mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-28 12:57:50 +00:00
Code Issues Releases Wiki Activity

sudo 1.9.13

Browse Source 
Document the changes to AIX plugins in docs/UPGRADE.md and regenerate
configure using the latest autoconf from git.
This commit is contained in:
Todd C. Miller 2022-12-26 10:47:51 -07:00
parent 702f21f7f6
commit f6e0e87ba9
8 changed files with 449 additions and 589 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
INSTALL.md
View File

@ -332,6 +332,17 @@ Defaults are listed in brackets after the description.
via the user's PATH) and the default libtool that comes
with sudo.
--with-aix-soname=svr4
Starting with version 1.9.13, sudo will build AIX-style
shared libraries and dynamic shared objects by default
instead of svr4-style.. This means that the default sudo
plugins are now .a (archive) files that contain a .so shared
object file instead of bare .so files. This was done to
improve compatibility with the AIX Freeware ecosystem,
specifically, the AIX Freeware build of OpenSSL. To restore
the old, pre-1.9.13 behavior, run configure using the
--with-aix-soname=svr4 option.
### Optional features:
--disable-root-mailer

76
NEWS
View File

@ -1,3 +1,79 @@
What's new in Sudo 1.9.13
* Fixed a bug running relative commands via sudo when "log_subcmds"
is enabled. GitHub issue #194.
* Fixed a signal handling bug when running sudo commands in a shell
script. Signals were not being forwarded to the command when
the sudo process was not run in its own process group.
* Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
a newline and a backslash is the last character of the file.
* Fixed a compilation error on Linux/aarch64. GitHub issue #197.
* Fixed a potential use-after-free bug with cvtsudoers filtering.
GitHub issue #198.
* Added a reminder to the default lecture that the password will
not echo. This line is only displayed when the pwfeedback option
is disabled. GitHub issue #195.
* Fixed potential memory leaks in error paths. GitHub issues #199,
#202.
* Fixed potential NULL dereferences on memory allocation failure.
GitHub issues #204, #211.
* Sudo now uses C23-style attributes in function prototypes instead
of gcc-style attributes if supported.
* Fixed a potential crash introduced in the fix for GitHub issue #134.
If a user's sudoers entry did not have any RunAs user's set,
running "sudo -U otheruser -l" would dereference a NULL pointer.
* Added a new "list" pseudo-command in sudoers to allow a user to
list another user's privileges. Previously, only root or a user
with the ability to run any command as either root or the target
user on the current host could use the -U option. This also
includes a fix to the log entry when a user lacks permission to
run "sudo -U otheruser -l command". Previously, the logs would
indicate that the user tried to run the actual command, now the
log entry includes the list operation.
* JSON logging now escapes control characters if they happen to
appear in the command or environment.
* New Albanian translation from translationproject.org.
* Regular expressions in sudoers or logsrvd.conf may no longer
contain consecutive repetition operators. This is implementation-
specific behavior according to POSIX, but some implementations
will allocate excessive amounts of memory. This mainly affects
the fuzzers.
* Sudo now builds AIX-style shared libraries and dynamic shared
objects by default instead of svr4-style. This means that the
default sudo plugins are now .a (archive) files that contain a
.so shared object file instead of bare .so files. This was done
to improve compatibility with the AIX Freeware ecosystem,
specifically, the AIX Freeware build of OpenSSL. Sudo will still
load svr4-style .so plugins and if a .so file is requested,
either via sudo.conf or the sudoers file, and only the .a file
is present, sudo will convert the path from plugin.so to
plugin.a(plugin.so) when loading it. This ensures compatibility
with existing configurations. To restore the old, pre-1.9.13
behavior, run configure using the --with-aix-soname=svr4 option.
* Sudo no longer checks the ownership and mode of the plugins that
it loads. Plugins are configured via either the sudo.conf or
sudoers file which are trusted configuration files. These checks
suffered from time-of-check vs. time-of-use race conditions and
complicate loading plugins that are not simple paths. Ownership
and mode checks are still performed when loading the sudo.conf
and sudoers files, which do not suffer from race conditions.
The sudo.conf "developer_mode" setting is no longer used.
What's new in Sudo 1.9.12p1
* Sudo's configure script now does a better job of detecting when

