea5d7704381f]
+
+ * parse.c:
+ Honor def_ignore_local_sudoers
+ [f38e1121fae1]
+
+2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ no longer need to check def_ignore_local_sudoers here
+ [fce2a72f96fb]
+
+ * parse.c:
+ Refactor group vector resetting into a function and also call it
+ from display_cmnd. Stop after the first sucessful match in
+ display_cmnd. Print a newline between each display_privs method.
+ [981b37b5adff]
+
+ * parse.c:
+ fix double free introduced in rev 1.218
+ [c574b02d8747]
+
+ * ldap.c:
+ belt and suspenders; zero out result after freeing it
+ [7732988d4620]
+
+ * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
+ Refactor line reading into a separate function, sudo_parseln(),
+ which removes comments, leading/trailing whitespace and newlines.
+ May want to rethink the use of sudo_parseln() for /etc/ldap.secret
+ [61d9068f0645]
+
+ * parse.c, sudo.c:
+ Make the inability to read the sudoers file a non-fatal error if
+ there are other sudoers sources available. sudoers_file_lookup now
+ returns "not OK" if sudoers was not present
+ [643babf597a8]
+
+ * ldap.c:
+ make it clear that the global options are from LDAP
+ [9ff950349463]
+
+ * logging.c:
+ allocate proper amount of space for error string
+ [8bebb7d46d19]
+
+ * sudo_nss.c, sudo_nss.h:
+ actual sudo nss code
+ [5bd7d52d7738]
+
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ nss-ify display_privs and display_cmnd.
+ [cccfdd3253f2]
+
+ * defaults.c, parse.c, testsudoers.c, visudo.c:
+ move update_defaults() to parse.c
+ [ace144b958a9]
+
+ * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
+ Use nsswitch to hide some sudoers vs. ldap implementation details
+ and reduce the number of #ifdef LDAP TODO: fix display routines and
+ error handling
+ [6225edde89a6]
+
+2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
+ First cut at nsswitch.conf support. Further reorganizaton and
+ related changes are forthcoming.
+ [717f59d0790b]
+
+2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, pathnames.h.in, sudo.c, sudo.h:
+ Add support for reading and /etc/environment file. Still needs to be
+ documented and should probably only applies to OSes that have it
+ (AIX and Linux, maybe others).
+ [15d3edae27e4]
+
+ * ldap.c:
+ include limits.h
+ [e19875ef0f82]
+
+2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ reword LDAP SASL
+ [7ec3c4ec31b5]
+
+2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sync
+ [87c5a7aea7bf]
+
+ * README.LDAP:
+ Add an example sudoRole, clarify netscape vs. openldap a bit more
+ [6f96c0ca8107]
+
+ * README.LDAP:
+ Be clear on what is OpenLDAP vs. Netscape-derived
+ [a33c8314dec5]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Use ldapssl_init() for ldaps support instead of trying to do it
+ manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
+ and tls_key for cert7.db and key3.db respectively. Don't print
+ debugging info for options that are not set. Add warning if
+ start_tls specified when not supported.
+ [abb62dc7e4a3]
+
+ * ldap.c:
+ fix compilation on solaris
+ [03d449684e80]
+
+ * Makefile.in:
+ add missing .h and .c files for missing lib objs
+ [8b37825bdfc7]
+
+2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ fix LDAP_OPT_NETWORK_TIMEOUT setting
+ [226eba89c0ad]
+
+ * ldap.c:
+ fix compilation on Solaris
+ [917d47639eb6]
+
+2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix typo
+ [009d5c81b225]
+
+ * README.LDAP:
+ try to clear up which variables are for OpenLDAP and which are for
+ netscape-derived SDKs
+ [f8d9823ee73c]
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add support for "ssl on" in both netscape and openldap flavors. Only
+ the OpenLDAP flavor has been tested.
+ [952745829ec5]
+
+ * logging.c, sudo.c, sudo.h:
+ Call cleanup() before exit in log_error() instead of calling
+ sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
+ [da02d1b67a2c]
+
+ * sudo.c:
+ ld -> ldap_conn
+ [01afa6d927cc]
+
+2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, sudo.c, sudo.h:
+ Better ldap cleanup.
+ [25b9abe2d617]
+
+ * ldap.c:
+ Distinguish between LDAP conf settings that are connection-specific
+ (which take an ld pointer) and those that are default settings
+ (which do not).
+ [d48dc6c9c3b4]
+
+2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Improved warnings on error.
+ [c8dce7b4feb4]
+
+ * ldap.c:
+ Make ldap config table driven and set the config *after* we open the
+ connection.
+ [d9698b5a2681]
+
+2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+ [598c6df06660]
+
+ * configure, configure.in:
+ some operating systems need to link with -lkrb5support when using
+ krb5
+ [8896365dde9e]
+
+2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ minor update
+ [acfeeb7f4886]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [a3c6699674f9]
+
+2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog, TODO:
+ sync
+ [138e99b925ee]
+
+ * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
+ add -g support for LDAP
+ [8fc27dbe9287]
+
+2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
+ The -i and -s flags can now take an optional command.
+ [6afec104ee77]
+
+2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
+ sudoers.pod:
+ Add passprompt_override flag to sudoers that will cause the prompt
+ to be overridden in all cases. This flag is also set when the user
+ specifies the -p flag.
+ [e4c5402131a6]
+
+ * sudo.c:
+ Move setting of login class until after sudoers has been parsed. Set
+ NewArgv[0] for -i after runas_pw has been set.
+ [62a48c8c56fa]
+
+ * configure, configure.in:
+ Move the dgettext check.
+ [5fd8a4712d1c]
+
+2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Add basic support for looking up the string "Password: " in the PAM
+ localized text db. This allows us to determine whether the PAM
+ prompt is the default "Password: " one even if it has been
+ localized.
+
+ TODO: concatenate non-std PAM prompts and user-specified sudo
+ prompts.
+ [81c25a415d41]
+
+2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, config.h.in, configure, configure.in, parse.c,
+ set_perms.c, sudo.c, sudo.h:
+ Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
+ insufficient.
+ [1cce6ec1a91e]
+
+ * acsite.m4, configure, interfaces.c, memrchr.c:
+ Fix typos; Martynas Venckus
+ [be1233cca11a]
+
+2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Don't assume runas_pw is set; it may not be in the -g case.
+ [aa11bd2193ac]
+
+2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, set_perms.c:
+ Set aux group vector for PERM_RUNAS and restore group vector for
+ PERM_ROOT if we previously changed it. Stash the runas group vector
+ so we don't have to call initgroups more than once. Also add no-op
+ check to check_perms.
+ [53837fc755f7]
+
+2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
+ ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
+ pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
+ testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
+ Add support for runas groups. This allows the user to run a command
+ with a different effective group. If the -g option is specified
+ without -u the command will be run as the current user (only the
+ group will change). the -g and -u options may be used together.
+ TODO: implement runas group for ldap improve runas group
+ documentation add testsudoers support
+ [9019309df6d0]
+
+ * configure, configure.in:
+ fix setting of mandir
+ [2c60f269399f]
+
+ * sudo.pod, sudoers.pod:
+ document that ALL implies SETENV
+ [bcc8e5b703b9]
+
+ * ldap.c:
+ s/setenv_ok/setenv_implied/g
+ [f005df2c2eea]
+
+ * ldap.c:
+ hostname_matches() returns TRUE on match in sudo 1.7.
+ [c3d4377b6e8b]
+
+ * ldap.c:
+ use strcmp, not strcasecmp when comparing ALL
+ [e486024574a1]
+
+ * ldap.c:
+ Make sudo ALL imply setenv. Note that unlike with file-based sudoers
+ this does affect all the commands in the sudoRole.
+ [bc12f54321d1]
+
+ * gram.c, gram.y, parse.c, parse.h:
+ sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
+ it is not passed on to other commands in the list.
+ [026e2cb40680]
+
+ * visudo.c:
+ Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
+ sudo_getpwuid() instead of getpwuid().
+ [86f30a8fbd49]
+
+2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers:
+ Expand on the dangers of not using visudo to edit sudoers.
+ [e434e8057d02]
+
+2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Don't quote *?[]! on output since the lexer does not strip off the
+ backslash when reading those in.
+ [561da4a13afa]
+
+2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ expand "u_foo" types to "unsigned foo" to avoid compatibility
+ issues.
+ [b0d7c64d78c3]
+
+2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Refactor log line generation in to new_logline().
+ [6a9b9730615d]
+
+2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ fix typo
+ [9e19d4f86e47]
+
+2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
+ match.c:
+ Add configure check for struct in6_addr instead of relying on
+ AF_INET6 since some systems define AF_INET6 but do not include IPv6
+ support.
+ [e24082c416bd]
+
+2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
+ use.
+ [76a9df4a63be]
+
+2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ POSIX states that struct timespec be declared in time.h so check
+ there regardless of the value of TIME_WITH_SYS_TIME.
+ [e42c55ec9daf]
+
+2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Instead of defining a macro to call the appropriate method for
+ turning on/off echo, just define tc[gs]etattr() and the related
+ defines that use the correct terminal ioctls if needed. Also go back
+ to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
+ [5dfb2379d995]
+
+2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ g/c @ALLOCA@
+ [e6946c2e3820]
+
+ * configure:
+ regen
+ [9bac7159a138]
+
+ * INSTALL, auth/pam.c, config.h.in, configure.in:
+ Add --disable-pam-session configure option to disable calling
+ pam_{open,close}_session. May work around bugs in some PAM
+ implementations.
+ [273d0fdb4a9d]
+
+2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ quiet gcc warnings
+ [325565c5a579]
+
+ * tgetpass.c:
+ Avoid printing the prompt if we are already backgrounded. E.g. if
+ the user runs "sudo foo &" from the shell. In this case, the call to
+ tcsetattr() will cause SIGTTOU to be delivered.
+ [db2139a8d8b8]
+
+2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in:
+ Reorder things such that the definition of env_reset come right
+ before the env variable lists.
+ [e0d8e22a581a]
+
+ * parse.h:
+ Shrink type and seqno in struct alias from int to u_short
+ [9425263dd565]
+
+ * alias.c, match.c, parse.c, parse.h:
+ Add a sequence number in the aliases for loop detection. If we find
+ an alias with the seqno already set to the current (global) value we
+ know we've visited it before so ignore it.
+ [301a0548ffff]
+
+2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, auth/pam.c, sudo.c, sudo.h:
+ PAM wants the full tty path so add user_ttypath which holds the full
+ path to the tty or is NULL if no tty was present.
+ [c7c1dd4b36c8]
+
+ * auth/pam.c:
+ Set PAM_RHOST to work around a bug in Solaris 7 and lower that
+ results in a segv.
+ [3a8865b3a357]
+
+2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [5647be127950]
+
+ * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
+ parse.h, testsudoers.c, visudo.c:
+ rename lh_ -> tq_
+ [8f500c542c4a]
+
+2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alloc.c:
+ remove some useless casts
+ [409a448b23f5]
+
+ * alloc.c:
+ pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
+ predates the final C99 spec and the standard specifies that it shall
+ include stdint.h anyway
+ [ae478fdef61a]
+
+2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, alloca.c, configure.in:
+ Since we ship with a pre-generated parser there is no need to ship a
+ bogus alloca implementation.
+ [3f611a7cc0e5]
+
+ * configure:
+ regen
+ [771eccf5269c]
+
+ * configure.in:
+ remove initial setting of CHECKSIA, we require that it be unset if
+ not used
+ [a2e91adc5aa2]
+
+ * Makefile.in:
+ add list.c to SRCS
+ [7db0e56cf5b9]
+
+ * configure:
+ regen
+ [3716ec30172e]
+
+ * configure.in:
+ only do SIA checks on Digital Unix
+ [6a96e1af2597]
+
+2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [ac1dc29de72b]
+
+ * ChangeLog, TODO:
+ sync
+ [781effce0a2d]
+
+ * auth/kerb5.c:
+ Remove call to krb5_cc_register() as it is not needed for modern
+ kerb5.
+ [351b8b764f16]
+
+ * configure:
+ regen
+ [ac21dbcc9c2c]
+
+ * aclocal.m4, configure.in:
+ New method for setting the default authentication type and avoiding
+ conflicts in auth types.
+ [5fb15be11f78]
+
+ * match.c, parse.c, testsudoers.c:
+ Each entry in a cmndlist now has an associated runaslist so no need
+ to keep track of the most recent non-NULL one.
+ [582e015786b0]
+
+2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ back out partial ldaps support mistakenly committed
+ [357703e94b2d]
+
+ * ldap.c:
+ Add support for unix groups and netgroups in sudoRunas
+ [2f04eb91c6d0]
+
+2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Fix sudoedit of a non-existent file. From Tilo Stritzky.
+ [a5488a03bddd]
+
+2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [541177376ee1]
+
+ * INSTALL:
+ update --passprompt escape info
+ [6d57db4cd538]
+
+ * configure.in:
+ remove now-bogus comment and update copyright date
+ [6a4af45fa331]
+
+ * configure.in:
+ Fix up use of with_passwd
+ [7c79d8640f77]
+
+ * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
+ Update to autoconf-2.61 andf libtool-1.5.24
+ [045259b0b439]
+
+ * Makefile.in:
+ "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
+ [f5b6a7afb817]
+
+2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * gram.c:
+ regen
+ [b5b78e71d2cb]
+
+ * gram.y:
+ move tags and runaslist propagation to be earlier
+ [94f7805f4489]
+
+ * visudo.c:
+ If -f flag given use the permissions of the original file as a
+ template
+ [9303d22bddb0]
+
+ * gram.y:
+ prevent a double free() when re-initing the parser
+ [5b3907c4de5a]
+
+2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [49a90b19a17d]
+
+ * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
+ configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
+ parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
+ sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
+ Remove support for compilers that don't support void *
+ [35e1d01ae197]
+
+ * gram.c:
+ regen
+ [70ce412a458a]
+
+ * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
+ parse.c, parse.h, testsudoers.c, visudo.c:
+ Move list manipulation macros to list.h and create C versions of the
+ more complex ones in list.c. The names have been down-cased so they
+ appear more like normal functions.
+ [9cea0e281148]
+
+ * Makefile.in:
+ Fix cmp command when regenerating parser. Make gram.o the first
+ dependency for all programs so gram.h will be generated before
+ anything that needs it.
+ [429ea065abf1]
+
+ * gram.y, parse.h:
+ Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
+ [2f3433833589]
+
+ * match.c, parse.c, testsudoers.c:
+ Use LH_FOREACH_REV when checking permission and short-circuit on the
+ first non-UNSPEC hit we get for the command. This means that instead
+ of cycling through the all the parsed sudoers entries we start at
+ the end and work backwards and quit after the first positive or
+ negative match.
+ [881474532f3e]
+
+ * gram.c:
+ regen
+ [9152a19d4188]
+
+ * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
+ Change list head macros to take a pointer, not a struct.
+ [054f1dcce4cc]
+
+ * gram.c:
+ regen
+ [be154aae6235]
+
+ * gram.y:
+ Propagate the runasspec from one command to the next in a cmndspec.
+ [4957b1cb03a3]
+
+2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Replace has_meta() with a macro that calls strpbrk().
+ [a2e58846a542]
+
+ * regen
+ [5a932a5c9451]
+
+ * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
+ testsudoers.c, visudo.c:
+ Use a list head struct when storing the semi-circular lists and
+ convert to tail queues in the process. This will allow us to reverse
+ foreach loops more easily and it makes it clearer which functions
+ expect a list as opposed to a single member.
+
+ Add macros for manipulating lists. Some of these should become
+ functions.
+
+ When freeing up a list, just pop off the last item in the queue
+ instead of going from head to tail. This is simpler since we don't
+ have to stash a pointer to the next member, we always just use the
+ last one in the queue until the queue is empty.
+
+ Rename match functions that take a list to have list in the name.
+ Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+ [7c37b271607a]
+
+ * parse.c:
+ Fix pasto, append "!" not negated (which is an int) for sudo -l
+ output.
+ [93a444c3997f]
+
+ * Makefile.in:
+ Remove the dependency of gram .h on gram.y, the .c dependency is
+ enough. Only move y.tab.h to gram.h if it is different; avoids
+ needless rebuilding.
+ [67bf4ea2a2e5]
+
+2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Defaults lines may be associated with lists of users, hosts,
+ commands and runas users, not just single entries.
+ [795effacb6be]
+
+2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Revert the "cmp" portion of the last diff, it doesn't make sense.
+ [26f34bf4e2e3]
+
+ * Makefile.in:
+ Remove *.lo for clean: When generating the parser, only move the
+ generated files into place if they differ from the existing ones.
+ [84673fea371b]
+
+2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Replace IPV6 regexp with a much simpler (readable) one and add an
+ extra check when it matches to make sure we have a valid address.
+ [592e9f690556]
+
+ * match.c:
+ Fix thinko introduced when merging IPV6 support.
+ [da38cd5eb8c7]
+
+2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, LICENSE:
+ regen
+ [0d7b27b90634]
+
+ * license.pod:
+ add 2007
+ [510e5048ae1a]
+
+ * UPGRADE:
+ mention #uid vs. comment pitfall
+ [4d2861898bcc]
+
+ * acsite.m4:
+ Merge in a patch from the libtool cvs that fixes a problem with the
+ latest autoconf. From Stepan Kasal.
+ [0c279ae7df3e]
+
+ * parse.h:
+ Back out he XOR swap trick, it is slower than a temp variable on
+ modern CPUs.
+ [91c4b024e317]
+
+ * gram.c:
+ regen
+ [cb6d4106fb74]
+
+ * gram.y, parse.h:
+ Convert the tail queue to a semi-circle queue and use the XOR swap
+ trick to swap the prev pointers during append.
+ [8bf4d9fbee58]
+
+2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ remove useless statement
+ [421ec1dd73e6]
+
+ * toke.c, toke.l:
+ Refactor #include parsing into a separate function and return
+ unparsed chars (such as newline or comment) back to the lexer.
+ [64166917aa3d]
+
+2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * WHATSNEW:
+ mention better uid support
+ [56f510e7f2ec]
+
+ * sudoers.pod:
+ Users may now consist of a uid.
+ [5fd31b2c55ed]
+
+ * gram.c, gram.h, toke.c:
+ regen
+ [599e58af6dc1]
+
+ * parse.c:
+ Use lbuf_append_quoted() for sudo -l output to quote characters that
+ would require quoting in sudoers.
+ [3132d05c990a]
+
+ * lbuf.c, lbuf.h:
+ Add lbuf_append_quoted() which takes a set of characters which
+ should be quoted with a backslash when displayed.
+ [ab09bebb1d65]
+
+ * toke.l:
+ Require that the first character after a comment not be a digit or a
+ dash. This allows us to remove the GOTRUNAS state and treat uid/gids
+ similar to other words. It also means that we can now specify uids
+ in User_Lists and a User_Spec may now contain a uid.
+ [461fe01f8392]
+
+ * gram.y, toke.l:
+ Replace RUNAS token with '(' and ')' tokens to make the runas
+ portion of the grammar more natural.
+ [e0c383b4684d]
+
+ * BUGS:
+ The BUGS file is history
+ [4d9a809585c7]
+
+ * Makefile.in, README:
+ The BUGS file is history
+ [d9500e261172]
+
+2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ Allow comments after a RunasAlias as long as the character after the
+ pound sign isn't a digit or a dash.
+ [d7f3bd94eeda]
+
+ * WHATSNEW:
+ Glob support was back-ported to 1.6.9
+ [d1d5cfd46228]
+
+2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ remove sudo_usage.h in distclean
+ [df05ce9c4127]
+
+ * parse.c:
+ If a Defaults value contains a blank, double-quote the string.
+ [9057a910daad]
+
+ * toke.c, toke.l:
+ Properly deal with Defaults double-quoted strings that span multiple
+ lines using the line continuation char. Previously, the entire
+ thing, including the continuation char, newline, and spaces was
+ stored as-is.
+ [4a4e8eacefe6]
+
+ * sudo.c:
+ Be consistent when using single quotes and backticks.
+ [d010b83a0fa1]
+
+2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
+ sudo.c, sudo_usage.h.in:
+ Add new linebuf code to do appends of dynamically allocated strings
+ and word-wrapped output. Currently used for sudo's usage() and sudo
+ -l output. Sudo usage strings are now in sudo_usage.h which is
+ generated at configure time.
+ [4dfd0ee8d961]
+
+2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c, sudo.h:
+ Fix line wrapping in usage() and use the actual tty width instead of
+ assuming 80.
+ [700eab37c5a6]
+
+2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * history.pod:
+ some more info
+ [8140112a8ae1]
+
+ * history.pod:
+ Mentioned Chris Jepeway's parser and also the new one that is in
+ sudo 1.7.
+ [2132d00f0597]
+
+2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ For the options list, add flag args where appropriate and increase
+ the indent level so there is room for them.
+ [2b60fb572e12]
+
+2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix some spacing in "sudo -l" and add a comment about some bogosity
+ in the line wrapping.
+ [b59b056f5ee2]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [5fb719f18ebc]
+
+ * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
+ def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+ parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
+ testsudoers.c, toke.c, toke.l:
+ Remove monitor support until there is a versino of systrace that
+ uses a lookaside buffer (or we have a better mechanism to use).
+ [61ff76878e4a]
+
+ * config.h.in, configure, configure.in, sudo.c:
+ use getaddrinfo() instead of gethostbyname() if it is available
+ [cc33c136aa6a]
+
+2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c:
+ Deal with OSes where sizeof(gid_t) < sizeof(int).
+ [130a89cbdfba]
+
+ * interfaces.c:
+ repair non-getifaddrs() code after ipv6 integration
+ [7ae7a89e2236]
+
+ * sudo.c:
+ If we can open sudoers but fail to read the first byte, close the
+ file stream before trying again.
+ [6f31272fae7b]
+
+2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c:
+ regen
+ [4d7afe0aa6fa]
+
+ * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
+ Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+ [4e6ff2965a42]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add some missing markup Update copyright
+ [7e6d3c686b5e]
+
+2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix sudo_noexec extension which got broken in the libtool update
+ [3a5b447df861]
+
+2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ explicitly specify -Tascii to nroff
+ [45c8da4cbefe]
+
+2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ remove an ANSI-ism that crept in
+ [29086f87b2ca]
+
+2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ Adjust list indents Prevent -- from being turned into an em dash Use
+ a list for the environment instead of a literal paragraph
+ [c3abcd8f76f4]
+
+ * visudo.pod:
+ Use a list for the environment instead of an indented literal
+ paragraph.
+ [0ffcfcb7349f]
+
+ * sudoers.pod:
+ Adjust list indentation
+ [615c89e3123a]
+
+ * license.pod:
+ add =head3
+ [8b2e0d38c0bd]
+
+2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ mention that when specifying a uid for the -u option the shell may
+ require that the # be escaped
+ [3e3a17bff150]
+
+2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Fix off by one in group matching.
+ [b529602b7fba]
+
+2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
+ [ffbf8907c6e7]
+
+2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
+ -lgssapi_krb5 case.
+ [2b85a89c2252]
+
+ * aclocal.m4, configure, configure.in:
+ Fix link tests such that new gcc doesn't optimize away the test.
+ [83484ec95cba]
+
+2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ add missing over/back
+ [251a12c89b91]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Change FILES section to use =item
+ [60b9efc3a0b2]
+
+ * env.c:
+ Add back allocation of the env struct in rebuild_env but save a copy
+ of the old pointer and free it before returning.
+ [1100cd4fa997]
+
+ * env.c:
+ Don't init the private environment in rebuild_env() since it may
+ have already been done implicitly sudo_setenv/sudo_unsetenv.
+
+ Multiply length by sizeof(char *) in memcpy/memmove when copying the
+ environment so we copy the full thing.
+
+ Add missing set of parens so we deref the right pointer in
+ sudo_unsetenv when searching for a matching variable.
+ [9086a8f756b1]
+
+2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use file markup for paths in the FILES section
+ [940d99f731f2]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Don't capitalize sudo/visudo
+ [f067a455d44b]
+
+ * sudoers.pod:
+ Sort sudoers options; based on a diff from Igor Sobrado.
+ [a9b9befe85ac]
+
+2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
+ latter confuses pod2man. The Makefile rules for the .man.in file
+ will add @mansectsu@ and @mansectform@ back in after pod2man is done
+ anyway.
+ [b50ea0db727c]
+
+2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, license.pod:
+ Move license info to pod format
+ [25bdd82e592b]
+
+ * configure, configure.in, sudoers.pod:
+ Substitute value of path_info into sudoers man page.
+ [9ba661a82798]
+
+ * WHATSNEW:
+ remove features that were back-ported to 1.6.9
+ [e76d756cbe65]
+
+ * sudo.c, sudo.pod, visudo.c, visudo.pod:
+ Sort SYNOPSIS and sync usage. From Igor Sobrado.
+ [4970386c9e54]
+
+ * env.c:
+ Only need sudo_setenv/sudo_unsetenv if we are going to use
+ ldap_sasl_interactive_bind_s() but don't have
+ gss_krb5_ccache_name().
+ [f1a73d8b35c5]
+
+ * ChangeLog:
+ rebuild without branch info
+ [5d5a33494677]
+
+ * Makefile.in:
+ Add ChangeLog target
+ [a702034fdd89]
+
+ * auth/pam.c:
+ Run cleanup code if the user hits ^C at the password prompt.
+ [9cf87768e921]
+
+ * auth/pam.c:
+ Some versions of pam_lastlog have a bug that will cause a crash if
+ PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
+ string.
+ [5b63f6c88866]
+
+2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ChageLog not Changelog
+ [1243d8473ceb]
+
+ * ChangeLog:
+ sync
+ [d887df98c6b0]
+
+ * Makefile.in:
+ CHANGE -> Changelog
+ [917738df30dd]
+
+ * TODO:
+ sync
+ [cd382f7d1948]
+
+2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, ldap.c:
+ Add configure hooks for gss_krb5_ccache_name() and the gssapi
+ headers.
+ [139606209991]
+
+2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ rebuild_env() and insert_env_vars() no longer return environment
+ pointer, they set environ directly.
+
+ No longer need to pass around an envp pointer since we just operate
+ on environ now.
+
+ Add dosync argument to insert_env() that indicates whether it should
+ reset environ when realloc()ing env.envp.
+
+ Use an initial size of 128 for the environment.
+ [4735fd5fddb8]
+
+ * env.c:
+ Split sudo_setenv() into an external version and a version only for
+ use by rebuild_env().
+ [fda7d655adb1]
+
+2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Add support for using gss_krb5_ccache_name() instead of setting
+ KRB5CCNAME. Also use sudo_unsetenv() in the non-
+ gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
+ original environment. TODO: configure setup for
+ gss_krb5_ccache_name()
+ [fcafa5a49caf]
+
+ * README.LDAP:
+ add krb5_ccname
+ [fceb8f883886]
+
+ * README.LDAP, ldap.c:
+ Add support for sasl_secprops in ldap.conf
+ [1f06f4bf7347]
+
+ * env.c, sudo.h:
+ Add sudo_unsetenv() and refactor private env syncing code into
+ sync_env().
+ [045ecb3fd22b]
+
+ * README.LDAP, ldap.c:
+ The ldap.conf variable is sasl_auth_id not sasl_authid.
+ [a5f98491311b]
+
+2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, sudo.c, sudo.h:
+ Add support for krb5_ccname in ldap.conf. If specified, it will
+ override the default value of KRB5CCNAME in the environment for the
+ duration of the call to ldap_sasl_interactive_bind_s().
+ [b08a10c3045b]
+
+ * env.c, sudo.h:
+ Remove format_env() Add sudo_setenv() to replace most format_env() +
+ insert_env() combinations. insert_env() no longer takes a struct
+ environment *
+ [131da52f43f3]
+
+ * ldap.c:
+ Fix use_sasl vs. rootuse_sasl logic.
+ [0c0417b6918c]
+
+ * README.LDAP, config.h.in, configure, configure.in, ldap.c:
+ Add support for SASL auth when connecting to an LDAP server. Adapted
+ from a diff by Tom McLaughlin.
+ [a6285f1356ea]
+
+2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only enable AIX or BSD auth if no other exclusive auth method has
+ been chosen. Allows people to e.g., use PAM on AIX without adding
+ --without-aixauth. A better solution is needed to deal with default
+ authentication since if a non-exclusive method is chosen we will
+ still get an error.
+ [83f7afdc0ec3]
+
+2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, Makefile.in, history.pod:
+ Generate HISTORY from history.pod (which is also used for web pages)
+ [60bcd5164931]
+
+2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [63956a366191]
+
+ * sudo.pod:
+ Better explanation of environment handling in the sudo man page.
+ [6c247742f7ee]
+
+ * env.c, sudo.c:
+ Defer setting user-specified env vars until after authentication.
+ [4750b79323ee]
+
+ * env.c:
+ honor def_default_path for PATH set on the command line
+ [6db31d9b6d65]
+
+ * env.c, sudo.c, sudo.pod, sudoers.pod:
+ Allow user to set environment variables on the command line as long
+ as they are allowed by env_keep and env_check. Ie: apply the same
+ restrictions as normal environment variables. TODO: deal with
+ secure_path
+ [26c0da3840cf]
+
+2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Call rebuild_env() in call cases. Pass original envp to sudo_edit().
+ Don't allow -E or env var setting in sudoedit mode. More accurate
+ usage() when called as sudoedit.
+ [a4af20658361]
+
+ * ldap.c:
+ warn -> warning
+ [d87d1192b048]
+
+ * sudo.pod:
+ add -c option to sudoedit synopsis
+ [15b596a7e2db]
+
+ * TODO:
+ udpate to reality
+ [e2f8fde89db1]
+
+ * parse.c:
+ Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
+ value from {user,host,runas,cmnd}_matches(). Rename *matches
+ variables -> *match. Purely cosmetic.
+ [e54a44c00a88]
+
+ * parse.c:
+ Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
+ in behavior.
+ [c6272b4f2127]
+
+ * sudoers:
+ add SETENV tag
+ [3a3066bb6788]
+
+2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Make pwcheck local to the pwflag block. Use pwcheck even if user
+ didn't match since Defaults options may still apply.
+ [45da9efbbafd]
+
+ * check.c, sudo.c:
+ Do not update timestamp if user not validated by sudoers.
+ [a4a9d4364827]
+
+ * set_perms.c:
+ for PERM_RUNAS, set the egid to the runas user's gid and restore to
+ the user's original in PERM_ROOT
+ [1514bfb32847]
+
+ * logging.c, mon_systrace.c, set_perms.c, sudo.h:
+ PERM_FULL_ROOT is now no different than PERM_ROOT so remove
+ PERM_FULL_ROOT
+ [b9d047a3178c]
+
+ * check.c:
+ don't check timestamp mtime if we are just going to remove it
+ [5d2470bc6cbd]
+
+ * sudoers.pod:
+ Move sudoers defaults parameters into their own section.
+ [54701fbc0ff3]
+
+ * testsudoers.c:
+ Reduce a level of indent by a few placed continue statements.
+ [5d5a9838c8ef]
+
+ * parse.c:
+ Make matching but negated commands/hosts/runas entries override a
+ previous match as expected. Also reduce some levels of indent by a
+ few placed continue statements.
+ [dd59fa4b91a1]
+
+2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Print default runas in "sudo -l" if sudoers don't specify one.
+ [07d408c400bd]
+
+ * match.c:
+ Less hacky way of testing whether the domain was set.
+ [a537059776e5]
+
+2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Mention pam-devel and openldap-devel for Linux
+ [9e708c54ecc3]
+
+2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ or vs. are
+ [abe8c0f3a410]
+
+2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix typo in Solaris project support
+ [2ffeb2d80959]
+
+ * HISTORY:
+ update
+ [df162b36f120]
+
+ * sudo.c:
+ Make -- on the command line match the manual page. The implied shell
+ case has been simplified as a result.
+ [cd217a1f6694]
+
+2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers2ldif:
+ add simplistic support for sudoRunas; note that if a sudoers entry
+ contains multiple Runas users, all will apply to the sudoRole
+ [65b11421f5c8]
+
+ * sudoers2ldif:
+ honor SETENV and NOSETENV tags
+ [2c0d5ba7a09b]
+
+2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Redo setting of user_args. We now build up a private copy of argv
+ first and then replace the NULs with spaces.
+ [ccbba72ea112]
+
+ * mon_systrace.c:
+ getcwd() returns NULL on failure, not 0 on success
+ [88cd9e66e530]
+
+ * mon_systrace.c:
+ allow chunksiz to reach 1 before erroring out
+ [619d68f14964]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8db512d3caf0]
+
+2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
+ logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
+ toke.c, toke.l:
+ Add support for setting environment variables on the command line.
+ This is only allowed if the setenv sudoers options is enabled or if
+ the command is prefixed with the SETENV tag.
+ [5744caebd969]
+
+ * README.LDAP:
+ replace Aaron's email address with the sudo-workers list
+ [2ffce5f9afc0]
+
+ * configure:
+ regen
+ [8013dff82c0c]
+
+2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README.LDAP:
+ Break schema out into separate files.
+ [1a53966ca1fa]
+
+ * schema.OpenLDAP, schema.iPlanet:
+ Break schema out into separate files.
+ [15e598e4c60b]
+
+2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/aix_auth.c:
+ free message if set by authenticate()
+ [849c220c1236]
+
+ * match.c:
+ deal with NULL gr_mem
+ [49e4d74f0bbe]
+
+2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ regen
+ [fead999ad3e9]
+
+ * configure.in:
+ add template for HAVE_PROJECT_H
+ [e6c42c2eaad1]
+
+ * closefrom.c:
+ include fcntl.h
+ [54d98b382f03]
+
+2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention --with-project
+ [d3ea3baad7c5]
+
+ * config.h.in, configure.in, sudo.c:
+ Add Solaris 10 "project" support. From Michael Brantley.
+ [f14f3c8c6554]
+
+ * sudoers.pod:
+ fix typo
+ [50db81a19787]
+
+ * configure:
+ regen
+ [ea71afd3e564]
+
+ * configure.in:
+ Fix preservation of LDFLAGS in the LDAP case.
+ [40a3a47e8059]
+
+ * memrchr.c:
+ Remove dependecy on NULL
+ [c957ae5e1733]
+
+ * configure:
+ regen
+ [4955ce0c6912]
+
+ * aclocal.m4, configure.in:
+ Can't use the regular autoconf fnmatch() check since we need
+ FNM_CASEFOLD so go back to our custom one.
+ [f10d76237486]
+
+ * env.c:
+ Fix preserving of variables in env_keep.
+ [d040049d6b84]
+
+ * env.c:
+ add XAUTHORIZATION
+ [0d589a5fe015]
+
+ * UPGRADE:
+ expand upon env resetting and mention that it began in 1.6.9 not
+ 1.7.
+ [dba251655c76]
+
+ * sudoers.pod:
+ Update descriptions of env_keep and env_check to match current
+ reality.
+ [dba77357954b]
+
+2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
+ LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
+ [eec4632bd190]
+
+ * env.c, logging.c:
+ Treat USERNAME environemnt variable like LOGNAME/USER
+ [09f52dcfd70c]
+
+ * env.c:
+ Don't need to populate keepenv table with the contents of the
+ checkenv table.
+ [527a14afd973]
+
+ * sudo.c:
+ Don't force sudo into the C locale.
+ [8a5bd301ef96]
+
+ * env.c:
+ Make env_check apply when env_reset it true. Environment variables
+ are passed through unless they contain '/' or '%'. There is no need
+ to have a variable in both env_check and env_keep.
+ [840c802721e4]
+
+2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Remove an duplicate lock_file() call and add a comment.
+ [5af9dcdf0eb6]
+
+ * UPGRADE:
+ Add sudo 1.6.9 upgrade note.
+ [1585149f2914]
+
+2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
+ small. From Klaus Wagner.
+ [d6899fc44f77]
+
+ * logging.c, sudo.h:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [66a50e8d553a]
+
+ * Makefile.in, config.h.in, configure, configure.in:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [407a46190921]
+
+ * memrchr.c:
+ Redo the long syslog line splitting based on a patch from Eygene
+ Ryabinkin. Include memrchr() for systems without it.
+ [2f6702b7d41b]
+
+ * configure.in:
+ Since we need to be able to convert timespec to timeval for utimes()
+ the last 3 digits in the tv_nsec are not significant. This makes the
+ sudoedit file date comparison work again.
+ [9d0258849fa9]
+
+2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
+ This deals with exclusive authentication methods in a simple way.
+ [7d70072c0f35]
+
+2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ mkstemp.c is BSD code too.
+ [29e236d98162]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ No commercial support for now.
+ [7c76b3e192dd]
+
+2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ cleanenv() is no more.
+ [518080514408]
+
+2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ChangeLog:
+ Display branch info in Changelog
+ [44e3b27427c7]
+
+ * utimes.c:
+ Include config.h early so we have it for TIME_WITH_SYS_TIME
+ [4bf1a00d0703]
+
+ * ChangeLog:
+ Fix Changelog generation and update.
+ [6e960dbcbece]
+
+2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * closefrom.c:
+ Use /proc/self/fd instead of /proc/$$/fd
+
+ Move old-style fd closing into closefrom_fallback() and call that if
+ /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+ [faa7e4810758]
+
+ * auth/kerb5.c, config.h.in, configure.in:
+ o use krb5_verify_user() if available instead of doing it by hand o
+ use krb5_init_secure_context() if we have it o pass an encryption
+ type of 0 to krb5_kt_read_service_key() instead of
+ ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+ [df7acf72bd7c]
+
+ * env.c:
+ Check TERM and COLORTERM for '%' and '/' characters. From Debian.
+ [f92d05197e40]
+
+ * configure.in:
+ Fix closefrom() substitution in the Makefile
+ [b642b13fcc5c]
+
+ * TROUBLESHOOTING:
+ Mention alternate sudo pronunciation.
+ [7c71dc73409f]
+
+2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Remove KRB5_KTNAME from environment. Allow COLORTERM.
+ [70f35a79f780]
+
+ * auth/kerb5.c:
+ If we cannot get a valid service key using the default keytab it is
+ a fatal error. Fixes a bug where sudo could be tricked into allowing
+ access when it should not by a fake KDC. From Thor Lancelot Simon.
+ [a3ae6a47cb23]
+
+2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Update long long checks to use AC_CHECK_TYPES and to cache values.
+ [047318eaaeb2]
+
+ * aclocal.m4, configure.in:
+ Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
+ use AC_REPLACE_FNMATCH since that assumes replacing with GNU
+ fnmatch.
+ [80513a1003ea]
+
+2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
+ need it for visudo now too.
+ [50837c7c2b5e]
+
+2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Attempt to clarify the bit talking about network numbers w/o
+ netmasks.
+ [211e68c1d034]
+
+ * sudo.pod:
+ Clarify timestamp dir ownership sentence.
+ [9178f132c7f7]
+
+2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
+ Dmitry V. Levin.
+ [81fce91667bc]
+
+2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ -i is also one of the mutually exclusive options to list it in the
+ warning message. Noted by Chris Pepper.
+ [7da73fb248e9]
+
+2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.pod:
+ The sudoers variable is env_editor, not enveditor. From Jean-
+ Francois Saucier.
+ [2a86ec09a6db]
+
+2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * redblack.c:
+ I tracked down the original author so credit him and include his
+ license info.
+ [3733553a1bba]
+
+2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Fix typos; from Jason McIntyre.
+ [1ee4ce2512f2]
+
+ * logging.c:
+ Restore signal mask before calling reapchild(). Fixes a possible
+ race condition that could prevent sudo from properly waiting for the
+ child.
+ [9ee4192385dc]
+
+2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Don't declare pw_free() if we are not going to use it.
+ [adb79a4289ca]
+
+ * env.c:
+ Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
+ LDR_PRELOAD64. The 64-bit version is not currently supported. Remove
+ zero_env() prototype as it no longer exists.
+ [b4fe65027fb6]
+
+2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
+ [78002ad90f7b]
+
+2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ If the user enters ^C at the password prompt, abort instead of
+ trying to authenticate with an empty password (which causes an
+ annoying delay).
+ [da3f27b747c7]
+
+2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * closefrom.c, config.h.in, configure, configure.in:
+ Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
+ Darren Tucker.
+ [0331b7780759]
+
+ * pwutil.c:
+ pw_free() is only used by sudo_freepwcache() so ifdef it out too.
+ [0014c0d9eeba]
+
+2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Update to latest versions from cvs.savannah.gnu.org
+ [aa0143101c20]
+
+2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, sudo_edit.c:
+ Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
+ we can close the passwd/group files early.
+ [559074bd7eb7]
+
+ * config.h.in, configure, configure.in, set_perms.c:
+ Add seteuid() flavor of set_perms() for systems without setreuid()
+ or setresuid() that have a working seteuid(). Tested on Darwin.
+ [508d8da99189]
+
+2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ systrace_read() returns ssize_t
+ [9f97d1d1a59d]
+
+ * configure, configure.in:
+ Fix typo, -lldap vs. -ldap; from Tim Knox.
+ [a8cc43c3bb2a]
+
+2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ Fix typo; Matt Ackeret
+ [86964ee3dfbd]
+
+2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Print sudoers path in -V mode for root.
+ [dc43f2d75bd9]
+
+2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Do a sub tree search instead of a base search (one level in the tree
+ only) for sudo right objects. This allows system administrators to
+ categorize the rights in a tree to make them easier to manage.
+ [6d2d9abf996e]
+
+2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fix typo
+ [1473413bcbda]
+
+2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
+ bind_timelimit support; adapted from gentoo.
+ [afc816093026]
+
+2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Support comments that start in the middle of a line
+ [c25df6ee3db8]
+
+ * configure, configure.in:
+ Define LDAP_DEPRECATED until we start using ldap_get_values_len()
+ [ee249bfe230a]
+
+2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * closefrom.c:
+ Silence gcc -Wsign-compare; djm@openbsd.org
+ [28769ce6418d]
+
+ * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ cleanup() now takes an int as an arg so it can be used as a signal
+ handler too.
+ [2bb0df34d09c]
+
+ * sudo.c:
+ Make a copy of the shell field in the passwd struct for NewArgv to
+ avoid a use after free situation after sudo_endpwent() is called.
+ [5dcc9ffd362e]
+
+2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Add mkstemp() for those poor souls without it.
+ [5fdd02e863e0]
+
+ * Makefile.in:
+ Add mkstemp() for those poor souls without it.
+ [9c1cf2678f24]
+
+ * mkstemp.c:
+ Add mkstemp() for those poor souls without it.
+ [c99401207860]
+
+2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add PERL5DB to list of environment variables to remove.
+ [7375c27ecf75]
+
+2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c, mon_systrace.h:
+ Instead of calling the check function twice with a state cookie use
+ separate check/log functions.
+
+ Check more ioctl() calls for failure.
+
+ systrace_{read,write} now return the number of bytes read/written or
+ -1 on error.
+ [3dc8946d90e9]
+
+ * env.c:
+ Add more environment variables to remove; from gentoo linux Add some
+ comments about what bad env variables go to what (more to do)
+ [6918110a6b82]
+
+2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo_edit.c:
+ Move sudo_end{gr,pw}ent() until just before the exec since they free
+ up our cached copy of the passwd structs, including sudo_user and
+ sudo_runas. Fixes a use-after-free bug.
+ [54de3778bad0]
+
+ * visudo.c:
+ Close all fd's before executing editor.
+ [4fcc05e1bec8]
+
+ * sudo.c:
+ Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
+ [ef0e8ffa5c9f]
+
+ * check.c:
+ Fix fd leak when lecture file option is enabled. From Jerry Brown
+ [ce97f9207cd8]
+
+2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
+ environment variables to remove. From Charles Morris
+ [c96e1367d1c1]
+
+2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+ [72a6a1571226]
+
+2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ add PS4 and SHELLOPTS to initial_badenv_table for bash
+ [89dfb3f318f3]
+
+2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix typo; Toby Peterson
+ [b7a3222b23f4]
+
+2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tsgetgrpw.c:
+ Make return buffers static so they don't get clobbered
+ [13323a39b9f5]
+
+2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid5.c:
+ Fix securid5 authentication, was not checking for ACM_OK. Also add
+ default cases for the two switch()es. Problem noted by ccon at
+ worldbank
+ [14091e418333]
+
+2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Remove ncat() in favor of just counting bytes and pre-allocating
+ what is needed.
+ [25b8712adb61]
+
+2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Fix up some comments Add missing fclose() for the rootbinddn case
+ [ae95c8a89711]
+
+ * ldap.c:
+ align struct ldap_config
+ [35d0d64c76f8]
+
+ * ldap.c:
+ use LINE_MAX for max conf file line size
+ [da116cb8853d]
+
+ * pathnames.h.in:
+ add _PATH_LDAP_SECRET
+ [128b04ecfab7]
+
+ * README.LDAP:
+ Mention rootbinddn Give example ou=SUDOers container
+ [852edc69bd1c]
+
+2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in, ldap.c:
+ Support rootbinddn in ldap.conf
+ [1615c91522a1]
+
+ * env.c, sudo.pod, sudoers.pod:
+ Preserve DISPLAY environment variable by default.
+ [05f503d5f438]
+
+ * acsite.m4, configure:
+ set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
+ [18a04dea8d05]
+
+ * acsite.m4, configure:
+ set need_version=no for all cases; this is safe for LD_PRELOAD
+ [b542560e1a73]
+
+ * aclocal.m4:
+ typo
+ [c040df0fcd5a]
+
+ * configure, configure.in:
+ Add dragonfly
+ [f13794618636]
+
+ * auth/pam.c:
+ Fix call to pam_end() when pam_open_session() fails.
+ [0be47cdfdef1]
+
+ * configure:
+ regen
+ [7f5c13b4b800]
+
+ * acsite.m4:
+ rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
+ ltsugar.m4 ltversion.m4
+ [a7ba9fd1a2ab]
+
+ * config.guess, config.sub, ltmain.sh:
+ merge in local changes: config.guess: o better openbsd support
+ config.sub: o hiuxmpp support ltmain.sh o remove requirement that
+ libs must begin with "lib" o don't print a bunch of crap about
+ library installs o don't run ldconfig
+ [f4149f2c720f]
+
+ * config.guess, config.sub, ltmain.sh:
+ libtool 1.9f
+ [82a534e7121f]
+
+ * configure.in:
+ Update with autoupdate and make minor changes for libtool 1.9f
+ [11b5ae5c1428]
+
+2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ don't call sudo_ldap_display_cmnd if ldap not setup
+ [8bcf6c094ffe]
+
+ * check.c, compat.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [2ef2ace8fe85]
+
+ * emul/timespec.h:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [f95137771564]
+
+ * fileops.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [dd8573b2ee7d]
+
+ * gettime.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [021b4569cc0c]
+
+ * sudo_edit.c, visudo.c:
+ Move declatation of struct timespec to its own include files for
+ systems without it since it needs time_t defined.
+ [b95c333299a0]
+
+ * ldap.c:
+ Don't set safe_cmnd for the "sudo ALL" case.
+ [ad7fa9e07da0]
+
+2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Call pam_open_session() and pam_close_session() to give pam_limits a
+ chance to run. Idea from Karel Zak.
+ [fed46d471350]
+
+2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, sudo.c:
+ Add explicit cast from mode_t -> u_int in printf to silence warnings
+ on Solaris
+ [17bb961fe22d]
+
+ * parse.c:
+ include grp.h to silence a warning on Solaris
+ [14386fbab640]
+
+2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Fix printing of += and -= defaults.
+ [a667604c56cd]
+
+2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Sanity check number of syscall args with argsize. Not really needed
+ but a little paranoia never hurts.
+ [6bb455a2c2d6]
+
+ * mon_systrace.c, mon_systrace.h:
+ Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
+ for systrace lengths (since it uses int)
+ [3cafccffcffd]
+
+2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Add some memsets for paranoia Fix namespace collsion w/ error Check
+ rval of decode_args() and update_env() Remove improper setting of
+ validated variable
+ [3d385158354d]
+
+2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c, sudo.h:
+ In -l mode, only check local sudoers file if def_ignore_sudoers is
+ not set and call LDAP versions from display_privs() and
+ display_cmnd() instead of directly from main(). Because of this we
+ need to defer closing the ldap connection until after -l processing
+ has ocurred and we must pass in the ldap pointer to display_privs()
+ and display_cmnd().
+ [1dfc2e8c9f2b]
+
+ * ldap.c:
+ Reorganize LDAP code to better match normal sudoers parsing. Instead
+ of storing strings for later printing in -l mode we do another query
+ since the authenticating user and the user being listed may not be
+ the same (the new -U flag). Also add support for "sudo -l command".
+
+ There is still a fair bit if duplicated code that can probably be
+ refactored.
+ [e9568f19bde5]
+
+2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Replace pass variable with do_netgr for better readability.
+ [1bba841b6e79]
+
+ * ldap.c:
+ use DPRINTF macro
+ [02b159b66bb5]
+
+ * ldap.c:
+ estrdup, not strdup
+ [22cdee7973c1]
+
+2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Add macro to test if the tag changed to improve readability.
+ [4e11b4819556]
+
+ * parse.c:
+ Avoid printing defaults header if there are no defaults to print...
+ [41a28627df03]
+
+ * glob.c:
+ Fix a warning on systems without strlcpy().
+ [6814e0f0e4f4]
+
+ * pwutil.c:
+ Use macros where possible for sudo_grdup() like sudo_pwdup().
+ [30f201ff35cd]
+
+2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * utimes.c:
+ It is possible for tv_usec to hold >= 1000000 usecs so add in
+ tv_usec / 1000000.
+ [794ac4d53a65]
+
+2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ The component in krb5_principal_get_comp_string() should be 1, not 0
+ for Heimdal. From Alex Plotnick.
+ [fefa351c5044]
+
+2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
+ interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
+ redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
+ Add efree() for consistency with emalloc() et al. Allows us to rely
+ on C89 behavior (free(NULL) is valid) even on K&R.
+ [7876bb80d87c]
+
+ * parse.c, sudo.c:
+ Move initgroups() for -U option into display_privs() so group
+ matching in sudoers works correctly.
+ [b074428ad2ca]
+
+2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Removed duplicate call to ldap_unbind_s introduced along with
+ sudo_ldap_close.
+ [19acc1c20f7c]
+
+ * parse.c:
+ Add missing space in Defaults printing
+ [95d2935bf6d4]
+
+2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
+ and string copies.
+ [6b6b241495e5]
+
+2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Zero old pw_passwd before replacing with version from shadow file.
+ [3251b349dfe1]
+
+ * configure, configure.in:
+ Only attempt shadow password detection if PAM is not being used Add
+ shadow_* variables to make shadow password detection more generic.
+ [d498a3423ac9]
+
+ * configure.in:
+ Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
+ [04d55bbd5e35]
+
+2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ use a non-breaking space to avoid a double space after e.g.
+ [11cdb54bdf7b]
+
+ * sudo.pod:
+ commna, not colon after e.g.
+ [8d5875ff72e0]
+
+2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Add __ variants of the exec functions. GNU libc at least uses
+ __execve() internally.
+ [d1880473d790]
+
+ * indent.pro:
+ Match reality a bit more.
+ [633e3fa875a7]
+
+ * pwutil.c:
+ Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+ [128f7b21c2ee]
+
+ * pwutil.c:
+ Store shadow password after making a local copy of struct passwd in
+ case normal and shadow routines use the same internal buffer in
+ libc.
+ [f806052a6ffc]
+
+2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alloc.c, logging.c:
+ Make varargs usage consistent with the rest of the code.
+ [3d45affc9851]
+
+2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Wrap more of the exec family since on Linux the others do not appear
+ to go through the normal execve() path.
+ [8167769b4e19]
+
+ * visudo.c:
+ make print_unused static like proto says
+ [ecf10e1bae55]
+
+ * glob.c:
+ silence a warning on K&R systems
+ [2e00425f1a5c]
+
+ * alias.c, error.c:
+ make this build in K&R land
+ [156f65f8525a]
+
+ * parse.c:
+ make this build in K&R land
+ [6fc9276889cb]
+
+2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c:
+ regen
+ [3b349748cd21]
+
+2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ return(foo) not return foo optimize _atobool() slightly
+ [11d09d154ed5]
+
+ * ldap.c:
+ Use TRUE/FALSE
+ [53999320d98f]
+
+ * ldap.c:
+ Reformat to match the rest of sudo's code.
+ [1bd0f2afa0e7]
+
+ * sudo.pod:
+ I am the primary author
+ [5d311ecd85c6]
+
+2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, README, RUNSON:
+ The RUNSON file is toast--it confused too many people and really
+ isn't needed in a configure-oriented world.
+ [96a6ef7bbc08]
+
+ * INSTALL:
+ alternate -> alternative
+ [b65015c5d0a2]
+
+ * tgetpass.c:
+ Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
+ TCSAFLUSH.
+ [c66b4763ffdc]
+
+ * toke.l:
+ Allow leading blanks before Defaults and Foo_Alias definitions
+ [2add513d9277]
+
+ * Makefile.in:
+ fix rules to build toke.o and gram.o in devel mode
+ [96cbb414ebd3]
+
+2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ env_keep overrides set_logname
+ [401877193a15]
+
+ * env.c:
+ Fix disabling set_logname and make env_keep override set_logname.
+ [0906e7a5ed93]
+
+ * compat.h, config.h.in, configure, configure.in:
+ No longer need memmove()
+ [43bdb6efe3f2]
+
+ * env.c, sudo.c:
+ Just clean the environment once. This assumes that any further
+ setenv/putenv will be able to handle the fact that we replaced
+ environ with our own malloc'd copy but all the implementations I've
+ checked do.
+ [11658fe92ba2]
+
+2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ In -i mode, base the value of insert_env()'s dupcheck flag on
+ DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
+ [8365b0bd0c71]
+
+2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ Move setting of user_path, user_shell, user_prompt and prev_user
+ into init_vars() since user_shell at least is needed there.
+ [37e22dce66e9]
+
+2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fix devel builds
+ [9fbb15ef164c]
+
+ * sudo.c:
+ Fix some printf format mismatches on error.
+ [ffc1c3f11740]
+
+ * check.c:
+ Fix some printf format mismatches on error.
+ [7b3b508adf50]
+
+ * configure, gram.c, toke.c:
+ regen
+ [aa76f9d8b02a]
+
+ * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
+ auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+ auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+ closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+ emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
+ getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
+ interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
+ parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
+ snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
+ sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
+ testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
+ visudo.pod, zero_bytes.c:
+ Update copyright years.
+ [0610c3654739]
+
+ * LICENSE:
+ Update copyright years.
+ [f60473bca4b1]
+
+ * Makefile.binary.in:
+ Update copyright years.
+ [d78ffc9f2e2b]
+
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.7
+ [aa977a544ca1]
+
+ * WHATSNEW:
+ What's new in sudo 1.7, based on the 1.7 CHANGES entries.
+ [ecfcf7269c14]
+
+2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, logging.h, sudo.h:
+ Add __printflike and use it with gcc to warn about printf-like
+ format mismatches
+ [b192ad4a0548]
+
+2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, ChangeLog:
+ Replaced CHANGES file with ChangeLog generated from cvs logs
+ [d9ace9dab98f]
+
+ * set_perms.c:
+ Use warning/error instead of perror/fatal.
+ [e33259df7738]
+
+ * config.guess:
+ Update OpenBSD section
+ [9d2c23de6801]
+
+ * UPGRADE:
+ Add upgrading noted for 1.7
+ [1fb6b6d6df07]
+
+ * env.c, sudo.c, sudoers.pod:
+ Instead of zeroing out the environment, just prune out entries based
+ on the env_delete and env_check lists. Base building up the new
+ environment on the current environment and the variables we removed
+ initially.
+ [fc192df8fd15]
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Set locale to "C" if locales are supported, just to be safe.
+ [91fbaa98f02e]
+
+ * toke.c, toke.l:
+ Cast argument to ctype functions to unsigned char.
+ [e096b4d65796]
+
+2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ correct value for DID_USER
+ [b5b05d36ec15]
+
+ * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
+ #include <compat.h> not "compat.h"
+ [7a0ad9a0ccd7]
+
+ * defaults.c:
+ Reset the environment by default.
+ [4ecc6423e0f0]
+
+ * sudo.c:
+ Alloc an extra slot in NewArgv. Removes the need to malloc an new
+ vector if execve() fails.
+ [83dfb6f584a7]
+
+2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.in, sudo.c:
+ Use execve(2) and wrap the command in sh if we get ENOEXEC.
+ [c0c6af4e2a21]
+
+2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_noexec.c:
+ Only include time.h on systems that lack struct timespec which gets
+ defind in compat.h (using time_t).
+ [e373e518b4cb]
+
+ * sudo_noexec.c:
+ Include time.h for time_t in compat.h for systems w/o struct
+ timespec.
+ [a34b5637e458]
+
+ * compat.h, config.h.in, configure, configure.in:
+ use bcopy on systems w/o memmove
+ [f835eafd78c6]
+
+ * compat.h:
+ __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
+ use to gcc >= 2.8.
+ [1cb9a4e58566]
+
+ * Makefile.in:
+ Add explicit rule to build sudo_noexec.lo
+ [df1dfcf8dd77]
+
+2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.configure, Makefile.in:
+ No longer depend on VPATH; pointed out a bunch of missed
+ dependencies.
+ [601a45d4af6b]
+
+ * TROUBLESHOOTING:
+ Help for PAM when account section is missing
+ [9b8221256756]
+
+ * auth/pam.c:
+ Give user a clue when there is a missing "account" section in the
+ PAM config.
+ [2529625c0495]
+
+ * auth/pam.c:
+ Better error handling.
