diff --git a/ChangeLog b/ChangeLog index 10df53ab8..b38795270 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,22 @@ +2007-07-22 08:14 millert + + * auth/pam.c: Run cleanup code if the user hits ^C at the password + prompt. + +2007-07-22 08:13 millert + + * auth/pam.c: Some versions of pam_lastlog have a bug that will + cause a crash if PAM_TTY is not set so if there is no tty, set + PAM_TTY to the empty string. + +2007-07-20 09:32 millert + + * Makefile.in: ChageLog not Changelog + +2007-07-20 09:31 millert + + * ChangeLog: sync + 2007-07-20 09:29 millert * Makefile.in: CHANGE -> Changelog @@ -29,29 +48,6 @@ * env.c: Split sudo_setenv() into an external version and a version only for use by rebuild_env(). -2007-07-18 07:13 millert - - * ldap.c (SUDO_1_6_9): Use emul/err.h if no - -2007-07-17 09:19 millert - - * visudo.c (SUDO_1_6_9): add missing braces - -2007-07-16 22:55 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in (SUDO_1_6_9): regen - -2007-07-16 22:51 millert - - * configure, ldap.c, config.h.in, configure.in, README.LDAP - (SUDO_1_6_9): back out LDAP SASL support; it is not read for - 1.6.9 - -2007-07-16 22:50 millert - - * CHANGES (SUDO_1_6_9): checkpoint for 1.6.9 - 2007-07-16 19:40 millert * ldap.c: Add support for using gss_krb5_ccache_name() instead of @@ -73,11 +69,6 @@ * env.c, sudo.h: Add sudo_unsetenv() and refactor private env syncing code into sync_env(). -2007-07-16 07:28 millert - - * README.LDAP, ldap.c (SUDO_1_6_9): The ldap.conf variable is - sasl_auth_id, not sasl_authid. - 2007-07-16 07:27 millert * README.LDAP, ldap.c: The ldap.conf variable is sasl_auth_id not @@ -98,23 +89,21 @@ 2007-07-15 12:47 millert - * ldap.c (SUDO_1_6_9), ldap.c: Fix use_sasl vs. rootuse_sasl logic. + * ldap.c: Fix use_sasl vs. rootuse_sasl logic. 2007-07-15 09:23 millert - * README.LDAP, config.h.in, configure, configure.in, ldap.c - (SUDO_1_6_9), README.LDAP, config.h.in, configure, configure.in, - ldap.c: Add support for SASL auth when connecting to an LDAP - server. Adapted from a diff by Tom McLaughlin. + * README.LDAP, config.h.in, configure, configure.in, ldap.c: Add + support for SASL auth when connecting to an LDAP server. Adapted + from a diff by Tom McLaughlin. 2007-07-14 16:32 millert - * configure, configure.in (SUDO_1_6_9), configure, configure.in: - Only enable AIX or BSD auth if no other exclusive auth method has - been chosen. Allows people to e.g., use PAM on AIX without - adding --without-aixauth. A better solution is needed to deal - with default authentication since if a non-exclusive method is - chosen we will still get an error. + * configure, configure.in: Only enable AIX or BSD auth if no other + exclusive auth method has been chosen. Allows people to e.g., + use PAM on AIX without adding --without-aixauth. A better + solution is needed to deal with default authentication since if a + non-exclusive method is chosen we will still get an error. 2007-07-11 11:23 millert @@ -127,22 +116,8 @@ 2007-07-09 19:25 millert - * sudo.pod (SUDO_1_6_9), sudo.pod: Better explanation of - environment handling in the sudo man page. - -2007-07-09 17:53 millert - - * parse.yacc (SUDO_1_6_9): Reset safe_cmnd if we hit an ALL - command. Works around a bug where the last matched command in - sudoers was executed even for sudo ALL. - -2007-07-09 15:15 millert - - * env.c, sudo.c, sudo.pod, sudoers.pod (SUDO_1_6_9): Allow user to - set environment variables on the command line as long as they are - allowed by env_keep and env_check. Ie: apply the same - restrictions as normal environment variables. Also Defer Setting - user-specified env vars until after authentication. + * sudo.pod: Better explanation of environment handling in the sudo + man page. 2007-07-09 15:13 millert @@ -163,10 +138,9 @@ 2007-07-08 14:44 millert - * sudo.c, sudo_edit.c (SUDO_1_6_9), sudo.c, sudo_edit.c: Call - rebuild_env() in call cases. Pass original envp to sudo_edit(). - Don't allow -E or env var setting in sudoedit mode. More - accurate usage() when called as sudoedit. + * sudo.c, sudo_edit.c: Call rebuild_env() in call cases. Pass + original envp to sudo_edit(). Don't allow -E or env var setting + in sudoedit mode. More accurate usage() when called as sudoedit. 