Merge ~danilogondolfo/ubuntu/+source/sudo:merge-lp2030914-mantic into ubuntu/+source/sudo:ubuntu/devel
- Git
- lp:~danilogondolfo/ubuntu/+source/sudo
- merge-lp2030914-mantic
- Merge into ubuntu/devel
Status: | Superseded |
---|---|
Proposed branch: | ~danilogondolfo/ubuntu/+source/sudo:merge-lp2030914-mantic |
Merge into: | ubuntu/+source/sudo:ubuntu/devel |
Diff against target: |
79368 lines (+25553/-17282) (has conflicts) 231 files modified
ChangeLog (+1674/-1) INSTALL.md (+33/-12) MANIFEST (+35/-10) Makefile.in (+2/-1) NEWS (+116/-0) config.h.in (+79/-68) configure (+1037/-634) configure.ac (+242/-257) debian/changelog (+31/-0) debian/copyright (+6/-2) debian/etc/sudoers.d/README (+6/-8) debian/patches/series (+0/-1) dev/null (+0/-71) docker/debian/latest/Dockerfile (+4/-5) docker/debian/testing/Dockerfile (+4/-5) docker/fedora/latest/Dockerfile (+1/-1) docker/fedora/rawhide/Dockerfile (+1/-1) docker/ubuntu/devel/Dockerfile (+4/-5) docker/ubuntu/latest/Dockerfile (+4/-5) docker/ubuntu/rolling/Dockerfile (+4/-5) docs/Makefile.in (+2/-1) docs/UPGRADE.md (+24/-1) docs/sudo.man.in (+5/-1) docs/sudo.mdoc.in (+5/-1) docs/sudo_plugin_python.man.in (+1/-1) docs/sudo_plugin_python.mdoc.in (+1/-1) docs/sudoers.ldap.man.in (+87/-13) docs/sudoers.ldap.mdoc.in (+79/-13) docs/sudoers.man.in (+62/-17) docs/sudoers.mdoc.in (+61/-17) docs/visudo.man.in (+28/-1) docs/visudo.mdoc.in (+26/-1) etc/codespell.exclude (+1/-0) etc/codespell.ignore (+5/-2) examples/Makefile.in (+2/-1) include/Makefile.in (+2/-1) include/sudo_compat.h (+13/-5) include/sudo_event.h (+1/-1) include/sudo_eventlog.h (+12/-1) include/sudo_iolog.h (+1/-1) include/sudo_util.h (+18/-43) lib/eventlog/Makefile.in (+96/-11) lib/eventlog/eventlog.c (+1/-0) lib/eventlog/eventlog_free.c (+6/-0) lib/eventlog/parse_json.c (+1042/-0) lib/eventlog/parse_json.h (+6/-10) lib/eventlog/regress/eventlog_store/store_json_test.c (+198/-0) lib/eventlog/regress/eventlog_store/store_sudo_test.c (+208/-0) lib/eventlog/regress/eventlog_store/test1.json.in (+51/-0) lib/eventlog/regress/eventlog_store/test1.json.out.ok (+30/-0) lib/eventlog/regress/eventlog_store/test1.sudo.out.ok (+2/-0) lib/eventlog/regress/eventlog_store/test2.json.in (+47/-0) lib/eventlog/regress/eventlog_store/test2.json.out.ok (+28/-0) lib/eventlog/regress/eventlog_store/test2.sudo.out.ok (+2/-0) lib/eventlog/regress/eventlog_store/test3.json.in (+48/-0) lib/eventlog/regress/eventlog_store/test3.json.out.ok (+29/-0) lib/eventlog/regress/eventlog_store/test3.sudo.out.ok (+2/-0) lib/eventlog/regress/eventlog_store/test4.json.in (+46/-0) lib/eventlog/regress/eventlog_store/test4.json.out.ok (+30/-0) lib/eventlog/regress/eventlog_store/test4.sudo.out.ok (+2/-0) lib/eventlog/regress/parse_json/check_parse_json.c (+18/-13) lib/iolog/Makefile.in (+27/-56) lib/iolog/iolog_gets.c (+5/-5) lib/iolog/iolog_json.c (+7/-889) lib/iolog/regress/fuzz/fuzz_iolog_json.c (+0/-2) lib/util/Makefile.in (+45/-24) lib/util/event.c (+1/-1) lib/util/lbuf.c (+44/-2) lib/util/nanosleep.c (+25/-16) lib/util/rcstr.c (+2/-3) lib/util/realpath.c (+198/-0) lib/util/regress/digest/digest_test.c (+1179/-0) lib/util/secure_path.c (+58/-0) lib/util/sudo_conf.c (+51/-43) lib/util/term.c (+13/-5) lib/util/ttysize.c (+15/-8) lib/util/util.exp.in (+3/-0) lib/zlib/Makefile.in (+3/-2) logsrvd/Makefile.in (+3/-2) logsrvd/iolog_writer.c (+4/-1) logsrvd/logsrv_util.c (+12/-6) logsrvd/logsrvd.c (+21/-12) logsrvd/logsrvd_conf.c (+19/-8) logsrvd/logsrvd_journal.c (+5/-0) logsrvd/regress/fuzz/fuzz_logsrvd_conf.c (+86/-0) logsrvd/sendlog.c (+12/-3) m4/hardening.m4 (+2/-7) m4/ldap.m4 (+2/-2) m4/openssl.m4 (+3/-1) m4/sudo.m4 (+45/-2) pathnames.h.in (+8/-8) plugins/audit_json/Makefile.in (+2/-1) plugins/group_file/Makefile.in (+2/-1) plugins/python/Makefile.in (+2/-1) plugins/python/pyhelpers.h (+3/-0) plugins/sample/Makefile.in (+2/-1) plugins/sample_approval/Makefile.in (+2/-1) plugins/sudoers/Makefile.in (+109/-33) plugins/sudoers/alias.c (+5/-4) plugins/sudoers/audit.c (+0/-1) plugins/sudoers/auth/bsdauth.c (+28/-20) plugins/sudoers/auth/sudo_auth.h (+1/-0) plugins/sudoers/canon_path.c (+200/-0) plugins/sudoers/check.h (+2/-0) plugins/sudoers/cvtsudoers.c (+39/-18) plugins/sudoers/cvtsudoers.h (+4/-4) plugins/sudoers/cvtsudoers_csv.c (+17/-15) plugins/sudoers/cvtsudoers_json.c (+19/-15) plugins/sudoers/cvtsudoers_ldif.c (+10/-10) plugins/sudoers/defaults.c (+4/-5) plugins/sudoers/defaults.h (+2/-2) plugins/sudoers/digestname.c (+1/-1) plugins/sudoers/editor.c (+1/-1) plugins/sudoers/file.c (+14/-7) plugins/sudoers/filedigest.c (+3/-2) plugins/sudoers/find_path.c (+8/-12) plugins/sudoers/fmtsudoers.c (+7/-7) plugins/sudoers/fmtsudoers_cvt.c (+5/-5) plugins/sudoers/gc.c (+0/-10) plugins/sudoers/getdate.c (+1/-1) plugins/sudoers/getdate.y (+1/-1) plugins/sudoers/goodpath.c (+2/-14) plugins/sudoers/gram.c (+362/-292) plugins/sudoers/gram.y (+89/-19) plugins/sudoers/iolog.c (+0/-1) plugins/sudoers/ldap.c (+37/-156) plugins/sudoers/ldap_conf.c (+12/-10) plugins/sudoers/ldap_innetgr.c (+264/-0) plugins/sudoers/ldap_util.c (+116/-0) plugins/sudoers/log_client.c (+22/-10) plugins/sudoers/logging.c (+50/-19) plugins/sudoers/logging.h (+1/-0) plugins/sudoers/match.c (+194/-134) plugins/sudoers/match_command.c (+204/-191) plugins/sudoers/match_digest.c (+1/-12) plugins/sudoers/parse.c (+3/-5) plugins/sudoers/parse.h (+65/-26) plugins/sudoers/pivot.c (+90/-0) plugins/sudoers/po/cs.po (+692/-657) plugins/sudoers/po/de.po (+688/-656) plugins/sudoers/po/eo.po (+790/-751) plugins/sudoers/po/fr.po (+691/-656) plugins/sudoers/po/hr.po (+699/-664) plugins/sudoers/po/ko.po (+693/-658) plugins/sudoers/po/pl.po (+688/-656) plugins/sudoers/po/ro.po (+728/-691) plugins/sudoers/po/ru.po (+1536/-1544) plugins/sudoers/po/sr.po (+940/-843) plugins/sudoers/po/sudoers.pot (+656/-624) plugins/sudoers/po/uk.po (+691/-656) plugins/sudoers/policy.c (+46/-44) plugins/sudoers/regress/editor/check_editor.c (+1/-2) plugins/sudoers/regress/fuzz/fuzz_policy.c (+37/-14) plugins/sudoers/regress/fuzz/fuzz_stubs.c (+20/-1) plugins/sudoers/regress/fuzz/fuzz_sudoers.c (+5/-5) plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c (+2/-2) plugins/sudoers/regress/parser/check_digest.c (+3/-2) plugins/sudoers/regress/parser/check_fill.c (+7/-1) plugins/sudoers/regress/starttime/check_starttime.c (+14/-1) plugins/sudoers/regress/sudoers/test27.json.ok (+6/-0) plugins/sudoers/regress/sudoers/test27.ldif.ok (+2/-0) plugins/sudoers/regress/sudoers/test27.out.ok (+2/-2) plugins/sudoers/regress/testsudoers/group (+1/-0) plugins/sudoers/regress/testsudoers/passwd (+6/-0) plugins/sudoers/regress/testsudoers/test21.out.ok (+10/-0) plugins/sudoers/regress/testsudoers/test21.sh (+20/-0) plugins/sudoers/regress/testsudoers/test22.out.ok (+8/-0) plugins/sudoers/regress/testsudoers/test22.sh (+18/-0) plugins/sudoers/regress/testsudoers/test23.out.ok (+8/-0) plugins/sudoers/regress/testsudoers/test23.sh (+17/-0) plugins/sudoers/set_perms.c (+33/-12) plugins/sudoers/sssd.c (+7/-6) plugins/sudoers/starttime.c (+31/-0) plugins/sudoers/stubs.c (+14/-0) plugins/sudoers/sudo_ldap.h (+79/-1) plugins/sudoers/sudo_ldap_conf.h (+2/-46) plugins/sudoers/sudo_nss.c (+1/-1) plugins/sudoers/sudo_nss.h (+6/-4) plugins/sudoers/sudoers.c (+412/-226) plugins/sudoers/sudoers.h (+21/-31) plugins/sudoers/sudoers.in (+4/-0) plugins/sudoers/sudoreplay.c (+2/-2) plugins/sudoers/testsudoers.c (+27/-8) plugins/sudoers/timestamp.c (+25/-0) plugins/sudoers/toke.c (+287/-183) plugins/sudoers/toke.h (+8/-2) plugins/sudoers/toke.l (+192/-88) plugins/sudoers/toke_util.c (+1/-1) plugins/sudoers/visudo.c (+195/-107) plugins/system_group/Makefile.in (+2/-1) po/cs.po (+254/-227) po/de.po (+255/-228) po/eo.po (+280/-260) po/fr.po (+254/-227) po/hr.po (+258/-229) po/ko.po (+255/-228) po/pl.po (+254/-227) po/ro.po (+277/-236) po/ru.po (+764/-380) po/sr.po (+346/-312) po/sudo.pot (+251/-225) po/uk.po (+254/-227) po/vi.po (+388/-329) scripts/config.sub (+2/-2) scripts/mkdep.pl (+2/-2) src/Makefile.in (+26/-46) src/conversation.c (+1/-3) src/edit_open.c (+11/-9) src/exec.c (+22/-15) src/exec_intercept.c (+13/-6) src/exec_intercept.h (+1/-1) src/exec_iolog.c (+12/-13) src/exec_monitor.c (+48/-71) src/exec_nopty.c (+21/-18) src/exec_ptrace.c (+29/-5) src/exec_pty.c (+307/-213) src/get_pty.c (+21/-24) src/limits.c (+32/-20) src/parse_args.c (+32/-51) src/regress/intercept/test_ptrace.c (+5/-12) src/selinux.c (+1/-1) src/sudo.c (+39/-34) src/sudo.h (+12/-15) src/sudo_edit.c (+50/-46) src/sudo_edit.h (+3/-3) src/sudo_exec.h (+14/-18) src/sudo_usage.h.in (+50/-11) src/suspend_parent.c (+62/-11) src/tgetpass.c (+11/-1) src/ttyname.c (+46/-16) src/utmp.c (+1/-6) Conflict in debian/changelog |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu import | Pending | ||
Review via email: mp+448881@code.launchpad.net |
This proposal has been superseded by a proposal from 2023-08-10.
Commit message
Description of the change
Unmerged commits
- cd2f9f4... by Danilo Egea Gondolfo
-
changelog
- 120a093... by Danilo Egea Gondolfo
-
update-maintainer
- 1de0518... by Danilo Egea Gondolfo
-
reconstruct-
changelog - 8d170db... by Danilo Egea Gondolfo
-
merge-changelogs
- 3cd5e46... by Danilo Egea Gondolfo
-
debian/
tests/04- getroot- sssd: + Check if the slapd daemon is ready before proceeding.
