]>
granicus.if.org Git - sudo/log
Todd C. Miller [Tue, 12 Jun 2012 17:52:20 +0000 (13:52 -0400)]
Add mode for installed locale files but leave the directories with
default mode and owner.
Todd C. Miller [Mon, 11 Jun 2012 19:07:16 +0000 (15:07 -0400)]
Install AIX packages under /opt/freeware with links in /usr/bin and
/usr/sbin. This matches the layout of the sudo package from AIX
freeware.
Todd C. Miller [Mon, 11 Jun 2012 14:45:34 +0000 (10:45 -0400)]
Install shared objects with mode 0644 except on HP-UX which needs
the executable bit set.
Todd C. Miller [Mon, 11 Jun 2012 14:17:19 +0000 (10:17 -0400)]
Make installed file modes consistent with the file modes in the
sudo package.
Todd C. Miller [Fri, 8 Jun 2012 17:28:47 +0000 (13:28 -0400)]
Add "%:" prefix when talking about QAS non-Unix group support.
Todd C. Miller [Fri, 8 Jun 2012 17:27:16 +0000 (13:27 -0400)]
Fix packaging of symbolic links on HP-UX when the link source already
exists in the filesystem.
Todd C. Miller [Fri, 8 Jun 2012 17:26:16 +0000 (13:26 -0400)]
Only specify prefix if we are overriding the default value.
Fixes the man dir (/usr/local/man vs. /usr/local/share/man).
Todd C. Miller [Fri, 8 Jun 2012 13:37:43 +0000 (09:37 -0400)]
Fix setting of sudoedit_man variable.
Todd C. Miller [Fri, 8 Jun 2012 13:37:08 +0000 (09:37 -0400)]
Echo the command when linking the sudoedit manual.
Todd C. Miller [Thu, 7 Jun 2012 17:59:36 +0000 (13:59 -0400)]
Build .deb packages with selinux support.
Todd C. Miller [Mon, 4 Jun 2012 19:06:04 +0000 (15:06 -0400)]
Don't list paths for unstripped binaries in the lintial overrides.
Todd C. Miller [Mon, 4 Jun 2012 18:53:47 +0000 (14:53 -0400)]
Add support for Installed-Size header in control file, required by
newer debian versions.
Todd C. Miller [Mon, 4 Jun 2012 17:22:47 +0000 (13:22 -0400)]
Fix extended description in .deb files.
Todd C. Miller [Mon, 4 Jun 2012 17:13:38 +0000 (13:13 -0400)]
Add Depends, Replaces and Conflicts headers for .deb packages.
Todd C. Miller [Fri, 1 Jun 2012 20:27:17 +0000 (16:27 -0400)]
If there are no privs to print, write the message to the lbuf instead
of printing it directly.
Todd C. Miller [Thu, 31 May 2012 20:10:44 +0000 (16:10 -0400)]
Set -e in %pos and %preun for debian to quiet a lintian warning.
Todd C. Miller [Thu, 31 May 2012 19:50:16 +0000 (15:50 -0400)]
Install sudoedit and the sudoedit manual as symbolic links, not
hard links and package them as such.
Todd C. Miller [Thu, 31 May 2012 18:26:16 +0000 (14:26 -0400)]
Make sudo binary permissions 755 instead of 111
Add lintian overrides file for .deb files.
Todd C. Miller [Thu, 31 May 2012 18:03:41 +0000 (14:03 -0400)]
Replace out of date MAN_POSTINSTALL with MANCOMPRESS and MANCOMPRESSEXT
which can be used to compress the installed manual pages.
Compress the man pages for .deb files to appease lintian.
Todd C. Miller [Thu, 31 May 2012 18:02:26 +0000 (14:02 -0400)]
Debian fixes:
* fix modes to be more in line with what Debian expects
* add section
* install LICENSE as copyright and ChangeLog as changelog
* create stub changelog.debian
Todd C. Miller [Thu, 31 May 2012 18:00:38 +0000 (14:00 -0400)]
Fix find command to properly skip files in the DEBIAN dir when
building md5sums.
Todd C. Miller [Thu, 31 May 2012 14:20:40 +0000 (10:20 -0400)]
Use a debian-compliant package maintainer field.
Todd C. Miller [Wed, 30 May 2012 14:46:02 +0000 (10:46 -0400)]
No need to loop over atomic_writev(), it guarantees to write all
data or return an error.
Fix handling of stdout/stderr that contains "\r\n" and handle a
"\r\n" pair that spans a buffer.
