]> granicus.if.org Git - sudo/log
sudo
8 years agoRemove last remnants of the deprecated --with-stow option.
Todd C. Miller [Thu, 18 Feb 2016 23:18:30 +0000 (16:18 -0700)]
Remove last remnants of the deprecated --with-stow option.

8 years agosrc/load_plugins.c needs _PATH_SUDO_CONF so allow it to be overridden
Todd C. Miller [Thu, 18 Feb 2016 23:13:51 +0000 (16:13 -0700)]
src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be overridden
via the Makefile like other consumers of _PATH_SUDO_CONF.  Bug #735

8 years agoAdd an administrative domain to the passwd/group cache key for
Todd C. Miller [Mon, 1 Feb 2016 18:08:58 +0000 (11:08 -0700)]
Add an administrative domain to the passwd/group cache key for
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.

8 years agoFedora dropped "core" from the name some time ago so just match on
Todd C. Miller [Mon, 1 Feb 2016 18:07:10 +0000 (11:07 -0700)]
Fedora dropped "core" from the name some time ago so just match on
f[0-9] for the rpm distro name provided by pp.  Since the version
numbers of Fedora and RHEL are so different switch to defining
variables to indicate which features should be enabled.  Works for
Fedora 23.

8 years agoTreat fedora core like centos/rhel for package building.
Todd C. Miller [Sun, 31 Jan 2016 14:36:44 +0000 (07:36 -0700)]
Treat fedora core like centos/rhel for package building.

8 years agoPlug some memory leaks in the tests.
Todd C. Miller [Fri, 29 Jan 2016 18:34:09 +0000 (11:34 -0700)]
Plug some memory leaks in the tests.

8 years agoIf realloc of sudoerslval.command.args fails, reset sudoerslval.command.args
Todd C. Miller [Fri, 29 Jan 2016 18:10:36 +0000 (11:10 -0700)]
If realloc of sudoerslval.command.args fails, reset sudoerslval.command.args
as well as arg_len and arg_size after freeing sudoerslval.command.args.

8 years agoWhen freeing the iobs after pty tear-down, also free the associated
Todd C. Miller [Fri, 29 Jan 2016 17:31:54 +0000 (10:31 -0700)]
When freeing the iobs after pty tear-down, also free the associated
event structures.  Quiets a memory leak warnings from address
sanitizer and valgrind.

8 years agoiolog_compress should be bool, not int
Todd C. Miller [Thu, 28 Jan 2016 22:36:15 +0000 (15:36 -0700)]
iolog_compress should be bool, not int

8 years agoQuiet address sanitizer leak detector.
Todd C. Miller [Thu, 28 Jan 2016 22:07:54 +0000 (15:07 -0700)]
Quiet address sanitizer leak detector.

8 years agoSimple garbage collection (really a to-be-freed list) for the sudoers
Todd C. Miller [Thu, 28 Jan 2016 21:53:48 +0000 (14:53 -0700)]
Simple garbage collection (really a to-be-freed list) for the sudoers
plugin.  Almost identical to what sudo.c uses.  Currenly only the
environment strings are collected at exit time which is enough to
quiet address sanitizer's leak detector.

8 years agoRename gc_cleanup to gc_run and remove I/O plugins from the plugin
Todd C. Miller [Thu, 28 Jan 2016 21:48:11 +0000 (14:48 -0700)]
Rename gc_cleanup to gc_run and remove I/O plugins from the plugin
list when freeing them.

8 years agoFree up the garbage via an atexit() handler instead of requiring
Todd C. Miller [Thu, 28 Jan 2016 18:01:42 +0000 (11:01 -0700)]
Free up the garbage via an atexit() handler instead of requiring
a call to gc_exit.

8 years agoPlug a memory leak in sudo_edit.
Todd C. Miller [Thu, 28 Jan 2016 17:54:34 +0000 (10:54 -0700)]
Plug a memory leak in sudo_edit.

8 years agomention --enable-asan
Todd C. Miller [Wed, 27 Jan 2016 23:49:24 +0000 (16:49 -0700)]
mention --enable-asan

8 years agoTry to deconfuse static analyzers a bit.
Todd C. Miller [Wed, 27 Jan 2016 23:19:22 +0000 (16:19 -0700)]
Try to deconfuse static analyzers a bit.