In some situations, the next command (ldapmodify) runs before
the service is ready. See LP:#2026888 - 3d48e21... by Danilo Egea Gondolfo
-
debian/
tests/control: 03-getroot-ldap + allow removal of 'sudo' in autopkgtest (SUDO_FORCE_
REMOVE= yes) - 52e4d7a... by Danilo Egea Gondolfo
-
debian/etc/sudoers:
+ also grant admin group sudo access
+ include /snap/bin in the secure_path - 8eb6623... by Danilo Egea Gondolfo
-
debian/
etc/pam. d/sudo[ -i]: + Use pam_env to read /etc/environment and /etc/default/locale
environment files. Reading ~/.pam_environment is not permitted due
to security reasons. - f19a7d4... by Danilo Egea Gondolfo
-
debian/
sudo[-ldap] .init: delete init scripts, as they are no longer
necessary. - 3f8d539... by Danilo Egea Gondolfo
-
debian/
sudo[-ldap] .manpages: install man/man8/ sudo_root. 8
Preview Diff
1 | diff --git a/ChangeLog b/ChangeLog |
2 | index 9218ccc..edbeba1 100644 |
3 | --- a/ChangeLog |
4 | +++ b/ChangeLog |
5 | @@ -1,13 +1,1392 @@ |
6 | +2023-07-15 Todd C. Miller <Todd.Miller@sudo.ws> |
7 | + |
8 | + * .hgtags: |
9 | + Added tag SUDO_1_9_14p2 for changeset 47c0bf9a7ebb |
10 | + [6bbe51d30496] [tip] <1.9> |
11 | + |
12 | + * configure, configure.ac: |
13 | + sudo 1.9.14p2 |
14 | + [47c0bf9a7ebb] [SUDO_1_9_14p2] <1.9> |
15 | + |
16 | + * plugins/sudoers/match.c: |
17 | + runas_userlist_matches: fix matching a Runas_Spec with an empty |
18 | + runas user. |
19 | + |
20 | + We should only match a rule with an empty runas user if a group was |
21 | + specified on the command line (sudo -g) without a user (no -u |
22 | + option) or the user specified their own name on the command line. |
23 | + GitHub issue #290 |
24 | + [164428126ee6] <1.9> |
25 | + |
26 | +2023-07-14 Todd C. Miller <Todd.Miller@sudo.ws> |
27 | + |
28 | + * NEWS: |
29 | + Document bug fixes in 1.9.14p2. |
30 | + [e5cd975816b8] <1.9> |
31 | + |
32 | + * src/exec_pty.c: |
33 | + Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped. |
34 | + |
35 | + This fixes a problem with "stair-stepped" output when the sudo-run |
36 | + command's output is piped to another program and the command reads |
37 | + input from the terminal. |
38 | + [17009f9817b0] <1.9> |
39 | + |
40 | + * src/exec_monitor.c, src/exec_pty.c: |
41 | + Simplify the exec_monitor() foreground flag. |
42 | + |
43 | + Add cmnd_foreground flag that is only true if sudo is the foreground |
44 | + process and the CD_EXEC_BG flag is not set and pass it to |
45 | + exec_monitor(). This means exec_monitor() no longer needs to check |
46 | + for CD_EXEC_BG. |
47 | + [6cc420fea368] <1.9> |
48 | + |
49 | + * include/sudo_util.h, lib/util/term.c, plugins/sudoers/sudoreplay.c: |
50 | + sudo_term_raw: change the isig argument into a flags field |
51 | + |
52 | + There are current two flags: SUDO_TERM_ISIG (enable terminal |
53 | + signals) and SUDO_TERM_OFLAG (preserve output flags). |
54 | + [15fdaae9fa3b] <1.9> |
55 | + |
56 | +2023-07-12 Todd C. Miller <Todd.Miller@sudo.ws> |
57 | + |
58 | + * src/exec_ptrace.c: |
59 | + Fix a crash in intercept mode running a command with NULL argv[0]. |
60 | + |
61 | + Newer Linux kernels replace a NULL argv[0] with the empty string, we |
62 | + should as well. |
63 | + [74e81e6d373a] <1.9> |
64 | + |
65 | +2023-07-11 Todd C. Miller <Todd.Miller@sudo.ws> |
66 | + |
67 | + * .hgtags: |
68 | + Added tag SUDO_1_9_14p1 for changeset fc033946b1a9 |
69 | + [ee6033290e91] <1.9> |
70 | + |
71 | + * configure, configure.ac: |
72 | + sudo 1.9.14p1 |
73 | + [fc033946b1a9] [SUDO_1_9_14p1] <1.9> |
74 | + |
75 | + * NEWS: |
76 | + Docume bug fixes in 1.9.14p1. |
77 | + [f526fda905de] <1.9> |
78 | + |
79 | + * plugins/sudoers/log_client.c: |
80 | + fmt_info_messages: don't include ttyname if it is NULL |
81 | + |
82 | + The NULL check was commented out for testing but should have been |
83 | + restored. Fixes a potential protocol error message from |
84 | + sudo_logsrvd. |
85 | + [12cf2b87355a] <1.9> |
86 | + |
87 | + * logsrvd/iolog_writer.c: |
88 | + evlog_new: store a new copy of peeraddr, not a pointer to a buffer. |
89 | + |
90 | + Starting in sudo 1.9.14, eventlog_free() will free the peeraddr |
91 | + member too so it needs to be dynamically allocated. |
92 | + [4c984e3e6aef] <1.9> |
93 | + |
94 | +2023-06-27 Todd C. Miller <Todd.Miller@sudo.ws> |
95 | + |
96 | + * .hgtags: |
97 | + Added tag SUDO_1_9_14 for changeset 8010d7515347 |
98 | + [ff70094a18c0] <1.9> |
99 | + |
100 | + * MANIFEST, NEWS, config.h.in, configure, configure.ac, |
101 | + include/sudo_compat.h, plugins/sudoers/Makefile.in, |
102 | + plugins/sudoers/logging.c, plugins/sudoers/match_command.c, |
103 | + plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
104 | + plugins/sudoers/regress/fuzz/fuzz_policy.c, |
105 | + plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c, |
106 | + plugins/sudoers/visudo.c, src/exec_nopty.c: |
107 | + Merge sudo 1.9.14 from tip. |
108 | + [8010d7515347] [SUDO_1_9_14] <1.9> |
109 | + |
110 | +2023-06-26 Todd C. Miller <Todd.Miller@sudo.ws> |
111 | + |
112 | + * Merge pull request #275 from AtariDreams/emergency |
113 | + |
114 | + Set command_info to NULL once it is freed |
115 | + [6d1e55f4e7b9] |
116 | + |
117 | +2023-06-26 Rose <83477269+AtariDreams@users.noreply.github.com> |
118 | + |
119 | + * plugins/sudoers/policy.c: |
120 | + Set command_info to NULL once it is freed |
121 | + |
122 | + The lack of setting to NULL is a holdover from when command_info was |
123 | + a local variable and not a global one. However, we given how other |
124 | + global variables are set to NULL, it is best that we do the same |
125 | + here to avoid potential issues should sudoers_policy_store_result be |
126 | + called again after the first time failed, otherwise we could get a |
127 | + double-free. |
128 | + [a1a462a52a98] |
129 | + |
130 | +2023-06-25 Todd C. Miller <Todd.Miller@sudo.ws> |
131 | + |
132 | + * Merge pull request #274 from bin-ly/main |
133 | + |
134 | + Modify the is_script function for match_command.c |
135 | + [05675d16bd52] |
136 | + |
137 | +2023-06-25 binlingyu <binlingyu@uniontech.com> |
138 | + |
139 | + * plugins/sudoers/match_command.c: |
140 | + Modify the is_script function for match_command.c |
141 | + [ce944a838c33] |
142 | + |
143 | +2023-06-21 Todd C. Miller <Todd.Miller@sudo.ws> |
144 | + |
145 | + * NEWS: |
146 | + Mention C99 requirement. |
147 | + [f12a7b68e0b2] |
148 | + |
149 | +2023-06-20 Todd C. Miller <Todd.Miller@sudo.ws> |
150 | + |
151 | + * docs/sudoers.man.in, docs/sudoers.mdoc.in: |
152 | + Reference SETENV-related settings in the command environment |
153 | + section. |
154 | + |
155 | + Based on GitHub PR #273 from Ilya Kulakov. |
156 | + [f8b5ef533800] |
157 | + |
158 | + * INSTALL.md: |
159 | + Sudo requires a C99 compiler due to the use of flexible array |
160 | + members. |
161 | + [bb80666c7382] |
162 | + |
163 | + * Merge pull request #266 from AtariDreams/c99 |
164 | + |
165 | + Do variable length arrays the C99 way |
166 | + [690561b17683] |
167 | + |
168 | +2023-06-19 Todd C. Miller <Todd.Miller@sudo.ws> |
169 | + |
170 | + * Merge pull request #269 from trackers-lover/main |
171 | + |
172 | + correct the return value type of function alias_find_used |
173 | + [30dc3eb4a59a] |
174 | + |
175 | +2023-06-18 Todd C. Miller <Todd.Miller@sudo.ws> |
176 | + |
177 | + * docs/sudoers.man.in, docs/sudoers.mdoc.in: |
178 | + Clarify that use_pty is on by default starting with 1.9.14. |
179 | + [984048215229] |
180 | + |
181 | + * docs/sudo.man.in, docs/sudo.mdoc.in: |
182 | + Sudo runs the command in a pty by default in 1.9.14 and above. |
183 | + [92ec41fdf7c9] |
184 | + |
185 | + * plugins/sudoers/sudoers.in: |
186 | + Add commented out example for disabling use_pty. |
187 | + [9a59b831f363] |
188 | + |
189 | +2023-06-15 Todd C. Miller <Todd.Miller@sudo.ws> |
190 | + |
191 | + * .circleci/config.yml: |
192 | + Update Xcode version from 13.2.1 to 13.4.1. |
193 | + [10bbb25b415e] |
194 | + |
195 | +2023-06-14 Todd C. Miller <Todd.Miller@sudo.ws> |
196 | + |
197 | + * MANIFEST: |
198 | + Add plugins/sudoers/regress/testsudoers/passwd to MANIFEST. |
199 | + [016644afd8ae] |
200 | + |
201 | + * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
202 | + plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, po/eo.mo, |
203 | + po/eo.po, po/pl.mo, po/pl.po: |
204 | + Updated translations from translationproject.org |
205 | + [97167b63ffbd] |
206 | + |
207 | + * NEWS: |
208 | + Document recent bug fixes. |
209 | + [34d8ffa919c6] |
210 | + |
211 | + * MANIFEST, plugins/sudoers/regress/testsudoers/group, |
212 | + plugins/sudoers/regress/testsudoers/passwd, |
213 | + plugins/sudoers/regress/testsudoers/test22.out.ok, |
214 | + plugins/sudoers/regress/testsudoers/test22.sh, |
215 | + plugins/sudoers/regress/testsudoers/test23.out.ok, |
216 | + plugins/sudoers/regress/testsudoers/test23.sh: |
217 | + Add tests to exercise recent runas user and group bug fixes. |
218 | + [20f19831ed34] |
219 | + |
220 | + * MANIFEST, plugins/sudoers/regress/testsudoers/passwd, |
221 | + plugins/sudoers/regress/testsudoers/test21.out.ok, |
222 | + plugins/sudoers/regress/testsudoers/test21.sh: |
223 | + Add test to exercise the bug that prevented the group specified via |
224 | + "sudo -g" from matching when a Runas_Alias was used in the user or |
225 | + group portion of a Runas_Spec. |
226 | + [16c0668b5c4b] |
227 | + |
228 | +2023-06-13 Todd C. Miller <Todd.Miller@sudo.ws> |
229 | + |
230 | + * plugins/sudoers/match.c: |
231 | + runaslist_matches: split out user_list and group_list matching. |
232 | + |
233 | + This makes it possible to call the appropriate runas user or group |
234 | + list match function when resolving aliases instead of calling |
235 | + runaslist_matches() itself. Fixes a bug that prevented the group |
236 | + specified via "sudo -g" from matching when a Runas_Alias was used in |
237 | + the user or group portion of a Runas_Spec. |
238 | + [3e0885e96418] |
239 | + |
240 | + * plugins/sudoers/match.c: |
241 | + runaslist_matches: remove special case to handle "sudo -g group" |
242 | + |
243 | + Now that we are guaranteed to have a runas user list for all sudoers |
244 | + rules that contain a runas list, we can remove support for the |
245 | + special case where user_matched is set in the runas group matching |
246 | + conditional. This fixes a bug where "sudo -u myuser -g mygroup" was |
247 | + permitted by a rule like "myuser ALL = (root) ALL". |
248 | + [d80e907efe77] |
249 | + |
250 | + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
251 | + plugins/sudoers/regress/sudoers/test27.json.ok, |
252 | + plugins/sudoers/regress/sudoers/test27.ldif.ok, |
253 | + plugins/sudoers/regress/sudoers/test27.out.ok: |
254 | + Populate runasusers even when only a grouplist is specified. |
255 | + |
256 | + When a sudoers rule permits the user to run commands as a group, not |
257 | + a user, we should set the runasusers to single member with the |
258 | + special MYSELF token. This guarantees that the only time runasusers |
259 | + will be NULL is when no runaslist is present. |
260 | + [25c293ae5053] |
261 | + |
262 | + * plugins/sudoers/match.c: |
263 | + runaslist_matches: fix bug when no runas list is specified in |
264 | + sudoers. |
265 | + |
266 | + If a sudoers rule has no runas list, a user-specified runas group |
267 | + should only be allowed if it matches a group that the default runas |
268 | + user belongs to. Instead, a missing group check allowed the user run |
269 | + commands as the default runas user with an arbitrary group. |
270 | + |
271 | + This means that a rule like "somebody host = ALL", which should be |
272 | + equivalent to "somebody host = (root) ALL", had the same effect as |
273 | + "somebody host = (root:ALL) ALL". |
274 | + [eeb075b3b79c] |
275 | + |
276 | +2023-06-11 Todd C. Miller <Todd.Miller@sudo.ws> |
277 | + |
278 | + * plugins/python/pyhelpers.h: |
279 | + Python may be built with 32-bit time_t support on 32-bit platforms. |
280 | + We need to undef the SIZEOF_TIME_T from pyconfig.h so it does not |
281 | + conflict with our own. |
282 | + [c8bf985eb777] |
283 | + |
284 | +2023-06-10 Todd C. Miller <Todd.Miller@sudo.ws> |
285 | + |
286 | + * Merge pull request #272 from millert/main |
287 | + |
288 | + Avoid use of variable length arrays and add ctype(3) casts. |
289 | + [806b2266f6ab] |
290 | + |
291 | + * lib/util/lbuf.c: |
292 | + Avoid use of variable length arrays and add ctype(3) casts. |
293 | + [d8c80d4905b3] |
294 | + |
295 | + * Merge pull request #270 from moehanabi/main |
296 | + |
297 | + Add %n$s support for sudo_lbuf_append_v1 |
298 | + [53ad2cdaaabe] |
299 | + |
300 | +2023-06-09 Brilliant Hanabi <130747944+moehanabi@users.noreply.github.com> |
301 | + |
302 | + * lib/util/lbuf.c: |
303 | + Add %n$s support for sudo_lbuf_append_v1 |
304 | + [f48fa0250fdc] |
305 | + |
306 | +2023-06-09 bianguangze <bianguangze@uniontech.com> |
307 | + |
308 | + * plugins/sudoers/alias.c: |
309 | + correct the return value type of function alias_find_used |
310 | + [f689f55fef3f] |
311 | + |
312 | +2023-06-07 Todd C. Miller <Todd.Miller@sudo.ws> |
313 | + |
314 | + * plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, |
315 | + plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
316 | + plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
317 | + plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po, |
318 | + plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, |
319 | + plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, |
320 | + plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, |
321 | + plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, |
322 | + plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, |
323 | + plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo, |
324 | + po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, |
325 | + po/fr.po, po/hr.mo, po/hr.po, po/ko.mo, po/ko.po, po/ro.mo, |
326 | + po/ro.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo, |
327 | + po/uk.po, po/vi.mo, po/vi.po: |
328 | + Updated translations from translationproject.org |
329 | + [966147718ed3] |
330 | + |
331 | + * plugins/sudoers/po/sudoers.pot, po/sudo.pot: |
332 | + Update .pot files for 1.9.14 |
333 | + [b79b44520c46] |
334 | + |
335 | + * NEWS: |
336 | + Mention Bug #1050 fix. |
337 | + [c4af7e56a515] |
338 | + |
339 | + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in, |
340 | + plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, |
341 | + plugins/sudoers/sudo_ldap_conf.h: |
342 | + Add NETGROUP_QUERY option for servers that can't match |
343 | + nisNetgroupTriple. This can be used to support netgroup queries on |
344 | + systems that lack the innetgr() function and where the LDAP server |
345 | + cannot query the nisNetgroup by nisNetgroupTriple. |
346 | + [98b293bee424] |
347 | + |
348 | +2023-06-06 Todd C. Miller <Todd.Miller@sudo.ws> |
349 | + |
350 | + * plugins/sudoers/defaults.c, plugins/sudoers/ldap.c, |
351 | + plugins/sudoers/match.c, plugins/sudoers/parse.h: |
352 | + sudo_ldap_check_non_unix_group: pass nss pointer to netgr_matches() |
353 | + This allows us to use the LDAP-specific version of innetgr() when |
354 | + possible. Also enable "use_netgroups" by default even on systems |
355 | + without innetgr() since we can now query netgroups directly via |
356 | + LDAP. |
357 | + [a443919be48c] |
358 | + |
359 | +2023-06-05 Todd C. Miller <Todd.Miller@sudo.ws> |