+ [518c9bda23d8]
+
+ * config.h.in, configure, configure.in:
+ Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
+ possible. Silences a warning about isblank() on linux.
+ [19c94d7ecdc8]
+
+ * auth/pam.c:
+ Fix typo (missing comma) that caused an incorrect number of args to
+ be passed to log_error().
+ [0099dfec560f]
+
+2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c:
+ Don't try to destroy a tree we didn't create.
+ [d43c4fe03aa4]
+
+2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
+ fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
+ goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
+ match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
+ sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+ strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
+ tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
+ Add __unused to rcsids
+ [ad6b4ac45705]
+
+2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix error message when mixing invalid auth types
+ [68069b3ff5bc]
+
+ * INSTALL:
+ PAM, AIX auth, BSD auth and login_cap are now on by default if the
+ OS supports them.
+ [4e44e9098cf0]
+
+ * auth/sudo_auth.h, config.h.in:
+ s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+ [2d569b43b23e]
+
+ * configure.in:
+ Better checking for conflicting authentication methods Display the
+ authentication methods used at the end of configure Rename --with-
+ authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
+ --with-pam, --with-logincap by default on systems that support them
+ unless disabled. Add OSMAJOR variable that replaces old OSREV; now
+ OSREV has full version number
+ [a21115b6fe9f]
+
+2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in, sudo.c, sudoers.pod:
+ s/-O/-C/
+ [ee73f1b81923]
+
+2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Replace: test -n "$FOO" || FOO="bar"
+
+ With: : ${FOO='bar'}
+ [37552d9054fc]
+
+2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pwutil.c, testsudoers.c, tsgetgrpw.c:
+ Use function pointers to only call private passwd/group routines
+ when using a nonstandard passwd/group file.
+ [215908681dfb]
+
+2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [2e55c03f5790]
+
+ * tsgetgrpw.c:
+ Can't use strtok() since it doesn't handle empty fields so add
+ getpwent()/getgrent() functions and call those.
+ [bdaa5b0db70e]
+
+2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Fix dummied out toke.c and gram.c dependencies.
+ [4b909c8b2ebe]
+
+ * Makefile.in:
+ Rename PARSESRCS -> GENERATED since it is only used in the clean
+ target Add devdir variable and use it to specify the path to parser
+ sources
+ [f27b3f41ca23]
+
+ * configure:
+ regen
+ [22c6435dbd46]
+
+ * configure.in:
+ Add a devdir variables that defaults to $(srcdir) and is set to . if
+ --devel was specified. Allows for proper dependecies building the
+ parser.
+ [a36d694c6d21]
+
+ * testsudoers.c:
+ Add support for custom passwd/group files.
+ [296549ff4b87]
+
+ * Makefile.in:
+ Build private copy of pwutil.o for testsudoers with MYPW defined so
+ it uses our own passwd/group routines.
+ [bafa54ec78ca]
+
+ * visudo.c:
+ Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
+ stubs instead. We can now just use the caching sudo_*{pw,gr}*
+ functions in pwutil.c Add comment about wanting to call
+ sudo_endpwent/sudo_endgrent in cleanup()
+ [7e59d6b5510d]
+
+ * tsgetgrpw.c:
+ Remove caching; we will just use what is in pwutil.c Use global
+ buffers for passwd/group structs Rename functions from sudo_* to
+ my_*
+ [8c1e068f574c]
+
+ * logging.c, sudo.c:
+ g/c pwcache_init/pwcache_destroy
+ [60a24909b947]
+
+ * sudo.h:
+ Undo last commit and add sudo_setspent and sudo_endspent instead.
+ [bac80db08296]
+
+ * getspwuid.c, pwutil.c:
+ Move all but the shadow stuff from getspwuid.c to pwutil.c and
+ pwcache_get and pwcache_put as they are no longer needed. Also add
+ preprocessor magic to use private versions of the passwd and group
+ routines if MYPW is defined (for use by testsudoers).
+ [a16b8678a426]
+
+ * tsgetgrpw.c:
+ zero out struct passwd/group before filling it in so if there are
+ fields we don't handle they end up as 0.
+ [274cb6a93301]
+
+ * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Adapt to pwutil.c
+ [43ebd04c8b82]
+
+ * Makefile.in:
+ Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
+ readability.
+ [7f88c6061e2d]
+
+ * tsgetgrpw.c:
+ Passwd and group lookup routines for testsudoers that support
+ alternate passwd and group files.
+ [d7803101d34e]
+
+ * getspwuid.c, pwutil.c:
+ Split off pw/gr cache and dup code into its own file. This allows
+ visudo and testsudoers to use the pw/gr cache too.
+ [ef333d3ffedf]
+
+2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Print Defaults info in "sudo -l" output and wrap lines based on the
+ terminal width.
+ [e559eae4250e]
+
+2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, testsudoers.c, visudo.c:
+ Only check group vector in usergr_matches() if we are matching the
+ invoking or list user. Always check the group members, even if there
+ was a group vector.
+ [d0c7ceb2a041]
+
+2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, fnmatch.3:
+ No longer bundle fnmatch.3
+ [72db4a4ff4e1]
+
+ * CHANGES, TODO:
+ checkpoint
+ [e92781bfd99c]
+
+2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ sort usage
+ [15e3b876ec2c]
+
+ * sudo.pod:
+ Sort command line options
+ [c1fa56584bc4]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
+ sudo.pod, sudoers.pod:
+ Add closefrom sudoers option to start closing at a point other than
+ 3. Add closefrom_override sudoers option and -C sudo flag to allow
+ the user to specify a different closefrom starting point.
+ [370652b099d1]
+
+ * pathnames.h.in:
+ Add _PATH_DEVNULL for those without it.
+ [0c4c3e0ceb8b]
+
+ * LICENSE:
+ no more UCB strcasecmp
+ [397a6298e07f]
+
+ * strcasecmp.c:
+ replace BSD licensed one with version derived from pdksh
+ [d7cfda8c57a2]
+
+2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix last commit.
+ [7afb9a180532]
+
+ * sudo.c:
+ Make sure stdin, stdout and stderr are open and dup them to
+ /dev/null if not.
+ [590f387068bd]
+
+2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, mon_systrace.c, sudo.c, sudo.h:
+ add sudo_ldap_close
+ [4273a36765a7]
+
+ * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
+ Use TIME_WITH_SYS_TIME
+ [c32b59bf15fb]
+
+ * config.h.in, configure, configure.in:
+ Add TIME_WITH_SYS_TIME_H
+ [57cb146f451d]
+
+2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
+ unconditionally on darwin. From Toby Peterson.
+ [d69959681c87]
+
+ * getspwuid.c:
+ Check rbinsert() return value. In the case of faked up entries there
+ is usually a negative response cached that we need to overwrite.
+
+ In pwfree() don't try to zero out a NULL pw_passwd pointer.
+ [00b32d1a48c1]
+
+ * mon_systrace.c:
+ Use the double fork trick to avoid the monitor process being waited
+ for by the main program run through sudo.
+ [e0ce556712ff]
+
+2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Call initgroups() in -U mode so group matches work normally.
+ [2235bea15283]
+
+ * def_data.h, mkdefaults:
+ Don't print a trailing comma for the last entry in enum def_tupple
+ [c43a96bb31df]
+
+2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention values when lecture, listpw and verifypw are used in boolean
+ context.
+ [a0b5c0abaccf]
+
+ * def_data.c, def_data.in:
+ verifypw when used in a boolean TRUE context should be "all", not
+ "any".
+ [2eb076ddd5e2]
+
+2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.in, defaults.c:
+ Allow tuples that can be used as booleans to be used as boolean
+ TRUE. In this case the 2nd possible value of the tuple is used for
+ TRUE.
+ [bd99aa77e88b]
+
+2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Correct the test for 2-parameter timespecsub
+ [d41c9cb26b97]
+
+ * sudo.h:
+ Add strub struct definitions for passwd, timeval and timespec
+ [c4ce5c43d8c5]
+
+ * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
+ Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
+ and fix a typo in the gettimeofday check.
+ [8ac9893057ce]
+
+2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c, testsudoers.c:
+ Deal with user_stat being NULL as it is for visudo and testsudoers.
+ [3605a6ff64d0]
+
+ * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
+ Add -U option to use in conjunction with -l instead of -u. Add
+ support for "sudo -l command" to test a specific command.
+ [99638789d415]
+
+ * gram.c, gram.y, sudo.c:
+ Set safe_cmnd after sudoers_lookup() if it has not been set.
+ Previously it was set by sudo "ALL" in the parser but at that point
+ the fully-qualified pathname has not yet been found.
+ [ac30d98f8225]
+
+2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, testsudoers.c:
+ Correctly handle multiple privileges per userspec and runas
+ inheritence.
+ [a98a965181af]
+
+2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Zero out sd_un for each entry in sudo_defs_table in init_defaults.
+ [031d3cd4a848]
+
+2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * toke.c, toke.l:
+ make per-command defaults work with sudoedit
+ [e56fe33db916]
+
+ * ldap.c, parse.c, sudo.c, sudo.h:
+ Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead,
+ we just set the approriate defaults variable.
+ [756eeecc1d86]
+
+ * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document per-command Defaults.
+ [92a0f84b91c1]
+
+ * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
+ sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
+ Add support for command-specific Defaults entries. E.g.
+ Defaults!/usr/bin/vi noexec
+ [be3d52bf01cf]
+
+ * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
+ Change an occurence of user_matches() -> runas_matches() missed
+ previously runas_matches(), host_matches() and cmnd_matches() only
+ really need to pass in a list of members. user_matches() still needs
+ to pass in a passwd struct because of "sudo -l"
+ [833b22fc6fa0]
+
+ * parse.c:
+ Check def_authenticate, def_noexec and def_monitor when setting
+ return flags. XXX May be better to just set the defaults directly
+ and get rid of those flags.
+ [b6db22b59d69]
+
+ * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+ auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+ auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+ defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
+ getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
+ gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
+ mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
+ strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
+ sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
+ visudo.c, zero_bytes.c:
+ Use: #include <config.h> Not: #include "config.h" That way we get
+ the correct config.h when build dir != src dir
+ [97e5670a442b]
+
+ * Makefile.in:
+ Back out part of rev 1.263; fix -I order
+ [197ea01cad5d]
+
+ * toke.c, toke.l:
+ More robust parsing if #include; could be much better still.
+ [31bc3cd8f045]
+
+ * sudo_edit.c, visudo.c:
+ Make arg splitting in visudo and sudoedit consistent.
+ [7bc74485f246]
+
+ * Makefile.in, alias.c, gram.c, gram.y, parse.h:
+ Split alias routines out into their own file.
+ [d90f633cf9ae]
+
+ * error.h:
+ __attribute__ is already defined in compat.h
+ [676ed3fe9203]
+
+ * visudo.c:
+ quit() should not be __noreturn__ as it is non-void on some
+ platforms.
+ [e528c2b6ba10]
+
+ * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [e78e8aae882e]
+
+ * parse.h:
+ Clarify comments about the data structures
+ [ae894e266701]
+
+2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Add support for VISUAL and EDITOR containing command line args. If
+ env_editor is not set any args in VISUAL and EDITOR are ignored.
+ Arguments are also now supported in def_editor.
+ [ff7303b8e298]
+
+2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.h:
+ alias_matches() is no more
+ [b59825e28084]
+
+ * CHANGES, TODO:
+ sync
+ [2b8f5f63c1de]
+
+ * Makefile.in:
+ When regenerating the parser, don't replace gram.h unless it has
+ changed.
+ [819949668018]
+
+ * Makefile.in:
+ remove Makefile.binary for distclean
+ [351eec8d00b2]
+
+ * env.c:
+ Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
+ sure we can't overflow new_env.
+ [3284d17b9c6d]
+
+ * sudo_edit.c:
+ paranoia when stripping trailing slashes from tempdir.
+ [012f1aa2b81f]
+
+ * sudo.c:
+ Set user_ngroups to 0 if getgroups() returns an error.
+ [c46d43e9449a]
+
+2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add configure check for getgroups()
+ [5d8a214e2cef]
+
+ * ldap.c:
+ Use supplementary group vector in struct sudo_user.
+ [3d0c463c034d]
+
+ * match.c:
+ Only do string comparisons on the group members if there is no
+ supplemental group list.
+ [be1c8362f7ef]
+
+ * CHANGES, TODO:
+ sync
+ [db188bc5b975]
+
+ * sudo_edit.c:
+ On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
+ chop off any trailing slashes we see and add an explicit one.
+ [e1b477dafee1]
+
+ * match.c:
+ remove bogus XXX comment
+ [8aecb8a28d40]
+
+ * match.c:
+ Get rid of alias_matches and correctly fall through to the non-alias
+ cases when there is no alias with the specified name.
+ [2cd555246f09]
+
+ * getspwuid.c:
+ Cache non-existent passwd/group entries too.
+ [8de9a467d271]
+
+ * gram.c:
+ regen
+ [9ece18c58f36]
+
+ * getspwuid.c:
+ fix typo
+ [9a7ae371eac1]
+
+ * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
+ mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Implement group caching and use the passwd and group caches
+ throughout.
+ [f1d8c5015169]
+
+2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ Properly negate the return value of alias_matches() when
+ appropriate.
+ [ce59c4ce77ad]
+
+ * match.c:
+ Make hostname_matches() return TRUE for a match, else FALSE like the
+ caller expects.
+ [1dc03902d3a2]
+
+ * Makefile.in:
+ Add missing dependencies on gram.h
+ [4f94bbb1d50c]
+
+ * match.c:
+ Use runas_matches in alias_matches() now that we have it.
+ [284d22e91178]
+
+ * parse.c, parse.h:
+ Expand aliases in "sudo -l" mode
+ [f67a38b79c44]
+
+ * gram.y, match.c:
+ Use ALIAS for the member type when storing an alias instead of
+ HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
+ more generic type. Expand runas_matches instead of calling
+ user_matches() inside of it since user_matches() looks up
+ USERALIASes, not RUNASALIASes.
+ [52004d75232b]
+
+ * CHANGES, getspwuid.c:
+ Paranoia; zero out pw_passwd before freeing passwd entry.
+ [bd1b22638f00]
+
+ * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
+ configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
+ error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
+ sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
+ Add local error/warning functions like err/warn but that call an
+ additional cleanup routine in the error case. This means we no
+ longer need to compile a special version of alloc.o for visudo.
+ [25000b676cfe]
+
+ * match.c:
+ Use userpw_matches() to compare usernames, not strcmp(), since the
+ latter checks for "#uid".
+ [fcbe4b859f66]
+
+ * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
+ Cache passwd db entries in 2 reb-black trees; one indexed by uid,
+ the other by user name. The data returned from the cache should be
+ considered read-only and is destroyed by sudo_endpwent().
+ [ee2418ff3f86]
+
+ * match.c:
+ add cast to uid_t
+ [eb6415302d84]
+
+ * gram.y:
+ missing free in alias_destroy
+ [572ecb680ad8]
+
+ * redblack.c:
+ Can't use rbapply() for rbdestroy since the destructor is passed a
+ data pointer, not a node pointer.
+ [11ce713830c0]
+
+ * getspwuid.c, logging.c, sudo.c, sudo.h:
+ Create and use private versions of setpwent() and endpwent() that
+ set/end the shadow password file too.
+ [616bc76d23bf]
+
+ * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
+ Store aliases in a red-black tree.
+ [ce017d540416]
+
+ * Makefile.in, redblack.c, redblack.h:
+ red-black tree implementation
+ [cd5586e8f48b]
+
+ * visudo.c:
+ Edit all sudoers file if there were unused or undefined aliases and
+ we are in strict mode.
+ [b6d5f5bb7262]
+
+2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
+ find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
+ Bring back the "secure_path" Defaults option now that Defaults take
+ effect before the path is searched.
+ [2e52c0e27606]
+
+2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, parse.c:
+ A user can always list their own entries, even with -u. Better error
+ message when failing to list another user's entries.
+ [e2e24deb0071]
+
+ * parse.c, sudo.c, sudo.h:
+ The syntax to list another user's entries is now "-u otheruser -l".
+ Only root or users with sudo "ALL" may list other user's entries.
+ [3c0657e8f5fe]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Update env variable info in SECURITY NOTES
+ [299716071024]
+
+ * env.c:
+ strip CDPATH too
+ [9b97643b26f9]
+
+ * env.c:
+ strip exported bash functions from the environment.
+ [9e5090c8284f]
+
+2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only reset sudo_user.pw based on SUDO_USER environment variables for
+ real commands and sudoedit. This avoids a confusing message when a
+ user tries "sudo -l" or "sudo -v" and is denied.
+ [3ea6d0053274]
+
+ * gram.c, gram.y, parse.h:
+ Extend LIST_APPEND to deal with appending lists too
+ [d963e42f622f]
+
+2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ Convert some bitwise AND to ISSET
+ [130dc40d268e]
+
+ * lex.yy.c, toke.c:
+ toke.c replaces lex.yy.c
+ [048858df79e7]
+
+ * CHANGES, TODO:
+ sync
+ [d19e7abf251c]
+
+ * BUGS:
+ new parser fixes most of the outstanding bugs
+ [0891f66e3758]
+
+ * configure:
+ regen
+ [1a3358cc7283]
+
+ * visudo.c:
+ Rework for the new parser. Now checks for unused aliases in sudoers.
+ [ad462ede3094]
+
+ * testsudoers.c:
+ Rewrite for the new parser. Now supports a -d flag (dump) and adds a
+ -h flag (host). It now defaults to the local hostname unless
+ otherwise specified.
+ [1b69685cc601]
+
+ * sudo.h:
+ Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
+ [2e4fb3abfef0]
+
+ * sudo.c:
+ Update for new parse. We now call find_path() *after* we have
+ updated the global defaults based on sudoers. Also adds support for
+ listing other user's privs if you are root.
+ [cf3db9fc3024]
+
+ * mon_systrace.c:
+ Working LDAP support; also remove a now-unneeded rewind().
+ [649ecf1baf6b]
+
+ * logging.c, logging.h:
+ Add NO_STDERR flag.
+ [6cb935af94e0]
+
+ * ldap.c:
+ Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
+ udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
+ connecto to LDAP, apply the default options, find the command in the
+ user's path, and then check whether the user is allowed to run it.
+ The important thing here is that the default runas user may be
+ specified as a default option and that needs to be set before we
+ search for the command.
+ [fc0426abc6f1]
+
+ * ldap.c:
+ Add casts to unsigned char for isspace() to quiet a gcc warning.
+ [e5358e3df439]
+
+ * defaults.h:
+ Add prototype for update_defaults()
+ [564dac3db74e]
+
+ * defaults.c:
+ Don't warn about line numbers now that we operate on a set of data
+ structures (or LDAP) and not a file.
+ [bcd9ffb9b67c]
+
+ * config.h.in:
+ No long use lsearch()
+ [9d048c587319]
+
+ * Makefile.in:
+ Update for new and changed file names.
+ [6f424a7c4515]
+
+ * LICENSE:
+ no more BSD lsearch.c
+ [463a96d89026]
+
+ * match.c:
+ foo_matches() routines now live in match.c Added user_matches(),
+ runas_matches(), host_matches(), cmnd_matches() and alias_matches()
+ that operate on the parsed sudoers file.
+ [b14da8a0567e]
+
+ * parse.lex, toke.l:
+ Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
+ WORD no longer needs to exclude '@' kill yywrap()
+ [a922294eb7b7]
+
+ * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ Rewritten parser that converts sudoers into a set of data
+ structures. This eliminates ordering issues and makes it possible to
+ apply sudoers Defaults entries before searching for the command.
+ [30d2ec4d203c]
+
+ * configure.in, emul/search.h, lsearch.c:
+ We won't be using lsearch() any longer.
+ [29c4d54bfac0]
+
+ * ldap.c:
+ sudo should not send mail if someone who runs 'sudo -l' has no
+ entry.
+ [6fc27a69fd9c]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [8166347917f3]
+
+ * visudo.pod:
+ Update warnings to match new visudo
+ [004c0766798f]
+
+ * sudoers.pod:
+ The new parser doesn't have the old ordering constraints.
+ [ffd43bd08661]
+
+ * sudo.pod:
+ Document that -l now takes an optional username argument
+ [278f9557de8b]
+
+2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ AIX 5.2.0.0 works
+ [523acd29d858]
+
+ * ldap.c:
+ If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
+ a compilation problem with Solaris 9's native LDAP.
+
+ Set FLAG_MONITOR when needed.
+ [35824ade672d]
+
+2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Call sudo_goodpath() *after* changing the cwd to match the traced
+ process. Fixes relative paths.
+ [12ee111d0ad7]
+
+2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c:
+ Kill set_perms() stub--it is no longer needed.
+ [116ed702935d]
+
+2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ stay_setuid now requires set_reuid() or setresuid()
+ [8511f67e25d5]
+
+ * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
+ configure.in, set_perms.c, sudo.c, sudo.h:
+ Kill use of POSIX saved uids; they aren't worth bothering with.
+ [b3b1f19f18c1]
+
+2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * glob.c:
+ remove call to issetugid()
+ [63f2e492c08f]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Remove warning about wildcards. Now that we use glob() the bug is
+ fixed.
+ [b15729d32266]
+
+ * parse.c:
+ Use glob(3) instead of fnmatch(3) for matching pathnames and stat
+ each result that matches the basename of the user's command. This
+ makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
+ /usr/bin/blah. Fixes bug #143.
+ [e31eb6310340]
+
+ * config.h.in, configure, configure.in:
+ Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
+ GLOB_BRACE)
+ [677ed6661e17]
+
+ * config.h.in, configure, configure.in:
+ Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
+ [aaa2329dd266]
+
+ * LICENSE:
+ reference glob
+ [bedc9a923423]
+
+ * emul/glob.h:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [0335cf31fb1e]
+
+ * glob.c:
+ 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+ removed.
+ [81799451473c]
+
+2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means
+ we are out of space in the stack gap...
+ [5b02b702021e]
+
+ * CHANGES:
+ sync
+ [be3826273e56]
+
+ * mon_systrace.c:
+ Take a stab at ldap sudoers support here.
+ [9d023695b0de]
+
+ * mon_systrace.c, mon_systrace.h:
+ Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
+ doesn't cause reboot to inadvertanly kill itself.
+ [d4aab2365610]
+
+ * mon_systrace.c:
+ put "monitor" in the proctitle, not "systrace"
+ [9a9025767d86]
+
+ * mon_systrace.c:
+ When modifying the environment, don't replace envp when we can get
+ away with just rewriting pointers in the traced process.
+ [c03622f7a2e2]
+
+ * mon_systrace.c, mon_systrace.h:
+ Add environment updating via STRIOCINJECT (if available).
+ [037291016870]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [869acc511046]
+
+2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [4e61a9bd3c97]
+
+ * parse.lex:
+ Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
+ [b70d7bd6e147]
+
+ * mon_systrace.c:
+ Include file is now mon_systrace.h
+ [ead4e36d92ae]
+
+ * Makefile.in, configure, configure.in, def_data.c, def_data.h,
+ def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
+ sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
+ No longer call it tracing, it is now "monitoring" which should be
+ more a obvious name to non-hackers.
+ [aa811ded0789]
+
+2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c, mon_systrace.h:
+ Fix some XXX
+ [a271072dacc6]
+
+ * mon_systrace.c, mon_systrace.h:
+ No need to include syscall.h, use 1024 as the max # of entries (the
+ max that systrace(4) allows).
+
+ Only need to use SYSTR_POLICY_ASSIGN once
+
+ Change check_syscall() -> find_handler() and have it return the
+ handler instead of just running it. We need this since handler now
+ have two parts: one part that generates and answer and another that
+ gets called after the answer is accepted (to do logging).
+
+ Add some missing check_exec for emul execv
+ [a89d243f0525]
+
+ * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
+ Add $Sudo$ tags.
+ [6f3fedb0daba]
+
+ * config.h.in:
+ Add missing HAVE_LINUX_SYSTRACE_H
+ [ff75ab7bfc53]
+
+ * Makefile.in:
+ add trace_systrace.o dependency
+ [88a408668ab2]
+
+2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Also look for systrace.h in /usr/include/linux
+ [98b98b436cf3]
+
+ * mon_systrace.c, mon_systrace.h:
+ Move all struct defs and prototypes into trace_systrace.h and mark
+ all but systace_attach() static.
+ [85511253b570]
+
+ * mon_systrace.c, mon_systrace.h:
+ Add support for tracing emulations. At the moment, all emulations
+ are compiled in. It might make sense to #ifdef them in the future,
+ though this impeeds readability.
+ [87bb50abf277]
+
+ * Makefile.in, configure, configure.in:
+ rename systrace.c -> trace_systrace.c
+ [31cfa4407d93]
+
+ * parse.yacc, sudo.tab.c:
+ Allow this to build with a K&R compiler again
+ [32876af5bb98]
+
+ * TODO:
+ sync
+ [46865bd70f7c]
+
+ * compat.h, sudo.c, visudo.c:
+ Use __attribute__((__noreturn__))
+ [65bbad71fe89]
+
+ * visudo.c:
+ Exit() takes a negative value to indicate it was not called via
+ signal.
+ [b93032ed7b60]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [45bcf4661558]
+
+ * Makefile.in, visudo.c:
+ Define Err() and Errx() that are like err() and errx() but call
+ Exit() instead of exit(). Build private copy of alloc.o for visudo
+ that calls Err() and Errx().
+ [c6d02bf42edd]
+
+2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [39de7e7c59da]
+
+ * CHANGES:
+ sync
+ [ba481d9ed1aa]
+
+ * visudo.c:
+ Overhaul visudo for editing multiple files: o visudo has been broken
+ out into functions (more work needed here) o each file is now edited
+ before sudoers is re-parsed o if a #include line is added that file
+ will be edited too
+
+ TODO: o cleanup temp files when exiting via err() or errx() o
+ continue breaking things out into separate functions
+ [80c35cf534eb]
+
+ * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
+ Add keepopen arg to open_sudoers that open_sudoers can use to
+ indicate to the caller that the fd should not be closed when it is
+ done with it. To be used by visudo to keep locked fds from being
+ closed prematurely (and thus losing the lock).
+ [f330fe632470]
+
+ * parse.yacc, sudo.c:
+ Add errorfile global that contains the name of the file that caused
+ the error.
+ [98079c7a37ed]
+
+ * parse.lex:
+ return COMMENT to yacc grammar for a #include line
+ [2024a8de4fa8]
+
+ * parse.lex:
+ Remove us of unput() in favor of yyless() which is cheaper.
+ [c61291902beb]
+
+ * parse.yacc:
+ Allow an empty sudoers file.
+ [62fb111db2e7]
+
+2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
+ [9e15869ef597]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [c29bdd43bfad]
+
+ * visudo.c:
+ Do signal setup before calling edit_sudoers(). Don't shadow the
+ "quiet" global.
+ [74252efd09ff]
+
+ * visudo.c:
+ If a sudoers file includes other files, edit those too. Does not yes
+ deal with creating the new includes files itself.
+ [06af7b9c173f]
+
+ * testsudoers.c:
+ init_parser now takes a path
+ [b5ee186eb192]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ More scaffolding for dealing with multiple sudoers files: o
+ init_parser() now takes a path used to populate the sudoers global o
+ the sudoers global is used to print the correct file in yyerror() o
+ when switching to a new sudoers file, perserve old file name and
+ line number
+ [d9be4970b8bd]
+
+ * Makefile.in, pathnames.h.in:
+ Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
+ multiple sudoers files.
+ [6ccc4e921c43]
+
+ * parse.c, sudo.c:
+ Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
+ we start at the right file position when reading include files.
+ [91fcb961e7a4]
+
+ * sudoers.pod:
+ document #include
+ [fbb92a25a726]
+
+ * lex.yy.c:
+ regen
+ [50cd7a4c9dff]
+
+ * parse.lex:
+ Add max depth of 128 for the include stack to avoid loops.
+
+ Since yyerror() doesn't stop parsing, pass return values back to
+ yylex and call yyterminate() on error.
+ [e79dbffb729d]
+
+2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ document tracing
+ [165a467eadd8]
+
+ * sudo.pod:
+ Mention PREVENTING SHELL ESCAPES section of sudoers man page
+ [3217ccecd834]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [fbd58d1d3a76]
+
+ * parse.lex:
+ Add support for #include in sudoers (visudo support TBD)
+ [a78015ca81af]
+
+ * parse.yacc:
+ make yyerror()'s argument const
+ [7d8e168c019a]
+
+ * testsudoers.c, visudo.c:
+ Add open_sudoers() stubs.
+ [087466787198]
+
+ * sudo.c, sudo.h:
+ Rename check_sudoers() open_sudoers() and make it return a FILE *
+ [142fc511fc65]
+
+2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ Crank version
+ [1adc3f839480]
+
+ * Makefile.in, sudo.psf:
+ Better HP-UX depot construction
+ [2d952b000e63]
+
+2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mon_systrace.c:
+ o Made children global so check_exec() can lookup a child. o
+ Replaced uid in struct childinfo with struct passwd * (for runas) o
+ new_child() now takes a parent pid so the runas info can be
+ inherited o Added find_child() to lookup a child by its pid o
+ update_child() now fills in a struct passwd o Converted the big
+ if/else mess in set_policy to a switch o Syscalls that change uid
+ are now "ask" so we get SYSTR_MSG_UGID events
+ [29b9ea3f09a3]
+
+ * getspwuid.c:
+ Add flag to sudo_pwdup that indicates whether or not to lookup the
+ shadow password. Will be used to a struct passwd that has the shadow
+ password already filled in.
+ [e19d43dd7238]
+
+ * mon_systrace.c:
+ add missing increment of addr in read_string()
+ [f9eb0f060cb6]
+
+ * mon_systrace.c:
+ Remove bogus call to update_child() and some cosmetic fixes
+ [701ab0b97fef]
+
+ * mon_systrace.c:
+ Don't leak /dev/systrace fd to tracee Make initialized global for
+ simplicity If STRIOCATTACH returns EBUSY we are already being traced
+ Check for user_args == NULL in setproctitle() call Add missing calls
+ to STRIOCANSWER
+ [1956edf9bc3a]
+
+ * sudo.c:
+ g/c sudo_pwdup proto
+ [b7c4d6249ecb]
+
+ * Makefile.in, sudo.psf:
+ Add target for building a depot file
+ [357019efd99b]
+
+ * mon_systrace.c:
+ trim includes
+ [501534428471]
+
+2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [52fd250c6986]
+
+ * INSTALL:
+ document --with-systrace
+ [79623927c94e]
+
+ * config.h.in, configure, configure.in:
+ Add check for setproctitle
+ [1730cf1c26ed]
+
+ * mon_systrace.c:
+ pass struct str_msg_ask in to syscall checker so it can set the
+ error code
+ [1703fd2fdef6]
+
+ * mon_systrace.c:
+ systrace(4) support for sudo. On systems with the systrace(4) kernel
+ facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
+ calls and check the exec args against the sudoers file. In other
+ words, sudo can now control subcommands and shell escapes.
+ [928c9217c386]
+
+ * sudo.c, sudo.h:
+ Call systrace_attach() if FLAG_TRACE is set.
+ [014ba9402fa5]
+
+ * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
+ Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+ [a99904db5e56]
+
+ * parse.c, sudo.c:
+ Don't close sudoers_fp, keep it open and set close on exec flag
+ instead.
+ [43a9fec60bee]
+
+ * def_data.c, def_data.h, def_data.in:
+ Add trace option
+ [5b643b86730a]
+
+ * Makefile.in:
+ Add systrace
+ [47a0519c427c]
+
+ * INSTALL:
+ SunOS /bin/sh blows up with configure
+ [005a23cc5615]
+
+ * configure, configure.in:
+ Include sys/param.h before systrace.h
+ [9345bc8efecf]
+
+ * configure:
+ regen
+ [a8f53fcbb254]
+
+ * pathnames.h.in:
+ _PATH_DEV_SYSTRACE
+ [d2ad1e492a00]
+
+ * configure.in:
+ line up options in --help
+ [fa51f2821d09]
+
+ * config.h.in, configure.in:
+ Add --with-systrace
+ [a264d54bc413]
+
+2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [a4dad0bcc523]
+
+ * aclocal.m4, configure.in:
+ make this work with autoconf-2.59
+ [c4a92b6a684a]
+
+2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Simplify logic around open & stat of files and do sanity on edited
+ file even if we lack fstat (still racable but worth doing).
+ [adda65ade70c]
+
+2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ Add support url
+ [bf6590fbde9f]
+
+ * Makefile.in:
+ versino 1.6.8p1
+ [b84ebfaf1552] [SUDO_1_6_8p1]
+
+ * CHANGES:
+ more changes for 1.6.8p1
+ [e23a9c0393b6]
+
+ * version.h:
+ 1.6.8p1
+ [872f14504b5f]
+
+ * CHANGES, sudo_edit.c:
+ Add sanity check so we don't try to edit something other than a
+ regular file.
+ [350134ec6d4e]
+
+2004-09-15 Aaron Spangler <aaron777@gmail.com>
+
+ * CHANGES:
+ sync
+ [3091ca9eae00]
+
+ * INSTALL:
+ document --with-ldap-conf-file
+ [0e2cd6b896f1]
+
+2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, ins_csops.h:
+ political correctness strikes again
+ [428e8bc77f55]
+
+ * RUNSON:
+ sync
+ [27f44bd423dc]
+
+2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.binary.in, Makefile.in:
+ Install sudoedit man link
+ [19a55234fc1f]
+
+ * INSTALL:
+ Update PAM note and mention where HP-UX users can download gcc
+ binaries.
+ [d37cdbbabfd4]
+
+ * Makefile.in:
+ libtool wants to install stuff from .libs so fake one up for binary
+ installations.
+ [a681bc6fcfba]
+
+ * Makefile.binary.in:
+ rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
+ [3e0c4b3372cc]
+
+ * Makefile.in:
+ Deal with "uname -m" having slashes in it rm -f old sudoedit link
+ instead of using ln -f
+ [cff33fb97e5b]
+
+ * Makefile.binary, Makefile.binary.in:
+ Makefile.binary -> Makefile.binary.in for config.status substitution
+ Add support for installing noexec bits
+ [37d8bb3483c6]
+
+ * Makefile.in:
+ Copy noexec bits into binary dists too No longer use my old arch
+ script for making binary dists
+ [e7058bab9e33]
+
+ * Makefile.binary:
+ Install sudoedit link.
+ [417d1e101711]
+
+2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/utime.h:
+ avoid __P so there is no need for compat.h to be included
+ [6d8d1f1abf7d]
+
+ * utimes.c:
+ Don't use HAVE_UTIME_H before including config.h.
+ [013b7bb61181]
+
+2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ Fix Solatis futimes macro
+ [d4eda2ca0d29]
+
+2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Rename ots -> omtim for improved readability.
+ [127ca5bb297c]
+
+2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Redo changes in revision 1.7. Don't really need to keep the temp
+ file open; re-opening it with the invoking user's euid is
+ sufficient.
+ [55a883165a95]
+
+ * CHANGES:
+ sync
+ [9015b291170d]
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [c0313f6ed783]
+
+ * sudo.pod:
+ back out revision 1.70; it is no long applicable
+ [b641d503aff6]
+
+ * env.c:
+ Let the loader initialize nep
+ [bec192139b02]
+
+ * config.h.in, configure, configure.in:
+ Removed unneed check for fchown Add check for gettimeofday Move
+ autoheader template stuff into separate AH_TEMPLATE lines
+ [bfc0edbd43f2]
+
+ * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Use timespec throughout.
+ [1a178a23b69b]
+
+ * Makefile.in:
+ gettime.[co]
+ [6aeb48a7ab7f]
+
+ * gettime.c:
+ function to return the current time in a struct timespec
+ [bf8eb12cb63f]
+
+ * utimes.c:
+ Not a darpa-sponsored file.
+ [121ce5e2036c]
+
+2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for struct timespec and provide it for those without.
+ [42124055030d]
+
+ * config.h.in, configure, configure.in, sudo_edit.c:
+ Add checks for st_mtim and st_mtimespec and add macros for pulling
+ the mtime sec and nsec out of struct stat. These are used in
+ sudo_edit() to better tell whether or not the file has changed.
+ [23debfbb3fab]
+
+ * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+ Add an extra param to touch() for nsec
+ [56f7a4ba8ddb]
+
+ * sudo_edit.c:
+ Call mkstemp() as the in invoking user so we don't have to chown the
+ file later. Only touch() the temp file if we can do it via the file
+ descriptor. Don't check for modification of the temp file if we lack
+ fstat(). Catch errors read()ing the temp file.
+ [665f52c70836]
+
+ * fileops.c:
+ If path is NULL and fd == -1 return -1.
+ [757a518a824c]
+
+ * sudo_edit.c:
+ closefrom() is overkill, the only extra fds are the ones we opened
+ so just close those in the child.
+ [f361c9d2a1f4]
+
+ * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
+ configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
+ visudo.c:
+ Use utimes() and futimes() instead of utime() in touch(), emulating
+ as needed. Not all systems are able to support setting the times of
+ an fd so touch() takes both an fd and a file name as arguments.
+ [3d9276f29717]
+
+2004-09-07 Aaron Spangler <aaron777@gmail.com>
+
+ * env.c:
+ Rare SEGV
+ [8995f828782d]
+
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [b8e9406711c5]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Add SUPPORT section and re-order some of the sections to match the
+ order we use in OpenBSD.
+ [fa37bd917e2c]
+
+2004-09-06 Aaron Spangler <aaron777@gmail.com>
+
+ * env.c:
+ Openldap ~/.ldaprc fix
+ [1a37afe6850f]
+
+2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ Talk about how the editor must write its changes to the original
+ file and not just use rename(2).
+ [c55ed91c5ee9]
+
+ * CHANGES:
+ sync
+ [62af26bd37a2]
+
+ * sudo_edit.c:
+ Keep the temp file open instead of re-opening after the editor has
+ exited.
+ [de41eeb6dcf2]
+
+ * sample.pam:
+ Update for current redhat/fedora core.
+ [8cf083077333]
+
+2004-09-03 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ tls_ examples
+ [ba783d88a034]
+
+2004-09-02 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ config tls_* options
+ [0b0e0797b3b9]
+
+2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ No need for -lcrypt when using pam.
+ [41fff3a53e68]
+
+2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [75820aecce2c]
+
+2004-08-27 Aaron Spangler <aaron777@gmail.com>
+
+ * configure.in, ldap.c, pathnames.h.in:
+ Allow --with-ldap-conf-file option to override LDAP_CONF
+ [c9909bc484a5]
+
+ * ldap.c:
+ cleanup debug message
+ [1f6ca4824d8d]
+
+2004-08-26 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ more config info
+ [f2e7147fd507]
+
+2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
+ Add cmnd_base to struct sudo_user and set it in init_vars(). Add
+ cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
+ longer use gross statics in command_matches(). Also rename some
+ variables for improved clarity.
+ [7169a6c7bea4]
+
+2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document HP's crippled compiler deficiency.
+ [c405ea5a8d4c]
+
+ * INSTALL:
+ Fix some thinkos in --with-editor and --with-env-editor
+ descriptions. Noticed by Norihiko Murase.
+ [dd781de1c985]
+
+ * configure, configure.in:
+ --with-noexec takes an optional PATH argument.
+ [8f6ab77f22cc]
+
+ * INSTALL:
+ document --with-noexec
+ [50cb1fc627ce]
+
+2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON, TODO:
+ sync
+ [f2503bd13373] [SUDO_1_6_8]
+
+ * sudo_edit.c:
+ Better warning message when sudoedit is unable to write to the
+ destination file.
+ [f78c18f2ffa8]
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [7e2bf63d6d9a]
+
+ * sudo.pod:
+ Don't italicize the string "sudoedit"
+ [c691643bd269]
+
+2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ Mention GratiSoft.
+ [dc53de581b2d]
+
+2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [8ae0484dfc38]
+
+ * parse.yacc:
+ Reset used_runas to FALSE when re-intializing the parser.
+ [b7403f353a02]
+
+2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess:
+ Correct OpenBSD mips support
+ [314fc7afc165]
+
+ * config.guess:
+ Add OpenBSD/mips
+ [ac87d0a773ef]
+
+2004-08-07 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ More behavior notes
+ [13be1d212b47]
+
+ * README.LDAP:
+ Updates on current behavior
+ [d498a8866d6f]
+
+2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [e5f479e24fa8]
+
+ * sudoers.pod:
+ =back does not take an indentlevel (makes no difference to formatted
+ files).
+ [9c8523bb382a]
+
+ * CHANGES:
+ new
+ [2dbd9aba8b33]
+
+ * sudo.c:
+ Consistency. Use same error for bad -u #uid when targetpw is set as
+ we do when a bad -u username is specified.
+ [922961c4a9d6]
+
+ * TODO:
+ Add checksum idea from Steve Mancini
+ [e6ece1b766ba]
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [f93d41fc38b1]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [370d2317829f]
+
+ * sudo.pod, sudoers.pod:
+ Document the restriction on uids specified via -u when targetpw is
+ set.
+ [878fedb455db]
+
+ * sudo.c:
+ Error out when targetpw is enabled and sudo is run with -u #uid but
+ #uid does not exist in the passwd database. We can't do target
+ authentication when the target is not in passwd!
+ [27c5888c86eb]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ regen
+ [ceb65711050c]
+
+ * TODO:
+ Some more todo for the next release.
+ [7b7417be7601]
+
+ * INSTALL:
+ Make it clear that PAM should be used for DCE support when possible.
+ [7502029fd385]
+
+ * sudoers.pod:
+ o Document problems with wildcards and relative paths. o Make the
+ order requirements more prominent. o Change a "set" to "reset" for
+ clarity.
+ [bacdd181b33f]
+
+2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ Mention --with-secure-path, not SECURE_PATH.
+ [41283ddde5e1]
+
+2004-08-03 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ reflect changes to parse.c
+ [8880fe9b724d]
+
+2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [a57658ca9177]
+
+ * parse.yacc:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [a4910bf6032b]
+
+ * parse.c, parse.h, testsudoers.c, visudo.c:
+ Don't pass user_cmnd and user_args to command_matches(), just use
+ the globals there. Since we keep state with statics anyway it is
+ misleading to pretend that passing in different cmnd and cmnd_args
+ will work.
+ [0a2544991fd6]
+
+ * parse.c:
+ Fix a bug introduced in rev. 1.149. When checking for pseudo-
+ commands check for a '/' anywhere in cmnd, not just the first
+ character.
+ [ce98142f03ca]
+
+2004-07-31 Aaron Spangler <aaron777@gmail.com>
+
+ * sudo.man.in, sudo.pod:
+ Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
+ [a91800e094b1]
+
+ * sudoers.man.in, sudoers.pod:
+ Add ignore_local_sudoers
+ [741ddcbf7083]
+
+ * README.LDAP:
+ Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
+ janth@moldung.no
+ [742c02e07cd9]
+
+2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ typo
+ [e7cdefbd7a9a]
+
+2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [734dafc4a85e]
+
+ * parse.c:
+ Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
+ PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
+ [151b7f593568]
+
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ PAM change
+ [d8fb6d6a22d0]
+
+2004-07-08 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Better debugging of ALL command
+ [9db3e84029dc]
+
+2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ When matching for "sudoedit" in sudoers check both the command the
+ user typed *and* the command that is listed in the sudoers entry.
+ [f36ca1f94095]
+
+2004-07-04 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Added !command feature
+ [ed539574611b]
+
+2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
+ [2be8e0e8813a]
+
+2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ License is ISC-style, not BSD-style
+ [ac0589e1dd5d]
+
+ * CHANGES:
+ sync
+ [16058a30f404]
+
+2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [8820eb9c809b]
+
+ * sudo.pod:
+ o Update some out of date bits to reality o Change the shell promt
+ in examples to bourne-shell style o Clarify some details o Add a
+ CAVEAT about "sudo cd /foo"
+ [b0af373214b6]
+
+ * check.c:
+ Don't ask for a password if invoking user == target user.
+ [dd5c96141132]
+
+ * sudo.c:
+ typo in comment
+ [278d20f9b249]
+
+2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [9036c6f39eff]
+
+ * sudoers.pod:
+ Expand on NOEXEC a little.
+ [9a13756aebe4]
+
+ * TODO:
+ sync
+ [8d2c1af48de8]
+
+ * visudo.cat, visudo.man.in:
+ regen
+ [3921f01607c8]
+
+ * sudo.tab.c:
+ regen
+ [9338c3d68250]
+
+ * CHANGES, parse.yacc, visudo.c:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [803560986a8a]
+
+ * visudo.pod:
+ Add a check in visudo for runas_default being set after it has
+ already been used.
+ [6700358d7ad8]
+
+ * sudo.tab.c:
+ regen
+ [b60636e2cf63]
+
+ * parse.yacc:
+ Add a MATCHED macro for testing whether foo_matches has been set to
+ TRUE or FALSE. This is more readable than checking for >=0 or < 0.
+ Doesn't change the actual code generated.
+ [f376da8ccdc8]
+
+2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat:
+ regen
+ [6cceb6d6c9bd]
+
+ * sudoers.man.in:
+ regen
+ [5acd12b730b3]
+
+ * sudoers:
+ Correct description of where Defaults specs should go.
+ [868db857630d]
+
+ * sudoers.pod:
+ Correct description of where Defaults specs should go.
+ [6b11ff53d7ad]
+
+ * auth/bsdauth.c, auth/kerb5.c:
+ update (c) year
+ [d72eb434c068]
+
+ * auth/pam.c:
+ update (c) year
+ [87149e0eed50]
+
+ * find_path.c:
+ update (c) year
+ [40c227af9227]
+
+ * ldap.c:
+ update (c) year
+ [f264632488a0]
+
+ * logging.h:
+ update (c) year
+ [3cec76d400ce]
+
+ * testsudoers.c, visudo.c:
+ update (c) year
+ [272c8a53604c]
+
+2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [83408d9e9d2e]
+
+ * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
+ Remove trailing spaces, no actual code changes.
+ [4c3bf2819293]
+
+ * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
+ Remove trailing spaces, no actual code changes.
+ [c7075d1cbed5]
+
+ * tgetpass.c:
+ Remove trailing spaces, no actual code changes.
+ [96f6e0a24c26]
+
+ * compat.h, defaults.c, env.c:
+ Remove trailing spaces, no actual code changes.
+ [893e83c33795]
+
+ * find_path.c:
+ Remove trailing spaces, no actual code changes.
+ [7ed7099f3c71]
+
+ * getcwd.c:
+ Remove trailing spaces, no actual code changes.
+ [776cc0374547]
+
+ * check.c:
+ Remove trailing spaces, no actual code changes.
+ [f77750f8803b]
+
+ * sudo.tab.c:
+ regen
+ [62e0ed883b31]
+
+ * parse.yacc:
+ Fix a >=0 that should be <0 that was improperly converted when
+ UNSPEC was added.
+ [ad1531a55a49]
+
+ * parse.yacc:
+ Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
+ NOMATCH when resetting it.
+ [ae017a12870a]
+
+ * parse.yacc:
+ Fix pastos introduced in SETNMATCH addition.
+ [6ea1c9d80681]
+
+2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Update for configure changes
+ [637a635da287]
+
+ * sudo.tab.c:
+ regen
+ [4753c2788713]
+
+ * parse.yacc:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [746b519e41a6]
+
+ * sudo.h:
+ Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+ these in parse.yacc. Also in parse.yacc initialize the *_matches
+ vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+ when setting *_matches to a value that may be
+ NOMATCH/UNSPEC/TRUE/FALSE.
+ [2ba622e15a4d]
+
+ * parse.yacc:
+ Initialize runas to -2, not -1 since we need to be able to
+ distinguish between the initialized value and the value of a non-
+ match when passing along the runas value to multiple commands.
+
+ The result of this is that an unmatched runas is now set to -1, not
+ 0. This is required now that parse.c treats a FALSE value for runas
+ as being explicitly denied.
+ [7791ed3621f6]
+
+2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getprogname.c:
+ Error out if argc < 1.
+ [c566cce8dc78]
+
+ * sudo.c, visudo.c:
+ Error out if argc < 1.
+ [ce6b2a9eda3c]
+
+ * configure, configure.in:
+ Add tests for what libs we need to link with for ldap and for
+ whether or not lber.h needs to be explicitly included.
+ [b2e9729cc4e7]
+
+2004-06-03 Aaron Spangler <aaron777@gmail.com>
+
+ * ldap.c:
+ Solaris native LDAP build fix
+ [39929e40eb11]
+
+2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c:
+ Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
+ unset variable.
+ [6a4c20a66f98]
+
+ * sudo.h:
+ Add prototype for sudo_ldap_list_matches
+ [443b007a8dab]
+
+ * compat.h:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [8d50ff1bbf2a]
+
+ * config.h.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [34eace4faec8]
+
+ * configure, configure.in:
+ Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+ version too. Added check for dd_fd in `DIR' if no dirfd is found;
+ this is now used to confitionally define the dirfd macro in
+ compat.h.
+ [567656978f7e]
+
+ * closefrom.c:
+ Only check /proc/$$/fd if we have the dirfd function/macro.
+ [15e3ccce7553]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add a check for a dirfd() function (like Linux) and add a dirfd
+ macro in compat.h if there is no dirfd() function or macro.
+ [1e95756edb50]
+
+ * closefrom.c, getcwd.c:
+ dirfd() is now defined in compat.h as needed.
+ [bb1d79271188]
+
+ * CHANGES:
+ Clarify closefrom() note.
+ [f4e4a5508dda]
+
+ * parse.c:
+ When checking for a command in the directory, only copy the base dir
+ once.
+ [7a3276808b87]
+
+ * closefrom.c:
+ If there is a /proc/$$/fd directory, behave like the Solaris
+ closefrom() and only close the descriptors listed therein.
+ [19de23779e84]
+
+ * alloc.c:
+ compat.h guarantees INT_MAX is defined.
+ [1bf0c79d4606]
+
+ * compat.h:
+ Add definitions of OPEN_MAX and INT_MAX for those without it and
+ remove definition of RLIM_INFINITY (now unused).
+ [f827d1ebf96e]
+
+ * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
+ sudo.c, sudo.h, visudo.c:
+ Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+ [59788f211c24]
+
+2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ sync
+ [d32fa124f1ad]
+
+ * RUNSON:
+ Add some entries that were mailed in a while ago
+ [ff8d5bfec54e]
+
+ * closefrom.c:
+ o sysconf returns a long, not an int. o check for negative return
+ value from sysconf/getdtablesize and use OPEN_MAX in this case. o
+ define OPEN_MAX to 256 for those without it (a fair guess...)
+ [ccf81ae6deb2]
+
+2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Mention change in parse order for RunAs entries.
+ [dc73b0bca617]
+
+ * configure:
+ regen
+ [07cce8e0534e]
+
+2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, README.LDAP, config.h.in, configure.in:
+ o --with-ldap now takes an optional dir as a parameter o added check
+ for ldap_initialize() and start_tls_s()
+ [2b846c7974c6]
+
+ * README.LDAP:
+ Fix some typos, word choice and formatting issues.
+ [00dc8ca84b10]
+
+2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
+ read/write as it is simpler.
+ [30f5446ee8b0]
+
+ * configure, configure.in:
+ Remove hack overriding cross-compiler check. It should no longer be
+ needed.
+ [22a6cbd88608]
+
+ * compat.h:
+ Remove select() compat bits since we no longer use select().
+ [d7bbf7cd36f5]
+
+ * CHANGES, tgetpass.c:
+ Use alarm() instead of select() for the timeout for systems that
+ don't fully/properly implement select().
+ [d7cc60f15800]
+
+2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ synbc
+ [132a39788e07]
+
+ * RUNSON:
+ update
+ [61ef508380c6]
+
+ * set_perms.c:
+ Deal with systems that have no way of setting the effective uid such
+ as nsr-tandem-nsk.
+ [306e00e9b5a4]
+
+ * configure, configure.in:
+ Define NO_SAVED_IDS if we don't find seteuid()
+ [8588f18345cf]
+
+ * config.h.in, configure, configure.in:
+ Add back check for setreuid() since NSK doesn't have it.
+ [43127bd703d1]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [af4f4b20e422]
+
+ * BUGS:
+ sync
+ [3593f17f72ed]
+
+ * CHANGES:
+ sync
+ [29ca3b699c24]
+
+ * parse.c:
+ In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
+ explicitly denied and the command matched. This fixes a long-
+ standing bug and makes: foo machine = (ALL) /usr/bin/blah foo
+ machine = (!bar) /usr/bin/blah
+
+ equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+ [2f5ee244985a]
+
+ * sudoers.pod:
+ Clarify mail_noperm
+ [3238b2d41989]
+
+2004-05-20 Aaron Spangler <aaron777@gmail.com>
+
+ * Makefile.in:
+ Missing DESTDIR in make install for sudo_noexec.la
+ [91431e821525]
+
+2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ regen
+ [cdfde0dcb556]
+
+ * TODO:
+ sync
+ [4799b7d8b62c]
+
+ * sample.sudoers:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [b1bca73d6250]
+
+ * sudoers.pod:
+ Remove fastboot/fasthalt (who still remembers these?) and add a
+ minimal sudoedit example.
+ [19d299f233cd]
+
+ * CHANGES, INSTALL:
+ filesystem -> file system
+ [85948b608ffe]
+
+ * TROUBLESHOOTING:
+ filesystem -> file system
+ [39fb594e9338]
+
+ * UPGRADE, sudo.c, visudo.c:
+ filesystem -> file system
+ [1e1afaf30469]
+
+ * sudo.pod, sudoers.pod:
+ Fix some minor typos and formatting goofs
+ [e94d243a0b90]
+
+ * lex.yy.c:
+ regen
+ [2eed0ab1f4c4]
+
+ * visudo.pod:
+ remove my email addr
+ [b63262c0389b]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Use @mansectform@ and @mansectsu@ everywhere Make man page
+ references links with L<>
+ [f459f4b9ddb9]
+
+ * parse.lex:
+ Accept quoted globbing characters and pass them verbatim for
+ fnmatch()
+ [8248b86e9380]
+
+ * UPGRADE:
+ Document that /tmp/.odus is gone.
+ [3667b66af5bb]
+
+ * pathnames.h.in:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [48d94c9f9ad4]
+
+ * CHANGES:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [6058c4cefcec]
+
+ * aclocal.m4:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [cf52c4c2803f]
+
+ * configure:
+ No longer use /tmp/.odus as a possible timestamp dir unless
+ specifically configured to do so. Instead, if no /var/run exists,
+ use /var/adm/sudo or /usr/adm/sudo.
+ [058d7b8cf07b]
+
+ * check.c, compat.h:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches from
+ Tom Bates.
+ [390b698b5924]
+
+ * logging.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches from
+ Tom Bates.
+ [934bbe6872b6]
+
+ * set_perms.c, sudo.c, tgetpass.c, visudo.c:
+ Preliminary changes to support nsr-tandem-nsk. Based on patches from
+ Tom Bates.
+ [2e5f81834383]
+
+2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ There was no 1.6.7p6.
+ [8013d2e6b062]
+
+ * BUGS, CHANGES:
+ sync
+ [c38b41f32857]
+
+ * Makefile.in:
+ add missing files to DISTFILES
+ [e6a80ad03039]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [027bc9746dd5]
+
+ * sudoers.man.in:
+ regen
+ [f5e85ef686cf]
+
+ * Makefile.in:
+ Fix some line wrap and update (c) year
+ [bad1f46aa1ca]
+
+2004-04-28 Aaron Spangler <aaron777@gmail.com>
+
+ * README.LDAP:
+ Build Note
+ [7a061248249b]
+
+2004-04-07 Aaron Spangler <aaron777@gmail.com>
+
+ * Makefile.in:
+ Fix install-dirs
+ [be0726dd92e7]
+
+2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [3f4f0d1ab8b9]
+
+ * visudo.c:
+ In Exit() when used as a signal handler, emsg is a pointer so
+ sizeof() is wrong so make it a #define instead. Also avoid using a
+ negative exit value. Found by Aaron Campbell
+ [78716a3a3fdc]
+
+2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Remove bogus sentence about uids in a User_List. Document usernames
+ vs. uid parsing in a Runas_List.
+ [7ca510b5031c]
+
+ * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ If the user specified a uid with the -u flag and the uid exists in
+ the passwd file, set runas_user to the name, not the uid.
+
+ When comparing usernames in sudoers, if a name is really a uid
+ (starts with '#') compare it numerically to pw_uid.
+ [8d6935d04673]
+
+2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ krb5_mcc_ops should be const; Johnny C. Lam
+ [aa8c753e426e]
+
+2004-02-28 Aaron Spangler <aaron777@gmail.com>
+
+ * CHANGES, config.h.in, ldap.c:
+ Added start_tls support
+ [7ef864c15b69]
+
+2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Clean up libtool stuff for 'make distclean' and add def_data.c,
+ def_data.h to PARSESRCS.
+ [bf9bb6bb06ab]
+
+2004-02-14 Aaron Spangler <aaron777@gmail.com>
+
+ * strlcat.c, strlcpy.c:
+ Un-Fix last license munge
+ [42654b77ac71]
+
+2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e4de6b23a4dc]
+
+ * CHANGES, RUNSON, TODO:
+ checkpoint
+ [94e1ace84d5c]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [8ce784505643]
+
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
+ emul/search.h, emul/utime.h:
+ More to a less restrictive, ISC-style license.
+ [a31b20e48003]
+
+ * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+ More to a less restrictive, ISC-style license.
+ [6d234be91c5e]
+
+ * auth/bsdauth.c:
+ More to a less restrictive, ISC-style license.
+ [e21be6594b58]
+
+ * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+ More to a less restrictive, ISC-style license.
