« back to all changes in this revision
Viewing changes to ChangeLog
- browse files at revision 60
- compare with another revision
- download diff
- download tarball
- view history from revision 60
- Committer: Package Import Robot
- Author(s): Stéphane Graber
- Date: 2012-11-16 09:31:32 UTC
- mfrom: (1.4.13)
- Revision ID: package-import@ubuntu.com-20121116093132-ptext55adlzbrq6y
Tags: 1.8.6p3-0ubuntu1
* New upstream release (1.8.6p3).
* Add patch to fix building with sssd when ldap is disabled.
* Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
now does the right thing here.
* Build the main sudo package with support for sssd, this doesn't add any
additional build time or runtime dependency. sudo will dynamically load
the sssd library if 'sss' is listed for the 'sudoers' nss service.
* Add patch to fix building with sssd when ldap is disabled.
* Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
now does the right thing here.
* Build the main sudo package with support for sssd, this doesn't add any
additional build time or runtime dependency. sudo will dynamically load
the sssd library if 'sss' is listed for the 'sudoers' nss service.
- files added:
- .pc/fix_sssd_build.patch
- .pc/fix_sssd_build.patch/plugins
- .pc/fix_sssd_build.patch/plugins/sudoers
- plugins/sudoers/regress/check_symbols
- files removed:
- debian/sudo-ldap.manpages
- files modified:
- .pc/actually-use-buildflags.diff/common/Makefile.in
added
removed
ChangeLog
1
2
3
* NEWS, configure, configure.in:
4
sudo 1.8.6p3
5
[97fef3d9ed65]
6
7
2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
8
9
* doc/fixman.sh:
10
Don't use embedded newline when matching, use \n. This got expanded
11
at some point. Bug #573
12
[6652f834b8f5]
13
14
* plugins/sudoers/sudoreplay.c:
15
Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
16
all file systems support d_type. Bug #572
17
[8b861c62945f]
18
19
* plugins/sudoers/sudoreplay.c:
20
Avoid calling fclose(NULL) in the error path when we cannot open an
21
I/O log file.
22
[9401d5c4bb05]
23
24
2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
25
26
* NEWS, configure, configure.in:
27
Sudo 1.8.6p2
28
[6e32496280f2]
29
30
* src/exec.c:
31
When setting the signal handler for SIGTSTP to the default value in
32
non-I/O log mode, store the old handler value for when we restore it
33
after resume.
34
[242628694e42]
35
36
2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
37
38
* NEWS:
39
Mention support for SUCCESS=return in /etc/nsswitch.conf
40
[ef1f35aa0863]
41
42
* NEWS, configure, configure.in:
43
sudo 1.8.6p1
44
[73a5e1f004b3]
45
46
2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
47
48
* plugins/sudoers/env.c:
49
Avoid setting LOGNAME, USER and USERNAME variables twice when
50
set_logname is enabled.
51
[0de4f5fbd1d4]
52
53
* plugins/sudoers/env.c:
54
Fix duplicate detection in sudo_putenv(), do not prune out the
55
variable we just set when overwriting an existing instance. Fixes
56
bug #570
57
[854ee714c831]
58
59
* plugins/sudoers/env.c:
60
Add some debuggging
61
[a25cd3305823]
62
63
2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
64
65
* plugins/sudoers/sudo_nss.c:
66
Disable word wrap in list mode when stdout is a pipe to make "sudo
67
-l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
68
[65ade04511fd]
69
70
* common/lbuf.c:
71
Print a trailing newline in lbuf_print() when there is not enough
72
space to do word wrapping and the lbuf does not end with a newline.
73
[c0200e19cd09]
74
75
* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
76
Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
77
Kopecek
78
[5c480316e3ce]
79
80
* MANIFEST:
81
Add sssd.c
82
[9cadd014ef97]
83
84
2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
85
86
* plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
87
plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
88
plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
89
src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
90
regen .po files
91
[62423d4d143d]
92
93
* MANIFEST, plugins/sudoers/po/vi.mo:
94
Add Vietnamese sudoers translation from translationproject.org
95
[33666a605525]
96
97
* NEWS:
98
mention PIE
99
[05032e5304c6]
100
101
* MANIFEST, plugins/sudoers/po/vi.po:
102
Add Vietnamese sudoers translation from translationproject.org
103
[015c2204bae2]
104
105
2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
106
107
* Makefile.in, compat/Makefile.in, mkdep.pl:
108
Add missing signame dependency
109
[e493bfb01929]
110
111
* src/exec.c, src/ttyname.c:
112
Silence compiler warnings.
113
[1c5374b66d9b]
114
115
* MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
116
config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
117
src/exec.c, src/exec_pty.c:
118
Replace strsigname() with sig2str(), emulating it as needed.
119
[1e348cca1fa6]
120
121
* config.h.in, configure, configure.in, src/utmp.c:
122
Use fseeko() for legacy utmp handling if available.