2007-07-08 14:41 millert @@ -174,8 +148,7 @@ 2007-07-08 14:11 millert - * sudo.pod (SUDO_1_6_9), sudo.pod: add -c option to sudoedit - synopsis + * sudo.pod: add -c option to sudoedit synopsis 2007-07-08 10:27 millert @@ -194,45 +167,22 @@ 2007-07-08 09:17 millert - * sudoers (SUDO_1_6_9), sudoers: add SETENV tag - -2007-07-07 13:55 millert - - * sudo.c (SUDO_1_6_9): Undo editing gaff and restore 2 lines. - -2007-07-06 15:52 millert - - * check.c, sudo.c (SUDO_1_6_9): Do not update timestamp if user not - validated by sudoers. + * sudoers: add SETENV tag 2007-07-06 15:51 millert * parse.c: Make pwcheck local to the pwflag block. Use pwcheck even if user didn't match since Defaults options may still apply. -2007-07-06 15:34 millert - - * parse.c (SUDO_1_6_9): Make pwcheck local to the pwflag block. - 2007-07-06 14:51 millert * check.c, sudo.c: Do not update timestamp if user not validated by sudoers. -2007-07-06 10:19 millert - - * CHANGES (SUDO_1_6_9): checkpoint for rc2 - 2007-07-06 10:14 millert - * logging.c, set_perms.c, sudo.h (SUDO_1_6_9): PERM_FULL_ROOT is - now no different than PERM_ROOT so remove PERM_FULL_ROOT - -2007-07-06 10:14 millert - - * set_perms.c (SUDO_1_6_9), set_perms.c: for PERM_RUNAS, set the - egid to the runas user's gid and restore to the user's original - in PERM_ROOT + * set_perms.c: for PERM_RUNAS, set the egid to the runas user's gid + and restore to the user's original in PERM_ROOT 2007-07-06 10:04 millert @@ -241,13 +191,13 @@ 2007-07-06 09:49 millert - * check.c (SUDO_1_6_9), check.c: don't check timestamp mtime if we - are just going to remove it + * check.c: don't check timestamp mtime if we are just going to + remove it 2007-07-06 09:33 millert - * sudoers.pod (SUDO_1_6_9), sudoers.pod: Move sudoers defaults - parameters into their own section. + * sudoers.pod: Move sudoers defaults parameters into their own + section. 2007-07-05 20:21 millert @@ -267,45 +217,28 @@ 2007-07-05 15:46 millert - * parse.c (SUDO_1_6_9), match.c: Less hacky way of testing whether - the domain was set. + * match.c: Less hacky way of testing whether the domain was set. 2007-07-04 15:50 millert - * INSTALL (SUDO_1_6_9), INSTALL: Mention pam-devel and - openldap-devel for Linux - -2007-07-04 12:58 millert - - * sudo.pod (SUDO_1_6_9): minor cleanup + * INSTALL: Mention pam-devel and openldap-devel for Linux 2007-07-03 19:38 millert - * README.LDAP (SUDO_1_6_9), README.LDAP: or vs. are - -2007-07-03 19:37 millert - - * CHANGES (SUDO_1_6_9): checkpoint for 1.6.9rc1 + * README.LDAP: or vs. are 2007-07-01 16:55 millert - * sudo.c (SUDO_1_6_9), sudo.c: fix typo in Solaris project support + * sudo.c: fix typo in Solaris project support 2007-07-01 09:40 millert - * HISTORY (SUDO_1_6_9), HISTORY: update + * HISTORY: update 2007-07-01 09:07 millert - * sudo.c (SUDO_1_6_9), sudo.c: Make -- on the command line match - the manual page. The implied shell case has been simplified as a - result. - -2007-06-28 10:45 millert - - * sudoers2ldif (SUDO_1_6_9): Honor SETENV/NOSETENV tag Add - simplistic support for sudoRunas; note that if a sudoers entry - contains multiple Runas users, all will apply to the sudoRole + * sudo.c: Make -- on the command line match the manual page. The + implied shell case has been simplified as a result. 