19
config.h.in
View File

@ -319,7 +319,7 @@
/* Define to 1 if you have the 'freezero' function. */
#undef HAVE_FREEZERO
/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
/* Define to 1 if fseeko (and ftello) are declared in stdio.h. */
#undef HAVE_FSEEKO
/* Define to 1 if you have the 'fstatat' function. */
@ -1350,11 +1350,15 @@
#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
# undef __STDC_WANT_IEC_60559_DFP_EXT__
#endif
/* Enable extensions specified by C23 Annex F. */
#ifndef __STDC_WANT_IEC_60559_EXT__
# undef __STDC_WANT_IEC_60559_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
# undef __STDC_WANT_IEC_60559_FUNCS_EXT__
#endif
/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */
#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
# undef __STDC_WANT_IEC_60559_TYPES_EXT__
#endif
@ -1383,18 +1387,17 @@
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS
/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
/* Define to 1 if necessary to make fseeko visible. */
#undef _LARGEFILE_SOURCE
/* Define for large files, on AIX-style hosts. */
/* Define to 1 on platforms where this makes off_t a 64-bit type. */
#undef _LARGE_FILES
/* Number of bits in a timestamp, on hosts where this is settable. */
/* Number of bits in time_t, on hosts where this is settable. */
#undef _TIME_BITS
#if !defined __MINGW_USE_VC2005_COMPAT && defined __MINGW32__
# define __MINGW_USE_VC2005_COMPAT 1 /* For 64-bit time_t. */
#endif
/* Define to 1 on platforms where this makes time_t a 64-bit type. */
#undef __MINGW_USE_VC2005_COMPAT
/* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not
__func__ */