123
[b4bbd8d2c0e9]
124
125
2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
126
127
* compat/strsigname.c, config.h.in, configure, configure.in:
128
Detect sys_sigabbrev[] and use it in place of sys_signame[] if
129
present. For some reason glibc does not declare sys_sigabbrev so we
130
must add an extern definition of our own.
131
[b38f3fbd7078]
132
133
* compat/strsignal.c, compat/strsigname.c:
134
Handle NULL entries in sys_siglist and sys_signame.
135
[a388959d9654]
136
137
* compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
138
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
139
Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
140
[711e41aba59a]
141
142
2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
143
144
* NEWS:
145
sync
146
[5a2522488754]
147
148
* src/exec.c:
149
Pass on SIGTSTP to the command if it was sent by a user process (not
150
the kernel or the terminal) when we are not I/O logging and set the
151
default SIGTSTP handler when we re-send the signal to ourself,
152
restoring our handler after we resume.
153
[4259c47e31c0]
154
155
* src/exec.c:
156
Shells typically change their process group when they start up so
157
that they can implement job control. Most well-behaved shells
158
change the pgrp back to its original value before suspending so we
159
must not try to restore in that case, lest we race with the child
160
upon resume, potentially stopping sudo with SIGTTOU while the
161
command continues to run. Some shells, such as pdksh, just suspend
162
the shell by sending SIGSTOP to themselves without restoring the
163
pgrp. In this case we need to change the pgrp back for them. Should
164
fix bug #568
165
[6ac6751ffd17]
166
167
2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
168
169
* MANIFEST, compat/Makefile.in, compat/mksigname.c,
170
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
171
config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
172
src/exec.c, src/exec_pty.c:
173
Use strsigname() to print signal names in the debug output. If the
174
system has no strsigname(), use our own.
175
[0735f18906b9]
176
177
2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
178
179
* plugins/sudoers/regress/testsudoers/test5.inc,
180
plugins/sudoers/regress/testsudoers/test5.sh:
181
Remove generated file and change path for temporary include file.
182
[4e9fa830c6b5]
183
184
* plugins/sudoers/Makefile.in:
185
When running regress tests, list pass/fail rate for each dir
186
(testsudoers and visudo) instead of the total. Also prevent the
187
result files from clobbering each other by keeping them in the
188
relevant directories.
189
[6aac53baff7d]
190
191
* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
192
plugins/sudoers/toke.c, plugins/sudoers/toke.l:
193
Don't print an error message in yyerror() if open_sudoers() fails,
194
we've already printed an error message. Also restore the check for
195
sudoers_warnings in yyerror().
196
[aa6036df5fb2]
197
198
* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
199
plugins/sudoers/toke.c, plugins/sudoers/toke.h,
200
plugins/sudoers/toke.l:
201
Avoid printing the >>> parse error <<< message for testsudoers when
202
the -t flag is specified.
203
[76f3433c8992]
204
205
2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
206
207
* plugins/sudoers/parse.c:
208
Fix NULL deref when an entry has no Runas_Entry
209
[4b14983ff6e7]
210
211
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
212
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
213
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
214
src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
215
src/po/zh_CN.mo, src/po/zh_CN.po:
216
sync with translationproject.org
217
[440e9c9b37de]
218
219
* NEWS:
220
sync
221
[3142ba2dce60]
222
223
* plugins/sudoers/check.c:
224
Correct the check_user() comment header.
225
[73da30308fff]
226
227
* plugins/sudoers/auth/sudo_auth.c:
228
Change a log_fatal() into log_error() when no auth methods are
229
configured. The caller already checks the return value.
230
[05f5c39793a7]
231
232
* plugins/sudoers/logging.c:
233
Add missing debug_return
234
[3a76bb7c2fe7]
235
236
2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
237
238
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
239
doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
240
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
241
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
242
doc/sudoers.man.in, doc/sudoers.mdoc.in:
243
Make the capitalization consistent for .Ss and .Sx
244
[5c5735ee4b2f]
245
246
* doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
247
doc/sudo.man.in, doc/sudo.mdoc.in:
248
Add COMMAND EXECUTION section that describes how sudo runs the
249
command, the extra sudo processes and signal handling.
250
[dff2d88e984e]
251
252
2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
253
254
* Makefile.in:
255
Happy Easter
256
[4b9d697c6b83]
257
258
2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
259
260
* compat/Makefile.in:
261
Don't echo the awk command when building siglist.in
262
[21daa72921e6]
263
264
* doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
265
doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
266
Cosmetic changes.
267
[19259528e9ad]
268
269
* doc/Makefile.in:
270
The HISTORY, LICENSE and CONTRIBUTORS files are not longer
271
generated.
272
[ea6ac9e981e6]
273
274
* MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
275
plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
276
plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
277
plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
278
src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
279
src/po/uk.po, src/po/vi.po:
280
Sync with translationproject.org and add Italian sudoers
281
translation.
282
[9276740aea59]
283
284
2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
285
286
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
287
Expand description of fqdn to talk about systems where the hosts
288
file is searched before DNS.