2007-06-28 10:44 millert @@ -317,16 +250,6 @@ * sudoers2ldif: honor SETENV and NOSETENV tags -2007-06-25 16:02 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in (SUDO_1_6_9): regen - -2007-06-25 16:01 millert - - * sudo.pod, sudoers.pod, visudo.pod (SUDO_1_6_9): remove commercial - support language - 2007-06-24 09:25 millert * mon_systrace.c: Redo setting of user_args. We now build up a @@ -341,14 +264,6 @@ * mon_systrace.c: allow chunksiz to reach 1 before erroring out -2007-06-23 20:09 millert - - * CHANGES (SUDO_1_6_9): checkpoint for 1.6.9b4 - -2007-06-23 20:08 millert - - * Makefile.in (SUDO_1_6_9): fix version - 2007-06-23 20:00 millert * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, @@ -365,45 +280,17 @@ 2007-06-23 19:57 millert - * README.LDAP (SUDO_1_6_9), README.LDAP: replace Aaron's email - address with the sudo-workers list + * README.LDAP: replace Aaron's email address with the sudo-workers + list 2007-06-23 19:55 millert * configure: regen -2007-06-23 19:00 millert - - * sudo.h (SUDO_1_6_9): g/c obsolete prototype - -2007-06-23 17:37 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in (SUDO_1_6_9): - regen - -2007-06-23 17:36 millert - - * def_data.c, def_data.h, def_data.in, env.c, ldap.c, lex.yy.c, - logging.c, parse.c, parse.h, parse.lex, parse.yacc, sudo.c, - sudo.h, sudo.pod, sudo.tab.h, sudoers.pod (SUDO_1_6_9): Add - support for setting environment variables on the command line. - This is only allowed if the setenv sudoers options is enabled or - if the command is prefixed with the SETENV tag. - 2007-06-21 20:35 millert - * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet - (SUDO_1_6_9), Makefile.in, README.LDAP, schema.OpenLDAP, - schema.iPlanet: Break schema out into separate files. - -2007-06-21 18:30 millert - - * configure (SUDO_1_6_9): regen - -2007-06-21 18:29 millert - - * auth/aix_auth.c (SUDO_1_6_9): Free message is set by - authenticate() + * Makefile.in, README.LDAP, schema.OpenLDAP, schema.iPlanet: Break + schema out into separate files. 2007-06-21 18:28 millert @@ -411,199 +298,99 @@ 2007-06-21 13:03 millert - * parse.c (SUDO_1_6_9), match.c: deal with NULL gr_mem + * match.c: deal with NULL gr_mem 2007-06-20 15:04 millert - * config.h.in (SUDO_1_6_9), config.h.in: regen + * config.h.in: regen 2007-06-20 15:04 millert - * configure.in (SUDO_1_6_9), configure.in: add template for - HAVE_PROJECT_H + * configure.in: add template for HAVE_PROJECT_H 2007-06-20 07:06 millert - * closefrom.c (SUDO_1_6_9), closefrom.c: include fcntl.h + * closefrom.c: include fcntl.h 2007-06-19 19:37 millert - * INSTALL (SUDO_1_6_9), INSTALL: mention --with-project + * INSTALL: mention --with-project 2007-06-19 18:24 millert - * config.h.in, configure.in, sudo.c (SUDO_1_6_9), config.h.in, - configure.in, sudo.c: Add Solaris 10 "project" support. From - Michael Brantley. + * config.h.in, configure.in, sudo.c: Add Solaris 10 "project" + support. From Michael Brantley. 2007-06-19 17:27 millert - * sudoers.pod (SUDO_1_6_9), sudoers.pod: fix typo - -2007-06-19 17:25 millert - - * pathnames.h.in (SUDO_1_6_9): define _PATH_DEVNULL if not already - defined + * sudoers.pod: fix typo 2007-06-19 17:22 millert - * configure (SUDO_1_6_9), configure: regen + * configure: regen 2007-06-19 17:21 millert - * configure.in (SUDO_1_6_9), configure.in: Fix preservation of - LDFLAGS in the LDAP case. + * configure.in: Fix preservation of LDFLAGS in the LDAP case. 2007-06-19 17:00 millert - * memrchr.c (SUDO_1_6_9), memrchr.c: Remove dependecy on NULL + * memrchr.c: Remove dependecy on NULL 2007-06-19 15:37 millert - * configure (SUDO_1_6_9), configure: regen + * configure: regen 2007-06-19 15:37 millert - * aclocal.m4, configure.in (SUDO_1_6_9), aclocal.m4, configure.in: - Can't use the regular autoconf fnmatch() check since we need - FNM_CASEFOLD so go back to our custom one. - -2007-06-19 15:25 millert - - * glob.c (SUDO_1_6_9): use standard passwd routines, not the - sudo-specific ones. + * aclocal.m4, configure.in: Can't use the regular autoconf + fnmatch() check since we need FNM_CASEFOLD so go back to our + custom one. 2007-06-19 12:52 millert - * env.c (SUDO_1_6_9), env.c: Fix preserving of variables in - env_keep. - -2007-06-19 09:58 millert - - * CHANGES (SUDO_1_6_9): checkpoint for 1.6.9b1 - -2007-06-19 07:35 millert - - * sudoers.cat, sudoers.man.in (SUDO_1_6_9): regen + * env.c: Fix preserving of variables in env_keep. 2007-06-19 07:10 millert - * env.c (SUDO_1_6_9), env.c: add XAUTHORIZATION + * env.c: add XAUTHORIZATION 2007-06-18 20:41 millert * UPGRADE: expand upon env resetting and mention that it began in 1.6.9 not 1.7. -2007-06-18 20:40 millert - - * UPGRADE (SUDO_1_6_9): env reseting is now in 1.6.9. - -2007-06-18 20:34 millert - - * sudoers.cat, sudoers.man.in (SUDO_1_6_9): regen - 2007-06-18 20:33 millert - * sudoers.pod (SUDO_1_6_9), sudoers.pod: Update descriptions of - env_keep and env_check to match current reality. + * sudoers.pod: Update descriptions of env_keep and env_check to + match current reality. 