+ [87534c164a52]
+
+ * auth/kerb5.c, auth/pam.c:
+ More to a less restrictive, ISC-style license.
+ [e41f92b41216]
+
+ * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
+ visudo.man.in, visudo.pod:
+ More to a less restrictive, ISC-style license.
+ [b02aea324fd6]
+
+ * Makefile.binary:
+ More to a less restrictive, ISC-style license.
+ [1ed561734535]
+
+ * parse.lex, parse.yacc:
+ More to a less restrictive, ISC-style license.
+ [2f5942e847a1]
+
+ * utime.c, version.h:
+ More to a less restrictive, ISC-style license.
+ [e2e038ad8209]
+
+ * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+ defaults.c:
+ More to a less restrictive, ISC-style license.
+ [d8d7bfc8a18b]
+
+ * defaults.h:
+ More to a less restrictive, ISC-style license.
+ [008f5d5743f5]
+
+ * env.c:
+ More to a less restrictive, ISC-style license.
+ [d5bd859757de]
+
+ * fileops.c:
+ More to a less restrictive, ISC-style license.
+ [4129a8b38a67]
+
+ * find_path.c, getprogname.c:
+ More to a less restrictive, ISC-style license.
+ [f605d5eab6f1]
+
+ * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, interfaces.h:
+ More to a less restrictive, ISC-style license.
+ [520381c60a54]
+
+ * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+ set_perms.c:
+ More to a less restrictive, ISC-style license.
+ [64d772d70ab3]
+
+ * sigaction.c, strerror.c:
+ More to a less restrictive, ISC-style license.
+ [4bccdedca58a]
+
+ * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudo_edit.c:
+ More to a less restrictive, ISC-style license.
+ [71cdcc241e94]
+
+ * sudo_noexec.c:
+ More to a less restrictive, ISC-style license.
+ [a6da7631e0b2]
+
+2004-02-13 Aaron Spangler <aaron777@gmail.com>
+
+ * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+ Merged in LDAP Support
+ [1038092a161e]
+
+ * def_data.c, def_data.h, def_data.in:
+ Merged in LDAP Support
+ [8fb255280e42]
+
+ * ldap.c, sudo.c, sudo.h:
+ Merged in LDAP Support
+ [547eaa346fcc]
+
+ * sudoers2ldif:
+ Merged in LDAP Support
+ [3994c4d05947]
+
+2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h, sudo_noexec.c:
+ Only do "extern int errno" if errno is not a macro.
+ [b2e02a08be8b]
+
+2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
+ euid first, then just call setuid(0) to set the real uid too.
+ [f08546e2e0ee]
+
+ * set_perms.c:
+ Use setresuid() and setreuid() for PERM_RUNAS when appropriate
+ instead of seteuid() which may not exist.
+ [ba508581befb]
+
+2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ 2004
+ [37425513a342]
+
+ * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
+ Add --with-pc-insults configure option
+ [7daa5294c17b]
+
+ * visudo.man.in:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [996252a4ab65]
+
+2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudoers.man.in:
+ regen
+ [a247f1c52eb9]
+
+ * sudoers.pod:
+ Add a note that noexec is not a cure-all.
+ [9e7fc535367d]
+
+ * sudoers.pod:
+ Mention that disabling "root_sudo" is pretty pointless.
+ [f38a415afba0]
+
+ * configure, configure.in:
+ Substitute for root_sudo in sudoers.pod
+ [ce483cfc86be]
+
+ * sudo.pod:
+ Add sudoedit to the NAME section
+ [51bc453ec2f6]
+
+ * sudoers.pod:
+ Document that fact that setting ignore_dot in sudoers has no effect
+ due to the fact that find_path() is called *before* sudoers is read.
+ [6808df7e417c]
+
+2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Do not require _PATH_USRTMP to be set.
+ [546f3270dd10]
+
+ * BUGS, CHANGES, TODO:
+ sync
+ [4205ddeab781]
+
+ * sudo.man.in:
+ regen
+ [e2143690a88a]
+
+ * sudo.pod:
+ Clarify that when sudo is run by root with the SUDO_USER variable
+ set, the sudoers lookup happens for root and not the SUDO_USER user.
+ [47207bec1bdf]
+
+2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
+ set_perms.c, sigaction.c, sudo.c, tgetpass.c:
+ Use the SET, CLR and ISSET macros.
+ [a8b0d7f1e8fd]
+
+ * defaults.c, env.c:
+ Use the SET, CLR and ISSET macros.
+ [2f39431e0a49]
+
+ * fnmatch.c:
+ Use the SET, CLR and ISSET macros.
+ [1afbcba22ba6]
+
+ * interfaces.h:
+ MAIN was replaced with _SUDO_MAIN some time ago.
+ [ea1b38f2ac9d]
+
+ * sudo.c:
+ Don't look at prev_user until after we've parsed sudoers and done
+ the password check. That way, if sudo/sudoedit is run from a root
+ process that was invoked by sudo, we check sudoers for root, not the
+ previous user. This makes sudoedit much more useful and means that
+ for the sudo case, we get correct logging on who actually ran the
+ command.
+ [431dfbf20552]
+
+2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_edit.c:
+ Add a comment describing why we need to be notified about our child
+ stopping.
+ [0bec3ce4b49d]
+
+2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.in:
+ Update the noexec variable descriptions
+ [9cb7f1aa0e57]
+
+ * sudoers.man.in, sudoers.pod:
+ noexec now replaces more than just execve()
+ [23cbdc0ee95c]
+
+ * sudo_noexec.c:
+ Alas, all the world does not go through execve(2). Many systems
+ still have an execv(2) system call, Linux 2.6 provides fexecve(2)
+ and it is not uncommon for libc to have underscore ('_') versions of
+ the functions to be used internally by the library. Instead of
+ stubbing all these out by hand, define a macro and let it do the
+ work. Extra exec functions pointed out by Reznic Valery.
+ [9fa0cd871b0c]
+
+ * sudo.c, sudo_edit.c:
+ Fix suspending the editor in -e mode. Because we do a fork() first
+ we need to be notified when the child has been stopped and then send
+ that same signal to ourself so the shell can do its job control
+ thing.
+ [773165eb6057]
+
+ * visudo.c:
+ Use WIFEXITED and WEXITSTATUS macros. If there are systems out there
+ that want to run sudo that still don't support these we can try to
+ deal with that later.
+ [6af68e4aff60]
+
+ * lex.yy.c:
+ regen
+ [403435317d5d]
+
+ * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
+ Document sudo -e / sudoedit
+ [a80f6ea910af]
+
+ * configure, configure.in:
+ fix typo
+ [5020fcdc27f4]
+
+ * config.h.in, configure.in:
+ Add SET/CLR/ISSET
+ [03ff57286e7e]
+
+2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Allow non-exclusive flags when invoked as sudoedit. Pretty print the
+ long usage() line to not wrap (assumes 80 char display)
+ [3941fa4004bb]
+
+ * Makefile.in, sudo.c:
+ If sudo is invoked as "sudoedit" the -e flag is implied and no other
+ flags are permitted.
+ [929670b01293]
+
+ * sudo.h:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit and
+ the temp file is copied over the original after the editor is done.
+ [c4051414c1f4]
+
+ * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
+ Add a new flag, -e, that makes it possible to give users the ability
+ to edit files with the editor of their choice as the invoking user,
+ not the runas user. Temporary files are used for the actual edit and
+ the temp file is copied over the original after the editor is done.
+ [37ac05c8ac3c]
+
+ * env.c, sudo.c:
+ If real uid == 0 and the SUDO_USER environment variables is set, use
+ that to determine the invoking user's true identity. That way the
+ proper info gets logged by someone who has done "sudo su" but still
+ uses sudo to as root. We can't do this for non-root users since that
+ would open up a security hole, though perhaps it would be acceptable
+ to use getlogin(2) on OSes where this a system call (and doesn't
+ just look in the utmp file).
+ [c2f9198708a1]
+
+ * pathnames.h.in:
+ Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+ [7d9e5768df93]
+
+ * config.h.in, configure, configure.in:
+ Add check for fchown(2)
+ [a85df18798ed]
+
+2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Back out portions of the -i commit that set NewArgv[0] in
+ set_runaspw. It is far to late to set NewArgv[0] there and will have
+ no effect anyway as cmnd and safe_cmnd have already been set.
+ [c2d343430c1c]
+
+ * visudo.c, visudo.pod:
+ Prefer VISUAL over EDITOR like old vipw did.
+ [ae32f477cea3]
+
+2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, sudo.c:
+ In -i mode always set new environment based on the runas user's
+ passwd entry.
+ [fa653b7887a8]
+
+2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man.in, sudo.pod:
+ Document the new -i flag and sync SYNOPSIS section with usage() in
+ sudo.c. Also sort the flags in the OPTIONS section.
+ [6aabc0ffc47e]
+
+ * sudo.c, sudo.h:
+ o Add -i that acts similar to "su -", based on patches from David J.
+ MacKenzie o Sort the flags in the usage message
+ [c0fe7d6beffd]
+
+ * sudoers.man.in, sudoers.pod:
+ Add a missing @runas_default@ substitution.
+ [60516fe2d090]
+
+2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Change euid to runas user before calling find_path(). Unfortunately,
+ though runas_user can be modified in sudoers we haven't parsed
+ sudoers yet.
+ [f469fdf2e313]
+
+ * sudoers.man.in, sudoers.pod:
+ Add missing defintion of Parameter_List and use single pipes in the
+ Defaults EBNF definition.
+ [f7bed6e909bf]
+
+ * sudo.c:
+ Fix a bug when set_runaspw() is used as a callback. We don't want to
+ reset the contents of runas_pw if the user specified a user via the
+ -u flag.
+
+ Avoid unnecessary passwd lookups in set_authpw(). In most cases we
+ already have the info in runas_pw.
+ [efc35623ba09]
+
+2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Add Stan Lee / Uncle Ben quote to the lecture from RedHat
+ [ebd5a76ccd7e]
+
+ * sudo.h:
+ Update sudo_getepw() proto and add one for set_runaspw()
+ [6ed65795c17f]
+
+ * parse.c:
+ If we can't stat the command as root, try as the runas user instead.
+ [ae713fca0e15]
+
+ * testsudoers.c, visudo.c:
+ Add stub set_runaspw() function
+ [42aa37050053]
+
+ * sudo.c:
+ Add set_runaspw() function to fill in runas_pw. This will be used as
+ a callback to update runas_pw when the runas user changes.
+ [e570aa0088d0]
+
+ * env.c, sudo.c:
+ PERM_RUNAS -> PERM_FULL_RUNAS
+ [51eec6f9e89a]
+
+ * set_perms.c, sudo.h:
+ Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
+ changes the euid.
+ [877c6fe4d12c]
+
+ * getspwuid.c:
+ Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
+ one chunk for easy free()ing. Also change it from static to extern.
+ [ab503260a7ec]
+
+ * defaults.c, defaults.h:
+ Add callback support
+ [a61c4ca983fb]
+
+ * def_data.c, def_data.in:
+ Add a callback field and use it for runas_default
+ [d3e9f06872b8]
+
+ * mkdefaults:
+ Add a callback field and use it for runas_default
+ [96b69c27df5e]
+
+2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c:
+ Add support for chalnecho and display server responses used by fwtk
+ >= 2.0
+ [b1870f7aaf0d]
+
+2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in, sudoers.pod:
+ ld.so is ld.so.1 on solaris
+ [2bf9a123fa4c]
+
+ * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
+ Use closefrom() instead of doing the equivalent inline.
+ [7e3ef6072884]
+
+ * closefrom.c:
+ closefrom(3) for systems w/o it
+ [35caf58bb636]
+
+2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.man.in:
+ Update from .pod file.
+ [d4c94fc0e0c9]
+
+ * configure, configure.in:
+ Substitute noexec_file for the sudoers man page
+ [203d3376a551]
+
+ * sudo.man.in, sudo.pod:
+ Mention noexec
+ [014375ddbb06]
+
+ * sudoers.man.in, sudoers.pod:
+ Document noexec
+ [49a65d06201f]
+
+ * auth/pam.c, config.h.in, configure.in:
+ Move PAM_CONST macro definition from config.h to pam.c where it
+ belongs. We can't have this in config.h since that gets included too
+ early.
+ [e64748071637]
+
+ * auth/pam.c, config.h.in, configure, configure.in:
+ Some PAM implementations put their headers in /usr/include/pam
+ instead of /usr/include/security.
+ [8cc749e9575c]
+
+ * configure.in:
+ I missed changing the EXEC macro -> EXECV here when I changed this
+ in config.h.in and sudo.c a while ago.
+ [6f5afac7789f]
+
+ * acsite.m4:
+ OpenBSD vax/m88k/hppa don't do shared libs
+ [e4901d958bb7]
+
+ * configure, configure.in:
+ o merge the hpux case entries into a single entry w/ its own sub-
+ case statement. o HP-UX >= 11 support getspnam(), use it in
+ preference to getprpwuid()
+ [0caad428894e]
+
+ * configure, configure.in:
+ eval $shrext so that it expands nicely on MacOS X
+ [40419343eef8]
+
+ * Makefile.in:
+ Don't lie about making a module, it does the wrong thing on mach
+ [7629b28f5688]
+
+ * ltmain.sh:
+ Remove requirement that libs must begin with "lib". They don't when
+ we point directly at the lib using LD_PRELOAD or its equivalent.
+ [d66f3de6ec85]
+
+ * acsite.m4:
+ Disable support for c++, f77 and java. We don't need it, it takes a
+ lot of time, and it hosed our check for shared lib support.
+ [4f5749c52ce4]
+
+ * configure:
+ regen
+ [160865e9d15f]
+
+ * configure.in:
+ Call AC_ENABLE_SHARED and check the status of enable_shared to know
+ when shared libs are available.
+ [42504c1668fc]
+
+ * acsite.m4:
+ Duh, OpenBSD suports shared libs too
+ [8e3cd9417475]
+
+ * config.h.in, configure.in:
+ Only OpenPAM and Linux PAM use const qualifiers.
+ [b2f76476e866]
+
+ * configure, configure.in:
+ o No need to check for sed, libtool config does that for us o move
+ check for --with-noexec until after libtool magic is run so we can
+ use $can_build_shared and $shrext
+ [668c656e89cc]
+
+ * ltmain.sh:
+ Don't print a bunch of crap about library installs since we are not
+ really installing a library.
+ [83fbcad29fe4]
+
+ * env.c:
+ Make format_env() varargs Add noexec support for Darwin, MacOS X,
+ Irix, and Tru64
+ [468885d75d10]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ Update to libtool 1.5 with local changes: o no ldconfig in the
+ finish step o assume no libprefix or version is needed
+ [4961cffc3797]
+
+ * sudo_noexec.c:
+ Fix compilation under K&R
+ [8b309bf0b1b2]
+
+2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [3c368badab32]
+
+ * sudo_noexec.c:
+ stub execve() that just returns EACCES; used for noexec
+ functionality
+ [1297acae283a]
+
+ * sudo.tab.c:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [0a61c735eabe]
+
+ * sudo.tab.h:
+ Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+ generated code.
+ [dcab78c49273]
+
+2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * def_data.c, def_data.h, def_data.in:
+ Move the environment defaults to the end and shorten a few of the
+ descriptions.
+ [66787b9c612c]
+
+ * configure, configure.in:
+ no shared libs on ultris or convexos
+ [2c5f3c456e32]
+
+ * Makefile.in, configure, configure.in:
+ Build sudo_noexec shared object using libtool; could use some
+ cleanup.
+ [373f483555dd]
+
+ * acsite.m4, ltconfig, ltmain.sh:
+ libtool scaffolding
+ [c903a42e3d90]
+
+ * parse.yacc, sudo.tab.c:
+ Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
+ important.
+ [c6e8a34639a4]
+
+ * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
+ parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
+ update copyright year
+ [a16372ae1711]
+
+ * configure, configure.in, defaults.c, env.c, pathnames.h.in:
+ Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
+ option. The default value of noexec_file is set to this.
+ [7d88e1d3c494]
+
+ * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
+ parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ sudo.tab.h:
+ Add support for preloading a shared object containing a dummy
+ execve() function that just sets error and returns -1. This adds a
+ "noexec_file" option to load the filename as well as a "noexec" flag
+ to enable it unconditionally. There is also a NOEXEC tag that can be
+ attached to specific commands and an EXEC tag to disable it.
+ [c8b6712feb91]
+
+ * mkdefaults:
+ add missing newline to usage statement
+ [e84746618362]
+
+ * config.h.in, sudo.c:
+ Rename EXEC macro -> EXECV
+ [ddaa0c027299]
+
+ * logging.c:
+ Don't truncate usernames to 8 characters in the log message.
+ [f62a20f27075]
+
+ * check.c, sudoers.man.in, sudoers.pod:
+ Update copyright year
+ [ca9964054085]
+
+ * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
+ sudoers.pod:
+ Add a new option, lecture_file, that can be used to point to a
+ custom sudo lecture.
+ [940133231216]
+
+2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [161b6d74bfb4]
+
+ * Makefile.in, sudo.h:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [ff136de3e255]
+
+ * zero_bytes.c:
+ Add a zero_bytes() function to do the equivalent of bzero in such a
+ way that will heopfully not be optimized away by sneaky compilers.
+ [d035abf0af94]
+
+ * err.c:
+ Use #ifdef __STDC__, not #if __STDC__.
+ [6889dd6bc51a]
+
+2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkdefaults:
+ Always put at least one space between the def_* macro name and its
+ definition.
+ [6b3ad0e6619a]
+
+ * configure, configure.in:
+ Adjust code for --without-lecture to match new values.
+ [062aa788a6b9]
+
+ * visudo.man.in:
+ regen after pasto fix
+ [3deec16906c0]
+
+ * sudoers.man.in, sudoers.pod:
+ Document that "lecture" has changed from a flag to a tuple.
+ [e2c03062b533]
+
+ * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
+ defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
+ Add support for tuples in def_data.in; these are implemented as an
+ enum type. Currently there is only a single tuple enum but in the
+ future we may have one tuple enum per T_TUPLE entry in def_data.in.
+ Currently listpw, verifypw and lecture are tuples. This avoids the
+ need to have two entries (one ival, one str) for pwflags and syslog
+ values.
+
+ lecture is now a tuple with the following values: never, once,
+ always
+
+ We no longer use both an int and string entry for syslog facilities
+ and priorities. Instead, there are logfac2str() and logpri2str()
+ functions that get used when we need to print the string values.
+ [5293f946c836]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+ check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
+ logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
+ sudo.tab.c, visudo.c:
+ Create def_* macros for each defaults value so we no longer need the
+ def_{flag,ival,str,list,mode} macros (which have been removed). This
+ is a step toward more flexible data types in def_data.in.
+ [009c02934106]
+
+ * TODO:
+ checkpoint
+ [0a99a4bb5d15]
+
+2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ If we are in -k/-K mode, just spew to stderr. It is not unusual for
+ users to place "sudo -k" in a .logout file which can cause sudo to
+ be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+ Previously, this would result in useless mail and logging.
+ [d282e7ed63af]
+
+2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.pod:
+ fix pasto in VISUAL description
+ [1c6a6148b5f9]
+
+2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [f44312c63799]
+
+ * CHANGES:
+ checkpoint
+ [0c42e38f78d5]
+
+ * TROUBLESHOOTING:
+ Some OSes (like Solaris) allow export w/ nosuid too
+ [973ce85ffa12]
+
+2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ We don't use FD_ZERO anymore so just define FD_SET (if not already
+ there).
+ [d1c8c11905cd]
+
+2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Fix a core dump on Solaris by preserving the pam_handle_t we used
+ during authentication for pam_prep_user(). If we didn't authenticate
+ (ie: ticket still valid), we call pam_init() from pam_prep_user().
+ This is something of a hack; it may be better to change the auth API
+ and add an auth_final() function that acts like pam_prep_user().
+ [f787de49b175]
+
+2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Add explicit declaration of printerr variable in function header
+ (was defaulting to int which is OK but oh so K&R :-). From Theo.
+ [492c2358783f]
+
+2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ s/HAVE_STOW/USE_STOW/
+ [4b99e1824ece]
+
+ * logging.c:
+ Also exit waitpid() loop when pid == 0. Fixes a problem where the
+ sudo process would spin eating up CPU until sendmail finished when
+ it has to send mail.
+ [ec3d5792b9b4]
+
+2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.3:
+ Remove advertising clause, UCB has disavowed it
+ [3ff24291bcfa]
+
+ * fnmatch.c:
+ Remove advertising clause, UCB has disavowed it
+ [43a26bbd6628]
+
+2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ Don't assume that getgrnam() calls don't modify contents of struct
+ passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
+ Based on a patch from Kirk Webb.
+ [5574c68f60f3]
+
+2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ missing ;;
+ [22378f2a9d31]
+
+ * configure.in:
+ darwin has a broken setreuid() in at least some versions
+ [d572aed930d2]
+
+ * env.c:
+ Fix an off by one error when reallocating the environment; Kevin Pye
+ [3d98e7cf097a]
+
+2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix User_Spec definition; SEKINE Tatsuo
+ [49b0da65e090]
+
+2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ More info on the early days from Coggs.
+ [9381ca10b06b]
+
+2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ remove errant semicolon that prevented compilation under heimdal
+ [d2f2bb73a598]
+
+2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+ version.h:
+ add DARPA credit on affected files
+ [868d54cbddea]
+
+ * auth/kerb5.c, auth/pam.c:
+ add DARPA credit on affected files
+ [15da3021b49c]
+
+ * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+ find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+ interfaces.h:
+ add DARPA credit on affected files
+ [da66e28fb3f5]
+
+ * logging.c, parse.c:
+ add DARPA credit on affected files
+ [8f75f822755b]
+
+ * pathnames.h.in:
+ add DARPA credit on affected files
+ [e334cdda422f]
+
+ * set_perms.c:
+ add DARPA credit on affected files
+ [3d79fdabb582]
+
+ * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+ sudoers.man.in:
+ add DARPA credit on affected files
+ [d8adf1c2ba22]
+
+ * sudoers.pod:
+ add DARPA credit on affected files
+ [83b46318750b]
+
+ * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+ add DARPA credit on affected files
+ [7020785ee50d]
+
+ * Makefile.in, alloc.c, check.c:
+ add DARPA credit on affected files
+ [cd939e05c810]
+
+ * compat.h:
+ add DARPA credit on affected files
+ [316a735783c4]
+
+ * defaults.c, defaults.h:
+ add DARPA credit on affected files
+ [6a64205fd1eb]
+
+ * env.c:
+ add DARPA credit on affected files
+ [90239f51ef0a]
+
+ * LICENSE:
+ slightly different wording for the darpa credit
+ [e468909c4a21]
+
+2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ Add DARPA credit
+ [8eb20e2cd63e]
+
+2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Use krb5_princ_component() instead of krb5_princ_realm() for MIT
+ Kerberos like we did before I messed things up ;-)
+
+ Use krb5_principal_get_comp_string() to do the same thing w/
+ Heimdal. I'm not sure if the component should be 0 or 1 in this
+ case.
+
+ #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
+ older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
+ should be a configure check for this I guess.
+ [74919a3933fe]
+
+2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING, config.h.in, configure, configure.in:
+ builtin -> built-in; Jason McIntyre
+ [70b81ac48943]
+
+ * sample.sudoers:
+ builtin -> built-in; Jason McIntyre
+ [027f2187923e]
+
+ * sudoers.pod:
+ built in -> built-in; Jason McIntyre
+ [da658ef5138d]
+
+2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p3
+ [da85f989fadf]
+
+ * HISTORY:
+ Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
+ Amazingly, sudo source from 1985 is available via groups.google.com
+ [39e0fc85b89f]
+
+ * sudo.c:
+ Don't change rl.rlim_max for RLIMIT_CORE. We need only set
+ rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
+ RLIMIT_CORE restoration on some OSes.
+ [7e2c1a7adfd8]
+
+2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Make this compile on Heimdal and MIT Kerberos 5
+ [44c07d615868]
+
+ * config.h.in, configure, configure.in:
+ Check for heimdal even if we found krb5-config and define
+ HAVE_HEIMDAL.
+ [aba0126f0059]
+
+ * auth/kerb5.c:
+ Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no
+ longer defined by MIT kerb5 (though it used to be and indeed remains
+ so in Heimdal).
+ [e5a6c64d7cd5]
+
+2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ Remove newer stuff that passes multiple (possibly duplicate)
+ directories to "mkdir -p" since that seems to break on Tru64 Unix at
+ least. This basically brings back what shipped with sudo 1.6.6.
+ [f2a1abd872b3]
+
+2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/kerb5.c:
+ Correct number of args to krb5_principal_get_realm() and fix an
+ unclosed comment that hid the bug.
+ [0b37f8ce7824]
+
+ * configure:
+ regen
+ [1876cb840fe0]
+
+ * BUGS:
+ ++version
+ [ea3573432412]
+
+ * CHANGES, version.h:
+ ++version
+ [f66985a64063]
+
+ * INSTALL:
+ ++version
+ [555aeba5c2bf]
+
+ * INSTALL.binary:
+ ++version
+ [a506204e77d0]
+
+ * Makefile.in:
+ ++version
+ [97ef63cedc38]
+
+ * README:
+ ++version
+ [488e0bbff613]
+
+ * configure.in:
+ ++version
+ [480aff7c048e]
+
+ * configure.in:
+ use krb5-config to determine Kerberos V details if it exists
+ [7b46bbdaf774]
+
+ * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
+ auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
+ find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
+ testsudoers.c, visudo.c:
+ Use warn/err and getprogname() throughout. The main exception is
+ openlog(). Since the admin may be filtering logs based on the
+ program name in the log files, hard code this to "sudo".
+ [9f180d015cfa]
+
+ * Makefile.in:
+ Add getprogname.c and err.c
+ [d411c54a07dc]
+
+ * configure:
+ regen
+ [6d585d391acc]
+
+ * config.h.in, configure.in:
+ Add checks for getprognam(), __progname and err.h
+ [bcbccf61d34a]
+
+ * emul/err.h:
+ For systems withour err/warn functions.
+ [1b33118884d9]
+
+ * err.c:
+ For systems withour err/warn functions.
+ [26721f6b041f]
+
+ * getprogname.c:
+ For systems neither getprogname() nor __progname; uses Argv[0].
+ [841cf42af1eb]
+
+2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for 1.6.7p1
+ [5bfdaf441dce]
+
+ * sudo.c, testsudoers.c:
+ fix strlcpy() rval check (innocuous)
+ [e05ac7e0d1f3]
+
+ * check.c:
+ oflow detection in expand_prompt() was faulty (false positives). The
+ count was based on strlcat() return value which includes the length
+ of the entire string.
+ [086c5a0acb25]
+
+2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint for the sudo 1.6.7 release
+ [87322187ed78]
+
+ * RUNSON, TODO:
+ checkpoint for the sudo 1.6.7 release
+ [096bab4da29a] [SUDO_1_6_7]
+
+2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ g/c unused variable
+ [c57cd4a17765]
+
+ * configure:
+ regen
+ [e7c1f581dfac]
+
+ * configure.in:
+ use man sections 8 and 5 for csops
+ [87de581bda88]
+
+2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cb1433a9c7a1]
+
+ * configure.in:
+ Add -lskey or -lopie directly to SUDO_LIBS instead of having
+ AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+ [ac5667978939]
+
+ * configure:
+ regen
+ [638459118a2a]
+
+ * INSTALL:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [4b4bbe5bbe1b]
+
+ * aclocal.m4:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [37022e991575]
+
+ * configure.in:
+ Add --with-blibpath for AIX. An alternate libpath may be specified
+ or
+ -blibpath support can be disabled. Also change conifgure such that
+ -blibpath is not specified if no -L libpaths were added to
+ SUDO_LDFLAGS.
+ [c7d17b480cad]
+
+ * configure.in:
+ add AIX blibpath support
+ [16ba788bf086]
+
+ * INSTALL, configure.in:
+ --with-skey and --with-opie now take an option directory argument
+ This obsoletes a --with-csops hack (/tools/cs/skey)
+
+ Also remove the remaining direct uses of "echo"
+ [5b4986a90c03]
+
+2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Detect KTH Kerberos IV and deal with it. Also make -lroken optional
+ for KTH Kerberos IV and V.
+ [119f97b48e18]
+
+ * aclocal.m4:
+ Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
+ -R/path/to/dir if $with_rpath) to the specified variable.
+ [e55e49d076ce]
+
+ * INSTALL, configure.in:
+ Add -R/path/to/libs for Solaris and SVR4. There is a new configure
+ option, --with-rpath to control this behavior.
+ [d4730c5399ab]
+
+ * configure.in:
+ for kerb4 put libdes after libkrb on the link line
+ [5c566100eab6]
+
+ * auth/kerb4.c:
+ typo
+ [6541b72b64a3]
+
+ * configure.in:
+ fix kerberos lib check when a path is specified
+ [ae833a914c6f]
+
+ * logging.c:
+ Fix boolean thinko in SIGCHLD reaper and call reapchild after
+ sending mail instead of doing a conditional sudo_waitpid.
+ [86fa9a35df5a]
+
+2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [e6275cf528ba]
+
+ * configure.in:
+ replace =DIR with [=DIR] where sensible
+ [c39a59173b38]
+
+ * configure.in:
+ o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
+ detection based on openssh's configure.in
+ [5b7a340912df]
+
+ * INSTALL:
+ --with-kerb4 and --with-kerb5 now take an optional argument.
+ [71ed87fc9c64]
+
+2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid.c:
+ Kill remaining strcpy(), the programmer's guide says username is 32
+ bytes.
+ [bdba70fcd08d]
+
+ * auth/kerb4.c:
+ trat uid_t as unsigned long for printf and use snprintf, not sprintf
+ [8072f5f8966d]
+
+ * auth/rfc1938.c:
+ use snprintf
+ [fc0c70c665fe]
+
+2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/sudo_auth.c:
+ update copyright year
+ [b0a10ccb1d0e]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ update copyright year
+ [8fce0034eb51]
+
+ * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
+ configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
+ sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
+ update copyright year
+ [d541e75fe520]
+
+ * check.c, env.c, sudo.c:
+ Cast [ug]ids to unsigned long and printf with %lu
+ [2ede64d3592b]
+
+ * configure:
+ regen
+ [c7c3245bdf3e]
+
+ * configure.in:
+ correct error messages for --with-sudoers-{mode,uid,gid}
+ [77fc15b1c9db]
+
+ * alloc.c:
+ make the malloc(0) error specific to each function to aid tracking
+ down bugs.
+ [a58c34374b4b]
+
+ * alloc.c:
+ deal with platforms where size_t is signed and there is no SIZE_MAX
+ or SIZE_T_MAX
+ [7192abb4ab4e]
+
+ * auth/kerb5.c:
+ Make this compile w/ Heimdal and fix some gcc warnings.
+ [f52f026f31c2]
+
+ * sudo.c:
+ Use stat_sudoers macro so --with-stow can work
+ [c3674735c139]
+
+ * INSTALL, config.h.in, configure, configure.in:
+ Add support for --with-stow based on patches from Robert Uhl
+ [b274cc1dd52c]
+
+ * env.c:
+ fix indentation
+ [110d9f1721b1]
+
+ * configure.in:
+ back out rev 1.352
+ [1eee91c83f11]
+
+ * lex.yy.c:
+ regen
+ [72fba1c9590b]
+
+ * parse.lex:
+ use strlcpy, not strncpy
+ [4faccbaeccef]
+
+ * set_perms.c:
+ Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
+ [33bf0d18fdc1]
+
+ * logging.c:
+ use pid_t
+ [3e0536993d2c]
+
+2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * strlcat.c, strlcpy.c:
+ Make gcc shutup about unused rcsid
+ [1669a0c74e9e]
+
+ * interfaces.c:
+ Move the n == 0 check for the non-getifaddrs cas
+ [2460be061b2a]
+
+ * auth/rfc1938.c:
+ skeychallenge() on NetBSD take a size parameter
+ [05acc2012801]
+
+ * configure:
+ regen
+ [24bccf4749e8]
+
+ * configure.in:
+ put -ldl after -lpam, not before; fixes static linking on Linux
+ [7f06b7b2b4d8]
+
+ * interfaces.c:
+ Avoid malloc(0) and fix the loop invariant for the getifaddrs()
+ case.
+ [239a55068646]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ regen
+ [4a2eed3981ca]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ regen
+ [2c96ea2cf930]
+
+ * Makefile.in:
+ Preserve copyright notice from .pod file in .man.in file
+ [519fbd09aebc]
+
+ * visudo.pod:
+ Add sudoers(5) to SEE ALSO
+ [77ecfe3aedf1]
+
+2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [6f5751ce0b74]
+
+ * parse.lex:
+ Don't assume libc can realloc() a NULL string. If malloc/realloc
+ fails, make sure we just return; yyerror() is not terminal.
+ [1b8618623708]
+
+ * lex.yy.c:
+ regen
+ [5d31b46191c6]
+
+ * parse.lex:
+ simplify fill_args a little and use strlcpy for paranoia
+ [0ea35a55542b]
+
+ * sudo.tab.c:
+ regen
+ [5a8d508d708b]
+
+ * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
+ testsudoers.c:
+ Use strlc{at,py} for paranoia's sake and exit on overflow. In all
+ cases the strings were either pre-allocated to the correct size of
+ length checks were done before the copy but a little paranoia can go
+ a long way.
+ [e73d28f1d14e]
+
+ * sudo.h:
+ Add strlc{at,py} protos
+ [748ffc7fc7f4]
+
+ * env.c, interfaces.c:
+ Use erealloc3()
+ [47f2cb46aba8]
+
+ * configure:
+ regen
+ [e7e2fb79f935]
+
+ * alloc.c:
+ Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
+ memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
+ [7e0fa4d6fc1d]
+
+ * sudo.c:
+ snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
+ configure.
+ [09ea4d3959e9]
+
+ * aclocal.m4:
+ In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
+ [31b4fdfdb8bf]
+
+2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Use snprintf() for paranoia
+ [a2659ceb46de]
+
+ * parse.yacc:
+ Use emalloc2 and erealloc3
+ [90a069842401]
+
+ * Makefile.in:
+ strlc{at,py} for those w/o it
+ [bac82dc916ee]
+
+ * strlcat.c, strlcpy.c:
+ stlc{at,py} for those w/o it.
+ [ce7254f5db09]
+
+ * config.h.in, configure, configure.in:
+ Add stlc{at,py} for those w/o it.
+ [00f08219657a]
+
+ * alloc.c, sudo.h:
+ Add erealloc3(), a realloc() version of emalloc2().
+ [c96eaf08bbed]
+
+ * interfaces.c, sudo.c:
+ Use emalloc2() to allocate N things of a certain size.
+ [1e0aba365555]
+
+ * alloc.c, sudo.h:
+ Add emalloc2() -- like calloc() but w/o the bzero and with
+ error/oflow checking.
+ [292150bc4153]
+
+ * alloc.c:
+ Error out on malloc(0); suggested by theo
+ [995279e81326]
+
+2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix a typo; David Krause
+ [f161213a17ab]
+
+2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fix typo
+ [3ae5ad9a351a]
+
+2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Remove DYLD_ from the environment for MacOS X; from bbraun
+ [38caad5a3935]
+
+2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ not not; Anil Madhavapeddy
+ [d4f4f0bfc66b]
+
+2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ typos; jmc@openbsd.org
+ [868c0f09bf9e]
+
+2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ Add some missing ';' rule terminators that bison warns about.
+ [535b0b8dcce5]
+
+ * config.sub:
+ fix typo I introduced in last merge
+ [81db4e4f43fe]
+
+ * configure:
+ regenerate with autoconf 2.57
+ [ca0c1e9564f8]
+
+ * config.h.in:
+ Add missing "$HOME"
+ [209186197ad1]
+
+ * configure.in:
+ Add some more square backets to make autoconf 2.57 happy
+ [b5639c14faf7]
+
+ * config.guess:
+ Updates from autoconf-2.57
+ [ea0f8ca622af]
+
+ * config.sub, mkinstalldirs:
+ Updates from autoconf-2.57
+ [36be35eb331b]
+
+2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [0b529db7cb6d]
+
+ * sudo.tab.h:
+ regen
+ [13a65a421567]
+
+ * parse.lex, parse.yacc, sudoers.pod:
+ Add support for Defaults>RunasUser
+ [20d726373175]
+
+2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fclose() yyin after each yyparse() is done and use fopen() instead
+ of using freopen().
+ [587f8a2df857]
+
+ * parse.lex:
+ Better fix for sudoers files w/o a newline before EOF. It looks like
+ the issue is that yyrestart() does not reset the start condition to
+ INITIAL which is an issue since we parse sudoers multiple times.
+ [920f8326968a]
+
+2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ Work around what appears to be a flex bug when dealing with files
+ that lack a final newline before EOF. This adds a rule to match EOF
+ in the non-initial states which resets the state to INITIAL and
+ throws an error.
+ [b94943bb1f81]
+
+ * visudo.c:
+ o The parser needs sudoers to end with a newline but some editors
+ (emacs) may not add one. Check for a missing newline at EOF and add
+ one if needed. o Set quiet flag during initial sudoers parse (to get
+ options) o Move yyrestart() call and always use freopen() to open
+ yyin after initial sudoers parse.
+ [12d12f9b07aa]
+
+2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Fix pasto/thinko in setresgid()/setregid() usage. Want to set
+ effective gid, not real gid, when reading sudoers.
+ [c7d18b810fcd]
+
+ * set_perms.c:
+ don't compile set_perms_posix if we have setreuid or setresuid
+ [b9cea7a81a29]
+
+2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, sudoers.pod:
+ document new prompt escapes
+ [2f088076b640]
+
+ * check.c:
+ Add %U and %H escapes and redo prompt rewriting. "%%" now gets
+ collapsed to "%" as was originally intended. This also gets rid of
+ lastchar (does lookahead instead of lookback) which should simplify
+ the logic slightly.
+ [4b707b77b3c7]
+
+2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Write the prompt *after* turning off echo to avoid some password
+ characters being echoed on heavily-loaded machines with fast
+ typists.
+ [d38c57775915]
+
+ * config.sub:
+ Add support for mipseb; wiz@danbala.tuwien.ac.at
+ [cfdac87ed5c8]
+
+ * configure.in:
+ Fix IRIX fallout from name changes in man dir/sect Makefile
+ variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
+ [9a7618755c23]
+
+ * auth/pam.c:
+ Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
+ the global copy. Problem noted by Peter Pentchev.
+ [d0a3e189cb06]
+
+2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [23b931359087]
+
+ * parse.yacc:
+ Add missing yyerror() calls; YYERROR does not seem to call this for
+ us.
+ [0be7aeb3ac57]
+
+2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fix typo in comment; Pedro Bastos
+ [d7406c460e99]
+
+2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --disable-setresuid
+ [fbd03d03a027]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Sprinkle some volatile qualifiers to prevent over-enthusiastic
+ optimizers from removing memset() calls.
+ [5370ac0e6129]
+
+ * logging.c, parse.yacc:
+ minor sign fixes pointed out by gcc -Wsign-compare
+ [db872438337f]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Revamp set_perms. We now use a version based on setresuid() or
+ setreuid() when possible since that allows us to support the
+ stay_setuid option and we always know exactly what the semantics
+ will be (various Linux kernels have broken POSIX saved uid support).
+ [523bc212396c]
+
+ * config.h.in, configure:
+ regen from configure.in
+ [351877ea2624]
+
+ * configure.in:
+ Add checks for setresuid() and a way to disable using it
+ [a5b21653d169]
+
+ * compat.h:
+ No long need to emulate set*[ug]id() via setres[ug]id() or
+ setre[ug]id(). The new set_perms stuff only uses things it knows are
+ there.
+ [47884bd5d1d9]
+
+ * sudo.c:
+ Before exec, restore state of signal handlers to be the same as when
+ we were initialy invoked instead of just reseting to SIG_DFL. Fixes
+ a problem when using sudo with nohup. Based on a patch from Paul
+ Markham.
+ [f8f5a1484faa]
+
+ * sudo.c:
+ o timestamp_uid should be uid_t, not int o clarify error message
+ when sudo is run by root and no_root_sudo is set
+ [19dda0734264]
+
+2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ update ftp link for bison
+ [98bc191016e3]
+
+2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Error out if setusercontext() fails and the runas user is not root.
+ [089f9ade4686]
+
+2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid5.c:
+ Fix rcsid
+ [07e9e85dcc2f]
+
+ * configure.in:
+ Fix SecurID API test
+ [5ec201f454a5]
+
+2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ typo in comment
+ [9d385c9ac533]
+
+ * configure.in:
+ securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
+ but I don't see a better way at the moment.
+ [f89e55cbb313]
+
+ * Makefile.in, auth/securid5.c:
+ SecurID API version 5 support from Michael Stroucken
+ [68500ac7e531]
+
+ * configure.in:
+ Add check for SecurID 5.0 API
+ [1ee242e6de6b]
+
+2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * strerror.c:
+ We actually do still need config.h to get the 'const' definition for
+ K&R C.
+ [d9c982032d85]
+
+2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen with autoconf 2.5.3
+ [c71fc086eef5]
+
+ * configure.in:
+ Don't set sysconfdir to '/etc' if the user has specified a --prefix.
+ [d90da1efafd9]
+
+ * configure.in:
+ Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
+ LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
+ [dd67afefa90d]
+
+ * env.c, sudo.c, sudo.h:
+ No need for dump_badenv() now that dump_defaults() knows how to dump
+ lists.
+ [6bcda468501d]
+
+ * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+ version.h:
+ ++version
+ [44e3b8f95f0b]
+
+ * sudoers.pod:
+ document timestampowner
+ [37ebd69e9dd1]
+
+ * check.c:
+ Don't call set_perms() when doing timestamp stuff unless
+ timestamp_uid != 0.
+ [63a63d41d18c]
+
+ * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
+ sudo.h, testsudoers.c:
+ g/c second arg to set_perms--it is no longer used
+ [7ac4ce50c612]
+
+2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, set_perms.c, sudo.c, sudo.h:
+ Add support for non-root timestamp dirs. This allows the timestamp
+ dir to be shared via NFS (though this is not recommended).
+ [faa83dd2b7fb]
+
+ * def_data.c, def_data.h, def_data.in:
+ Add timestampowner, "Owner of the authentication timestamp dir"
+ [d47640d4c86a]
+
+2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Don't try to pre-compute the size of the new envp, just allocate
+ space up front and realloc as needed. Changes to the new env pointer
+ must all be made through insert_env() which now keeps track of
+ spaced used and allocates as needed.
+ [39bc934a9f2c]
+
+2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [0e12c09bb790]
+
+ * configure.in:
+ Fix two typo/pastos; from jrj@purdue.edu
+ [b718a4bf1181]
+
+2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.binary, README:
+ ++version
+ [a1e33027278c] [SUDO_1_6_6]
+
+ * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
+ visudo.cat, visudo.man.in:
+ regen
+ [19eb2be283ef]
+
+ * CHANGES, RUNSON, TODO:
+ Sync with 1.6.6
+ [2ff9a9087f63]
+
+ * check.c:
+ The the loop used to expand %h and %u, the lastchar variable was not
+ being initialized. This means that if the last char in the prompt is
+ '%' and the first char is 'h' or 'u' a extra copy of the host or
+ user name would be copied, for which space had not been allocated.
+ [b2e27197857d]
+
+2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, configure.in, version.h:
+ crank version to 1.6.6
+ [cfd08689e597]
+
+ * auth/afs.c:
+ #undef VOID to get rid of an AFS warning
+ [b40760564dc1]
+
+ * env.c:
+ Use easprintf instead of emalloc + sprintf for some things.
+ [e7bfe2e69a03]
+
+2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [35327104383d]
+
+ * parse.c, parse.lex, parse.yacc, testsudoers.c:
+ Remove Chris Jepeway's email address so people don't bug him ;-)
+ [c03410747a69]
+
+2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
+ endgrent() at the same time.
+ [28b6097d5d1a]
+
+2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Make it clear which configure options take arguments.
+ [38529e7efad0]
+
+2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
+ RLIM_INFINITY, just pretend it is -1. This works because we only
+ check for RLIM_INFINITY and do not set anything to that value.
+ [53173d34e6eb]
+
+2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Zero and free allocated memory when there is a conversation error.
+ [e342133db579]
+
+ * auth/bsdauth.c:
+ Use sigaction() not signal()
+ [126c2790561f]
+
+ * INSTALL:
+ Mention that some linux kernels have broken POSIX saved ID support
+ [571ef1a893d3]
+
+ * CHANGES:
+ checkpoint for 1.6.5p2
+ [9e9e456f7f43]
+
+ * configure:
+ regen
+ [d53703a46708]
+
+ * configure.in:
+ Add --disable-setreuid flag
+ [3b9f2679cb55]
+
+ * INSTALL:
+ Document new --disable-setreuid option and change description for
+ --disable-saved-ids to match new error message.
+ [14fd3e5f60a5]
+
+ * set_perms.c:
+ fatal() now takes an argument that determines whether or not to call
+ perror().
+ [d826b25e62ff]
+
+ * PORTING:
+ Update for new error messages from set_perms()
+ [60c545a6bcff]
+
+ * TROUBLESHOOTING:
+ Update for new error messages from set_perms()
+ [78007c3f76a9]
+
+2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Make this compile w/o warnings
+ [b90843a29af5]
+
+ * auth/pam.c:
+ Mention that we can't use pam_acct_mgmt()
+ [1dfc5a6e0479]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
+ The user's password was not zeroed after use when AIX
+ authentication, BSD authentication, FWTK or PAM was in use.
+ [b18fff30b1e7]
+
+2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Avoid giving PAM a NULL password response, use the empty string
+ instead. This avoids a log warning when the user hits ^C at the
+ password prompt when PAM is in use.
+ [c3315805e4e4]
+
+ * auth/pam.c:
+ Don't check the return value of pam_setcred(). In Linux-PAM 0.75
+ pam_setcred() returns the last saved return code, not the return
+ code for the setcred module. Because we haven't called
+ pam_authenticate(), this is not set and so pam_setcred() returns
+ PAM_PERM_DENIED.
+ [73db145fa179]
+
+ * Makefile.binary:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [cd7eb6098b87]
+
+ * Makefile.in:
+ Don't need a '/' between $(DESTDIR) and a directory.
+ [0901ca618176]
+
+2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [41b12c039282]
+
+ * configure.in:
+ o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
+ setreuid() o new NetBSD has a real setreuid() o add check for
+ freeifaddrs() if getifaddrs() exists.
+ [a82ee3b01733]
+
+ * config.h.in, interfaces.c:
+ Older BSDi releases lack freeifaddrs() so add a test for that and if
+ it is not present just use free().
+ [6270671ea9d5]
+
+2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON:
+ Checkpoint for 1.6.5p1
+ [26134ecf9b36]
+
+ * auth/passwd.c:
+ Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
+ to normal passwords, not AUTH_FATAL (which just causes an exit).
+ [785e0f4bc0e2]
+
+ * visudo.c:
+ Don't use memory after it has been freed.
+ [c60492739fdb]
+
+ * auth/passwd.c:
+ skeyaccess() wants a struct passwd * not a char *; Patch from
+ Phillip E. Lobbes
+ [65a1d3806fcd] [SUDO_1_6_5]
+
+ * BUGS:
+ ++version
+ [b2e1825e692e]
+
+ * CHANGES, RUNSON, TODO:
+ checkpoint for sudo 1.6.5
+ [d730945622e7]
+
+2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [49744c403ac9]
+
+ * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+ version 1.6.5
+ [ec30a5f7fc45]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ sudo version 1.6.5
+ [458a3bed535d]
+
+ * logging.c:
+ o when invoking the mailer as root use a hard-coded environment that
+ doesn't include any info from the user's environment. Basically
+ paranoia.
+
+ o Add support for the NO_ROOT_MAILER compile-time option and run the
+ mailer as the user and not root if NO_ROOT_MAILER is defined.
+ [4df351ec92ce]
+
+ * set_perms.c, sudo.h:
+ Bring back PERM_FULL_USER
+ [edb6039bb284]
+
+ * configure:
+ regen
+ [3eb2943afa03]
+
+ * version.h:
+ version 1.6.5
+ [044fc9a0c72b]
+
+ * INSTALL, config.h.in, configure.in:
+ Add --disable-root-mailer option to run the mailer as the user and
+ not root.
+ [e9f805397963]
+
+ * CHANGES:
+ checkpoint for 1.6.4p2
+ [b58aae5aa98a]
+
+ * PORTING:
+ Mention the "seteuid(0): Operation not permitted" problem here too
+ just for good measure.
+ [90135b37a691]
+
+2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c, getspwuid.c, sudo.c:
+ The SHELL environment variable was preserved from the user's
+ environment instead of being reset based on the passwd database when
+ the "env_reset" option was used. Now it is reset as it should be.
+ [300066ef3c71]
+
+ * configure:
+ regen
+ [a47d779e6552]
+
+ * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
+ sudo.c:
+ Add a configure option to turn off use of POSIX saved IDs
+ [fb18cc8e94d0]
+
+ * configure:
+ regen
+ [d4f2f20025b6]
+
+ * configure.in:
+ add --with-efence option
+ [45c4f33a8e88]
+
+ * sudo.c:
+ Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
+ "sudo -l" would not work if always_set_home was set.
+ [c3a6de6c4800]
+
+ * lex.yy.c:
+ regen
+ [417424452998]
+
+ * parse.lex:
+ Quoted commas were not being treated correctly in command line
+ arguments.
+ [753415541b37]
+
+ * sudo.c:
+ o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
+ Otherwise, the set_home option has no effect.
+
+ o Fix use of freed memory when the "fqdn" flag is set. This was
+ introduced by the fix for the "segv when gethostbynam() fails" bug.
+ Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
+ there is no need to check the "fqdn" flag in set_fqdn() itself.
+ [4b6a4245c04e]
+
+ * env.c:
+ Add 'continue' statements to optimize the switch statement. From
+ Solar.
+ [a82c76975ae5]
+
+2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ Regen from new sudoers.pod
+ [6ecc07b3d0e1] [SUDO_1_6_4]
+
+ * sudoers.pod:
+ Add caveat about stay_setuid flag
+ [9d228a7bea1b]
+
+ * sudo.c:
+ If set_perms == set_perms_posix and the stay_setuid flag is not set,
+ set all uids to 0 and use set_perms_fallback().
+ [c4e54d1ec86f]
+
+ * set_perms.c, sudo.h:
+ Remove PERM_FULL_USER (which is no longer used) and add
+ PERM_FULL_ROOT (used when exec'ing the mailer).
+ [15406c522ea2]
+
+ * logging.c:
+ Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
+ never want to run the mailer setuid.
+ [2294853e0666]
+
+2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
+ visudo.pod:
+ Use sudo.ws instead of courtesan.com in URLs
+ [55204002a308]
+
+ * Makefile.binary, Makefile.in:
+ Fix mansect substitution
+ [b7b5cbc3aa91]
+
+ * Makefile.in:
+ Substitute man sections in Makefile.binary
+ [040deb785e56]
+
+ * Makefile.binary:
+ Sync install targets with Makefile.in and substitute in man
+ sections.
+ [77882a275281]
+
+ * INSTALL, INSTALL.binary:
+ version is 1.6.4
+ [0f87aabbcb70]
+
+ * Makefile.in:
+ Repair bindist target
+ [8d43bfe7e2d1]
+
+ * CHANGES:
+ sync for 1.6.4
+ [13ca3d4a0a72]
+
+2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Fix case where neither whoami nor id are found
+ [424dd270bc47]
+
+2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ If neither whoami nor id exists, just assume we are root.
+ [2d2644e42c53]
+
+ * alloc.c:
+ Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
+ on AIX which for some reason isn't pulling in the malloc prototype.
+ [231440d2ee3b]
+
+2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
+ (c) 2002
+ [700e3b41a68e]
+
+ * CHANGES:
+ checkpoint
+ [33e604bd8d5b]
+
+ * sudo.c:
+ Defer assigning new environment until right before the exec.
+ [f13c49e75c1c]
+
+ * parse.c:
+ kill extra blank line
+ [12ef22e9dae3]
+
+2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [a6cd2d788f74]
+
+ * configure.in:
+ Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
+ compiler doesn't recognise -O2.
+ [5234aa543692]
+
+ * HISTORY:
+ Clarify origins of Root Group sudo a bit based on info from
+ billp@rootgroup.com
+ [4deef01c4208]
+
+2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE:
+ 2002
+ [6c8e089dbd1a]
+
+ * CHANGES:
+ checkpoint for 1.6.4rc1
+ [3349eb87a49f]
+
+2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ now generated via autoheader
+ [84657d303cb9]
+
+ * configure:
+ regen
+ [207bfa6a13f6]
+
+ * compat.h:
+ Move in some stuff that was previously in config.h.
+ [e576d8b6480f]
+
+ * aclocal.m4, configure.in:
+ Add info for autoheader.
+ [0549cd5da27c]
+
+2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g
+ to facilitate non-root installs
+ [619216038f56]
+
+ * install-sh:
+ Add -M option (like -m but only for root) If we can't find "whoami",
+ use "id" w/ some sed.
+ [b39121c8b792]
+
+ * configure:
+ regen
+ [b39b93ff9804]
+
+ * configure.in:
+ allow user to always override mansectsu and mansectform
+ [0fca5e63bd90]
+
+2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ update from autoconf 2.52
+ [07bd75a508c3]
+
+ * config.guess, config.sub:
+ Update from autoconf 2.52
+ [857b90fe31b7]
+
+ * configure:
+ regen with autoconf 2.52
+ [08e7d1ea2aeb]
+
+ * configure.in:
+ o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
+ mode o Remove compiler-specific checks for HP-UX now that we use
+ AC_PROG_CC_STDC
+ [d433a70b6208]
+
+ * RUNSON:
+ Checkpoint
+ [babf6d2235d1]
+
+ * auth/pam.c:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits. o When calling
+ pam_end(), try to convert the auth->result to a PAM_FOO value. This
+ is a hack--we really need to stash the last PAM_FOO value received
+ and use that instead.
+ [6ad6f340dd2a]
+
+ * set_perms.c, sudo.h:
+ o Add pam_prep_user function to call pam_setcred() for the target
+ user; on Linux this often sets resource limits.
+ [67795421ac82]
+
+ * env.c:
+ Fix off by one error in number of bytes allocated via malloc (does
+ not affected any released version of sudo).
+ [5f5915360111]
+
+2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c:
+ regen
+ [8208c0277775]
+
+ * parse.lex:
+ Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
+ requiring that they be quoted.
+ [ae59bc8f68dd]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Mention that no double quotes are needed when
+ adding/deleting/assigning a single value to a list.
+ [25efc940a1f0]
+
+ * Makefile.in:
+ Don't rely on mkdefaults being executable, call perl explicitly.
+ [6edc97ba5f1d]
+
+ * sudo.tab.c:
+ regen
+ [49130b2e7e4d]
+
+ * parse.yacc:
+ Remove some XXX that are no longer relevant.
+ [d460ac0d3767]
+
+ * defaults.c:
+ o Roll our own loop instead of using strpbrk() for better
+ grokability o When adding to a list we must malloc() and use
+ memcpy(), not strdup() since we must only copy len bytes from str.
+ [649bef08e1f0]
+
+2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [f0bbf2c38c0e]
+
+ * parse.yacc:
+ typo in comment
+ [2563711ff593]
+
+2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ checkpoint
+ [a6d8a29fb30e]
+
+ * configure:
+ regen
+ [bdfcaaf3bd13]
+
+ * configure.in:
+ avoid the -g flag unless --with-devel was specified
+ [a976707bef30]
+
+ * Makefile.in:
+ mkdefaults, def_data.in and sigaction.c were missing from the
+ tarball
+ [6917ffbaa412]
+
+ * Makefile.in:
+ def_data.c was missing
+ [87c78b11453d]
+
+2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
+ allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
+ [fc8698e6a45e]
+
+ * TODO:
+ Another TODO item
+ [6f251d6cd466]
+
+ * sudoers:
+ Add comment for Default section so folks know where it should go.
+ [7edba626f392]
+
+2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use TCSETAF, not TCSETA to set terminal in termio case
+ [fbd172f6c5d3]
+
+ * sudoers.cat, sudoers.man.in:
+ regen from sudoers.pod
+ [64edd2de816e]
+
+ * sudoers.pod:
+ o Typo, Runas_User_List should be Runas_List o a User_List can not
+ contain a uid o mention that the Defaults section should come after
+ Alias definitions but before the user specifications
+ [54070ba2092b]
+
+2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [e62d1d97693c]
+
+ * sudoers.pod:
+ Fix listpw and verifypw sections, they were not being formatted
+ properly.
+ [123868c2f3e9]
+
+ * sudoers.cat, sudoers.man.in:
+ regen
+ [f94841f8b374]
+
+ * sudoers.pod:
+ fix typos
+ [f278f1c1184e]
+
+ * configure:
+ regen
+ [d2270049ba9f]
+
+ * config.h.in, configure.in:
+ use AC_SYS_POSIX_TERMIOS instead of rolling our own
+ [c1a13f1354b9]
+
+ * README:
+ Reference sudo.ws not courtesan.com
+ [ca13be67ebd7]
+
+ * PORTING:
+ Add notes on shadow passwords
+ [aa13863f2314]
+
+ * BUGS:
+ In list mode (sudo -l), characters escaped with a backslash are
+ shown verbatim with the backslash.