289
[4ee812ca6116]
290
291
2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
292
293
* doc/Makefile.in:
294
For cat pages there is nothing to make unless DEVEL is set.
295
[fab4a5b68708]
296
297
* configure, configure.in, doc/Makefile.in:
298
Always use mandoc to format cat pages and remove now-extraneous
299
nroff configure tests.
300
[5747f4ed5762]
301
302
* pp:
303
sync polypkg from git
304
[89ddf6ea3e3f]
305
306
* plugins/sudoers/sudoers.c:
307
Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
308
is not always the same as "fully qualified".
309
[7c1d9c098386]
310
311
2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
312
313
* doc/sudoers.mdoc.in:
314
Fix some typos. Describe error messages not related to policy
315
permissions.
316
[f5ebf9030d85]
317
318
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
319
plugins/sudoers/visudo.c:
320
Add new check_defaults() function to check (but not update) the
321
Defaults entries. Visudo can now use this instead of
322
update_defaults to check all the defaults regardless instead of just
323
the global Defaults entries.
324
[3fa879ce1b65]
325
326
2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
327
328
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
329
Document sudoers log format.
330
[08998a7061ab]
331
332
* NEWS:
333
Update for sudo 1.8.5p3
334
[6e102a5d4e8d]
335
336
* src/load_plugins.c:
337
Add missing check for I/O plugin API version when checking for the
338
presence of I/O plugin hooks.
339
[ef05c7eeaf81]
340
341
* src/hooks.c:
342
Can't call debug code in the process_hooks_xxx functions() since
343
ctime() may look up the timezone via the TZ environment variable.
344
[2179fb26bd8e]
345
346
2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
347
348
* src/exec_common.c, src/sesh.c, src/utmp.c:
349
Include signal.h before sudo_exec.h since it uses sigset_t * in the
350
fork_pty prototype.
351
[94fc0d859600]
352
353
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
354
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
355
doc/visudo.man.in, doc/visudo.mdoc.in:
356
Remove OPTIONS section; options now go inside DESCRIPTION
357
[a619fc58a746]
358
359
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
360
regen
361
[44719d80bc06]
362
363
* MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
364
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
365
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
366
plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
367
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
368
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
369
plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
370
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
371
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
372
src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
373
src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
374
Sync with translationproject.org and add new Slovenian translation.
375
[34b4b966bbac]
376
377
* common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
378
plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
379
plugins/sudoers/testsudoers.c:
380
Reduce the number of "internal error, foo overflow" messages that
381
need to be translated.
382
[93ffa2b3d53f]
383
384
* NEWS:
385
Mention HP-UX reboot fix.
386
[1e39b5aa32ac]
387
388
* INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
389
doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
390
plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
391
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
392
Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
393
data source. From Daniel Kopecek and Pavel Brezina.
394
[3f85e95d6928]
395
396
2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
397
398
* common/sudo_conf.c, src/load_plugins.c:
399
If sudo.conf contains an I/O plugin but no policy plugin, use
400
sudoers for the policy plugin. If a policy plugin is specified
401
without an I/O plugin, only the policy plugin will be loaded.
402
[ea192df2439d]
403
404
* doc/Makefile.in, doc/sudoers.man.in:
405
Do not modify the .Os section when building the .man.in file from
406
.mdoc.in.
407
[a9f9628e147f]
408
409
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
410
Add a note about wildcards matching multiple words and include an
411
example. Also mention that for sudoedit, a wildcard in command line
412
args does not match a slash.
413
[fcb9fbac14e0]
414
415
2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
416
417
* src/exec_pty.c, src/sudo_exec.h:
418
Fix a comment, update a variable name in a prototype; all cosmetic.
419
[e89f10cbd6e1]
420
421
* plugins/sudoers/iolog.c:
422
Cast 2nd argument of lseek() to off_t if it is a constant for
423
systems with 64-bit off_t but without a proper lseek() prototype.
424
[d8779da135d0]
425
426
* compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
427
plugins/sudoers/gram.c, plugins/sudoers/gram.y,
428
plugins/sudoers/visudo.c:
429
Fix some warnings from clang checker-267
430
[1e44ef7860b5]
431
432
* plugins/sample/sample_plugin.c:
433
Fix memory leak found by clang checker-267
434
[f8a43617fdfb]
435
436
2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
437
438
* src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
439
If we receive a signal from the command we executed, do not forward
440
it back to the command. This fixes a problem with BSD-derived
441
versions of the reboot command which send SIGTERM to all other
442
processes, including the sudo process. Sudo would then deliver
443
SIGTERM to reboot which would die before calling the reboot() system
444
call, effectively leaving the system in single user mode.
445
[4ffab9ab9e98]
446
447
2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
448
449
* doc/fixman.sh, doc/fixmdoc.sh:
450
Remove section about Solaris 10 on other systems. Add missing
451
sudoers.man.in bit to fixman.sh.
452
[176559199ba7]
453
454
2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
455
456
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
457
Expand section on Solaris privileges.