8 years agoAvoid possible NULL deref found by clang analyzer.
Todd C. Miller [Wed, 27 Jan 2016 23:07:35 +0000 (16:07 -0700)]
Avoid possible NULL deref found by clang analyzer.

8 years agoAdd --enable-asan configure flag to enable address sanitizer
Todd C. Miller [Wed, 27 Jan 2016 22:37:25 +0000 (15:37 -0700)]
Add --enable-asan configure flag to enable address sanitizer

8 years agoAdd support for garbage collecting info passed to the plugin before
Todd C. Miller [Wed, 27 Jan 2016 22:37:15 +0000 (15:37 -0700)]
Add support for garbage collecting info passed to the plugin before
exit to appease address sanitizer's leak detector (and valgrind's
leak checker).  We can't free these sooner since the plugin may be
using the memory.  For plugin API 2.0 it should be make clear that
the plugin must make a copy of the data in the arrays passed in to
the plugin's open() function.  Only enabled if NO_LEAKS is defined.

8 years agoauth_getpass() returns a dynamically allocated copy of the plaintext
Todd C. Miller [Wed, 27 Jan 2016 22:36:50 +0000 (15:36 -0700)]
auth_getpass() returns a dynamically allocated copy of the plaintext
password which needs to be freed after checking (and clearing) it.

8 years agoRemove sudo_fatalx() calls from format_plugin_settings().
Todd C. Miller [Wed, 27 Jan 2016 20:59:04 +0000 (13:59 -0700)]
Remove sudo_fatalx() calls from format_plugin_settings().

8 years agofn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
Todd C. Miller [Wed, 27 Jan 2016 16:28:08 +0000 (09:28 -0700)]
fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
a NULL poiner so there's no need to check before calling it.  Add
missing initialization of sss_sudo_result to NULL in sudo_sss_setdefs().

8 years agoAdd missing return when user is not found in sudo_sss_result_get().
Todd C. Miller [Wed, 27 Jan 2016 16:20:04 +0000 (09:20 -0700)]
Add missing return when user is not found in sudo_sss_result_get().
Previously we fell through to the default case which just logged a
debug message and returned so this just avoids the extra (generic)
debug message.

8 years agoFix a warning on AIX.
Todd C. Miller [Tue, 26 Jan 2016 21:35:14 +0000 (14:35 -0700)]
Fix a warning on AIX.

8 years agoPass updated user_env_out, not envp, to the I/O open function.
Todd C. Miller [Tue, 26 Jan 2016 14:42:57 +0000 (07:42 -0700)]
Pass updated user_env_out, not envp, to the I/O open function.

8 years agoPass updated argv/envp to the I/O open function like the plugin API
Todd C. Miller [Tue, 26 Jan 2016 14:39:43 +0000 (07:39 -0700)]
Pass updated argv/envp to the I/O open function like the plugin API
documents.

8 years agoAdd check for I/O log file handle being NULL. This could only
Todd C. Miller [Mon, 25 Jan 2016 23:18:22 +0000 (16:18 -0700)]
Add check for I/O log file handle being NULL.  This could only
happen if the front-end calls iolog_open with argc == 0 but actually
runs a command.

8 years agoAdditional debugging for pwutil functions.
Todd C. Miller [Sat, 23 Jan 2016 00:04:59 +0000 (17:04 -0700)]
Additional debugging for pwutil functions.

8 years agoWhen calling setauthdb(), save the old registry value so we can
Todd C. Miller [Sat, 23 Jan 2016 00:04:58 +0000 (17:04 -0700)]
When calling setauthdb(), save the old registry value so we can
restore it properly.  Previously we were setting the registry to
unrestricted instead of actually restoring it.

8 years agoUse SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin.
Todd C. Miller [Fri, 22 Jan 2016 18:22:58 +0000 (11:22 -0700)]
Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin.

8 years agoWhen parsing debug entries, don't make a lower value override a
Todd C. Miller [Thu, 21 Jan 2016 14:43:25 +0000 (07:43 -0700)]
When parsing debug entries, don't make a lower value override a
higher one.  For example, for "pcomm@debug,all@warn" the "all@warn"
should not set pcomm to "warn" when it is already at "debug".

8 years agoSet sudoedit_checkdir=false in command_details when it is disabled
Todd C. Miller [Wed, 20 Jan 2016 22:51:43 +0000 (15:51 -0700)]
Set sudoedit_checkdir=false in command_details when it is disabled
in sudoers.