+ [1a75a2858be2]
+
+ * sudoers:
+ Add simple examples from OpenBSD (Marc Espie)
+ [3ae9a9ae4125]
+
+ * tgetpass.c:
+ Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
+ [f8817699ee10]
+
+ * CHANGES:
+ minor prettyification
+ [f523587929b9]
+
+ * CHANGES:
+ Updated change log
+ [39d9010ee7a8]
+
+ * testsudoers.c:
+ Fix CIDR handling here too.
+ [c91db8344c32]
+
+ * auth/pam.c:
+ Apparently a NULL response is OK
+ [83bae61078d9]
+
+ * TODO:
+ Checkpoint for upcoming beta release
+ [efb95c09df2a]
+
+ * TROUBLESHOOTING:
+ Many people believe that adding a runas spec should obviate the need
+ for the -u flag. It does not.
+ [c698bad85b0e]
+
+ * RUNSON:
+ checkpoint update for upcoming 1.6.4 beta
+ [009e465a0a45]
+
+ * config.h.in:
+ o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
+ if HAVE_STRING_H is defined -- this is safe now
+ [d27c035f4e14]
+
+ * PORTING:
+ Add signals section
+ [2d24c13cb3c8]
+
+ * configure:
+ regen
+ [2b80a939e2ed]
+
+ * configure.in:
+ Fix check for sigaction_t
+ [6fa41c89ab20]
+
+ * sudo.c:
+ XXX - should call find_path() as runas user, not root. Can't do that
+ until the parser changes though.
+ [f0b4f85651bd]
+
+ * sudo.c:
+ If find_path() fails as root, try again as the invoking user (useful
+ for NFS). Idea from Chip Capelik.
+ [e03fa7872692]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+ Regenerate after pod file changes
+ [48e4bd75ec21]
+
+ * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
+ sudo.pod, sudoers.pod:
+ Add new sudoers option "preserve_groups". Previously sudo would not
+ call initgroups() if the target user was root. Now it always calls
+ initgroups() unless the -P command line option or the
+ "preserve_groups" sudoers option is set. Idea from TJ Saunders.
+ [4f730359f101]
+
+2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, config.h.in:
+ Use new HAVE_SIGACTION_T define
+ [dfb25f3cae5b]
+
+ * logging.c:
+ Fix compilation on K&C
+ [7355e3275e34]
+
+ * configure:
+ regen
+ [a710584f92f0]
+
+ * configure.in:
+ Add check for sigaction_t -- IRIX already defines this so don't
+ redefine it.
+ [df9c5737f6da]
+
+ * snprintf.c:
+ fix typo
+ [3d782b8134c8]
+
+ * interfaces.c:
+ need stdlib.h here too
+ [c789d8973ab2]
+
+ * configure:
+ regen
+ [44822856bf46]
+
+ * configure.in:
+ Remove redundant checks for string.h, strings.h and unistd.h
+ [933c94f8bbf4]
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regen from pod files
+ [ad18c590f638]
+
+ * BUGS:
+ Update for 1.6.4
+ [26bc88b69d22]
+
+ * configure, lex.yy.c, sudo.tab.c:
+ regen
+ [bef89fd6fa2d]
+
+ * strerror.c:
+ Return EINVAL if errnum > sys_nerr
+ [0512374e6661]
+
+ * auth/sudo_auth.h:
+ o Update copyright year
+ [a877016db6e2]
+
+ * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
+ config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
+ sudo.pod:
+ o Update copyright year
+ [e15a1b39039f]
+
+ * configure.in:
+ o Don't define STDC_HEADERS unconditionally for IRIX o Update
+ copyright year
+ [82a8cb819e07]
+
+ * README:
+ update version
+ [d82e523a16b4]
+
+ * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+ auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
+ set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fe39f76b3795]
+
+ * lsearch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [764ba3d4fa13]
+
+ * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+ fnmatch.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [dab8f192a3ed]
+
+ * getcwd.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [b199d70ac7ab]
+
+ * getspwuid.c, goodpath.c, interfaces.c:
+ o Reorder some headers and use STDC_HEADERS define properly o Update
+ copyright year
+ [fb46d46140d4]
+
+ * configure:
+ regen
+ [156658f25cea]
+
+ * tgetpass.c:
+ flags set in signal handlers should be volatile sig_atomic_t
+ [c22931a5535e]
+
+ * config.h.in, configure.in:
+ Add checks for volatile and sig_atomic_t
+ [b03b3341381d]
+
+ * configure, lex.yy.c:
+ regen
+ [ed9daba88217]
+
+ * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
+ sudo.c, sudoers.pod:
+ Remove "secure_path" Defaults option since it cannot work with the
+ existing parser.
+ [c9e54a0f5971]
+
+ * find_path.c, sudo.c:
+ Unset "secure_path" if user_is_exempt()
+ [fb7544565ae8]
+
+ * env.c, pathnames.h.in:
+ o Remove assumption that PATH and TERM are not listed in env_keep o
+ If no PATH is in the environment use a default value o If TERM is
+ not set in the non-reset case also give it a default value.
+ [c987eb7df268]
+
+ * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
+ _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
+ systems that define in paths.h
+ [51865b0cdebf]
+
+ * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ Add support for skeyaccess(3) if it is present in libskey.
+ [8add77c7d3e7]
+
+2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+ [5a3d3cbf2c6d]
+
+ * parse.lex:
+ '\\' is a perfectly legal character to have in a command line
+ argument.
+ [c15a466ef00e]
+
+ * sudo.c:
+ o Defer call to set_fqdn() until it is safe to use log_error() o
+ Don't print errno string value if gethostbyname fails, it is not
+ relevant
+ [c0c6bcf08bcb]
+
+ * parse.c:
+ Fix CIDR -> in_addr_t conversion.
+ [2f307ebeb63f]
+
+2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Remove an extra "User_List" in the User_Spec definition From
+ ybertrand AT snoopymail.com
+ [97bde59ea280]
+
+ * parse.c:
+ Make 'listpw=never' work for users who are not explicitly mentioned
+ in sudoers.
+ [258f0f30a428]
+
+ * sudoers.pod:
+ Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+ [4b0f03872ee1]
+
+ * sudoers.pod:
+ Document new list Defaults type and convert env_keep and env_delete
+ to lists. Document new env_check option.
+ [a07f1f079fe3]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen parser
+ [e39ac6c6581b]
+
+ * parse.lex:
+ Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
+ to #[0-9-]+.
+ [69c5388908f3]
+
+ * configure:
+ regen
+ [0f1877b88cb3]
+
+ * aclocal.m4:
+ Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+ [6545503ae361]
+
+ * config.h.in, configure.in:
+ Add check for skeyaccess(3)
+ [6caf69fe6359]
+
+ * visudo.pod:
+ Document new -c, -f, and -q options
+ [13d0203c21d3]
+
+ * visudo.c:
+ o Add -f option (alternate sudoers file) o Convert to use getopt(3)
+ [4c2b664d617d]
+
+ * configure:
+ regen
+ [6d5bd932e7b5]
+
+ * aclocal.m4, config.h.in, configure.in:
+ Add check for isblank and a replacement macro if it doesn't exist.
+ [b524f5e4f953]
+
+2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ In check-only mode, don't create sudoers if it does not already
+ exist.
+ [c748a2d5acad]
+
+ * parse.yacc:
+ o Add a new token, DEFVAR, to indicate a Defaults variable name o
+ Add support for "+=" and "-=" list operators o replace some 1 and 0
+ with TRUE and FALSE for greater legibility.
+ [554cb174b37e]
+
+ * parse.lex:
+ o Use exclusive start conditions to remove some ambiguity in the
+ lexer. Also reorder some things for clarity. o Add support for "+="
+ and "-=" list operators. o Use the new DEFVAR token to denote a
+ Defaults variable name.
+ [3a2cf8323e26]
+
+ * sudo.h:
+ Prototype init_envtables()
+ [b74916469dab]
+
+ * env.c:
+ o Convert environment handling to use lists instead of strings. This
+ greatly simplifies routines that need to do "foreach" type
+ operations. o Add new init_envtables() function to set env_check and
+ env_delete defaults based on initial_badenv_table and
+ initial_checkenv_table (formerly sudo_badenv_table).
+ [0a8b404658b6]
+
+ * defaults.c, defaults.h:
+ o Add a new LIST type and functions to manipulate it. o This is for
+ use with environment handling variables. o Call new init_envtables()
+ routine inside init_defaults() to initialize the environment lists.
+ [ae73e64f0902]
+
+ * def_data.c, def_data.h, def_data.in:
+ Convert environment options to use the new LIST type and add a new
+ one, env_check that only deletes if the sanity check fails.
+ [3019503936de]
+
+ * testsudoers.c:
+ Add dummy version of init_envtables()
+ [9d9e3ee609d9]
+
+ * parse.yacc:
+ honor quiet mode
+ [8330fba6167c]
+
+ * visudo.c:
+ Add check-only mode
+ [dab411bc8c35]
+
+ * mkdefaults:
+ Fix generation of entries with NULL descriptions.
+ [ea75b9fed02e]
+
+2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Use sigaction_t and quiet a gcc warning.
+ [6f67d719c452]
+
+ * sudo.c:
+ Must reset signal handlers before we exec
+ [300418120e1a]
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c:
+ Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
+ version needs testing. Set SIGTSTP to SIG_DFL during password entry
+ so user can suspend us.
+ [00304aa58747]
+
+ * tgetpass.c:
+ Add support for interrupting/suspending tgetpass via keyboard input.
+ If you suspend sudo from the password prompt and resume it will re-
+ prompt you.
+ [4af2b5101d32]
+
+ * sudo.c:
+ Don't block keyboard interrupt signals, just set them to SIG_IGN.
+ [d46d7f67ef6b]
+
+2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add back HAVE_SIGACTION
+ [c9c7702c603e]
+
+ * configure:
+ regen
+ [09fe669d337f]
+
+ * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
+ Kill POSIX_SIGNALS define and old signal support now that we emulate
+ POSIX ones Also be sure to correctly initialize struct sigaction.
+ [4bc2a6dbb2be]
+
+ * strerror.c:
+ Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
+ [1ad64a19f328]
+
+ * compat.h:
+ Add scaffolding for POSIX signal emulation
+ [945861d4c93b]
+
+ * sigaction.c:
+ o Add missing ';' so this compiles o Can't use NULL since we don't
+ include stdio.h
+ [04d0cac7438f]
+
+ * sigaction.c:
+ Emulate sigaction() using sigvec()
+ [d0b54a989875]
+
+2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Document new behavior of negative values of timestamp_timeout Fix a
+ typo
+ [4c0716570d01]
+
+ * sudo.pod:
+ Add security note about command not being logged after 'sudo su' and
+ friends.
+ [43294851a33c]
+
+ * sudo.pod:
+ Mention that -V prints default values when run as root, including
+ the list of environment variables to clear.
+ [d9e5e550a8c3]
+
+ * Makefile.in:
+ Run pod2man with --quotes=none to avoid stupid quoting of C<>
+ entries.
+ [997b23c35dbe]
+
+2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
+ Add mail_badpass option Also modify mail_always behavior to also
+ send mail when the password is wrong
+ [838d40ccafce]
+
+ * env.c, sudo.c, sudo.h:
+ Dump default bad env table when 'sudo -V' is run by root.
+ [f67f1b8048b0]
+
+ * sudoers.pod:
+ document env_delete
+ [d74f893663a2]
+
+ * env.c:
+ Add support for '*' in env_keep when not resetting the environment
+ (ie: the normal case).
+ [fd4fb62ea8fd]
+
+ * env.c:
+ Add env_delete variable that lets the user replace/add to the
+ bad_env_table. Allow '*' wildcard in env_keep entries.
+ [aa728bc35e29]
+
+2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ Force umask to 022 to guarantee sane directory permissions.
+ [9ab3cfe70569]
+
+2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
+ [671010465e6f]
+
+ * mkdefaults:
+ fix breakage in last commit
+ [8318f8851e56]
+
+ * Makefile.in:
+ acsite.m4 -> aclocal.m4
+ [30c146873a01]
+
+ * check.c:
+ fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
+ [4dc8b39954da]
+
+ * def_data.c:
+ regenerated from def_data.in
+ [915ea16ce1eb]
+
+ * check.c, defaults.c, defaults.h:
+ Add new T_UINT type that most things use instead of T_INT If
+ timestamp_timeout is < 0 then treat the ticket as never expiring (to
+ be expired manually by the user).
+ [3a3a636a2a5d]
+
+ * def_data.in:
+ change most T_INT -> T_UINT
+ [a2228d2457af]
+
+ * mkdefaults:
+ fix warning when no args
+ [ca70a5394af5]
+
+ * visudo.c:
+ Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
+ we are a signal handler. We no longer print the signal number but
+ the user can just check the exit value for that.
+ [dc424f631fef]
+
+2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ when setting up pipes in child process check for case where stdin ==
+ pipe fd 0
+ [518112d76184]
+
+2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Ignore editor exit value since XPG4 says vi's exit value is the
+ count of editing errors made (failed searches, etc).
+ [b9d952284865]
+
+2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cb3aa586f03b]
+
+ * configure.in:
+ sco now is identified by config.guess as *-sco-*
+ [46664bbdea61]
+
+ * configure.in:
+ Check for getspnam() in -lgen if not in -lc for UnixWare.
+ [0f152ad1ba93]
+
+2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod, visudo.pod:
+ "upper case" -> "uppercase"
+ [f9151f232326]
+
+ * sudoers.pod:
+ fix typos and grammar; pjanzen@foatdi.harvard.edu
+ [2855d73d0237]
+
+2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Missing word (specify); krapht@secureops.com
+ [65523eb37a2c]
+
+2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ If we fail to lookup a login class, apply the default one.
+ [d4869faa6816]
+
+ * logging.c:
+ In log_error() free message, not logline unconditionally, then free
+ logline if it is not the same as message. No function change but
+ this mirrors how they are allocated.
+ [565e5f6cc643]
+
+2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regenerate
+ [834a48f548a2]
+
+ * configure.in:
+ remove some backslash quotes that are unneeded
+ [50d401d6e2ca]
+
+ * configure.in:
+ o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
+ instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
+ can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
+ to AC_DEFINE things manually.
+ [f502c5f15f92]
+
+ * config.guess, config.sub:
+ Updated from autoconf-2.50
+ [6140205915ef]
+
+2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ Update mailing list section. We use mailman now, not majordomo.
+ [b9a8ca45e6dc]
+
+2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getspwuid.c, logging.c, sudo.c:
+ Use setpwent()/endpwent() + all the shadow variants to make sure we
+ don't inadvertantly leak an fd to the child. Apparently Linux's
+ shadow routines leave the fd open even if you don't call setspent().
+ Reported by mike@gistnet.com; different patch used.
+ [d33792ef6c01]
+
+2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ s/eg./e.g./
+ [bd32a0acaf93]
+
+ * tgetpass.c:
+ select() may return EAGAIN. If so, continue like we do for EINTR.
+ [5f202c943818]
+
+ * logging.c:
+ Fix a non-exploitable buffer overflow in the word splitting code.
+ This should really be rewritten.
+ [4c724363863a]
+
+ * Makefile.in:
+ FAQ link goes away
+ [1d26dd6c8972]
+
+ * INSTALL:
+ Tell people to look in sample.syslog.conf for examples, not FAQ
+ [affcae3f43ca]
+
+ * TROUBLESHOOTING:
+ Update list of env vars that are cleared
+ [234e56f1435a]
+
+ * sudo.c:
+ remove struct env_table decl since that stuff has all moved to env.c
+ [5dd923148777]
+
+2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fileops.c:
+ Fix a pasto in flock-style unlocking and include <sys/file.h> for
+ flock on older systems; twetzel@gwdg.de
+ [d5420d9d2861]
+
+ * configure:
+ regen to get NeXT lockf/flock fix
+ [d3ba6ed70e15]
+
+ * configure.in:
+ force NeXT to use flock since lockf is broken
+ [bd5391dca1bb]
+
+2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Use stashed user_gid when checking against exempt gid since sudo
+ sets its gid to a a value that makes sudoers readable. Previously if
+ you used gid 0 as the exempt group everyone would be exempt. From
+ Paul Kranenburg <pk@cs.few.eur.nl>
+ [0b140cc3a817]
+
+2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [cc455408f32b]
+
+ * aclocal.m4:
+ #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
+ some types (such as ssize_t) therein.
+ [b6aee85ca331]
+
+2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Fix negation of paths in a boolean context. Problem found by
+ apt@UH.EDU
+ [8aee217a7cdf]
+
+2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ pasto
+ [ad32b277bf68]
+
+2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ SA_RESETHAND means the opposite of what I was thinking--oops To
+ block all signals in old-style signals use ~0, not 0xffffffff
+ [6ecdd793590a]
+
+2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ coerce difference of pointers to int when used in a string length
+ printf format; deraadt@openbsd.org
+ [a9d10f07180d]
+
+2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Block all signals in Exit() to avoid a signal race. There is still a
+ tiny window but I'm not going to worry about it.
+ [6661805c0458]
+
+2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * env.c:
+ glibc uses the LANGUAGE env var so clear that too; Solar Designer
+ [d4ba95628afb]
+
+ * lex.yy.c:
+ Regenerate with a fix to flex.skl that preserves errno from
+ clobbering by isatty().
+ [607eec736e19]
+
+2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+ auth/sia.c, auth/sudo_auth.c:
+ Some defaults I_ defines got renamed.
+ [ec19b23caaf3]
+
+ * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
+ defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
+ set_perms.c, sudo.c, sudo.tab.c:
+ Move defaults info into its own files from which we generate .h and
+ .c files. This makes adding or rearranging variables much simpler.
+ [e91b880b5043]
+
+2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ fix typo in last commit
+ [10a6ee2bae71]
+
+ * compat.h, config.h.in, configure, configure.in:
+ Add check + emulation for setegid (like seteuid).
+ [29492092bd2f]
+
+ * env.c:
+ Make env_keep override badenv_table as documented Fix traversal of
+ badenv_table (broken in last commit)
+ [37c9f0d22673]
+
+ * set_perms.c, sudo.c, sudo.h:
+ Don't try and build saved uid version of set_perms on systems w/o
+ them. Rename set_perms_saved_uid() -> set_perms_posix() Make
+ set_perms_setreuid simply be set_perms_fallback() and simply include
+ the appropriate function at compile time (setreuid() vs. setuid()).
+ [3107333c062c]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ PATH is also preserved when env_reset is in effect
+ [90e45c5711ff]
+
+ * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
+ configure.in, defaults.c, defaults.h, env.c, find_path.c,
+ getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
+ visudo.c, visudo.cat, visudo.man.in:
+ New Defaults options: o stay_setuid - sudo will remain setuid if
+ system has saved uids or setreuid(2) o env_reset - reset the
+ environment to a sane default o env_keep - preserve environment
+ variables that would otherwise be cleared
+
+ No longer use getenv/putenv/setenv functions--do environment munging
+ by hand. Potentially dangerous environment variables can be cleared
+ only if they contain '/' pr '%' characters to protect buggy
+ programs. Moved environment routines into env.c (new file)
+ [c2f97651db4c]
+
+ * INSTALL:
+ Clear up --without-passwd description
+ [2f336dab6733]
+
+ * putenv.c, sudo_setenv.c:
+ We now build up a new environment from scratch and assign it to
+ "environ".
+ [6ae6152f2238]
+
+2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ Grammatical fixes from Paul Janzen
+ [e03ead2e56f8]
+
+2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ If there was a syntax error and the user just wants to quit, unlink
+ sudoers if it is zero length.
+ [74ba7921f520]
+
+ * visudo.c:
+ 'Q' means ignore parse error, not 'q'
+ [e8d0e4491fe6]
+
+ * visudo.c:
+ Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
+ <dim@xs4all.nl>
+ [b24990a72491]
+
+2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
+ [41a8db10e076]
+
+2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
+ [6052da895d2e]
+
+2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, visudo.c:
+ Use exit(127), not exit(-1)
+ [9ff0c3eada34]
+
+ * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
+ Move set_perms() to its own file and use POSIX saved uid or
+ setreuid() if available.
+
+ Added stay_setuid option for systems that have libraries that
+ perform extra paranoia checks in system libraries for setuid
+ programs (ie: anything with issetugid(2)).
+ [28960f842698]
+
+ * sudo.c:
+ strip more bits from the environment and add a facility for
+ stripping things only if they contain '/' or '%' to address printf
+ format string vulnerabilities in other programs.
+ [b98d6375f299]
+
+2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [7e74e5c91049]
+
+ * configure.in:
+ For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
+ strcasecmp().
+ [a418e9e70442]
+
+ * configure:
+ regen
+ [bbff244a52bc]
+
+ * configure.in:
+ Check for strcasecmp(3) in -lc89 for NCR Unix
+ [361c99576681]
+
+2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ Define HAVE_INNETGR #ifdef HAVE__INNETGR
+ [473cdb92b6db]
+
+ * configure:
+ regen
+ [4e6364a195e0]
+
+ * compat.h, config.h.in, configure.in:
+ Add check for _innetgr(3) since NCR systems have that instead of
+ innetgr(3).
+ [25e6852e7494]
+
+2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/securid.c:
+ check return value of creadcfg() call sd_close() after sd_auth()
+ store username in sd->username so we don't rely on the USER env
+ variable
+ [d106b4f42722]
+
+2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ document --with-bsdauth
+ [f1518ecc2ee9]
+
+ * configure:
+ regen
+ [dceb35071ea8]
+
+ * configure.in:
+ --with-bsdauth assumes --with-logincap
+ [4200778083fd]
+
+ * auth/bsdauth.c, auth/fwtk.c:
+ When prompting for a response to a challenge, if the user just hits
+ return then reprompt with echo turned on.
+ [a539b6474a97]
+
+2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Remove debugging code that should not have been committed, oops.
+ [9862607b77a7]
+
+ * auth/bsdauth.c:
+ Use lower-level routines and get the password ourselves. Checks for
+ a challenge and if there is one echo is not turned off.
+ [2d8fcd166baa]
+
+ * auth/pam.c, auth/sudo_auth.h:
+ minor housekeeping, no real code changes
+ [d0074a277fb4]
+
+2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix a coredump in the logging functions if gethostname(2) fails by
+ deferring the call to log_error() until things are better setup.
+
+ Fix return value of set_loginclass() in non-BSD-auth case.
+
+ Hard-code 'sudo' in the usage message so we can fit more options on
+ a line
+ [d9d1b7579818]
+
+ * logging.c:
+ Fix errant ';' (typo) that broken MSG_ONLY
+ [849b2276a470]
+
+2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in:
+ regen
+ [bb3c8c6704d1]
+
+ * sudo.pod:
+ Document -a flag
+ [e18316cebaac]
+
+ * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
+ configure, configure.in, getspwuid.c, sudo.c:
+ Add support for BSD authentication.
+ [f374cfd9ca0d]
+
+2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Fix typo; from sato@complex.eng.hokudai.ac.jp
+ [3085fee9766e]
+
+2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ Mention negating umask
+ [c9e410294dae]
+
+ * defaults.c:
+ Allow user to specify umask of 0777 (same as !umask)
+ [bb771daa96fe]
+
+2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ Fix a typo and give a URL for the sudo history.
+ [77f73199aedb]
+
+2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, sudo.pod:
+ fix typos; pepper@reppep.com
+ [5532c7421340]
+
+2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.h, sudo_setenv.c:
+ sudo_setenv() now exits on memory alloc failure instead of returning
+ -1.
+ [71f1cf18f47b]
+
+2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
+ and possibly others.
+ [b69d985b0d22]
+
+ * logging.c:
+ Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
+ that "%m" won't be expanded but we don't use that anyway since the
+ logging routines may splat to stderr as well.
+ [8d37a544d0c0]
+
+ * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
+ sudoers.pod:
+ Add always_set_home variable
+ [dbcaff646e07]
+
+ * configure, configure.in:
+ Have to hard code default values in help since the defaults are set
+ _after_ the help stuff.
+ [7b5d6d72f55c]
+
+2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lex.yy.c, parse.lex:
+ Allow special characters (including '#') to be embedded in pathnames
+ if quoted by a '\\'. The quoted chars will be dealt with by
+ fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
+ [3ed33cf09977]
+
+2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Better path searching for programs we need.
+ [60517cb1f0d6]
+
+ * TROUBLESHOOTING:
+ Add section on "C compiler cannot create executables" errors.
+ [e4ada6eaee59]
+
+ * Makefile.binary, Makefile.in, version.h:
+ Crank version
+ [93d1bd5b7f5e]
+
+ * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+ sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
+ visudo.man.in, visudo.pod:
+ Substitute values from configure into man pages.
+ [619854c356c1]
+
+2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, sudo.c:
+ The listpw and verifypw sudoers options would not take effect
+ because the value of the default was checked *before* sudoers was
+ parsed. Instead of passing in the value of PWCHECK_* to
+ sudoers_lookup(), pass in the arg for def_ival() so the check can be
+ deferred until after sudoers is parsed.
+ [4f596e358f72]
+
+2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ When writing prompt, no need to write the NUL as well;
+ hag@linnaean.org
+ [fbcdd7b431ee]
+
+2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ When looking for chown, check in /sbin too
+ [657ba6653f8c]
+
+2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Remove extraneous call to init_defaults() and set runas_user to NULL
+ betweem parses so init_defaults will reset it each time, thus
+ avoiding a reference to free()d data.
+ [7421fcd692af]
+
+2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, interfaces.c, interfaces.h, sudo.c:
+ Add support for using getifaddrs() to get the list of ip addr /
+ netmask pairs. Currently IPv4-only.
+ [a35bc4f7306d]
+
+ * visudo.c:
+ Add a missing check for UserEditor == NULL Add missing '+' before
+ line number when invoking editor to fix a syntax error
+ [f0d4635f6082]
+
+2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Call clean_env very early in main() for paranoia's sake. Idea from
+ Marc Esipovich.
+ [f8d72ebd0115]
+
+2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ Update proto for evasprintf and easprintf
+ [d147d6e58419]
+
+ * alloc.c:
+ Make easprintf() and evasprintf() return an int.
+ [b2ca5d089667]
+
+ * check.c:
+ If the targetpw flag is set, use target username as part of the
+ timestamp path. If tty tickets are in effect cat the tty and the
+ target username with a ':' as the separator.
+ [de11abc693c2]
+
+2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ Backout part of last change; setting PAM_USER to the invoking user
+ breaks things like targetpw.
+ [427218a7387f]
+
+ * auth/pam.c:
+ set tty and username via pam_set_item
+ [85d1922dbcc9]
+
+ * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
+ Fix root, runas, and target authentication for non-passwd file auth
+ methods.
+ [a14535e7b30c]
+
+2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use B<-Z> not C<-Z> for command line flags in all places. This is
+ more consistent and works around a bug in Pod::Man.
+ [64b5a05f30c5]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Fix an occurence of 'semicolon' that should be 'colon'
+ [4ea5aacae3fb]
+
+2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix --with-badpri help line
+ [3cc40977c043]
+
+2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, logging.c, sudo.c:
+ Bracket calls to syslog with an openlog() and closelog() since some
+ authentication methods (like PAM) may do their own logging via
+ syslog. Since we don't use syslog much (usually just once per
+ session) this doesn't really incur a performance penalty. It also
+ Fixes a SEGV with pam_kafs.
+ [fe1cc28529f6]
+
+2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS,
+ mode)
+ [ce9b1c6f68a6]
+
+2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Clarify the fact that insults are not enabled just by including them
+ in the binary.
+ [d5a31d48320c]
+
+2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+ visudo.man.in:
+ Regenerated with perl 5.6.0 pod2man
+ [21751433768b]
+
+ * Makefile.in:
+ Give date string to pod2man since its default is ugly and it ain't
+ got no alibi.
+ [0080b2f6298f]
+
+ * Makefile.in:
+ Do section substitution on the output of pod2man and remove hack
+ needed for old pod2man.
+ [1ef843d5c78b]
+
+ * sudo.pod, sudoers.pod, visudo.pod:
+ Put back real man sections, we will do the substitution later.
+ [f728c1abad7e]
+
+2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Don't bother checking for the path to vi if user specified --with-
+ editor
+ [bf698487e0d5]
+
+2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, visudo.c:
+ Visudo now does its own fork/exec instead of calling system(3).
+ [99bbcd88863b]
+
+ * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.c:
+ Visudo now checks for the existence of an editor and gives a
+ sensible error if it does not exist.
+
+ The path to the editor for visudo is now a colon-separated list of
+ allowable editors. If the user has $EDITOR set and it matches one of
+ the allowed editors that editor will be used. If not, the first
+ editor in the list that actually exists is used.
+ [cc86eb9f5440]
+
+ * sudo.cat, sudo.man.in, sudo.pod:
+ Clear up confusion wrt sudo's return value.
+ [9385b12d8e79]
+
+2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Strip sudo and visudo for bindist target
+ [a995ddd79177]
+
+ * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+ sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+ Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+ [5eb9e60a726f] [SUDO_1_6_3]
+
+ * visudo.cat, visudo.man.in, visudo.pod:
+ Typo: @sysconf@ -> @sysconfdir@
+ [f07f52fcd099]
+
+ * Makefile.in:
+ 'make dist' should not cause any files to be modified so remove its
+ dependencies.
+ [7f44a2666a9c]
+
+ * CHANGES:
+ Whoops, forgot to add release marker
+ [16c0f16b35b8]
+
+2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ Final change for 1.6.3 (or so I hope)
+ [473c89da6123]
+
+ * sudo.cat, sudoers.cat, visudo.cat:
+ Use SYSV man sections since BSD systems will have nroff...
+ [0a6bd154324e]
+
+2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ When checking to see if the host/user matches in a defaults spec,
+ check against TRUE, not just non-zero since it might be -1.
+ [41f2b7ad3fdd]
+
+ * configure, configure.in:
+ OSF/1 puts file formats in section 4, not 5.
+ [d77c1301afa9]
+
+ * CHANGES, INSTALL, sudo.c:
+ Make login class support work on BSD/OS
+ [e9bbe3c08ade]
+
+ * RUNSON:
+ Update for 1.6.3
+ [c40ce1d76c4d]
+
+ * configure, configure.in:
+ If there is no inet_addr but there *is* an __inet_addr that's ok
+ since inet_addr is probably just a macro then. The better thing to
+ do would be to look for the macro, but this is fine for now.
+ [1b8865ae4d68]
+
+ * configure, configure.in:
+ Don't use shlicc for BSD/OS 4.x
+ [83fbf6dedd2c]
+
+ * Makefile.in, configure, configure.in:
+ *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
+ configure variable so we can deal with this. Also, only remove *.man
+ for 'distclean' not 'clean'.
+ [30d56e6de214]
+
+ * sudo.c:
+ set_loginclass() should be static like the proto says
+ [d570a2d55fb8]
+
+2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ Add #ifdef __STDC__ around the rangematch function header to avoid
+ promotion of test to int, thus violating the prototype. Gcc handles
+ this gracefully but more std ANSI compilers will complain.
+ [7d98c3e332b2]
+
+ * emul/fnmatch.h:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD
+ [4e1320852f8b]
+
+ * aclocal.m4, configure, fnmatch.3, fnmatch.c:
+ Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
+ FNM_CASEFOLD in configure
+ [9ef952bf1896]
+
+ * CHANGES, TODO:
+ update for 1.6.3
+ [e4ba6368a0c5]
+
+ * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [fbd2887d9811]
+
+ * lex.yy.c, parse.c, parse.lex, parse.yacc:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [630d9d205397]
+
+ * parse.h:
+ Fully qualified hosts w/ wildcards were not matching the FQHOST
+ token type. There's really no need for a separate token for fully-
+ qualified vs. unqualified anymore so FQHOST is now history and
+ hostname_matches now decides which hostname (short or long) to check
+ based on whether or not the pattern contains a '.'.
+ [dd7bbe223461]
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
+ sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
+ Add support for wildcards in the hostname.
+ [d8d821ed4238]
+
+ * Makefile.in:
+ Add targets for *.man.in, using config.status to generate *.man from
+ *.man.in
+ [640e50ede485]
+
+ * sudoers.cat, sudoers.man.in, sudoers.pod:
+ Document set_logname option and enbolden refs to sudo and visudo.
+ [9622b3a48707]
+
+ * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
+ sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
+ visudo.cat, visudo.man.in, visudo.pod:
+ Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
+ from Michael D. Marchionna. configure now does substitution on the
+ man pages, allowing us to fix up the paths and set the section
+ correctly. Based on an idea from Michael D. Marchionna.
+ [463e928a0a2f]
+
+ * auth/passwd.c:
+ Better fix for handling HP-UX aging info.
+ [3950f42d8549]
+
+ * sudo.c:
+ Add support for set_logname run-time default
+ [c6a7cc76b8b4]
+
+ * sudo.man.in, sudoers.man.in, visudo.man.in:
+ configure does substitution on these to produce *.man
+ [b83fc3c1bfc9]
+
+ * sudo.man, sudoers.man, visudo.man:
+ These files now get generated from *.man.in at configure time.
+ [c499061f79e0]
+
+2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, defaults.h:
+ Add set_logname option so users can turn off setting of LOGNAME/USER
+ environment variables.
+ [6316869180b8]
+
+ * lsearch.c, parse.c, testsudoers.c:
+ kill register
+ [6e104e653748]
+
+2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/passwd.c:
+ HP-UX adds extra info at the end for password aging so when
+ comparing the result of crypt to pw_passwd we only compare the first
+ len(epass) bytes *unless* the user entered an empty string for a
+ password.
+ [3d24d4e4e889]
+
+ * logging.c:
+ Get rid of grandchild hack, it was causing problems and there is
+ really no need for it. This fixes a bug where we spin eating up CPU
+ when the user runs a long-running process like a shell.
+ [5743b10b1e81]
+
+2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ User can always specify a login class if he/she is already root.
+ [710d160cef9f]
+
+ * config.h.in, configure, configure.in, defaults.c, defaults.h,
+ sudo.c, sudo.h:
+ FreeBSD login class (login.conf) support.
+ [026b981d6328]
+
+2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
+ [9cd4929f1a78]
+
+2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/passwd.c:
+ Truncate unencrypted password to 8 chars if encrypted password is
+ exactly 13 characters (indicateing standard a DES password). Many
+ versions of crypt() do this for you, but not all (like HP-UX's).
+ [a9d0259cb193]
+
+2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, RUNSON:
+ Mention that gcc on dynix may have problems
+ [77b97fa5bf1b]
+
+2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Link visudo with NET_LIBS since we now call syslog via defaults.c
+ [9e3830b277cc]
+
+ * defaults.c:
+ Use Argv[0] as the first arg to openlog() since visudo uses this
+ too.
+ [e61078f328ec]
+
+2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Stash coredumpsize resource limit and retsore it before the exec()
+ Otherwise the child ends up with a coredumpsize of 0.
+ [f6a4783835a3]
+
+2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man, sudo.pod:
+ document -S flag
+ [3ebd805b7142]
+
+ * sudo.c:
+ fix usage string
+ [66b2dfa47fe8]
+
+ * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
+ Added -S flag (read passwd from stdin) and tgetpass_flags global
+ that holds flags to be passed in to tgetpass(). Change echo_off
+ param to tgetpass() into a flags field. There are currently 2
+ possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
+ tgetpass(), abstract the echo set/clear via macros and if (flags &
+ TGP_ECHO) but echo is not set on the terminal, but sure to set it.
+ [a4fcbb712cd0]
+
+ * tgetpass.c:
+ Fixed a bug that caused an infinite loop when the password timeout
+ was disabled.
+ [2be1ffc5a39f]
+
+2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
+ sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
+ Add rootpw, runaspw, and targetpw options.
+ [2d4563e46df7]
+
+ * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
+ visudo.c:
+ enveditor -> env_editor
+ [ddc5f856e583]
+
+2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
+ sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
+ visudo.man:
+ crank versino to 1.6.3
+ [a5f7d3e74360]
+
+ * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
+ sudoers.pod, visudo.c:
+ Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
+ them. This means that visudo will now parse the sudoers file
+ *before* it is edited so a bogus sudoers file will cause a warning
+ to go to stderr. Also, visudo checks the variables once--it does not
+ check them after each editor run since that could be confusing.
+ [9f5af18e9212]
+
+2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ 1.6.2 -> 1.6.2p1
+ [e25b74f1d1af]
+
+ * check.c, sudo.c, sudo.h:
+ Move user_is_exempt prototype into sudo.h
+ [daf26a6ded8a]
+
+2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Fix thinko, some && should have been || in the last commit
+ [4b9b2d487ded]
+
+ * configure, configure.in:
+ Don't initialized Makefile variables to be NULL since the user may
+ want to import variables from their environment.
+ [7be019f4422c]
+
+2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ typo
+ [38f4d8971f0a]
+
+2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ fix a yacc (skeleton.c) warning
+ [a2da228a937b]
+
+2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, RUNSON, configure, configure.in:
+ Make pam work on HP-UX 11.0;jaearick@colby.edu
+ [b94de0ff6f42]
+
+ * CHANGES:
+ recent changes; prepare for 1.6.2p1
+ [b291635ea141]
+
+ * find_path.c:
+ Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
+ [4306285c4f6e]
+
+2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ Regen with yacc that has a memory leak plugged.
+ [e26383a04eb7]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Expanded docs on sudoers 'defaults' options based on INSTALL file
+ info.
+ [54c3d62d6c74]
+
+ * INSTALL:
+ Fix some while lies
+ [d15311782150]
+
+2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ When making a bindist, link FAQ to TROUBLESHOOTING instead of
+ copying.
+ [2d88a6ac88cf]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ Add netgroup caveat
+ [28d119f466e3] [SUDO_1_6_2]
+
+ * RUNSON:
+ Last minute updates
+ [89fb4ed22d52]
+
+ * TROUBLESHOOTING:
+ PAM entry
+ [a9fd59f39457]
+
+ * auth/pam.c:
+ correct a comment
+ [a29627225ba9]
+
+ * CHANGES, RUNSON:
+ update for 1.6.2
+ [b7f1c40ea732]
+
+ * auth/pam.c:
+ Better detection of PAM errors and fix custom prompts with PAM.
+ Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
+ [ff69234b94a5]
+
+2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ Cast ULONG_MAX to unsigned long long when comparing to an unsigned
+ long long value.
+ [9d918c3a2ecd]
+
+2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in, visudo.c:
+ Fix sudoers locking in visudo. We now lock the sudoers file itself,
+ not the temp file (since locking the temp file can foul up editors).
+ The previous locking scheme didn't work because the fd was closed
+ too early.
+ [de2011bb11ed]
+
+ * config.h.in, configure, configure.in:
+ Don't need test for ftruncate() any more.
+ [e5f71c848104]
+
+ * configure, configure.in:
+ Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
+ the unbundled HP-UX cc.
+ [2c373612c644]
+
+2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
+ [05360d2c314e]
+
+2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
+ parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
+ version.h, visudo.c:
+ update copyright year on changed files
+ [5792a2a28a4c]
+
+ * RUNSON:
+ updates
+ [edf8f19aa403]
+
+ * CHANGES:
+ aix fix
+ [4d4a243b31e2]
+
+ * INSTALL:
+ Crank version to 1.6.2
+ [bcb5cb411624]
+
+ * configure:
+ Crank version to 1.6.2
+ [32a19f33427f]
+
+ * sudo.c:
+ When using rlimit check for RLIM_INFINITY When computing the value
+ of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+ [8c16166802e5]
+
+ * CHANGES:
+ recent changes
+ [09fc7112e44d]
+
+ * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
+ sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
+ Crank version to 1.6.2
+ [055fa61a7c61]
+
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
+ Add 'shell_noargs' runtime option back in. We have to defer checking
+ until after the sudoers file has been parsed but since there are now
+ other options that operate that way this one can too. Based on a
+ patch from bguillory@email.com.
+ [231db7a007a6]
+
+ * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
+ Add "listpw" and "verifypw" options.
+ [190683bac878]
+
+ * sudoers.cat, sudoers.man, sudoers.pod:
+ o Fix some typos/omissions o Add section on verifypw and listpw o
+ Define how NOPASSWD interacts with the -v and -l flags
+ [6feb7350eb79]
+
+2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
+ -D_HPUX_SOURCE to CPPFLAGS.
+ [06cc35d89dc8]
+
+ * defaults.c, defaults.h:
+ In struct sudo_defs_types, move the union to the end and don't
+ initialize the union member since that only works with an ANSI
+ compiler. We set the value of the union by hand in init_defaults()
+ anyway. This allows sudo to compile on a K&R compiler again.
+ [623487e1fcfa]
+
+2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
+ netgr_matches needs to check shost as well as host since they may be
+ different.
+ [3f43ace23d3e]
+
+ * tgetpass.c:
+ End on \r as well as \n
+ [cb7c6e6f4202]
+
+2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
+ from 0400 to whatever SUDOERS_MODE is (converting from the old
+ sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
+ 0400 which should always be the case.
+ [34cd83d49d20]
+
+ * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
+ w/o a passwd if there is *any* entry for the user on the host with a
+ NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
+ the user on the host w/ the specified runas user have the NOPASSWD
+ flag set.
+ [4b3b85697653]
+
+ * Makefile.in:
+ add check target
+ [3d24d34a76fd]
+
+1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Treat EOF at whatnow prompt like 'x' instead of looping.
+ [5deffc27114c]
+
+1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ recent changes
+ [5836a9452568] [SUDO_1_6_1]
+
+1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in, sudo.c:
+ Add check for initgroups() since old SYSV lacks this.
+ [657a6005a569]
+
+ * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
+ parse.c, testsudoers.c:
+ o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
+ exists.
+ [17d081e917d6]
+
+1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [b20c14db6029]
+
+ * CHANGES, RUNSON:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [974f4780254b]
+
+ * insults.h:
+ Don't allow insults to be enabled if the insults[] array is empty.
+ Otherwise there would be division by zero.
+ [028f130204b0]
+
+ * insults.h:
+ Don't care about USE_INSULTS #define since the insult stuff may be
+ overridden at runtime.
+ [b873df8b299c]
+
+ * auth/sudo_auth.c:
+ Honor insults flag.
+ [756111640fdc]
+
+ * CHANGES, parse.c:
+ Don't ask the user for a password if the user is not allowed to run
+ the command and the authenticate flag (in sudoers) is false.
+ [cea9fdc09c76]
+
+ * CHANGES, RUNSON, lex.yy.c, parse.lex:
+ o Whenever we get a bare newline we change to the INITIAL state. o
+ Enter GOTRUNAS when we see Runas_Alias
+
+ This allows #uid to work in a RunasAlias.
+ [a475513e7c7a]
+
+1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, parse.yacc, sudo.tab.c:
+ fix parsing of runas lists: o oprunasuser and runaslist now return a
+ value o in a runasspec, if a runaslist does not return TRUE, set
+ runas_matches to FALSE. Normally, a runaslist only returns FALSE for
+ explicitly denied users. o since runaslist does not modify the stack
+ there is no need for a push/pop in runasalias.
+ [82b305b34a8c]
+
+ * check.c, sudo.c:
+ Don't kill the user's tickets until after sudoers has been parsed
+ since tty_tickets and ticket_dir could be set in sudoers.
+ [f43e25367f3a]
+
+ * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
+ configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
+ sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
+ crank version to 1.6
+ [95f8bdcf9bb2]
+
+ * testsudoers.c:
+ add set_fqdn() stub
+ [bbc81af5b41a]
+
+1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
+ sudoers.man, sudoers.pod, visudo.c:
+ o Kill shell_noargs option, it cannot work since the command needs
+ to be set before sudoers is parsed. o Fix the "set_home" sudoers
+ option (only worked at compile time). o Fix "fqdn" sudoers option.
+ We now set host/shost via set_fqdn which gets called when the "fqdn"
+ option is set in sudoers. o Move the openlog() to store_syslogfac()
+ so this gets overridden correctly from the sudoers file.
+ [3dca861f0f5d]
+
+ * auth/securid.c:
+ SecurID support should compile now.
+ [a544e5c6ea34]
+
+1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
+ visudo.man, visudo.pod:
+ fix some syntactic goofs
+ [b3451f0d5239]
+
+1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudo.html, sudoers.html, visudo.html:
+ No longer need the .html files as they are generated automatically
+ on the web site.
+ [1b4aa4204584]
+
+ * CHANGES, LICENSE:
+ kill characters that made wml unhappy
+ [b988fbc6da56]
+
+ * HISTORY:
+ typo
+ [a418963f7fce]
+
+1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ majordomo@cs.colorado.edu -> majordomo@courtesan.com
+ [5d151e8ffd3b]
+
+ * Makefile.in, configure:
+ Wrap script execution w/ /bin/sh for the benefit of ctm
+ [3a9c4766b2c3]
+
+1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Make the -s flag be exclusive too. Also reorder the flags in the
+ exclusive usage message so they are alphabetical.
+ [4c7af200db34]
+
+1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ make pam errors other than PAM_PERM_DENIED fatal
+ [64bcb3fd2baf]
+
+ * auth/API:
+ fix typo
+ [f3134c88b12e]
+
+ * INSTALL:
+ make it clear that /etc/pam.d/sudo is required on linux
+ [213cc3eaad82]
+
+ * auth/pam.c:
+ fix a warning on redhat and spew an error if pam_authenticate()
+ returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
+ [7e46dd19da89]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Be very clear that the password required is the user's not root's
+ [a6da127347e5]
+
+1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ add sample.syslog.conf to DISTFILES and BINFILES
+ [8661c27c007e]
+
+1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updates from Brian Jackson + some formatting
+ [6d31c6fa63f8]
+
+1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.binary, Makefile.binary, README, RUNSON:
+ o One RUNSon update o Changes for automating real binary releases
+ [dd9585f4406c]
+
+ * Makefile.in:
+ Add bindist target
+ [546ed3fa94bb]
+
+1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ talk about run-time options in addition to compile-time options
+ [1eb813ff0a9a] [SUDO_1_6_0]
+
+ * CHANGES:
+ fix typos
+ [65e92bb70a7b]
+
+ * sudo.c:
+ need sys/time.h if HAVE_SETRLIMIT
+ [ce31655a8a60]
+
+ * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
+ sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ get rid of references to sudo-bugs. Now mention the web site or the
+ sudo@ alias
+ [a9db861fd8c6]
+
+ * sudoers.html:
+ repair pod2html damage
+ [62ece4277f1f]
+
+ * RUNSON, TODO:
+ Update for 1.6 release
+ [98569c57ba2a]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Add warning about using ALL in a command context.
+ [6c77685ab280]
+
+1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ Call yyrestart() on a parse error to reset the lexer state.
+ [1370a27acdb2]
+
+ * lex.yy.c, parse.lex:
+ Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
+ since it might not get called in yywrap if we get a parse error (and
+ we only reread the file on error anyway).
+ [37f4b449e28e]
+
+ * lex.yy.c, parse.lex:
+ Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
+ might still exist. Call yyrestart() instead of using the deprecated
+ YY_NEW_FILE macro.
+ [7d0d873046c6]
+
+ * lex.yy.c, parse.lex:
+ flex doesn't need %N table size declarations
+ [268b020fd60a]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ Mention what characters need to be escaped in names.
+ [72ccbb6b0f31]
+
+1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure:
+ regen
+ [65827abb5c7b]
+
+ * INSTALL:
+ clarify Mac OS X entry
+ [8da1549a71f5]
+
+ * RUNSON:
+ update
+ [0cff8df7459f]
+
+ * configure.in:
+ o Use AC_MSG_ERROR throughout o Check syslog configure options for
+ danity
+ [4cb81e642e5c]
+
+1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Fix printing of type T_MODE in dump_defaults()
+ [a868bb6f5515]
+
+ * strcasecmp.c:
+ missing sys/types.h
+ [ca694ca325b6]
+
+ * INSTALL:
+ Break out options that may be overridden at run time into their own
+ section. Add a not about Max OS X and correct some lies.
+ [d8bcfd120593]
+
+1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in, sudo.c:
+ o Now use getrlimit to find the highest fd when closing all non-std
+ fd's o Turn off core dumps via setrlimit for the sake of paranoia
+ [dd9f651b6def]
+
+ * RUNSON:
+ updates
+ [f581841fe615]
+
+1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [553baa1d44c7]
+
+ * tgetpass.c:
+ When read()'ing, do a single character at a time to be sure we don't
+ go oast the newline.
+ [907d33f55bb4]
+
+ * sudo.c:
+ For the sudo_root option, check against user_uid, not getuid() since
+ at this point, ruid == euid == 0.
+ [92d5c51939b4]
+
+ * RUNSON:
+ some updates
+ [e3ed0c1f312b]
+
+ * logging.h:
+ Fix compilation problem when --with-logging=file was specified. This
+ means that syslog is now required to build sudo but that should not
+ be a problem. If it is it can be fixed trivially with a configure
+ check for syslog() or syslog.h.
+ [839a4b069190]
+
+ * tgetpass.c:
+ Make this work again for things like "sudo echo hi | more" where the
+ tty gets put into character at a time mode. We read until we read
+ end of line or we run out of space (similar to fgets(3)).
+ [c8f746df2e63]
+
+1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ change ital to bold
+ [f860978e530a]
+
+ * RUNSON:
+ update
+ [9bcfbb405568]
+
+1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Error out if syslog parameters are given without a value. For Ultrix
+ or 4.2BSD "syslog" is allowed without a value since there are no
+ facilities in the 4.2BSD syslog.
+ [69e7a686f5f0]
+
+1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ Ignore the syslog facility for systems w/ old syslog like Ultrix.
+ [5c250adbbb84]
+
+ * TROUBLESHOOTING:
+ people with "." early in their path can have problems running sudo
+ from the build dir ;-)
+ [20a1744a24a4]
+
+1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Remove -r realm option
+ [127caa537f95]
+
+ * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
+ configure.in, sudo.c:
+ New krb5 code from Frank Cusack <fcusack@iconnet.net>.
+ [7177a3893a62]
+
+ * CHANGES:
+ update to reality
+ [766cfbb512d6]
+
+1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c:
+ include <auth.h> to get function prototypes.
+ [d6c7c12d09fe]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ document -L flag
+ [dc803e1ce0d7]
+
+1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ in set_perms(), always call setuid(0) before changing the ruid/euid
+ so we always know it will succeed.
+ [8cced1b862bf]
+
+ * defaults.h:
+ #undef T_FOO to avoid conflicts with system defines (like on
+ ULTRIX).
+ [d9f0aac092b0]
+
+ * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
+ sudoers.pod:
+ Docuement "Defaults" lines in /etc/sudoers. Still needs some
+ fleshing out but this is a start.
+ [521a1e629bbc]
+
+1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * use strtol, not strtoul since not everyone has not strtoul
+ [988462f093cc]
+
+ * defaults.c:
+ use strtol, not strtoul since not everyone has not strtoul
+ [fce835ce62e3]
+
+ * lex.yy.c, parse.lex:
+ last {WORD} rule should only apply in the INITIAL state
+ [9b57570bfa83]
+
+ * lex.yy.c, parse.lex:
+ o Add support for escaped characters in the WORD macro o Modify
+ fill() to squash escape chars
+ [87572d59e4e0]
+
+ * defaults.c, defaults.h:
+ o Add T_PATH flag to allow simple sanity checks for default values
+ that are supposed to be pathnames. o Fix a duplicate free when
+ visudo finds an error.
+ [bdc6855a6c6d]
+
+1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c, defaults.h, logging.c:
+ mail_if_foo -> mail_foo
+ [cbee9415875d]
+
+1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
+ o Add requiretty option o Move O_NOCTTY to compat.h
+ [65b8bf0e1795]
+
+ * logging.c:
+ The exit() in log_error() was mistakenly removed in a previous
+ version. Put it back...
+ [9473449130a4]
+
+1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+ auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
+ configure, configure.in, defaults.c, defaults.h, find_path.c,
+ getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
+ o Change defaults stuff to put the value right in the struct. o
+ Implement mailer_flags o Store syslog stuff both in int and string
+ form. Setting the string form magically updates the int version. o
+ Add boolean attribute to strings where it makes sense to say !foo
+ [4698953f9a36]
+
+ * tgetpass.c:
+ add O_NOCTTY when opening /dev/tty just in case
+ [4c6d1d1bb300]
+
+1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API:
+ cleanup function no longer takes a status arg
+ [0819edbfe7f8]
+
+ * INSTALL:
+ the the
+ [19aadb65ea28]
+
+1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO, config.h.in, configure, configure.in, logging.c:
+ Use strftime() instead of ctime() if it is available.
+ [fb60ea63b514]
+
+1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * defaults.c:
+ fix copyright date
+ [4a53b54aa72f]
+
+ * RUNSON:
+ update ReliantUNIX entry
+ [de618a4f67d9]
+
+ * defaults.c, defaults.h, logging.c:
+ add log_year option
+ [251a9e20568a]
+
+ * configure, configure.in:
+ add --without-sendmail to help output
+ [93162f199902]
+
+ * configure, configure.in:
+ enforce an otctal arg for --with-suoders-mode
+ [45e1b04ccad3]
+
+1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
+ auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
+ auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
+ defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
+ testsudoers.c, version.c, visudo.c:
+ Add support for "Defaults" line in sudoers to make configuration
+ variables changable at runtime (and on a global, per-host and per-
+ user basis). Both the names and the internal representation are
+ still subject to change. It was necessary to make sudo_user.runas
+ but a char ** instead of a char * since this value can be changed by
+ a Defaults line. There is a similar (but more complicated) issue
+ with sudo_user.prompt but it is handled differently at the moment.
+
+ Add a "-L" flag to list the name of options with their descriptions.
+ This may only be temporary.
+
+ Move some prototypes to parse.h
+
+ Be much less restrictive on what is allowed for a username.
+ [f71abf7ba80c]
+
+ * sample.syslog.conf:
+ Add more info
+ [e952e6f42d4d]
+
+1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
+ strcasecmp.c:
+ UCB has dropped the advertising clause from their license.
+ [a5602b36a341]
+
+1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.h:
+ move dce_verofy proto to correct section
+ [972c815af558]
+
+ * auth/dce.c:
+ remove XXX
+ [820631855be0]
+
+1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * emul/fnmatch.h:
+ Add fnmatch() prototype
+ [79e84576d92a]
+
+ * fnmatch.c, parse.c, testsudoers.c:
+ Move inclusion of emul/fnmatch.h to be after sudo.h for __P
+ [1182c89fa811]
+
+ * sudo.h:
+ add strcasecmp proto
+ [512d1d8a6a0c]
+
+ * auth/sudo_auth.c:
+ add check for case where there are no auth methods
+ [e4af2b91b43e]
+
+ * configure, configure.in:
+ Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
+ SunOS4 w/ gcc
+ [746ce8bcec23]
+
+ * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
+ include strings.h everywhere we include string.h
+ [6f7d5d437e7b]
+
+ * version.c:
+ nicer output when showing auth methods
+ [0eac4b977f9d]
+
+ * version.c:
+ Add support for SEND_MAIL_WHEN_NO_HOST
+ [9f20a3a3fae6]
+
+ * config.h.in, configure, configure.in:
+ Add _GNU_SOURCE for Linux
+ [c7bd8c511847]
+
+ * lex.yy.c, parse.lex:
+ fix definition of OCTECT
+ [4af30e63244d]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [fe95dfb08df4]
+
+1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
+ keyboard). Since we run with ruid/euid == 0 the user can't really
+ signal us in nasty ways.
+ [a7f6487c0f48]
+
+ * visudo.c:
+ Don't need to worry about catching too many signals since we do
+ locking on the tmp file. If a lockfile is really stale, it will be
+ detected and overwritten.
+ [28983db3e749]
+
+ * INSTALL, Makefile.in:
+ include auth/API in tarball
+ [014991600252]
+
+ * auth/sudo_auth.c:
+ move memset() of plaintext pw outside of verify loop and only do the
+ memset if we are *not* in standalone mode.
+ [66f8e87567e2]
+
+ * auth/sudo_auth.c, auth/sudo_auth.h:
+ DCE is not a standalone method
+ [34963e2d8a1b]
+
+ * sudo.c:
+ fix --enable-noargs-shell
+ [4234062abbb0]
+
+ * snprintf.c:
+ "#ifdef __STDC__" not "#if __STDC__" (I missed one)
+ [c430b80454c6]
+
+ * auth/fwtk.c, auth/sia.c:
+ _cleanup() function returns an int.
+ [d1a1cc071ec1]
+
+ * auth/dce.c:
+ there were still some return(0)'s hanging around, make them
+ AUTH_FAILURE
+ [1002aa1962c3]
+
+ * parse.c:
+ typo in comment
+ [5abc410dbfd2]
+
+ * version.c:
+ add missing semicolon
+ [a262283b52a5]
+
+ * auth/sudo_auth.h:
+ missing backslash
+ [bf89f6bd2900]
+
+1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, config.h.in, configure, configure.in:
+ Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+ [f1a9bca0cf67]
+
+ * Makefile.in:
+ add parse.h to HDRS
+ [a3d054987766]
+
+ * Makefile.in, configure, configure.in:
+ Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
+ LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
+ network libs like -lsocket, -lnsl go in NET_LIBS. This allows
+ testsudoers to build on Solaris and is a bit cleaner in general.
+ [4e6239e97002]
+
+ * UPGRADE:
+ mention ptmp -> sudoers.tmp
+ [ec3baa0fe8a1]
+
+ * config.h.in, configure, configure.in:
+ Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+ [6f93dc7f39f5]
+
+ * RUNSON:
+ add 2 reports
+ [ce0fcc00ee4e]
+
+ * auth/kerb5.c:
+ Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
+ return a value more like a system function
+ [0dd56aa21424]
+
+ * auth/dce.c:
+ Add an XXX
+ [58fc8562c212]
+
+ * TODO:
+ more things todo!