767
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.72a for sudo 1.9.12p1.
# Generated by GNU Autoconf 2.72a for sudo 1.9.13.
#
# Report bugs to <https://bugzilla.sudo.ws/>.
#
@ -614,8 +614,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo'
PACKAGE_VERSION='1.9.12p1'
PACKAGE_STRING='sudo 1.9.12p1'
PACKAGE_VERSION='1.9.13'
PACKAGE_STRING='sudo 1.9.13'
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
PACKAGE_URL=''
@ -655,6 +655,8 @@ ac_includes_default="\
ac_header_c_list=
ac_func_c_list=
ac_c_werror_flag=
enable_year2038=yes
enable_largefile=yes
ac_subst_vars='LTLIBOBJS
KRB5CONFIG
LIBOBJS
@ -1059,11 +1061,11 @@ enable_intercept
with_noexec
with_netsvc
enable_sia
enable_largefile
enable_year2038
with_pam_login
enable_pam_session
enable_kerb5_instance
enable_year2038
enable_largefile
'
ac_precious_vars='SENDMAILPROG
VIPROG
@ -1633,7 +1635,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
'configure' configures sudo 1.9.12p1 to adapt to many kinds of systems.
'configure' configures sudo 1.9.13 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1670,7 +1672,7 @@ Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [/etc]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
@ -1699,7 +1701,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of sudo 1.9.12p1:";;
short | recursive ) echo "Configuration of sudo 1.9.13:";;
esac
cat <<\_ACEOF
@ -1773,11 +1775,11 @@ Optional Features:
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-intercept fully qualified pathname of sudo_intercept.so
--disable-sia Disable SIA on Digital UNIX
--disable-largefile omit support for large files
--disable-year2038 omit support for timestamps past the year 2038
--disable-pam-session Disable PAM session support
--enable-kerb5-instance instance string to append to the username (separated
by a slash)
--disable-year2038 do not support timestamps after 2038
--disable-largefile omit support for large files
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@ -1990,7 +1992,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
sudo configure 1.9.12p1
sudo configure 1.9.13
generated by GNU Autoconf 2.72a
Copyright (C) 2022 Free Software Foundation, Inc.
@ -2668,7 +2670,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by sudo $as_me 1.9.12p1, which was
It was created by sudo $as_me 1.9.13, which was
generated by GNU Autoconf 2.72a. Invocation command line was
$ $0$ac_configure_args_raw
@ -4877,6 +4879,8 @@ printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; }
printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h
printf "%s\n" "#define __STDC_WANT_IEC_60559_EXT__ 1" >>confdefs.h
printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h
printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h
@ -19510,7 +19514,7 @@ main (void)
/* Refer to every declared value, so they cannot be
discarded as unused. */
return (!b + !c + !d + !e + !f + !g + !h + !i + !j + !k
return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !j + !k
+ !l + !m + !n + !o + !p + !pp + !ps);
;
@ -19628,26 +19632,21 @@ done
#
# Check for large file and 64-bit time support.
#
# Check whether --enable-largefile was given.
if test ${enable_largefile+y}
then :
enableval=$enable_largefile;
fi
if test "$enable_largefile" != no
then :
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
printf %s "checking for special C compiler options needed for large files... " >&6; }
if test ${ac_cv_sys_largefile_CC+y}
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable large file support" >&5
printf %s "checking for $CC option to enable large file support... " >&6; }
if test ${ac_cv_sys_largefile_opts+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) ac_cv_sys_largefile_CC=no
if test "$GCC" != yes; then
ac_save_CC=$CC
while :; do
# IRIX 6.2 and later do not support large files by default,
# so use the C compiler's -n32 option if that helps.
e) ac_save_CC="$CC"
ac_opt_found=no
for ac_opt in "none needed" "-D_FILE_OFFSET_BITS=64" "-D_LARGE_FILES=1" "-n32"; do
if test x"$ac_opt" != x"none needed"
then :
CC="$ac_save_CC $ac_opt"
fi
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <sys/types.h>
@ -19669,449 +19668,154 @@ main (void)
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
break
ac_cv_sys_largefile_opts="$ac_opt"
ac_opt_found=yes
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam
CC="$CC -n32"
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_sys_largefile_CC=' -n32'; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam
break
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
test $ac_opt_found = no || break
done
CC=$ac_save_CC
rm -f conftest.$ac_ext
fi ;;
CC="$ac_save_CC"
test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; }
if test "$ac_cv_sys_largefile_CC" != no; then
CC=$CC$ac_cv_sys_largefile_CC
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_opts" >&5
printf "%s\n" "$ac_cv_sys_largefile_opts" >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
if test ${ac_cv_sys_file_offset_bits+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) while :; do
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <sys/types.h>
/* Check that off_t can represent 2**63 - 1 correctly.
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
int
main (void)
{
ac_have_largefile=yes
case $ac_cv_sys_largefile_opts in #(
"none needed") :
;; #(
"support not detected") :
ac_have_largefile=no ;; #(
"-D_FILE_OFFSET_BITS=64") :
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_sys_file_offset_bits=no; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#undef _FILE_OFFSET_BITS
#define _FILE_OFFSET_BITS 64
#include <sys/types.h>
/* Check that off_t can represent 2**63 - 1 correctly.
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
int
main (void)
{
printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h
;; #(
"-D_LARGE_FILES=1") :
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_sys_file_offset_bits=64; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_cv_sys_file_offset_bits=unknown
break
done ;;
printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h
;; #(
"-n32") :
CC="$CC -n32" ;; #(
*) :
as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; }
case $ac_cv_sys_file_offset_bits in #(
no | unknown) ;;
*)
printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h
;;