8 years agoUpdate copyright year
Todd C. Miller [Wed, 20 Jan 2016 22:40:51 +0000 (15:40 -0700)]
Update copyright year

8 years agoIf the user runs "sudoedit /" we will receive ENOENT from openat(2)
Todd C. Miller [Wed, 20 Jan 2016 22:36:20 +0000 (15:36 -0700)]
If the user runs "sudoedit /" we will receive ENOENT from openat(2)
and sudoedit will try to create a file with the null string.  If
path is empty, open the cwd instead so sudoedit can give a sensible
error message.

8 years agoLog an error for invalid boolean strings.
Todd C. Miller [Wed, 20 Jan 2016 22:34:00 +0000 (15:34 -0700)]
Log an error for invalid boolean strings.

8 years agoFix off by one error in new SET_FLAG macro.
Todd C. Miller [Wed, 20 Jan 2016 22:09:32 +0000 (15:09 -0700)]
Fix off by one error in new SET_FLAG macro.

8 years agoDocument the race with sudoedit_checkdir in 1.8.15.
Todd C. Miller [Wed, 20 Jan 2016 18:00:05 +0000 (11:00 -0700)]
Document the race with sudoedit_checkdir in 1.8.15.

8 years agoDocument sudoedit_checkdir
Todd C. Miller [Wed, 20 Jan 2016 17:56:47 +0000 (10:56 -0700)]
Document sudoedit_checkdir

8 years agoThere are no systems that support O_SEARCH/O_PATH that do not also
Todd C. Miller [Wed, 20 Jan 2016 02:50:27 +0000 (19:50 -0700)]
There are no systems that support O_SEARCH/O_PATH that do not also
support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a
bit.

8 years agoregen
Todd C. Miller [Tue, 19 Jan 2016 22:23:07 +0000 (15:23 -0700)]
regen

8 years agoAdd 1.8.16 changes
Todd C. Miller [Tue, 19 Jan 2016 22:21:15 +0000 (15:21 -0700)]
Add 1.8.16 changes

8 years agoMake sudoedit_checkdir the default and update the documentation accordingly.
Todd C. Miller [Tue, 19 Jan 2016 21:16:25 +0000 (14:16 -0700)]
Make sudoedit_checkdir the default and update the documentation accordingly.

8 years agoAdd a SET_FLAG macro to simplify parsing command details boolean
Todd C. Miller [Tue, 19 Jan 2016 17:32:33 +0000 (10:32 -0700)]
Add a SET_FLAG macro to simplify parsing command details boolean
flags.  Previously, flags were only set and never cleared even if
the boolean value was false.  This was not a problem as there were
no default flags for the plugin to enable.  That will change in the
future.

8 years agoNeed to be root when switching to a different user.
Todd C. Miller [Mon, 18 Jan 2016 20:12:50 +0000 (13:12 -0700)]
Need to be root when switching to a different user.

8 years agoUse O_SEARCH on systems without O_PATH if present. It can be used
Todd C. Miller [Mon, 18 Jan 2016 19:38:41 +0000 (12:38 -0700)]
Use O_SEARCH on systems without O_PATH if present.  It can be used
for a similar purpose.

8 years agoUse faccessat(2) for directory writability instead of doing the
Todd C. Miller [Mon, 18 Jan 2016 17:45:47 +0000 (10:45 -0700)]
Use faccessat(2) for directory writability instead of doing the
checks manually where possible.  This also allows us to remove the
#ifdef __linux__ bits since we no longer use fstat(2) on Linux with
an O_PATH fd.

8 years agoAdd "I/O LOG FILES" section to the manual and move many of the
Todd C. Miller [Sat, 16 Jan 2016 23:47:42 +0000 (16:47 -0700)]
Add "I/O LOG FILES" section to the manual and move many of the
details from the log_input and log_output descriptions to it.

8 years agoUse "Nm sudoers" when talking about the plugin and "Em sudoers" when
Todd C. Miller [Sat, 16 Jan 2016 23:46:17 +0000 (16:46 -0700)]
Use "Nm sudoers" when talking about the plugin and "Em sudoers" when
talking about the sudoers file.