+ [5a459d0cf339]
+
+ * sample.sudoers:
+ update based on what is in the man page
+ [1a0477db96fa]
+
+ * parse.yacc, sudo.tab.c:
+ minor change to first line printed in -l mode
+ [69eb57d96952]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard and add "EXAMPLES" section
+ [7e543335ebe1]
+
+ * visudo.cat, visudo.html, visudo.man, visudo.pod:
+ rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+ standard
+ [f82d87ed65c2]
+
+ * logging.c, parse.c, sudo.h:
+ add FLAG_NO_CHECK
+ [c7d69176a2d7]
+
+ * lex.yy.c, parse.lex:
+ make an OCTET really be limited to 0-255
+ [6ee568dd6a02]
+
+ * UPGRADE:
+ mention timestamp changes
+ [e44d5302bf60]
+
+ * PORTING:
+ cosmetic cleanup
+ [36fa3a2664dd]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ new sudoers(8) man page
+ [e674d06283d0]
+
+1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.c:
+ Update comments about syslog name tables
+ [63830a782dcb]
+
+ * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
+ strcasecmp.c, sudo.tab.c:
+ include strcasecmp() for those without it
+ [a0d8e2488bbc]
+
+ * sample.sudoers:
+ Use the : operator some more and fix a typo
+ [18804c70da86]
+
+ * HISTORY:
+ update the history of sudo
+ [9d9b3d5279b3]
+
+ * parse.c, parse.lex, testsudoers.c:
+ CIDR-style netmask support
+ [768644467353]
+
+ * CHANGES:
+ recent changes
+ [a4319e9d07cb]
+
+ * sudo.tab.c, sudo.tab.h:
+ these should be generated with byacc, not bison
+ [f57b9489b752]
+
+ * lex.yy.c:
+ regen
+ [522461f95dfa]
+
+ * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
+ In "sudo -l" mode, the type of the stored (expanded) alias was not
+ stored with the contents. This could lead to incorrect output if the
+ sudoers file had different alias types with the same name. Normal
+ parsing (ie: not in '-l' mode) is unaffected.
+ [823fe2bc4b79]
+
+1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ define _XOPEN_SOURCE to get at crypt() proto on some systems
+ [1b3769b86fb9]
+
+1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ fix comment
+ [fc1264df00f7]
+
+ * tgetpass.c:
+ don't need limits.h
+ [f1631829af45]
+
+ * snprintf.c:
+ kill bogus reference to vfprintf
+ [a0b99b25d389]
+
+ * sample.sudoers, sudoers:
+ better examples
+ [b4d87ea64cc8]
+
+ * snprintf.c:
+ Add some const in the K&R defs. This is safe since we define const
+ away if the compiler doesn't grok it.
+ [614d6e83d45e]
+
+ * aclocal.m4, configure:
+ Better test for working long long support. Ultrix compiler supports
+ basic long long but not all operations on them.
+ [5da1508710ed]
+
+ * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
+ snprintf.c, sudo.c:
+ Add check for LONG_IS_QUAD #undef MAXINT before including
+ hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
+ in snprintf.c and use LONG_IS_QUAD
+ [a1f7993367fc]
+
+1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
+ snprintf.c:
+ UCB-derived snprintf + asprintf support. Supports quads if the
+ compiler does. No floating point yet, perhaps later...
+ [0caf05aba945]
+
+1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
+ goodpath.c, logging.c, parse.c, sudo.c:
+ Run most of the code as root, not the invoking user. It doesn't
+ really gain us anything to run as the user since an attacker can
+ just have an setuid(0) in their egg. Running as root solves
+ potential problems wrt signalling.
+ [408e530dda01]
+
+ * sudo.tab.c:
+ regen
+ [f8cfb37e37de]
+
+1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c, sudo.c:
+ Don't wait for child to finish in log_error(), let the signal
+ handler get it if we are still running, else let init reap it for
+ us. The extra time it takes to wait lets the user know that mail is
+ being sent.
+
+ Install SIGCHLD handler in main() and for POSIX signals, block
+ everything
+ *except* SIGCHLD.
+ [d2b6ab0ef3be]
+
+ * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
+ parse.yacc, sudo.c, sudo.h:
+ sudoers_lookup() now returns a bitmap instead of an int. This makes
+ it possible to express things like "failed to validate because user
+ not listed for this host". Some thigns that were previously
+ VALIDATE_FOO are now FLAG_FOO. This may change later on.
+
+ Reorganized code in log_auth() and sudo.c to deal with above
+ changes.
+
+ Safer versions of push/pushcp with in the do { ... } while (0) style
+
+ parse.yacc now saves info on the stack to allow parse.c to determine
+ if a user was listed, but not for the host he/she tried to run on.
+
+ Added --with-mail-if-no-host option
+ [63326cb01efc]
+
+1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
+ visudo.man, visudo.pod:
+ o NewArgv and NewArgc don't need to be externally visible. o If
+ pedantic > 1, it is a parse error. o Add -s (strict) option to
+ visudo which sets pedantic to 2.
+ [5d7d81b55cd5]
+
+ * HISTORY, INSTALL:
+ Just have sudo-bugs contact info in one place
+ [e7f6588ea683]
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Add BUGS section
+ [6607d96ea510]
+
+ * Makefile.in, configure, configure.in:
+ Add testsudoers to default build target if --with-devel Don't clean
+ generated parser files unless "distclean".
+ [5827b769dc57]
+
+ * parse.yacc, sudo.tab.c:
+ In pedantic mode we need to save *all* the aliases, not just those
+ that match, or we get spurious warnings.
+ [24f5b1f0e1de]
+
+ * TROUBLESHOOTING:
+ reference samples.sylog.conf
+ [11841668380a]
+
+1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.syslog.conf:
+ Sample entries for syslog.conf
+ [0f7697d878a1]
+
+ * CHANGES:
+ recent changes
+ [8bca8810c6bd]
+
+ * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
+ auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+ auth/sudo_auth.c, auth/sudo_auth.h:
+ In struct sudo_auth, turn need_root and configured into flags and
+ add a flag to specify an auth method is running alone (the only
+ one). Pass auth methods their sudo_auth pointer, not the data
+ pointer. This allows us to get at the flags and tell if we are the
+ only auth method. That, in turn, allows the method to be able to
+ decide what should/should not be a fatal error. Currently only
+ rfc1938 uses it this way, which allows us to kill the OTP_ONLY
+ define and te hackery that went with it. With access to the
+ sudo_auth struct, methods can also get at a string holding their
+ cannonical name (useful in error messages).
+ [b7e320fc6511]
+
+ * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
+ getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
+ sudo.tab.h:
+ o --with-otp deprecated, use --without-passwd instead o real
+ dependencies in the Makefile o --with-devel option to enable yacc,
+ lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
+ back to being a token, not a string but don't leak memory o rename
+ hsotspec -> host in parse.yacc
+ [912c45226cb2]
+
+1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, CHANGES:
+ recent changes
+ [801fa6e55687]
+
+ * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
+ sudo.c, sudo.h:
+ o Digital UNIX needs to check for *snprintf() before -ldb is added
+ to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
+ for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
+ functions in snprintf.c to fix -Wall o Add missing includes to fix
+ more -Wall
+ [8d207203e126]
+
+ * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
+ configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
+ visudo.c:
+ o Add a "pedentic" flag to the parser. This makes sudo warn in cases
+ where an alias may be used before it is defined. Only turned on for
+ visudo and testsudoers. o Add --disable-authentication option that
+ makes sudo not require authentication by default. The PASSWD tag can
+ be used to require authentication for an entry. We no longer
+ overload --without-passwd.
+ [f307e09adf98]
+
+ * lex.yy.c, parse.lex:
+ Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
+ username can contain just about anything so be very permissive. Also
+ drop the unused \. punctuation.
+ [06a50614ff89]
+
+1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c:
+ o add a 'val' element to aliasinfo struct and move -> parse.h o
+ find_alias() now returns an aliasinfo * instead of boolean o
+ add_alias() now takes a value parameter to store in the
+ aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
+ return: 1) positive match 0) negative match (due to '!')
+ -1) no match This means setting $$ explicitly in all cases, which I
+ should have done in the first place. It also means that we always
+ store a value that is != -1 and when we see a '!' we can set
+ *_matches to !rv if rv != -1. The upshot of all of this is that '!'
+ now works the way it should in lists and some of the rules are more
+ uniform and sensible.
+ [ad8e73b5d581]
+
+ * Makefile.in:
+ add parse.h dependency
+ [4ccccd464d30]
+
+ * parse.h:
+ kill unused *_matched macros
+ [02cba6dcb732]
+
+ * parse.yacc:
+ Allow a list of users as the first thing in a user spec, not just a
+ single entry. This makes things more uniform, though it does allow
+ you to write user specs that are hard to read.
+ [3c4c91c508ca]
+
+ * sudo.tab.c:
+ parse.yacc
+ [feca81881bb6]
+
+ * configure:
+ regen
+ [6f247010bb3b]
+
+ * configure.in:
+ fix check for crypt() in libufc
+ [82770736f4b0]
+
+1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ sudo-users list now exists
+ [4716d2bb0bbf]
+
+ * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
+ Update to reality.
+ [1eda2d57e42a]
+
+ * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
+ config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
+ version.c, visudo.c:
+ o Move lock_file() and touch() into fileops.c so visudo can use them
+ o Visudo now locks the sudoers temp file instead of bailing when the
+ temp file already exists. This fixes the problem of stale temp files
+ but it does *require* that you not try to put the temp file in a
+ world-writable directory. This shoud not be an issue as the temp
+ file should live in the same dir as sudoers. o Visudo now only
+ installs the temp file as sudoers if it changed.
+ [2517cd06c070]
+
+1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ add fcntl locking
+ [c304adeaf515]
+
+ * config.h.in, configure, configure.in, logging.c:
+ Lock the log file.
+ [d8652704fbdf]
+
+ * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
+ temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
+ -> _PATH_SUDOERS_TMP
+ [68cad8975807]
+
+1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
+ o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
+ root sudo -V config reporting
+ [cdd2613a9dcf]
+
+ * configure, configure.in:
+ aix_auth.o not authenticate.o
+ [d972e35f6730]
+
+ * config.h.in:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [2595ae50ab86]
+
+ * INSTALL, configure, configure.in, logging.h:
+ Add --with-goodpri and --with-badpri configure options to specify
+ the syslog priority to use.
+ [8276ee9b2b49]
+
+ * compat.h:
+ kill crufty AIX stuff
+ [a4f35ef9854e]
+
+ * Makefile.in:
+ Sigh, some versions of make (like Solaris's) don't deal with $< like
+ I would expect. Both GNU and BSD makes get this right but... So, we
+ just expand $< inline at the cost of some ugliness.
+ [b1b456f8801f]
+
+ * version.c:
+ If the invoking user is root, sudo will now print configure info in
+ -V mode. Currently just prints logging info, to be expanded later.
+ [392f7ed99267]
+
+ * logging.c, logging.h, sudo.c, sudo.h:
+ o new defines for syslog facility and priority o use new
+ print_version() functino for -V mode
+ [78abc5142985]
+
+ * check.c:
+ Don't need version.c
+ [db9a830ad893]
+
+ * aclocal.m4, config.h.in, configure, configure.in:
+ Add check for syslog facilities and priorities tables in syslog.h
+ [b86213e5fc5c]
+
+ * Makefile.in:
+ o authenticate -> aix_auth o add version.c
+ [44b6b9a8d0f5]
+
+ * auth/sudo_auth.c:
+ Missed a prompt -> user_prompt conversion
+ [e4c60b1f210c]
+
+1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ sudo should lock its logfile
+ [6d2830b28b07]
+
+ * parse.yacc, sudo.tab.c:
+ o Add '!' correctly when expanding Aliases. o Add shortcut macros
+ for append() to make things more readable. o The separator in
+ append() is now a string instead of a char. o In append(), only
+ prepend the separator if the last char is not a '!'. This is a hack
+ but it greatly simplifies '!' handling. o In -l mode, Runas lists
+ and NOPASSWD/PASSWD tags are now inherited across entries in a list
+ (matches current behavior). o Fix formatting in -l mode such that
+ items in a list are separated by a space. Greatlt improves
+ readability. o Space for name field in struct aliasinfo is now
+ allocated dyanically instead of using a (big) buffer. o In
+ add_alias(), only search the list once (lsearch instead of lfind +
+ lsearch)
+ [51f7e07addb9]
+
+ * lex.yy.c, sudo.tab.c, sudo.tab.h:
+ regen
+ [5c19bb05dc21]
+
+ * configure, configure.in:
+ Solais pam doesn't require anye xtra setup
+ [a25ba03d91d1]
+
+ * parse.yacc:
+ o Simpler '!' support now that the lexer deals with multiple !'s for
+ us. o In the case of opFOO, have FOO give a boolean return value and
+ set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
+ it gets fill()'d in parse.lex--fixes a small memory leak. In the
+ long run it may be better to just fix parse.lex and make ALL back
+ into a token. However, having it be a string is useful since it can
+ be easily passed back to the parent rule if we so desire.
+ [b3c64b443018]
+
+ * parse.lex:
+ o Remove some unnecessary backslashes o collapse multiple !'s by
+ using !+ and checking if yyleng is even or odd. this allows us to
+ simplify ! handling in parse.yacc
+ [76330e8da8e3]
+
+ * sudo.c:
+ -u flag was being ignored
+ [e30283207585]
+
+1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ correct fix
+ [a0e2377dec8f]
+
+ * Makefile.in:
+ work around pod2man stupididy
+ [7c755640b67f]
+
+ * Makefile.in:
+ correct dependencies for .cat
+ [5ed7b0653b68]
+
+ * sudo.cat, sudo.man, visudo.cat, visudo.man:
+ regen
+ [b74510dd6a0a]
+
+ * sudo.pod, visudo.pod:
+ Add copyright Update to reality
+ [188e9b046c15]
+
+ * parse.c, sudo.c, sudo.h:
+ rename validate() to the more descriptive sudoers_lookup()
+ [7a1cb652f379]
+
+ * auth/aix_auth.c:
+ use tgetpass
+ [b8ba5daec40a]
+
+1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [e61460cdf4a0]
+
+ * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
+ configure, configure.in, sudo.c:
+ Sudo, not CU Sudo
+ [9061b3573c0c]
+
+ * LICENSE:
+ add 4th term to license similar to term 5 in the apache license
+ [92712e895afb]
+
+ * emul/search.h, emul/utime.h:
+ add 4th term to license similar to term 5 in the apache license
+ [4f93a8b9396e]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
+ auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
+ auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add 4th term to license similar to term 5 in the apache license
+ [afae9f2bf9ec]
+
+ * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
+ getspwuid.c, goodpath.c:
+ add 4th term to license similar to term 5 in the apache license
+ [969e63dbd38e]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ add 4th term to license similar to term 5 in the apache license
+ [c389d3fdafac]
+
+ * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
+ insults.h, logging.c, sudo.c, sudo.h:
+ there was a 1995 release too
+ [5963fd89457a]
+
+1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [254b794f16ab]
+
+ * check.c:
+ Use dirs instead of files for timestamp. This allows tty and non-
+ tty schemes to coexist reasonably. Note, however, that when you
+ update a tty ticket, the mtime on the user dir gets updated as well.
+ [44bfac32f799]
+
+ * configure, configure.in:
+ Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
+ when linking test program, not just -lprot. Also add check for
+ getspnam(). The SCO docs indicate that /etc/shadow can be used but
+ this may be a lie.
+ [2ba21d36cc1e]
+
+1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/API:
+ first cut at auth API description
+ [3d10df021eb8]
+
+1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
+ auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
+ auth/sudo_auth.h:
+ auth API change. There is now an init method that gets run before
+ the main loop. This allows auth routines to differentiate between
+ initialization that happens once vs. setup that needs to run each
+ time through the loop.
+ [76df1c0d3478]
+
+ * auth/kerb5.c, logging.c:
+ use easprintf() and evasprintf()
+ [fd97d96dc12f]
+
+ * alloc.c, sudo.h:
+ add easprintf() and evasprintf(), error checking versions of
+ asprintf() and vasprintf()
+ [f54385de20b7]
+
+ * TODO:
+ remove 2 items. One done, one won't do.
+ [64513b47bc7a]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [4aa299de2752]
+
+ * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
+ visudo.html, visudo.man:
+ regen
+ [553c0d1209be]
+
+ * CHANGES:
+ new changes
+ [d7be00b7e36b]
+
+ * sudo.pod:
+ o Document -K flag and update meaning of -k flag. o BSD-style
+ copyright o Document clearing of BIND resolver environment variables
+ o Clarify bit about shared libs o suggest rc files create /tmp/.odus
+ if your OS gives away files
+ [4a4092be1455]
+
+ * visudo.pod:
+ BSD license
+ [ad0bfd0a4630]
+
+ * version.h:
+ BSD-style copyright
+ [ecc6479325be]
+
+ * tgetpass.c:
+ o BSD copyright o no need to block signals, we now do that in main()
+ o cosmetic changes
+ [61958beda7ab]
+
+ * testsudoers.c, visudo.c:
+ o BSD-style copyright o Use "struct sudo_user" instead of old
+ globals. o some cometic cleanup
+ [88c0c6924082]
+
+ * sudo_setenv.c:
+ BSD-style copyright
+ [df20290129a0]
+
+ * sudo.h:
+ o BSD copyright o logging and parser bits moved to their own .h
+ files o new "struct sudo_user" to encapsulate many of the old
+ globals.
+ [50fc86bf25cb]
+
+ * sudo.c:
+ o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
+ logging routines o simplified flow of control o BIND resolver
+ additions to badenv_table
+ [8c53f15bfcb0]
+
+ * strerror.c:
+ BSD-style copyright
+ [7c906c3a82ac]
+
+ * snprintf.c:
+ Now compiles on more K&R compilers
+ [07ab1d3231c7]
+
+ * putenv.c:
+ BSD-style copyright, cosmetic changes
+ [c42371295881]
+
+ * pathnames.h.in:
+ BSD-style copyright
+ [e5c34ebd4cf1]
+
+ * parse.c, parse.h, parse.lex, parse.yacc:
+ BSD-style copyright. Move parser-specific defines and structs into
+ parse.h + other cosmetic changes
+ [d3088efb6228]
+
+ * logging.h:
+ defines for logging routines
+ [13147941c02d]
+
+ * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
+ BSD-style copyright, cosmetic changes
+ [e8205e91a4fa]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.h:
+ BSD-style copyright
+ [b9499da7cdce]
+
+ * configure.in:
+ o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
+ kill --disable-tgetpass o add --without-passwd o changes to fill in
+ AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
+ v?asprintf() o replace --with-AuthSRV with --with-fwtk
+ [9a3f39b9c128]
+
+ * config.h.in:
+ BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
+ HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
+ HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
+ [9a09054db53a]
+
+ * compat.h:
+ BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
+ [25509c566975]
+
+ * alloc.c:
+ BSD-style copyright
+ [4967be892363]
+
+ * TROUBLESHOOTING:
+ no more --with-getpass
+ [afd5b670c196]
+
+ * TODO:
+ Take out things I've done...
+ [375420c8270e]
+
+ * README:
+ Refer to LICENSE
+ [c486c8db30f6]
+
+ * PORTING:
+ --with-getpass no longer exists
+ [db48202df1bb]
+
+ * Makefile.in:
+ BSD-style copyright. Update to reflect reality wrt new files and new
+ auth modules.
+ [61a2ca7940fb]
+
+ * INSTALL:
+ Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
+ --without-passwd.
+ [64e8f9e1c05e]
+
+ * HISTORY:
+ Update history a bit
+ [df60c0a871b8]
+
+ * COPYING, LICENSE:
+ Now distributed under a BSD-style license
+ [d1a184ccabe1]
+
+ * auth/sudo_auth.c:
+ o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
+ options. o skey/opie replaced by rfc1938 code o new struct sudo_user
+ global
+ [891b57060868]
+
+ * auth/pam.c, auth/sia.c:
+ BSD-style copyright and use new log functions
+ [65c44445ea84]
+
+ * auth/kerb5.c:
+ o BSD-style copyright o Use new log functiongs o Use asprintf() and
+ snprintf() where sensible.
+ [1ff0feaacf95]
+
+ * check.c:
+ Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
+ done more reasonably--better sanity checks and tty-based stamps are
+ now done as files in a directory with the same name as the invoking
+ user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
+ to mix tty and non-tty based ticket schemes but this may change in
+ the future (it requires sudo to use a directory instead of a file in
+ the non-tty case). Also, ``sudo -k'' now sets the ticket back to the
+ epoch and ``sudo -K'' really deletes the file. That way you don't
+ get the lecture again just because you killed your ticket in
+ .logout. BSD-style copyright now.
+ [ec3460f85be8]
+
+ * logging.c:
+ o rewritten logging routines. log_error() now takes printf-style
+ varargs and log_auth() for the return value of validate(). o BSD-
+ style copyright
+ [438292025c4e]
+
+ * auth.c, check_sia.c, dce_pwent.c, secureware.c:
+ superceded by new auth API
+ [412060590da7]
+
+ * auth/kerb4.c:
+ BSD-style copyright
+ [cc4e800833c7]
+
+ * auth/fwtk.c:
+ Use snprintf() where it makes sense and add a BSD-style copyright
+ [1b7502388a74]
+
+ * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
+ auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
+ BSD-style copyright
+ [42583bedae5c]
+
+ * emul/utime.h, utime.c:
+ BSD-style copyright
+ [3985c90aba47]
+
+ * emul/search.h:
+ this has been rewritten so use my BSD-style copyright
+ [176df1b0de6f]
+
+1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * snprintf.c:
+ include malloc.h if no stdlib.h
+ [7b123f1d1d03]
+
+ * snprintf.c:
+ KTH snprintf()/asprintf() for systems w/o them
+ [3ca9aefb9d01]
+
+ * strerror.c:
+ strerror() for systems w/o it
+ [7f0bd8a1c1b4]
+
+1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ stylistic changes
+ [6f99aceb7170]
+
+ * parse.c, parse.lex, parse.yacc:
+ Add contribution info in the main comment
+ [e50cec10acd6]
+
+1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ remove missed ref to PAM_nullpw
+ [a43e59692cdb]
+
+ * auth/sudo_auth.h:
+ pasto
+ [891ff138ab89]
+
+ * auth/kerb5.c:
+ more or less complete now--still untested
+ [21036732faa0]
+
+ * auth/afs.c, auth/pam.c:
+ don't use user_name macro, it will go away
+ [def7cf727349]
+
+ * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
+ combine skey/opie code into rfc1938.c
+ [44d88ca93d3e]
+
+ * auth/dce.c, auth/sudo_auth.h:
+ DCE authentication method; basically unchanged from dce_pwent.c
+ [4d468473dd6f]
+
+ * auth/aix_auth.c, auth/sudo_auth.h:
+ AIX authenticate() support. Could probably be much better
+ [000013321a33]
+
+ * auth/sia.c:
+ Fix an uninitialized variable and some cleanup. Now works (tested)
+ [fd6ad88ff055]
+
+ * auth/sia.c, auth/sudo_auth.h:
+ SIA support for digital unix
+ [5335f3e70eab]
+
+ * auth/pam.c:
+ don't use prompt global, it will go away
+ [fadd22dd6ce4]
+
+ * auth/secureware.c:
+ correct copyright years
+ [6aa07c49f51b]
+
+ * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
+ auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
+ auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
+ New authentication API and methods
+ [9debe9b59c79]
+
+1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.tab.c:
+ regen
+ [84578e82c1a6]
+
+ * parse.yacc:
+ only save an entry if user_matches && host_matches, even if the
+ stack is empty (fix for previous commit)
+ [00984b078d8a]
+
+ * sudo.tab.c:
+ regen
+ [66acf160b4b7]
+
+ * parse.yacc:
+ 1) Always save an entry on the stack if it is empty. This fixes the
+ -l and -v flags that were broken by earlier parser changes.
+
+ 2) In a Runas list, don't negate FALSE -> TRUE since that would make
+ !foo match any time the user specified a runas user (via -u) other
+ than foo.
+ [f322eb54b015]
+
+ * testsudoers.c:
+ interfaces and num_interfaces are now auto, not extern
+ [113add5c6518]
+
+1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth.c:
+ use a static global to keep stae about empty passwords
+ [bc02e30807d8]
+
+ * check_sia.c:
+ make PASSWORD_NOT_CORRECT logging consistent with other modules
+ [21962549d5fd]
+
+1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth.c:
+ PAM prompt code was wrong, looks like we have to kludge it after
+ all.
+ [91f246155ead]
+
+ * auth.c:
+ In the PAM code, when a user hits return at the first password
+ prompt, exit without a warning just like the normal auth code
+ [918f59bacdb7]
+
+ * configure, configure.in:
+ kludge around cross-compiler false positives
+ [5e5fc8356400]
+
+ * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
+ New (correct) PAM code Tgetpass now takes an echo flag for use with
+ PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
+ useless umask setting Change error from BAD_ALLOCATION ->
+ BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
+ for consistency
+ [e71397f09dd8]
+
+ * sudo.c:
+ Some -Wall and kill some trailing spaces
+ [8229b43d5c4e]
+
+ * configure.in:
+ define -D__EXTENSIONS__ for solaris so we get crypt() proto
+ [7533e4436cab]
+
+1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ add Dynix 4.4.4
+ [b69f773efbce]
+
+ * INSTALL, config.h.in, configure, configure.in:
+ for kerberos V < version, fall back on old kerb4 auth code
+ [d685ed3a1d8e]
+
+ * INSTALL:
+ clarify some things
+ [2f5ba2e8e53a]
+
+ * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
+ typos
+ [8925a109c093]
+
+1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ mention why DONT_LEAK_PATH_INFO is not the default
+ [0346260cb4ec]
+
+1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ Fix open(2) return value checking, was NULL for fopen, should be -1
+ for open
+ [355878bf6d8a]
+
+ * configure:
+ regen
+ [68bf82871862]
+
+ * configure.in:
+ better wording for solaris pam notice
+ [04e88c7a6c42]
+
+ * CHANGES:
+ document recent changes
+ [7c922c5622ef]
+
+ * TROUBLESHOOTING:
+ Update shadow password section
+ [e8448bae7d66]
+
+ * auth.c:
+ move authentication code from check.c to auth.c
+ [e9f6ecae2399]
+
+ * Makefile.in, check.c, sudo.h:
+ move authentication code to auth.c
+ [124cded85f46]
+
+1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
+ sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ visudo.c:
+ Move interface-related defines to interfaces.h so we don't have to
+ include <netinet/in.h> everywhere.
+ [e7599d8ea0bf]
+
+1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
+ parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
+ o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
+ turns out the old DES crypt does the right thing with passwords
+ longert than 8 characters. o Fix common typo (necesary -> necessary)
+ o Update TODO list
+ [ad75007a6f13]
+
+1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ set $LOGNAME when we set $USER
+ [391596210fd7]
+
+1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ add comment about digital unix and interfaces.c warning with gcc
+ [e20f815901cc]
+
+1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ use modern paths and give examples for some of the new parser
+ features
+ [e7b2e507c695]
+
+1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ fix comment
+ [5eb0d005a65f]
+
+ * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
+ getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
+ parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ Function names should be flush with the start of the line so they
+ can be found trivially in an editor and with grep
+ [3c400abde574]
+
+ * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
+ free(3) is already void, no need to cast it
+ [6981e1ebda0f]
+
+ * logging.c, sudo.c, sudo.h:
+ catch case where cmnd_safe is not set (this should not be possible)
+ [3e1e3038546c]
+
+ * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+ testsudoers.c, visudo.c:
+ Stash the "safe" path (ie: the one listed in sudoers) to the command
+ instead of stashing the struct stat. Should be safer.
+ [aa2883fcf57e]
+
+1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, UPGRADE:
+ notes on updating from an earlier release
+ [df9fffa4ab2c]
+
+ * CHANGES:
+ updated
+ [574f5065d15a]
+
+1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
+ sudoers.man, sudoers.pod:
+ You can now specifiy a host list instead of just a host or alias.
+ Ie: user = host1,host2,ALIAS,!host3 my_command now works.
+ [e3942bb78021]
+
+ * testsudoers.c:
+ Quiet -Wall
+ [a3edc8b08c3a]
+
+ * parse.yacc, sudo.tab.c:
+ Move the push from the beginning of cmndspec to the end. This means
+ we no longer have to do a push at the end of privilege, just reset
+ some values.
+ [8ea66e5860c6]
+
+ * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+ runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
+ use "!" most everywhere
+ [aadae4d1c9d5]
+
+1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ modernize paths and update su example based on sample.sudoers one
+ [3f6a37e16c83]
+
+ * sample.sudoers:
+ New runas semantics
+ [756ee92865b7]
+
+ * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
+ strdup.c, sudo.h:
+ In estrdup(), do the malloc ourselves so we don't need to rely on
+ the system strdup(3) which may or may not exist. There is now no
+ need to provide strdup() for those w/o it. Also, the prototype for
+ estrdup() was wrong, it returns char * and its param is const.
+ [5f1f984da8e3]
+
+ * getcwd.c:
+ $Sudo tag
+ [e4188a35e68c]
+
+ * check.c:
+ buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
+ [2aec87c86cde]
+
+ * CHANGES, TODO, parse.yacc, sudo.tab.c:
+ It is now possible to use the '!' operator in a runas list as well
+ as in a Cmnd_Alias, Host_Alias and User_Alias.
+ [a4fdaabda990]
+
+ * logging.c, sudo.h:
+ Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
+ [73d0376785ae]
+
+ * sudo.h:
+ Definitions of *_matched were wrong--user top, not top-2 as
+ subscript.
+ [5f8350a57362]
+
+ * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+ Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
+ command but the NOPASSWD flag was set. Make runasspec, runaslist,
+ runasuser, and nopasswd typeless in parse.yacc Add support for '!'
+ in the runas list Fix double printing of '%' and '+' for groups and
+ netgroups respectively Add *_matched macros (no need for local stack
+ variable). Should only be used directly after a pop (since top must
+ be >= 2).
+ [392b1400c4e6]
+
+ * aclocal.m4, configure.in:
+ Add copyright, somewhat silly
+ [55c2cdd82dca]
+
+1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
+ compat.h, config.h.in, configure, configure.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
+ sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
+ visudo.man:
+ Crank version to 1.6 and combine copyright statements
+ [0e1c791658ae]
+
+ * sample.sudoers:
+ Use ! not ^ to do negation
+ [1480a0761730]
+
+ * lex.yy.c, sudo.tab.c:
+ regen
+ [89ca5a46684b]
+
+ * parse.lex, parse.yacc:
+ Make runas and NOPASSWD tags persistent across entris in a command
+ list. Add a PASSWD tag to reverse NOPASSWD. When you override a
+ runas or *PASSWD tag the value given becomes the new default for the
+ rest of the command list.
+ [f1bbb4066542]
+
+1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON:
+ update for 1.5.9
+ [a1ae9d4a7d54] [SUDO_1_5_9]
+
+ * visudo.c:
+ Shift return value of system(3) by 8 to get real exit value and if
+ it is not 1 or 0 print the retval along with the error message.
+ [c1ff50d743fb]
+
+1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ testsudoers needs LIBOBJS too
+ [972571b4e4bf]
+
+ * parse.c, parse.yacc, sudo.tab.c:
+ Fix another parser bug. For a sudoers entry like this: millert
+ ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
+ as root.
+ [51968e1eb33d]
+
+ * CHANGES:
+ new change
+ [271c6110bb62]
+
+ * parse.yacc, sudo.tab.c:
+ Save entries that match a ! command on the matching stack too
+ [5afb5107116c]
+
+ * sudo.c:
+ Make sudo's usage info better when mutually exclusive args are given
+ and don't rely on argument order to detect this; nick@zeta.org.au
+ [2422753c88fd]
+
+1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, Makefile.in, RUNSON:
+ updates from CU
+ [b37381e3dafb]
+
+ * Makefile.in:
+ use gzip
+ [94a64e52a166]
+
+ * parse.yacc, sudo.tab.c:
+ Fix off by one error introduced in *alloc changes
+ [95ede581153a]
+
+ * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
+ check_sia.c, compat.h, config.h.in, configure, configure.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
+ sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
+ sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+ ++version
+ [c6d88f024e37]
+
+ * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
+ interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+ putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
+ sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
+ Use emalloc/erealloc/estrdup
+ [44221d97361a]
+
+ * alloc.c:
+ error checking memory allocation routines
+ [5f8c1e7bbc71]
+
+ * parse.yacc, sudo.tab.c:
+ Still not right, this fixes it for real
+ [ad553b6f5339]
+
+ * parse.yacc, sudo.tab.c:
+ Fix for previous commit
+ [4d6f989f9bf2]
+
+ * CHANGES, INSTALL, parse.yacc:
+ Fix a parser bug that was exposed when mixing different runas specs
+ and ! commands. For example: millert ALL=(daemon)
+ /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
+ as well as daemon when it should just allow daemon. The problem was
+ that comma-separated commands in a list shared the same entry on the
+ matching stack. Now they get their own entry iff there is a full
+ match. It may be better to just make the runas spec persistent
+ across all commands in a list like the user and host entries of the
+ matching stack. However, since that is a fairly major change it
+ should gets its own minor rev increase.
+ [c4b939cdcc8e]
+
+1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, config.h.in:
+ Simplify PAM code and fix a PAM-related warning on Linux
+ [2468399523b6]
+
+1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updates
+ [29d4a997769c]
+
+ * sample.sudoers:
+ better su entry
+ [76d8285a72ba]
+
+ * configure:
+ regen
+ [b7450cc6975d]
+
+ * check.c, configure.in:
+ new pam code that works on solaris, should work on linux too;
+ aelberg@home.com
+ [84c16c0ff259]
+
+1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ more entries
+ [b6bef8660759]
+
+ * config.h.in:
+ only include strings.h if there is no string.h
+ [b66054a32b00]
+
+1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess:
+ Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
+ [c086d2fe63af]
+
+1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ shost must be set before log functions are called #ifdef HOST_IN_LOG
+ [d49a7944358f]
+
+1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, lex.yy.c, parse.lex:
+ Fix a bug wrt quoting characters in command args. Stop processing an
+ arg when you hit a backslash so the quoted-character detection can
+ catch it.
+ [2281438d7f41]
+
+1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
+ [31118a9e9916]
+
+1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ add missing case statement so --without-sendmail works
+ [ca25614f7dd9]
+
+1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ more
+ [4d70e44f7f93]
+
+1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ only search for -lsun in irix <= 4.x
+ [e604238317b1]
+
+ * configure, configure.in:
+ back out last configure.in change now that I've hacked autoconf to
+ fix the real problem and add a missing newline
+ [2dabf59a79b5]
+
+ * CHANGES:
+ updated
+ [bb35d526552f]
+
+ * getcwd.c:
+ add def of dirfd() for those without it
+ [95f0173d8441]
+
+ * configure, configure.in:
+ When falling back to checking for socket() when linking with
+ "-lsocket -lnsl" check for main() instead since autoconf has already
+ cached the results of checking for socket() in -lsocket. This is
+ really an autoconf bug as it should use the extra libs as part of
+ the cache variable name.
+ [a845f8b710ad]
+
+ * configure.in:
+ typo
+ [a7d62f62a478]
+
+1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix occurrence of $with_timeout that should be
+ $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
+ bochum.de
+ [8c4da2cf73d1]
+
+1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.cat, sudo.html, sudo.man, sudo.pod:
+ fix grammar; espie@openbsd.org
+ [7031d9dfbc3e] [SUDO_1_5_8]
+
+1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.c, testsudoers.c:
+ add cast for strdup in places it does not have it
+ [7ce4478d3b0f]
+
+1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ define for_BSD_TYPES irix
+ [858337ff4af8]
+
+1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
+ Make it clear that it is the user's password, not root's, that we
+ want.
+ [ae0f51b35ee4]
+
+ * check.c, sudo.h:
+ If the user enters an empty password and really has no password,
+ accept the empty password they entered. Perviously, they could enter
+ anything
+ *but* an empty password. Also, add GETPASS macro that calls either
+ tgetpass() or getpass() depending on how sudo was configured.
+ Problem noted by jdg@maths.qmw.ac.uk
+ [2fde21ce94c1]
+
+1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ add explicate copyright
+ [d3b4449834a5]
+
+ * CHANGES:
+ mention -lsocket, -lnsl configure changes
+ [9140af4ad8ae]
+
+1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't clobber errno after calling check_sudoers().
+ [59bd581b2654]
+
+1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ When linking with both -lsocket and -lnsl be sure to do so in that
+ order. Also, when we can't find socket() or inet_addr() and have to
+ try linking with both libs, issue a warning.
+ [0ee547163067]
+
+ * sudo.cat, sudo.man, sudo.pod:
+ clarify bad timestamp and fmt
+ [70e42cf56c75]
+
+1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, RUNSON:
+ be clear that pam is linux-only and add a RUNSON entry
+ [7fdeab875e0d]
+
+1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, INSTALL, configure, configure.in:
+ fix and correctly document --with-umask; problem noted by
+ adap@adap.org
+ [11cd0481d63a]
+
+1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ only use /usr/{man,catman}/local to store man pages if suer didn't
+ override prefix or mandir
+ [781ad2cbe9be]
+
+ * INSTALL, configure, configure.in:
+ fix typo, make --with-SecurID take an arg
+ [026a9b4014fc]
+
+1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updates from users
+ [2286982b31e6]
+
+ * CHANGES, INSTALL, check.c, configure, configure.in:
+ FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+ [23aa4e5c6b02]
+
+ * configure, configure.in:
+ better fix for the problem of unresolved symbols in -lnsl or
+ -lsocket
+ [82fe70fc287f]
+
+ * configure, configure.in:
+ when checking for functions in -lnsl and -lsocket link with both of
+ them to avoid unresolved symbols on some weirdo systems
+ [1734a591808e]
+
+1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, CHANGES, RUNSON, TODO:
+ old changes that didn't make it into RCS before the RCS->CVS switch
+ [846eb2b8f9aa]
+
+1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
+ getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
+ lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
+ sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
+ visudo.pod:
+ add sudo tags
+ [962f81eaa5ab]
+
+ * sudo.h:
+ testing Sudo tag
+ [e84cbc521129]
+
+ * version.h:
+ testing Sudo tag
+ [a8c3a3998b88]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
+ config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
+ logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
+ sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c, visudo.cat, visudo.man:
+ crank version and regen files
+ [23eacf00a1a4]
+
+ * Makefile.in:
+ kill rcs goop in update_version and fix now that version is a const
+ [e6e50bd8d1e1]
+
+ * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
+ sudo.c, sudo.h, sudo.pod:
+ kerb5 support from fcusack@iconnet.net
+ [8134027986e2]
+
+ * realpath.c, sudo_realpath.c:
+ we no longer use realpath
+ [0f5f64abc646]
+
+ * qualify.c:
+ replaced by find_path.c
+ [9e32a87e09c4]
+
+ * options.h:
+ all options are now configure flags
+ [ee6bd9610102]
+
+ * lex.yy.c:
+ regen
+ [bdbf8a18161f]
+
+ * getwd.c:
+ superceded by getcwd.c
+ [1e54ee0990b4]
+
+ * getpass.c:
+ superceded by tgetpass.c
+ [4e0d1edc30e3]
+
+ * SUPPORTED:
+ superceded by RUNSON
+ [854c5a21cb53]
+
+ * OPTIONS:
+ No longer used now that we have configure options for everything.
+ [9b1ae1c89259]
+
+ * configure:
+ regen based on configure.in
+ [3a4d73936973]
+
+ * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
+ sudoers.man, visudo.cat, visudo.html, visudo.man:
+ regen based on sudo.pod, sudoers.pod, and visudo.pod
+ [c267beb90778]
+
+1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fix tty tickets in remove_timestamp (didn't use ':')
+ [fd964a74a32b]
+
+1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ close sock when we are done with it
+ [95de0380f8a4]
+
+1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ never say "error on line -1"
+ [361db1491121]
+
+1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ check for -lnsl before -lsocket
+ [8e966d6bbcb5]
+
+ * configure.in:
+ quote '[', ']' used in ranges correctly
+ [fa4f9c6ff651]
+
+1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add missing NO_ROOT_SUDO noted by drno@tsd.edu
+ [c969f25d1667]
+
+1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ 1.5.7
+ [7a22de0bc148]
+
+ * INSTALL:
+ more info for 1.5.7
+ [30ad9e784799]
+
+ * README:
+ update for 1.5.7
+ [cd03a0a27cd2]
+
+ * parse.yacc:
+ make increases of cm_list_size and ga_list_size be similar to
+ increases of stacksize (ie: >= not > in initial compare).
+ [6bd450a896c7]
+
+ * parse.yacc:
+ when we get a syntax error, report it for the previous line since
+ that's generally where the error occurred.
+ [c4ac84058f0b]
+
+1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in, interfaces.c:
+ add back check for sys/sockio.h but only use it if SIOCGIFCONF is
+ not defined
+ [d197f31fd1e4] [SUDO_1_5_7]
+
+ * config.h.in:
+ define BSD_COMP for svr4
+ [87ac1147ff79]
+
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ more -Wall
+ [d98e2d32db2a]
+
+ * configure.in:
+ kill check for sockio,h
+ [4399779014c1]
+
+ * config.h.in:
+ no more HAVE_SYS_SOCKIO_H
+ [67484528e347]
+
+ * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+ goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+ parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ -Wall
+ [2b7e83976788]
+
+1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ add missing inform_user()
+ [8689528c6d55]
+
+1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ return NOT_FOUND if given fully qualified path and it does not exist
+ previously it would perror(ENOENT) which bypasses the option to not
+ leak path info
+ [ccbc3d0130ae]
+
+ * configure.in:
+ for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
+ -ldes
+ [c77d3b484ece]
+
+1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ tty tickets are user:tty now
+ [a53a303a614d]
+
+ * check.c:
+ when using tty tickets make it user:tty not user.tty as a username
+ could have a '.' in it
+ [3160b3f5c890]
+
+1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ add "ignoring foo found in ." for auth successful case
+ [24257169e0bd]
+
+1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ add missing printf param
+ [8c905124f777]
+
+1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
+ go back to printing "command not found" unless --disable-path-info
+ specified. Also, tell user when we ignore '.' in their path and it
+ would have been used but for --with-ignore-dot.
+ [066e118c11e4]
+
+ * check.c, sudo.c:
+ Only one space after a colon, not two, in printf's
+ [38452f4c8007]
+
+1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ document setting $USER
+ [80557fe6aede]
+
+ * check.c:
+ fix bugs with prompt expansion
+ [44c4fca5f009]
+
+ * sudo.c:
+ set $USER for root too
+ [4b525e1c6269]
+
+1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getspwuid.c:
+ typo
+ [5107446f43e0]
+
+ * configure.in:
+ HP-UX's iscomsec is in -lsec, not libc
+ [03c9f700b795]
+
+ * configure.in:
+ remove some entries in the OS case statement that did nothing
+ [ea96e7e0f624]
+
+ * TROUBLESHOOTING:
+ add "cd" section and flush out syslog section
+ [5107f7363b78]
+
+ * Makefile.in:
+ no more sudo-lex.yy.c
+ [ed50826efbbc]
+
+ * check_sia.c:
+ add custom prompt support
+ [6a285cea10b7]
+
+ * testsudoers.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [eee31052921e]
+
+ * sudo.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity set $USER if -u specified
+ [9f3753461f8a]
+
+ * parse.yacc:
+ kill perror("malloc") since we already have a good error messages
+ [849459088ac3]
+
+ * parse.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity when checking if %group matches, look up
+ user in password file so that %groups works in a RunAs spec.
+ [0489b4ecc59a]
+
+ * logging.c:
+ kill perror("malloc") since we already have a good error messages
+ [3191a18b3526]
+
+ * check.c, getspwuid.c, interfaces.c:
+ kill perror("malloc") since we already have a good error messages
+ pw_ent -> pw for brevity
+ [7193fdb38cf9]
+
+1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ the prompt is expanded before tgetpass is called
+ [0f408f508041]
+
+ * sudo.h:
+ tgetpass now has the same args as getpass again
+ [b6778cd9d79f]
+
+ * getspwuid.c:
+ add iscomsec, issecure support
+ [007be7ec7ae7]
+
+ * check.c:
+ we now expand any %h or %u in the prompt before passing to tgetpass
+ [f3db8c9ee387]
+
+ * configure.in:
+ add check for syslog(3) in -lsocket, -lnsl, -linet
+ [5a96f902ce00]
+
+ * config.h.in:
+ add HAVE_ISCOMSEC and HAVE_ISSECURE
+ [f640b0d4cf05]
+
+ * configure.in:
+ add check for iscomsec in HP-UX
+ [b28b249040f0]
+
+ * configure.in:
+ check for issecure if we have getpwanam on SunOS some options are
+ incompatible with DUNIX SIA check for dispcrypt on DUNIX
+ [a49d05d9c913]
+
+1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add HAVE_DISPCRYPT
+ [7376d543d8d6]
+
+ * secureware.c:
+ add back support for non-dispcrypt based checking for older DUNIX
+ [977b98e936be]
+
+ * INSTALL:
+ sia changes
+ [c5387c06e30f]
+
+ * configure.in:
+ SIA becomes the default on Digital UNIX now havbe --disable-sia to
+ turn it off...
+ [3b647558ea13]
+
+ * check.c:
+ move local includes after system ones
+ [b2abad4c4aef]
+
+1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, check_sia.c, sudo.h:
+ add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
+ stderr
+ [547cbf299661]
+
+ * check_sia.c:
+ fix while loop in sia_attempt_auth() that checks the password. Only
+ the first iteration was working.
+ [1886fd1ac831]
+
+1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ don't trust UID_MAX or MAXUID
+ [2aeddb1654d8]
+
+ * configure.in:
+ fix two pastos
+ [c18f0a10b75d]
+
+ * configure.in:
+ fix typo
+ [1eb3190ef12d]
+
+ * getspwuid.c, secureware.c:
+ init crypt_type to INT_MAX since it is legal to be negative in DUNX
+ 5.0
+ [cefbde04822d]
+
+ * configure.in:
+ for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
+ -ldb since DUNX < 4.0 lacks it
+ [e6b11d971068]
+
+1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
+ secureware.c, sudo.c, tgetpass.c:
+ getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
+ minutes if the shadow files don't exist).
+ [2f297d095004]
+
+1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ updated --with-editor blurb
+ [77d8a3ea7328]
+
+ * TROUBLESHOOTING:
+ tell how to put sudoers in a different dir
+ [456cd20eb1d0]
+
+ * configure.in:
+ add missing quotes around $with_editor
+ [22881748ab1b]
+
+ * configure.in:
+ typo in --with-editor bits
+ [ab6964580681]
+
+ * INSTALL:
+ I don't expect it to work on Solaris
+ [1c2fceaaf56e]
+
+ * check.c:
+ add back security/pam_misc.h
+ [6ffd30033c1e]
+
+1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ remove dunix note since configure checks for this now
+ [e9904512b8e8]
+
+ * configure.in:
+ add check for broken dunix prot.h (4.0 < 4.0D is bad)
+ [8a4c1e6aef3b]
+
+ * getspwuid.c, secureware.c, tgetpass.c:
+ new dunix shadow code, use dispcrypt(3)
+ [1b936bc7268c]
+
+ * config.h.in:
+ add HAVE_INITPRIVS
+ [4369f4c4f914]
+
+ * sudo.c:
+ call initprivs() if we have it for getprpwuid later on
+ [11cf5915d826]
+
+ * Makefile.in:
+ clean pathnames.h too
+ [5f1df3262613]
+
+ * configure.in:
+ quote "Sorry, try again." with [] since it has a comma in it set
+ LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
+ getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
+ initprivs later.
+ [e226b0a3f250]
+
+ * INSTALL:
+ update Digital UNIX note about acl.h
+ [80132b71d73a]
+
+ * INSTALL:
+ add --with-sia
+ --without-root-sudo -> --disable-root-sudo some reordering
+ [198386358818]
+
+ * secureware.c:
+ add whitespace
+ [4aadaf1a54b0]
+
+ * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
+ add SIA support
+ [fa3ddbb9cc51]
+
+ * check_sia.c:
+ Initial revision
+ [2968551d40e4]
+
+1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ when checking for -lsocket, -lnsl, and -linet, check for the
+ specific functions we need from them.
+ [8d33e64362a3]
+
+ * config.h.in, sudo.h:
+ move Syslog_* defs into sudo.h
+ [03d1774f25c7]
+
+ * Makefile.in, sudo.h:
+ added check_secureware
+ [e46e3cbb9a97]
+
+ * configure.in:
+ finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
+ [dbefe1856503]
+
+ * insults.h:
+ don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
+ defined. configure now does that for us
+ [e4520ea0581f]
+
+ * configure.in:
+ move some --with options around change a bunch of echo's to
+ AC_MSG_CHECKING, AC_MSG_RESULT pairs
+ [ffdf6869fdd7]
+
+ * configure.in:
+ change $with_foo-bar -> $with_foo_bar kill extra " that caused a
+ syntax error add some echo verbage
+ [3278c49bf74b]
+
+1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ moved SecureWare stuff into secureware.c
+ [42d3d3ac35dc]
+
+ * secureware.c:
+ Initial revision
+ [aa7f72a249cf]
+
+ * INSTALL:
+ update url to solaris gcc bins
+ [36a3eb668777]
+
+ * INSTALL:
+ change option formatter and flesh out someentries
+ [6fbd1db4a8ad]
+
+ * TROUBLESHOOTING, sudo.pod, visudo.pod:
+ environmental variable -> environment variable
+ [6f14d708e32d]
+
+ * BUGS:
+ everything is now done via configure
+ [c217858f58ab]
+
+ * README:
+ prev rev was 1.5.6
+ [7b4177103c35]
+
+ * Makefile.in:
+ passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
+ [31c6b0a5e0e2]
+
+ * config.h.in:
+ SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
+ [d406a1ef6d25]
+
+ * Makefile.in:
+ merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
+ sudoers_mode from configure
+ [1c509500655a]
+
+ * configure.in:
+ SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
+ the Makefile, not config.h
+ [d4482f1492fe]
+
+ * INSTALL:
+ document all --with/--enable options
+ [22d81b312d7f]
+
+1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * insults.h:
+ options.h is no more
+ [560946a33f7f]
+
+ * config.h.in:
+ assimilated options.h
+ [dd8ce74613c1]
+
+ * configure.in:
+ moved options from options.h to configure
+ [d39662f71b4e]
+
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
+ sudo_setenv.c, visudo.c:
+ no more options.h
+ [43924bf0858d]
+
+ * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
+ remove references to options.h
+ [ef3474295395]
+
+ * dce_pwent.c, interfaces.c, sudo.c:
+ kill sys/time.h
+ [4d833f0034e4]
+
+ * tgetpass.c:
+ if select return < -1 still prompt for pw
+ [e0009e5c93a2]
+
+ * options.h:
+ convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
+ configure options
+ [e60a1e546516]
+
+ * parse.c:
+ FAST_MATCH is no longer an optino
+ [c448dbb3464b]
+
+ * check.c:
+ remove_timestamp() if timestamp is preposterous
+ [70d9a86c6ecd]
+
+ * options.h:
+ convert more options to --with/--enable
+ [34646d9b09dc]
+
+ * INSTALL, aclocal.m4:
+ logfile -> logpath
+ [42de502bc637]
+
+ * configure.in:
+ convert more options into --with and --enable
+ [92d0898c9844]
+
+ * tgetpass.c:
+ catch EINTR in select and restart
+ [f045d2f234d7]
+
+ * logging.c:
+ sys/errno -> errno
+ [7f0c5beab6f2]
+
+1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ UMASK -> SUDO_UMASK.
+ [48f308661514]
+
+ * check.c, logging.c:
+ time.h, not sys/time.h
+ [91de049c79e4]
+
+1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ MAILER -> _PATH_SENDMAIL
+ [df65d6896639]
+
+ * INSTALL, configure.in:
+ no more --with-C2, now it is --disable-shadow
+ [18bfcab3b9ab]
+
+ * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
+ getspwuid.c, sudo.c, tgetpass.c:
+ new shadow password scheme. Always include shadow support if the
+ platform supports it and the user did not disable it via configure
+ [2135d93bb4a9]
+
+1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ --with-getpass -> --{enable,disable}-tgetpass
+ [451b33fdd4c7]
+
+ * Makefile.in:
+ pathnames.h -> pathnames.h.in
+ [b109022eca69]
+
+ * check.c:
+ fix version string
+ [761b25c314ea]
+
+ * check.c:
+ move pam_conv to be static to auth function remove pam_misc.h
+ (solaris doesn't have one)
+ [a682e4da987a]
+
+ * aclocal.m4:
+ _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
+ [e6005d0599b5]
+
+ * configure.in:
+ munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
+ [24c0ac2155ef]
+
+ * pathnames.h.in:
+ convert to pathnames.h.in
+ [013bddf7f684]
+
+1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix typo in sysv4 matching case /.
+ [2994c4f88cf5]
+
+1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ pam stuff needs to run as root, not user, for shadow passwords
+ [d94ff75de503]
+
+1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, README, configure.in:
+ updated version
+ [775adc7de7ac]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5ca599fb6b93]
+
+ * check.c:
+ user version.h for long message
+ [47a52ac7e542]
+
+ * check.c:
+ this is version 1.5.6
+ [8451ac79eee2]
+
+1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ remove errant backslash
+ [0222a8a650ff]
+
+1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * options.h, parse.yacc, pathnames.h.in:
+ fix version string
+ [fdee73255d64] [SUDO_1_5_6]
+
+ * BUGS, CHANGES, TODO:
+ updtaed for 1.5.6
+ [752443bf7f26]
+
+ * RUNSON:
+ updated for 1.5.6
+ [0f878123fe6a]
+
+1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ kill unused localhost_mask var copy if name to ifr_tmp after we zero
+ it
+ [8e89c364cef2]
+
+1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Better description of new vs. old sudoers modes fix some typos
+ better description of /usr/ucb/cc gotchas on slowaris
+ [c00b2a6fc1e8]
+
+ * Makefile.in:
+ add sample.pam
+ [ec7f6cc19b00]
+
+ * sudo.c:
+ set NewArgv[0] to user_shell, not basename(user_shell)
+ [1e907cbc9f7b]
+
+1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ mention TROUBLESHOOTING more fix some typos
+ [2c2e6907d4a4]
+
+ * configure.in:
+ move --enable/--disable to be after --with
+ [9b30097f76c1]
+
+ * INSTALL:
+ document --enable/--disable
+ [c522362e38a8]
+
+ * INSTALL:
+ document --with-pam
+ [7e38932c78ac]
+
+1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Add message for pam users
+ [d224f277e3cd]
+
+ * sample.pam:
+ Initial revision
+ [3a84d7045f54]
+
+ * config.h.in:
+ fix HAVE_PAM
+ [2f0f303ebd88]
+
+ * check.c, config.h.in, configure.in:
+ pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
+ [ea3e0a72d707]
+
+1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ add HOST_IN_LOG and WRAP_LOG
+ [822c36eeb6a8]
+
+ * logging.c:
+ add WRAP_LOG and HOST_IN_LOG
+ [3cf6052bd27e]
+
+ * configure.in:
+ add --enable-log-host and --enable-log-wrap
+ [c968cc12b353]
+
+ * aclocal.m4:
+ use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
+ [915fef7e11a1]
+
+1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ add howmany macro
+ [9107a057a7c8]
+
+ * tgetpass.c:
+ include sys/param.h to get howmany macro
+ [7e908b5e1f32]
+
+1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+ add RUNAS_DEFAULT
+ [1e76398ea3fd]
+
+1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ bring in stdio.h for NULL
+ [69c016610cbb]
+
+ * aclocal.m4:
+ allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
+ [15ab2972f8d0]
+
+ * sudo.c:
+ use HAVE_SET_AUTH_PARAMETERS
+ [8abfdc8c80f7]
+
+ * config.h.in:
+ add HAVE_SET_AUTH_PARAMETERS
+ [673a5ebd5539]
+
+ * configure.in:
+ add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
+ [a401f5a7469a]
+
+ * config.sub:
+ add support for HI-UX/MPP SR220001 02-03 0 SR2201
+ [cb657b7acaae]
+
+ * interfaces.c:
+ initialize previfname
+ [26a1902f56dc]
+
+ * interfaces.c:
+ Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
+ it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
+ kludging it
+ [fa5c890c313b]
+
+ * configure.in:
+ typo
+ [bff579fbe95c]
+
+ * Makefile.in:
+ don't need special build line for sudo.tab.o
+ [10c0a0a912e4]
+
+ * Makefile.in:
+ don't clean sudo.tab.[ch]
+ [c40d5968efbb]
+
+ * sudo.c:
+ Sudo should prompt for a password before telling the user that a
+ command could not be found.
+ [d718c85a0047]
+
+ * BUGS:
+ for 1.5.6
+ [0cc1fe5b9129]
+
+ * INSTALL, README:
+ no longer require yacc
+ [d9096fc5b8b6]
+
+ * Makefile.in:
+ typo
+ [70feb1aefbd5]
+
+ * Makefile.in:
+ y.tab -> sudo.tab include pre-yacc'd parse.yacc
+ [cc802025fd44]
+
+ * parse.lex:
+ include sudo.tab.h, not y.tab.h don't break out of command args if
+ you get a '='
+ [728ad26dbda5]
+
+ * insults.h:
+ fix version ,
+ [242bbce1b2d4]
+
+ * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+ fix version
+ [2bb9086fea1e]
+
+ * compat.h:
+ fix version
+ [7e634d498ce6]
+
+ * getcwd.c:
+ getcwd(3) from OpenBSD for those without it.