360 | + |
361 | + * src/exec_ptrace.c: |
362 | + Only call ptrace_verify_post_exec() for intercept, not log_subcmds. |
363 | + [9f55dcdd66cd] |
364 | + |
365 | + * NEWS, configure, configure.ac: |
366 | + sudo 1.9.14 |
367 | + [73c25828ffc8] |
368 | + |
369 | +2023-06-04 Todd C. Miller <Todd.Miller@sudo.ws> |
370 | + |
371 | + * plugins/sudoers/visudo.c: |
372 | + run_command: back out changes to run editor in its own process |
373 | + group. It unnecessarily complicates things to work around bugs in an |
374 | + OS almost no one runs. |
375 | + [8790d32a4f99] |
376 | + |
377 | + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, |
378 | + lib/util/suspend_parent.c, lib/util/util.exp.in, |
379 | + plugins/sudoers/Makefile.in, src/Makefile.in, src/sudo_exec.h, |
380 | + src/suspend_parent.c: |
381 | + Make suspend_parent.c out of lib/util and into src. Nothing else |
382 | + uses it now. |
383 | + [69eda3d690e4] |
384 | + |
385 | +2023-06-03 Todd C. Miller <Todd.Miller@sudo.ws> |
386 | + |
387 | + * plugins/sudoers/digestname.c, plugins/sudoers/filedigest.c, |
388 | + plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
389 | + plugins/sudoers/parse.h, |
390 | + plugins/sudoers/regress/parser/check_digest.c, |
391 | + plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
392 | + Initialize digest_type to SUDO_DIGEST_INVALID, not -1 and make it |
393 | + unsigned. This makes the digest type consistently unsigned instead |
394 | + of a mix of signed (for the -1 value in the tokenizer) and unsigned. |
395 | + [49ef7c33450f] |
396 | + |
397 | +2023-05-25 Todd C. Miller <Todd.Miller@sudo.ws> |
398 | + |
399 | + * docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in, |
400 | + etc/codespell.exclude, etc/codespell.ignore, |
401 | + plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, |
402 | + plugins/sudoers/pivot.c, plugins/sudoers/visudo.c: |
403 | + Fix typos and update excluded/ignored codespell lists. |
404 | + [bdb70620b4e4] |
405 | + |
406 | +2023-05-19 Todd C. Miller <Todd.Miller@sudo.ws> |
407 | + |
408 | + * plugins/sudoers/visudo.c: |
409 | + run_command: check that ttyfd is not -1 before using it |
410 | + [990cbd169a37] |
411 | + |
412 | +2023-05-18 Rose <83477269+AtariDreams@users.noreply.github.com> |
413 | + |
414 | + * include/sudo_event.h, lib/util/event.c, lib/util/rcstr.c, |
415 | + plugins/sudoers/canon_path.c, plugins/sudoers/ldap_conf.c, |
416 | + plugins/sudoers/sudo_ldap_conf.h: |
417 | + Do variable length arrays the C99 way |
418 | + |
419 | + Variable length arrays are supported by C99, but having it denoted |
420 | + as "1" confused the compiler and is not defined. |
421 | + |
422 | + Note that because we don't get the inferred NULL terminator, we have |
423 | + to increase the malloc size by one. |
424 | + [4e33419e940e] |
425 | + |
426 | +2023-05-11 Todd C. Miller <Todd.Miller@sudo.ws> |
427 | + |
428 | + * plugins/sudoers/visudo.c: |
429 | + Work around a macOS a kernel bug where tcsetpgrp() does not restart. |
430 | + |
431 | + I reported this bug to Apple over 12 years ago. |
432 | + [77871464e563] |
433 | + |
434 | + * plugins/sudoers/visudo.c: |
435 | + run_command: run editor in foreground if visudo is the foreground |
436 | + process |
437 | + |
438 | + The command is now always run in its own process group. If visudo is |
439 | + run in the foreground, the command is run in the foreground too. |
440 | + Otherwise, run the command in the background. There is a race |
441 | + between the tcsetpgrp() call in the parent and the execve() in the |
442 | + child. If we lose the race and the command needs the controlling |
443 | + terminal, it will be stopped with SIGTTOU or SIGTTIN, which the |
444 | + waitpid() loop will handle. |
445 | + [e8e14e0024da] |
446 | + |
447 | + * plugins/sudoers/visudo.c: |
448 | + Accept carriage return for EOL in addition to newline. |
449 | + |
450 | + Since visudo doesn't alter the terminal settings it is possible for |
451 | + the terminal to have the ONLCR bit set in the output control flags. |
452 | + In that case, we will get a CR, not a NL when the user presses |
453 | + enter/return. One way this can happen is if visudo is run in the |
454 | + background from a shell that supports line editing and the editor |
455 | + restores the (cbreak-style) terminal mode when it finishes. |
456 | + [14538e74fd02] |
457 | + |
458 | +2023-05-09 Todd C. Miller <Todd.Miller@sudo.ws> |
459 | + |
460 | + * plugins/sudoers/regress/parser/check_fill.c: |
461 | + check_fill: sudoers_strict() is now a function, not a global |
462 | + variable |
463 | + [8b8e72d283df] |
464 | + |
465 | + * plugins/sudoers/parse.h, plugins/sudoers/sudoers.h, |
466 | + plugins/sudoers/toke.h: |
467 | + Move parser prototypes / externs from sudoers.h to parse.h or |
468 | + toke.h. |
469 | + [79a52390c46b] |
470 | + |
471 | + * plugins/sudoers/file.c, plugins/sudoers/sudoers.c: |
472 | + parse.h is already included by sudoers.h. |
473 | + [f6faa3f782a2] |
474 | + |
475 | + * plugins/sudoers/policy.c, plugins/sudoers/testsudoers.c, |
476 | + plugins/sudoers/visudo.c: |
477 | + Rename parser_conf -> sudoers_conf in all but the parser itself. |
478 | + [61614621341e] |
479 | + |
480 | +2023-05-08 Todd C. Miller <Todd.Miller@sudo.ws> |
481 | + |
482 | + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, |
483 | + plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
484 | + plugins/sudoers/parse.h, plugins/sudoers/policy.c, |
485 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
486 | + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
487 | + plugins/sudoers/visudo.c: |
488 | + Move sudoers search path to struct sudoers_parser_config. |
489 | + |
490 | + That way we can avoid passing it to init_parser() directly. We still |
491 | + need sudoers_search_path to be shared between the lexer and the |
492 | + parser. |
493 | + [5e6c6a08aded] |
494 | + |
495 | + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, |
496 | + plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
497 | + plugins/sudoers/parse.h, plugins/sudoers/policy.c, |
498 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
499 | + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
500 | + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
501 | + plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
502 | + plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
503 | + Add struct sudoers_parser_config and pass it to init_parser(). |
504 | + |
505 | + This struct contains parser configuration such as the sudoers file |
506 | + uid/gid/mode and parse flags such as verbose, strict and recovery. |
507 | + [ed8042e7a49a] |
508 | + |
509 | + * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
510 | + push_include_int: Avoid passing close(2) a negative value on error. |
511 | + Coverity CID 314108 |
512 | + [bbbdfa87543e] |
513 | + |
514 | + * plugins/sudoers/ldap.c: |
515 | + Eliminate dead store. Coverity CID 315032. |
516 | + [6b48998e4db1] |
517 | + |
518 | +2023-05-05 Todd C. Miller <Todd.Miller@sudo.ws> |
519 | + |
520 | + * include/sudo_iolog.h, lib/iolog/iolog_gets.c: |
521 | + iolog_gets: change size parameter to int to match fgets/gzgets |
522 | + |
523 | + Return an error, setting errno to EINVAL, for negative sizes. |
524 | + [27534bcb58a7] |
525 | + |
526 | +2023-05-04 Todd C. Miller <Todd.Miller@sudo.ws> |
527 | + |
528 | + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
529 | + plugins/sudoers/sudoers.h: |
530 | + Rename force_umask to override_umask and make it private to |
531 | + sudoers.c. |
532 | + |
533 | + Add getter for policy.c. |
534 | + [1c8a56c767f3] |
535 | + |
536 | + * plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c, |
537 | + plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
538 | + plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c: |
539 | + Make timestamp_uid and timestamp_gid private to timestamp.c. |
540 | + |
541 | + Add getter (for set_perms.c) and setter (for sudoers.c). |
542 | + [ad49d0ee7e6f] |
543 | + |
544 | + * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/sudo_auth.h, |
545 | + plugins/sudoers/policy.c, |
546 | + plugins/sudoers/regress/fuzz/fuzz_policy.c, |
547 | + plugins/sudoers/sudoers.h: |
548 | + Make login_style private to bsdauth.c |
549 | + |
550 | + Add a setter for policy.c to handle auth_type from the front-end. |
551 | + [962af1d3d0fd] |
552 | + |
553 | +2023-05-03 Todd C. Miller <Todd.Miller@sudo.ws> |
554 | + |
555 | + * lib/util/sudo_debug.c: |
556 | + Back out last change, len must be int, not size_t, for %.*s. |
557 | + [a82bbd86fa29] |
558 | + |
559 | + * src/exec_pty.c: |
560 | + Use a "%s" format instead of using a translated string as the |
561 | + format. |
562 | + [1a73a1b4fa94] |
563 | + |
564 | + * Merge pull request #260 from AtariDreams/size_t |
565 | + |
566 | + Prefer size_t over int, as casting can take extra instructions |
567 | + [c0fd1027e105] |
568 | + |
569 | +2023-05-03 Rose <83477269+AtariDreams@users.noreply.github.com> |
570 | + |
571 | + * lib/eventlog/parse_json.c, lib/util/sudo_debug.c, |
572 | + plugins/sudoers/fmtsudoers.c: |
573 | + Prefer size_t over int, as casting can take extra instructions |
574 | + [96fc138b2009] |
575 | + |
576 | +2023-05-02 Todd C. Miller <Todd.Miller@sudo.ws> |
577 | + |
578 | + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, |
579 | + plugins/sudoers/gram.y, plugins/sudoers/parse.h, |
580 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
581 | + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
582 | + Rename init_parser_ext() to init_parser() and remove old wrapper. |
583 | + |
584 | + There was only one consumer of the init_parser() wrapper now that |
585 | + reset_parser() has been introduced. |
586 | + [4be1b8965ce6] |
587 | + |
588 | + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
589 | + plugins/sudoers/parse.h, |
590 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
591 | + plugins/sudoers/sudoers.c: |
592 | + Add reset_parser() and use in place of init_parser(NULL). |
593 | + [f85227ac1182] |
594 | + |
595 | + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, |
596 | + plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: |
597 | + Make path_ldap_conf and path_ldap_secret private to policy.c. |
598 | + |
599 | + Add getters for both so the ldap code can access them. |
600 | + [90a2107d6ec7] |
601 | + |
602 | + * plugins/sudoers/file.c, plugins/sudoers/policy.c, |
603 | + plugins/sudoers/sudoers.h, plugins/sudoers/toke.c, |
604 | + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: |
605 | + Make sudoers_file private to policy.c and visudo.c. |
606 | + |
607 | + We just need a way for the policy (and visudo) to override the |
608 | + default sudoers path. This adds a getter to be used in file.c when |
609 | + sudoers is first opened. |
610 | + [657aa80f3af8] |
611 | + |
612 | + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
613 | + plugins/sudoers/parse.h, |
614 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
615 | + plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
616 | + plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
617 | + plugins/sudoers/visudo.c: |
618 | + Support adminconfdir for relative include paths in sudoers. |
619 | + [7ebdbd46b47b] |
620 | + |
621 | + * plugins/sudoers/visudo.c: |
622 | + Track the destination sudoers path for each parsed file. |
623 | + |
624 | + When adminconfdir is enabled, the destination pathh may be different |
625 | + from the path we opened. We always store an edited file in the |
626 | + adminconfdir (if enabled). This makes it possible to use visudo when |
627 | + /etc/sudoers is located on a read-only file system. |
628 | + [de896a012d81] |
629 | + |
630 | + * INSTALL.md, Makefile.in, configure, configure.ac, docs/Makefile.in, |
631 | + examples/Makefile.in, include/Makefile.in, lib/util/Makefile.in, |
632 | + lib/zlib/Makefile.in, logsrvd/Makefile.in, m4/sudo.m4, |
633 | + plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in, |
634 | + plugins/python/Makefile.in, plugins/sample/Makefile.in, |
635 | + plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in, |
636 | + plugins/system_group/Makefile.in, src/Makefile.in: |
637 | + Add adminconfdir and --enable-adminconf to set it. Configuration |
638 | + paths in sudo are now a colon-separated list of files with the |
639 | + adminconfdir instance first (if enabled), followed by a sysconfdir |
640 | + instance. |
641 | + [be1f672878ae] |
642 | + |
643 | + * configure, configure.ac, include/sudo_util.h, lib/util/Makefile.in, |
644 | + lib/util/secure_path.c, lib/util/sudo_conf.c, lib/util/util.exp.in, |
645 | + logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, |
646 | + plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c, |
647 | + plugins/sudoers/sudoers.c, src/Makefile.in: |
648 | + Convert config file paths to colon-separated path list. This means |
649 | + that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and |
650 | + _PATH_CVTSUDOERS_CONF can now specify multiple files. The first file |
651 | + that exists is used. |
652 | + [902d9da6a941] |
653 | + |
654 | + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, |
655 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
656 | + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, |
657 | + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
658 | + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
659 | + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: |
660 | + Support sudoers_file being a colon-separated path of files. The |
661 | + first file found is used. |
662 | + [bebe005e2d32] |
663 | + |
664 | +2023-05-01 Todd C. Miller <Todd.Miller@sudo.ws> |
665 | + |
666 | + * config.h.in, configure: |
667 | + Regenerate with latest autoconf from git. |
668 | + [0996570205bf] |
669 | + |
670 | +2023-04-28 Todd C. Miller <Todd.Miller@sudo.ws> |
671 | + |
672 | + * logsrvd/logsrvd_conf.c: |
673 | + No longer need to set AI_NUMERICSERV while fuzzing. |
674 | + |
675 | + Now that getaddrinfo() is stubbed out while fuzzing we can remove |
676 | + the hack that set AI_NUMERICSERV. |
677 | + [8e3deb584c1c] |
678 | + |
679 | +2023-04-26 Todd C. Miller <Todd.Miller@sudo.ws> |
680 | + |
681 | + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, |
682 | + plugins/sudoers/regress/fuzz/fuzz_policy.c: |
683 | + getaddrinfo stub: set sin_port |
684 | + [019eb2da9944] |
685 | + |
686 | + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, |
687 | + plugins/sudoers/regress/fuzz/fuzz_policy.c: |
688 | + Avoid NULL deref in stub getaddrinfo() when nodename is NULL. Also |
689 | + add support for parsing servname. We only need to support a subset |
690 | + of getaddrinfo() functionality in the fuzzer. |
691 | + [a605cc43bbaf] |
692 | + |
693 | + * configure, m4/hardening.m4: |
694 | + Add missing stdio.h include for the _FORTIFY_SOURCE=2 check. |
695 | + Implementations of _FORTIFY_SOURCE require the header file to be |
696 | + included. Also remove the useless test of an empty program with |
697 | + _FORTIFY_SOURCE defined. Pointed out by Florian Weimer. |
698 | + [511b9bdddbdc] |
699 | + |
700 | + * configure, m4/ldap.m4: |
701 | + Use ldap_msgfree() instead of ldap_init() for the lber.h test. The |
702 | + ldap_init() function is marked as deprecated and not defined by |
703 | + default on some systems. This can cause an error for compilers that |