458
[3a1bfa2f1743]
459
460
* NEWS:
461
Expand a bit on the Solaris priv set changes.
462
[bffb78b4a520]
463
464
* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
465
plugins/sudoers/parse.c, plugins/sudoers/parse.h,
466
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
467
The second argument to init_parser() is now bool.
468
[fb727a4fb651]
469
470
* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
471
Fix printing of parse error message to stderr.
472
[dea6b420b84f]
473
474
* plugins/sudoers/check.c, plugins/sudoers/defaults.c,
475
plugins/sudoers/match.c, plugins/sudoers/parse.c,
476
plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
477
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
478
If a command matches using an empty Runas_List (i.e. Runas_List is
479
present but empty) and the -u option was not specified, set runas_pw
480
to user_pw instead of using runas_default. This is intended to be
481
used in conjunction with the Solaris Privilege Set support for rules
482
that grant privileges without changing the user.
483
[e84a081f3c11]
484
485
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
486
plugins/sudoers/gram.c, plugins/sudoers/gram.h,
487
plugins/sudoers/gram.y, plugins/sudoers/match.c,
488
plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
489
Add support for parsing an empty Runas_List, which only allows the
490
command to be run as the invoking user. This can be used in
491
conjunction with the Solaris Privilege Set support to grant
492
privileges without changing the user.
493
[dc34373792fc]
494
495
2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
496
497
* doc/fixman.sh:
498
Fix HP-UX, just use ".TH name section" like the vendor manuals.
499
[559738237c92]
500
501
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
502
Fix compilation on Solaris
503
[2d310302207c]
504
505
* .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
506
doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
507
doc/sudoers.mdoc.sh:
508
Generate a sed script file when munging *.mdoc or *.man instead of
509
passing sed expressions on the command line. Older seds do not
510
support \n in a replacement so generate and run a sed script
511
instead.
512
[0bcce3f1ca18]
513
514
* doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
515
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
516
doc/visudo.man.in:
517
Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
518
[fe0f10b63776]
519
520
2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
521
522
* src/exec.c:
523
When checking whether a signal is user-generated, compare si_code
524
against SI_USER instead of <= 0 since on HP-UX, terminal-related
525
signals get a code of 0.
526
[4e9021243343]
527
528
* src/sudo.c:
529
SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
530
interchangably. This causes problems when setting RLIMIT_NPROC to
531
RLIM_INFINITY due to a bug in bash where bash tries to honor the
532
value of _SC_CHILD_MAX but treats a value of -1 as an error, and
533
uses a default value of 32 instead.
534
535
Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
536
restored the previous value of RLIMIT_NPROC. However, that makes it
537
impossible to set nproc to unlimited. We now only restore the nproc
538
resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
539
cases, pam_limits will set RLIMIT_NPROC for us.
540
[cb71cc8d0b08]
541
542
2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
543
544
* plugins/sudoers/ldap.c:
545
Active Directory apparently requires that tenths of a second be
546
present in a date so append .0 to the "now" value in the time
547
filter. Also remove space for the global AND from TIMEFILTER_LENGTH
548
since it was not being used consistently. Buffers of
549
TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
550
[d28619ff6e45]
551
552
* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
553
Fix SELinux build
554
[cc0d1f4e851b]
555
556
2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
557
558
* MANIFEST:
559
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
560
were not being kept in sync.
561
[fc3ad1847cb1]
562
563
* doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
564
doc/license.pod:
565
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
566
were not being kept in sync.
567
[950363dffe3a]
568
569
2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
570
571
* plugins/sudoers/logging.c:
572
Fix printing of the permission denied message to standard error when
573
a user is not allowed to run a command. This got broken by the
574
recent logging changes.
575
[b7af63da3ca1]
576
577
* plugins/sudoers/sudoers_version.h:
578
Bump grammar version for Solaris privs.
579
[2a2baf024477]
580
581
* doc/schema.ActiveDirectory:
582
Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
583
were added. From David Hicks.
584
[3fc432a8edb4]
585
586
2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
587
588
* plugins/sudoers/Makefile.in:
589
Remove lex.yy.c when building toke.c
590
[72bb9e62b289]
591
592
* doc/Makefile.in:
593
Fix building docs in a build dir.
594
[7a6f435af022]
595
596
* doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
597
doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
598
doc/sudoreplay.pod, doc/visudo.pod:
599
Remove pod versions of the manual; we now use mdoc.
600
[5c967d2dd5db]
601
602
* MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
603
doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
604
Add post-processing scripts to strip out login class, BSD auth,
605
SELinux and privilege set bits when they are not supported.
606
[d0d51f72f597]
607
608
* NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
609
doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
610
doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
611
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
612
plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
613
plugins/sudoers/gram.h, plugins/sudoers/gram.y,
614
plugins/sudoers/parse.c, plugins/sudoers/parse.h,
615
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
616
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
617
plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
618
Merge in Solaris privilege support by Darren Moffat and John
619
Zolnowsky
620
[3aa0a64f2f5c]
621
622
2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
623
624
* doc/contributors.pod:
625
Sync with CONTRIBUTORS file
626
[9a0852306ad9]
627
628
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
629
doc/sudoers.man.in, doc/sudoreplay.man.in:
630
Regen .man.in files with my private mandoc.