Todd C. Miller [Tue, 29 May 2012 18:28:42 +0000 (14:28 -0400)]
Update for sudo 1.8.5p2
Todd C. Miller [Tue, 29 May 2012 17:46:28 +0000 (13:46 -0400)]
Instead of doing extra write()s when replaying stdout, build up a
vector for writev() instead. This results in far fewer system
calls.
Todd C. Miller [Sun, 27 May 2012 16:48:55 +0000 (12:48 -0400)]
Provide unhooked version of getenv() and use it when looking up
DISPLAY and SUDO_ASKPASS in the environment.
Todd C. Miller [Fri, 25 May 2012 20:24:42 +0000 (16:24 -0400)]
When replaying a log of stdout or stderr, do newline to carriage
return + linefeed conversion. We cannot have termios do this for
us since we've disabled output postprocessing (POST) when setting
raw mode.
Todd C. Miller [Thu, 24 May 2012 15:03:10 +0000 (11:03 -0400)]
When checking for -fstack-protector, treat warnings as fatal errors.
Todd C. Miller [Tue, 22 May 2012 19:45:50 +0000 (15:45 -0400)]
Fix test for -z relro
Todd C. Miller [Tue, 22 May 2012 17:26:02 +0000 (13:26 -0400)]
Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
Todd C. Miller [Tue, 22 May 2012 17:23:19 +0000 (13:23 -0400)]
Build with -fstack-protector and link with -zrelo where supported.
Added --disable-hardening option to disable hardening options.
Todd C. Miller [Mon, 21 May 2012 19:39:24 +0000 (15:39 -0400)]
Add tests for sudoers mode, owner and group checks.
Todd C. Miller [Mon, 21 May 2012 17:59:02 +0000 (13:59 -0400)]
If sudoers_mode is group-readable but the actual sudoers file is
not, open the file as uid 0, not uid 1. This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
Todd C. Miller [Mon, 21 May 2012 17:30:59 +0000 (13:30 -0400)]
No longer throw an error if sudoers is a symbolic link. Deprecated
the --with-stow option as that is now (effectively) the default.
Todd C. Miller [Fri, 18 May 2012 18:29:55 +0000 (14:29 -0400)]
Add basic tests for #include and #includedir
Todd C. Miller [Fri, 18 May 2012 18:29:29 +0000 (14:29 -0400)]
Add -U sudoers_uid option to testsudoers.
Todd C. Miller [Thu, 17 May 2012 19:53:37 +0000 (15:53 -0400)]
Update for 1.8.5p1
Todd C. Miller [Thu, 17 May 2012 19:42:57 +0000 (15:42 -0400)]
Fix #includedir; from Mike Frysinger
Todd C. Miller [Thu, 17 May 2012 14:20:14 +0000 (10:20 -0400)]
Don't prompt for a password if the user is in the exempt group, is
root, or is running the command as themselves even if the -k option
was specified. This makes "sudo -k command" consistent with the
behavior one would get if the user ran "sudo -k" immediately before
running the command.
Todd C. Miller [Tue, 15 May 2012 16:15:30 +0000 (12:15 -0400)]
Fix capitalization
Todd C. Miller [Tue, 15 May 2012 16:08:22 +0000 (12:08 -0400)]
Build PIE executable on Mac OS X 10.5 and above.
Todd C. Miller [Mon, 14 May 2012 18:48:18 +0000 (14:48 -0400)]
Update for sudo 1.8.4p5
Todd C. Miller [Mon, 14 May 2012 18:47:48 +0000 (14:47 -0400)]
Add missing break between AF_INET and AF_INET6 in addr_matches_if_netmask()
Todd C. Miller [Mon, 14 May 2012 13:47:17 +0000 (09:47 -0400)]
Move systrace monitor code to the attic
Todd C. Miller [Fri, 11 May 2012 11:57:01 +0000 (07:57 -0400)]
The pointer to the siginfo_t struct in a signal handler may be NULL.
Todd C. Miller [Thu, 10 May 2012 15:06:46 +0000 (11:06 -0400)]
Fix an alignment problem on NetBSD systems with a 64-bit time_t and
strict alignment. Based on a patch from Martin Husemann.
Todd C. Miller [Thu, 10 May 2012 14:01:26 +0000 (10:01 -0400)]
Add offsetof macro for those without it.