704 | + do not support implicit function declarations. From Florian Weimer. |
705 | + [1b1ce2072403] |
706 | + |
707 | +2023-04-25 Todd C. Miller <Todd.Miller@sudo.ws> |
708 | + |
709 | + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: |
710 | + Include arpa/inet.h for inet_pton() prototype. |
711 | + [50d3b09376f7] |
712 | + |
713 | + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: |
714 | + Add netdb.h for struct addrinfo and EAI_* error codes. |
715 | + [92d33c6f8a23] |
716 | + |
717 | + * logsrvd/regress/fuzz/fuzz_logsrvd_conf.c: |
718 | + Stub out getaddrinfo() and freeaddrinfo(). We may not be able have |
719 | + access to DNS in the fuzzing environment. |
720 | + [b3d2e6c04076] |
721 | + |
722 | + * lib/eventlog/regress/eventlog_store/store_sudo_test.c: |
723 | + Plug memory leaks in store_sudo_test found by LSAN. |
724 | + [5f1d68d01c0c] |
725 | + |
726 | +2023-04-24 Todd C. Miller <Todd.Miller@sudo.ws> |
727 | + |
728 | + * src/limits.c: |
729 | + disable_coredump: only change the soft limit, leave the hard limit |
730 | + as-is This should avoid problems on Linux in cases where sudo does |
731 | + not have CAP_SYS_RESOURCE which may be the case in an unprivileged |
732 | + container. GitHub issue #42 |
733 | + [4e65c3923119] |
734 | + |
735 | +2023-04-19 Todd C. Miller <Todd.Miller@sudo.ws> |
736 | + |
737 | + * scripts/build_pkgs: |
738 | + Add basic support for remote power on/off via net-snmp. |
739 | + [ca021941fd58] |
740 | + |
741 | + * src/exec.c: |
742 | + More accurate description of what happens for "sudo -b". |
743 | + [a9158169fcac] |
744 | + |
745 | + * src/exec_pty.c: |
746 | + Better support for "sudo -b" when running the command in a pty. |
747 | + |
748 | + When a command is run via "sudo -b" it has no access to terminal |
749 | + input. In non-pty mode, the command runs in an orphaned process |
750 | + group and reads from the controlling terminal fail with EIO. We |
751 | + cannot do the same while running in a pty but if we set stdin to a |
752 | + half-closed pipe, reads from it will get EOF. That is close enough. |
753 | + [a284611a18fd] |
754 | + |
755 | +2023-04-18 Todd C. Miller <Todd.Miller@sudo.ws> |
756 | + |
757 | + * src/exec_nopty.c, src/exec_pty.c, src/selinux.c, src/sudo.h, |
758 | + src/ttyname.c: |
759 | + Avoid calling isatty()/ttyname() on std{in,out,err} if not a char |
760 | + dev. |
761 | + |
762 | + The user controls these fds so we should avoid calling ioctl(2) on |
763 | + them unless they correspond to actual character device files. |
764 | + [745430b563db] |
765 | + |
766 | + * src/parse_args.c, src/sudo_usage.h.in: |
767 | + Hard-code usage() and help() for an 80-column terminal. |
768 | + |
769 | + Trying to tailor the help and usage output to the terminal width is |
770 | + simply not worth it and could be abused to mark a socket as |
771 | + "trusted" on Linux if there are additional kernel bugs like |
772 | + CVE-2023-2002. |
773 | + [d06fa6322ffb] |
774 | + |
775 | + * config.h.in, configure, configure.ac, src/sudo.c, |
776 | + src/sudo_usage.h.in: |
777 | + Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. |
778 | + [e3149b6f4392] |
779 | + |
780 | +2023-04-17 Todd C. Miller <Todd.Miller@sudo.ws> |
781 | + |
782 | + * lib/util/ttysize.c, src/sudo.c: |
783 | + get_user_info: call sudo_get_ttysize() even if no /dev/tty We still |
784 | + want to initialize rows and cols based on the environment if |
785 | + possible. |
786 | + [4f3801c2f264] |
787 | + |
788 | +2023-04-16 Todd C. Miller <Todd.Miller@sudo.ws> |
789 | + |
790 | + * src/parse_args.c: |
791 | + Get the tty size using stdout, not stderr, when printing help |
792 | + output. While usage() prints to stderr, help() prints to stdout. |
793 | + [0bdf411ebc7f] |
794 | + |
795 | + * src/sudo.c: |
796 | + get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not |
797 | + stderr. Both the plugin API and the main event loop expect |
798 | + lines/cols to refer to the user's terminal, so using /dev/tty is |
799 | + better here. |
800 | + [2e7ba199f4c7] |
801 | + |
802 | + * include/sudo_util.h, lib/util/ttysize.c, lib/util/util.exp.in, |
803 | + plugins/sudoers/sudoreplay.c, src/parse_args.c, src/sudo.c: |
804 | + Add an fd argument to sudo_get_ttysize() instead of always using |
805 | + stderr. |
806 | + |
807 | + For sudoreplay we open /dev/tty, so use that instead of stderr when |
808 | + determining the terminal size. |
809 | + [4afc292d3cf4] |
810 | + |
811 | + * lib/util/ttysize.c: |
812 | + Check whether stderr is a tty before trying TIOCGWINSZ. |
813 | + [4a0d367e49c6] |
814 | + |
815 | +2023-04-14 Todd C. Miller <Todd.Miller@sudo.ws> |
816 | + |
817 | + * configure, configure.ac: |
818 | + Use -no-undefined on macOS to avoid "-undefined dynamic_lookup" |
819 | + warnings. |
820 | + |
821 | + Starting with macOS 13, the linker warns when "-undefined |
822 | + dynamic_lookup" is used. This is added by libtool by default on |
823 | + macOS but we can suppress it by passing -no-undefined to libtool. |
824 | + [afeb9acd894c] |
825 | + |
826 | +2023-04-08 Todd C. Miller <Todd.Miller@sudo.ws> |
827 | + |
828 | + * docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile, |
829 | + docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile, |
830 | + docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile, |
831 | + docker/ubuntu/rolling/Dockerfile: |
832 | + Add make to Dockerfile and sort packages. |
833 | + [fa937cbf8a23] |
834 | + |
835 | +2023-04-06 Todd C. Miller <Todd.Miller@sudo.ws> |
836 | + |
837 | + * docs/UPGRADE.md, docs/sudoers.man.in, docs/sudoers.mdoc.in, |
838 | + plugins/sudoers/defaults.c: |
839 | + Enable the use_pty option by default for sudo 1.9.14. |
840 | + |
841 | + GitHub issue #258 |
842 | + [86a1a6da1878] |
843 | + |
844 | +2023-04-05 Todd C. Miller <Todd.Miller@sudo.ws> |
845 | + |
846 | + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
847 | + plugins/sudoers/sudoers.h: |
848 | + Split up the monolithic sudoers_policy_main() function. |
849 | + |
850 | + This splits the code to find the command, perform a sudoers lookup, |
851 | + ask for a password as needed, and perform post-lokup checks out into |
852 | + sudoers_check_common(). The old sudoers_policy_main() has been |
853 | + replaced by sudoers_check_cmnd() (called by sudoers_policy_check()), |
854 | + sudoers_validate_user() (called by sudoers_policy_validate()) and |
855 | + sudoers_list() (called by sudoers_policy_list()). The list_user |
856 | + lookup is now performed in sudoers_list(). |
857 | + [59e0b245c776] |
858 | + |
859 | + * plugins/sudoers/sudoers.c: |
860 | + Move the root_sudo check until after we apply per-command Defaults. |
861 | + |
862 | + It is possible, though unlikely, for "root_sudo" to be used in a |
863 | + per-command Defaults statement. |
864 | + [ca1903576e0d] |
865 | + |
866 | +2023-04-01 Todd C. Miller <Todd.Miller@sudo.ws> |
867 | + |
868 | + * plugins/sudoers/sudoers.c: |
869 | + sudoers_policy_main: restore locale if sudoers_lookup() fails. |
870 | + |
871 | + Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers |
872 | + locale would still be in effect instead of the original locale. |
873 | + [24df4eebbfc8] |
874 | + |
875 | + * plugins/sudoers/parse.c: |
876 | + sudoers_lookup_pseudo: remove validated function argument |
877 | + |
878 | + This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared |
879 | + at the top of the fuction. Make validated a local variables, |
880 | + initialized to 0, instead. No change in behavior. |
881 | + [72e6207850fc] |
882 | + |
883 | +2023-03-31 Todd C. Miller <Todd.Miller@sudo.ws> |
884 | + |
885 | + * plugins/sudoers/audit.c, plugins/sudoers/iolog.c: |
886 | + The I/O log file name is not just the basename of the full |
887 | + iolog_path. The audit plugin already has the correct value for |
888 | + iolog_file, don't overwrite it with basename(iolog_path). In the |
889 | + future we may wish to pass in iolog_file and iolog_dir in addition |
890 | + to iolog_path. Fixes Bug #1046. |
891 | + [f272de885273] |
892 | + |
893 | +2023-03-29 Todd C. Miller <Todd.Miller@sudo.ws> |
894 | + |
895 | + * plugins/sudoers/sudoers.c: |
896 | + Warn with "unknown user" not "unknown uid" if user cannot be |
897 | + resolved. Prior to sudo 1.8 this was after a getpwuid() but now we |
898 | + use getpwnam(). |
899 | + [9a523881df41] |
900 | + |
901 | + * plugins/sudoers/sudoers.c: |
902 | + Set timestamp_uid and timestamp_gid via a callback. This also makes |
903 | + it possible to include the location of the line in the sudoers file |
904 | + in the warning message (and mail). |
905 | + [5588cf3cb55b] |
906 | + |
907 | +2023-03-28 Todd C. Miller <Todd.Miller@sudo.ws> |
908 | + |
909 | + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: |
910 | + Fix display of escape sequencees in ldapsearch example. |
911 | + [08dc98162160] |
912 | + |
913 | + * docs/sudoers.man.in, docs/sudoers.mdoc.in: |
914 | + White space is not allowed between Defaults and '@', ':', '!', '>'. |
915 | + The EBNF made it appear that this is allowed when it really is not. |
916 | + [74bba755afaf] |
917 | + |
918 | +2023-03-27 Todd C. Miller <Todd.Miller@sudo.ws> |
919 | + |
920 | + * src/edit_open.c, src/exec.c, src/exec_intercept.c, |
921 | + src/exec_intercept.h, src/exec_monitor.c, src/exec_nopty.c, |
922 | + src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
923 | + src/sudo_edit.h, src/sudo_exec.h, src/tgetpass.c: |
924 | + Make struct {command,user}_details pointers const where possible. |
925 | + [dcfa95a24789] |
926 | + |
927 | + * src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c: |
928 | + Make user_details private to main. |
929 | + [43477263455b] |
930 | + |
931 | + * src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/parse_args.c, |
932 | + src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, |
933 | + src/tgetpass.c: |
934 | + Make user_details private to sudo.c. |
935 | + [fec5df7605dc] |
936 | + |
937 | + * configure, scripts/config.sub: |
938 | + Regenerate with the autoconf 2.72c snapshot. |
939 | + [6dda0f9323b1] |
940 | + |
941 | +2023-03-25 Todd C. Miller <Todd.Miller@sudo.ws> |
942 | + |
943 | + * src/parse_args.c: |
944 | + Use sudo_get_ttysize() in help() and usage(). This eliminates a |
945 | + dependency on the user_details global. |
946 | + [ecbc8afc1630] |
947 | + |
948 | + * src/exec.c, src/sudo.c, src/sudo.h: |
949 | + Store submitcwd (from user_details) in struct command_details. This |
950 | + eliminates use of the user_details global from exec_setup(). |
951 | + [ed37b2a451f8] |
952 | + |
953 | +2023-03-24 Todd C. Miller <Todd.Miller@sudo.ws> |
954 | + |
955 | + * src/utmp.c: |
956 | + utmp_fill: user is now always non-NULL, no need for user_details. |
957 | + [76bdecaaad07] |
958 | + |
959 | + * src/parse_args.c, src/sudo.c, src/sudo.h: |
960 | + Remove list_user global. |
961 | + [fd397db04688] |
962 | + |
963 | + * src/conversation.c: |
964 | + No need to declare tgetpass_flags, it is already in sudo.h. |
965 | + [c7e1b8ef75c8] |
966 | + |
967 | + * src/sudo.c: |
968 | + No need for sudo_mode to be global anymore. |
969 | + [f746eba12bd9] |
970 | + |
971 | + * src/sudo.c: |
972 | + Make command_details private to main(). |
973 | + [311fd705cce4] |
974 | + |
975 | + * src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: |
976 | + Make iobufs private to exec_iolog.c. |
977 | + [80861a209ddd] |
978 | + |
979 | + * src/sudo_exec.h: |
980 | + Remove ttymode and its associated values. |
981 | + [efb4e04097ab] |
982 | + |
983 | + * src/exec.c, src/exec_pty.c, src/get_pty.c, src/sudo.h, |
984 | + src/sudo_exec.h: |
985 | + Move ptyname to struct exec_closure |
986 | + [d4080a4262bd] |
987 | + |
988 | + * src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h: |
989 | + Move pty_make_controlling() to exec_monitor.c where it is called. We |
990 | + can use details->tty to access the pty follower path. |
991 | + [9875f0b136f4] |
992 | + |
993 | + * src/exec_pty.c, src/sudo.c: |
994 | + Eliminate utmp_user global, just use the value in struct command |
995 | + details. |
996 | + [95b28adcb0f3] |
997 | + |
998 | + * src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h: |
999 | + Replace tty_mode global with term_raw flag in struct exec_closure. |
1000 | + |
1001 | + The pty_cleanup hook needs access to the closure so add |
1002 | + pty_cleanup_init() to store a pointer to the closure for use by |
1003 | + pty_cleanup_hook(). |
1004 | + [cc01f0da46d9] |
1005 | + |
1006 | + * src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h: |
1007 | + Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). We |
1008 | + want it to execute in the main sudo process, not the monitor. |
1009 | + [279e370adc01] |
1010 | + |
1011 | + * src/exec_iolog.c: |
1012 | + Make ttyblock private to exec_iolog.c |
1013 | + [61243eba350d] |
1014 | + |
1015 | +2023-03-23 Todd C. Miller <Todd.Miller@sudo.ws> |
1016 | + |
1017 | + * src/exec_pty.c, src/sudo_exec.h: |
1018 | + exec_pty.c: move foreground flag to struct exec_closure. Also make |
1019 | + pipeline flag private to exec_pty() and remove the unneeded |
1020 | + check_foreground() prototype. |
1021 | + [dd25f1d91008] |
1022 | + |
1023 | + * src/exec_pty.c: |
1024 | + On resume, always sync the pty terminal settings with /dev/tty. |
1025 | + |
1026 | + Changes made to the terminal settings while the command is suspended |
1027 | + are now reflected in the pty when the command is resumed. This is |
1028 | + more consistent with the non-pty behavior and allows for the removal |
1029 | + of the "tty_initialized" global. One downside to this change is that |
1030 | + if a terminal-based program using the pty is stopped with SIGSTOP it |
1031 | + may have the wrong terminal settings on resume. However, this is no |
1032 | + different from the non-pty case. |
1033 | + [3e59765dea31] |
1034 | + |
1035 | + * lib/util/suspend_parent.c, lib/util/term.c: |
1036 | + Correct a comment. |
1037 | + [393a4d472507] |
1038 | + |
1039 | +2023-03-22 Todd C. Miller <Todd.Miller@sudo.ws> |
1040 | + |
1041 | + * .github/FUNDING.yml: |
1042 | + GitHub sponsor settings. |
1043 | + [7bd778b9adef] |
1044 | + |
1045 | + * config.h.in, configure, configure.ac: |
1046 | + Use built-in tests for bit types instead of using AC_CHECK_TYPES. |
1047 | + This should be more portable as it handles the quirks of some older |
1048 | + systems. |
1049 | + [7e471f2a914d] |
1050 | + |
1051 | + * plugins/sudoers/visudo.c, src/regress/intercept/test_ptrace.c: |
1052 | + Quiet compiler warnings on systems where pid_t is not an int. |
1053 | + Historically, pid_t was a long on some 32-bit systems like Solaris. |
1054 | + [c31393da893d] |
1055 | + |
1056 | + * plugins/sudoers/visudo.c: |
1057 | + Silence "used uninitialized" false positives with older gcc |
1058 | + versions. |
1059 | + [40f0ee142249] |
1060 | + |
1061 | + * src/exec_pty.c: |
1062 | + exec_pty: always copy the terminal settings from /dev/tty the pty. |
1063 | + Previously, we only did this when running in the foreground but this |
1064 | + can cause problems when running a program that reads the terminal |
1065 | + settings or window size in the background. If sudo is running in the |
1066 | + background, the terminal settings will be updated if it transitions |
1067 | + to the foreground process. Based on a suggestion from From Duncan |
1068 | + Overbruck. |