esac
rm -rf conftest*
case $ac_cv_sys_file_offset_bits in #(
unknown) :
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
printf %s "checking for _LARGE_FILES value needed for large files... " >&6; }
if test ${ac_cv_sys_large_files+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) while :; do
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <sys/types.h>
/* Check that off_t can represent 2**63 - 1 correctly.
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
int
main (void)
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_sys_large_files=no; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#undef _LARGE_FILES
#define _LARGE_FILES 1
#include <sys/types.h>
/* Check that off_t can represent 2**63 - 1 correctly.
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
int
main (void)
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_sys_large_files=1; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_cv_sys_large_files=unknown
break
done ;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
printf "%s\n" "$ac_cv_sys_large_files" >&6; }
case $ac_cv_sys_large_files in #(
no | unknown) ;;
*)
printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h
;;
esac
rm -rf conftest* ;; #(
64) :
# Check whether --enable-year2038 was given.
if test ${enable_year2038+y}
then :
enableval=$enable_year2038;
fi
if test "$enable_year2038" != no
then :
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for time_t past the year 2038" >&5
printf %s "checking for time_t past the year 2038... " >&6; }
if test ${ac_cv_type_time_t_y2038+y}
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable timestamps after Jan 2038" >&5
printf %s "checking for $CC option to enable timestamps after Jan 2038... " >&6; }
if test ${ac_cv_sys_year2038_opts+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <time.h>
/* Check that time_t can represent 2**32 - 1 correctly. */
#define LARGE_TIME_T \\
((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
&& LARGE_TIME_T % 65537 == 0)
? 1 : -1];
_ACEOF
if ac_fn_c_try_compile "$LINENO"
e) ac_save_CPPFLAGS="$CPPFLAGS"
ac_opt_found=no
for ac_opt in "none needed" "-D_TIME_BITS=64" "-D__MINGW_USE_VC2005_COMPAT" "-U_USE_32_BIT_TIME_T -D__MINGW_USE_VC2005_COMPAT"; do
if test x"$ac_opt" != x"none needed"
then :
ac_cv_type_time_t_y2038=yes
else case e in #(
e) ac_cv_type_time_t_y2038=no ;;
esac
CPPFLAGS="$ac_save_CPPFLAGS $ac_opt"
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_y2038" >&5
printf "%s\n" "$ac_cv_type_time_t_y2038" >&6; }
if test "$ac_cv_type_time_t_y2038" = no; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit time_t with _TIME_BITS=64" >&5
printf %s "checking for 64-bit time_t with _TIME_BITS=64... " >&6; }
if test ${ac_cv_type_time_t_bits_macro+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#define _TIME_BITS 64
#define _FILE_OFFSET_BITS 64
#include <time.h>
/* Check that time_t can represent 2**32 - 1 correctly. */
#define LARGE_TIME_T \\
((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
&& LARGE_TIME_T % 65537 == 0)
? 1 : -1];
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_type_time_t_bits_macro=yes
else case e in #(
e) ac_cv_type_time_t_bits_macro=no ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_bits_macro" >&5
printf "%s\n" "$ac_cv_type_time_t_bits_macro" >&6; }
if test "$ac_cv_type_time_t_bits_macro" = yes; then
printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h
printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h
ac_cv_type_time_t_y2038=yes
fi
fi
if test $ac_cv_type_time_t_y2038 = no; then
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef _USE_32BIT_TIME_T
int ok;
#else
error fail
#endif
#include <time.h>
/* Check that time_t can represent 2**32 - 1 correctly. */
#define LARGE_TIME_T \\
((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
&& LARGE_TIME_T % 65537 == 0)
? 1 : -1];
int
main (void)
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
as_fn_error $? "The 'time_t' type stops working after January 2038.
Remove _USE_32BIT_TIME_T from the compiler flags.
See 'config.log' for more details" "$LINENO" 5; }
else case e in #(
e) # If not cross-compiling and says we should check,
# and 'touch' works with a large timestamp, then evidently wider time_t
# is desired and supported, so fail and ask the builder to fix the
# problem. Otherwise, just warn the builder.
if test "$ac_warned_about_y2038" != yes; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: The 'time_t' type stops working after January 2038,
and this package needs a wider 'time_t' type
if there is any way to access timestamps after that.
Configure with 'CC=\"${CC} -m64\"' perhaps?" >&5
printf "%s\n" "$as_me: WARNING: The 'time_t' type stops working after January 2038,
and this package needs a wider 'time_t' type
if there is any way to access timestamps after that.
Configure with 'CC=\"${CC} -m64\"' perhaps?" >&2;}
ac_warned_about_y2038=yes
fi
;;
esac
ac_cv_sys_year2038_opts="$ac_opt"
ac_opt_found=yes
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
test $ac_opt_found = no || break
done
CPPFLAGS="$ac_save_CPPFLAGS"
test $ac_opt_found = yes || ac_cv_sys_year2038_opts="support not detected" ;;
esac
fi
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_year2038_opts" >&5
printf "%s\n" "$ac_cv_sys_year2038_opts" >&6; }
ac_have_year2038=yes
case $ac_cv_sys_year2038_opts in #(
"none needed") :
;; #(
"support not detected") :
ac_have_year2038=no
case $enable_year2038 in #(
yes) :
# If we're not cross compiling and 'touch' works with a large
# timestamp, then we can presume the system supports wider time_t
# *somehow* and we just weren't able to detect it. One common
# case that we deliberately *don't* probe for is a system that
# supports both 32- and 64-bit ABIs but only the 64-bit ABI offers
# wide time_t. (It would be inappropriate for us to override an
# intentional use of -m32.) Error out, demanding use of
# --disable-year2038 if this is intentional.
if test $cross_compiling = no
then :
if TZ=UTC0 touch -t 210602070628.15 conftest.time 2>/dev/null
then :
case `TZ=UTC0 LC_ALL=C ls -l conftest.time 2>/dev/null` in #(
*'Feb 7 2106'* | *'Feb 7 17:10'*) :
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
as_fn_error $? "this system appears to support timestamps after
January 2038, but no mechanism for enabling wide