Todd C. Miller [Thu, 10 May 2012 14:01:09 +0000 (10:01 -0400)]
add system_group plugin
Todd C. Miller [Wed, 9 May 2012 13:46:38 +0000 (09:46 -0400)]
Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
Todd C. Miller [Tue, 8 May 2012 20:59:10 +0000 (16:59 -0400)]
Mention system_group plugin
Todd C. Miller [Tue, 8 May 2012 20:57:06 +0000 (16:57 -0400)]
update depends
Todd C. Miller [Tue, 8 May 2012 20:39:37 +0000 (16:39 -0400)]
Only call gr_delref() when use sudo's password caching functions.
Todd C. Miller [Tue, 8 May 2012 20:38:36 +0000 (16:38 -0400)]
Add missing dependency on libreplace.la
Todd C. Miller [Tue, 8 May 2012 20:36:39 +0000 (16:36 -0400)]
Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL
and PROG_HANDLE.
Todd C. Miller [Tue, 8 May 2012 17:35:52 +0000 (13:35 -0400)]
Add group plugin that does lookups by name using the system group
database.
Todd C. Miller [Tue, 8 May 2012 14:57:07 +0000 (10:57 -0400)]
sync with translationproject.org
Todd C. Miller [Thu, 3 May 2012 19:46:39 +0000 (15:46 -0400)]
sync with translationproject.org
Todd C. Miller [Tue, 1 May 2012 17:47:14 +0000 (13:47 -0400)]
Add mode for docdir and use '-' (default) for localedir mode. Fixes
a problem on Linux when building in a directory with the setgid bit
set.
Todd C. Miller [Mon, 30 Apr 2012 23:36:01 +0000 (19:36 -0400)]
Match CentOS 6.0
Todd C. Miller [Tue, 24 Apr 2012 20:14:12 +0000 (16:14 -0400)]
Update with recent changes
Todd C. Miller [Tue, 24 Apr 2012 19:57:16 +0000 (15:57 -0400)]
Fix version check on AIX
Todd C. Miller [Tue, 24 Apr 2012 17:42:28 +0000 (13:42 -0400)]
regen
Todd C. Miller [Tue, 24 Apr 2012 16:52:36 +0000 (12:52 -0400)]
Need to call ldapssl_clientauth_init() for start_tls on Mozilla
LDAP SDK.
Todd C. Miller [Tue, 24 Apr 2012 14:34:02 +0000 (10:34 -0400)]
Fix printing of invalid uri
Todd C. Miller [Tue, 24 Apr 2012 13:48:58 +0000 (09:48 -0400)]
Pass PAM_SILENT when deleting creds to remove an annoying warning
message on Solaris.
Todd C. Miller [Tue, 24 Apr 2012 00:04:26 +0000 (20:04 -0400)]
Fix the setutxent and endutxent compatibility defines (this time
correctly) when only setutent and endutent are available.
Todd C. Miller [Mon, 23 Apr 2012 23:56:41 +0000 (19:56 -0400)]
sudo_ldap_set_options_global() should not take an LDAP handle as
an argument since the options affect the global settings.
Todd C. Miller [Mon, 23 Apr 2012 20:47:42 +0000 (16:47 -0400)]
Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
Todd C. Miller [Mon, 23 Apr 2012 20:38:16 +0000 (16:38 -0400)]
Call the policy's init_session() function before we fork the child.
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as pam_mount.
Todd C. Miller [Mon, 23 Apr 2012 20:29:48 +0000 (16:29 -0400)]
Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
not specified.
Todd C. Miller [Mon, 23 Apr 2012 20:11:49 +0000 (16:11 -0400)]
Delete creds after closing the PAM session.
Todd C. Miller [Mon, 23 Apr 2012 19:30:34 +0000 (15:30 -0400)]
Provide a more useful error message if using a Mozilla-style LDAP
SDK and you forgot to specify TLS_CERT in ldap.conf.
Todd C. Miller [Mon, 23 Apr 2012 18:56:31 +0000 (14:56 -0400)]
Add missing initialization of a sigaction structure when I/O logging.
Fixes a potential problem when suspending the command.
Todd C. Miller [Mon, 23 Apr 2012 17:08:57 +0000 (13:08 -0400)]
Split global and per-connection LDAP options into separate arrays.
Set global LDAP options before calling ldap_initialize() or ldap_init().
After we have an LDAP handle, set the per-connection options.
Fixes a problem with OpenLDAP using the nss crypto backend; bug #342
Todd C. Miller [Mon, 23 Apr 2012 12:12:36 +0000 (08:12 -0400)]
sync with translationproject.org
Todd C. Miller [Sat, 21 Apr 2012 17:37:46 +0000 (13:37 -0400)]
Move struct passwd pointer into struct command details.