631
[dc3c9fc449eb]
632
633
* doc/Makefile.in:
634
add MANDOC variable
635
[35527e66afc5]
636
637
2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
638
639
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
640
doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
641
Regen .man.in files with hacked mandoc to avoid issues with historic
642
nroff.
643
[d45cfa7d665f]
644
645
2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
646
647
* doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
648
Fix groff warnings.
649
[111d522ca807]
650
651
* doc/Makefile.in:
652
Fix dependencies for .man.in files.
653
[aefeffe1af2b]
654
655
* .hgignore:
656
Add doc/*.mdoc to ignore file
657
[1e4de6ef2ad8]
658
659
* INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
660
doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
661
doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
662
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
663
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
664
doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
665
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
666
doc/visudo.man.in, doc/visudo.mdoc.in:
667
Build .man.in and .cat files from .mdoc.in files. Add new --with-man
668
and --with-mdoc configure options.
669
[c963fd7e8f80]
670
671
2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
672
673
* doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
674
doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
675
Sudo manuals formatted in mdoc, to replace the pod versions.
676
[e6dca4030451]
677
678
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
679
doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
680
doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
681
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
682
doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
683
More minor costmetic fixes.
684
[a7287a68385a]
685
686
2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
687
688
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
689
Minor cosmetic fixes.
690
[9c48bdaf3946]
691
692
2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
693
694
* plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
695
Use "a password is required" instead of "password required" when the
696
-n flag is used and we need to read a password.
697
[a3c30fc41648]
698
699
2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com>
700
701
* NEWS:
702
Mention logging changes.
703
[8238fd6e02e8]
704
705
* plugins/sudoers/po/sudoers.pot:
706
regen
707
[e2cf634ba63b]
708
709
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
710
Document that other mail_* flags have precedence over mail_badpass.
711
[9f4cc9188f40]
712
713
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
714
plugins/sudoers/logging.c, plugins/sudoers/logging.h,
715
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
716
Move log_denial() calls and logic to log_failure(). Move
717
authentication failure logging to log_auth_failure(). Both of these
718
call audit_failure() for us.
719
720
This subtly changes logging for commands that are denied by sudoers
721
but where the user failed to enter the correct password.
722
Previously, these would be logged as "N incorrect password attempts"
723
but now are logged as "command not allowed". Fixes bug #563
724
[cad35f0b3ad7]
725
726
2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
727
728
* common/aix.c:
729
Do not set a resource limit to zero when we are unable to fetch a
730
value from /etc/security/limits.
731
[62bfb0a7895e]
732
733
2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
734
735
* sudo.pp:
736
Add "Provides: sudo" to debian sudo-ldap package
737
[beb8afa0beb2]
738
739
2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
740
741
* configure, configure.in, zlib/Makefile.in:
742
Define NO_VIZ for zlib when gcc doesn't support symbol visibility
743
attributes.
744
[9fdcbf526386]
745
746
* configure, configure.in:
747
Use the autoconf cache when checking for symbol export control
748
support.
749
[03c2cce8711f]
750
751
* INSTALL, common/Makefile.in, compat/Makefile.in, configure,
752
configure.in, mkpkg, plugins/sample/Makefile.in,
753
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
754
plugins/system_group/Makefile.in, src/Makefile.in:
755
Add configure check for building PIE executables instead of doing it
756
in mkpkg.
757
[02b5b78ef258]
758
759
* sudo.pp:
760
MacOS pp backend doesn't like modes longer than 4 characters.
761
[01b49022bf01]
762
763
2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
764
765
* configure, configure.in:
766
Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
767
-fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
768
will strip -fstack-protector from the linker flags and we always
769
link with libtool.
770
[0a0a0250ac2b]
771
772
2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
773
774
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
775
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
776
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
777
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
778
Regen for sudo 1.8.6
779
[1657ee28b496]
780
781
* NEWS, doc/sudoers.ldap.pod:
782
Document improved Tivoli Directory Server support.
783
[fb411edf4687]
784
785
* config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
786
Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
787
option to specify Tivoli key db password. Allow TLS ciphers to be
788
configured for Tivoli.
789
[737e17c91e60]
790
791
2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
792
793
* plugins/sudoers/ldap.c:
794
Tivoli Directory Server 6.3 libs always return a (bogus) error when
795
setting LDAP_OPT_CONNECT_TIMEOUT.
796
[504406637c38]
797
798
* NEWS:
799
Update
800
[687a755604e8]
801
802
* plugins/sudoers/ldap.c:
803
Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
804
same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
805
set an ldap option fatal.
806
[17cf93ae3304]
807
808
2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
809
810
* plugins/sudoers/sudoers.c:
811
Zero pointers in sudo_user struct after freeing, just in case.