'time_t' was detected. Did you mean to build a 64-bit
binary? (e.g. 'CC=\"${CC} -m64\"'.) To proceed with
32-bit time_t, configure with '--disable-year2038'.
See 'config.log' for more details" "$LINENO" 5; } ;; #(
*) :
;;
esac
fi
# Check whether --enable-year2038 was given.
if test ${enable_year2038+y}
then :
enableval=$enable_year2038;
fi
if test "$enable_year2038" != no
then :
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for time_t past the year 2038" >&5
printf %s "checking for time_t past the year 2038... " >&6; }
if test ${ac_cv_type_time_t_y2038+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <time.h>
/* Check that time_t can represent 2**32 - 1 correctly. */
#define LARGE_TIME_T \\
((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
&& LARGE_TIME_T % 65537 == 0)
? 1 : -1];
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_type_time_t_y2038=yes
else case e in #(
e) ac_cv_type_time_t_y2038=no ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi ;; #(
*) :
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_y2038" >&5
printf "%s\n" "$ac_cv_type_time_t_y2038" >&6; }
if test "$ac_cv_type_time_t_y2038" = no; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit time_t with _TIME_BITS=64" >&5
printf %s "checking for 64-bit time_t with _TIME_BITS=64... " >&6; }
if test ${ac_cv_type_time_t_bits_macro+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#define _TIME_BITS 64
#define _FILE_OFFSET_BITS 64
#include <time.h>
/* Check that time_t can represent 2**32 - 1 correctly. */
#define LARGE_TIME_T \\
((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
&& LARGE_TIME_T % 65537 == 0)
? 1 : -1];
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_type_time_t_bits_macro=yes
else case e in #(
e) ac_cv_type_time_t_bits_macro=no ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_bits_macro" >&5
printf "%s\n" "$ac_cv_type_time_t_bits_macro" >&6; }
if test "$ac_cv_type_time_t_bits_macro" = yes; then
esac ;; #(
"-D_TIME_BITS=64") :
printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h
;; #(
"-D__MINGW_USE_VC2005_COMPAT=1") :
printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h
ac_cv_type_time_t_y2038=yes
fi
fi
if test $ac_cv_type_time_t_y2038 = no; then
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef _USE_32BIT_TIME_T
int ok;
#else
error fail
#endif
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h
;; #(
"-U_USE_32_BIT_TIME_T"*) :
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
as_fn_error $? "The 'time_t' type stops working after January 2038.
Remove _USE_32BIT_TIME_T from the compiler flags.
See 'config.log' for more details" "$LINENO" 5; }
else case e in #(
e) # If not cross-compiling and require-year2038-safe says we should check,
# and 'touch' works with a large timestamp, then evidently wider time_t
# is desired and supported, so fail and ask the builder to fix the
# problem. Otherwise, just warn the builder.
if test $cross_compiling = no \
&& TZ=UTC0 touch -t 210602070628.15 conftest.time 2>/dev/null; then
case `TZ=UTC0 LC_ALL=C ls -l conftest.time 2>/dev/null` in
*'Feb 7 2106'* | *'Feb 7 17:10'*)
{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
as_fn_error $? "The 'time_t' type stops working after January 2038,
and your system appears to support a wider 'time_t'.
Try configuring with 'CC=\"${CC} -m64\"'.
To build with a 32-bit time_t anyway (not recommended),
configure with '--disable-year2038'.
See 'config.log' for more details" "$LINENO" 5; };;
as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It
will stop working after January 2038. Remove
_USE_32BIT_TIME_T from the compiler flags.
See 'config.log' for more details" "$LINENO" 5; } ;; #(
*) :
as_fn_error $? "internal error: bad value for \$ac_cv_sys_year2038_opts" "$LINENO" 5 ;;
esac
rm -f conftest.time
fi
if test "$ac_warned_about_y2038" != yes; then
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: The 'time_t' type stops working after January 2038,
and this package needs a wider 'time_t' type
if there is any way to access timestamps after that.
Configure with 'CC=\"${CC} -m64\"' perhaps?" >&5
printf "%s\n" "$as_me: WARNING: The 'time_t' type stops working after January 2038,
and this package needs a wider 'time_t' type
if there is any way to access timestamps after that.
Configure with 'CC=\"${CC} -m64\"' perhaps?" >&2;}
ac_warned_about_y2038=yes
fi
;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
fi
#
# HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL.
# Also, HP-UX 11.23 has a broken sys/types.h when large files support
@ -21761,87 +21465,98 @@ printf "%s\n" "#define HAVE_GETGROUPS 1" >>confdefs.h
esac
LIBS=$ac_save_LIBS
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
if test ${ac_cv_sys_largefile_source+y}
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for declarations of fseeko and ftello" >&5
printf %s "checking for declarations of fseeko and ftello... " >&6; }
if test ${ac_cv_func_fseeko_ftello+y}
then :
printf %s "(cached) " >&6
else case e in #(
e) while :; do
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#if defined __hpux && !defined _LARGEFILE_SOURCE
#include <limits.h>
#if LONG_MAX >> 31 == 0
#error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
#endif
#endif
#include <sys/types.h> /* for off_t */
#include <stdio.h>
int
main (void)
{
int (*fp) (FILE *, off_t, int) = fseeko;
return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
ac_cv_sys_largefile_source=no; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#undef _LARGEFILE_SOURCE
#define _LARGEFILE_SOURCE 1
#if defined __hpux && !defined _LARGEFILE_SOURCE
#include <limits.h>
#if LONG_MAX >> 31 == 0
#error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
#endif
#endif
#include <sys/types.h> /* for off_t */
#include <stdio.h>
int
main (void)
{
int (*fp) (FILE *, off_t, int) = fseeko;
return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
ac_cv_sys_largefile_source=1; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
ac_cv_sys_largefile_source=unknown
break
done ;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
printf "%s\n" "$ac_cv_sys_largefile_source" >&6; }
case $ac_cv_sys_largefile_source in #(
no | unknown) ;;
*)
printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h
;;
esac
rm -rf conftest*
# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
# in glibc 2.1.3, but that breaks too many other things.
# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
if test $ac_cv_sys_largefile_source != unknown; then
#if defined __hpux && !defined _LARGEFILE_SOURCE
# include <limits.h>
# if LONG_MAX >> 31 == 0
# error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
# endif
#endif
#include <sys/types.h> /* for off_t */
#include <stdio.h>
int
main (void)
{
int (*fp1) (FILE *, off_t, int) = fseeko;
off_t (*fp2) (FILE *) = ftello;
return fseeko (stdin, 0, 0)
&& fp1 (stdin, 0, 0)
&& ftello (stdin) >= 0
&& fp2 (stdin) >= 0;
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_func_fseeko_ftello=yes
else case e in #(
e) ac_save_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE=1"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#if defined __hpux && !defined _LARGEFILE_SOURCE
# include <limits.h>
# if LONG_MAX >> 31 == 0
# error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
# endif
#endif
#include <sys/types.h> /* for off_t */
#include <stdio.h>
int
main (void)
{
int (*fp1) (FILE *, off_t, int) = fseeko;
off_t (*fp2) (FILE *) = ftello;
return fseeko (stdin, 0, 0)
&& fp1 (stdin, 0, 0)
&& ftello (stdin) >= 0
&& fp2 (stdin) >= 0;
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
ac_cv_func_fseeko_ftello="need _LARGEFILE_SOURCE"
else case e in #(
e) ac_cv_func_fseeko_ftello=no ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fseeko_ftello" >&5
printf "%s\n" "$ac_cv_func_fseeko_ftello" >&6; }
if test "$ac_cv_func_fseeko_ftello" != no
then :
printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h
fi
if test "$ac_cv_func_fseeko_ftello" = "need _LARGEFILE_SOURCE"
then :
printf "%s\n" "#define _LARGEFILE_SOURCE 1" >>confdefs.h
fi
ac_func=
@ -24488,7 +24203,7 @@ fi
libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`"
libssl_extra="`echo $libssl | sed 's/^[^ ]* *//'`"
libssl="`echo $libssl | sed 's/ .*//'`"
as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_SSL_new$libssl_extra" | sed "$as_sed_sh"`
as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_SSL_new" | sed "$as_sed_sh"`
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -l$libssl" >&5
printf %s "checking for SSL_new in -l$libssl... " >&6; }
if eval test \${$as_ac_Lib+y}
@ -24711,7 +24426,7 @@ fi
;;
esac
done
as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto""_EVP_MD_CTX_new$libcrypto_extra" | sed "$as_sed_sh"`
as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto""_EVP_MD_CTX_new" | sed "$as_sed_sh"`
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l$libcrypto" >&5
printf %s "checking for EVP_MD_CTX_new in -l$libcrypto... " >&6; }
if eval test \${$as_ac_Lib+y}
@ -24999,7 +24714,7 @@ fi
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5
printf %s "checking for SSL_new in -lssl... " >&6; }
if test ${ac_cv_lib_ssl_SSL_new_lcrypto+y}
if test ${ac_cv_lib_ssl_SSL_new+y}
then :
printf %s "(cached) " >&6
else case e in #(
@ -25028,9 +24743,9 @@ return SSL_new ();
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
ac_cv_lib_ssl_SSL_new_lcrypto=yes
ac_cv_lib_ssl_SSL_new=yes
else case e in #(
e) ac_cv_lib_ssl_SSL_new_lcrypto=no ;;
e) ac_cv_lib_ssl_SSL_new=no ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
@ -25038,9 +24753,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
LIBS=$ac_check_lib_save_LIBS ;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new_lcrypto" >&5
printf "%s\n" "$ac_cv_lib_ssl_SSL_new_lcrypto" >&6; }
if test "x$ac_cv_lib_ssl_SSL_new_lcrypto" = xyes
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new" >&5
printf "%s\n" "$ac_cv_lib_ssl_SSL_new" >&6; }
if test "x$ac_cv_lib_ssl_SSL_new" = xyes
then :
# Check OPENSSL_VERSION_NUMBER in headers
@ -25434,7 +25149,7 @@ fi
libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`"
libssl_extra=`echo $libssl | sed 's/^[^ ]* *//'`
libssl=`echo $libssl | sed 's/ .*//'`
as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_wolfSSL_new$libssl_extra" | sed "$as_sed_sh"`
as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_wolfSSL_new" | sed "$as_sed_sh"`
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for wolfSSL_new in -l$libssl" >&5
printf %s "checking for wolfSSL_new in -l$libssl... " >&6; }
if eval test \${$as_ac_Lib+y}
@ -28260,10 +27975,9 @@ if test ${with_pam-"no"} != "no"; then
# Check for pam_start() in libpam first, then for pam_appl.h.
#
found_pam_lib=no
as_ac_Lib=`printf "%s\n" "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | sed "$as_sed_sh"`
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
printf %s "checking for pam_start in -lpam... " >&6; }
if eval test \${$as_ac_Lib+y}
if test ${ac_cv_lib_pam_pam_start+y}
then :
printf %s "(cached) " >&6
else case e in #(
@ -28292,9 +28006,9 @@ return pam_start ();
_ACEOF
if ac_fn_c_try_link "$LINENO"
then :
eval "$as_ac_Lib=yes"
ac_cv_lib_pam_pam_start=yes
else case e in #(
e) eval "$as_ac_Lib=no" ;;
e) ac_cv_lib_pam_pam_start=no ;;
esac
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam \
@ -28302,10 +28016,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
LIBS=$ac_check_lib_save_LIBS ;;
esac
fi
eval ac_res=\$$as_ac_Lib
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
printf "%s\n" "$ac_res" >&6; }
if eval test \"x\$"$as_ac_Lib"\" = x"yes"
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5
printf "%s\n" "$ac_cv_lib_pam_pam_start" >&6; }
if test "x$ac_cv_lib_pam_pam_start" = xyes
then :
found_pam_lib=yes
fi
@ -34737,6 +34450,18 @@ LIBOBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
# Check whether --enable-year2038 was given.
if test ${enable_year2038+y}
then :
enableval=$enable_year2038;
fi
# Check whether --enable-largefile was given.
if test ${enable_largefile+y}
then :
enableval=$enable_largefile;
fi
: "${CONFIG_STATUS=./config.status}"
ac_write_fail=0
@ -35130,7 +34855,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by sudo $as_me 1.9.12p1, which was
This file was extended by sudo $as_me 1.9.13, which was
generated by GNU Autoconf 2.72a. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -35198,7 +34923,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
sudo config.status 1.9.12p1
sudo config.status 1.9.13
configured by $0, generated by GNU Autoconf 2.72a,
with options \\"\$ac_cs_config\\"