1069 | + [51a70eadc7fc] |
1070 | + |
1071 | + * src/exec_pty.c: |
1072 | + check_foreground: use SFD_LEADER not SFD_FOLLOWER (which was |
1073 | + closed). Also use SFD_LEADER for sudo_term_copy() in exec_pty() for |
1074 | + consistency. From Duncan Overbruck. |
1075 | + [172962b90aa6] |
1076 | + |
1077 | + * src/exec_pty.c: |
1078 | + suspend_sudo_pty: fix cut & pasto in last commit to catch SIGCONT. |
1079 | + Also set sa.sa_handler to SIG_DFL instead of SIG_IGN. There is no |
1080 | + difference for SIGCONT but it means we can re-use sa as-is later. |
1081 | + [e07725c8c939] |
1082 | + |
1083 | +2023-03-21 Todd C. Miller <Todd.Miller@sudo.ws> |
1084 | + |
1085 | + * src/exec_pty.c: |
1086 | + Catch SIGCONT and restore terminal settings on resume from SIGSTOP. |
1087 | + While we cannot catch SIGSTOP, we _can_ catch SIGCONT and set |
1088 | + /dev/tty to raw mode when running in the foreground. Ignore SIGCONT |
1089 | + in suspend_sudo_pty() so we don't call resume_terminal() twice. |
1090 | + [b5b2d739e44d] |
1091 | + |
1092 | + * src/exec_monitor.c, src/exec_pty.c: |
1093 | + Only convert a signal number to a name if we are going to use it. It |
1094 | + is mostly used for debug logging. |
1095 | + [225c3630ffff] |
1096 | + |
1097 | + * src/exec_monitor.c, src/exec_pty.c, src/sudo.h: |
1098 | + Move updating of the window size back to the main sudo process. We |
1099 | + can use the leader file descriptor with TIOCGWINSZ to set the window |
1100 | + size of the pty. Thanks to Duncan Overbruck for the hint. |
1101 | + [6e3f7622038a] |
1102 | + |
1103 | + * plugins/sudoers/visudo.c: |
1104 | + visudo: restore controlling terminal after running the editor. |
1105 | + Otherwise, visudo will get SIGTTOU if it tries to write to the |
1106 | + terminal after the editor finishes. Also avoid races by setting the |
1107 | + process group ID in both the parent and child, and grant the |
1108 | + controlling terminal in the parent, not the child. |
1109 | + [c0f339a84be8] |
1110 | + |
1111 | +2023-03-20 Todd C. Miller <Todd.Miller@sudo.ws> |
1112 | + |
1113 | + * docs/visudo.man.in, docs/visudo.mdoc.in, plugins/sudoers/gram.c, |
1114 | + plugins/sudoers/gram.y, plugins/sudoers/sudoers.h, |
1115 | + plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
1116 | + plugins/sudoers/toke.l: |
1117 | + Warn about ignored files in sudoers.d in visudo. |
1118 | + [61f8def2d666] |
1119 | + |
1120 | + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c, |
1121 | + plugins/sudoers/gram.y, plugins/sudoers/parse.h, |
1122 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
1123 | + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
1124 | + plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
1125 | + plugins/sudoers/toke.l, plugins/sudoers/visudo.c: |
1126 | + Replace sudoers_warnings with sudoers_verbose. This is now an int, |
1127 | + with values > 1 reserved for visudo. |
1128 | + [d1d7b559b904] |
1129 | + |
1130 | + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
1131 | + plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
1132 | + plugins/sudoers/toke.l: |
1133 | + Split push_include() into push_include() and push_includedir(). This |
1134 | + moves the "isdir" function argument to the internal version. |
1135 | + [d454beb6eebf] |
1136 | + |
1137 | +2023-03-17 Todd C. Miller <Todd.Miller@sudo.ws> |
1138 | + |
1139 | + * plugins/sudoers/file.c, plugins/sudoers/ldap.c, |
1140 | + plugins/sudoers/regress/fuzz/fuzz_policy.c, |
1141 | + plugins/sudoers/regress/fuzz/fuzz_stubs.c, |
1142 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c, |
1143 | + plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h: |
1144 | + Pass around const struct sudo_nss pointers where possible. |
1145 | + [d13437078d19] |
1146 | + |
1147 | + * plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c, |
1148 | + plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c, |
1149 | + plugins/sudoers/cvtsudoers_json.c, |
1150 | + plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c, |
1151 | + plugins/sudoers/defaults.h, plugins/sudoers/fmtsudoers.c, |
1152 | + plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/match.c, |
1153 | + plugins/sudoers/parse.h: |
1154 | + Pass around const struct sudoers_parse_tree pointers where possible. |
1155 | + [1aa8b9069b39] |
1156 | + |
1157 | + * plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h: |
1158 | + Move non-config-related macros to from sudo_ldap_conf.h to |
1159 | + sudo_ldap.h. |
1160 | + [16e67a765a30] |
1161 | + |
1162 | +2023-03-16 Todd C. Miller <Todd.Miller@sudo.ws> |
1163 | + |
1164 | + * MANIFEST, config.h.in, configure, configure.ac, |
1165 | + include/sudo_compat.h, lib/util/Makefile.in, lib/util/getcwd.c, |
1166 | + scripts/mkdep.pl: |
1167 | + Remove portable getcwd.c, nothing uses it anymore. Any operating |
1168 | + system supported by sudo already includes getcwd(3). |
1169 | + [8f0584066f6f] |
1170 | + |
1171 | + * src/Makefile.in: |
1172 | + Use LIBPROTOBUF_C and LIBUTIL variables and use them. |
1173 | + [062142fa5ae8] |
1174 | + |
1175 | +2023-03-15 Todd C. Miller <Todd.Miller@sudo.ws> |
1176 | + |
1177 | + * include/sudo_util.h: |
1178 | + Remove now-unused sudo_timeval* macros. |
1179 | + [3448dce21b9c] |
1180 | + |
1181 | + * lib/util/nanosleep.c: |
1182 | + nanosleep: clear remainder on successful completion Also switch to |
1183 | + doing everything in terms of struct timespec except for the actual |
1184 | + select(2) call. |
1185 | + [d67451eb618e] |
1186 | + |
1187 | + * lib/eventlog/Makefile.in, lib/iolog/Makefile.in: |
1188 | + Add lib dependencies for fuzzer and test targets. |
1189 | + [60605bcc3905] |
1190 | + |
1191 | + * lib/eventlog/eventlog_free.c: |
1192 | + eventlog_free: free peeraddr |
1193 | + [42670e45e57f] |
1194 | + |
1195 | + * plugins/sudoers/ldap_innetgr.c: |
1196 | + sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. We |
1197 | + already check for a NULL value above so "str == NULL" is always |
1198 | + false. Found by PVS-Studio. |
1199 | + [c9cfdd013e92] |
1200 | + |
1201 | +2023-03-14 Todd C. Miller <Todd.Miller@sudo.ws> |
1202 | + |
1203 | + * lib/iolog/Makefile.in: |
1204 | + Fix static compilation. |
1205 | + [5a18337c03d3] |
1206 | + |
1207 | + * MANIFEST: |
1208 | + Replace eventlog_json.h with parse_json.h. |
1209 | + [cc68fe24ee0d] |
1210 | + |
1211 | + * lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c: |
1212 | + Add support for parsing all fields of struct eventlog. |
1213 | + [3828e55bdaff] |
1214 | + |
1215 | +2023-03-13 Todd C. Miller <Todd.Miller@sudo.ws> |
1216 | + |
1217 | + * MANIFEST, lib/eventlog/Makefile.in, |
1218 | + lib/eventlog/regress/eventlog_store/store_json_test.c, |
1219 | + lib/eventlog/regress/eventlog_store/store_sudo_test.c, |
1220 | + lib/eventlog/regress/eventlog_store/test1.json.in, |
1221 | + lib/eventlog/regress/eventlog_store/test1.json.out.ok, |
1222 | + lib/eventlog/regress/eventlog_store/test1.sudo.out.ok, |
1223 | + lib/eventlog/regress/eventlog_store/test2.json.in, |
1224 | + lib/eventlog/regress/eventlog_store/test2.json.out.ok, |
1225 | + lib/eventlog/regress/eventlog_store/test2.sudo.out.ok, |
1226 | + lib/eventlog/regress/eventlog_store/test3.json.in, |
1227 | + lib/eventlog/regress/eventlog_store/test3.json.out.ok, |
1228 | + lib/eventlog/regress/eventlog_store/test3.sudo.out.ok, |
1229 | + lib/eventlog/regress/eventlog_store/test4.json.in, |
1230 | + lib/eventlog/regress/eventlog_store/test4.json.out.ok, |
1231 | + lib/eventlog/regress/eventlog_store/test4.sudo.out.ok, |
1232 | + lib/eventlog/regress/parse_json/check_parse_json.c: |
1233 | + Add tests for JSON and sudo-style log output. |
1234 | + [3a923f86fff2] |
1235 | + |
1236 | + * plugins/sudoers/match.c: |
1237 | + Declare domain even if the system lacks innetgr(). Fixes a build |
1238 | + error on musl-based systems like Alpine. |
1239 | + [34cfa5ad4cdc] |
1240 | + |
1241 | + * lib/eventlog/Makefile.in: |
1242 | + Add missing definition of $(SED). |
1243 | + [9a614b90c852] |
1244 | + |
1245 | + * MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in, |
1246 | + lib/eventlog/parse_json.c, lib/eventlog/parse_json.h, |
1247 | + lib/eventlog/regress/parse_json/check_parse_json.c, |
1248 | + lib/eventlog/regress/parse_json/test1.in, |
1249 | + lib/eventlog/regress/parse_json/test2.in, |
1250 | + lib/eventlog/regress/parse_json/test2.out.ok, |
1251 | + lib/eventlog/regress/parse_json/test3.in, |
1252 | + lib/eventlog/regress/parse_json/test3.out.ok, lib/iolog/Makefile.in, |
1253 | + lib/iolog/iolog_json.c, lib/iolog/iolog_json.h, |
1254 | + lib/iolog/regress/fuzz/fuzz_iolog_json.c, |
1255 | + lib/iolog/regress/iolog_json/check_iolog_json.c, |
1256 | + lib/iolog/regress/iolog_json/test1.in, |
1257 | + lib/iolog/regress/iolog_json/test2.in, |
1258 | + lib/iolog/regress/iolog_json/test2.out.ok, |
1259 | + lib/iolog/regress/iolog_json/test3.in, |
1260 | + lib/iolog/regress/iolog_json/test3.out.ok: |
1261 | + Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la |
1262 | + It will be used in the upcoming log output tests. |
1263 | + [1a8dd741b666] |
1264 | + |
1265 | + * lib/eventlog/eventlog.c: |
1266 | + Add missing " ; " separator between environment variables and |
1267 | + command. This is a regression introduced in sudo 1.9.13. GitHub |
1268 | + issue #254. |
1269 | + [a3c09b724b7a] |
1270 | + |
1271 | +2023-03-12 Todd C. Miller <Todd.Miller@sudo.ws> |
1272 | + |
1273 | + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: |
1274 | + Add example to verify support for searching by nisNetgroupTriple. |
1275 | + [090ffa785e56] |
1276 | + |
1277 | +2023-03-11 Todd C. Miller <Todd.Miller@sudo.ws> |
1278 | + |
1279 | + * plugins/sudoers/gc.c: |
1280 | + Remove unused sudoers_gc_init() function. |
1281 | + [b2ee61f8f11d] |
1282 | + |
1283 | +2023-03-10 Todd C. Miller <Todd.Miller@sudo.ws> |
1284 | + |
1285 | + * docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in: |
1286 | + Sudo now does its own netgroup lookups if NETGROUP_BASE is set. |
1287 | + Previously, it only performed netgroup queries to determine the list |
1288 | + of netgroups a user was a member of. |
1289 | + [932613f6868a] |
1290 | + |
1291 | + * plugins/sudoers/regress/fuzz/fuzz_policy.c, |
1292 | + plugins/sudoers/sudoers.c: |
1293 | + sudoers_cleanup: free cached environment before running g/c. Avoids |
1294 | + a double free in fuzz_policy. |
1295 | + [e616d4a038b6] |
1296 | + |
1297 | + * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: |
1298 | + sudoers_cleanup: run the garbage collector at the end |
1299 | + [cbc28a012f8b] |
1300 | + |
1301 | + * plugins/sudoers/sudoers.c: |
1302 | + Plugin a memory leak in intercept mode. |
1303 | + [f63fb51ff972] |
1304 | + |
1305 | + * src/exec_intercept.c: |
1306 | + Sync non-intercept version of intercept_cleanup() declaration. |
1307 | + [712ff6c2f6bd] |
1308 | + |
1309 | + * plugins/sudoers/ldap_innetgr.c: |
1310 | + Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY. |
1311 | + [0be36e3e9473] |
1312 | + |
1313 | + * src/exec.c, src/exec_intercept.c, src/sudo_exec.h: |
1314 | + Plug a memory leak with ptrace-based intercept. |
1315 | + [3b411be9fe37] |
1316 | + |
1317 | + * src/exec_intercept.c: |
1318 | + Plug memory leak when log_subcmds is enabled. |
1319 | + [1d5b21665ced] |
1320 | + |
1321 | + * lib/util/suspend_parent.c: |
1322 | + Pass closure to callback, not the callback pointer itself. |
1323 | + [a4e433840f16] |
1324 | + |
1325 | + * MANIFEST, configure, m4/ldap.m4, plugins/sudoers/Makefile.in, |
1326 | + plugins/sudoers/ldap.c, plugins/sudoers/ldap_innetgr.c, |
1327 | + plugins/sudoers/sudo_ldap.h, scripts/mkdep.pl: |
1328 | + Add LDAP-specific innetgr() implementation. Wheh netgroup_base is |
1329 | + set we now do out own netgroup lookups using LDAP. Previously, LDAP |
1330 | + was queried directly to get a list of the netgroups the user belongs |
1331 | + to but other netgroups queries went through innetgr(3). This makes |
1332 | + it possible to use netgroups in LDAP sudoers on systems that don't |
1333 | + have an innetgr() function. GitHub issue #251. |
1334 | + [aa7304a533e0] |
1335 | + |
1336 | + * plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c, |
1337 | + plugins/sudoers/ldap_util.c, plugins/sudoers/sudo_ldap.h: |
1338 | + Move some functions from ldap.c to ldap_util.c. These will be used |
1339 | + by the LDAP innetgr() implementation. |
1340 | + [70fd74041c5d] |
1341 | + |
1342 | +2023-03-08 Todd C. Miller <Todd.Miller@sudo.ws> |
1343 | + |
1344 | + * lib/zlib/Makefile.in: |
1345 | + fix typo in uninstall target |
1346 | + [e3c1b8427d01] |
1347 | + |
1348 | + * Merge pull request #252 from bin-ly/main |
1349 | + |
1350 | + fix typo in uninstall target |
1351 | + [4a1d3542345c] |
1352 | + |
1353 | +2023-03-09 bin-ly <binlingyu@uniontech.com> |
1354 | + |
1355 | + * lib/util/Makefile.in: |
1356 | + fix command error for lib/util/Makefile.in |
1357 | + [7dd4e9e6d976] |
1358 | + |
1359 | +2023-03-08 Todd C. Miller <Todd.Miller@sudo.ws> |
1360 | + |
1361 | + * plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c, |
1362 | + plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
1363 | + plugins/sudoers/ldap.c, plugins/sudoers/match.c, |
1364 | + plugins/sudoers/parse.h, |
1365 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
1366 | + plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c, |
1367 | + plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h: |
1368 | + Add per-source innetgr function pointer and use it in |
1369 | + netgr_matches(). This will be used to implement LDAP-specific |
1370 | + netgroup lookups when netgroup_base is set in ldap.conf. |
1371 | + [f7c89d6e8d6b] |
1372 | + |
1373 | +2023-03-07 Todd C. Miller <Todd.Miller@sudo.ws> |
1374 | + |
1375 | + * MANIFEST, lib/util/Makefile.in, |
1376 | + lib/util/regress/digest/digest_test.c: |
1377 | + Add tests for SHA2 digest support. This uses the NIST byte-oriented |
1378 | + short message test vectors. |
1379 | + [06e01abf7943] |
1380 | + |
1381 | 2023-03-04 Todd C. Miller <Todd.Miller@sudo.ws> |
1382 | |
1383 | * .hgtags: |
1384 | Added tag SUDO_1_9_13p3 for changeset 0bdd0b8469e3 |
1385 | - [fc4e872d6d89] [tip] <1.9> |
1386 | + [fc4e872d6d89] <1.9> |
1387 | |
1388 | * NEWS, configure, configure.ac: |
1389 | Sudo 1.9.13p3 |
1390 | [0bdd0b8469e3] [SUDO_1_9_13p3] <1.9> |
1391 | |
1392 | + * NEWS, configure, configure.ac: |
1393 | + Sudo 1.9.13p3 |
1394 | + [0c4b7112dde9] |
1395 | + |
1396 | 2023-03-03 Todd C. Miller <Todd.Miller@sudo.ws> |
1397 | |
1398 | * plugins/sudoers/match.c, plugins/sudoers/parse.c, |
1399 | @@ -16,6 +1395,12 @@ |
1400 | with "sudo ALL" for root _is_ allowed to list any user. |
1401 | [a3f7301ba4d3] <1.9> |
1402 | |
1403 | + * plugins/sudoers/match.c, plugins/sudoers/parse.c, |
1404 | + plugins/sudoers/parse.h: |
1405 | + A user with "list" privs for root may not list all users. A user |
1406 | + with "sudo ALL" for root _is_ allowed to list any user. |
1407 | + [fe758ae9d0bb] |
1408 | + |
1409 | * plugins/sudoers/policy.c: |
1410 | sudoers_policy_list: do not set runas_pw to list_pw when listing |
1411 | This change introduced in sudo 1.9.13 is not actually needed. The |
1412 | @@ -23,6 +1408,13 @@ |
1413 | which does not use runas_pw. GitHub issue #248 |
1414 | [84effa5ffaa1] <1.9> |
1415 | |
1416 | + * plugins/sudoers/policy.c: |
1417 | + sudoers_policy_list: do not set runas_pw to list_pw when listing |