8 years agoRemove gzopen_w which is only defined on Windows.
Todd C. Miller [Wed, 13 Jan 2016 20:40:19 +0000 (13:40 -0700)]
Remove gzopen_w which is only defined on Windows.

8 years agoWork around the buggy pread(2) on 32-bit HP-UX 11.00 by using
Todd C. Miller [Wed, 13 Jan 2016 18:10:33 +0000 (11:10 -0700)]
Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using
pread64() on that platform.

8 years agoAdd support for matching the entire netgroup tuple (user, host, domain).
Todd C. Miller [Tue, 12 Jan 2016 21:59:44 +0000 (14:59 -0700)]
Add support for matching the entire netgroup tuple (user, host, domain).

8 years agoUse asprintf() to generate the netgroup filter instead of using
Todd C. Miller [Tue, 12 Jan 2016 21:29:09 +0000 (14:29 -0700)]
Use asprintf() to generate the netgroup filter instead of using
lots of concatenation.

8 years agoAdd missing sudo_debug_exit_ssize_t_v1 symbol.
Todd C. Miller [Tue, 12 Jan 2016 21:28:58 +0000 (14:28 -0700)]
Add missing sudo_debug_exit_ssize_t_v1 symbol.

8 years agoIn sudo_netgroup_lookup() only build up the search filter once
Todd C. Miller [Mon, 11 Jan 2016 23:35:05 +0000 (16:35 -0700)]
In sudo_netgroup_lookup() only build up the search filter once
instead of once per netgroup_base.

8 years agoIt is safe to pass ldap_msgfree() a NULL pointer.
Todd C. Miller [Mon, 11 Jan 2016 23:24:22 +0000 (16:24 -0700)]
It is safe to pass ldap_msgfree() a NULL pointer.

8 years agoOn overflow, warn before freeing anything.
Todd C. Miller [Mon, 11 Jan 2016 23:23:19 +0000 (16:23 -0700)]
On overflow, warn before freeing anything.

8 years agoUse user_runhost and user_srunhost instead of user_host and user_shost.
Todd C. Miller [Mon, 11 Jan 2016 22:54:02 +0000 (15:54 -0700)]
Use user_runhost and user_srunhost instead of user_host and user_shost.
Fixes "sudo -l -h other_host" for LDAP and sssd.

8 years agoSilence warning in digest_matches() on systems with no fexecve(2).
Todd C. Miller [Mon, 11 Jan 2016 23:55:52 +0000 (16:55 -0700)]
Silence warning in digest_matches() on systems with no fexecve(2).

8 years agoFix free() of invalid pointer introduced in the commit that stripped
Todd C. Miller [Mon, 11 Jan 2016 23:52:52 +0000 (16:52 -0700)]
Fix free() of invalid pointer introduced in the commit that stripped
whitespace between a '!' and the name in a sudoOption.

8 years agoFix free() of invalid pointer introduced in the commit that stripped
Todd C. Miller [Mon, 11 Jan 2016 23:44:05 +0000 (16:44 -0700)]
Fix free() of invalid pointer introduced in the commit that stripped
whitespace between a '!' and the name in a sudoOption.

8 years agoAdd missing dfd argument to the version of sudo_edit_openat_nofollow()
Todd C. Miller [Mon, 11 Jan 2016 23:36:40 +0000 (16:36 -0700)]
Add missing dfd argument to the version of sudo_edit_openat_nofollow()
for systems without O_NOFOLLOW.

8 years agoUpdate description of sudoedit_checkdir. Reported by Sander Bos.
Todd C. Miller [Mon, 11 Jan 2016 22:09:08 +0000 (15:09 -0700)]
Update description of sudoedit_checkdir.  Reported by Sander Bos.

8 years agoNo need to check whether the fd we opened is really a directory in
Todd C. Miller [Mon, 11 Jan 2016 18:15:42 +0000 (11:15 -0700)]
No need to check whether the fd we opened is really a directory in
sudo_edit_open_nonwritable() since if not, the openat() will fail
with ENOTDIR anyway.

8 years agoRewritten sudoedit_checkdir support that checks all the dirs in the
Todd C. Miller [Mon, 11 Jan 2016 01:31:29 +0000 (18:31 -0700)]
Rewritten sudoedit_checkdir support that checks all the dirs in the
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707

8 years agosync with translationproject.org
Todd C. Miller [Mon, 4 Jan 2016 17:47:11 +0000 (10:47 -0700)]
sync with translationproject.org

8 years agoAdd support for using fexecve() if supported on commands that are
Todd C. Miller [Mon, 4 Jan 2016 17:35:18 +0000 (10:35 -0700)]
Add support for using fexecve() if supported on commands that are
checksummed.