+ [6c68d0df8f6c]
+
+ * sudo.h:
+ HAVE_GETWD -> HAVE_GETCWD
+ [2ad1e64d60c0]
+
+ * configure.in:
+ pretend sunos doesn't have getcwd(3) since it opens a pipe to
+ getpwd!
+ [677992ba5a6a]
+
+ * parse.c:
+ use NAMLEN() macro
+ [8f5685aa3165]
+
+ * fnmatch.c:
+ remove duplicate include of string.h
+ [6024f3051ac3]
+
+ * configure.in:
+ call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [3d82a9c22cc2]
+
+ * aclocal.m4:
+ add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+ [53fbc47282f9]
+
+ * config.h.in:
+ add dev_t and ino_t
+ [5929bb0c7e1a]
+
+1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fix OTP_ONLY for opie
+ [7edcfa78f2ec]
+
+1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * testsudoers.c, tgetpass.c:
+ include stdlib.h for malloc proto
+ [c9f4b99a2fe9]
+
+1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ make update_version saner
+ [d522f93ee04a]
+
+ * config.h.in:
+ add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
+ [c9a2d21dc608]
+
+ * configure.in:
+ check for waitpid and wait3 or no waitpid
+ [1f18c3224184]
+
+ * logging.c:
+ used waitpid or wait3 if we have 'em
+ [391c3279ee65]
+
+1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
+ [fbf53b18178f]
+
+1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ don't need to explicately mention -lsocket -lnsl for sequent
+ [1898dc055352]
+
+1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ dynix should not link with -linet
+ [278a4b9cfe2a]
+
+1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention that HP-UX doesn't ship with yacc
+ [bde5147198c0]
+
+1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ ignore kerberos if we can't get the local realm
+ [1e311a091a27]
+
+1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, README, configure.in:
+ ++version
+ [499ffc746018]
+
+ * version.h:
+ ++
+ [35ba1ee01bd3]
+
+ * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
+ find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [b4990a513f31]
+
+ * check.c, sudo.h:
+ fix version
+ [5710795834e8]
+
+ * getcwd.c:
+ don't use popen/pclose. Do it inline.
+ [29e57b0646a4]
+
+ * lsearch.c:
+ add rcsid
+ [b2b55c39858d]
+
+ * sudo.c:
+ typo
+ [d381ac39ed0f]
+
+ * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
+ sudo.h:
+ updated version
+ [462d6e1a2d75]
+
+ * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
+ MAX* + 1 -> MAX*
+ [2c2eeb78d34f]
+
+ * Makefile.in:
+ getwd.c -> getcwd.c
+ [7d718c32fc02]
+
+ * config.h.in:
+ kill HAVE_GETWD
+ [6ad3d702343f]
+
+ * configure.in:
+ getcwd, not getwd
+ [33e5b9841f58]
+
+ * getcwd.c:
+ use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
+ purpose
+ [24e58d340161]
+
+1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h:
+ add STUB_LOAD_INTERFACES
+ [d747cb23ca83]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [0798229312cc]
+
+ * configure.in:
+ support *-ccur-sysv4 and fix two typos
+ [24a823ad7cc9]
+
+1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ don't echo about with_logfile and with_timedir
+ [31e4a1e2d9ad]
+
+ * INSTALL:
+ document --with-logfile and --with-timedir
+ [674f811a40e0]
+
+ * aclocal.m4:
+ support --with-logfile and --with-timedir
+ [2fc36b35db12]
+
+ * configure.in:
+ Add --with-logfile and --with-timedir
+ [09045bf07e29]
+
+ * sudo.c:
+ change size computation of NewArgv for UNICOS
+ [b50df07da3a1]
+
+1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ treate -*-sysv4* like *-*-svr4
+ [471b7ef4dbf2]
+
+1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix spacing for --with-authenticate help
+ [8321cb37c410]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [dc1ab97312eb]
+
+ * parse.yacc:
+ fix off by one error in push macro
+ [bece59c8c3a9]
+
+1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ removed bogus alloca hack
+ [a68dd720462d]
+
+ * check.c:
+ added AIX 4.x authenticate() support
+ [12985eb448a0]
+
+ * parse.yacc:
+ include alloca.h if using bison and not gcc and it exists. fixes an
+ alloca problem on hpux 10.x
+ [e3b5c4f26072]
+
+ * INSTALL:
+ mention --with-authenticate
+ [78a1c96820e7]
+
+ * configure.in:
+ added AIX authenticate() support
+ [c983193ec252]
+
+ * config.h.in:
+ add HAVE_AUTHENTICATE
+ [7b0e5f5db5d9]
+
+ * interfaces.c:
+ dynamically size ifconf buffer
+ [10afb0e9b2f9]
+
+ * configure.in:
+ quote '[' and ']'
+ [8fc38a4defad]
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [5f66de71ec61]
+
+ * visudo.pod:
+ add ERRORS section
+ [3df3edb73cf6]
+
+1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ add busy stmp file explanation
+ [6c555d469b6f]
+
+1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ the name of the cached var that signals whether or not you are cross
+ compiling changed. It is now ac_cv_prog_cc_cross
+ [123911c0658c]
+
+1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention glibc 2.07 is fixed wrt lsearch()\.
+ [ded758524582]
+
+1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers, sudoers.pod:
+ better example of su but not root su
+ [b3199610be21]
+
+1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+ emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ updated version
+ [46922b84e86b]
+
+ * Makefile.in:
+ correct regexp for updating version
+ [8032728b2a8a]
+
+ * tgetpass.c:
+ remove bogus flush of stderr spew prompt before turning off echo.
+ Seems to fix a weird problem where if sudo complained about a bogus
+ stamp file the user would sometimes not have a chance to enter a
+ password
+ [7aa1493cc141]
+
+ * check.c:
+ fix bogus flush of stderr
+ [6d047871c5e8]
+
+ * sudo.c:
+ close fd's <=2 not <=3 and move that chunk of code up
+ [553e4faac195]
+
+ * configure.in:
+ support hpux1[0-9] not just hpux10
+ [5a34a000ff8a]
+
+1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ set sudoers_fp to nil after closing
+ [221a8b4bbf34]
+
+1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ updated from autoconf 2.12
+ [6fc86a0fc61b]
+
+ * configure.in:
+ add *-*-svr4 rule
+ [38f0427f7c9d]
+
+1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ fix select usage for high fd's (dynamically allocate readfds)
+ [c2d1f76e0321]
+
+ * check.c:
+ kill extra whitespace
+ [d784b6c9c514]
+
+ * sudo.c:
+ do an initgroups() before running a command, unless the target user
+ is root.
+ [4ca561287480]
+
+1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ tell people to use tabs, not spaces, in syslog.conf
+ [8ae90a205134]
+
+1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
+ parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
+ updated version
+ [4d855ff5de26]
+
+ * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+ logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
+ updated version
+ [8e007e178b33]
+
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
+ updated version
+ [9ddea5c8814d]
+
+ * Makefile.in:
+ more tweaks to update_version
+ [047698752855]
+
+ * Makefile.in:
+ fixed up update_version rule
+ [47b6fa34b77f]
+
+ * configure.in:
+ ++version
+ [c1ca664e30b7]
+
+ * Makefile.in:
+ removed supe of check.c
+ [8f340a05296a]
+
+ * INSTALL:
+ ++version I missed
+ [a298e6c17491]
+
+ * RUNSON:
+ updated
+ [a14f6057bc15]
+
+ * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ updated version
+ [02231b1a3ab3]
+
+ * CHANGES:
+ updated for 1.5.5
+ [634e5fcaf40b]
+
+ * Makefile.in:
+ add rules to update version stuff in files so I don't need to do it
+ by hand
+ [3620ad60485a]
+
+ * sudo.h:
+ sudoers_fp is now extern
+ [88c6e9b9ea84]
+
+ * sudo.c:
+ in check_sudoers, cache the sudoers file handle in sudoers_fp so we
+ don't have to open it again in the parse. This may help with weird
+ solaris problems where EAGAIN sometime occurrs.
+ [d3c26451ed1d]
+
+ * parse.c:
+ sudoers file open is now done only in check_sudoers() so we just do
+ a rewind() instead of an open. May help people on solaris who were
+ getting EAGAIN.
+ [c8b8c7722fa5]
+
+1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention that newer glibc is fixed
+ [20f06f5d3ef3]
+
+1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
+ _RLD* instead of _RLD_*
+ [1e22c588d602]
+
+ * parse.c:
+ typo
+ [d0b7cb85f08a]
+
+ * parse.c:
+ fix that bug for real
+ [5a6eeca6d04b]
+
+ * INSTALL:
+ document Linux's libc6 brokenness.
+ [0246c1aa64ee]
+
+ * parse.yacc:
+ -Wall
+ [d0e452fb1e2d]
+
+ * RUNSON:
+ updated
+ [4949a1bbd0a9] [SUDO_1_5_4]
+
+ * TROUBLESHOOTING:
+ remind people to HUP syslogd
+ [590962faa4f0]
+
+ * Makefile.in:
+ add -O flag to tar
+ [622d02de339d]
+
+ * RUNSON:
+ updated
+ [a72930d6e615]
+
+ * TODO:
+ updated
+ [4a51bd458390]
+
+ * sudo.pod:
+ remove author's email addr. people should mail sudo-bugs
+ [9b6bbdb3a6d9]
+
+ * INSTALL:
+ fix version
+ [246274c6c8af]
+
+ * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
+ find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
+ ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+ logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [f532ff4ee766]
+
+ * RUNSON:
+ updated
+ [62d5c71358b5]
+
+ * INSTALL, Makefile.in:
+ ++version
+ [1a7c7628edfc]
+
+ * CHANGES:
+ updated fort 1.5.4
+ [7e4873508c99]
+
+ * check.c:
+ exit(1) if user enters no passwd
+ [f382c0e35e4e]
+
+ * BUGS:
+ ++version
+ [fab6a867ab67]
+
+ * parse.c:
+ commands can start with ./* not just /* -- fixes a serious security
+ hole.
+ [244d2fe35ee3]
+
+1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't set the tty variable to NULL when we lack a tty, leave it as
+ "unknown".
+ [193b26daba03]
+
+1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ fix usage of (username) in conjunction with , and !
+ [7ae68607f68f]
+
+ * visudo.c:
+ catch the case where the user is not in the passwd file
+ [31650258deb0]
+
+ * tgetpass.c:
+ use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
+ select(2)
+ [60ab2d9a9ee8]
+
+ * sudo.c:
+ define tty global to an initial value to avoid dumping core in
+ logging functions when passwd file is unavailable.
+ [77056c7bc908]
+
+ * sudo.c:
+ do the set_perms(PERM_USER, sudo_mode) after we have gotten the
+ passwd entry
+ [1fdb8e579a5a]
+
+ * sudo.pod:
+ talk about problem of ALL
+ [1cd1905c9f6f]
+
+1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ new web location
+ [d24dc26f6da5]
+
+ * INSTALL:
+ fdesc bug is fixed in Open/Net BSD
+ [7d4d81b08ac3]
+
+ * HISTORY:
+ updates from Nieusma
+ [3a43769a1b78]
+
+1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ move compat.h after the system includes
+ [5ea43a5968ac]
+
+1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ save errno from being clobbered by wait(). From Theo
+ [f2d1c48cd592]
+
+1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ fix an occurence of setresuid -> setreuid (typo)
+ [394de35c9b1c]
+
+1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ check for path to strip
+ [2b7ef824bd55]
+
+1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ deal with maxfilelen < 0 case
+ [f0af095178d7]
+
+ * OPTIONS:
+ fixed descriptin
+ [629f60bd4b5f]
+
+1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ correct error message if mode/owner wrong and not statable by owner
+ but is statable by root.
+ [cb631ce2e85e]
+
+1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.guess, config.sub:
+ autoconf 2.11
+ [f3cbe59e0756]
+
+1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, RUNSON, TODO:
+ sudo 1.5.3.
+ [2be3229b8626]
+
+1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.h:
+ command_alias -> generic_alias
+ [c404ca8c510d] [SUDO_1_5_3]
+
+ * sample.sudoers:
+ added Runas_Alias example and fixed syntax errors
+ [c304053f4a8a]
+
+ * OPTIONS, options.h:
+ updated MAILSUBJECT
+ [18d1573fcd2a]
+
+ * logging.c:
+ added %h expansion
+ [a4bff9b284fd]
+
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+ parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+ sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+ visudo.c:
+ ++version
+ [211ff20f956f]
+
+ * BUGS, emul/utime.h:
+ ++version
+ [cde5376579e3]
+
+ * sudoers.pod:
+ document Runas_Alias
+ [b1a58f28fb2c]
+
+ * visudo.pod:
+ q (uid) -> Q
+ [d256649a0e6b]
+
+ * visudo.c:
+ buffer oflow checking q (uit) -> Q if yyparse() fails drop into
+ whatnow
+ [1cb183d15626]
+
+ * parse.yacc:
+ add size params to sprintf
+ [9228f698921f]
+
+ * parse.lex:
+ allow trailing space after '\\' but before '\n'
+ [f51dbbf69fdf]
+
+ * find_path.c:
+ off by one error in path size check
+ [a6d75ccd7632]
+
+ * check.c:
+ sprintf paranoia
+ [3ffb12d198dd]
+
+1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed more_aliases
+ [aab12f2a50af]
+
+ * visudo.c:
+ now warns if killed by signal ./
+ [310c186a0fd7]
+
+1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fix Runas_Alias stuff Alias's in runas list now get expanded (but it
+ is gross)
+ [45590b83120f]
+
+ * sudo.c:
+ Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
+ [d53e01c14c58]
+
+ * parse.yacc:
+ add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
+ [7a4a040aae2d]
+
+ * parse.lex:
+ Add Runas_Alias and simplify a rule.
+ [6f794a769a37]
+
+ * parse.yacc:
+ always store User_Alias's since they can be used inside of a runas
+ list. Sigh. Really need a Runas_Alias instead.
+ [3bab058a873e]
+
+1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ deal with case where there is no sudoers file
+ [fa38b3bb244d]
+
+1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ added one
+ [e61346d06725]
+
+1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY, testsudoers.c:
+ developement -> development
+ [4df55e293941]
+
+ * INSTALL:
+ added a note
+ [3845fb83dbc0]
+
+ * RUNSON:
+ for 1.5.2
+ [5489b7298942]
+
+ * CHANGES:
+ updated
+ [0741834929e6]
+
+1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * PORTING:
+ removed seteuid() notes
+ [1010a60f281d] [SUDO_1_5_2]
+
+1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ better seteuid() emulatino
+ [e807623b662c]
+
+ * configure.in:
+ added check for seteuid
+ [8cf9fabc6f4f]
+
+ * config.h.in:
+ added HAVE_SETEUID
+ [596db46aa828]
+
+1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ first stab at sequent support
+ [b85a7bfcac76]
+
+ * config.h.in:
+ added HAVE_SYS_SELECT_H
+ [93ecdd042463]
+
+ * compat.h:
+ sequent -> _SEQUENT_
+ [63a38b6da98c]
+
+ * compat.h:
+ added seteuid() macro for DYNIX
+ [695bd63c5ea6]
+
+ * tgetpass.c:
+ _AIX -> HAVE_SYS_SELECT_H
+ [b31221211bc2]
+
+1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
+ parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, visudo.c:
+ ++version
+ [8052992fd453]
+
+ * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
+ pathnames.h.in, version.h:
+ ++version
+ [f7ad15e1598a]
+
+ * sudo.pod:
+ added -H and SUDO_PS1
+ [bb965241e30c]
+
+ * configure.in:
+ use SUDO_FUNC_FNMATCH
+ [6a8350d85fb2]
+
+ * aclocal.m4:
+ added SUDO_FUNC_FNMATCH
+ [45b32c91c4ba]
+
+ * sudo.c:
+ added -H flag
+ [11ebc6872fd6]
+
+ * sudo.h:
+ added MODE_RESET_HOME /
+ [67a7f8bcbbd6]
+
+1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ mention OPIE
+ [5723515d5bbd]
+
+ * options.h:
+ SKEY -> OTP
+ [c1d268130bc4]
+
+ * configure.in:
+ added opie support
+ [123872b41b20]
+
+ * compat.h, config.h.in:
+ added HAVE_OPIE
+ [528c71afc1e5]
+
+ * check.c:
+ added HAVE_OPIE and changed to *_OTP_*
+ [4c62f5db872a]
+
+ * OPTIONS:
+ SKEY -> OTP
+ [bd858e5e9652]
+
+1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ moved fclose() in skey stuff.
+ [11f7dc8431a6]
+
+1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * putenv.c:
+ index -> strchr remove unnecesary stuff
+ [af2d05238062]
+
+ * check.c:
+ now call skeychallenge() to get challenge instead of making one up
+ ourselves. this way, we get extra goodies in the prompt.
+ [49b770d98d3a]
+
+1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ added one
+ [3f5149357e2a] [SUDO_1_5_1]
+
+ * parse.lex:
+ allow logins to start with a number (YUCK!)
+ [7ed7ef324741]
+
+1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ added soalris 2.5 vs 2.4 note
+ [16160a251aae]
+
+ * configure.in:
+ DUNIX doesn't need -lnsl
+ [be924cc322c3]
+
+ * CHANGES:
+ *** empty log message ***
+ [1b2937521981]
+
+ * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
+ getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+ ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
+ options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+ strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
+ utime.c, version.h, visudo.c:
+ courtesan
+ [5f203589bbfe]
+
+ * PORTING, README, RUNSON:
+ courtesan
+ [d72517f4937e]
+
+ * INSTALL, Makefile.in, TROUBLESHOOTING:
+ courtesan
+ [5c007e3c7a71]
+
+ * visudo.pod:
+ *** empty log message ***
+ [37ebe85bd4e1]
+
+ * sudo.pod, visudo.pod:
+ courtesan
+ [37f02e2130ea]
+
+1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * HISTORY:
+ added courtesan ./
+ [b01435226276]
+
+1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added $SUDO_PROMPT support
+ [cb1fa72c093d]
+
+1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ print long skey challemged to stderr, not stdout
+ [750fc775b3b2]
+
+1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated for 1.5.1
+ [9b615f393057]
+
+ * emul/utime.h:
+ ++version
+ [a94de18deafb]
+
+1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for 1.5.1
+ [4092f20ab634]
+
+1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ use shost, not host for tgetpass
+ [6061c49ff9be]
+
+ * sudo.pod:
+ documented %u and %h
+ [6d2922d29897]
+
+ * OPTIONS:
+ documented %u and %h
+ [1a71da13a864]
+
+ * configure.in:
+ fixed typo
+ [1230dec2b062]
+
+ * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+ dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [65ce8eabf77a]
+
+ * BUGS:
+ ++version
+ [afecab53aab7]
+
+1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [fb3ff940d672]
+
+ * sudo.h:
+ new tgetpass() params
+ [9eccc5b0f8ae]
+
+ * check.c:
+ pass use and host to tgetpass
+ [c56d9d13c401]
+
+ * tgetpass.c:
+ added %u and %h escapes
+ [04ae775d3e5d]
+
+ * OPTIONS, check.c, options.h:
+ added NO_MESSAGE
+ [3927dad19057]
+
+ * configure.in:
+ added cray (unicos) support
+ [1122210c5fb1]
+
+1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h, sudo.c:
+ added SHELL_SETS_HOME
+ [0b26909b0929]
+
+1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added note about "make install"
+ [7e56ea76d4b4]
+
+ * parse.yacc:
+ changed length/size params from int to size_t
+ [5654e5ceb1b3]
+
+ * OPTIONS:
+ now get CSOPS insults as well by default
+ [297323d0179a]
+
+ * insults.h:
+ use csops insults too by default
+ [07fafc136169]
+
+ * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
+ version = 1.5
+ [4b8772b11e3b]
+
+ * sudo.c:
+ added runas_homedir
+ [b0e0d4417a15]
+
+ * TODO:
+ updated for 1.5
+ [66259df825d5]
+
+ * RUNSON:
+ updated for 1.5
+ [e08bc9ebfe95]
+
+ * CHANGES:
+ 1.5 release
+ [8c16942fea41]
+
+ * INSTALL:
+ added "upgrading" notes
+ [210d968964ff]
+
+1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now do chmod and chown after edit of temp file and before rename
+ [de174e34faa7] [SUDO_1_5_0]
+
+1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version added INSTALL.configure
+ [c9e9214f52ae]
+
+ * configure.in, version.h:
+ ++version
+ [5985abed3eb2]
+
+ * TROUBLESHOOTING:
+ *** empty log message ***
+ [d65c540ec52e]
+
+ * parse.yacc:
+ added missing cast
+ [e7247319a7d5]
+
+ * sudo.c:
+ sets $HOME to pw_dir of runas user
+ [d3f7f4d05752]
+
+ * sudo.pod:
+ document $HOME change
+ [854454d458c4]
+
+1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fixed up some wording
+ [b0c8582f2c97]
+
+ * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [748be723fd8b]
+
+ * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, options.h, pathnames.h.in, sudo.h:
+ ++version
+ [acdf8b1b2a1b]
+
+ * emul/utime.h:
+ ++version
+ [b3f35298ab8d]
+
+ * sudo.h:
+ name nad type changes
+ [db24ab3da141]
+
+ * testsudoers.c:
+ now works with new sudo
+ [379346c42cc2]
+
+ * parse.yacc:
+ fixed some XXX
+ [f5fe4c990052]
+
+ * parse.yacc:
+ some variable name changes + comment headers for functions.
+ [3dc3bd9aa73d]
+
+ * tgetpass.c:
+ added extra paren's to make compilers happy
+ [9e4968a34d56]
+
+ * sudo.c:
+ *** empty log message ***
+ [70c924c1ed69]
+
+ * parse.c:
+ now uses init_parser() if not in sudoers and tries "list" or
+ "validate" scold but don't be nasty.
+ [c0d8fb3f8c9e]
+
+ * TROUBLESHOOTING:
+ now can use upper case login names
+ [c772fffcefe5]
+
+ * visudo.c:
+ now uses init_parser()
+ [b9efae7243fd]
+
+ * INSTALL, README:
+ updated
+ [27dc8283fdc8]
+
+ * PORTING:
+ added info about PASSWORD_TIMEOUT
+ [980e15d892f8]
+
+ * INSTALL.configure:
+ Initial revision
+ [8292e89a08d3]
+
+ * BUGS:
+ fixed a bug ,
+ [c6e46f5624f9]
+
+ * parse.yacc:
+ now dynamically allocates memory for the stacks -- no more
+ overflows!
+ [8615c35b6ad3]
+
+ * sudo.pod:
+ -l now explands command aliases
+ [39f45605935d]
+
+ * parse.yacc:
+ hacks to expand command aliases for `sudo -l'
+ [e4eb752608f9]
+
+ * sudo.c:
+ remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
+ [01327ca5084b]
+
+ * sudo.h:
+ added struct command_alias
+ [dd2f32764082]
+
+ * sudo.pod:
+ fixed a bug
+ [e708ff08d2eb]
+
+ * lsearch.c:
+ in compar() key should be first arg
+ [fc14c3fa62ee]
+
+1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ fixed some bugs
+ [639dfe425bd5]
+
+ * parse.yacc:
+ can now deal with upcase HOST and USER names
+ [c6aa7bcfb00d]
+
+ * sudo.c:
+ don't yell too loudly at non-sudoers if they do "sudo -l"
+ [4ef146128d89]
+
+ * sudo.pod:
+ fixed thinko
+ [830f2f0f22e7]
+
+ * parse.c:
+ fix comment
+ [d20ce9e17ddc]
+
+1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c, parse.yacc:
+ added support for new `sudo -l' stuff
+ [7dceaef3c733]
+
+ * sudo.c:
+ now uses list_matches()
+ [293364821b61]
+
+ * sudo.h:
+ added struct sudo_match
+ [b2684179d179]
+
+ * configure.in:
+ now more -lgnumalloc
+ [4f8ae42617d8]
+
+1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ added more paths for chown and whoami
+ [6e685a19426c]
+
+1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ typo
+ [3adfa01c04bc]
+
+1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed DUNIX check for shadow pw
+ [c25324bcd27b]
+
+ * tgetpass.c:
+ now only turn off echo if it is already on. this fixes a race when
+ you use sudo in a pipelin
+ [28388c2de21c]
+
+ * INSTALL:
+ updated
+ [b45ac9366b7e]
+
+ * configure.in:
+ changed "test -z $foo && do_this" to if; then construct
+ [2183c4426bca]
+
+1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added missing defines of SHADOW_TYPE
+ [be89ea68a7f3]
+
+1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
+ only in dunix 4.x
+ [1e7c1c677263]
+
+ * getspwuid.c:
+ added AUTH_CRYPT_C1CRYPT support
+ [88d6b0058b20]
+
+ * parse.c:
+ no longer return VALIDATE_NOT_OK if there was a runas that didn't
+ match. Now we can have runas stuff on more than one line.
+ [52b68920d7b7]
+
+ * getspwuid.c, sudo.c, tgetpass.c:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [cf401dfcbc06]
+
+ * configure.in:
+ got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
+ something
+ [c7a233c4dd93]
+
+ * config.h.in:
+ removed HAVE_C2_SECURITY added SPW_BSD
+ [8314405e9754]
+
+ * compat.h:
+ use SHADOW_TYPE instead of HAVE_C2_SECURITY
+ [6f94870df17f]
+
+ * check.c:
+ SHADOW_TYPE is always defined so just against its value
+ [72c69a55d02f]
+
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW_DUNIX
+ [ef025ae9d496]
+
+1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ * -> ?* in one example added another instance of (runas) and one of
+ NOPASSWD:
+ [d74fe1dcbe7d]
+
+1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added back check for config.cache from other host type
+ [0ba87871f585]
+
+ * parse.lex:
+ removed an instance of \"
+ [1e008d3709f6]
+
+ * sample.sudoers:
+ added an example
+ [dbfcf68ee330]
+
+ * sudoers.pod:
+ updated wrt new wildcard matching
+ [193fa44a475b]
+
+ * configure.in:
+ new check for shadow passwords if we don't know anything
+ [67465df7dc9a]
+
+ * aclocal.m4:
+ new SUDO_CHECK_SHADOW_GENERIC
+ [3563b16a41b8]
+
+ * configure.in:
+ added back check for -lsocket (oops)
+ [a80882ee1cb6]
+
+ * configure.in:
+ better (working) check for shadow passwd type if we know to use C2.
+ [3cdd2a59a641]
+
+ * configure.in:
+ now uses AC_CANONICAL_HOST to figure out os type
+ [80db7fe6e704]
+
+ * Makefile.in:
+ added config.{guess,sub}
+ [c6be7e3ca384]
+
+ * aclocal.m4:
+ removed unused stuff to figure out os type
+ [c9a0f3b57123]
+
+ * config.sub:
+ added openbsd
+ [bfc6bfec3668]
+
+ * config.sub:
+ Initial revision
+ [e6e06ce0d17d]
+
+ * config.guess:
+ Initial revision
+ [99dd06f79199]
+
+ * testsudoers.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname. need to check against sudoers_args even if user_args is
+ nil
+ [66e6cf77f5d6]
+
+ * parse.c:
+ don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+ pathname need to check against sudoers_args even if user_args is nil
+ [74374df17311]
+
+1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
+ [cbb00261c415]
+
+ * testsudoers.c:
+ now takes command line args and uses cmnd_args
+ [f0c2fd35a527]
+
+ * parse.lex:
+ fill_args was adding an extra leading space
+ [692fc999b2e8]
+
+1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fixed dummy command_matches()
+ [93d9543db6e2]
+
+ * parse.yacc:
+ fixed prototype
+ [7b0addfbd429]
+
+ * sudo.h:
+ added cmnd_args
+ [8f47c4ae65ef]
+
+ * parse.yacc:
+ now uses flat args string
+ [016e65877da3]
+
+ * parse.c, parse.lex:
+ now uses flat arg string
+ [5b5f2e3f4c09]
+
+ * visudo.c:
+ added cmnd_args def
+ [876867134775]
+
+ * sudo.c:
+ now sets cmnd_args global
+ [e6fee70cb59b]
+
+ * logging.c:
+ cmnd_args is now exported from sudo.[ch]
+ [7a9cd36e356f]
+
+1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ can't rely on cmnd_matches as much as I thought -- added some $$
+ stuff back in to prevent namespace pollution problems.
+ [3c45fedb5af3]
+
+ * parse.yacc:
+ Simplified parse rules wrt runas and NOPASSWD (more consistent).
+ [e6d838c8a4c7]
+
+1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ NOPASSWD may now have blanks before the ':' '(' only starts a
+ 'runas' if in the initial state to avoid collision with command args
+ [c5c01172f499]
+
+ * configure.in:
+ added checks for specific shadow passwd schemes
+ [b7e3d1f7b84f]
+
+ * aclocal.m4:
+ added routines to check for specific shadow passwd types
+ [e5e1d19960a6]
+
+1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added support for ncr boxen
+ [bea9dc5aae7f]
+
+ * aclocal.m4:
+ added support for detecting ncr boxen
+ [8653a158a924]
+
+1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added sinix support
+ [5de2b2173ee1]
+
+1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ added info about "config.cache from other other" error.
+ [845b10198e0b]
+
+ * aclocal.m4:
+ now makes sure you don't have a config.cache file from another OS
+ [4fe32571c021]
+
+ * configure.in:
+ now sets $LIBS when needed to configure links with libs when doing
+ tests hpux10 now uses SPW_SECUREWARE for C2 added check for
+ bigcrypt(3) if SPW_SECUREWARE
+ [2df6b8ca538f]
+
+ * getspwuid.c:
+ fixed typo
+ [fe1cb1d792d6]
+
+ * tgetpass.c:
+ now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
+ [f71138372c07]
+
+ * getspwuid.c:
+ no more SPW_HPUX10
+ [cfdeb18bc16b]
+
+ * config.h.in:
+ no more SPW_HPUX10 added HAVE_BIGCRYPT
+ [00d296479a61]
+
+ * compat.h:
+ now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
+ [6c6d9e680417]
+
+ * check.c:
+ SPW_SECUREWARE now uses bigcrypt
+ [be71fc66690f]
+
+1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ fixed 2 syntax errors
+ [45eee19ef4ac]
+
+ * sudoers:
+ root may now run ALL as ALL
+ [1b54c6b9b212]
+
+1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ fixed a typo/thinko that broke BSD's with sa_len
+ [603438360126]
+
+1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, configure.in:
+ updated AFS support
+ [e572eb8d177a]
+
+ * TROUBLESHOOTING:
+ added entry about /usr/ucb/cc
+ [025b353aa9d3]
+
+ * INSTALL:
+ prep no longer holds gcc binaries
+ [8b0942958049]
+
+ * INSTALL:
+ updated AFS note
+ [7af6efd5abe4]
+
+ * Makefile.in:
+ added @AFS_LIBS@
+ [97b6fe6ad7d6]
+
+ * compat.h:
+ AFS allows long passwords
+ [5fb17122c302]
+
+ * testsudoers.c:
+ fixed -u user support
+ [b1a0c1648639]
+
+ * parse.c:
+ sudo -v now groks VALIDATE_OK_NOPASS
+ [74fc03fffe7e]
+
+ * parse.yacc:
+ fixed no_passwd vs. runas_matched
+ [549a9b791a6a]
+
+ * TROUBLESHOOTING:
+ took out stuff about NFS-mounting since it is no longer an issue
+ [d95ab7fbbc61]
+
+ * INSTALL:
+ added --with-libraries > --with-libpath --with-incpath
+ [d5d15a7a0f4c]
+
+ * parse.yacc:
+ was setting runas_matches to -1 in wrong place
+ [db2b1deb8d33]
+
+ * check.c:
+ removed usersec.h which is not present in new AFS versions
+ [618b016dd17f]
+
+ * tgetpass.c:
+ now deals with timeout <= 0
+ [ba53a1257255]
+
+ * OPTIONS:
+ updated
+ [75093bd8fdca]
+
+ * configure.in:
+ BSD/OS >= 2.0 now uses shlicc instead of just gcc
+ [ff6dbf7825c2]
+
+ * sudo.c:
+ fixed backwards compatibility with sudo 1.4 sudoers mode for root
+ readable/writable filesystems
+ [2694ed627221]
+
+ * Makefile.in:
+ now gives INSTALL -c flag
+ [63db055a2fd1]
+
+ * parse.yacc:
+ slightly simpler initialization of no_passwd and runas_matches
+ [463a1b5fa323]
+
+ * testsudoers.c:
+ added -u username support
+ [38b072fcd6b3]
+
+ * configure.in:
+ improved --with-libraries support
+ [047dbc5f0af2]
+
+1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added --with-incpath, --with-libpath, --with-libraries
+ [20f20d6c718c]
+
+ * parse.yacc:
+ now initializes some fields that weren't getting set to -1 pretty
+ gross -- need a rewrite.
+ [021c160390c6]
+
+1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * alloca.c:
+ removed emacs'isms
+ [9d4ec2efe057]
+
+ * configure.in:
+ no longer add -lPW to *_LIBS since we include alloca.c
+ [a626d1bbea80]
+
+ * config.h.in:
+ added HAVE_ALLOCA_H
+ [15491e2a6cff]
+
+ * Makefile.in:
+ added alloca.c
+ [0400f25e1fe4]
+
+ * alloca.c:
+ Initial revision
+ [06d033aa4882]
+
+ * configure.in:
+ ++version
+ [f52c0fb98f90]
+
+1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
+ not always set to a valid uid.
+ [c2669f77704d]
+
+ * OPTIONS:
+ fixed entry for SUDO_MODE
+ [d7272f6035b8]
+
+ * sudo.c:
+ Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
+ being set to -2. Now beat NFS to the punch and set uid to "nobody"
+ ourselves, preserving group 0 to read sudoers.
+ [b1fbc5dd1e34]
+
+ * parse.c:
+ moved set_perms(PERM_ROOT) to be before yyparse()
+ [7619d8080735]
+
+ * logging.c:
+ fixed a typo
+ [318acc48cde0]
+
+ * configure.in:
+ no longer need AC_PROG_INSTALL
+ [de01b1336dc8]
+
+ * Makefile.in:
+ always use install-sh to avoid install(1)'s that use get{pw,gr}nam
+ [ea2351986406]
+
+ * INSTALL:
+ make clean -> make distclean
+ [704a98e8ba10]
+
+1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ removed some unnecsary if's
+ [f00db6508132]
+
+ * Makefile.in, version.h:
+ ++version
+ [bdb6740b24c8]
+
+ * parse.c, testsudoers.c:
+ now includes netgroup.h
+ [93f5a06352bc]
+
+ * interfaces.c:
+ removed cats of ioctl to int since they didn't shut up -Wall
+ [83e9f912cd7a]
+
+ * interfaces.c:
+ explicately cast ioctl() to int since it it not always declared
+ [2ff9294e469e]
+
+ * sudo.h:
+ added declarations for yyparse() and yylex()
+ [6071321ab771]
+
+ * parse.yacc:
+ fixed an occurence of '==' -> '='
+ [2c46d2e11d57]
+
+ * config.h.in, configure.in:
+ added check for netgroup.h
+ [73403050f4e3]
+
+ * sudo.c:
+ fixed 2 compiler warnings
+ [680929b0bd97]
+
+ * sudo.c:
+ SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
+ initialized
+ [18707ecd07c2]
+
+1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod:
+ fixed a typo
+ [e4b5c12aa130]
+
+1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed a formatting thingie
+ [c79327b6f19b]
+
+ * parse.c, parse.yacc:
+ fixed -u support with multiple user lists on a line
+ [e4d1066adca2]
+
+ * configure.in:
+ unixware needs -lgen
+ [b5bf9bca63cc]
+
+ * README:
+ updated ftp location
+ [b25a033f7921]
+
+ * sudoers.pod:
+ add net_addr/netmask support
+ [674e83516d1e]
+
+ * sample.sudoers:
+ added net_addr/mask example
+ [774878e89b28]
+
+ * parse.c, parse.lex:
+ added support for net_addr/netmask
+ [e33de27325d8]
+
+1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ ^ -> !
+ [1a084950d6ef]
+
+1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for 1.4.3
+ [c82019025d09]
+
+ * CHANGES:
+ udpated for 1.4.3
+ [ceaa81adb8f0]
+
+ * BUGS, TODO, TROUBLESHOOTING:
+ updated
+ [ff94fae4b853]
+
+ * sample.sudoers:
+ updated with examples of new stuff
+ [99d0b4cb4c9c]
+
+ * INSTALL, README:
+ ++version
+ [b763b80fe836]
+
+ * sudoers.pod:
+ updated wrt -u and NOPASSWD
+ [0b5b722ea0f4]
+
+ * sudo.pod:
+ updated wrt -u and CAVEATS
+ [71d5d53b5d18]
+
+1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fixed usage()
+ [114c7d09b550]
+
+ * parse.lex:
+ now use :foo: character classes (makes no diff for generated lexer)
+ [7b0aeb737a02]
+
+1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed LONG_SKEY_PROMPT stuff
+ [0efe78b4bdda]
+
+1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ fixed a comment
+ [3d289017104b]
+
+ * lsearch.c:
+ make more like NetBSD one -- now compiles w/o warnings
+ [932206296a54]
+
+ * emul/search.h:
+ fixed decls of lsearch()
+ [c58cf4584c45]
+
+ * config.h.in, configure.in, getspwuid.c:
+ added SPW_HPUX10
+ [d74e5eaa5f17]
+
+ * check.c:
+ hpux 10 uses bigcrypt() if C2
+ [359eb63f4021]
+
+1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ now always uses fnmatch to match args
+ [a9d91f35256a]
+
+ * tgetpass.c:
+ back to using stdio instead of raw i/o since that caused some
+ problems
+ [e7ce2bc92974]
+
+1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now give usage warning if use -l,-v,-k with args
+ [6b48180c4fea]
+
+1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ NewArgc is now set to 1 for -l, -v, -k
+ [7497cb1416a8]
+
+ * sudo.c:
+ now sets sudoers to correct group if mode is 0400
+ [484c43d99718]
+
+ * install-sh:
+ updated to version used by inn and bind
+ [28683ad8725a]
+
+ * configure.in:
+ now uses -lgnumalloc if it exists
+ [3651ca4415a2]
+
+ * Makefile.in:
+ "make install" now sets uid/gid and mode on sudoers if it exists
+ [1f5216191ae9]
+
+ * sudo.c:
+ rmeoved debugging statements
+ [aeda278e2c26]
+
+ * parse.yacc:
+ added a missing free()
+ [592c9482a159]
+
+ * sudo.c:
+ now uses user_gid instead of getegid (which was wrong anyway) to set
+ SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
+ (logging.c depends on args being in the environment)
+ [9f5328a3b942]
+
+ * logging.c:
+ now uses SUDO_COMMAND envariable to get command args rather than
+ building it up again.
+ [7f8edc5bccb7]
+
+ * parse.c:
+ now uses user_gid
+ [4b9303ae45fe]
+
+ * sudo.c:
+ fixed off by one error in allocation NewArgv
+ [921ea1a4e7c6]
+
+ * parse.c:
+ in sudoers, 'command ""' now means command with no args
+ [a5273648ace2]
+
+ * configure.in:
+ added check for fnmatch(3) and fnmatch.h
+ [258916a7866f]
+
+ * config.h.in:
+ added HAVE_FNMATCH
+ [b9860d361e93]
+
+ * Makefile.in:
+ replaced wildcat.* with fnmatch.*
+ [03ad9ee21a1c]
+
+ * testsudoers.c:
+ now uses fnmatch()
+ [5a7f7de987a9]
+
+1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ now uses fnmatch() instead of wildmat a trailing star (*) by itself
+ now matches multiple args added support for wildcards in the
+ pathname in sudoers
+ [1f7fb950b868]
+
+1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * fnmatch.c:
+ now includes compat.h and config.h
+ [090206b95cf8]
+
+ * config.h.in:
+ added HAVE_FNMATCH_H
+ [90eb42150173]
+
+ * configure.in:
+ now checks for alloca() (if needed by bison or dce) and links with
+ -lPW if it contains alloca() and libv and compiler do not.
+ [cfa2b3cef49a]
+
+ * emul/fnmatch.h, fnmatch.3, fnmatch.c:
+ Initial revision
+ [20b1f762a32a]
+
+1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now fixes mode on sudoers if set to 0400 to aid in upgrade
+ [d4bdfd521820]
+
+1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed pod2man usage
+ [5adf2ec77b27]
+
+ * Makefile.in, configure.in, version.h:
+ ++version
+ [b4029de876d0]
+
+ * testsudoers.c, visudo.c:
+ runas_user is now initialized to "root"
+ [8537d97bff39]
+
+ * sudo.h:
+ removed PERM_FULL_ROOT
+ [241f8bbf647f]
+
+ * sudo.c:
+ runas_user defaults to "root" so no more need to PERM_RUNAS
+ [fc0c0dfc72ba]
+
+ * parse.c:
+ will now only running commands as root if there was no runas list
+ (or if root is in the runas list)
+ [40c587666c81]
+
+ * logging.c:
+ now logs "USER=%s"
+ [b733504c87fd]
+
+ * parse.yacc:
+ runas_matches is now set to false if we get a negative match
+ [5495b150b300]
+
+ * parse.lex:
+ make #uid work + some minor cleanup
+ [07851bbce03a]
+
+ * sample.sudoers:
+ added support for NOPASSWD and "runas" from garp@opustel.com /
+ [7a9c67b51fa5]
+
+ * visudo.c:
+ added support for "runas" from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
+ SUDOERS_MODE
+ [e714209b9885]
+
+ * testsudoers.c:
+ added support for "runas" from garp@opustel.com
+ [b837f856da10]
+
+ * sudo.h:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
+ SUDOERS_MODE
+ [cea6f26679b7]
+
+ * sudo.c:
+ added support for NO_PASSWD and runas from garp@opustel.com replaced
+ SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
+ SUDOERS_MODE
+ [61b5434237c5]
+
+ * parse.yacc:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [72ebd3056f22]
+
+ * parse.c, parse.lex:
+ added support for NO_PASSWD and runas from garp@opustel.com
+ [fef6dbdd114d]
+
+ * logging.c:
+ added support for SUDOERS_WRONG_MODE and "runas"
+ [e794efc2b443]
+
+ * configure.in:
+ added --with-CC only link with -lshadow on linux (with shadow pw) if
+ libc lacks getspnam()
+ [3ecf4ae21002]
+
+ * OPTIONS, options.h:
+ removed NO_PASSWD since it is not possible to do this in the sudoers
+ file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
+ SUDOERS_GID. Added SUDOERS_MODE.
+ [2eaa4891ef48]
+
+ * Makefile.in:
+ now uses SUDOERS_UID and SUDOERS_GID
+ [8d615f0fdb2a]
+
+1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added --with-CC
+ [a1b8286a81b8]
+
+1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ added double quote support
+ [a5e4fc7e3a2b]
+
+ * sudoers.pod:
+ documented double quoting
+ [c6ea47969a44]
+
+1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkinstalldirs:
+ Initial revision
+ [dcb86d65ad8f]
+
+ * check.c:
+ fixed some indentation
+ [4d1c5ab8072b]
+
+ * Makefile.in:
+ fixed a typo
+ [0d27eebc7227]
+
+ * Makefile.in:
+ added install-dirs .
+ [f499b99b8be7]
+
+1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ new version from "Jeff A. Earickson" <jaearick@colby.edu>
+ [422481be5fbd]
+
+1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ $CSOPS -> $with_csops (whoops, missed one)
+ [b04c6948130e]
+
+ * BUGS:
+ updated
+ [c4d5713e227d]
+
+ * parse.lex:
+ FQHOST now has same constraints as non-FQHOST
+ [e1c3bf2381d1]
+
+ * INSTALL:
+ added note about OS's w/ shadow passwords turned on by default
+ [166257f43be4]
+
+1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fixed a typo
+ [e5c3e2e9a359]
+
+ * configure.in:
+ added support for --without-THING sanitized shadow pw situtation by
+ adding support for
+ --without-C2
+ [65dc6bf64cce]
+
+ * tgetpass.c:
+ fixed a typo wrt placement of an end paren
+ [a8780f818231]
+
+ * check.c:
+ was closing an fd that may not have been opened
+ [760271c7bdc9]
+
+1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS, options.h, sudo.c:
+ added NO_PASSWD
+ [28ff1dc93d7a]
+
+1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now always use shadow pw on some arches
+ [069161ccffda]
+
+1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added pyramid support
+ [a0eb57a3a531]
+
+ * configure.in:
+ no longer check for C2 if alternate passwd method is used no longer
+ check for some libs twice
+ [2d0c3c902b40]
+
+ * parse.yacc:
+ moved fqdn stuff into parse.lex (FQHOST)
+ [d9c9abd481d8]
+
+ * parse.lex:
+ added FQHOST rules
+ [4a1695acff6d]
+
+ * tgetpass.c:
+ now define TCSASOFT in necesary
+ [3fac2e21c9ab]
+
+ * tgetpass.c:
+ now uses read/write instead of stdio string goop to avoid problems
+ with select(2)
+ [67fd174e518c]
+
+ * OPTIONS, find_path.c, options.h:
+ -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
+ [d05ba5100d28]
+
+1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added note about no shadow auto-detect if using alternate auth
+ schemes
+ [b425592232a3]
+
+ * configure.in:
+ don't check for C2 if AFS or DCE (unless they said --with-C2)
+ [61342962171a]
+
+ * testsudoers.c:
+ now groks shost
+ [85dda17303f6]
+
+ * OPTIONS, find_path.c, options.h:
+ added NO_DOT_PATH
+ [c261ca1fb196]
+
+1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ checkdot now works correctly
+ [3bc4835bb3e9]
+
+1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ can't have DCE and C2 passwords both...
+ [fb9a8ab7ca66]
+
+1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc, sudo.c, sudo.h, visudo.c:
+ now uses shost even if not FQDN
+ [87f7498b3a1f]
+
+ * configure.in:
+ now looks for skey in /usr/lib and doesn't require libskey to be in
+ /usr/local/lib just because skey.h is (for my netbsd box :-)
+ [ceb1763e37d2]
+
+ * aclocal.m4, config.h.in, pathnames.h.in:
+ _SUDO_PATH_ -> _CONFIG_PATH_
+ [84d97ad13d75]
+
+ * aclocal.m4, sudo.pod:
+ /var/run/.odus -> /var/run/sudo
+ [922da220b8f5]
+
+ * pathnames.h.in:
+ now uses _SUDO_PATH_TIMEDIR
+ [5ecab0155fdf]
+
+ * OPTIONS:
+ udpated FQDN
+ [361b6f7440c0]
+
+ * aclocal.m4, configure.in:
+ added SUDO_TIMEDIR
+ [368c95c8c950]
+
+ * config.h.in:
+ added _SUDO_PATH_TIMEDIR
+ [3879864d808c]
+
+ * sudo.pod:
+ updated wrt /var/run/sudo
+ [9e14f2a429d3]
+
+ * sudo.c, sudo.h:
+ added support for shost if FQDN
+ [51a3f51a09a1]
+
+ * parse.yacc, visudo.c:
+ now uses shost if FQDN
+ [d19da2e92b42]
+
+ * check.c:
+ Now use skeylookup() instead off skeychallenge()
+ [4c7438bb2ae0]
+
+1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ mail_argv should not contain ALERTMAIL as it includes "-t"
+ [67ffaaa8f843]
+
+1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, Makefile.in, README, configure.in, version.h:
+ ++version
+ [e08fd4a809fc]
+
+ * compat.h:
+ added more _PASSWD_LEN stuff -- now uses PASS_MAX too
+ [2f20c3153689]
+
+ * tgetpass.c:
+ now includes limits.h moved _PASSWD_LEN -> compat.h
+ [b1ca3cafdacc]
+
+1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, README:
+ ++version
+ [3eacf32803f5]
+
+ * Makefile.in:
+ ++versoin
+ [3b91c317630a]
+
+ * Makefile.in:
+ fixed a typo
+ [3661ac4a7803]
+
+ * configure.in:
+ ++version
+ [60e842973745]
+
+1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated
+ [def2c3c24195]
+
+ * CHANGES:
+ done for 1.4.1 (I hope)
+ [2ab543769a40]
+
+ * sudoers.pod:
+ added info on wildcards
+ [ce3bd41bc063]
+
+ * sample.sudoers:
+ added wildcard example
+ [762feb0577bd]
+
+ * Makefile.in:
+ now uses *.pod to build *.man and *.cat & *.html
+ [3ec14962028b]
+
+ * configure.in:
+ addedSUDO_PROG_BSHELL !ll
+ [3c80b320bf16]
+
+ * visudo.pod:
+ fixed up some formatting
+ [12166c434526]
+
+ * sudoers.pod:
+ redid section describing sample sudoers stuff
+ [b8065cceec71]
+
+ * sudo.pod:
+ fixed some formatting
+ [aa9a681add0f]
+
+ * getspwuid.c:
+ now treats "" as bourne shell
+ [30194a72ad56]
+
+ * Makefile.in:
+ TESTOBJS nwo includes wildmat.o
+ [86cc6500f84d]
+
+ * testsudoers.c:
+ now works with NewArg[cv]
+ [2f72674ce942]
+
+ * sudo.c:
+ removed an XXX (fixed it in getspwuid.c)
+ [e791ee0d1a68]
+
+ * aclocal.m4:
+ added check for bourne shell
+ [a2fd51676b8a]
+
+ * pathnames.h.in:
+ added _PATH_BSHELL
+ [e7c10011d47b]
+
+ * config.h.in:
+ added _SUDO_PATH_BSHELL
+ [6a1182898de9]
+
+1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ unixware vi returns 256 instead of 0
+ [234ffc7c6786]
+
+ * INSTALL:
+ added Linux note
+ [5f85efcd2b58]
+
+ * logging.c:
+ fixed up some XXX's. file log format now looks a little more like
+ real syslog(3) format.
+ [6df55707bfc3]
+
+ * README, TROUBLESHOOTING:
+ updated wrt lex/flex
+ [eb787d69156b]
+
+ * Makefile.in:
+ commented out rule to build lex.yy.c from parse.lex since we ship
+ with a pre-flex'd parser
+ [7507e2ce4a95]
+
+ * parse.c, parse.yacc, visudo.c:
+ path_matches -> command_matches
+ [0bd469424f86]
+
+ * logging.c:
+ eliminated some strcat()'s
+ [9878a79bc374]
+
+ * configure.in:
+ no longer checks for lex/flex (now assumes flex)
+ [a086ccc73798]
+
+ * configure.in:
+ now checks for $kerb_dir_candidate/krb.h instead of just
+ kerb_dir_candidate
+ [9133bc3c5208]
+
+1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ now use a 'hook' expression instead of an iffy one :-)
+ [9560df01b8c0]
+
+1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now works with new sudo arg stuff
+ [310a0d43ddad]
+
+ * parse.yacc:
+ fixed dereferencing deadbeef
+ [474ef8a8006b]
+
+ * sudo.c:
+ changed an occurrence of Argv to NewArgv
+ [205b012b7691]
+
+ * parse.lex:
+ took out support for quoted commands since there is no need...
+ [5c5036d353b1]
+
+ * parse.c:
+ fixed a typo in a for() loop
+ [7e8d5283c43b]
+
+ * logging.c:
+ protected against dereferencing rogue pointers
+ [56debd517717]
+
+ * sudo.c:
+ now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
+ also allows us to eliminate some kludges in parse_args() and
+ eliminate superfluous code.
+ [5122f66ad150]
+
+ * logging.c:
+ no longer uses cmnd_args, now uses NewArgv instead.
+ [abddd23cf068]
+
+ * sudo.h:
+ added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
+ (no longer used)
+ [78410984fb05]
+
+ * Makefile.in:
+ added wildmat.c to SRCS & SUDOBJS
+ [3800efb41794]
+
+ * parse.yacc:
+ COMMAND is now a struct containing the path and args
+ [5c32822c5b94]
+
+ * parse.lex:
+ replaced append() with fill_cmnd() and fill_args. command args from
+ a sudoers entry are now stored in an arrary for easy matching.
+ [a981d7f4eb0d]
+
+ * parse.c:
+ command line args from sudoers file are now in an array like ones
+ passed in from the command line
+ [1d9e37e84519]
+
+1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ wildwat stuff now works
+ [49d16488531f]
+
+1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ ++version
+ [53e55463ef89]
+
+ * Makefile.in:
+ ++version added wildmat.*
+ [0508297a4711]
+
+1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ added support for quoted commands (w/ or w/o args)
+ [b9a637155673]
+
+1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pod, visudo.pod:
+ cleaned up formatting
+ [4591d4195437]
+
+ * sudo.pod, visudo.pod:
+ Initial revision
+ [7564a8242750]
+
+1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoers.pod:
+ looks reasonable, could be mroe readable
+ [a5be2d19d9e0]
+
+ * sudoers.pod:
+ Initial revision
+ [957888be31a6]
+
+1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated
+ [633743aa924b]
+
+ * OPTIONS:
+ updated NO_ROOT_SUDO entry
+ [f1c15b1dec9e]
+
+1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ *** empty log message ***
+ [5b63de579ff7] [SUDO_1_4_0]
+
+ * sudo.c:
+ fixed SECURE_PATH
+ [6002889f606d]
+
+ * RUNSON:
+ udpa`ted for 1.4
+ [6014a8592815]
+
+ * configure.in:
+ AIX aixcrypt.exp now uses $(srcdir)
+ [b0d57674fef4]
+
+ * TROUBLESHOOTING:
+ added entry for anal ansi compilers
+ [4193cec1c6b1]
+
+1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ added info on libcrypt_i for SCO
+ [575497d56698]
+
+ * TODO:
+ *** empty log message ***
+ [d0aaf67b9913]
+
+ * sample.sudoers:
+ added comments
+ [a7773f7eda8d]
+
+ * TODO:
+ 1.4 release
+ [1dade29e9fd9]
+
+ * CHANGES:
+ ++version
+ [67241be40780]
+
+ * INSTALL, OPTIONS, README, config.h.in, configure.in:
+ ++version
+ [2e0a37897f68]
+
+ * BUGS:
+ ++version and fixed ISC
+ [78963f01a0e3]
+
+ * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+ goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+ insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
+ sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ visudo.c:
+ ++version
+ [b6227f29b3d9]
+
+ * interfaces.c:
+ added STUB_LOAD_INTERFACES ++version
+ [d8150a3fd577]
+
+ * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
+ version.h:
+ ++version
+ [da9e90e69bdc]
+
+ * PORTING:
+ added info about fd_set in tgetpass added info on interfaces.c
+ [a39902febd17]
+
+1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ added sudo header
+ [fc0f2c48682e]
+
+ * tgetpass.c:
+ fixed a typo
+ [43d40b72ee8f]
+
+ * Makefile.in:
+ tgetpass.o is now only linked in with sudo (not visudo)
+ [7407c5ff11f8]
+
+1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
+ configure.in:
+ ++version
+ [9b82ad805d6b]
+
+ * emul/utime.h:
+ added copyright notice
+ [4380f16cd075]
+
+ * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+ ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+ interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+ pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+ testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+ ++version
+ [32717fdb5d05]
+
+ * tgetpass.c:
+ minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
+ [326864428da2]
+
+ * configure.in:
+ ISC now gets -lcrypt now check for sys/bsdtypes.h
+ [e064799c054b]
+
+ * config.h.in:
+ added check for sys/bsdtypes.h
+ [9adb9533c363]
+
+1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ removed debugging stuff (setting freed ptr to NULL)
+ [02fe8eec63a0]
+
+ * TROUBLESHOOTING:
+ added 2 entries
+ [02884e2733e2]
+
+ * Makefile.in:
+ added FAQ
+ [074d8dfcf28d]
+
+ * TROUBLESHOOTING:
+ added section on syslog
+ [e6bc02a22b86]
+
+ * configure.in:
+ added AC_ISC_POSIX for better ISC support
+ [8436b3e12af2]
+
+ * config.h.in:
+ fixed typo
+ [f1b3922babf4]
+
+ * config.h.in:
+ added define for _POSIX_SOURCE
+ [ded6d92b34f9]
+
+1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fixed check for lsearch()
+ [75baa5bc28a3]
+
+1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ fixed for AIX now deal if num_interfaces == 0 (should not happen)
+ [ae450e859227]
+
+1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now only define HAVE_LSEARCH if there is a corresponding search.h
+ [8ce645c5d17f]
+
+ * interfaces.c:
+ works on ISC again
+ [ccac920d424c]
+
+1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now define HAVE_LSEARCH if we find lsearch() in libcompat
+ [7343e4313a87]
+
+ * lsearch.c:
+ char * -> const char *
+ [1c0b11c2300a]
+
+ * configure.in:
+ now looks in -lcompat for lsearch()
+ [a1cc1d6fcd09]
+
+ * Makefile.in:
+ remove sudo.core visudo.core for clan target
+ [b523456a85df]
+
+ * aclocal.m4:
+ added UID_MAX support in check for MAX_UID_T_LEN
+ [7ab262b1173f]
+
+ * Makefile.in:
+ fixed another occurence of sudo_getpwuid.*
+ [fb5809c07da2]
+
+ * Makefile.in, getspwuid.c:
+ sudo_getpwuid.c -> getspwuid.c
+ [875f2ef808b4]
+
+ * configure.in:
+ moved the "echo"
+ [ad7b8f966076]
+
+ * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
+ compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ ++version
+ [ee57c6410ffa]
+
+ * testsudoers.c:
+ added group support
+ [54d8097df8bd]
+
+ * sample.sudoers:
+ added group entry
+ [50994d31fd49]
+
+ * sudoers.man:
+ documented group support
+ [0a16707f8fed]
+
+ * parse.c, parse.lex, parse.yacc, visudo.c:
+ added group support
+ [427218c879c8]
+
+1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ tkfile was too short and overflowed the kerberos realm
+ [53823a1ff5af]
+
+1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now copy command args directly from Argv
+ [77408278b6fd]
+
+ * sudo.c:
+ replaced code to copy cmnd_args so that is does not use realloc
+ since most realloc()'s really stink
+ [b29a0ff73fb6]
+
+1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ syslog() fixed in hpux 10.01
+ [2648e6f0cdb0]
+
+1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
+ [8f108b8d8711]
+
+ * configure.in:
+ better error if cannot find skey incs or libs
+ [5887662ee9d3]
+
+ * aclocal.m4:
+ now use a temp file for determining max len of uid_t in string form.