1418 | + This change introduced in sudo 1.9.13 is not actually needed. The |
1419 | + "list" pseudo-command checks are performed via runas_matches_pw() |
1420 | + which does not use runas_pw. GitHub issue #248 |
1421 | + [94c1f6d9bc6d] |
1422 | + |
1423 | * plugins/sudoers/logging.c, plugins/sudoers/parse.c, |
1424 | plugins/sudoers/sudoers.c: |
1425 | Fix "sudo -l command args", broken in sudo 1.9.13. The value of |
1426 | @@ -31,8 +1423,24 @@ |
1427 | restores the pre-1.9.13 behavior. GitHub issue #249 |
1428 | [3e1225e7bf33] <1.9> |
1429 | |
1430 | + * plugins/sudoers/logging.c, plugins/sudoers/parse.c, |
1431 | + plugins/sudoers/sudoers.c: |
1432 | + Fix "sudo -l command args", broken in sudo 1.9.13. The value of |
1433 | + user_args should not contain the command to be run in "sudo -l |
1434 | + command args", only the arguments of the command being checked. This |
1435 | + restores the pre-1.9.13 behavior. GitHub issue #249 |
1436 | + [2773b6d91cf1] |
1437 | + |
1438 | 2023-03-01 Todd C. Miller <Todd.Miller@sudo.ws> |
1439 | |
1440 | + * logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c, |
1441 | + logsrvd/sendlog.c, plugins/sudoers/log_client.c: |
1442 | + Check for sudo_pow2_roundup() overflow. Calling |
1443 | + sudo_pow2_roundup(INT_MAX+2) will return since there is no power of |
1444 | + 2 larger than INT_MAX+1 that fits in an unsigned int. This is not an |
1445 | + issue in practice since we restrict messages to 2Mib. |
1446 | + [d76de48704d0] |
1447 | + |
1448 | * src/exec_nopty.c, src/exec_pty.c: |
1449 | write_callback: only enable /dev/tty reader if the command is |
1450 | running This fixes a hang when there is /dev/tty data in a buffer to |
1451 | @@ -42,6 +1450,15 @@ |
1452 | reproduce it. |
1453 | [b7ea5b5e6a88] <1.9> |
1454 | |
1455 | + * src/exec_nopty.c, src/exec_pty.c: |
1456 | + write_callback: only enable /dev/tty reader if the command is |
1457 | + running This fixes a hang when there is /dev/tty data in a buffer to |
1458 | + be flushed by the final call to del_io_events(). We do not want to |
1459 | + re-enable the reader when flushing the buffers as part of |
1460 | + pty_finish(). See PR #247 for analysis of the problem and how to |
1461 | + reproduce it. |
1462 | + [2cf041ccbd98] |
1463 | + |
1464 | 2023-02-28 Todd C. Miller <Todd.Miller@sudo.ws> |
1465 | |
1466 | * plugins/sudoers/regress/testsudoers/test12.out.ok, |
1467 | @@ -49,10 +1466,19 @@ |
1468 | Test non-fully qualified path name. |
1469 | [0a9e6e83fe15] <1.9> |
1470 | |
1471 | + * plugins/sudoers/regress/testsudoers/test12.out.ok, |
1472 | + plugins/sudoers/regress/testsudoers/test12.sh: |
1473 | + Test non-fully qualified path name. |
1474 | + [b653458b1758] |
1475 | + |
1476 | * plugins/sudoers/Makefile.in: |
1477 | Fix removal of y.tab.[ch] when generating gram.[ch]. |
1478 | [f69c86ecae66] <1.9> |
1479 | |
1480 | + * plugins/sudoers/Makefile.in: |
1481 | + Fix removal of y.tab.[ch] when generating gram.[ch]. |
1482 | + [9c5f5be26ad0] |
1483 | + |
1484 | * MANIFEST, plugins/sudoers/regress/sudoers/test30.in, |
1485 | plugins/sudoers/regress/sudoers/test30.json.ok, |
1486 | plugins/sudoers/regress/sudoers/test30.ldif.ok, |
1487 | @@ -63,6 +1489,16 @@ |
1488 | Add test for using "list" as user, runas and host. |
1489 | [ae2c84c73371] <1.9> |
1490 | |
1491 | + * MANIFEST, plugins/sudoers/regress/sudoers/test30.in, |
1492 | + plugins/sudoers/regress/sudoers/test30.json.ok, |
1493 | + plugins/sudoers/regress/sudoers/test30.ldif.ok, |
1494 | + plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok, |
1495 | + plugins/sudoers/regress/sudoers/test30.out.ok, |
1496 | + plugins/sudoers/regress/sudoers/test30.sudo.ok, |
1497 | + plugins/sudoers/regress/sudoers/test30.toke.ok: |
1498 | + Add test for using "list" as user, runas and host. |
1499 | + [712c96af942d] |
1500 | + |
1501 | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
1502 | plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
1503 | Move handling of the "list" pseudo-command from lexer to parser. The |
1504 | @@ -71,12 +1507,29 @@ |
1505 | #246. |
1506 | [efb3a4dea1da] <1.9> |
1507 | |
1508 | + * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
1509 | + plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
1510 | + Move handling of the "list" pseudo-command from lexer to parser. The |
1511 | + special handling of "list" in the lexer meant it could not be used |
1512 | + as a user, group or host, which was unintentional. GitHub issue |
1513 | + #246. |
1514 | + [d36f1d686343] |
1515 | + |
1516 | 2023-02-27 Todd C. Miller <Todd.Miller@sudo.ws> |
1517 | |
1518 | * include/sudo_compat.h: |
1519 | Make the check for HAVE_DECL_NSIG consistent with other decl checks. |
1520 | [616c42c4adce] <1.9> |
1521 | |
1522 | + * include/sudo_compat.h: |
1523 | + Make the check for HAVE_DECL_NSIG consistent with other decl checks. |
1524 | + [4e6e627062af] |
1525 | + |
1526 | + * plugins/sudoers/match_command.c: |
1527 | + Plug memory leak with multiple matching CHROOT= entries. Found by |
1528 | + oss-fuzz. |
1529 | + [a4982b468985] |
1530 | + |
1531 | 2023-02-25 Todd C. Miller <Todd.Miller@sudo.ws> |
1532 | |
1533 | * .hgtags: |
1534 | @@ -87,24 +1540,117 @@ |
1535 | Sudo 1.9.13p2. |
1536 | [2db7cee1cb77] [SUDO_1_9_13p2] <1.9> |
1537 | |
1538 | + * NEWS, configure, configure.ac: |
1539 | + Sudo 1.9.13p2. |
1540 | + [251788b2308b] |
1541 | + |
1542 | 2023-02-23 Todd C. Miller <Todd.Miller@sudo.ws> |
1543 | |
1544 | + * plugins/sudoers/logging.c: |
1545 | + Include error string when formatting a SLOG_PARSE_ERROR message if |
1546 | + present. |
1547 | + [b4254bf84300] |
1548 | + |
1549 | * lib/util/lbuf.c: |
1550 | Add missing include of errno.h. |
1551 | [65ddd70d0c18] <1.9> |
1552 | |
1553 | * lib/util/lbuf.c: |
1554 | + Add missing include of errno.h. |
1555 | + [669e4a4ab3ad] |
1556 | + |
1557 | + * lib/util/lbuf.c: |
1558 | sudo_lbuf_expand: check for overflow when rounding to the nearest |
1559 | power of 2. Problem deteced by oss-fuzz using the fuzz_sudoers |
1560 | fuzzer. |
1561 | [9357396fdaa0] <1.9> |
1562 | |
1563 | + * lib/util/lbuf.c: |
1564 | + sudo_lbuf_expand: check for overflow when rounding to the nearest |
1565 | + power of 2. Problem deteced by oss-fuzz using the fuzz_sudoers |
1566 | + fuzzer. |
1567 | + [7d433e75c858] |
1568 | + |
1569 | * src/load_plugins.c: |
1570 | Fix --enable-static-sudoers, broken in sudo 1.9.13. |
1571 | sudo_qualify_plugin() should not try to fully-qualify the path to a |
1572 | statically-compiled plugin. GitHub issue #245 |
1573 | [eca5f1f6555e] <1.9> |
1574 | |
1575 | + * src/load_plugins.c: |
1576 | + Fix --enable-static-sudoers, broken in sudo 1.9.13. |
1577 | + sudo_qualify_plugin() should not try to fully-qualify the path to a |
1578 | + statically-compiled plugin. GitHub issue #245 |
1579 | + [f323e3f0a5c0] |
1580 | + |
1581 | +2023-02-22 Todd C. Miller <Todd.Miller@sudo.ws> |
1582 | + |
1583 | + * plugins/sudoers/logging.c, plugins/sudoers/logging.h, |
1584 | + plugins/sudoers/sudoers.c: |
1585 | + Add sudoers open errors to the list of parse errors sent via mail. |
1586 | + Previously there would be one email for the open failure and a |
1587 | + separate one describing the parse error. Now a single email message |
1588 | + contains everything. |
1589 | + [b81299ccdad8] |
1590 | + |
1591 | + * plugins/sudoers/visudo.c: |
1592 | + visudo: quiet a compiler warning on Solaris 10. Also explicitly |
1593 | + close /dev/tty fd instead of relying on closefrom() in case the fd |
1594 | + ends up being a value 0-2. |
1595 | + [d839cc458245] |
1596 | + |
1597 | + * Merge pull request #244 from ffontaine/main |
1598 | + |
1599 | + configure.ac: fix openssl static build |
1600 | + [af40f67e9771] |
1601 | + |
1602 | + * configure, configure.ac, lib/util/Makefile.in: |
1603 | + Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary. We |
1604 | + can only have one of either -lmd, -lgcrypt or -lcrypto so there is |
1605 | + no need to have more than one variable. |
1606 | + [da65125af8c6] |
1607 | + |
1608 | +2023-02-22 Fabrice Fontaine <fontaine.fabrice@gmail.com> |
1609 | + |
1610 | + * m4/openssl.m4: |
1611 | + configure.ac: fix openssl static build |
1612 | + |
1613 | + Do not use AX_APPEND_FLAG as it will break static builds by removing |
1614 | + duplicates such as -lz or -latomic which are needed by -lssl and |
1615 | + -lcrypto. This will fix the following build failure with sparc which |
1616 | + needs -latomic: |
1617 | + |
1618 | + Checking for X509_STORE_CTX_get0_cert configure:21215: |
1619 | + /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot- |
1620 | + linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE |
1621 | + -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static |
1622 | + -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 |
1623 | + -DZLIB_CONST -static conftest.c |
1624 | + -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc- |
1625 | + buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic |
1626 | + -lcrypto >&5 |
1627 | + /home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc- |
1628 | + buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux- |
1629 | + uclibc/bin/ld: |
1630 | + /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc- |
1631 | + buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in |
1632 | + function `X509_CRL_up_ref': x509cset.c:(.text+0x108): undefined |
1633 | + reference to `__atomic_fetch_add_4' |
1634 | + |
1635 | + [...] |
1636 | + |
1637 | + In file included from ./hostcheck.c:38: |
1638 | + ../../include/sudo_compat.h:342:41: error: conflicting types for |
1639 | + 'ASN1_STRING_data' 342 | # define ASN1_STRING_get0_data(x) |
1640 | + ASN1_STRING_data(x) | ^~~~~~~~~~~~~~~~ |
1641 | + |
1642 | + Fixes: |
1643 | + - http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e3 |
1644 | + 6e62a28373b |
1645 | + |
1646 | + Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> |
1647 | + [487cfc17c742] |
1648 | + |
1649 | 2023-02-21 Todd C. Miller <Todd.Miller@sudo.ws> |
1650 | |
1651 | * MANIFEST, plugins/sudoers/match_command.c, |
1652 | @@ -117,6 +1663,116 @@ |
1653 | the user_cmnd variable could be freed twice. |
1654 | [2c1477233f48] <1.9> |
1655 | |
1656 | + * MANIFEST, plugins/sudoers/match_command.c, |
1657 | + plugins/sudoers/regress/fuzz/fuzz_sudoers.c, |
1658 | + plugins/sudoers/regress/testsudoers/test20.out.ok, |
1659 | + plugins/sudoers/regress/testsudoers/test20.sh, |
1660 | + plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
1661 | + Fix potential double free for rules that include a CHROOT= option. |
1662 | + If a rule with a CHROOT= option matches the user, host and runas, |
1663 | + the user_cmnd variable could be freed twice. |
1664 | + [a988ae0045a2] |
1665 | + |
1666 | + * plugins/sudoers/visudo.c: |
1667 | + Check tcsetpgrp() return value. |
1668 | + [5d9bdb2fea15] |
1669 | + |
1670 | + * MANIFEST, include/sudo_util.h, lib/util/Makefile.in, |
1671 | + lib/util/suspend_parent.c, lib/util/util.exp.in, |
1672 | + plugins/sudoers/visudo.c, src/Makefile.in, src/exec_iolog.c, |
1673 | + src/exec_nopty.c, src/regress/intercept/test_ptrace.c, src/sudo.h, |
1674 | + src/sudo_exec.h, src/suspend_nopty.c, src/tcsetpgrp_nobg.c: |
1675 | + Run the editor in its own process group. This fixes suspending the |
1676 | + editor on GNU Hurd which doesn't seem to have proper process group |
1677 | + signal handling. |
1678 | + [210e058101af] |
1679 | + |
1680 | + * plugins/sudoers/Makefile.in, |
1681 | + plugins/sudoers/regress/fuzz/fuzz_stubs.c, plugins/sudoers/stubs.c, |
1682 | + plugins/sudoers/testsudoers.c: |
1683 | + Stub out pivot_root() and unpivot_root() for all but the sudoers |
1684 | + module. |
1685 | + [967f706e6bff] |
1686 | + |
1687 | + * plugins/sudoers/match_command.c: |
1688 | + Fix build when SUDOERS_NAME_MATCH is defined. |
1689 | + [79e4613fbd85] |
1690 | + |
1691 | + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pivot.c, |
1692 | + plugins/sudoers/sudoers.h: |
1693 | + Add pivot_root() and unpivot_root() to switch the root dir and |
1694 | + restore it. This will be used to more accurately handling command |
1695 | + resolution and path matching when a new root directory is specified. |
1696 | + [77300a0e1537] |
1697 | + |
1698 | + * plugins/sudoers/editor.c, plugins/sudoers/find_path.c, |
1699 | + plugins/sudoers/goodpath.c, |
1700 | + plugins/sudoers/regress/editor/check_editor.c, |
1701 | + plugins/sudoers/regress/fuzz/fuzz_policy.c, |
1702 | + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
1703 | + set_cmnd_path: apply runchroot if set when finding the command path |
1704 | + Previously we would prepend runchroot to the path we were checking |
1705 | + but that does not properly handle symbolic links. |
1706 | + [3fb7ca4631c0] |
1707 | + |
1708 | + * plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c, |
1709 | + plugins/sudoers/parse.h: |
1710 | + match_command: apply runchroot if set when matching the command |
1711 | + Previously we would prepend runchroot to the path we were checking |
1712 | + but that does not properly handle symbolic links. |
1713 | + [41dc8f445f78] |
1714 | + |
1715 | + * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/canon_path.c, |
1716 | + plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
1717 | + Add canon_path(), a realpath() wrapper that performs caching. This |
1718 | + also adds a new user_cmnd_dir variable that stores the canonicalized |
1719 | + parent directory of the command to be run. |
1720 | + [6065f5e76387] |
1721 | + |
1722 | + * plugins/sudoers/match_command.c: |
1723 | + Match using canonicalized directories where possible. |
1724 | + [020d4ad53d07] |
1725 | + |
1726 | + * src/exec_ptrace.c: |
1727 | + ptrace_intercept_execve: preserve old argv[0] after policy check. We |
1728 | + have to replace argv[0] with the pathname for the policy check but |
1729 | + want to restore it afterwards if the policy has not changed the |
1730 | + command's path name to avoid a mismatch later on. |
1731 | + [5dcd96a5c369] |
1732 | + |
1733 | + * configure, configure.ac: |
1734 | + Move initial values into AC_SUBST() where possible. |
1735 | + [3db7feb16577] |
1736 | + |
1737 | + * configure, configure.ac: |
1738 | + No need to AC_SUBST() standard autoconf variables. |
1739 | + [48ce145c9e40] |
1740 | + |
1741 | +2023-02-19 Todd C. Miller <Todd.Miller@sudo.ws> |
1742 | + |
1743 | + * INSTALL.md: |
1744 | + Document --disable-largefile and --disable-year2038. |
1745 | + [424d17d1b83d] |
1746 | + |
1747 | + * configure, configure.ac: |
1748 | + Fix indentation of intercept file in summary output. |
1749 | + [3cf0104bd2e5] |
1750 | + |
1751 | + * plugins/sudoers/regress/starttime/check_starttime.c, |
1752 | + plugins/sudoers/starttime.c: |
1753 | + get_starttime: add support for GNU Hurd using the mach task_info |
1754 | + call. This is currently Hurd-specific but could be made Mach-generic |
1755 | + as long as the equivalent of pid2task() is available. |
1756 | + [a81de7fb1f83] |
1757 | + |
1758 | +2023-02-18 Todd C. Miller <Todd.Miller@sudo.ws> |
1759 | + |
1760 | + * plugins/sudoers/regress/starttime/check_starttime.c: |
1761 | + Only test get_starttime() on platforms where we support it. Fixes a |
1762 | + test failure on systems where we have no way to determine a |
1763 | + process's start time. |
1764 | + [bf8dbe59b2c6] |
1765 | + |
1766 | 2023-02-16 Todd C. Miller <Todd.Miller@sudo.ws> |