812
[8eff1f80b943]
813
814
* plugins/sudoers/sudoers.c:
815
Free user_gids in close function if it has not already been freed.
816
[cbce28877f37]
817
818
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
819
plugins/sudoers/sudoers.h:
820
Defer group ID to name resolution until we actually need it.
821
[463e75b81e89]
822
823
* src/sudo.c:
824
It is safe to read in sudo.conf before calling user_info().
825
[3290b6434e3c]
826
827
* plugins/sudoers/env.c, plugins/sudoers/ldap.c:
828
Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
829
prevent potential truncation. Bug #562.
830
[29d9fc4e0c4e]
831
832
2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
833
834
* sudo.pp:
835
If installing with installp, error out if there is already an
836
instance of the rpm package installed.
837
[ec24c6faba22]
838
839
* mkpkg:
840
Add --disable-nls for AIX
841
[192ac2f7d65e]
842
843
2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
844
845
* sudo.pp:
846
Debian sudo-ldap packages should now depend on libldap-2.4-2, not
847
libldap2.
848
[cbcec71e6b58]
849
850
2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
851
852
* sudo.pp:
853
Add Homepage and Bugs to debian control file.
854
[0f19d7d14e66]
855
856
2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
857
858
* mkpkg:
859
fix typo when setting aix_freeware
860
[2fd6feb50195]
861
862
* common/Makefile.in, compat/Makefile.in, configure, configure.in,
863
doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
864
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
865
plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
866
Don't run regress tests or sudoers sanity check (using the newly-
867
built visudo) when cross compiling. Bug #560
868
[0c4e3f68b2f5]
869
870
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
871
plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
872
plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
873
plugins/sample_group/sample_group.exp,
874
plugins/sample_group/sample_group.map,
875
plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
876
plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
877
plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
878
plugins/system_group/system_group.exp,
879
plugins/system_group/system_group.map,
880
plugins/system_group/system_group.sym:
881
Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
882
it on demand Use a loader option file for HP-UX ld to explicitly
883
export symbols
884
[2402ff5302ab]
885
886
* src/Makefile.in:
887
Remove extraneous backslash
888
[8ca054de138c]
889
890
* plugins/sudoers/regress/check_symbols/check_symbols.c:
891
Don't check for errorx as an exported symbols as it is now a macro.
892
Check for user_in_group() instead.
893
[7b02c8ecd3ea]
894
895
2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
896
897
* configure, configure.in:
898
Adjust ld map file support to use an anonymous scope to match the
899
updated .map files.
900
[49be44282d9e]
901
902
2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
903
904
* config.h.in, configure, configure.in, include/gettext.h:
905
Older versions of Solaris lack ngettext()
906
[028af10dfa5f]
907
908
* configure, configure.in:
909
Move the check for -static-libgcc until after AC_LANG_WERROR has
910
been called and use AX_CHECK_COMPILE_FLAG().
911
[a7b09120e7ff]
912
913
* include/gettext.h:
914
Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
915
[3aa2780d4a4e]
916
917
* include/error.h, include/sudo_debug.h:
918
Fix gcc 2.x variant macro support.
919
[8e71c2370997]
920
921
* plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
922
Fix compilation on gcc 2.95 and other compilers that only allow
923
variable declarations at the beginning of a block.
924
[9d80c802bb46]
925
926
* configure, configure.in, plugins/sudoers/Makefile.in:
927
Link check_symbols with SUDO_LIBS to make sure we link with the
928
requisite libraries to successfully dlopen sudoers.so. This is
929
needed on HP-UX where a program dlopen()ing a shared object that
930
uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
931
pthreads).
932
[b8961cd82337]
933
934
* plugins/sudoers/regress/check_symbols/check_symbols.c:
935
Add check for exported local symbols. This will cause a "make
936
check" failure on systems where we don't support symbol hiding.
937
[8aa549389bb1]
938
939
* configure, configure.in:
940
Additional ${foo} -> $(foo) Makefile tweaks.
941
[046bbde18f52]
942
943
* plugins/sample/sample_plugin.map,
944
plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
945
plugins/system_group/system_group.map:
946
No need to provide a name for the scope in the map file since we
947
don't use the it for versioning.
948
[5ed4b997560d]
949
950
2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
951
952
* MANIFEST, plugins/sudoers/Makefile.in,
953
plugins/sudoers/regress/check_symbols/check_symbols.c:
954
Add regress test for symbol visibility.
955
[9adddd4e0518]
956
957
2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
958
959
* NEWS, configure, configure.in:
960
sudo 1.8.6
961
[57008a7afb77]
962
963
* configure, configure.in, include/missing.h:
964
Add support for controlling symbol visibility using the HP and
965
Solaris C compilers.
966
[46d5b468979e]
967
968
* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
969
plugins/sudoers/regress/iolog_path/check_iolog_path.c,
970
plugins/sudoers/sudoers.h:
971
Use the expanded io log dir when updating the sequence number.