+ the old hacky way broke on netbsd
+ [b68f470fa9f8]
+
+ * sudo.c:
+ added set of parens and a space
+ [8a3d4826d022]
+
+1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * dce_pwent.c:
+ fixes from Jeff Earickson <jaearick@colby.edu> ,
+ [bde0f0b756ec]
+
+ * check.c:
+ modified a comment
+ [e2a97f1afbbe]
+
+ * Makefile.in:
+ fixed up testsudoers target
+ [d39c4e7bb609]
+
+ * configure.in:
+ DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
+ SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
+ [da7a1c433828]
+
+ * Makefile.in:
+ LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
+ VISUDO_LDFLAGS
+ [4b69503e8487]
+
+1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fix for C2 on hpux 10 now uses -linet if it exists
+ [8d300112263d]
+
+ * check.c:
+ LONG_SKEY_PROMPT is less of a klusge /
+ [dcc144abaac3]
+
+ * configure.in:
+ fixed typos w/ dce stuff
+ [f7dfd6d4e149]
+
+ * Makefile.in:
+ added dce_pwent.c
+ [79047acdc516]
+
+1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ amended section on combining authentication mechanisms
+ [dc5138c7c716]
+
+ * PORTING:
+ minor updates for 1.3.6
+ [fe80c13bd994]
+
+ * TROUBLESHOOTING:
+ added 2 more entries
+ [c7201439a0f5]
+
+ * BUGS:
+ updated for 1.3.6
+ [979b414d2a2d]
+
+ * README:
+ overhauled
+ [3af8b60eb594]
+
+ * INSTALL:
+ rewrote for sudo 1.3.6
+ [b16027b9c726]
+
+ * TROUBLESHOOTING:
+ added 3 entries
+ [934c9ee3f153]
+
+1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c, getspwuid.c, sudo.c:
+ added explict casts for strdup since many includes don't prototype
+ it. gag me.
+ [3e19a11f2fcc]
+
+ * sudo.h:
+ removed prototype for sudo_getpwuid() since convex C compiler choked
+ on it.
+ [c3ea74ca67b0]
+
+ * sudo.c:
+ added prototype for sudo_getpwuid()
+ [4a8e3cdc2b98]
+
+ * lsearch.c:
+ now compiles on strict ANSI compilers
+ [3ce5d72d0b08]
+
+ * check.c:
+ added LONG_SKEY_PROMPT support
+ [48a18b8a2332]
+
+ * Makefile.in:
+ added extra $'s for make to eat up, yum.
+ [2995b214e12b]
+
+ * OPTIONS, options.h:
+ added LONG_SKEY_PROMPT
+ [f23ae799b5a4]
+
+1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ s/key support now works with normal s/key as well as logdaemon
+ [d67573f523bf]
+
+ * OPTIONS, options.h:
+ added SKEY_ONLY
+ [bbf07654e0de]
+
+ * compat.h:
+ set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
+ [205895b96a36]
+
+ * INSTALL:
+ added DCE note added more AIX notes
+ [6345403b3522]
+
+ * sudo.c:
+ now include pthread.h for DCE support
+ [6fe02865f679]
+
+ * check.c:
+ dce_pwent() is ok after all .,
+ [d26a8746a55d]
+
+ * logging.c:
+ now uses SYSLOG() macro that equates to either syslog() or
+ syslog_wrapper
+ [42ac4cff8045]
+
+ * dce_pwent.c:
+ minor formatting changes. renamed check() to somthing less generic
+ [71859f217be1]
+
+ * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
+ visudo.c:
+ now uses user_pw_ent and simple macros to get at the contents
+ [f4cbf3e7145a]
+
+1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ simpler dec unix C2 support
+ [86bc8f75250e]
+
+ * getspwuid.c:
+ now sets crypt_type for DEC unix C2
+ [99aeadd18266]
+
+1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added csops paths for skey
+ [b8ca672e2117]
+
+ * getspwuid.c:
+ now includes string.h for strdup() prototype
+ [3605259c3620]
+
+ * getspwuid.c:
+ fixed a few typos
+ [46c97e4ea417]
+
+ * check.c:
+ now includes skey.h
+ [11e611ce1b61]
+
+ * getspwuid.c:
+ fixed up comments
+ [223dac56f0c8]
+
+ * check.c:
+ moved a lot of the shadow passwd crap to sudo_getpwuid()
+ [97d8887fb7d3]
+
+ * sudo.c:
+ now uses sudo_pw_ent
+ [d014dadbef48]
+
+ * testsudoers.c:
+ now uses sudo_pw_ent
+ [d92936ed7e34]
+
+ * visudo.c:
+ now sets sudo_pw_ent
+ [ff75cdfcf8b3]
+
+ * getspwuid.c:
+ Initial revision
+ [6deb6df9d7bc]
+
+ * tgetpass.c:
+ moved dce stuff into compat.h
+ [1124284396e7]
+
+ * logging.c, sudo.h:
+ now uses sudo_pw_ent
+ [404ff20a5067]
+
+ * Makefile.in:
+ added sudo_getpwuid.c
+ [6666d0644512]
+
+ * compat.h:
+ added dce support
+ [3c3b36a7ce0e]
+
+ * parse.yacc:
+ now uses sudo_pw_ent
+ [9f5e8d11bd68]
+
+1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed exempt_group stuff for OS's that don't put base gid in group
+ vector
+ [003f153bd396]
+
+ * check.c:
+ S/Key support now works with sunos4 shadow passwords
+ [1eb64a5efff1]
+
+ * Makefile.in:
+ fixed clean rule
+ [5695a2c62816]
+
+ * config.h.in, configure.in:
+ added DCE support
+ [f53c766c1947]
+
+ * tgetpass.c:
+ DCE & KERB support
+ [904cf436506a]
+
+ * check.c:
+ first stab at dce support
+ [aea5ca07b1e3]
+
+ * dce_pwent.c:
+ now smells like sudo
+ [8b3d609b49cd]
+
+ * dce_pwent.c:
+ Initial revision
+ [b573555f2399]
+
+ * check.c:
+ skey'd sudo now works w/ normal password as well
+ [8d038f9f6e94]
+
+1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
+ getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+ ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+ parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+ sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+ version.h, visudo.c:
+ updated version number
+ [ba7e346d7904]
+
+ * README:
+ updated to reflect version change
+ [1d15cf1d8cc8]
+
+ * configure.in:
+ --with options now line up ++version
+ [08ebf625fbca]
+
+ * sudo.h:
+ removed unecesary S/Key stuff
+ [68188cba90af]
+
+ * configure.in:
+ fixed S/Key support
+ [f6d9cbc36618]
+
+ * Makefile.in:
+ -I stuff now goes in CPPFLAGS
+ [7b8e53c5b046]
+
+ * check.c:
+ fixed SKey support
+ [52c1a5cf4435]
+
+ * README:
+ updated version
+ [bed6498a10bb]
+
+ * OPTIONS:
+ fixed description of EXEMPTGROUP
+ [cfeead55edc2]
+
+ * sudo.c:
+ more people use _RLD_ than just alphas...
+ [6a3c7090a6f6]
+
+ * Makefile.in:
+ replaced $man_prefix with $mandir
+ [dc4b36a550e2]
+
+ * configure.in:
+ fixed a typo
+ [a38a4acddcaf]
+
+ * Makefile.in:
+ now use more GNU'ish dir names
+ [c5498391a520]
+
+ * configure.in:
+ now set *dir correctly (can override from command line)
+ [523ff98fd438]
+
+ * sudo.c:
+ now deal with situations where we getwd() fails
+ [88a9e61dccbb]
+
+1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added etc_dir, bin_dir, sbin_dir
+ [75fd08d92842]
+
+ * configure.in:
+ added sbin_dir
+ [3cb318c0d8d1]
+
+ * Makefile.in:
+ now ship a flex-generated lex.yy.c
+ [4d083ed70dce]
+
+ * Makefile.in:
+ now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
+ [4d51dc9c3780]
+
+ * pathnames.h.in:
+ _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
+ [773fd163d52f]
+
+ * options.h:
+ no more error for redefining SUDOERS_OWNER
+ [4ba336644c6a]
+
+ * OPTIONS:
+ expanded SUDOERS_OWNER section
+ [12fae405759e]
+
+1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now warn if chown(2) failed
+ [d0d1db6e3a1f]
+
+ * logging.c:
+ better default warning for NO_SUDOERS_FILE
+ [5260b458ac64]
+
+ * sudo.c:
+ added missing set_perms() no more cryptic message if the sudoers
+ file is zero length, now just give a parse error
+ [b81ea724838a]
+
+ * logging.c:
+ better diagnostics if NO_SUDOERS_FILE
+ [877e878663c5]
+
+ * sudo.c:
+ check_sudoers() now catches sudoers files that are not readable (but
+ are stat'able).
+ [fea05663b3de]
+
+1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now add -D__STDC__ for convex cc (not gcc)
+ [c80fc53ff51b]
+
+ * configure.in:
+ MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
+ [fe238226a057]
+
+ * Makefile.in:
+ now uses exec_prefix & prefix from configure
+ [f62fca5f56bd]
+
+ * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
+ parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
+ utime.c, visudo.c:
+ options.h is now <> instead of "" so shadow build trees can have a
+ custom copy of options.h
+ [e6782676099c]
+
+ * check.c:
+ user_is_exempt() is no longer a hack, it now uses getgrnam()
+ [287f8d5356f7]
+
+ * options.h:
+ EXEMPTGROUP is now "sudo"
+ [61487304dbe1]
+
+ * configure.in:
+ MAN_POSTINSTALL now contains a leading space
+ [eaad4ac34012]
+
+ * Makefile.in:
+ removed leading tab if @MAN_POSTINSTALL@ not defined now removes
+ testsudoers in clean:
+ [e01711baceb8]
+
+ * tgetpass.c:
+ includes pwd.h to get _PASSWD_LEN definition
+ [8ec174f263f1]
+
+1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ unset the KRB_CONF envariable if using kerberos so we don't get
+ spoofed into using a bogus server
+ [2561a0274fca]
+
+1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ now explicately initialize match[] tp be FALSE
+ [0e45e5c47766]
+
+1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ removed unused variable now passes -Wall
+ [3452508bc16d]
+
+ * parse.yacc:
+ yyerror and dumpaliases are now void's now passes -Wall
+ [2769dfb51993]
+
+ * parse.lex:
+ added prototype for yyerror
+ [1f3f0c1b4ab4]
+
+ * check.c, logging.c, parse.c:
+ now passes -Wall
+ [eab57e5e81d2]
+
+ * interfaces.c:
+ rmeoved unused cruft now passes -Wall
+ [7a47e1866f4b]
+
+ * Makefile.in:
+ fixed headers that moved to emul dir
+ [e680c1e5049b]
+
+ * logging.c:
+ fixed deref of nil pointer if no args
+ [973b9bea432f]
+
+1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ added a caveat to FQDN section
+ [dcf6e2a5fff4]
+
+1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ more $srcdir support for install targets
+ [f6eac78436dd]
+
+ * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
+ strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
+ don't include malloc.h if we include stdlib.h
+ [fca2ff307cd8]
+
+ * parse.yacc:
+ local search.h now lives in emul
+ [51c458904424]
+
+ * check.c, utime.c:
+ local utime.h now lives in emul dir
+ [f92fc9e8c8de]
+
+ * lsearch.c:
+ local search.h now lives in emul
+ [579efc407439]
+
+ * Makefile.in:
+ added support for building in other than the sourcedir
+ [2ab53a43f7d4]
+
+1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ annotated CSOPS_INSULTS option
+ [9e57d45a0afa]
+
+ * TROUBLESHOOTING:
+ updated shadow passwords blurb
+ [39b785bc7253]
+
+ * sudo.c:
+ if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
+ passes along foo as the arguments
+ [a91077aa8fc5]
+
+1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ collapsed pathname and dir sections into one -- its now less
+ expensive
+ [89caa03bec25]
+
+ * parse.lex:
+ fixed spacing quoting [,:\\=] now works correctly append() and
+ fill() now take args to make the above work
+ [09d023d9ef3a]
+
+ * sudo.c:
+ fixed a typo that caused commands with no tty on fd 0 but a tty on
+ fd 1 to erroneously have "none" as their tty
+ [07d2c0e7977c]
+
+1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ timestampfile is now a global static removed decl of timestampfile
+ in remove_timestamp since we can just use the global one
+ [f0cbdc6aab1c]
+
+ * check.c:
+ created touch() to update timestamps added USE_TTY_TICKETS support
+ (bit of a kludge)
+ [cee1dd0318f8]
+
+ * compat.h:
+ added _S_IFDIR and S_ISDIR
+ [b4a51cc9628e]
+
+ * OPTIONS, options.h:
+ added USE_TTY_TICKETS
+ [b4e22f81f25e]
+
+ * parse.yacc:
+ removed const from casts for lsearch() & lfind() to placate irix 4.x
+ C compiler
+ [5003081f76ea]
+
+1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now only strip '/dev/' off of a tty if it starts with '/dev/'
+ [7f62bcd24039]
+
+ * pathnames.h.in:
+ added _PATH_DEV
+ [6375f44d1910]
+
+ * configure.in:
+ AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
+ have termios.h
+ [9c60391235fd]
+
+ * tgetpass.c:
+ fixed incorrect #ifdef termio uses "unsigned short" not int for
+ c_?flag
+ [d032e6a29845]
+
+ * parse.lex, parse.yacc:
+ fixed a spelling error
+ [cad6a944c7b1]
+
+ * Makefile.in:
+ fixed typo
+ [204a65403e7c]
+
+1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed a comment
+ [268f760e57ad]
+
+ * parse.yacc:
+ added dotcat() to cat 2 strings w/ a dot effeciently now that we
+ dynamically allocate strings they need to be free()'d
+ [ec2e2152f415]
+
+ * parse.lex:
+ dynamically allocates space for strings
+ [d10ac3533d66]
+
+ * sudo.h:
+ no more MAXCOMMANDLENGTH
+ [e2e1219bff8a]
+
+ * sudo.h:
+ added decl of tty
+ [c8ae81303ee5]
+
+ * logging.c, sudo.c:
+ moved tty stuff into sudo.c
+ [e028abefeb07]
+
+1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ fixed a logic bug. Was denying a command if user gave command line
+ args but there were none in the sudoers file which is wrong.
+ [7489a99b8e8a]
+
+ * sudo.h:
+ MAXCOMMMANDLEN dropped down to 1K
+ [38ef54ba290b]
+
+ * parse.lex:
+ return foo; -> return(foo);
+ [0e8be1b57001]
+
+ * parse.yacc:
+ fixed netgr_matches() prototype
+ [e69f15910464]
+
+ * parse.lex:
+ added support for escaping "termination" characters
+ [8bd4ef50f35c]
+
+ * parse.c:
+ buf is now of size MAXPATHLEN+1 since it never holds command args
+ [2ce4b763058c]
+
+ * sudo.c:
+ fixed comments
+ [0c74a3d2ebb0]
+
+ * goodpath.c:
+ fixed negation problem (doh!)
+ [782814e3a2d1]
+
+ * parse.yacc:
+ fixed 2nd parameter to lfind()
+ [63d7b1623c08]
+
+ * parse.lex:
+ now do bounds checking in fill() and append()
+ [54381b563251]
+
+ * sudo.c:
+ include netdb.h as we should added a missing void cast added
+ SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
+ realloc actually moved the string instead of shrinking it
+ [897ccdec9c06]
+
+ * sample.sudoers:
+ updated with examples of new features
+ [9b3ed00e8aa6]
+
+ * goodpath.c:
+ now set errno to EACCES if not a regular file or not executable
+ [2d069548a5ea]
+
+ * find_path.c:
+ if given a fully-qualified or relative path we now check it with
+ sudo_goodpath() and error out with the appropriate error message if
+ the file does not exist or is not executable
+ [590f89dd8dec]
+
+ * emul/search.h, lsearch.c:
+ now use correct args for lfind
+ [fccdcdbf020e]
+
+ * logging.c:
+ added a comment
+ [fab9f49708ea]
+
+ * insults.h:
+ added in CSOps insults
+ [ad8eb1862adc]
+
+ * ins_csops.h:
+ Initial revision
+ [de5a475ec018]
+
+ * tgetpass.c:
+ added RCS id
+ [c3ffd550a482]
+
+ * sudo.h:
+ increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
+ [aba25c90d08a]
+
+ * OPTIONS:
+ added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
+ [e27bd62e9ccf]
+
+ * sudo.c:
+ fixed -k load_interfaces() now gets called if FQDN is set
+ -p now works with -s
+ [07ca2a34bae8]
+
+ * parse.c:
+ don't try to stat() "pseudo commands" like "validate"
+ [75527045984b]
+
+ * options.h:
+ added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
+ [07b157a0eafd]
+
+ * configure.in:
+ added SecurID support added other insults to --with-csops
+ [6c992ceb244c]
+
+ * config.h.in:
+ added HAVE_SECURID
+ [e734ff617fe8]
+
+ * Makefile.in:
+ added clobber target added ins_csops.h now gets CFLAGS from
+ configure
+ [d1e29c7cec25]
+
+ * aclocal.m4:
+ relaxed SUDO_FULL_VOID
+ [fb4084f27406]
+
+ * visudo.c:
+ function comment blocks are now in same style as rest of code
+ [04a2931354c5]
+
+ * testsudoers.c:
+ added support for command line args in /etc/sudoers
+ [bfe4e1bcc655]
+
+ * sudoers.man:
+ updated to have command args in the sudoers file
+ [1cd34355e9ea]
+
+ * sudo.man:
+ added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
+ [930b48023b68]
+
+1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ PATH renamed to COMMAND
+ [4e109a6de3cd]
+
+ * parse.lex:
+ it is now a parse error for directories to have args attached to
+ them
+ [2ab10a146b54]
+
+ * logging.c:
+ now say command args if telling user to buzz off
+ [933de26ded8b]
+
+ * sudo.c:
+ -s no longer indicates end of args sped up loading on cmnd_args in
+ load_cmnd()
+ [eac99a4da862]
+
+ * parse.c:
+ removed an unreachable statement
+ [634302623c49]
+
+ * parse.lex:
+ made more efficient by pulling out the terminators when in GOTCMND
+ state and making them their own rule
+ [80798f1e1166]
+
+1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ removed MAXLOGLEN since it is no longer used
+ [102824196b71]
+
+ * parse.lex:
+ now allows command args
+ [d29dfa1e5254]
+
+ * parse.c:
+ now groks command arguments
+ [6c414cb7f105]
+
+ * logging.c:
+ now sets tty correctly when piped input
+ [de46a30c0406]
+
+ * sudo.c:
+ fixed loading of cmnd_args (was including command name too)
+ [15319a425ea6]
+
+ * logging.c:
+ fixed a core dump due to incorrect if construct
+ [582363c7d7fa]
+
+1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
+ [da591fe9b931]
+
+ * aclocal.m4:
+ fixed check for ISC
+ [52e59f2082a7]
+
+ * sudo.c:
+ now sets cmnd_args used by log_error() and that will be used by the
+ parse to check against command args
+ [c6804389723b]
+
+ * sudo.h:
+ added cmnd_args
+ [4d00446b4a8d]
+
+ * logging.c:
+ now dynamically allocate logline since we can guess at its size
+ [4bed8c8446aa]
+
+1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
+ "register" since the compiler knows more than I do now do a
+ "basename" of the tty
+ [3b1bbf0b3da1]
+
+1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ ++version
+ [5ce552f9a5f1]
+
+ * sudo.h:
+ added shell extern changed MODE_* to be bit masks to allow for
+ several options together
+ [06f9dc4f400c]
+
+ * sudo.c:
+ added -s (shell) option made MODE_* masks so we can do bitwise & and
+ | to see if multiple flags are set.
+ [01f8143010ad]
+
+ * check.c:
+ added securid support
+ [909e078005fe]
+
+1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ removed a bunch of unnecesary strncpy()'s and replaced with strcat()
+ [644506b57d61]
+
+1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, version.h:
+ ++version
+ [3cd6f1fbc3d9]
+
+1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed free() of an uninitialized pointer (yuck)
+ [8c404ee502ee]
+
+ * testsudoers.c:
+ added netgr_matches
+ [e7c9fa2f774c]
+
+ * parse.c:
+ cleaned up netgr_matches
+ [8108f00b810e]
+
+1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for 1.3.4
+ [4741704310a1]
+
+1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ now installs sudoers.man -- really should clean this up though.
+ [455631d45a1d]
+
+ * Makefile.in:
+ added sudoers.cat and sudoers.man
+ [0bdedd6c7363]
+
+ * sudo.man:
+ pulled out stuff on the sudoers file format into a separate man page
+ [de215d999cb9]
+
+ * sudoers.man:
+ Initial revision
+ [f25eafbb7095]
+
+ * HISTORY:
+ fixed up my email address
+ [254fbf80be74]
+
+ * configure.in:
+ added checks for innetgr and getdomainname
+ [24a99cb7e97e]
+
+ * visudo.c:
+ added dummy netgr_matches function
+ [1841ff2c01da]
+
+ * parse.c:
+ added netgr_matches
+ [ec90db6a97b8]
+
+ * parse.lex, parse.yacc:
+ added NETGROUP support
+ [c9dd93e3bc4b]
+
+ * config.h.in:
+ added HAVE_INNETGR & HAVE_GETDOMAINNAME
+ [14abd494d875]
+
+1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ rewrote clean_env() that has rm_env() builtin
+ [55cb43818a95]
+
+1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ now cast uid to long in sprintf
+ [b549eea40aeb]
+
+ * OPTIONS:
+ added _INSULTS suffix to HAL & GOONS end
+ [ed620d0aad30]
+
+ * options.h:
+ added _INSULTS suffix to HAL & GOONS
+ [9f72e9b83afd]
+
+ * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
+ converted to new scheme of insult "unions" end
+ [2f6d2b412132]
+
+ * sudo.c:
+ now uses MAX_UID_T_LEN
+ [c1df79e0f389]
+
+ * configure.in:
+ added SUDO_UID_T_LEN !l
+ [195f0b9f5f84]
+
+ * config.h.in:
+ added MAX_UID_T_LEN
+ [73f42ae4f14d]
+
+ * check.c:
+ now use MAX_UID_T_LEN
+ [df9c063234cb]
+
+ * aclocal.m4:
+ added check for max len of uid_t fixed sco vs. isc check
+ [d558f36d2223]
+
+1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ corrected version
+ [828dd1571e86]
+
+ * configure.in:
+ added sco support
+ [af1e2f616638]
+
+ * aclocal.m4:
+ hack to check for sco
+ [549ab99a9a43]
+
+ * interfaces.c:
+ removed #include <net/route.h> since it was hosing some OS's
+ [ac78a7c04005]
+
+1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ fixed prreadlink() prototype
+ [b380fe1f2b11]
+
+ * check.c:
+ added parens in #if's
+ [e96ade691b82]
+
+ * configure.in:
+ added SPW_ prefix
+ [a302683a1483]
+
+ * sudo.h:
+ moved SPW_* to config.h.in
+ [6b3be70e34cf]
+
+ * sudo.c:
+ added a set of parens
+ [8188d735d695]
+
+ * config.h.in:
+ added SPW_*
+ [5ead6371cf60]
+
+ * sudo.h:
+ added SPW_* reordered error codes
+ [dead25b4ed0a]
+
+ * check.c:
+ moved SPW_* to sudo.h
+ [ca51fb04caf4]
+
+1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [6b512b2bc5dc]
+
+ * logging.c:
+ GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
+ [defdd0944e2f]
+
+ * configure.in:
+ AUTH -> SECUREWARE
+ [d1f8a17001dd]
+
+ * check.c:
+ SPW_AUTH -> SPW_SECUREWARE
+ [af0e8d8b89b2]
+
+ * check.c:
+ now uses SHADOW_TYPE to make shadow pw support more readable and
+ modular. It's a start...
+ [8c2a59667014]
+
+ * configure.in:
+ added autodetection of shadow passwords
+ [85f81fa54b1b]
+
+ * sudo.c:
+ now uses SHADOW_TYPE define
+ [355e5dc09b07]
+
+ * config.h.in:
+ added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
+ [c0c06e83e483]
+
+ * aclocal.m4:
+ added SUDO_CHECK_SHADOW
+ [464301301639]
+
+1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
+ memmove() since we dno longer use it...
+ [8aefa87d7d31]
+
+ * CHANGES:
+ updated
+ [ce97b3fd7182]
+
+ * logging.c:
+ added BROKEN_SYSLOG support
+ [a45c3bca36f6]
+
+ * config.h.in:
+ added BROKEN_SYSLOG
+ [6f6abf0a6268]
+
+ * check.c:
+ now only bitch it timestamp > time_now + 2 * timeout to allow for a
+ machine udpating its time from a server
+ [546bc8d35325]
+
+ * sudo.man:
+ added 2 security notes updated Nieusma's email addr
+ [616756c56977]
+
+ * lsearch.c:
+ changed a memmove() to memcpy() since we don't have to worry about
+ overlapping segments.
+ [30baa478526b]
+
+1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ cleanup up the loop when interfaces are groped in so that it is
+ readable
+ [1fa39446bd69]
+
+ * Makefile.in, version.h:
+ ++version
+ [b46bd2b1770f]
+
+1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ annotated 124-126
+ [b82a2b3ec7ce]
+
+1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed permissions check on /tmp/.odus
+ [cc2431a65468]
+
+1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed some comments
+ [8896d09b4fda]
+
+ * check.c:
+ now checks owner & mode of timedir also checks for bogus dates on
+ timestamp file
+ [a0fad5df5b0a]
+
+ * OPTIONS:
+ updated TIMEOUT info
+ [033cc22d9e04]
+
+ * logging.c, sudo.h:
+ added BAD_STAMPDIR and BAD_STAMPFILE
+ [31d9ce691101]
+
+ * compat.h:
+ added definition of S_IRWXU
+ [ff2dab091a9b]
+
+ * CHANGES:
+ updated
+ [a40df90284f1]
+
+1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * interfaces.c:
+ added #ifdef to make it compile on strange arches
+ [4a127f12afce]
+
+1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed check for fulkl void impl.
+ [b6f2a4a361d8]
+
+ * check.c:
+ added mssing "static"
+ [520552f2772b]
+
+ * insults.h:
+ replaced #elif with #else #if constructs for ancient C compilers
+ [39ab2d365b57]
+
+ * INSTALL:
+ updated irix c2 & kerb5 info
+ [ae79b99b4905]
+
+ * configure.in:
+ added shadow pw support for irix
+ [632469d9c528]
+
+1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS, TODO:
+ updated
+ [2a96bb18ac30]
+
+ * CHANGES:
+ last changes for sudo 1.3.3
+ [c1c0cd1034b8]
+
+ * configure.in:
+ now calls SUDO_SOCK_SA_LEN
+ [14ea78159d45]
+
+ * config.h.in:
+ added HAVE_SA_LEN
+ [cc2a346aa905]
+
+ * aclocal.m4:
+ added SUDO_SOCK_SA_LEN
+ [456a2025644a]
+
+ * interfaces.c:
+ now works with ip implementations that use sa_len in sockaddr
+ [90be6e028077]
+
+ * INSTALL:
+ added note about buggy AIX compiler
+ [c0f6d427e4e4]
+
+ * interfaces.c:
+ now include sys/time.h for AIX
+ [2510858ab38b]
+
+1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ getcwd -> getwd
+ [66085ebca98e]
+
+ * interfaces.c:
+ now works for ISC and others. yay.
+ [f336d4ffc927]
+
+1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, version.h:
+ version++
+ [836cffc2078d]
+
+1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed test for full void impl
+ [fb004107e7b9]
+
+ * sudo.c:
+ now check to see that st_dev is non-zero before assuming that we are
+ being spoofed
+ [1b0e1c30c506]
+
+1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure.in:
+ SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
+ [4953379bfb01]
+
+1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4:
+ fixed include file order for SUDO_FUNC_UTIME_POSIX
+ [ff64ab7df44f]
+
+ * logging.c:
+ added cast for ttyname()
+ [444f05f56758]
+
+ * configure.in:
+ fixed typo
+ [de068e748431]
+
+ * check.c:
+ now deal correctly with all known variation of utime() -- yippe
+ [b778a4195a89]
+
+ * configure.in:
+ added SUDO_FUNC_UTIME_POSIX
+ [cf635f2269d6]
+
+ * aclocal.m4:
+ added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
+ [d79593be4b73]
+
+ * config.h.in:
+ added HAVE_UTIME_POSIX
+ [c67b4ac0dca5]
+
+ * check.c:
+ fixed a typo
+ [b14df5680f59]
+
+ * check.c:
+ no longer assume !HAVE_UTIME_NULL means old BSD utime()
+ [0aeaf4b2f38b]
+
+ * check.c:
+ fixed fascist C compiler warning
+ [c61ddf2f1f93]
+
+ * interfaces.c:
+ now set strioctl.ic_timout in STRSET() now initialize num_interfaces
+ to 0 (just to be anal)
+ [c54cc2ba0052]
+
+1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
+ [74cf585a54fb]
+
+ * logging.c:
+ added tty logging
+ [e27d8dcfbd78]
+
+ * interfaces.c:
+ reworked the ISC code
+ [bcf57ce8ae69]
+
+ * Makefile.in, version.h:
+ updated version
+ [032941c9b94d]
+
+ * check.c:
+ now expect old-style utime(3) if utime() can't take NULL as an arg
+ [018dd4a73030]
+
+ * configure.in:
+ added check for utime.h
+ [0b76e8feb618]
+
+ * config.h.in:
+ added HAVE_UTIME_H
+ [62ee42feda46]
+
+ * Makefile.in:
+ added CPPFLAGS STATIC_FLAGS -> LDFLAGS
+ [fa3201d294e1]
+
+ * configure.in:
+ now search for kerb libs and includes
+ [cc332401e571]
+
+ * check.c:
+ added support for utime(2)'s that can't take a NULL parameter
+ [98797fedf69f]
+
+ * utime.c:
+ moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
+ [6ce6d825fb44]
+
+ * configure.in:
+ added utime(s) stuff
+ [a2afb744403e]
+
+ * check.c:
+ now use utime()
+ [48902240a51e]
+
+ * config.h.in:
+ added HAVE_UTIME and HAVE_UTIME_NULL
+ [9a56ab65d4f4]
+
+1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * utime.c:
+ now use HAVE_UTIME_NULL
+ [e3944de09a92]
+
+ * emul/utime.h, utime.c:
+ Initial revision
+ [a2cbf2ef3427]
+
+ * check.c:
+ need to setuid(0) to make kerb4 stuff work.
+ [c6cfda4039d7]
+
+ * tgetpass.c:
+ no more special case for kerberos
+ [4a5c33145be9]
+
+ * config.h.in:
+ took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
+ emulation)
+ [a607ee43e650]
+
+ * compat.h:
+ no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
+ kerberos
+ [02fb274cc136]
+
+ * check.c:
+ now use private ticket file for kerberos support to avoid trouncing
+ on system one
+ [28d8b6b812c7]
+
+1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ added SPOOF_ATTEMPT & cmnd_st
+ [d3b42a1f4d0d]
+
+ * sudo.c:
+ added anti-spoofing support
+ [ab1e2aa44a57]
+
+ * parse.c:
+ now use global cmnd_st
+ [47018265a1a6]
+
+ * logging.c:
+ added SPOOF_ATTEMPT suypport
+ [7bbe9dd2a021]
+
+ * testsudoers.c, visudo.c:
+ added void casts where appropriate
+ [f191441ba333]
+
+ * parse.yacc:
+ fixed up spacing and added void casts where appropriate
+ [15d886fc809c]
+
+ * sudo.c:
+ fixed problem with "-p prompt" but no args
+ [6fc048261a3e]
+
+1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man:
+ added BUGS and annotated -l description
+ [e5c506de2603]
+
+ * sudo.h:
+ validate() now takes a flag
+ [26627becc60a]
+
+ * sudo.c:
+ validate() now takes a flag added -l
+ [a4f7bb97fe54]
+
+ * parse.yacc:
+ added support for -l
+ [e7a9b10b0ad3]
+
+ * parse.c:
+ validate() now takes a flag that says whether or not to check the
+ command
+ [9e1e67f4e281]
+
+1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ now deals with Argv == 1
+ [0acb637ab635]
+
+ * sudo.man:
+ added -p option
+ [e60382fc0561]
+
+ * sudo.c:
+ added prompt support reworked parse_args()
+ [2f605267ed4a]
+
+ * sudo.h:
+ added prompt
+ [5ab021bdb419]
+
+ * options.h:
+ added PASSPROMPT
+ [614727ff44a2]
+
+ * check.c:
+ now use BUFSIZ as length of kerb password added kpass so pass is
+ always a char * now use prompt global when asking for a password
+ [76be09af784f]
+
+ * tgetpass.c:
+ now use BUFSIZ as _PASSWD_LEN if using kerberos
+ [1e907eed312b]
+
+ * OPTIONS:
+ added PASSPROMPT
+ [ddb2f405ce40]
+
+1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ only look for -lufc or -lcrypt if crypt() not in libc
+ [9717d315661f]
+
+ * check.c:
+ don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
+ (unknown user) silently fail
+ [2b48693d4ee9]
+
+ * INSTALL:
+ added kerb4 note
+ [986e393f740c]
+
+ * tgetpass.c:
+ HAVE_KERBEROS -> HAVE_KERB4
+ [e438bfb5e6aa]
+
+ * check.c:
+ removed debugging printf
+ [1cf9f5cbffa5]
+
+ * configure.in:
+ KERBEROS -> KERB4 added checks for setreuid & setresuid
+ [01e9945beb1e]
+
+ * config.h.in:
+ HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
+ [0e0bb5b8ac3e]
+
+ * compat.h:
+ added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
+ with setresuid if applic
+ [9dae24c47696]
+
+ * check.c:
+ HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
+ no setreuid() or a broken one
+ [1fca642bdb8e]
+
+1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added kerberos support
+ [da5639b9b8e7]
+
+ * config.h.in:
+ added HAVE_KERBEROS
+ [fcc5be550e65]
+
+ * tgetpass.c:
+ added KERBEROS support (long passwords)
+ [303ba6924dd2]
+
+ * check.c:
+ added kerberos support
+ [e40afe98fc1d]
+
+1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ added MODE_BACKGROUND
+ [9b483c932016]
+
+ * sudo.man:
+ escaped dashes added -b option
+ [62e84f1a7714]
+
+ * sudo.c:
+ added -b option
+ [7e78aaefeb95]
+
+ * check.c:
+ added crypt() for osf/1 3.x enhanced secuiry
+ [e9aa5abdb7d5]
+
+ * configure.in:
+ now check for -lcrypt
+ [5cb9c67e9fa2]
+
+ * interfaces.c:
+ added ENXIO like EADDRNOTAVAIL
+ [74223bb1ba75]
+
+1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now emulate getwd(), not getcwd()
+ [3e5439d9a5f4]
+
+ * sudo.c:
+ getcwd() -> getwd()
+ [6392a96a658e]
+
+ * getwd.c:
+ getcwd -> getwd
+ [1b0ab9bae11e]
+
+1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ins_2001.h, ins_classic.h, ins_goons.h:
+ Initial revision
+ [86db60d8cf00]
+
+ * insults.h:
+ broke out insults into separate include files
+ [0a01993bd38a]
+
+ * OPTIONS, options.h:
+ added GOONS
+ [e283203c6515]
+
+ * Makefile.in:
+ added ins_2001.h ins_classic.h ins_goons.h
+ [2a39cd6a4cd2]
+
+ * Makefile.in, version.h:
+ ++version
+ [05ebf4f5e41a]
+
+ * visudo.c:
+ moved signal handler setup to setup_signals()
+ [3dd976c04540]
+
+ * sudo.h:
+ added load_interfaces()
+ [af2d473b09e2]
+
+ * sudo.c:
+ moved load_interfaces to interfaces.c
+ [5c8c138e5d4c]
+
+ * parse.yacc:
+ added clearaliases
+ [aeb4ff301daa]
+
+ * OPTIONS, options.h:
+ added FAST_MATCH
+ [f49ea3d1b525]
+
+ * parse.lex:
+ now uses clearaliases variable
+ [a2dda415bf61]
+
+ * interfaces.c:
+ Initial revision
+ [a1990e3f5c69]
+
+ * Makefile.in:
+ added interfaces.[co]
+ [1e8e5984de97]
+
+ * testsudoers.c:
+ now uses ip addrs and netmasks via load_interfaces()
+ [54b8f7a6835e]
+
+ * sudo.c:
+ now remove IFS instead of setting to "sane" value
+ [ce7eec9f115e]
+
+1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.c:
+ added FAST_MATCH
+ [816d4f5fe81a]
+
+1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ sudo_goodpath.c-> goodpath.c
+ [a5072c4e1de2]
+
+ * sudo.c:
+ added Andy's new ISC changes
+ [caa6bbee358e]
+
+1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ added a sentence to SECURE_PATH info
+ [cad6e1569d15]
+
+ * BUGS:
+ added one
+ [4b35cf699a83]
+
+ * CHANGES:
+ updated
+ [5fded9dc62f0]
+
+ * RUNSON:
+ updated
+ [33cb993cfd39]
+
+1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * RUNSON:
+ updated for beta3
+ [a05dc6a91995]
+
+ * Makefile.in, version.h:
+ ++version
+ [54aaf3fadc75]
+
+ * aclocal.m4:
+ sendmail is now looked for in /usr/ucblib
+ [231ac1a4662f]
+
+ * sudo.c:
+ fixed indentation
+ [fb137400c8c2]
+
+ * aclocal.m4:
+ fixed a typo
+ [e03f1acc468b]
+
+ * sudo.c:
+ updated ISC mods
+ [070290d4754b]
+
+ * configure.in:
+ added unixware case
+ [e90250bae0d9]
+
+ * check.c:
+ user_is_exempt is no longer hidden
+ [1a341765b8af]
+
+ * RUNSON:
+ updated
+ [a9c4898b26dd]
+
+ * aclocal.m4:
+ isc and riscos changes
+ [98b5d86585d1]
+
+ * OPTIONS:
+ added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
+ [e1ecc464ce4b]
+
+ * Makefile.in:
+ fixed a typo and added testsudoers stuff
+ [435d60e163dc]
+
+ * testsudoers.c:
+ Initial revision
+ [6ce14a448662]
+
+1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ applied fixed patch from Chris
+ [cd6144203d13]
+
+1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ fixed a typo
+ [34f8a54ba041]
+
+ * parse.yacc:
+ added a set of braces for bison
+ [f0e43b938914]
+
+ * parse.yacc:
+ merged in Chris' changes to dekludge the parser.
+ [82d6e373ab1c]
+
+ * logging.c:
+ send_mail() was calling find_path() which is wrong since find_path()
+ stores cmnd in a static var. Anyhow, it doesn't make much sense
+ since MAILER should always be fully qualified
+ [6eae6a0b8098]
+
+1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ added User_Alias stuff
+ [aaba8c8e918d]
+
+ * aclocal.m4:
+ SUDO_NEXT now looks for /usr/lib/NextStep/software_version
+ [52bd81f34b32]
+
+ * RUNSON:
+ added DEC UNIX 3.0 w/ gcc
+ [7daf570775b5]
+
+ * visudo.c:
+ Exit was being used in places where exit should be used
+ [6026a89c07ed]
+
+ * sudoers:
+ added "User alias specification"
+ [a487b6e234f8]
+
+ * parse.yacc:
+ fixed probs caused by making nslots and naliases a size_t
+ [0be919384f3f]
+
+ * RUNSON:
+ added KSR, upped rev to 1.3.1b2
+ [ce04ee6faadf]
+
+ * logging.c, parse.yacc:
+ 1024 -> BUFSIZ
+ [cd6dda45fa11]
+
+ * parse.yacc:
+ void * -> VOID * naliases and nslots are now size_t to appease
+ lsearch on 64-bit machines
+ [bf2f807c0dc1]
+
+1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ did a bunch of things and added a bunch :-)
+ [42afd957b829]
+
+ * PORTING:
+ updated
+ [972f95c85776]
+
+ * visudo.man:
+ closer to BSD manpage style
+ [07ae88f50325]
+
+ * sudo.man:
+ closer to standard BSD man format
+ [372c28dcc135]
+
+ * compat.h, config.h.in, emul/search.h, insults.h, options.h,
+ pathnames.h.in, sudo.h, version.h:
+ added RCS id
+ [c0ec90b81002]
+
+ * sudo.h:
+ removed crufty #defines that are no longer used
+ [35e2b4b477f0]
+
+ * BUGS:
+ fixed a bug
+ [5bb3e1bee85e]
+
+ * sudo.man:
+ updated based on sudo changes
+ [e65de1cae438]
+
+ * parse.yacc:
+ now allow ALL keyword in User_Aliases now allow ALL keyword as well
+ as a NAME or ALIAS
+ [1fb31404dd0f]
+
+ * CHANGES:
+ updated
+ [b24018ac610b]
+
+ * sudo.c:
+ now sets SUDO_COMMAND and SUDO_GID envariables.
+ [e9d791557fb7]
+
+ * aclocal.m4:
+ fixed bug with full void impl check
+ [35715301023c]
+
+ * parse.yacc:
+ fixed User_Alias supoprt
+ [4c30dfbaaa07]
+
+ * parse.yacc:
+ added stubs for User_Alias support
+ [f4afbd247edf]
+
+ * sudo.c:
+ now sets removes # bogus interfaces from num_interfaces
+ [6f077fac9ab1]
+
+ * parse.lex:
+ added User_Alias support
+ [bc7997e5df85]
+
+1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ removed extraneous TODO
+ [bc87a3b14d6d]
+
+1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ ntwk_matches -> addr_matches
+ [475044e288b8]
+
+ * parse.yacc:
+ ntwk_matches -> addr_matches
+ [dd1f4093fd2d]
+
+ * parse.c:
+ ntwk_matches -> addr_matches now use inet_addr() not inet_network()
+ (which expects octet boundaries) fixes for OSF (sizeof(int) !=
+ sizeof(long))
+ [acd2f556940f]
+
+ * sudo.c:
+ took out debugging info
+ [044023063eca]
+
+ * aclocal.m4:
+ OS was being set to unknown before non-uname based host checks. This
+ caused no checks to happen since $OS was not zero-length.
+ [335a7267479d]
+
+ * sudo.c:
+ fixed loading of interfaces struct still has debugging info in
+ though
+ [2d1a18998c1e]
+
+ * parse.c:
+ fixed typo
+ [175674a3a9fa]
+
+1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version
+ [55d191b5daa3]
+
+ * version.h:
+ ++
+ [d7d1f115696a]
+
+ * visudo.c:
+ removed extraneous extern decl of "top
+ [50355621047d]
+
+ * visudo.c:
+ now zeros "top"
+ [4e683210345b]
+
+ * parse.yacc:
+ removed parser_cleanup (no need for it now)
+ [afa59f222b6c]
+
+ * parse.lex:
+ now calls reset_aliases() directly
+ [3a23cbd60fc0]
+
+1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * OPTIONS:
+ added a sentence to SECURE_PATH description
+ [c5bf75b85af0]
+
+ * parse.c:
+ fixed my stupid bug where I used NAMLEN on something I wanted to
+ just get the name from. argh.
+ [111f460f6540]
+
+1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lsearch.c:
+ fixed argument order of memmove() that i hosed when converting from
+ bcopy(). arghh.
+ [2f5336045c8b]
+
+ * Makefile.in:
+ finally fixed DISTFILES line
+ [a1b419e73a63]
+
+ * Makefile.in:
+ tabs -> spaces
+ [280fb03e5764]
+
+ * Makefile.in:
+ added missing files to DISTFILES
+ [991fc1cd2263]
+
+ * Makefile.in:
+ SUPPORTED -> RUNSON
+ [7580e65b05fb]
+
+1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ updated
+ [fe764a29c1cc]
+
+ * RUNSON:
+ updated for pl5b1 release
+ [aefc35bd2291]
+
+ * BUGS, TODO:
+ updated
+ [8f0ea249b687]
+
+ * check.c:
+ fixed bug where if you hit return at first sudo prompt it would
+ still log as a failure
+ [24539c854692]
+
+ * CHANGES:
+ updated
+ [251cc7b3ede4]
+
+ * aclocal.m4:
+ better test for bogus void * implementation
+ [efe23180cb88]
+
+ * logging.c:
+ added PASSWORDS_NOT_CORRECT
+ [bd12c73f83f7]
+
+ * check.c:
+ added PASSWORDS_NOT_CORRECT stuff]
+ [90de391a979f]
+
+ * sudo.h:
+ added PASSWORDS_NOT_CORRECT
+ [727fbeb76fc5]
+
+ * tgetpass.c:
+ moved pathnames.h
+ [4f910e5a8df7]
+
+ * sudo.c:
+ removed some unused vars and fixed up uid2str
+ [70e92c7f9076]
+
+ * putenv.c:
+ moved compat.h
+ [b271091586f6]
+
+ * getcwd.c, getwd.c:
+ added pathnames.h
+ [6f25218f133f]
+
+1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ fixed a typo I introduced in the last checkin :-(
+ [62c3af75c4fe]
+
+ * parse.lex:
+ can't have #ifdef's where N is defined so just do this the broken
+ way for AIX
+ [c5648a5594e4]
+
+ * parse.yacc:
+ better hack from Chris (but still a hack)
+ [6b6d8aed93f3]
+
+ * parse.lex:
+ stupid hack for broken aix lex
+ [efc3f9e5280e]
+
+ * tgetpass.c:
+ now includes compat.h 
+ [401822173f77]
+
+ * visudo.c:
+ now includes fcntl.h
+ [63865c2f8ac6]
+
+ * compat.h:
+ added FD_SET and FD_ZERO for 4.2BSD
+ [00c5597c0bb0]
+
+ * parse.yacc:
+ dirty hack to fix parser bug. i don't really like this but it works
+ for now...
+ [5b8bbdc81569]
+
+ * sudo.c:
+ uid2str is now static like the prototype says
+ [f2a97b5cb870]
+
+1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
+ updated
+ [6f79c3e92716]
+
+ * RUNSON:
+ Initial revision
+ [12a09ef9e884]
+
+ * sudo.c:
+ check_sudoers now returns an error code and sudo calls inform_user
+ and log_error based on the return value.
+ [340eca188d9a]
+
+ * logging.c, sudo.h:
+ added entries for new errors
+ [6050d8542e1f]
+
+ * parse.c:
+ now set uid to that of SUDOERS_OWNER while parsing sudoers file
+ [3683c42bc9b0]
+
+ * Makefile.in:
+ took out testsudoers 
+ [65317d49db48]
+
+ * sudo.c:
+ now explicately checks that it is setuid root
+ [2fe1be60ef6a]
+
+ * sudo.c:
+ If a user has no passwd entry sudo would segv (writing to a garbage
+ pointer). Now allocate space before writing :-)
+ [d08e7eb5e5ef]
+
+ * configure.in:
+ reordered AC_CHECK_FUNCS
+ [4c82e56c6f4f]
+
+ * config.h.in:
+ fixed memset macro
+ [77ede6b714ab]
+
+ * tgetpass.c, visudo.c:
+ bzero -> memset
+ [1a005bb322c8]
+
+ * logging.c:
+ bzero -> memset when a parse error is logged the line number of the
+ error is now logged too
+ [a42d68047723]
+
+ * INSTALL:
+ added Sunos to blurb about c2 security
+ [af750a1d131e]
+
+ * configure.in:
+ added a SUN4 define for C2 security
+ [6ad5b23a3eb0]
+
+ * config.h.in:
+ bcopy -> memmove bzero -> memset
+ [5494460c8464]
+
+ * lsearch.c:
+ bcopy -> memmove char * -> VOID *
+ [a15f5c316e16]
+
+ * check.c:
+ added support for sunos with C2 security
+ [03fea5bb21e6]
+
+ * OPTIONS, options.h:
+ reordered
+ [1686265af3e1]
+
+ * pathnames.h.in:
+ _PATH_SUDO_LOGFILE now set based on configure
+ [5867b58e4a04]
+
+ * configure.in:
+ added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
+ [1984d9fd1b5c]
+
+ * config.h.in:
+ added _SUDO_PATH_LOGFILE
+ [dd3eebe62580]
+
+ * aclocal.m4:
+ added SUDO_LOGFILE to find where to put sudo.log added
+ SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
+ SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
+ [c589a515a99a]
+
+1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TROUBLESHOOTING:
+ Initial revision
+ [f42f1baba3a8]
+
+ * sudo.c:
+ now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
+ to work around a problem is trusted hpux shadow passwords. yuck.
+ [ae1f13b54687]
+
+ * parse.yacc:
+ backed out a change in malloc/realloc
+ [ab868db0ad69]
+
+ * parse.yacc:
+ now include stdlib.h
+ [957eef0631eb]
+
+ * visudo.c:
+ now do an freopen() of the stmp file so that yyin will always point
+ to the same thing. This is important for flex since we are doing a
+ YY_NEWFILE
+ [44558922fd3e]
+
+ * parse.yacc:
+ replaced yywrap() with parser_cleanup() since yywrap() needs to be
+ in parse.lex to be able to use YY_NEW_FILE. sigh.
+ [12dd09921074]
+
+ * parse.lex:
+ now have a rule that matches anything that doesn't match an
+ explicite rule. well, you know what i mean (. matches anything not
+ yet matched). However, this means that there is input still queued
+ up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
+ into parse.lex and it calls parser_cleanup() which is most of the
+ old yywrap() sigh.
+ [7f4042bc48d6]
+
+ * SUPPORTED:
+ no longer used
+ [8f220be4da94]
+
+ * getcwd.c, getwd.c:
+ moved compat.h to be the last include file
+ [9f3a65e2d485]
+
+ * parse.yacc:
+ fixed type of aliascmp() args
+ [1c27eb989bdf]
+
+ * find_path.c:
+ NULL -> '\0'
+ [5c8d8cf1692e]
+
+ * parse.yacc:
+ added casts to lfind and lsearch args for irix
+ [61027ddeecf8]
+
+ * Makefile.in:
+ bsdinstall -> install-sh
+ [61de6612c5a5]
+
+ * INSTALL:
+ added info about make realclean
+ [29c6324d727f]
+
+ * Makefile.in:
+ updated VERSION added dependencies for visudo.cat
+ [09077d7229d4]
+
+ * version.h:
+ -> pl5b1
+ [5d21c7ad1a41]
+
+ * sudo.c:
+ took out -l
+ [fc1478d81b38]
+
+ * Makefile.in:
+ now there is a real visudo.man and visudo.cat
+ [58aeac43a6dd]
+
+ * sudo.man:
+ took out visudo stuff
+ [4a6ac4393343]
+
+ * visudo.man:
+ Initial revision
+ [cba348843db8]
+
+ * parse.c, parse.lex, parse.yacc:
+ updated copyright
+ [ffa16b70944a]
+
+ * README:
+ updated for pl5
+ [a26e423e9e5f]
+
+ * sudo.man:
+ updated Nieusma & Hieb email addresses
+ [f0083e71989d]
+
+ * INSTALL:
+ updated to include options.h and OPTIONS
+ [ee59e2b76c94]
+
+ * CHANGES, TODO:
+ updated
+ [51e011ad5220]
+
+ * BUGS:
+ eliminated bug #1 (yay)
+ [e7e88515494e]
+
+ * configure.in:
+ sunos no longer gets linked statically
+ [2e5b3ff3108f]
+
+1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ prototype now uses __P()
+ [68ecdcab4c70]
+
+ * parse.lex:
+ make fill() non-ansi
+ [d6509972260b]
+
+ * parse.c:
+ made -v (validate) work
+ [13c9d520638c]
+
+ * logging.c:
+ now gives host
+ [f04859cdba5a]
+
+ * find_path.c:
+ don't check for execute/statable if fq or relative path given
+ [4bbe851f3973]
+
+ * parse.c:
+ added a cast
+ [345c308f72f3]
+
+ * visudo.c:
+ now include ctype.h for islower and tolower macros
+ [582c0aa332d5]
+
+ * goodpath.c:
+ moved _S_IFMT & _S_ISREG to compat.h
+ [828e4ca4e7b4]
+
+ * sudo.c:
+ moved a set of parens
+ [5783474ecf37]
+
+ * strdup.c:
+ now include compat.h
+ [75e2036b94af]
+
+ * emul/search.h:
+ void * -> VOID *
+ [cedcfaf04161]
+
+ * parse.yacc:
+ now cast malloc & realloc return vals added search for HAVE_LSEARCH
+ now use strcmp if no strcasecmp available
+ [d6a42bc3d4ae]
+
+ * lsearch.c:
+ void * -> VOID *
+ [886adc44f607]
+
+ * config.h.in:
+ removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
+ HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
+ [3b50d7fb4349]
+
+ * compat.h:
+ added _S_IFMT, _S_IFREG, and S_ISREG
+ [73d506c7d53c]
+
+ * aclocal.m4:
+ took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
+ to most SUDO_* macros
+ [8442155f5936]
+
+ * Makefile.in:
+ no more -I.
+ [63462f195bd4]
+
+ * configure.in:
+ various 1.x ro 2.x autoconf changes now check for strcasecmp now use
+ AC_INSTALL_PROG instead of custom one added check for fully woorking
+ void implementation
+ [5ac6b6e6230f]
+
+ * Makefile.in:
+ added lsearch & search.h visudo links into $(LIBOBJS)
+ [bc119cda4598]
+
+ * aclocal.m4:
+ partial 1.x to 2.x changes added SUDO_FULL_VOID
+ [1194d01fa5c5]
+
+ * visudo.c:
+ whatnow_help was prototyped to be static be was not declared as such
+ [0f85489dd426]
+
+ * configure.in:
+ autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
+ for dirent/dir/ndir.h
+ [7408f3854948]
+
+ * parse.c:
+ now use groovy gnu autoconf macro AC_HEADER_DIRENT
+ [e465db9f5dfa]
+
+ * getcwd.c, getwd.c:
+ MAXPATHLEN -> MAXPATHLEN+1
+ [714d87424e21]
+
+ * emul/search.h, lsearch.c:
+ Initial revision
+ [55d79482c535]
+
+1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ eliminated bison warnings
+ [61ca0a96da22]
+
+ * parse.lex:
+ added missing case
+ [6be0f849747c]
+
+ * visudo.c:
+ now iincludes signal.h
+ [221e0fcc144f]
+
+ * parse.yacc:
+ only clear data structures on a parse error
+ [7b1c0f1a4527]
+
+ * visudo.c:
+ whatnow() now gives help on invalid input
+ [e5a4cd88c587]
+
+ * visudo.c:
+ added a whatnow() function (sort of like mh)
+ [932d9b145f1c]
+
+ * parse.yacc:
+ kill_aliases -> reset_aliases yywrap() now cleans up by calling
+ reset_aliases() and clearing top took reset stuff out of yyerror()
+ since it doesn't beling there (and doesn't work anyway). errorlineno
+ is now initially set to -1 so we can set it to the first error that
+ occurrs (it was getting set to the last)
+ [2f71f95a974c]
+
+ * parse.lex:
+ added a void cast
+ [18ae6042dce4]
+
+ * visudo.c:
+ rewrote from scratch based on 4.3BSD vipw.c
+ [2f6814f18576]
+
+1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c, sudo.h:
+ removed ocmnd
+ [a31735f41ad4]
+
+ * sudo.h:
+ no more sudo_realpath() and find_path() changed params
+ [8e85c3b39159]
+
+ * sudo.c:
+ find_path() changed since no more realpath()
+ [b25366c7f2ee]
+
+ * parse.yacc:
+ on error, errorlineno is set to the line where the error occurred
+ added kill_aliases() to free the aliases struct now clean up in
+ yyerror() so we can reparse cleanly
+ [2342f578c27a]
+
+ * options.h, parse.c:
+ no more USE_REALPATH
+ [cfc59babeaff]
+
+ * logging.c:
+ changed to use new find_path()
+ [91c7a38e7751]
+
+ * find_path.c:
+ removed all the realpath() stuff
+ [cc21a43a8562]
+
+ * Makefile.in:
+ sudo_realpath.c -> sudo_goodpath.c
+ [03a9b1ddec2f]
+
+ * visudo.c:
+ now works correctly with utk parser
+ [08aa554a0ce8]
+
+ * goodpath.c:
+ Initial revision
+ [1ea607e1ffb2]
+
+ * sudo_realpath.c:
+ eliminated a compiler warning
+ [198bcccc55b6]
+
+ * sudo.c:
+ elinated compiler warning
+ [e2384f9a878b]
+
+ * sudo_realpath.c:
+ added sudo_goodpath()
+ [43878c4cc540]
+
+ * sudo.h:
+ added prototype for sudo_goodpath
+ [23e8627a2265]
+
+ * parse.c:
+ added support for /sys/dir.h
+ [eca897087741]
+
+ * options.h:
+ USE_REALPATH turned off
+ [620ac8b63d85]
+
+ * find_path.c:
+ added calls to sudo_goodpath()
+ [ad170904fbcd]
+
+ * configure.in:
+ added check for dirent.h
+ [7964a8c26855]
+
+ * config.h.in:
+ added HAVE_DIRENT_H
+ [1f785fec7e19]
+
+ * configure.in:
+ added in linux shadow pass stuff 
+ [e585a5785f50]
+
+1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ added back host, user, cmnd, parse_error
+ [0ec19f3d64f4]
+
+ * visudo.c:
+ added in utk changes plus some minor cosmetic changes
+ [c5c1921c8a58]
+
+ * sudo.c, sudo_realpath.c:
+ added void casts for printf's
+ [9c6ff11c0082]
+
+ * options.h:
+ added a define of USE_REALPATH
+ [db3711c9efc5]
+
+ * configure.in:
+ there is no more visudoers/Makefile
+ [36e1bc1f78d0]
+
+ * Makefile.in:
+ added in utk changes (visudo is now built from the toplevel)
+ [76203d4b345d]
+
+ * find_path.c:
+ added (void) casts to printf's
+ [dd5cb1e060ac]
+
+ * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
+ merged in utk changes
+ [35563307fd8e]
+
+1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now check to see that what we are trying to run is a file (or a link
+ to a file, we do a stat(2) so there is no diff)
+ [05889c4bcace]
+
+1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [3e8047bb26fb]
+
+ * Makefile.in:
+ aclocal.m4 -> acsite.m4 make realclean updated for new autoconf 
+ [0bdbaa7c4c7d]
+
+ * sudo.man:
+ added myself as maintainer
+ [77a9d75aab84]
+
+1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ changed setegid -> setgid
+ [7f4788d73b6f]
+
+1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ fixed the test for irix 5.x to skip bad libs
+ [bfef896de013]
+
+ * aclocal.m4:
+ now initialize OS and OSREV
+ [cc302756e440]
+
+1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ irix5 changes
+ [ac985b23f5f2]
+
+ * configure.in:
+ AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
+ compatibility
+ [0cf8c92a06d7]
+
+1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
+ thing wrt yyrestart (grrrr)
+ [18e8eabfbb82]
+
+1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added visudoers/compat.h to DISTFILES
+ [db23b574b034]
+
+ * configure.in:
+ fixed an echo
+ [7cbc0462b89d]
+
+ * sudo.c:
+ added ocmnd declaration adjusted for find_path()'s new parameters
+ [d929cd156474]
+
+ * sudo.h:
+ added ocmnd extern adjusted find_path() prototype
+ [e0004daf5d3c]
+
+ * parse.c:
+ cmndcmp() now takes 3 arguments and checks against the qualified as
+ well as the unqualified pathname. more code that should use
+ cmndcmp() but did not, now does
+ [6f70a8c17bee]
+
+ * options.h:
+ added to a comment
+ [7a78680426b2]
+
+ * logging.c:
+ changed to use new find_path() parameter passing
+ [840981d30db4]
+
+ * find_path.c:
+ find_path() now takes 2 copyout parameters (one for the qualified
+ pathname and one for the unqualified pathname). The third parameter
+ may be NULL.