9 years agoCall openat() with the basename not the full path. From Ben Hutchings.
Todd C. Miller [Tue, 29 Dec 2015 20:38:14 +0000 (13:38 -0700)]
Call openat() with the basename not the full path.  From Ben Hutchings.

9 years agoFix compilation with --disable-shared
Todd C. Miller [Thu, 24 Dec 2015 15:26:26 +0000 (08:26 -0700)]
Fix compilation with --disable-shared

9 years agoCheck for existing dso in LD_PRELOAD and only add it if it is not
Todd C. Miller [Sun, 20 Dec 2015 21:08:47 +0000 (14:08 -0700)]
Check for existing dso in LD_PRELOAD and only add it if it is not
already present.

9 years agoClarify when SIGINT and SIGQUIT are relayed by sudo to the command.
Todd C. Miller [Fri, 18 Dec 2015 21:41:11 +0000 (14:41 -0700)]
Clarify when SIGINT and SIGQUIT are relayed by sudo to the command.

9 years agoActually use the plugin_dir Path setting in sudo.conf.
Todd C. Miller [Fri, 18 Dec 2015 21:05:02 +0000 (14:05 -0700)]
Actually use the plugin_dir Path setting in sudo.conf.

9 years agoThe Path setting for the plugin directory is "plugin_dir" not "plugin".
Todd C. Miller [Fri, 18 Dec 2015 21:03:59 +0000 (14:03 -0700)]
The Path setting for the plugin directory is "plugin_dir" not "plugin".

9 years agoAllow sudo.conf Path settings to disable path names (by setting the
Todd C. Miller [Fri, 18 Dec 2015 19:31:28 +0000 (12:31 -0700)]
Allow sudo.conf Path settings to disable path names (by setting the
value of NULL).

9 years agoChange noexec flag in selinux_execve() from int to bool.
Todd C. Miller [Wed, 16 Dec 2015 22:16:48 +0000 (15:16 -0700)]
Change noexec flag in selinux_execve() from int to bool.

9 years agoRefactor code to set LD_PRELOAD (or the equivalent) in the environment
Todd C. Miller [Wed, 16 Dec 2015 22:08:01 +0000 (15:08 -0700)]
Refactor code to set LD_PRELOAD (or the equivalent) in the environment
into a preload_dso() function.  Also avoid allocating a new copy
of the environment array if the size of the array does not change.

9 years agoAdd missing square brackets in configure option descriptions.
Todd C. Miller [Wed, 16 Dec 2015 21:57:37 +0000 (14:57 -0700)]
Add missing square brackets in configure option descriptions.

9 years agoDocument the names of the I/O log files and mention buffering.
Todd C. Miller [Fri, 11 Dec 2015 17:04:17 +0000 (10:04 -0700)]
Document the names of the I/O log files and mention buffering.
Document that I/O logs are in gzip format by default.

9 years agoAdd BASHOPTS to initial_badenv_table[]; from Stephane Chazelas
Todd C. Miller [Fri, 11 Dec 2015 00:14:56 +0000 (17:14 -0700)]
Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas

9 years agoWhen parsing sudoOptions that include an operator (!, +, +=, -=)
Todd C. Miller [Wed, 9 Dec 2015 21:57:33 +0000 (14:57 -0700)]
When parsing sudoOptions that include an operator (!, +, +=, -=)
strip out any whitespace on either side of the operator.

9 years agoStrip whitespace around '!', '=', '+=' and '-=' in Defaults entries.
Todd C. Miller [Tue, 8 Dec 2015 22:06:00 +0000 (15:06 -0700)]
Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries.

9 years agoDocument the race condition between the digest check and command
Todd C. Miller [Sun, 6 Dec 2015 22:34:53 +0000 (15:34 -0700)]
Document the race condition between the digest check and command
execution.

9 years agoWhen checking the query results, don't set user_matches in the
Todd C. Miller [Wed, 2 Dec 2015 21:06:37 +0000 (14:06 -0700)]
When checking the query results, don't set user_matches in the
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.