2007-06-18 17:33 millert - * env.c (SUDO_1_6_9), env.c: Add LINGUAS to initial_checkenv_table. - Add COLORS, HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to + * env.c: Add LINGUAS to initial_checkenv_table. Add COLORS, + HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table. 2007-06-18 17:23 millert - * env.c, logging.c (SUDO_1_6_9), env.c, logging.c: Treat USERNAME - environemnt variable like LOGNAME/USER + * env.c, logging.c: Treat USERNAME environemnt variable like + LOGNAME/USER 2007-06-18 17:21 millert - * env.c (SUDO_1_6_9), env.c: Don't need to populate keepenv table - with the contents of the checkenv table. - -2007-06-18 16:19 millert - - * Makefile.in (SUDO_1_6_9): add emul/glob.h and emul/timespec.h to - HDRS - -2007-06-18 15:54 millert - - * sudo.c (SUDO_1_6_9): If execve() fails with ENOEXEC try running - through /bin/sh like execvp() does. - -2007-06-18 11:51 millert - - * defaults.c, sudoers.pod (SUDO_1_6_9): env_reset is now the - default. + * env.c: Don't need to populate keepenv table with the contents of + the checkenv table. 2007-06-18 08:57 millert - * sudo.c (SUDO_1_6_9), sudo.c: Don't force sudo into the C locale. + * sudo.c: Don't force sudo into the C locale. 2007-06-18 08:56 millert - * env.c (SUDO_1_6_9), env.c: Make env_check apply when env_reset it - true. Environment variables are passed through unless they - contain '/' or '%'. There is no need to have a variable in both - env_check and env_keep. - -2007-06-17 20:22 millert - - * ldap.c (SUDO_1_6_9): Fix merge error. - -2007-06-17 19:38 millert - - * sudo.c (SUDO_1_6_9): Add explicit cast from mode_t -> u_int in - printf to silence warnings on Solaris - -2007-06-17 19:28 millert - - * sudo.c (SUDO_1_6_9): Make sure stdin, stdout and stderr are open - and dup them to /dev/null if not. - -2007-06-17 19:12 millert - - * ldap.c (SUDO_1_6_9): Fix mismerge, re-introduce FLAG_NOPASS and - FLAG_NOEXEC. - -2007-06-17 17:45 millert - - * parse.c (SUDO_1_6_9): Missed free -> efree conversion - -2007-06-17 17:35 millert - - * sudo.c, visudo.c (SUDO_1_6_9): Use __attribute__((__noreturn__)) - -2007-06-17 14:58 millert - - * sudo.c (SUDO_1_6_9): -i is also one of the mutually exclusive - options to list it in the warning message. Print sudoers path in - -V mode for root. - -2007-06-17 09:15 millert - - * lex.yy.c (SUDO_1_6_9): regen - -2007-06-17 09:13 millert - - * pathnames.h.in (SUDO_1_6_9): add _PATH_LDAP_SECRET - -2007-06-17 09:02 millert - - * ldap.c (SUDO_1_6_9): merge applicable changes from head - -2007-06-16 17:02 millert - - * ldap.c (SUDO_1_6_9): Fix mismerge. - -2007-06-16 07:43 millert - - * visudo.c (SUDO_1_6_9): Adapt changes from head. Most notably, - visudo can now deal with arguments in EDITOR/VISUAL if env_editor - is enabled. + * env.c: Make env_check apply when env_reset it true. Environment + variables are passed through unless they contain '/' or '%'. + There is no need to have a variable in both env_check and + env_keep. 2007-06-16 07:31 millert @@ -613,27 +400,10 @@ * UPGRADE: Add sudo 1.6.9 upgrade note. -2007-06-15 21:15 millert - - * UPGRADE (SUDO_1_6_9): Add note about TERM and PATH in env_keep. - -2007-06-15 10:03 millert - - * sudo_edit.c (SUDO_1_6_9): Remove debugging, add missing grp.h - include. - 2007-06-14 12:23 millert - * interfaces.c (SUDO_1_6_9), interfaces.c: Solaris will return - EINVAL if the buffer used in SIOCGIFCONF is too small. From - Klaus Wagner. - -2007-06-14 12:07 millert - - * Makefile.in, config.h.in, configure, configure.in, logging.c, - memrchr.c, sudo.h (SUDO_1_6_9): Redo the long syslog line - splitting based on a patch from Eygene Ryabinkin. Include - memrchr() for systems without it. + * interfaces.c: Solaris will return EINVAL if the buffer used in + SIOCGIFCONF is too small. From Klaus Wagner. 