972
Includes a workaround for older versions of sudo where the sequence
973
number was stored in the unexpanded io log dir.
974
[210797dab9a8]
975
976
2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
977
978
* src/parse_args.c:
979
Simplify "sudo -s" argv rewriting.
980
[7be143dae7c5]
981
982
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
983
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
984
plugins/system_group/Makefile.in, src/Makefile.in,
985
src/sudo_noexec.map:
986
Don't use a map file for sudo_noexec.so since Solaris ld doesn't
987
allow '*' in the global section. The libtool export flag is now
988
added to LT_LDFLAGS instead of commenting/uncommenting lines.
989
[38fc37a66b04]
990
991
2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
992
993
* config.h.in, configure, configure.in, include/missing.h:
994
The visibility attribute was actually added in gcc 3.3.x, not 4.0.
995
Just assume that if -fvisibility=hidden works that the attribute is
996
usable.
997
[d3904d6faf14]
998
999
* plugins/sudoers/check.c, plugins/sudoers/iolog.c,
1000
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
1001
plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
1002
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1003
plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
1004
plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
1005
plugins/system_group/system_group.c:
1006
Export group cache from sudoers.so for system_group.so to use.
1007
[16695d207fc5]
1008
1009
* MANIFEST, configure, configure.in, include/missing.h,
1010
plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
1011
plugins/sample_group/Makefile.in,
1012
plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
1013
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
1014
plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
1015
plugins/system_group/system_group.map, src/sudo_noexec.c,
1016
src/sudo_noexec.map:
1017
Use gcc's visibility attribute to specify when symbols are visible
1018
or hidden, if available. If not available, use an ELF version
1019
script if it is supported. If all else fails, fall back to using
1020
libtool's -export-symbols.
1021
[64e889921727]
1022
1023
2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
1024
1025
* sudo.pp:
1026
Add mode for installed locale files but leave the directories with
1027
default mode and owner.
1028
[142237dbb31f]
1029
1030
2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
1031
1032
* mkpkg, sudo.pp:
1033
Install AIX packages under /opt/freeware with links in /usr/bin and
1034
/usr/sbin. This matches the layout of the sudo package from AIX
1035
freeware.
1036
[0b79d47bbe01]
1037
1038
* Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
1039
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1040
plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
1041
Install shared objects with mode 0644 except on HP-UX which needs
1042
the executable bit set.
1043
[ae416af0ba6c]
1044
1045
* Makefile.in, doc/Makefile.in, include/Makefile.in,
1046
plugins/sudoers/Makefile.in, src/Makefile.in:
1047
Make installed file modes consistent with the file modes in the sudo
1048
package.
1049
[307386373289]
1050
1051
2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1052
1053
* doc/sudoers.pod:
1054
Add "%:" prefix when talking about QAS non-Unix group support.
1055
[7cb25f6861f8]
1056
1057
* pp, sudo.pp:
1058
Fix packaging of symbolic links on HP-UX when the link source
1059
already exists in the filesystem.
1060
[c9bb48031596]
1061
1062
* mkpkg:
1063
Only specify prefix if we are overriding the default value. Fixes
1064
the man dir (/usr/local/man vs. /usr/local/share/man).
1065
[65351b6c1697]
1066
1067
* sudo.pp:
1068
Fix setting of sudoedit_man variable.
1069
[9beed9ae5bba]
1070
1071
* doc/Makefile.in:
1072
Echo the command when linking the sudoedit manual.
1073
[6c83b5657b55]
1074
1075
2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
1076
1077
* mkpkg, sudo.pp:
1078
Build .deb packages with selinux support.
1079
[3fd9cb1b4526]
1080
1081
2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1082
1083
* sudo.pp:
1084
Don't list paths for unstripped binaries in the lintial overrides.
1085
[4c8e16f1773b]
1086
1087
* pp:
1088
Add support for Installed-Size header in control file, required by
1089
newer debian versions.
1090
[e97d76234bee]
1091
1092
* pp:
1093
Fix extended description in .deb files.
1094
[d35e27ace146]
1095
1096
* sudo.pp:
1097
Add Depends, Replaces and Conflicts headers for .deb packages.
1098
[76eb6c4b3278]
1099
1100
2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
1101
1102
* plugins/sudoers/sudo_nss.c:
1103
If there are no privs to print, write the message to the lbuf
1104
instead of printing it directly.
1105
[ecd56226abb7]
1106
1107
2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
1108
1109
* sudo.pp:
1110
Set -e in %pos and %preun for debian to quiet a lintian warning.
1111
[8bb908514df9]
1112
1113
* doc/Makefile.in, src/Makefile.in, sudo.pp:
1114
Install sudoedit and the sudoedit manual as symbolic links, not hard
1115
links and package them as such.
1116
[f317ff3cf3e7]
1117
1118
* sudo.pp:
1119
Make sudo binary permissions 755 instead of 111 Add lintian
1120
overrides file for .deb files.