1767 | |
1768 | * .hgtags: |
1769 | @@ -238,6 +1894,15 @@ |
1770 | Regenerate .mo files. |
1771 | [a7a708d8bf34] |
1772 | |
1773 | +2023-02-12 Todd C. Miller <Todd.Miller@sudo.ws> |
1774 | + |
1775 | + * MANIFEST, config.h.in, configure, configure.ac, |
1776 | + include/sudo_compat.h, lib/util/Makefile.in, lib/util/realpath.c, |
1777 | + scripts/mkdep.pl: |
1778 | + Add checks for realpath(3) and a version from NetBSD for those |
1779 | + without it. |
1780 | + [121fb2ed88de] |
1781 | + |
1782 | 2023-02-09 Todd C. Miller <Todd.Miller@sudo.ws> |
1783 | |
1784 | * plugins/sudoers/regress/fuzz/fuzz_sudoers.c: |
1785 | @@ -267,6 +1932,14 @@ |
1786 | we only ever pass in a const string. |
1787 | [700e72ca42c0] |
1788 | |
1789 | +2023-02-08 Todd C. Miller <Todd.Miller@sudo.ws> |
1790 | + |
1791 | + * configure, configure.ac, m4/sudo.m4, pathnames.h.in, |
1792 | + plugins/sudoers/visudo.c: |
1793 | + Substitute for _PATH_SUDO* variables in pathnames.h. Previously |
1794 | + these were hard-coded with Makefile overrides. |
1795 | + [53c8be4b6af3] |
1796 | + |
1797 | 2023-02-05 Todd C. Miller <Todd.Miller@sudo.ws> |
1798 | |
1799 | * configure, configure.ac: |
1800 | diff --git a/INSTALL.md b/INSTALL.md |
1801 | index 34f60f6..1bb3ce3 100644 |
1802 | --- a/INSTALL.md |
1803 | +++ b/INSTALL.md |
1804 | @@ -10,16 +10,16 @@ about the `configure` script itself. |
1805 | |
1806 | ## System requirements |
1807 | |
1808 | -To build sudo from the source distribution you need a POSIX-compliant |
1809 | -operating system (any modern version of BSD, Linux, or Unix should work), |
1810 | -an ANSI/ISO C compiler that supports the "long long" type, variadic |
1811 | -macros (a C99 feature) as well as the ar, make, and ranlib utilities. |
1812 | +To build sudo from the source distribution you will need a |
1813 | +POSIX-compliant operating system (any modern version of BSD, Linux, |
1814 | +or Unix should work), a C compiler that conforms to ISO C99 or |
1815 | +higher, and the ar, make, and ranlib utilities. |
1816 | |
1817 | If you wish to modify the parser then you will need flex version |
1818 | -2.5.2 or later and either bison or byacc (sudo comes with a |
1819 | -pre-generated parser). You'll also have to run configure with the |
1820 | ---with-devel option or pass DEVEL=1 to make. You can get flex from |
1821 | -https://github.com/westes/flex/. You can get GNU bison from |
1822 | +2.5.2 or later and either bison or byacc (sudo comes with a parser |
1823 | +generated with GNU bison). You'll also have to run configure with |
1824 | +the --with-devel option or pass DEVEL=1 to make. You can get flex |
1825 | +from https://github.com/westes/flex/. You can get GNU bison from |
1826 | https://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror. |
1827 | |
1828 | Some systems will also require that development library packages be |
1829 | @@ -110,7 +110,8 @@ Defaults are listed in brackets after the description. |
1830 | Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo] |
1831 | |
1832 | --sysconfdir=DIR |
1833 | - Look for `sudo.conf` and `sudoers` files in DIR. [/etc] |
1834 | + Look for configuration files such as `sudo.conf` and `sudoers` |
1835 | + in DIR. [/etc] |
1836 | |
1837 | --includedir=DIR |
1838 | Install sudo_plugin.h include file in DIR [PREFIX/include] |
1839 | @@ -226,9 +227,11 @@ Defaults are listed in brackets after the description. |
1840 | -fstack-clash-protection, -fcf-protection and linking with |
1841 | -zrelro, -znow, and -znoexecstack where supported. |
1842 | |
1843 | - --disable-ssp |
1844 | - Disable use of the -fstack-protector compiler option. |
1845 | - This does not affect the other hardening options. |
1846 | + --disable-largefile |
1847 | + Disable support for large (64-bit) files on 32-bit systems |
1848 | + where the maximum file size is normally 4GB. By default, |
1849 | + configure will enable support for 64-bit file sizes if |
1850 | + supported by the operating system. |
1851 | |
1852 | --disable-leaks |
1853 | Avoid leaking memory even when we are headed for exit, |
1854 | @@ -278,6 +281,10 @@ Defaults are listed in brackets after the description. |
1855 | instead. This option may only be used in conjunction with |
1856 | the --enable-static-sudoers option. |
1857 | |
1858 | + --disable-ssp |
1859 | + Disable use of the -fstack-protector compiler option. |
1860 | + This does not affect the other hardening options. |
1861 | + |
1862 | --enable-static-sudoers |
1863 | By default, the sudoers plugin is built and installed as a |
1864 | dynamic shared object. When the --enable-static-sudoers |
1865 | @@ -294,6 +301,11 @@ Defaults are listed in brackets after the description. |
1866 | use the /usr/lib/tmpfiles.d directory if the file |
1867 | /usr/lib/tmpfiles.d/systemd.conf exists. |
1868 | |
1869 | + --disable-year2038 |
1870 | + Disable support for dates after January 2038. By default, |
1871 | + configure will enable support for 64-bit time_t values if |
1872 | + supported by the operating system. |
1873 | + |
1874 | --enable-zlib[=location] |
1875 | Enable the use of the zlib compress library when storing |
1876 | I/O log files. If specified, location is the base directory |
1877 | @@ -347,6 +359,15 @@ Defaults are listed in brackets after the description. |
1878 | |
1879 | ### Optional features: |
1880 | |
1881 | + --enable-adminconf=[DIR] |
1882 | + Search for configuration files in adminconfdir (PREFIX/etc |
1883 | + by default) in preference to configuration files in sysconfdir |
1884 | + (/etc by default). This can be used on systems where |
1885 | + sysconfdir is located on a read-only filesystem. When this |
1886 | + option is enabled, the visudo utility will store edited |
1887 | + sudoers files in adminconfdir if the original was located |
1888 | + in sysconfdir. |
1889 | + |
1890 | --disable-root-mailer |
1891 | By default sudo will run the mailer as root when tattling |
1892 | on a user so as to prevent that user from killing the mailer. |
1893 | diff --git a/MANIFEST b/MANIFEST |
1894 | index 43a3dce..ac11597 100644 |
1895 | --- a/MANIFEST |
1896 | +++ b/MANIFEST |
1897 | @@ -116,9 +116,31 @@ lib/eventlog/eventlog.c |
1898 | lib/eventlog/eventlog_conf.c |
1899 | lib/eventlog/eventlog_free.c |
1900 | lib/eventlog/logwrap.c |
1901 | +lib/eventlog/parse_json.c |
1902 | +lib/eventlog/parse_json.h |
1903 | +lib/eventlog/regress/eventlog_store/store_json_test.c |
1904 | +lib/eventlog/regress/eventlog_store/store_sudo_test.c |
1905 | +lib/eventlog/regress/eventlog_store/test1.json.in |
1906 | +lib/eventlog/regress/eventlog_store/test1.json.out.ok |
1907 | +lib/eventlog/regress/eventlog_store/test1.sudo.out.ok |
1908 | +lib/eventlog/regress/eventlog_store/test2.json.in |
1909 | +lib/eventlog/regress/eventlog_store/test2.json.out.ok |
1910 | +lib/eventlog/regress/eventlog_store/test2.sudo.out.ok |
1911 | +lib/eventlog/regress/eventlog_store/test3.json.in |
1912 | +lib/eventlog/regress/eventlog_store/test3.json.out.ok |
1913 | +lib/eventlog/regress/eventlog_store/test3.sudo.out.ok |
1914 | +lib/eventlog/regress/eventlog_store/test4.json.in |
1915 | +lib/eventlog/regress/eventlog_store/test4.json.out.ok |
1916 | +lib/eventlog/regress/eventlog_store/test4.sudo.out.ok |
1917 | lib/eventlog/regress/logwrap/check_wrap.c |
1918 | lib/eventlog/regress/logwrap/check_wrap.in |
1919 | lib/eventlog/regress/logwrap/check_wrap.out.ok |
1920 | +lib/eventlog/regress/parse_json/check_parse_json.c |
1921 | +lib/eventlog/regress/parse_json/test1.in |
1922 | +lib/eventlog/regress/parse_json/test2.in |
1923 | +lib/eventlog/regress/parse_json/test2.out.ok |
1924 | +lib/eventlog/regress/parse_json/test3.in |
1925 | +lib/eventlog/regress/parse_json/test3.out.ok |
1926 | lib/fuzzstub/Makefile.in |
1927 | lib/fuzzstub/fuzzstub.c |
1928 | lib/iolog/Makefile.in |
1929 | @@ -132,7 +154,6 @@ lib/iolog/iolog_filter.c |
1930 | lib/iolog/iolog_flush.c |
1931 | lib/iolog/iolog_gets.c |
1932 | lib/iolog/iolog_json.c |
1933 | -lib/iolog/iolog_json.h |
1934 | lib/iolog/iolog_legacy.c |
1935 | lib/iolog/iolog_loginfo.c |
1936 | lib/iolog/iolog_mkdirs.c |
1937 | @@ -197,12 +218,6 @@ lib/iolog/regress/iolog_filter/test3/timing |
1938 | lib/iolog/regress/iolog_filter/test3/ttyin |
1939 | lib/iolog/regress/iolog_filter/test3/ttyin.filtered |
1940 | lib/iolog/regress/iolog_filter/test3/ttyout |
1941 | -lib/iolog/regress/iolog_json/check_iolog_json.c |
1942 | -lib/iolog/regress/iolog_json/test1.in |
1943 | -lib/iolog/regress/iolog_json/test2.in |
1944 | -lib/iolog/regress/iolog_json/test2.out.ok |
1945 | -lib/iolog/regress/iolog_json/test3.in |
1946 | -lib/iolog/regress/iolog_json/test3.out.ok |
1947 | lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c |
1948 | lib/iolog/regress/iolog_path/check_iolog_path.c |
1949 | lib/iolog/regress/iolog_path/data |
1950 | @@ -236,7 +251,6 @@ lib/util/fnmatch.c |
1951 | lib/util/freezero.c |
1952 | lib/util/fstatat.c |
1953 | lib/util/getaddrinfo.c |
1954 | -lib/util/getcwd.c |
1955 | lib/util/getdelim.c |
1956 | lib/util/getentropy.c |
1957 | lib/util/getgrouplist.c |
1958 | @@ -276,11 +290,13 @@ lib/util/pw_dup.c |
1959 | lib/util/pwrite.c |
1960 | lib/util/rcstr.c |
1961 | lib/util/reallocarray.c |
1962 | +lib/util/realpath.c |
1963 | lib/util/regex.c |
1964 | lib/util/regress/closefrom/closefrom_test.c |
1965 | lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1 |
1966 | lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2 |
1967 | lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3 |
1968 | +lib/util/regress/digest/digest_test.c |
1969 | lib/util/regress/fnmatch/fnm_test.c |
1970 | lib/util/regress/fnmatch/fnm_test.in |
1971 | lib/util/regress/fuzz/fuzz_sudo_conf.c |
1972 | @@ -598,6 +614,7 @@ plugins/sudoers/b64_encode.c |
1973 | plugins/sudoers/boottime.c |
1974 | plugins/sudoers/bsm_audit.c |
1975 | plugins/sudoers/bsm_audit.h |
1976 | +plugins/sudoers/canon_path.c |
1977 | plugins/sudoers/check.c |
1978 | plugins/sudoers/check.h |
1979 | plugins/sudoers/check_aliases.c |
1980 | @@ -645,6 +662,7 @@ plugins/sudoers/iolog.c |
1981 | plugins/sudoers/iolog_path_escapes.c |
1982 | plugins/sudoers/ldap.c |
1983 | plugins/sudoers/ldap_conf.c |
1984 | +plugins/sudoers/ldap_innetgr.c |
1985 | plugins/sudoers/ldap_util.c |
1986 | plugins/sudoers/linux_audit.c |
1987 | plugins/sudoers/linux_audit.h |
1988 | @@ -661,6 +679,7 @@ plugins/sudoers/mkdefaults |
1989 | plugins/sudoers/parse.c |
1990 | plugins/sudoers/parse.h |
1991 | plugins/sudoers/parse_ldif.c |
1992 | +plugins/sudoers/pivot.c |
1993 | plugins/sudoers/po/README |
1994 | plugins/sudoers/po/ast.mo |
1995 | plugins/sudoers/po/ast.po |
1996 | @@ -1034,6 +1053,7 @@ plugins/sudoers/regress/sudoers/test9.ldif.ok |
1997 | plugins/sudoers/regress/sudoers/test9.out.ok |
1998 | plugins/sudoers/regress/sudoers/test9.toke.ok |
1999 | plugins/sudoers/regress/testsudoers/group |
2000 | +plugins/sudoers/regress/testsudoers/passwd |
2001 | plugins/sudoers/regress/testsudoers/test1.out.ok |
2002 | plugins/sudoers/regress/testsudoers/test1.sh |
2003 | plugins/sudoers/regress/testsudoers/test10.out.ok |
2004 | @@ -1061,6 +1081,12 @@ plugins/sudoers/regress/testsudoers/test2.out.ok |
2005 | plugins/sudoers/regress/testsudoers/test2.sh |
2006 | plugins/sudoers/regress/testsudoers/test20.out.ok |
2007 | plugins/sudoers/regress/testsudoers/test20.sh |
2008 | +plugins/sudoers/regress/testsudoers/test21.out.ok |
2009 | +plugins/sudoers/regress/testsudoers/test21.sh |
2010 | +plugins/sudoers/regress/testsudoers/test22.out.ok |
2011 | +plugins/sudoers/regress/testsudoers/test22.sh |
2012 | +plugins/sudoers/regress/testsudoers/test23.out.ok |
2013 | +plugins/sudoers/regress/testsudoers/test23.sh |
2014 | plugins/sudoers/regress/testsudoers/test3.out.ok |
2015 | plugins/sudoers/regress/testsudoers/test3.sh |
2016 | plugins/sudoers/regress/testsudoers/test4.out.ok |
2017 | @@ -1275,8 +1301,7 @@ src/sudo_intercept_common.c |
2018 | src/sudo_noexec.c |
2019 | src/sudo_plugin_int.h |
2020 | src/sudo_usage.h.in |
2021 | -src/suspend_nopty.c |
2022 | -src/tcsetpgrp_nobg.c |
2023 | +src/suspend_parent.c |
2024 | src/tgetpass.c |
2025 | src/ttyname.c |
2026 | src/utmp.c |
2027 | diff --git a/Makefile.in b/Makefile.in |
2028 | index 0b70609..af5317e 100644 |
2029 | --- a/Makefile.in |
2030 | +++ b/Makefile.in |
2031 | @@ -1,7 +1,7 @@ |
2032 | # |
2033 | # SPDX-License-Identifier: ISC |
2034 | # |
2035 | -# Copyright (c) 2010-2015, 2017-2022 Todd C. Miller <Todd.Miller@sudo.ws> |
2036 | +# Copyright (c) 2010-2015, 2017-2023 Todd C. Miller <Todd.Miller@sudo.ws> |
2037 | # |
2038 | # Permission to use, copy, modify, and distribute this software for any |
2039 | # purpose with or without fee is hereby granted, provided that the above |
2040 | @@ -31,6 +31,7 @@ exec_prefix = @exec_prefix@ |
2041 | bindir = @bindir@ |
2042 | sbindir = @sbindir@ |
2043 | sysconfdir = @sysconfdir@ |
2044 | +adminconfdir = @adminconfdir@ |
2045 | libexecdir = @libexecdir@ |
2046 | includedir = @includedir@ |
2047 | datarootdir = @datarootdir@ |
2048 | diff --git a/NEWS b/NEWS |
2049 | index bdf6cc4..1a51926 100644 |
2050 | --- a/NEWS |
2051 | +++ b/NEWS |
2052 | @@ -1,3 +1,119 @@ |
2053 | +What's new in Sudo 1.9.14p2 |
2054 | + |
2055 | + * Fixed a crash on Linux systems introduced in version 1.9.14 when |
2056 | + running a command with a NULL argv[0] if "log_subcmds" or |
2057 | + "intercept" is enabled in sudoers. |
2058 | + |
2059 | + * Fixed a problem with "stair-stepped" output when piping or |
2060 | + redirecting the output of a sudo command that takes user input. |
2061 | + |
2062 | + * Fixed a bug introduced in sudo 1.9.14 that affects matching |
2063 | + sudoers rules containing a Runas_Spec with an empty Runas user. |
2064 | + These rules should only match when sudo's -g option is used but |
2065 | + were matching even without the -g option. GitHub issue #290. |
2066 | + |
2067 | +What's new in Sudo 1.9.14p1 |
2068 | + |
2069 | + * Fixed an invalid free bug in sudo_logsrvd that was introduced |
2070 | + in version 1.9.14 which could cause sudo_logsrvd to crash. |
2071 | + |
2072 | + * The sudoers plugin no longer tries to send the terminal name |
2073 | + to the log server when no terminal is present. This bug was |
2074 | + introduced in version 1.9.14. |
2075 | + |
2076 | +What's new in Sudo 1.9.14 |
2077 | + |
2078 | + * Fixed a bug where if the "intercept" or "log_subcmds" sudoers |
2079 | + option was enabled and a sub-command was run where the first |
2080 | + entry of the argument vector didn't match the command being run. |
2081 | + This resulted in commands like "sudo su -" being killed due to |
2082 | + the mismatch. Bug #1050. |
2083 | + |
2084 | + * The sudoers plugin now canonicalizes command path names before |
2085 | + matching (where possible). This fixes a bug where sudo could |
2086 | + execute the wrong path if there are multiple symbolic links with |
2087 | + the same target and the same base name in sudoers that a user is |
2088 | + allowed to run. GitHub issue #228. |
2089 | + |
2090 | + * Improved command matching when a chroot is specified in sudoers. |
2091 | + The sudoers plugin will now change the root directory id needed |
2092 | + before performing command matching. Previously, the root directory |
2093 | + was simply prepended to the path that was being processed. |
2094 | + |
2095 | + * When NETGROUP_BASE is set in the ldap.conf file, sudo will now |