Todd C. Miller [Fri, 20 Apr 2012 19:36:23 +0000 (15:36 -0400)]
Sync with upstream for Mac OS X (and other) fixes.
Todd C. Miller [Fri, 20 Apr 2012 14:38:43 +0000 (10:38 -0400)]
Only built Mac intel universal binary on an intel machine.
Todd C. Miller [Fri, 20 Apr 2012 13:41:18 +0000 (09:41 -0400)]
Do not pass libtool the -static-libtool-libs option when building
sudo and sesh. Otherwise, libtool may prefer a static version of
an installed library over a dynamic one when linking.
Todd C. Miller [Thu, 19 Apr 2012 15:54:15 +0000 (11:54 -0400)]
Add German translation for sudo
Add Croatian translation for sudoers
Todd C. Miller [Thu, 19 Apr 2012 15:49:18 +0000 (11:49 -0400)]
typo fix in comment
Todd C. Miller [Mon, 16 Apr 2012 18:23:19 +0000 (14:23 -0400)]
Update with recent changes
Todd C. Miller [Mon, 16 Apr 2012 16:55:11 +0000 (12:55 -0400)]
Sort xgettext output by file name.
Todd C. Miller [Mon, 16 Apr 2012 15:45:29 +0000 (11:45 -0400)]
Clarify what "sudoreplay -l" displays and mention that it is sorted.
Todd C. Miller [Mon, 16 Apr 2012 14:25:49 +0000 (10:25 -0400)]
Use AC_HEADER_MAJOR to determine where major/minor are defined.
Todd C. Miller [Mon, 16 Apr 2012 14:18:32 +0000 (10:18 -0400)]
Include sys/mkdev.h if present instead of sys/sysmacros.h for
minor(). This is needed on Solaris (at least) where the makedev
macros in sysmacros.h are obsolete and library functions should be
used instead.
Todd C. Miller [Mon, 16 Apr 2012 14:14:56 +0000 (10:14 -0400)]
When building on Mac OS X, only set SDK_FLAGS if specified osversion
doesn't match host.
Todd C. Miller [Sun, 15 Apr 2012 17:10:26 +0000 (13:10 -0400)]
Add back buf and tty variables for _ttyname() case that were
inadvertantly removed.
Todd C. Miller [Fri, 13 Apr 2012 20:22:16 +0000 (16:22 -0400)]
regen
Todd C. Miller [Fri, 13 Apr 2012 20:16:40 +0000 (16:16 -0400)]
Remove b8 from version number.
Todd C. Miller [Fri, 13 Apr 2012 20:16:10 +0000 (16:16 -0400)]
remove some XXX
Todd C. Miller [Fri, 13 Apr 2012 20:00:32 +0000 (16:00 -0400)]
When looking for a device match, do a breadth-first search instead
of depth-first. We already special case /dev/pts/ so chances are
good that if it is not a pseudo-tty it is in the base of /dev/.
Also avoid a stat(2) when possible if struct dirent has d_type.
Todd C. Miller [Fri, 13 Apr 2012 19:18:40 +0000 (15:18 -0400)]
Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
Todd C. Miller [Fri, 13 Apr 2012 18:17:26 +0000 (14:17 -0400)]
sync with translationproject.org
Todd C. Miller [Fri, 13 Apr 2012 18:15:22 +0000 (14:15 -0400)]
New Croatian and Galician translations from translationproject.org
Todd C. Miller [Fri, 13 Apr 2012 16:54:03 +0000 (12:54 -0400)]
Add depth-first traversal of /dev/ for the /proc case when not /dev/pts/N
Todd C. Miller [Fri, 13 Apr 2012 12:36:58 +0000 (08:36 -0400)]
If struct dirent has d_type, use it to avoid an extra stat().
Todd C. Miller [Fri, 13 Apr 2012 12:35:19 +0000 (08:35 -0400)]
Sort output of "sudoreplay -l"
Todd C. Miller [Thu, 12 Apr 2012 19:17:00 +0000 (15:17 -0400)]
Fix duplicate free introduced in last rev
Todd C. Miller [Wed, 11 Apr 2012 23:51:56 +0000 (19:51 -0400)]
Instead of treating ^C from tgetpass() specially, always
return AUTH_INTR if tgetpass() returned NULL.
Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X
returns this when there is no tty.