1121
[991cd7d7f0e1]
1122
1123
* configure, configure.in, doc/Makefile.in, mkpkg:
1124
Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
1125
MANCOMPRESSEXT which can be used to compress the installed manual
1126
pages. Compress the man pages for .deb files to appease lintian.
1127
[4e34083b41d2]
1128
1129
* sudo.pp:
1130
Debian fixes:
1131
* fix modes to be more in line with what Debian expects
1132
* add section
1133
* install LICENSE as copyright and ChangeLog as changelog
1134
* create stub changelog.debian
1135
[7f6c5647f588]
1136
1137
* pp:
1138
Fix find command to properly skip files in the DEBIAN dir when
1139
building md5sums.
1140
[8918bde941fa]
1141
1142
* pp, sudo.pp:
1143
Use a debian-compliant package maintainer field.
1144
[fc51a94170eb]
1145
1146
2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
1147
1148
* plugins/sudoers/sudoreplay.c:
1149
No need to loop over atomic_writev(), it guarantees to write all
1150
data or return an error.
1151
1152
Fix handling of stdout/stderr that contains "\r\n" and handle a
1153
"\r\n" pair that spans a buffer.
1154
[8aaf02d90c45]
1155
1
1156
2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
2
1157
3
1158
* NEWS:
4
1159
Update for sudo 1.8.5p2
5
1160
[d369d4d40a19]
6
1161
1162
* plugins/sudoers/sudoreplay.c:
1163
Instead of doing extra write()s when replaying stdout, build up a
1164
vector for writev() instead. This results in far fewer system
1165
calls.
1166
[303d866c025c]
1167
7
1168
2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8
1169
9
1170
* src/env_hooks.c, src/sudo.h, src/tgetpass.c:
11
1172
DISPLAY and SUDO_ASKPASS in the environment.
12
1173
[04dbdccf4a14]
13
1174
1175
2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
1176
1177
* plugins/sudoers/sudoreplay.c:
1178
When replaying a log of stdout or stderr, do newline to carriage
1179
return + linefeed conversion. We cannot have termios do this for us
1180
since we've disabled output postprocessing (POST) when setting raw
1181
mode.
1182
[61352a7d996f]
1183
1184
2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
1185
1186
* configure, configure.in:
1187
When checking for -fstack-protector, treat warnings as fatal errors.
1188
[4124cd12d511]
1189
1190
2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
1191
1192
* configure, configure.in:
1193
Fix test for -z relro
1194
[548bdb6f5c4a]
1195
1196
* MANIFEST:
1197
Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
1198
[ed063264a2a1]
1199
1200
* INSTALL, aclocal.m4, configure, configure.in,
1201
m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
1202
Build with -fstack-protector and link with -zrelo where supported.
1203
Added --disable-hardening option to disable hardening options.
1204
[0b6c1a1ceb03]
1205
14
1206
2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
15
1207
1208
* plugins/sudoers/Makefile.in,
1209
plugins/sudoers/regress/testsudoers/test1.sh,
1210
plugins/sudoers/regress/testsudoers/test2.sh,
1211
plugins/sudoers/regress/testsudoers/test3.sh,
1212
plugins/sudoers/regress/testsudoers/test4.out.ok,
1213
plugins/sudoers/regress/testsudoers/test4.sh,
1214
plugins/sudoers/regress/testsudoers/test5.inc,
1215
plugins/sudoers/regress/testsudoers/test5.out.ok,
1216
plugins/sudoers/regress/testsudoers/test5.sh,
1217
plugins/sudoers/testsudoers.c:
1218
Add tests for sudoers mode, owner and group checks.
1219
[a7607443aba0]
1220
16
1221
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
17
1222
If sudoers_mode is group-readable but the actual sudoers file is
18
1223
not, open the file as uid 0, not uid 1. This fixes a problem when
21
1226
group-readable bit.
22
1227
[c056b6003e6f]
23
1228
1229
* INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
1230
No longer throw an error if sudoers is a symbolic link. Deprecated
1231
the --with-stow option as that is now (effectively) the default.
1232
[8ce783e54886]
1233
1234
2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
1235
1236
* plugins/sudoers/Makefile.in,
1237
plugins/sudoers/regress/testsudoers/test2.inc,
1238
plugins/sudoers/regress/testsudoers/test2.out.ok,
1239
plugins/sudoers/regress/testsudoers/test2.sh,
1240
plugins/sudoers/regress/testsudoers/test3.d/root,
1241
plugins/sudoers/regress/testsudoers/test3.out.ok,
1242
plugins/sudoers/regress/testsudoers/test3.sh:
1243
Add basic tests for #include and #includedir
1244
[b303e4218951]
1245
1246
* plugins/sudoers/testsudoers.c:
1247
Add -U sudoers_uid option to testsudoers.
1248
[3f8ed13501ba]
1249
24
1250
2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
25
1251
26
1252
* NEWS, configure, configure.in:
Loggerhead is a web-based interface for Breezy
Version: 2.0.1