2007-06-14 12:03 millert @@ -642,215 +412,35 @@ patch from Eygene Ryabinkin. Include memrchr() for systems without it. -2007-06-14 07:18 millert - - * sudo_edit.c (SUDO_1_6_9): Sync with head. Also close passwd file - before trying to open the path specified by the user to avoid - abuse of /dev/fd/N - 2007-06-14 07:09 millert - * configure.in (SUDO_1_6_9), configure.in: Since we need to be able - to convert timespec to timeval for utimes() the last 3 digits in - the tv_nsec are not significant. This makes the sudoedit file - date comparison work again. + * configure.in: Since we need to be able to convert timespec to + timeval for utimes() the last 3 digits in the tv_nsec are not + significant. This makes the sudoedit file date comparison work + again. 2007-06-13 13:41 millert - * configure, configure.in, aclocal.m4 (SUDO_1_6_9), aclocal.m4, - configure, configure.in: Add SUDO_ADD_AUTH macro to deal with - adding things to AUTH_OBJS. This deals with exclusive + * aclocal.m4, configure, configure.in: Add SUDO_ADD_AUTH macro to + deal with adding things to AUTH_OBJS. This deals with exclusive authentication methods in a simple way. 2007-06-12 13:08 millert - * LICENSE (SUDO_1_6_9), LICENSE: mkstemp.c is BSD code too. - -2007-06-12 13:06 millert - - * Makefile.in, mkstemp.c (SUDO_1_6_9): Provide mkstemp() for those - without it. - -2007-06-12 13:03 millert - - * configure.in, configure, config.h.in (SUDO_1_6_9): Add back - checks for err.h and lsearch() and regen. - -2007-06-12 12:38 millert - - * LICENSE, Makefile.in, glob.c, parse.c, emul/glob.h (SUDO_1_6_9): - Use glob(3) instead of fnmatch(3) for matching pathnames and stat - each result that matches the basename of the user's command. - This makes "cd /usr/bin ; sudo ./blah" work when sudoers allows - /usr/bin/blah. - -2007-06-12 12:19 millert - - * strcasecmp.c (SUDO_1_6_9): replace BSD licensed one with version - derived from pdksh - -2007-06-12 12:16 millert - - * check.c (SUDO_1_6_9): Cast mode_t to unsigned int when using - printf %o to display it. - -2007-06-12 12:15 millert - - * sudo.h (SUDO_1_6_9): Prototype efree() - -2007-06-12 12:11 millert - - * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat, - visudo.man.in (SUDO_1_6_9): regen - -2007-06-12 12:09 millert - - * sudo.pod (SUDO_1_6_9): Remove SYNOPSYS line that is not relevant - to sudo 1.6.9 - -2007-06-12 12:06 millert - - * sudo.pod, sudoers.pod, visudo.pod (SUDO_1_6_9): Sync docs w/ head + * LICENSE: mkstemp.c is BSD code too. 2007-06-12 09:21 millert * sudo.pod, sudoers.pod, visudo.pod: No commercial support for now. -2007-06-11 22:46 millert - - * CHANGES (SUDO_1_6_9): sync - -2007-06-11 21:43 millert - - * alloc.c, check.c, defaults.c, find_path.c, interfaces.c, ldap.c, - logging.c, parse.c, parse.lex, parse.yacc, sudo.c, testsudoers.c, - visudo.c (SUDO_1_6_9): Add efree() for consistency with emalloc() - et al. Allows us to rely on C89 behavior (free(NULL) is valid) - even on K&R. - -2007-06-11 21:28 millert - - * check.c, compat.h, defaults.c, fileops.c, find_path.c, - getprogname.c, getspwuid.c, gettime.c, goodpath.c, interfaces.c, - interfaces.h, ldap.c, logging.c, sigaction.c, snprintf.c, - strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo_edit.c, - testsudoers.c, version.h, visudo.c, zero_bytes.c, auth/afs.c, - auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c, - auth/kerb4.c, auth/kerb5.c, auth/passwd.c, auth/rfc1938.c, - auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c, - auth/sudo_auth.h, emul/utime.h (SUDO_1_6_9): Update copyright - year of files synced from head - -2007-06-11 21:26 millert - - * tgetpass.c (SUDO_1_6_9): Use TCSADRAIN instead of TCSAFLUSH since - some OSes have issues with TCSAFLUSH. - -2007-06-11 21:21 millert - - * fnmatch.c (SUDO_1_6_9): add __unused to rcsid - -2007-06-11 21:19 millert - - * config.h.in (SUDO_1_6_9): Add missing HAVE_GETGROUPS - -2007-06-11 21:14 millert - - * README (SUDO_1_6_9): Typo - -2007-06-11 21:06 millert - - * config.h.in, configure, configure.in, sudo.c (SUDO_1_6_9): Remove - --with-execv option; there is really no point in having it. - -2007-06-11 21:01 millert - - * Makefile.in, README, RUNSON (SUDO_1_6_9): Remove RUNSON, the - obsolete info confuses people. Sudo should build just fine on a - POSIX-like system. - -2007-06-11 20:59 millert - - * logging.h, sudo.h (SUDO_1_6_9): Use __printflike with gcc to warn - about printf-like format mismatches - -2007-06-11 20:56 millert - - * alloc.c, check.c, closefrom.c, defaults.c, env.c, err.c, - fileops.c, find_path.c, fnmatch.c, getcwd.c, getprogname.c, - getspwuid.c, gettime.c, goodpath.c, interfaces.c, ldap.c, - lex.yy.c, logging.c, lsearch.c, parse.c, parse.lex, parse.yacc, - set_perms.c, sigaction.c, snprintf.c, strcasecmp.c, strerror.c, - strlcat.c, strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, - testsudoers.c, tgetpass.c, utimes.c, visudo.c, zero_bytes.c, - auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, - auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, - auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c (SUDO_1_6_9): Add - __unused to rcsids - -2007-06-11 20:44 millert - - * compat.h (SUDO_1_6_9): Add __attribute__, __unused, and - __printflike. - -2007-06-11 19:18 millert - - * env.c, sudo.c (SUDO_1_6_9): Instead of zeroing out the - environment, just prune out entries based on the env_delete and - env_check lists. Base building up the new environment on the - current environment and the variables we removed initially. - - Move setting of user_path, user_shell, user_prompt and prev_user - into init_vars() since user_shell at least is needed there. - -2007-06-11 19:12 millert - - * env.c, sudo.c (SUDO_1_6_9): Sync env.c and associated sudo.c - changes with head. - 2007-06-11 18:27 millert * sudo.c: cleanenv() is no more. -2007-06-11 17:23 millert - - * config.h.in, sudo.c (SUDO_1_6_9): Set locale to "C" if locales - are supported, just to be safe. - -2007-06-11 17:12 millert - - * logging.c (SUDO_1_6_9): Make varargs usage consistent with the - rest of the code. - -2007-06-11 17:09 millert - - * logging.c (SUDO_1_6_9): Restore signal mask before calling - reapchild(). Fixes a possible race condition that could prevent - sudo from properly waiting for the child. - -2007-06-11 17:07 millert - - * logging.c (SUDO_1_6_9): Add "Auto-Submitted: auto-generated" line - to sudo mail for rfc 3834. - -2007-06-11 07:27 millert - - * emul/timespec.h (SUDO_1_6_9): Move declatation of struct timespec - to its own include files for systems without it since it needs - time_t defined. - 2007-06-10 18:37 millert * ChangeLog: Display branch info in Changelog -2007-06-10 18:27 millert - - * check.c, compat.h, fileops.c, gettime.c, sudo_edit.c, utimes.c, - visudo.c (SUDO_1_6_9): Move declatation of struct timespec to its - own include files for systems without it since it needs time_t - defined. - 2007-06-10 18:18 millert * utimes.c: Include config.h early so we have it for @@ -860,158 +450,6 @@ * ChangeLog: Fix Changelog generation and update. -2007-06-10 16:30 millert - - * config.h.in, fileops.c, gettime.c, sudo.c (SUDO_1_6_9): Add - TIME_WITH_SYS_TIME - -2007-06-10 16:30 millert - - * BUGS (SUDO_1_6_9): Update version to 1.6.9 - -2007-06-10 14:52 millert - - * ldap.c, parse.c, sudo.c, sudo.h (SUDO_1_6_9): Keep a copy of the - supplemental group vector in struct sudo_user and use it for - matching. - -2007-06-10 14:49 millert - - * configure (SUDO_1_6_9): regen - -2007-06-10 14:45 millert - - * gettime.c (SUDO_1_6_9): function to return the current time in a - struct timespec - -2007-06-10 14:45 millert - - * utime.c, utimes.c (SUDO_1_6_9): Replace utime() emulation with - utimes() and futimes() emulation. - -2007-06-10 14:40 millert - - * Makefile.binary, Makefile.binary.in (SUDO_1_6_9): Replace - Makefile.binary with Makefile.binary.in for config.status - substitution - -2007-06-10 14:26 millert - - * env.c (SUDO_1_6_9): Add NOEXEC support for AIX 5.3 which supports - LDR_PRELOAD and LDR_PRELOAD64. The 64-bit version is not - currently supported. - -2007-06-10 14:23 millert - - * env.c (SUDO_1_6_9): Actually add COLORTERM to - initial_checkenv_table - -2007-06-10 13:53 millert - - * closefrom.c (SUDO_1_6_9): Use /proc/self/fd instead of - /proc/$$/fd. Add fcntl F_CLOSEM support to closefrom(). Move - old-style fd closing into closefrom_fallback() and call that if - /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails. - -2007-06-10 13:52 millert - - * config.h.in, auth/sudo_auth.h (SUDO_1_6_9): - s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/ - -2007-06-10 13:46 millert - - * auth/securid5.c (SUDO_1_6_9): Fix securid5 authentication, was - not checking for ACM_OK. Also add default cases for the two - switch()es. Problem noted by ccon at worldbank - -2007-06-10 13:43 millert - - * alloc.c (SUDO_1_6_9): Make easprintf() work correctly in K&R - -2007-06-10 13:37 millert - - * README (SUDO_1_6_9): Update version and note that license is ISC - not BSD - -2007-06-10 13:37 millert - - * INSTALL.configure (SUDO_1_6_9): Update configure's INSTALL file - from head - -2007-06-10 13:28 millert - - * auth/kerb5.c (SUDO_1_6_9): o If we cannot get a valid service - key using the default keytab it - is a fatal error. - o use krb5_verify_user() if available instead of doing it by - hand - o use krb5_init_secure_context() if we have it - o pass an encryption type of 0 to krb5_kt_read_service_key() - instead of - ENCTYPE_DES_CBC_MD5 to let kerberos choose. - -2007-06-10 13:27 millert - - * auth/pam.c (SUDO_1_6_9): Linux PAM now defines __LINUX_PAM__, not - __LIBPAM_VERSION. If the user enters ^C at the password prompt, - abort instead of trying to authenticate with an empty password - (which causes an annoying delay). Call pam_open_session() and - pam_close_session() to give pam_limits a chance to run. - -2007-06-10 13:25 millert - - * PORTING, TROUBLESHOOTING, config.h.in, set_perms.c, sudo.c, - sudo.h, testsudoers.c (SUDO_1_6_9): Kill use of POSIX saved uids; - they aren't worth bothering with. - -2007-06-10 13:23 millert - - * env.c (SUDO_1_6_9): Allow COLORTERM to be inherited from the - environment. Check TERM and COLORTERM for '%' and '/' - characters. Remove more potentially dangerous variables from the - environment. Many from Debian. - -2007-06-10 13:21 millert - - * check.c (SUDO_1_6_9): Fix fd leak when lecture file option is - enabled. From Jerry Brown - -2007-06-10 13:19 millert - - * aclocal.m4, acsite.m4, config.guess, config.sub, configure.in, - ltmain.sh (SUDO_1_6_9): Sync configure and libtool from head, - using more recent autoconf. - -2007-06-10 13:17 millert - - * README.LDAP (SUDO_1_6_9): Sync with head - -2007-06-10 13:16 millert - - * INSTALL.binary, Makefile.in, version.h (SUDO_1_6_9): Update - version to 1.6.9 - -2007-06-10 13:14 millert - - * INSTALL (SUDO_1_6_9): Merge changes from head - -2007-06-10 13:05 millert - - * HISTORY (SUDO_1_6_9): No more support contracts. - -2007-06-10 12:57 millert - - * CHANGES, INSTALL, LICENSE, Makefile.in, README.LDAP, RUNSON, - TODO, TROUBLESHOOTING, aclocal.m4, check.c, compat.h, - config.guess, config.h.in, config.sub, configure, configure.in, - def_data.c, def_data.h, def_data.in, defaults.c, env.c, - fileops.c, find_path.c, goodpath.c, ins_csops.h, ldap.c, - lex.yy.c, mkdefaults, parse.c, parse.yacc, pathnames.h.in, - sample.pam, sudo.c, sudo.h, sudo.man.in, sudo.pod, sudo_edit.c, - sudo_noexec.c, sudoers.man.in, sudoers.pod, version.h, visudo.c, - visudo.man.in, visudo.pod, auth/kerb5.c, auth/pam.c, emul/utime.h - (SUDO_1_6_9): Merge in sudo 1.6.8 patches 1-12 - 2007-06-09 07:26 millert * closefrom.c: Use /proc/self/fd instead of /proc/$$/fd @@ -3944,57 +3382,11 @@ def_data.c, def_data.h, def_data.in, ldap.c, sudo.c, sudo.h, sudoers2ldif: Merged in LDAP Support -2004-02-12 20:54 aaron - - * sudo.h (LDAP): Merge with HEAD - -2004-02-11 22:08 aaron - - * sudo_noexec.c (LDAP): Merge with HEAD - 2004-02-08 15:53 millert * sudo.h, sudo_noexec.c: Only do "extern int errno" if errno is not a macro. -2004-02-07 17:48 aaron - - * ldap.c, sudoers2ldif (LDAP): noexec hooks - -2004-02-07 17:05 aaron - - * def_data.c, def_data.in (LDAP): description fix - -2004-02-07 17:04 aaron - - * ldap.c (LDAP): Conformity - -2004-02-07 16:44 aaron - - * sudo.c (LDAP): Conformity - -2004-02-07 16:31 aaron - - * def_data.c (LDAP): Syntax Fix - -2004-02-07 16:21 aaron - - * configure (LDAP): regen (via autoconf from configure.in) - -2004-02-07 16:12 aaron - - * BUGS, CHANGES, INSTALL, LICENSE, Makefile.in, TODO, acsite.m4, - check.c, closefrom.c, config.h.in, configure.in, def_data.c, - def_data.h, def_data.in, defaults.c, defaults.h, env.c, - fnmatch.c, getspwuid.c, ins_classic.h, interfaces.c, - interfaces.h, lex.yy.c, logging.c, ltmain.sh, mkdefaults, - parse.c, parse.h, parse.lex, parse.yacc, pathnames.h.in, - set_perms.c, sigaction.c, sudo.c, sudo.h, sudo.man.in, sudo.pod, - sudo.tab.h, sudo_edit.c, sudo_noexec.c, sudoers.man.in, - sudoers.pod, testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, - visudo.pod, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c (LDAP): Big - Merge with HEAD - 2004-02-06 18:08 millert * set_perms.c: setreuid(0, 0) fails on QNX if the euid is not @@ -4498,21 +3890,6 @@ sudoers.pod: Add a new option, lecture_file, that can be used to point to a custom sudo lecture. -2004-01-01 18:22 aaron - - * configure (LDAP): removed duplicate darwin entry - -2004-01-01 16:47 aaron - - * Makefile.in, TODO, check.c, configure, configure.in, def_data.c, - def_data.h, def_data.in, defaults.c, defaults.h, env.c, err.c, - find_path.c, ldap.c, logging.c, mkdefaults, parse.c, parse.yacc, - set_perms.c, sudo.c, sudo.h, sudoers.man.in, sudoers.pod, - visudo.c, visudo.man.in, zero_bytes.c, auth/aix_auth.c, - auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/rfc1938.c, - auth/securid5.c, auth/sia.c, auth/sudo_auth.c (LDAP): Sync with - HEAD - 2003-12-31 17:46 millert * Makefile.in, sudo.h, zero_bytes.c, auth/aix_auth.c, @@ -4520,11 +3897,6 @@ zero_bytes() function to do the equivalent of bzero in such a way that will heopfully not be optimized away by sneaky compilers. -2003-12-31 16:53 aaron - - * ldap.c, sudo.c (LDAP): Incorporated Patch from Nationwide (Todd - Anello) - 2003-12-31 13:35 millert * err.c: Use #ifdef __STDC__, not #if __STDC__. @@ -4582,10 +3954,6 @@ * TODO: checkpoint -2003-12-23 10:58 aaron - - * sudo.c (LDAP): Sync with HEAD - 2003-12-22 21:18 millert * sudo.c: If we are in -k/-K mode, just spew to stderr. It is not @@ -4594,52 +3962,10 @@ daemon has died. Previously, this would result in useless mail and logging. -2003-12-19 21:30 aaron - - * README.LDAP (LDAP): typo - -2003-12-19 21:28 aaron - - * README.LDAP (LDAP): typos - -2003-12-18 19:40 aaron - - * configure, visudo.pod (LDAP): Merge with HEAD - -2003-12-17 23:13 aaron - - * ldap.c (LDAP): Bugfix reported by - Andreas.Bussjaeger@t-systems.com - -2003-12-17 22:47 aaron - - * README.LDAP, ldap.c (LDAP): LDAPv3 - -2003-12-16 23:23 aaron - - * sudoers2ldif (LDAP): Added to buglist - 2003-12-16 13:51 millert * visudo.pod: fix pasto in VISUAL description -2003-12-14 14:39 aaron - - * README.LDAP, config.h.in, ldap.c (LDAP): other LDAP Libraries - from Andreas Bussjaeger - -2003-12-12 12:22 millert - - * Makefile.in, configure, configure.in, ldap.c (LDAP): Don't - compile ldap.c (even as a stub) unless --with-ldap is specified. - -2003-12-12 12:12 millert - - * CHANGES, Makefile.in, README.LDAP, config.h.in, configure, - configure.in, def_data.c, def_data.h, def_data.in, ldap.c, - sudo.c, sudo.h, sudoers2ldif (LDAP): Merge in LDAP support from - Aaron Spangler - 2003-12-09 22:09 millert * configure: regen