+ [851503b005e9]
+
+ * configure.in:
+ no longer munge pathnames.h
+ [427d8796c5a9]
+
+ * pathnames.h.in:
+ changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
+ as a result, pathnames.h does not need to be run through configure
+ and the user can override the configured values easily.
+ [2e378f2ebe88]
+
+ * config.h.in:
+ added _SUDO_PATH_* entries
+ [0857de7cebab]
+
+ * aclocal.m4:
+ _PATH* -> _SUDO_PATH_*
+ [7601193f56cc]
+
+ * Makefile.in:
+ updated DISTFILES and HDRS .o's now depend on config.h
+ [39d8601965cf]
+
+1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat.h:
+ removed extraneous #endif
+ [27d4c5f2ce7e]
+
+ * aclocal.m4:
+ added SUDO_PROG_MV
+ [76dda3bdd816]
+
+ * configure.in:
+ added SUDO_PROG_MV added riscos and isc os types took out
+ -DSHORT_MESSAGE from --with-csops since it is now the default
+ [68c206ad976e]
+
+ * sudo.c:
+ move the include of id.h to compat.h now includes options.h
+ [45a1eaafb3a8]
+
+ * sudo.h:
+ moved compatibility #defines to compat.h
+ [0eee27057698]
+
+ * pathnames.h.in:
+ added _PATH_MV
+ [e830797ab320]
+
+ * config.h.in:
+ move __P to compat.h
+ [188e12e0ba93]
+
+ * getcwd.c, getwd.c, putenv.c:
+ now includes compat.h
+ [c72cb6d73981]
+
+ * compat.h:
+ Initial revision
+ [d4d2f359ae03]
+
+1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ pull user-configurable stuff out and put in options.h
+ [ef929467b070]
+
+1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex, parse.yacc, visudo.c:
+ now includes options.h
+ [e36d7c82add1]
+
+ * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
+ sudo_setenv.c:
+ now includes options.h
+ [f186ba03de07]
+
+ * Makefile.in:
+ added visudoers/options.h
+ [e5350c476494]
+
+ * OPTIONS, options.h:
+ Initial revision
+ [9b6b5001e318]
+
+ * Makefile.in:
+ added OPTIONS and options.h
+ [25448341e16a]
+
+ * logging.c:
+ changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
+ [5dd6385dd1d3]
+
+ * check.c, sudo.h:
+ changed PASSWORD_TIMEOUT to minutes
+ [0ec6aab98738]
+
+1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now only do Editor +line_num if line_num != 0
+ [b69f04b5e3c7]
+
+1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now use mv if rename(2) fails
+ [83210dca1bab]
+
+ * BUGS:
+ added a visudo bug
+ [d61a806f9aa7]
+
+ * check.c:
+ expanded comment
+ [641f2cba94cb]
+
+1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
+ [7a11135039a8]
+
+1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added mips & isc support
+ [e258dc053119]
+
+ * parse.c:
+ added support for non-root owned sudoers file
+ [fea07e65a0fc]
+
+ * check.c:
+ added exempt group support
+ [928fb4bd9ad5]
+
+ * sudo.h:
+ added set_perms() support added SUDOERS_OWNER so can have non-root
+ own sudoers file added exempt group support added isc support
+ [61c578d31fc1]
+
+ * visudo.c:
+ now copy sudoers to temp file via read/write (not stdio) now chown
+ new sudoers file to SUDOERS_OWNER
+ [a5176c59df70]
+
+1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added skey support
+ [35a8d2fabdb7]
+
+ * sudo_realpath.c:
+ be_* -> setperms()
+ [a1631d686e1c]
+
+ * sudo.h:
+ fixed typo added set_perms support added skey support added
+ seteuid()/setegid() emulation for AIX
+ [c0c8d6771406]
+
+ * sudo.c:
+ be_* -> setperms() now check to make sure sudoers file is owned by
+ root nread/write by only root
+ [13ab1e261f1a]
+
+ * logging.c, parse.c:
+ be_* -> setperms()
+ [21499d845c8f]
+
+ * check.c:
+ be_* -> set_perms() added skey support
+ [df51b56871c1]
+
+1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version
+ [3c1abbe4e43c]
+
+ * version.h:
+ ++
+ [1d2f9b540a95]
+
+1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now sets IFS
+ [eabbb41b9f08]
+
+ * insults.h:
+ fixed typo
+ [c7997f19216e]
+
+1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ added HAVE_SKEY
+ [da948ec4186b]
+
+1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [f4b55ab007ea]
+
+ * Makefile.in:
+ ++version
+ [0489068b8c95]
+
+ * version.h:
+ ++
+ [d189faedf423]
+
+ * sudo.c:
+ now bail if ARgv[1] > MAXPATHLEN
+ [0cea8ecc9dc2]
+
+ * configure.in:
+ added function check for tcgetattr(3)
+ [e03289b22c2f]
+
+ * config.h.in:
+ only define HAVE_TERMIOS_H if you have tcgetattr(3)
+ [757eab83d1a2]
+
+ * config.h.in:
+ added check for tcgetattr
+ [c5ae92715930]
+
+1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [cbc419883108]
+
+1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ now only include unistd.h for linux
+ [e9adeab95ef0]
+
+1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ added visudo.8 generation
+ [d6a3f0f887f8]
+
+ * configure.in:
+ added -Wl,-bI:./aixcrypt.exp to aix flags
+ [72594a21edcf]
+
+1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ added one
+ [9993a349e096]
+
+ * CHANGES:
+ updated
+ [297b31ec4cdd]
+
+ * README:
+ added mailing list info
+ [10372f94a2b2]
+
+ * parse.yacc:
+ now use sudolineno instead of yylineno fixed bison warnings
+ [25a83e62057b]
+
+ * configure.in:
+ now use -no_library_replacement for osf don't make a static binary
+ for hpux >= 9.0
+ [1fa7b892f1a3]
+
+ * tgetpass.c:
+ added string.h/strings.h inclusion
+ [71faa98fc0a1]
+
+ * config.h.in:
+ added ssize_t def
+ [406284bd1ac0]
+
+ * parse.lex:
+ added inclusion of string.h/strings.h
+ [6985b1df5d09]
+
+ * aclocal.m4:
+ fixed uname | sed (needed to quote the '[')
+ [4cd2d3415c1a]
+
+ * parse.lex:
+ replaced yylineno with sudolineno fixed bison syntax errors
+ [0bd31a5fab26]
+
+ * visudo.c:
+ changed yylineno to sudolineno since yylineno cannot be counted
+ upon.
+ [38c30104d0ae]
+
+ * TODO:
+ updated
+ [5d4746f1a752]
+
+ * parse.c:
+ added code to support command listings
+ [030172e133fd]
+
+ * sudo.c:
+ added code for -l flag
+ [801dbbc82778]
+
+ * sudo.man:
+ fixed typo added info for -l flag
+ [8916ca945d65]
+
+ * configure.in:
+ AC_SSIZE_T -> SUDO_SSIZE_T
+ [c61f7f47013f]
+
+ * aclocal.m4:
+ added SUDO_SSIZE_T
+ [0ccdb77be84d]
+
+ * sudo.h:
+ added MODE_LIST
+ [9b2bd844c76c]
+
+ * configure.in:
+ added AC_SSIZE_T
+ [35cca208f9b5]
+
+ * find_path.c, sudo_realpath.c:
+ readlink() is now declared as returning ssize~_t
+ [0640a08d1407]
+
+ * configure.in:
+ added -laud for OSF c2
+ [b7539c905efc]
+
+1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, visudo.c:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [067fd9bcb5e1]
+
+ * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+ [fc46e7c7110a]
+
+ * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
+ parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
+ sudo_setenv.c, tgetpass.c, version.h:
+ changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
+ [d1d4fbc53a98]
+
+1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ ++version
+ [b7066d97633f]
+
+ * version.h:
+ ++
+ [65ec69d88110]
+
+ * logging.c:
+ added host to alertmail messages
+ [d973c19ce777]
+
+ * CHANGES, TODO:
+ udpated
+ [5a65eb16faeb]
+
+ * logging.c:
+ fixed logging problem where mail would not say which user it was
+ [35723edcc5d2]
+
+ * configure.in:
+ added -laud for gcc if osf & c2
+ [18f1e0ae5548]
+
+ * check.c:
+ moved set_auth_parameters to sudo.c
+ [d23112fe01db]
+
+ * sudo.c:
+ added set_auth_parameters for osf
+ [eb70f65214ac]
+
+ * configure.in:
+ cleaned up -static stuff
+ [01e9575f0422]
+
+ * Makefile.in:
+ ++version
+ [7ac3bff5c770]
+
+ * version.h:
+ ++
+ [10a4ff478469]
+
+ * sudo.c:
+ changed setenv() to sudo_setenv()
+ [40a78abb9946]
+
+ * check.c:
+ fixed osf problem
+ [3d69b118efb8]
+
+ * configure.in:
+ added OSF C2 stuff
+ [38cff3ad4093]
+
+ * CHANGES:
+ updated
+ [cd341dd0581a]
+
+ * check.c:
+ added osf auth support & removed some extra spaces
+ [a448cdd81514]
+
+ * INSTALL, SUPPORTED:
+ added osf C2 stuff
+ [f70484796146]
+
+1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ added 2 suggestions
+ [695fbdbd86e6]
+
+ * Makefile.in:
+ removed README.v1.3.1 and added VERSION stuff
+ [f69403eb04c6]
+
+ * version.h:
+ pl1
+ [21580c0f8cb1]
+
+1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ 1.3.1final
+ [630114970298]
+
+ * Makefile.in:
+ added HISTORY
+ [901bff251614]
+
+ * sudo.man:
+ mention HISTPRY file
+ [86dbcfd4326e]
+
+ * sudo.c:
+ use sizeof instead of a constant in 1 place
+ [d819604c68ca]
+
+ * parse.yacc:
+ added unistd.h
+ [6f9500f9fe7e]
+
+ * parse.lex:
+ added unistd.h
+ [468b81a276eb]
+
+ * README:
+ udpated
+ [7e275618923a]
+
+ * HISTORY:
+ Initial revision
+ [5db1b0a3939b]
+
+1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ ++
+ [7dfbb4a810bb] [SUDO_1_3_1]
+
+ * CHANGES:
+ updated
+ [7820ee610bf8]
+
+ * sudo_setenv.c:
+ added unistd.h include
+ [30cf2b654525]
+
+1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added sys/time.h for AIX
+ [199fc8caf3a3]
+
+1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added check for -lsocket and sys/sockio.h
+ [f9abfbb31031]
+
+ * config.h.in:
+ took out libshadow check and added in sys/sockio.h check
+ [0c4b0393ac80]
+
+ * sudo.c:
+ now include sockio.h instead of ioctl.h if it exists "sudo -" now
+ gets a better error message
+ [53041bea5483]
+
+ * sample.sudoers:
+ now has a dir and subnet entry
+ [56b820f65438]
+
+1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ removed if_ether.h
+ [b4f64507493e]
+
+ * TODO:
+ added an item
+ [ea2a1bb6922a]
+
+ * sudo.man:
+ added network and ip addresses to man page
+ [01c85016511f]
+
+ * sudo.c:
+ no error if can't get interfaces or netmask since networking may not
+ be in the kernel.
+ [50b8890e2134]
+
+ * parse.c:
+ nwo check for interfaces == NULL
+ [dc1b3eef0db2]
+
+ * parse.c:
+ fixed a bug that caused directory specs in a Cmnd_Alias to fail if
+ the last entry in the spec failed (ie: it was only looking at the
+ last entry). CLeaned things up by adding the cmndcmp() function--all
+ neat & tidy
+ [007e93578e5e]
+
+ * CHANGES:
+ added one
+ [40e8a2cef497]
+
+1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now do two passes to skip bogus interfaces (lo0, etc)
+ [465e30aecaf7]
+
+ * parse.lex, parse.yacc, visudo.c:
+ added include of netinet/in.h
+ [11e3816ed362]
+
+ * logging.c, sudo_realpath.c, sudo_setenv.c:
+ added ninclude of netinet/in.h
+ [daccfa40fe1e]
+
+ * check.c, find_path.c, getcwd.c, getwd.c:
+ added include of netinet/in.h
+ [0222f95e06ad]
+
+ * version.h:
+ ++
+ [d6b0cfa35a38]
+
+ * sudo.h:
+ added interfaces global
+ [ba52fa8ad75e]
+
+ * parse.c:
+ now uses new interfaces global
+ [17473ad5ecba]
+
+ * sudo.c:
+ now ip addresses are gleaned fw/o dns
+ [8828bb2007e0]
+
+1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added load_ip_addrs() to load the ip_addrs global var
+ [60c825f04238]
+
+ * parse.c:
+ added hostcmp() to compare hostnames, ip addrs, and network addrs
+ [ab0e40e37537]
+
+ * sudo.h:
+ added ip_addrs def added load_ip_addrs prototype
+ [c41c565d0777]
+
+1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [2a128dbe9bcb]
+
+ * Makefile.in:
+ removed multiple entries in DISTFILES
+ [2490f4f371e6]
+
+ * visudo.c:
+ ansified the !STDC_HEADERS decls
+ [646ba06d17ae]
+
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
+ don't do malloc decl if gnuc
+ [f1bad1925f98]
+
+ * sudo.c:
+ can't use getopt(3) since it munges args to the command to be run as
+ root don't do malloc decl if gnuc
+ [38e78f6da14e]
+
+ * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
+ sudo_realpath.c, sudo_setenv.c:
+ ansi-fied !STDC_HEADER function prottypes
+ [51d8cad89976]
+
+ * getcwd.c, getwd.c:
+ added missing paren
+ [6a1fae70e27e]
+
+ * Makefile.in:
+ added putenv.c to DISTFILES
+ [a5e4523eabbb]
+
+ * sudo_setenv.c:
+ added params to func decls when STDC_HEADERS is not defined now can
+ count on putenv() being there
+ [fd587796189b]
+
+ * sudo_realpath.c:
+ took out errno decl since sudo.h does it for us fixed up a next cc
+ warning added params to func decls when STDC_HEADERS is not defined
+ [70fa5152ace6]
+
+ * sudo.h:
+ took out environ extern added local declaratio of putenv() if local
+ version is needed
+ [a84bae6c020d]
+
+ * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
+ added params to func decls when STDC_HEADERS is not defined
+ [f406f0e47ac0]
+
+ * config.h.in:
+ added memcpy check check to see that ansi vs bsd macros are ntot
+ already defiend before defining (ie: avoid redefinition)
+ [879ae026e19f]
+
+ * configure.in:
+ removed fluff setenv check plus check w/ replace for putenv if also
+ no setenv
+ [e3c03814ad4b]
+
+ * putenv.c:
+ Initial revision
+ [3cff63e2dc1b]
+
+1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo_setenv.c:
+ Initial revision
+ [4d637631fa6b]
+
+ * sudo.h:
+ rm'd s realp[ath added sudo_realpath and sudo_setenv
+ [07ba001ff57e]
+
+ * sudo.c:
+ now use sudo_setenvc
+ [fd81e04d5ef0]
+
+ * configure.in:
+ added puteenv and setenv, removed realpath
+ [27bfacfb513b]
+
+ * config.h.in:
+ added putenv & setenv
+ [515f14eaf6e4]
+
+ * Makefile.in:
+ added sudo_setenv
+ [217731a717c5]
+
+ * version.h:
+ ++
+ [eadb346d7129]
+
+1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added MAN_POSTINSTALL and /usr/share/catman for irix
+ [2a9496c1bdba]
+
+ * Makefile.in:
+ added MAN_POSTINSTALL
+ [89b0d4695529]
+
+ * CHANGES:
+ added
+ [48c021ba8a70]
+
+ * sudo.man:
+ added SUDO_* plus new options
+ [c0759cff5683]
+
+ * CHANGES:
+ added one
+ [7d44a3922d56]
+
+ * configure.in:
+ took out shadow lib
+ [07cf3de18701]
+
+ * TODO:
+ adde done
+ [a27a578e8afe]
+
+ * visudo.c:
+ now use yyrestart() if flex now reset yylineno to 0
+ [77d67ce0b677]
+
+ * Makefile.in:
+ support for installing a cat page instead of a man page if no nroff
+ [44671c0fc0fa]
+
+ * configure.in:
+ now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
+ to determine whether or not to install a cat or man page
+ [0562d069c135]
+
+ * config.h.in:
+ added HAVE_FLEX
+ [c5490bae39d3]
+
+ * sudo.c:
+ not set ret to MODE_RUN initially
+ [88b4983c195b]
+
+ * find_path.c:
+ made command (and therefor cmnd dynamically allocated)
+ [95b82e32b6de]
+
+ * TODO:
+ did #8
+ [fb6f41308cdf]
+
+ * version.h:
+ ++
+ [14112ecab5ae]
+
+ * sudo_realpath.c:
+ changed bufs from MAXPATHLEN to MAXPATHLEN+1
+ [0ad4f34e55c0]
+
+ * sudo.h:
+ added MODE_ removed validate_only and added remove_timestamp()
+ [dd5f99c57728]
+
+ * sudo.c:
+ usage() now takes an int (exit value) added parse_args() to parse
+ command line arguments moved call to find_path() from load_globals
+ to new function load_cmnd() removed validate_only global -- now use
+ the concept of "modes" added -h and -k options
+ [c3887090b28a]
+
+ * parse.c:
+ no longer use global validate_only now checks for command called
+ "validate" removed check for non-fully qualified commands since that
+ is done by find_path
+ [7d56fbd26369]
+
+ * find_path.c:
+ changed MAXPATHLEN r to MAXPATHLEN+1
+ [a86e8664d971]
+
+ * find_path.c:
+ fixed off by one error with MAXPATHLEN and fixed a comment
+ [58adcef8c981]
+
+ * check.c:
+ check_timestamp no longer runs reminder(), it is implied in the
+ return val added remove_timestamp()
+ [42ab5a77066f]
+
+ * CHANGES:
+ updated
+ [8e69b31df024]
+
+1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ fixed on
+ [bc34f1ac4280]
+
+ * sudo_realpath.c:
+ took out old_errno
+ [a168d00a0768]
+
+ * CHANGES:
+ updated
+ [04ba80922df7]
+
+1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ moved send_mail to after syslog
+ [4d4188087834]
+
+ * sudo.c:
+ now set SUDO_ envariables
+ [e5963f1bd3bb]
+
+1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ ++
+ [2a4534845d8c]
+
+ * sudo_realpath.c:
+ now print error if chdir fails
+ [0d75c8973d49]
+
+ * find_path.c:
+ removed an XXX
+ [e2077bcb35aa]
+
+1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [e30a2b39b41a]
+
+ * configure.in:
+ no more static binaries for aix
+ [77a0beb6bd80]
+
+1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ fixed typo
+ [ba5e0d391bc4]
+
+ * sudo_realpath.c:
+ took out stuff not needed for sudo now does be_root/be_user itself
+ now uses cwd global
+ [4f6d4641d793]
+
+ * version.h:
+ +=2
+ [97da927b297c]
+
+ * logging.c, sudo.c:
+ be_root/be_user is now down in sudo_realpath()
+ [f331662fa50f]
+
+ * logging.c, sudo.h:
+ now works with 4.2BSD syslog (blech)
+ [98e39d89dd36]
+
+ * find_path.c:
+ now use sudo_realpath()
+ [ab436a8ebd02]
+
+ * config.h.in:
+ took out realpth() stuff since we now use sudo_realpath()
+ [8de5ef9f6044]
+
+ * configure.in:
+ ultrix enhanced sec
+ [815fb7fffcc0]
+
+ * SUPPORTED:
+ added ultrix enhanced sec.
+ [6466766c8062]
+
+ * INSTALL:
+ updated
+ [d681a634297a]
+
+ * check.c:
+ ultrix enhanced security suport
+ [f10c8decbcc2]
+
+ * Makefile.in:
+ added sudo_realpath.c
+ [6b9bcd3be022]
+
+ * CHANGES:
+ updated
+ [2fa8084c1b53]
+
+ * tgetpass.c:
+ increased passwd len to 24 for c2 security
+ [ec64838be62d]
+
+ * BUGS:
+ updated BUGS
+ [ca00d8fec2ce]
+
+1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ now use user global var
+ [568769719013]
+
+ * configure.in:
+ took out -ls
+ [490a44180d5f]
+
+1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added AFS libs
+ [4fb40c8c01ba]
+
+ * sudo.h:
+ user is now a char * added epasswd
+ [27a919fafdfb]
+
+ * sudo.c:
+ added tzset() to load_globals added epasswd (encrypted password)
+ global made user dynamically allocated
+ [b99ef9bdbfce]
+
+ * configure.in:
+ added tzset test
+ [27592dd1214b]
+
+ * config.h.in:
+ added HAVE_TZSET
+ [b13f4213f3d0]
+
+ * check.c:
+ cleaned up encrypted passwd grab somewhat
+ [c8ba9a4db38a]
+
+ * configure.in:
+ fixed AFS typo
+ [2bfcbce237b6]
+
+ * INSTALL:
+ added AFS not
+ [80c67329393c]
+
+ * CHANGES:
+ udpated
+ [2f09ecdd5d31]
+
+ * logging.c:
+ can now log to both syslog & a file
+ [4d5c0932bc01]
+
+ * sudo.h:
+ added BOTH_LOGS
+ [623c539be824]
+
+ * CHANGES:
+ updated
+ [a1c7f5ef3616]
+
+ * configure.in:
+ --with-AFS
+ [28718d8f5daf]
+
+ * config.h.in:
+ added HAVE_AFS
+ [2e32bb4e63e4]
+
+ * check.c:
+ added afs changes
+ [fe4d0ff320a2]
+
+ * sudo.h:
+ removed AFS stuff :-)
+ [a40387e6fa27]
+
+ * tgetpass.c:
+ include sys/select for AIX
+ [f32c5a8f2c84]
+
+ * sudo.h:
+ added AFS
+ [da2ab3dd0348]
+
+ * version.h:
+ ++
+ [452d4dfe25af]
+
+1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES, SUPPORTED:
+ updated
+ [e7dfe6f23a37]
+
+ * logging.c:
+ can now have MAILER undefined
+ [1d33b98b35e1]
+
+ * INSTALL:
+ new sub-note about MAILER
+ [d35c636a0574]
+
+ * sudo.man:
+ added blurb about password timeout
+ [70c2ee50de20]
+
+ * configure.in:
+ convex c2 changes
+ [367138a6232e]
+
+ * aclocal.m4:
+ took out duplicate define of _CONVEX_SOURCE
+ [647182138450]
+
+ * Makefile.in:
+ added OSDEFS
+ [7fdcd50602d1]
+
+ * config.h.in:
+ added spaces
+ [f2b8a05e48f3]
+
+ * tgetpass.c:
+ added a goto if fgets fails
+ [68a6586d9c45]
+
+ * sudo.h:
+ use __hpux not hpux convex c2 stuff
+ [5c377a8d5f34]
+
+ * sudo.c:
+ use __hpux not hpux
+ [9363bc0f9f9e]
+
+ * logging.c:
+ convex c2 stuff
+ [ea5630975ac4]
+
+ * config.h.in:
+ define ansi-ish cpp os defines if non-ansi are defined for hpux &
+ convex
+ [664f53a5e786]
+
+ * INSTALL:
+ updated to say we support sonvex C2
+ [5f2f8b87013e]
+
+ * check.c:
+ added convex c2 support
+ [9a665d4918fa]
+
+1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ no more ioctl never returns NULL uses fgets() and select() to
+ timeout
+ [b333e6d63e97]
+
+1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ things were testing -n "$GCC" instead of -z "$GCC"
+ [059a9b15ede2]
+
+ * tgetpass.c:
+ now works + uses fgets()
+ [353d7ebcb7bb]
+
+1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ select doesn't seem to recognize a single '\n' as input waiting so
+ we can;t use it, sigh.
+ [f76e3218b835]
+
+1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * PORTING:
+ updated tgetpass() blurb
+ [95baac736b49]
+
+ * configure.in:
+ added --with-getpass
+ [42ac0bdf58ed]
+
+ * Makefile.in:
+ added tgetpass stuff
+ [e2b38c635663]
+
+ * tgetpass.c:
+ now uses stdio
+ [36af8ff66e35]
+
+ * version.h:
+ ++
+ [4e81c9db19bd]
+
+1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * PORTING:
+ updated ,.
+ [54f523770a05]
+
+ * config.h.in:
+ added USE_GETPASS && HAVE_C2_SECURITY
+ [86b355cb2953]
+
+ * configure.in:
+ fixed a test aded --with-C2 and --with-tgetpass
+ [abf6181588ef]
+
+ * check.c:
+ added hpux C2 shit
+ [20d4177ffa88]
+
+ * Makefile.in:
+ took out tgetpass.*
+ [cc82fd9984b4]
+
+ * INSTALL:
+ added C2 blurb
+ [1d2bfc35e4b6]
+
+1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ no termio(s) for ultrix since it is broken
+ [d3e82e835350]
+
+ * check.c:
+ added a space (yeah, anal)
+ [05e4b31ca68c]
+
+ * realpath.c, sudo_realpath.c:
+ fixed it (duh, rtfm)
+ [f13097cb8cb6]
+
+1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ took out bsd signal stuff for irix
+ [e179cdafc97a]
+
+ * visudo.c:
+ comments in #endif
+ [e3a629190f5e]
+
+ * configure.in:
+ don't define BSD signals for irix
+ [3ce57bffb7f0]
+
+ * TODO:
+ did some...
+ [274241cd0f74]
+
+ * CHANGES:
+ updated
+ [8f29fc755faf]
+
+ * realpath.c, sudo_realpath.c:
+ took out unneeded code by changing where a strings was terminated
+ [b5564d62d30e]
+
+1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * realpath.c, sudo_realpath.c:
+ fix bug where /dirname would return NULL
+ [b85f470daf26]
+
+ * sudo.h:
+ move __P to config.h
+ [7763c0ff3f28]
+
+ * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
+ added errno definition
+ [4cc9d2d9782a]
+
+ * config.h.in:
+ added __P
+ [ca06f5aa58f3]
+
+ * config.h.in:
+ added HAVE_FCHDIR
+ [206d714641e0]
+
+ * strdup.c:
+ now include stdio
+ [0d8458da0e1d]
+
+ * realpath.c, sudo_realpath.c:
+ now works if no fchdir
+ [e035911b6722]
+
+ * visudo.c:
+ define SA_RESETHAND to null if not defined
+ [afec03e84342]
+
+ * configure.in:
+ added check & replace
+ [c1a65481441c]
+
+ * configure.in:
+ took out -static for nextstep -- it doesn't work
+ [fa1a1a611743]
+
+1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ moved #endif to where it belongs
+ [07d3a8972097]
+
+ * SUPPORTED:
+ correction
+ [0c1ecba3e5a3]
+
+ * configure.in:
+ now checks for strdup realpath getcwd bzero
+ [f029a1917515]
+
+ * config.h.in:
+ emulate bzero
+ [d792352e44a3]
+
+ * visudo.c:
+ added posic signals
+ [2ed0005f90fc]
+
+ * tgetpass.c:
+ bzero cast
+ [6d91b1a1526f]
+
+ * logging.c:
+ added posix signals
+ [67ede9c22a05]
+
+ * configure.in:
+ removed BROKEN_GETPASS added new srcs toreplace missing functions
+ [cf44274bb1c8]
+
+ * config.h.in:
+ added posix signal stuff
+ [a3c1c98fe8ef]
+
+ * Makefile.in:
+ added new srcs
+ [b6a079afee47]
+
+ * visudo.c:
+ updated useag
+ [589ed091c44f]
+
+ * tgetpass.c:
+ now uses posix signals
+ [30f74964074f]
+
+ * PORTING:
+ updated sto reflect major changes
+ [bcfc309e017b]
+
+ * CHANGES, TODO:
+ updated
+ [23aacbd54278]
+
+ * tgetpass.c:
+ uses sysconf() if available
+ [a27431c90bab]
+
+ * sudo.h:
+ added PASSWORD_TIMEOUT + prototypes for new functions
+ [d7473c2f77c4]
+
+ * realpath.c, sudo_realpath.c:
+ for those w/o this in libc
+ [1e47aa7a9d46]
+
+ * getcwd.c, getwd.c:
+ Initial revision
+ [c90dea57a84f]
+
+ * find_path.c:
+ rewrote to use realpath(3) - nis now all my code
+ [d2c3bb8fb37d]
+
+ * config.h.in:
+ added HAVE_REALPATH
+ [02c10352a8c7]
+
+ * check.c:
+ now use tgetpass
+ [b5c021fc179f]
+
+ * Makefile.in:
+ added LIBOBJS use tgetpass.c
+ [230a7b3eeaa3]
+
+1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * tgetpass.c:
+ works now :-)
+ [025e7a3875ba]
+
+ * tgetpass.c:
+ Initial revision
+ [3316ab33b230]
+
+ * pathnames.h.in:
+ added /dev/tty
+ [29242585e53f]
+
+1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * version.h:
+ incremented
+ [f2e54b48280f]
+
+ * sudo.c:
+ always use getcwd
+ [c6068e8a4029]
+
+ * config.h.in:
+ added check for getwd
+ [ab1e102ad673]
+
+ * configure.in:
+ replace strdup & realpath & getcwd if missing
+ [b0eb14f2a1c3]
+
+ * pathnames.h.in:
+ added _PATH_PWD
+ [309d2388f69a]
+
+ * aclocal.m4:
+ added SUDO_PROG_PWD
+ [e16e85deb96c]
+
+ * strdup.c:
+ Initial revision
+ [810efdc15007]
+
+ * realpath.c, sudo_realpath.c:
+ Initial revision
+ [d85eee438e09]
+
+1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ quoted quare brackets
+ [d0e7ca111d98]
+
+1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ no need to strdup() a constant
+ [a8c44712df9a]
+
+ * CHANGES:
+ updated
+ [71364129cca0]
+
+ * sudo.man:
+ added validate
+ [0bb198095a26]
+
+ * sudo.c:
+ added -v to usage
+ [31ea71f11dbb]
+
+ * parse.c, sudo.c, sudo.h:
+ added validate_only stuff
+ [9bcd853d3c90]
+
+1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now finds sed
+ [6374bb0d3f28]
+
+ * aclocal.m4:
+ $OSREV is now an int
+ [ace0666d66cf]
+
+1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ added mtxinu to caser
+ [73a776887b16]
+
+ * sudo.h:
+ added EXEC macro
+ [2e8eb28b710a]
+
+ * sudo.c:
+ now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
+ [56afb4f658d5]
+
+ * logging.c:
+ changed mail_argv[] def now use EXEC() macro
+ [ddcabd28edb1]
+
+ * check.c:
+ took out crypt() definition
+ [0e657724cf5f]
+
+ * version.h:
+ upped the version
+ [62c5d66119fc]
+
+ * configure.in:
+ always look for -lnsl
+ [d7b594f0313b]
+
+ * aclocal.m4:
+ added an echo
+ [1caae3491dc5]
+
+ * sudo.h:
+ SHORT_MESSAGE is now the default
+ [cfce35c3119a]
+
+ * config.h.in:
+ fixed typo
+ [6499a564bf75]
+
+ * configure.in:
+ added missing AC_DEFINE(SVR4) for solaris
+ [feef0b17b94f]
+
+ * sudo.man:
+ documented the -v flag
+ [a6429f2bc2cf]
+
+ * SUPPORTED:
+ updated
+ [088886e79540]
+
+ * check.c:
+ proto-ized crypt()
+ [801e4ff5b121]
+
+ * config.h.in:
+ added LIBSHADOW undef
+ [8df588e9ee2b]
+
+ * configure.in:
+ nwo set OS to be lowercase
+ [561ebed833e4]
+
+1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now use SUDO_OSTYPE to set $OS
+ [0e60aee23098]
+
+ * aclocal.m4:
+ now use uname to determine os
+ [99705e58d400]
+
+ * visudo.c:
+ added prototypes & moved sig handler around
+ [1f0bc8d23b51]
+
+ * sudo.h:
+ added prototyppes
+ [be3935a2b163]
+
+ * check.c, logging.c, sudo.c:
+ added prototypes
+ [2079b4605ab8]
+
+ * parse.c:
+ added comment
+ [a34d147d8399]
+
+ * config.h.in:
+ nwo use _BSD_SIGNALS not _BSD_COMPAT
+ [63663195f047]
+
+ * aixcrypt.exp:
+ Initial revision
+ [890aed08357e]
+
+ * Makefile.in:
+ added aixcrypt.exp
+ [1005a183105f]
+
+ * parse.lex, parse.yacc:
+ moved config.h to top of includes
+ [9569c49aa5f3]
+
+1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now don't bitch if get EACCESS (treat like EPERM)
+ [dbeffb638de4]
+
+ * visudo.c:
+ added -v flag and usage()
+ [4d44ed60ed75]
+
+ * version.h:
+ fixed a typo
+ [cf3f9347ae41]
+
+ * sudo.c:
+ cast Argv to a const for exec added -v flag
+ [d11b6efc0e45]
+
+ * logging.c:
+ mail_argv is now a const
+ [93bb5d90bb6f]
+
+ * configure.in:
+ only set RETSIGTYPE if it is not set already
+ [c97aac260b77]
+
+ * aclocal.m4:
+ now defines & STDC_HEADERS for Irix
+ [9c2b24ad1fc5]
+
+ * Makefile.in:
+ added version.h
+ [9f79e880229a]
+
+ * insults.h, sudo.h:
+ prevent multiple inclusion
+ [d68c8a9243ce]
+
+ * version.h:
+ Initial revision
+ [dbb39c5ef8d9]
+
+ * parse.lex, parse.yacc:
+ now includes config.h
+ [f117e036a56b]
+
+ * aclocal.m4:
+ now talks about sunos 4.x
+ [c9054aa92d4e]
+
+ * visudo.c:
+ calls to Exit now pass an arg
+ [a92104670551]
+
+1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ signal handler now takes an int argument
+ [26f480c41523]
+
+ * CHANGES:
+ updated
+ [8c166a9d796b]
+
+ * sudo.c:
+ ok, the getcwd() is now *really* done as the user
+ [ab86cf85134a]
+
+ * configure.in:
+ changed AIX STATIC_FLAGS
+ [b9c0a3ba5663]
+
+ * aclocal.m4:
+ solaris now defines SVR4
+ [c3e20cac96f5]
+
+ * sudo.h:
+ added cwd and fixed stupid core dump that makes no sense. sigh.
+ [7a9755436dbb]
+
+ * sudo.c:
+ moved getcwd stuff into load_globals
+ [ec2bc90df1f3]
+
+ * parse.c:
+ took out externs that are in suod.h
+ [93c4b3f856d7]
+
+ * logging.c:
+ moved cwd into load_globals
+ [050de754d228]
+
+ * find_path.c:
+ moved cwd stuff
+ [22f3f3b4c34d]
+
+ * Makefile.in:
+ fixed make distclean & realclean
+ [c9964d89bcef]
+
+ * TODO:
+ updated .,
+ [e513581ef0e3]
+
+ * CHANGES:
+ added solaris changes
+ [505d930daf27]
+
+ * aclocal.m4:
+ added solaris changes, need to rework
+ [33f20fb16c49]
+
+ * configure.in:
+ cleaned up for solaris
+ [2fb8cfa05d0f]
+
+ * logging.c:
+ reinstall reapchild signal handler for non-bsd signals
+ [3d1dc545113d]
+
+ * sudo.h:
+ took out getdtablesize() emulation for HP-UX (no longer needed)
+ [1fc83d170f34]
+
+ * sudo.c:
+ support for HAVE_SYSCONF
+ [50ca2a7a224a]
+
+ * visudo.c:
+ added <fcntl.h> for solaris & reorg'd the includes + minor prettying
+ up /
+ [0a570e826dd4]
+
+ * config.h.in:
+ added HAVE_SYSCONF
+ [2b9a9f3a4e94]
+
+1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now tells you what os you are running /.
+ [06c6332a895b]
+
+ * aclocal.m4:
+ took out extra ','
+ [e8c75ce59f4a]
+
+1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in:
+ added _BSD_COMPAT
+ [73c5099806c2]
+
+ * aclocal.m4:
+ fixed for irix5
+ [1047d1f6c0eb]
+
+ * CHANGES:
+ updated
+ [1bc4969fee96]
+
+ * sudo.c:
+ uid seinitialized to -2
+ [8d7812b1878b]
+
+1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ now removes LIBPATH for AIX
+ [075392eb1dd9]
+
+1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ now uses ufc if it finds it
+ [ab6ce30a5958]
+
+1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ no longer define yyval & yylval since yacc does it
+ [09d250aea50a]
+
+ * parse.lex:
+ now defines yylval as extenr
+ [8ec2b88952bc]
+
+ * configure.in:
+ BROKEN_GETPASS is now an OPTION
+ [3714f4bb8312]
+
+ * config.h.in:
+ took out BROKEN_GETPASS
+ [9c4f6aa50137]
+
+ * Makefile.in:
+ took out big comment
+ [4c13cff0e556]
+
+ * README:
+ updated
+ [b8b9902b620d]
+
+ * Makefile.in:
+ took out README.beta
+ [ed2cd861e82b]
+
+ * SUPPORTED:
+ Initial revision
+ [2fffc51e6606]
+
+ * INSTALL:
+ now reference SUPPORTED .,
+ [d112c30be1f2]
+
+ * config.h.in:
+ now check for convex OR __convex__
+ [a0e5701a3069]
+
+ * aclocal.m4:
+ now check for convex or __convex__
+ [5dae2bfbe3bc]
+
+ * Makefile.in:
+ added dist target
+ [400a54de57db]
+
+ * aclocal.m4:
+ use __convex__
+ [58a19470ed0b]
+
+ * find_path.c:
+ now use _S_* stat stuff to be ansi-like
+ [28cce560e048]
+
+ * INSTALL:
+ updated for configure directions
+ [a034ccc7c30a]
+
+ * Makefile.in:
+ distclean now removes config.h and pathnames.h
+ [300f2349b4ab]
+
+ * CHANGES:
+ updated
+ [646f7e9430c1]
+
+ * TODO:
+ fixed typoe
+ [70fd6361b2bc]
+
+ * visudo.c:
+ updated version
+ [cf13d87d789f]
+
+ * Makefile.in:
+ updated version
+ [8c5dacc27a7a]
+
+ * config.h.in, pathnames.h.in:
+ added copyright header
+ [747ce3d3d6b7]
+
+ * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
+ parse.yacc, sudo.c, sudo.h:
+ udpated version
+ [4751c39bad18]
+
+ * visudo.c:
+ udpated to use configure + pathnames.h
+ [d45dff76a1cd]
+
+ * aclocal.m4:
+ updated
+ [f05a367a55be]
+
+ * Makefile.in, config.h.in, configure.in:
+ updated
+ [524778598879]
+
+ * sudo.h:
+ now works with configure
+ [83fc40e533f4]
+
+ * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
+ updated to work with configure + pathnames.h
+ [cb67fa6ab52d]
+
+ * Makefile.in:
+ added LEXLIB
+ [f43cad4ab0a2]
+
+1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * COPYING:
+ updated gnu general licence to versio 2
+ [2b0b56112ddc]
+
+ * config.h.in, pathnames.h.in:
+ Initial revision
+ [4b586f39ec2d]
+
+ * sudo.h:
+ changed to work with configure
+ [13f3506ddf16]
+
+1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4, configure.in:
+ Initial revision
+ [a8636ae77371]
+
+ * visudo.c:
+ now uses defines used by configure
+ [de438d118993]
+
+1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ sudo won't bitch about EPERM now, for real
+ [ce26d9ef7e3f]
+
+1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * logging.c:
+ renamed exec_argv to eliminate a libc name clash with ksros
+ [bcb4350d8411]
+
+ * CHANGES:
+ corrected
+ [dae68d422efd]
+
+ * logging.c, sudo.c, sudo.h:
+ execve -> execv
+ [40cc2c4bdb15]
+
+ * TODO:
+ upated
+ [9275a8b8fc45]
+
+ * PORTING:
+ added 2 mroe items
+ [6cbb5c56993c]
+
+ * CHANGES:
+ updated
+ [73f34f8e571a]
+
+ * sudo.h:
+ added UMASK and mode_t declaration
+ [7c2015e1d171]
+
+ * sudo.c:
+ added UMASK
+ [d37be7523680]
+
+ * logging.c:
+ now opens log file with mode 077
+ [0825cc3ee841]
+
+ * check.c:
+ saved current umask ans restores it
+ [659c1aaae8e8]
+
+ * sudo.h:
+ added MAXLOGFILELEN
+ [34331c7dee90]
+
+ * logging.c:
+ split long log lines. FOr syslog, split into multiple entries, for a
+ log file, indent the extra for readability
+ [72c9e4cdba6e]
+
+1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ added changes
+ [81196833673d]
+
+ * sudo.h:
+ MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
+ [1aa69e903840]
+
+1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ added input from Brett M Hogden <hogden@rge.com>
+ [80f01fc88ce9]
+
+1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ added rmenv() to remove stuff from environ. can now uses execvp() OR
+ execve() becuase of this.
+ [e7fc2535bd67]
+
+ * logging.c:
+ now uses execvp() OR execve()
+ [56391aa1f99d]
+
+ * sudo.h:
+ added USE_EXECVE
+ [f21f38050b95]
+
+ * sudo.h:
+ added environ
+ [6b805e23c6f6]
+
+ * find_path.c:
+ now ignore EPERM
+ [c8fd7117a1d7]
+
+ * sudo.h:
+ moved some func decls out of sudo.h and into sudo.c as statics /.
+ [5f555c267d27]
+
+ * CHANGES:
+ updated
+ [431f478af320]
+
+ * sudo.h:
+ took out Envp
+ [6f722be7793d]
+
+1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * BUGS:
+ Initial revision
+ [4a8ecf0da95c]
+
+1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ added SECURE_PATH
+ [1c72cb222609]
+
+ * sudo.c, sudo.h:
+ added SECURE_PATH
+ [5bf5357a63c5]
+
+ * sudo.h:
+ added SECURE_PATH
+ [3976a74405ac]
+
+ * INSTALL:
+ added sample.sudoers note
+ [1b395d29aaeb]
+
+ * sudoers:
+ Initial revision
+ [485888d07477]
+
+1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ fixed typo
+ [bfc3cc4d41ca]
+
+ * PORTING:
+ took out SAVED_UID garbage
+ [b7c2d3469661] [SUDO_1_3_0]
+
+ * INSTALL:
+ mentioned HAL
+ [253d6695df90]
+
+ * sudo.h:
+ added HAL line
+ [29ec1a4ac6de]
+
+ * insults.h:
+ added HAL insults
+ [7d7c96d77c74]
+
+ * TODO:
+ updated
+ [aa2ed9790586]
+
+ * logging.c:
+ more verbose error if mailer not found
+ [fca47fd00cb6]
+
+ * check.c:
+ now do getpwent as root for soem shadow password systems (bsdi)
+ [e0339e110d46]
+
+1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ took out SAVED_UID garbade
+ [fcb0e81dcdb5]
+
+ * sudo.c:
+ took out SAVED_UID garbage since it don't work
+ [507e9513e9c2]
+
+1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ updated
+ [d2b6b253dae5]
+
+ * insults.h:
+ added a missing space :-)
+ [8940ea991f87]
+
+ * sudo.c, sudo.h:
+ took out multimax cruft
+ [c2606b365181]
+
+ * INSTALL:
+ minor update
+ [05fb6ee73131]
+
+ * PORTING:
+ finished
+ [c4ac47c84dc5]
+
+ * sudo.c:
+ fixed a typo + indentation
+ [7eab40aae8fa]
+
+1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ took outumoved some defines to the config file ,. ,.
+ [defff05beb52]
+
+ * PORTING:
+ Initial revision
+ [c803e9127959]
+
+ * TODO:
+ did #6
+ [c6fa1c946c31]
+
+ * sudo.h:
+ added HAS_SAVED_UID
+ [6a88a39c0a07]
+
+ * sudo.c:
+ put back AIX cruft
+ [a24d2507ddd4]
+
+1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ aix changes
+ [1663915f754a]
+
+1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * CHANGES:
+ updated
+ [a8cc73747cae]
+
+ * check.c, logging.c, parse.c, sudo.c, sudo.h:
+ now is only root when abs necesary
+ [3c9d12c5cdfe]
+
+ * check.c:
+ added missing %s\n
+ [609320b72d89]
+
+1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Initial revision
+ [b5bba140a175]
+
+ * TODO:
+ updated
+ [c9d2eba602af]
+
+ * CHANGES:
+ updated
+ [932f1fc3bb14]
+
+ * sudo.c:
+ now removed _RLD_* for alphas
+ [54a36e648158]
+
+ * INSTALL:
+ updated for new config scheme
+ [61c8ae800444]
+
+ * find_path.c:
+ more verbose eror messages
+ [b4fd123db42d]
+
+1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * TODO:
+ now have solaris
+ [371002fbf266]
+
+ * sudo.h:
+ define __svr4__ for SOLARIS
+ [0b5cf5ed936d]
+
+ * check.c:
+ added svr4 junk for shadow pws for solaris 2.x
+ [91ed58f21618]
+
+ * check.c, sudo.c:
+ took out setuid(0) and setreuid(udi) garbage. Its not needed since
+ we start out setuid with the correct perms.
+ [07689e782b0b]
+
+ * check.c, sudo.c, sudo.h:
+ now use setreuid()
+ [7d64d685d78e]
+
+1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man:
+ revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
+ sectoin
+ [b26967b1e19b]
+
+ * visudo.c:
+ now uses ENV_EDITOR if you want to use the EDITOR envar
+ [a4f8fcb9bd1d]
+
+ * sudo.h:
+ now uses ENV_EDITOR if you want to use the EDITOR envar >> .
+ [028cc55c4328]
+
+1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README:
+ minor update + spell fix
+ [a411717a7249]
+
+ * INSTALL:
+ rewrote most of this
+ [a6750923f9c9]
+
+ * sudo.h:
+ added all options that are in the Makefile
+ [6db3b3b841b3]
+
+ * getpass.c:
+ now use USE_TERMIO #define for sgi & hpux
+ [b91f89ae6be1]
+
+ * TODO:
+ todo: posix sigs
+ [4548a56eb2ef]
+
+1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c, find_path.c:
+ always include strings.h
+ [1fc20bda92c0]
+
+ * visudo.c:
+ added STATICEDITOR
+ [0596f820716e]
+
+ * sudo.h:
+ sgi has vi in /usr/bin too
+ [94203b62bfd9]
+
+ * sudo.man:
+ added VISUAL
+ [87c2844c4cac]
+
+1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ sue /usr/bin/vi on some systems
+ [e3ad9190f35e]
+
+ * sudo.c:
+ fixed warning (include strings.h)
+ [0b896de4d8a0]
+
+ * sudo.man:
+ added John_Rouillard@dl5000.bc.edu's changes (new features)
+ [f41b4205a8cf]
+
+ * CHANGES:
+ changes from John_Rouillard@dl5000.bc.edu
+ [6bdef8e948d5]
+
+ * visudo.c:
+ added EDITOR envar
+ [5c4bf716de21]
+
+ * check.c, find_path.c, parse.c, sudo.c:
+ added patches from John_Rouillard directory spec uses EDITOR
+ [f62a435f8c41]
+
+1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getpass.c:
+ added flush for hpux
+ [07cfdd6a7b55]
+
+1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ no longer assume malloc returns a char *
+ [7480bd2756f3]
+
+ * sudo.c:
+ alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
+ gets removed correctly
+ [8587166c6ac8]
+
+ * sudo.h:
+ added STD_HEADERS macro
+ [480f5a9a516c]
+
+ * sudo.c:
+ now uses STD_HEADERS macor for ansi
+ [c5018806fd59]
+
+ * find_path.c:
+ now uses STD_HEADERS macro
+ [ad821e0788ea]
+
+ * check.c:
+ niceties for C compiler bitches -- no real change
+ [0fc0b1a5fb64]
+
+1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ now doesn't fclose a file never opened.
+ [ee888ec9427d]
+
+1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.man:
+ added visudo line
+ [698d51c66407]
+
+ * sudo.man:
+ added error stuff added me in there...
+ [d202fd34b906]
+
+ * CHANGES:
+ noted insults
+ [998a22c2230c]
+
+ * INSTALL:
+ added blurb about reading stuff
+ [e71db100798f]
+
+ * sudo.h:
+ added insults
+ [c110431cec56]
+
+ * insults.h:
+ corrected somments and removed newlines
+ [493706fd488c]
+
+ * check.c:
+ now uses insults
+ [6d23cf06a0ef]
+
+ * insults.h:
+ Initial revision
+ [83153c26b4a3]
+
+ * INSTALL:
+ added dec syslog note
+ [555437273237]
+
+ * sample.sudoers:
+ added real stuff in there
+ [53442a7fba78]
+
+ * TODO:
+ added a todo
+ [c630472bd4dc]
+
+ * TODO:
+ added one
+ [806464453284]
+
+1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sample.sudoers:
+ Initial revision
+ [7db0a9f1ca8f]
+
+ * sudo.man:
+ updated with changes
+ [d9bf254c6c08]
+
+ * sudo.man:
+ Initial revision
+ [dd6f11174ac6]
+
+ * indent.pro:
+ Initial revision
+ [dbfbb494fad9]
+
+ * CHANGES, COPYING, INSTALL, README, TODO:
+ Initial revision
+ [6d98f489a079]
+
+ * visudo.c:
+ updated version number and took out jeff's old addr since it is no
+ good
+ [ee47c24818cb]
+
+ * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
+ sudo.c, sudo.h:
+ updated version number and took out jeff's email (since it is
+ invalid)
+ [54616458a52e]
+
+1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ added fflush()
+ [145c881f4fb4]
+
+1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now return NULL instead pfof exiting for nopnn-fatal errors
+ [8bc74f8cb1ae]
+
+1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ new banner
+ [5387ab2af516]
+
+ * parse.lex:
+ now sudo.h gets included first
+ [2acb01c18e18]
+
+1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.lex:
+ now can use flex
+ [164d3839adf0]
+
+ * sudo.h:
+ linux patch
+ [f1b6b1b1a2ca]
+
+ * sudo.c:
+ hpux 9 fix, removes SHLIB_PATH linux patch
+ [67611dc1737f]
+
+ * check.c:
+ linux diff
+ [c24536682397]
+
+1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ stat now ignores EINVAL
+ [c7761a5dc642]
+
+1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c, sudo.c:
+ now declare strdup as extern
+ [6b7d6f8784b5]
+
+1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * visudo.c:
+ reformatted with indent + by hand
+ [9d43084e4990]
+
+ * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
+ used indent to "fix" coding style
+ [489ffacbdc70]
+
+ * find_path.c:
+ now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
+ move the code that does this into the loop body. makes it messier
+ tho. hmmm.
+ [c4d22b48da9a]
+
+1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ redid the fix for non-executable files in an easier to read way plus
+ some minor aethetic changes
+ [84fe337f1426]
+
+ * find_path.c:
+ fixed bug with non-executable tings of same name in path introduced
+ by checkig errno after stat(2).
+ [c2a812cfcbc1]
+
+1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ fixed off by one error
+ [fabb7cee0041]
+
+ * find_path.c:
+ now handles decending below '/' correctly
+ [5d2ddfc0b220]
+
+ * sudo.c:
+ now actually builds Envp instead of munging envp
+ [bdc4b08f6898]
+
+1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * parse.yacc:
+ now includes sys/param.h
+ [efbb494ab4de]
+
+ * visudo.c:
+ now includes sys/param.h
+ [ad6c91d59958]
+
+ * sudo.h:
+ fixed ifndef -> ifdef
+ [7aebe822d863]
+
+ * qualify.c:
+ make more like find_path.c
+ [853b2dab2e03]
+
+ * find_path.c:
+ rewritten by millert
+ [c6a043cc11b3]
+
+ * sudo.h:
+ fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
+ about new defines in the comment
+ [39ffefce3aec]
+
+ * logging.c:
+ now uses USE_CWD
+ [fa0f3b118bb3]
+
+ * sudo.h:
+ added delc for clean_envp() and Envp
+ [a12034e300c2]
+
+ * sudo.c:
+ now rips LD_* env vars out of envp and passed sanitized Envp to exec
+ [d201a218e056]
+
+ * logging.c:
+ now uses execve()
+ [f3e01032cd33]
+
+ * find_path.c:
+ ENOTDIR is ok now too (in case part of the path is bogus)
+ [b5cbbb201bb5]
+
+ * qualify.c:
+ now works correctly (ttaltotal rewrite)
+ [0c25d64a5c68]
+
+ * parse.lex:
+ now includes sys/param.h didn't match trailing / -- fix from
+ rouilj@cs.umb.edu
+ [b6363ba110af]
+
+1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ moved around the #ifndef _AIX
+ [7d4330950c20]
+
+ * check.c, logging.c, parse.c:
+ Initial revision
+ [c101e9572d7f]
+
+1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * qualify.c:
+ Initial revision
+ [5a5f21d0e0bf]
+
+1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * find_path.c:
+ now works if you do sudo bin/test
+ [07835120ce43]
+
+ * find_path.c:
+ works
+ [c3da8b5efa20]
+
+1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.h:
+ Initial revision
+ [28a1caa38b72]
+
+ * visudo.c:
+ Initial revision
+ [0e5cd7c3cdbe]
+
+ * parse.lex, parse.yacc:
+ Initial revision
+ [5f2d0cccb06b]
+
+1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ took out errno.h
+ [7466431a2655]
+
+ * sudo.c:
+ now spews error if exec fails and exits with -1
+ [e5c41ea725c1]
+
+ * sudo.c:
+ Initial revision
+ [8aeabe39a0c2]
+
+ * find_path.c:
+ now only execs files with (an) executable bit set.
+ [0a451f9c0e58]
+
+ * find_path.c:
+ Initial revision
+ [02a534891a35]
+
+1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * getpass.c:
+ added nice comment
+ [ea8b2aaa9389]
+
+ * getpass.c:
+ now works on sgi's
+ [bf2b7c6d0960]
+
+ * getpass.c:
+ Initial revision
+ [9f4de251c1b5]
+