2
configure.ac
View File

@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
dnl
AC_PREREQ([2.70])
AC_INIT([sudo], [1.9.12p1], [https://bugzilla.sudo.ws/], [sudo])
AC_INIT([sudo], [1.9.13], [https://bugzilla.sudo.ws/], [sudo])
AC_CONFIG_HEADERS([config.h pathnames.h])
AC_CONFIG_SRCDIR([src/sudo.c])
AC_CONFIG_AUX_DIR([scripts])

19
docs/UPGRADE.md
View File

@ -1,6 +1,25 @@
Notes on upgrading from an older release
========================================
* Upgrading from a version prior to 1.9.13:
Sudo now builds AIX-style shared libraries and dynamic shared
objects by default instead of svr4-style. This means that the
default sudo plugins are now .a (archive) files that contain a
.so shared object file instead of bare .so files. This was done
to improve compatibility with the AIX Freeware ecosystem,
specifically, the AIX Freeware build of OpenSSL. When loading
a .a file as a plugin the name of the included .so file must
also be specified, for example /usr/libexec/sudo/sudoers.a(sudoers.so).
Sudo is still capable of loading svr4-style .so plugins and if
a .so file is requested, either via sudo.conf or the sudoers
file, and only the .a file is present, sudo will convert the
path from plugin.so to plugin.a(plugin.so). This ensures
compatibility with existing configurations. To restore the old,
pre-1.9.13 behavior, run configure using the --with-aix-soname=svr4
option.
* Upgrading from a version prior to 1.9.10:
Sudo now interprets a command line argument in sudoers that