9 years agoIn list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST
Todd C. Miller [Wed, 2 Dec 2015 17:43:41 +0000 (10:43 -0700)]
In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.

9 years agoUse size_t for length parameters in the fill functions used by the
Todd C. Miller [Sun, 22 Nov 2015 16:22:38 +0000 (09:22 -0700)]
Use size_t for length parameters in the fill functions used by the
lexer.

9 years agoUse yy_size_t for digest_len since newer flex uses yy_size_t for
Todd C. Miller [Sun, 22 Nov 2015 16:19:12 +0000 (09:19 -0700)]
Use yy_size_t for digest_len since newer flex uses yy_size_t for
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.

9 years agoUse https in sudo.ws urls
Todd C. Miller [Fri, 20 Nov 2015 17:51:11 +0000 (10:51 -0700)]
Use https in sudo.ws urls

9 years agoUse https in urls.
Todd C. Miller [Fri, 20 Nov 2015 17:36:53 +0000 (10:36 -0700)]
Use https in urls.

9 years agosudo 1.8.16
Todd C. Miller [Fri, 20 Nov 2015 17:33:08 +0000 (10:33 -0700)]
sudo 1.8.16

9 years agoWhen preserving variables from the invoking user's environment, if
Todd C. Miller [Fri, 20 Nov 2015 16:55:18 +0000 (09:55 -0700)]
When preserving variables from the invoking user's environment, if
there are duplicates only keep the first instance.

9 years agoAdd debug_return_ssize_t
Todd C. Miller [Sun, 1 Nov 2015 22:13:28 +0000 (15:13 -0700)]
Add debug_return_ssize_t

9 years agoAvoid compilation error on Solaris 10 with Stun Studio 12.
Todd C. Miller [Sun, 1 Nov 2015 22:08:50 +0000 (15:08 -0700)]
Avoid compilation error on Solaris 10 with Stun Studio 12.
Bug #727

9 years agosync with translationproject.org
Todd C. Miller [Sat, 31 Oct 2015 23:33:51 +0000 (17:33 -0600)]
sync with translationproject.org

9 years agoMention ssp configure fix.
Todd C. Miller [Sat, 31 Oct 2015 15:10:58 +0000 (09:10 -0600)]
Mention ssp configure fix.

9 years agosync with translationproject.org
Todd C. Miller [Fri, 30 Oct 2015 16:20:47 +0000 (10:20 -0600)]
sync with translationproject.org

9 years agoDon't use CPPFLAGS for the -fstack-protector check. Otherwise on
Todd C. Miller [Fri, 30 Oct 2015 16:11:55 +0000 (10:11 -0600)]
Don't use CPPFLAGS for the -fstack-protector check.  Otherwise on
systems with _FORTIFY_SOURCE support we'll get an error due to the
lack of optimization flags.  Bug #725

9 years agoWhen checking for stack protector support we need to actually link
Todd C. Miller [Fri, 30 Oct 2015 14:49:22 +0000 (08:49 -0600)]
When checking for stack protector support we need to actually link
the test program.

9 years agoPreserve LDFLAGS when checking for stack protector as they may include
Todd C. Miller [Thu, 29 Oct 2015 20:06:21 +0000 (14:06 -0600)]
Preserve LDFLAGS when checking for stack protector as they may include
rpath settings to allow the stack protector lib to be found.  Avoid
using existing CFLAGS since we don't want the compiler to optimize
away the stack variable.

9 years agoBetter configure test for -fstack-protector. Some gcc installations
Todd C. Miller [Thu, 29 Oct 2015 16:51:09 +0000 (10:51 -0600)]
Better configure test for -fstack-protector.  Some gcc installations
may be missing the ssp library even though the compiler supports it.

9 years agoSet errno to EISDIR instead of ENOTDIR if directory is writable
Todd C. Miller [Sun, 25 Oct 2015 20:28:38 +0000 (14:28 -0600)]
Set errno to EISDIR instead of ENOTDIR if directory is writable
since ENOTDIR can be a legitimate errno.  This avoids a bogus
"directory is writable" error in that case.

9 years agoFix the check for whether to include 32-bit arch in Mac OS X packages.
Todd C. Miller [Sun, 25 Oct 2015 15:10:15 +0000 (09:10 -0600)]
Fix the check for whether to include 32-bit arch in Mac OS X packages.