48
scripts/config.guess vendored
View File

@ -1,14 +1,14 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2021 Free Software Foundation, Inc.
# Copyright 1992-2022 Free Software Foundation, Inc.
# shellcheck disable=SC2006,SC2268 # see below for rationale
timestamp='2021-06-03'
timestamp='2022-05-25'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@ -60,7 +60,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2021 Free Software Foundation, Inc.
Copyright 1992-2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -437,7 +437,7 @@ case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
# This test works for both compilers.
if test "$CC_FOR_BUILD" != no_compiler_found; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH=x86_64
@ -929,6 +929,9 @@ EOF
i*:PW*:*)
GUESS=$UNAME_MACHINE-pc-pw32
;;
*:SerenityOS:*:*)
GUESS=$UNAME_MACHINE-pc-serenity
;;
*:Interix*:*)
case $UNAME_MACHINE in
x86)
@ -1148,16 +1151,27 @@ EOF
;;
x86_64:Linux:*:*)
set_cc_for_build
CPU=$UNAME_MACHINE
LIBCABI=$LIBC
if test "$CC_FOR_BUILD" != no_compiler_found; then
if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_X32 >/dev/null
then
LIBCABI=${LIBC}x32
ABI=64
sed 's/^ //' << EOF > "$dummy.c"
#ifdef __i386__
ABI=x86
#else
#ifdef __ILP32__
ABI=x32
#endif
#endif
EOF
cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'`
eval "$cc_set_abi"
case $ABI in
x86) CPU=i686 ;;
x32) LIBCABI=${LIBC}x32 ;;
esac
fi
fi
GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
GUESS=$CPU-pc-linux-$LIBCABI
;;
xtensa*:Linux:*:*)
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
@ -1364,8 +1378,11 @@ EOF
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
GUESS=i586-pc-haiku
;;
x86_64:Haiku:*:*)
GUESS=x86_64-unknown-haiku
ppc:Haiku:*:*) # Haiku running on Apple PowerPC
GUESS=powerpc-apple-haiku
;;
*:Haiku:*:*) # Haiku modern gcc (not bound by BeOS compat)
GUESS=$UNAME_MACHINE-unknown-haiku
;;
SX-4:SUPER-UX:*:*)
GUESS=sx4-nec-superux$UNAME_RELEASE
@ -1522,6 +1539,9 @@ EOF
i*86:rdos:*:*)
GUESS=$UNAME_MACHINE-pc-rdos
;;
i*86:Fiwix:*:*)
GUESS=$UNAME_MACHINE-pc-fiwix
;;
*:AROS:*:*)
GUESS=$UNAME_MACHINE-unknown-aros
;;

20
scripts/config.sub vendored
View File

@ -1,14 +1,14 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2021 Free Software Foundation, Inc.
# Copyright 1992-2022 Free Software Foundation, Inc.
# shellcheck disable=SC2006,SC2268 # see below for rationale
timestamp='2021-08-14'
timestamp='2022-01-03'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@ -76,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2021 Free Software Foundation, Inc.
Copyright 1992-2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -1020,6 +1020,11 @@ case $cpu-$vendor in
;;
# Here we normalize CPU types with a missing or matching vendor
armh-unknown | armh-alt)
cpu=armv7l
vendor=alt
basic_os=${basic_os:-linux-gnueabihf}
;;
dpx20-unknown | dpx20-bull)
cpu=rs6000
vendor=bull
@ -1121,7 +1126,7 @@ case $cpu-$vendor in
xscale-* | xscalee[bl]-*)
cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
;;
arm64-*)
arm64-* | aarch64le-*)
cpu=aarch64
;;
@ -1304,7 +1309,7 @@ esac
if test x$basic_os != x
then
# First recognize some ad-hoc caes, or perhaps split kernel-os, or else just
# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
# set os.
case $basic_os in
gnu/linux*)
@ -1748,7 +1753,8 @@ case $os in
| skyos* | haiku* | rdos* | toppers* | drops* | es* \
| onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
| midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
| nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr*)
| nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
| fiwix* )
;;
# This one is extra strict with allowed versions
sco3.2v2 | sco3.2v[4-9]* | sco5v6*)