2096 | + perform its own netgroup lookups of the host name instead of |
2097 | + using the system innetgr(3) function. This guarantees that user |
2098 | + and host netgroup lookups are performed using the same LDAP |
2099 | + server (or servers). |
2100 | + |
2101 | + * Fixed a bug introduced in sudo 1.9.13 that resulted in a missing |
2102 | + " ; " separator between environment variables and the command |
2103 | + in log entries. |
2104 | + |
2105 | + * The visudo utility now displays a warning when it ignores a file |
2106 | + in an include dir such as /etc/sudoers.d. |
2107 | + |
2108 | + * When running a command in a pseudo-terminal, sudo will initialize |
2109 | + the terminal settings even if it is the background process. |
2110 | + Previously, sudo only initialized the pseudo-terminal when running |
2111 | + in the foreground. This fixes an issue where a program that |
2112 | + checks the window size would read the wrong value when sudo was |
2113 | + running in the background. |
2114 | + |
2115 | + * Fixed a bug where only the first two digits of the TSID field |
2116 | + being was logged. Bug #1046. |
2117 | + |
2118 | + * The "log_pty" sudoers option is now enabled by default. To |
2119 | + restore the historic behavior where a command is run in the |
2120 | + user's terminal, add "Defaults !use_pty" to the sudoers file. |
2121 | + GitHub issue #258. |
2122 | + |
2123 | + * Sudo's "-b" option now works when the command is run in a |
2124 | + pseudo-terminal. |
2125 | + |
2126 | + * When disabling core dumps, sudo now only modifies the soft limit |
2127 | + and leaves the hard limit as-is. This avoids problems on Linux |
2128 | + when sudo does not have CAP_SYS_RESOURCE, which may be the case |
2129 | + when run inside a container. GitHub issue #42. |
2130 | + |
2131 | + * Sudo configuration file paths have been converted to colon-separated |
2132 | + lists of paths. This makes it possible to have configuration |
2133 | + files on a read-only file system while still allowing for local |
2134 | + modifications in a different (writable) directory. The new |
2135 | + --enable-adminconf configure option can be used to specify a |
2136 | + directory that is searched for configuration files in preference |
2137 | + to the sysconfdir (which is usually /etc). |
2138 | + |
2139 | + * The "intercept_verify" sudoers option is now only applied when |
2140 | + the "intercept" option is set in sudoers. Previously, it was |
2141 | + also applied when "log_subcmds" was enabled. |
2142 | + |
2143 | + * The NETGROUP_QUERY ldap.conf parameter can now be disabled for |
2144 | + LDAP servers that do not support querying the nisNetgroup object |
2145 | + by its nisNetgroupTriple attribute, while still allowing sudo to |
2146 | + query the LDAP server directly to determine netgroup membership. |
2147 | + |
2148 | + * Fixed a long-standing bug where a sudoers rule without an explicit |
2149 | + runas list allowed the user to run a command as root and any |
2150 | + group instead of just one of the groups that root is a member |
2151 | + of. For example, a rule such as "myuser ALL = ALL" would permit |
2152 | + "sudo -u root -g othergroup" even if root did not belong to |
2153 | + "othergroup". |
2154 | + |
2155 | + * Fixed a bug where a sudoers rule with an explicit runas list |
2156 | + allowed a user to run sudo commands as themselves. For example, |
2157 | + a rule such as "myuser ALL = (root) ALL", "myuser" should only |
2158 | + allow commands to be run as root (optionally using one of root's |
2159 | + groups). However, the rule also allowed the user to run |
2160 | + "sudo -u myuser -g myuser command". |
2161 | + |
2162 | + * Fixed a bug that prevented the user from specifying a group on |
2163 | + the command line via "sudo -g" if the rule's Runas_Spec contained |
2164 | + a Runas_Alias. |
2165 | + |
2166 | + * Sudo now requires a C compiler that conforms to ISO C99 or higher |
2167 | + to build. |
2168 | + |
2169 | What's new in Sudo 1.9.13p3 |
2170 | |
2171 | * Fixed a bug introduced in sudo 1.9.13 that caused a syntax error |
2172 | diff --git a/config.h.in b/config.h.in |
2173 | index 8ed7fb2..9366f31 100644 |
2174 | --- a/config.h.in |
2175 | +++ b/config.h.in |
2176 | @@ -3,6 +3,9 @@ |
2177 | #ifndef SUDO_CONFIG_H |
2178 | #define SUDO_CONFIG_H |
2179 | |
2180 | +/* Configure script arguments used to build sudo. */ |
2181 | +#undef CONFIGURE_ARGS |
2182 | + |
2183 | /* Define to 1 if you want the insults from the "classic" version sudo. */ |
2184 | #undef CLASSIC_INSULTS |
2185 | |
2186 | @@ -35,8 +38,8 @@ |
2187 | /* Define to 1 if you want to require fully qualified hosts in sudoers. */ |
2188 | #undef FQDN |
2189 | |
2190 | -/* Define to the type of elements in the array set by 'getgroups'. Usually |
2191 | - this is either 'int' or 'gid_t'. */ |
2192 | +/* Define to the type of elements in the array argument to 'getgroups'. |
2193 | + Usually this is either 'int' or 'gid_t'. */ |
2194 | #undef GETGROUPS_T |
2195 | |
2196 | /* Define to 1 if you want insults from the "Goon Show". */ |
2197 | @@ -207,6 +210,10 @@ |
2198 | don't. */ |
2199 | #undef HAVE_DECL_SSIZE_MAX |
2200 | |
2201 | +/* Define to 1 if you have the declaration of 'SYMLOOP_MAX', and to 0 if you |
2202 | + don't. */ |
2203 | +#undef HAVE_DECL_SYMLOOP_MAX |
2204 | + |
2205 | /* Define to 1 if you have the declaration of 'sys_sigabbrev', and to 0 if you |
2206 | don't. */ |
2207 | #undef HAVE_DECL_SYS_SIGABBREV |
2208 | @@ -243,6 +250,10 @@ |
2209 | you don't. */ |
2210 | #undef HAVE_DECL__POSIX_PATH_MAX |
2211 | |
2212 | +/* Define to 1 if you have the declaration of '_POSIX_SYMLOOP_MAX', and to 0 |
2213 | + if you don't. */ |
2214 | +#undef HAVE_DECL__POSIX_SYMLOOP_MAX |
2215 | + |
2216 | /* Define to 1 if you have the declaration of '_sys_siglist', and to 0 if you |
2217 | don't. */ |
2218 | #undef HAVE_DECL__SYS_SIGLIST |
2219 | @@ -462,18 +473,6 @@ |
2220 | /* Define to 1 if you have the 'innetgr' function. */ |
2221 | #undef HAVE_INNETGR |
2222 | |
2223 | -/* Define to 1 if the system has the type 'int16_t'. */ |
2224 | -#undef HAVE_INT16_T |
2225 | - |
2226 | -/* Define to 1 if the system has the type 'int32_t'. */ |
2227 | -#undef HAVE_INT32_T |
2228 | - |
2229 | -/* Define to 1 if the system has the type 'int64_t'. */ |
2230 | -#undef HAVE_INT64_T |
2231 | - |
2232 | -/* Define to 1 if the system has the type 'int8_t'. */ |
2233 | -#undef HAVE_INT8_T |
2234 | - |
2235 | /* Define to 1 if the system has the type 'intmax_t'. */ |
2236 | #undef HAVE_INTMAX_T |
2237 | |
2238 | @@ -602,6 +601,9 @@ |
2239 | /* Define to 1 if you have the <login_cap.h> header file. */ |
2240 | #undef HAVE_LOGIN_CAP_H |
2241 | |
2242 | +/* Define to 1 if the system has the type 'long long int'. */ |
2243 | +#undef HAVE_LONG_LONG_INT |
2244 | + |
2245 | /* Define to 1 if you have the <machine/endian.h> header file. */ |
2246 | #undef HAVE_MACHINE_ENDIAN_H |
2247 | |
2248 | @@ -758,6 +760,9 @@ |
2249 | /* Define to 1 if you have the 'reallocarray' function. */ |
2250 | #undef HAVE_REALLOCARRAY |
2251 | |
2252 | +/* Define to 1 if you have the 'realpath' function. */ |
2253 | +#undef HAVE_REALPATH |
2254 | + |
2255 | /* Define to 1 if you have the 'revoke' function. */ |
2256 | #undef HAVE_REVOKE |
2257 | |
2258 | @@ -1027,18 +1032,6 @@ |
2259 | /* Define to 1 if you have the 'ttyslot' function. */ |
2260 | #undef HAVE_TTYSLOT |
2261 | |
2262 | -/* Define to 1 if the system has the type 'uint16_t'. */ |
2263 | -#undef HAVE_UINT16_T |
2264 | - |
2265 | -/* Define to 1 if the system has the type 'uint32_t'. */ |
2266 | -#undef HAVE_UINT32_T |
2267 | - |
2268 | -/* Define to 1 if the system has the type 'uint64_t'. */ |
2269 | -#undef HAVE_UINT64_T |
2270 | - |
2271 | -/* Define to 1 if the system has the type 'uint8_t'. */ |
2272 | -#undef HAVE_UINT8_T |
2273 | - |
2274 | /* Define to 1 if the system has the type 'uintmax_t'. */ |
2275 | #undef HAVE_UINTMAX_T |
2276 | |
2277 | @@ -1051,6 +1044,9 @@ |
2278 | /* Define to 1 if you have the 'unsetenv' function. */ |
2279 | #undef HAVE_UNSETENV |
2280 | |
2281 | +/* Define to 1 if the system has the type 'unsigned long long int'. */ |
2282 | +#undef HAVE_UNSIGNED_LONG_LONG_INT |
2283 | + |
2284 | /* Define to 1 if you have the <util.h> header file. */ |
2285 | #undef HAVE_UTIL_H |
2286 | |
2287 | @@ -1229,9 +1225,6 @@ |
2288 | /* The passwd prompt timeout (in minutes). */ |
2289 | #undef PASSWORD_TIMEOUT |
2290 | |
2291 | -/* Define to 1 to enable replacement getcwd if system getcwd is broken. */ |
2292 | -#undef PREFER_PORTABLE_GETCWD |
2293 | - |
2294 | /* Enable replacement (v)snprintf if system (v)snprintf is broken. */ |
2295 | #undef PREFER_PORTABLE_SNPRINTF |
2296 | |
2297 | @@ -1447,6 +1440,21 @@ |
2298 | /* Number of bits in time_t, on hosts where this is settable. */ |
2299 | #undef _TIME_BITS |
2300 | |
2301 | +/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>, |
2302 | + <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the |
2303 | + #define below would cause a syntax error. */ |
2304 | +#undef _UINT32_T |
2305 | + |
2306 | +/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>, |
2307 | + <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the |
2308 | + #define below would cause a syntax error. */ |
2309 | +#undef _UINT64_T |
2310 | + |
2311 | +/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>, |
2312 | + <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the |
2313 | + #define below would cause a syntax error. */ |
2314 | +#undef _UINT8_T |
2315 | + |
2316 | /* Define to 1 on platforms where this makes time_t a 64-bit type. */ |
2317 | #undef __MINGW_USE_VC2005_COMPAT |
2318 | |
2319 | @@ -1457,7 +1465,7 @@ |
2320 | /* Define to empty if 'const' does not conform to ANSI C. */ |
2321 | #undef const |
2322 | |
2323 | -/* Define to 'int' if <sys/types.h> doesn't define. */ |
2324 | +/* Define as 'int' if <sys/types.h> doesn't define. */ |
2325 | #undef gid_t |
2326 | |
2327 | /* Define to '__inline__' or '__inline' if that's what the C compiler |
2328 | @@ -1466,53 +1474,56 @@ |
2329 | #undef inline |
2330 | #endif |
2331 | |
2332 | +/* Define to the type of a signed integer type of width exactly 16 bits if |
2333 | + such a type exists and the standard includes do not define it. */ |
2334 | +#undef int16_t |
2335 | + |
2336 | +/* Define to the type of a signed integer type of width exactly 32 bits if |
2337 | + such a type exists and the standard includes do not define it. */ |
2338 | +#undef int32_t |
2339 | + |
2340 | +/* Define to the type of a signed integer type of width exactly 64 bits if |
2341 | + such a type exists and the standard includes do not define it. */ |
2342 | +#undef int64_t |
2343 | + |
2344 | +/* Define to the type of a signed integer type of width exactly 8 bits if such |
2345 | + a type exists and the standard includes do not define it. */ |
2346 | +#undef int8_t |
2347 | + |
2348 | +/* Define to the widest signed integer type if <stdint.h> and <inttypes.h> do |
2349 | + not define. */ |
2350 | +#undef intmax_t |
2351 | + |
2352 | /* Define to an OS-specific initialization function or 'os_init_common'. */ |
2353 | #undef os_init |
2354 | |
2355 | -/* Define to 'unsigned int' if <sys/types.h> does not define. */ |
2356 | -#undef size_t |
2357 | - |
2358 | -/* Define to 'int' if <sys/types.h> doesn't define. */ |
2359 | +/* Define as 'int' if <sys/types.h> doesn't define. */ |
2360 | #undef uid_t |
2361 | |
2362 | +/* Define to the type of an unsigned integer type of width exactly 16 bits if |
2363 | + such a type exists and the standard includes do not define it. */ |
2364 | +#undef uint16_t |
2365 | + |
2366 | +/* Define to the type of an unsigned integer type of width exactly 32 bits if |
2367 | + such a type exists and the standard includes do not define it. */ |
2368 | +#undef uint32_t |
2369 | + |
2370 | +/* Define to the type of an unsigned integer type of width exactly 64 bits if |
2371 | + such a type exists and the standard includes do not define it. */ |
2372 | +#undef uint64_t |
2373 | + |
2374 | +/* Define to the type of an unsigned integer type of width exactly 8 bits if |
2375 | + such a type exists and the standard includes do not define it. */ |
2376 | +#undef uint8_t |
2377 | + |
2378 | +/* Define to the widest unsigned integer type if <stdint.h> and <inttypes.h> |
2379 | + do not define. */ |
2380 | +#undef uintmax_t |
2381 | + |
2382 | /* Define to empty if the keyword 'volatile' does not work. Warning: valid |
2383 | code using 'volatile' can become incorrect without. Disable with care. */ |
2384 | #undef volatile |
2385 | |
2386 | -/* Define C99 types if stdint.h and inttypes.h are missing. */ |
2387 | -#if !defined(HAVE_STDINT_H) && !defined(HAVE_INTTYPES_H) |
2388 | -# ifndef HAVE_INT8_T |
2389 | -typedef char int8_t; |
2390 | -# endif |
2391 | -# ifndef HAVE_UINT8_T |
2392 | -typedef unsigned char uint8_t; |
2393 | -# endif |
2394 | -# ifndef HAVE_INT16_T |
2395 | -typedef short int16_t; |
2396 | -# endif |
2397 | -# ifndef HAVE_UINT16_T |
2398 | -typedef unsigned short uint16_t; |
2399 | -# endif |
2400 | -# ifndef HAVE_INT32_T |
2401 | -typedef int int32_t; |
2402 | -# endif |
2403 | -# ifndef HAVE_UINT32_T |
2404 | -typedef unsigned int uint32_t; |
2405 | -# endif |
2406 | -# ifndef HAVE_INT64_T |
2407 | -typedef long long int64_t; |
2408 | -# endif |
2409 | -# ifndef HAVE_UINT64_T |
2410 | -typedef unsigned long long uint64_t; |
2411 | -# endif |
2412 | -# ifndef HAVE_INTMAX_T |
2413 | -typedef long long intmax_t; |
2414 | -# endif |
2415 | -# ifndef HAVE_UINTMAX_T |
2416 | -typedef unsigned long long uintmax_t; |
2417 | -# endif |
2418 | -#endif /* !HAVE_STDINT_H && !HAVE_INTTYPES_H */ |
2419 | - |
2420 | #ifndef HAVE_SIG_ATOMIC_T |
2421 | typedef int sig_atomic_t; |
2422 | #endif |
2423 | diff --git a/configure b/configure |
2424 | index b4453a8..dd6eae9 100755 |
2425 | --- a/configure |
2426 | +++ b/configure |
2427 | @@ -1,6 +1,6 @@ |
2428 | #! /bin/sh |
2429 | # Guess values for system-dependent variables and create Makefiles. |
2430 | -# Generated by GNU Autoconf 2.72a for sudo 1.9.13p3. |
2431 | +# Generated by GNU Autoconf 2.72c for sudo 1.9.14p2. |
2432 | # |
2433 | # Report bugs to <https://bugzilla.sudo.ws/>. |
2434 | # |
2435 | @@ -614,8 +614,8 @@ MAKEFLAGS= |
2436 | # Identity of this package. |
2437 | PACKAGE_NAME='sudo' |
2438 | PACKAGE_TARNAME='sudo' |
2439 | -PACKAGE_VERSION='1.9.13p3' |
2440 | -PACKAGE_STRING='sudo 1.9.13p3' |
2441 | +PACKAGE_VERSION='1.9.14p2' |
2442 | +PACKAGE_STRING='sudo 1.9.14p2' |
2443 | PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' |
2444 | PACKAGE_URL='' |
2445 | |
2446 | @@ -656,7 +656,6 @@ ac_header_c_list= |
2447 | ac_func_c_list= |
2448 | ac_c_werror_flag= |
2449 | enable_year2038=yes |
2450 | -enable_largefile=yes |
2451 | ac_subst_vars='LTLIBOBJS |
2452 | KRB5CONFIG |
2453 | LIBOBJS |
2454 | @@ -700,6 +699,7 @@ FGREP |
2455 | EGREP |
2456 | GREP |
2457 | SED |
2458 | +LIBTOOL |
2459 | host_os |
2460 | host_vendor |
2461 | host_cpu |
2462 | @@ -722,6 +722,9 @@ CPP |
2463 | OBJEXT |
2464 | EXEEXT |
2465 | ac_ct_CC |
2466 | +CPPFLAGS |
2467 | +LDFLAGS |
2468 | +CFLAGS |
2469 | CC |
2470 | python_plugin |
2471 | sudoers_plugin |
2472 | @@ -768,6 +771,10 @@ relay_dir |
2473 | logpath |
2474 | log_dir |
2475 | iolog_dir |
2476 | +sudoers_path |
2477 | +sudo_logsrvd_conf |
2478 | +sudo_conf |
2479 | +cvtsudoers_conf |
2480 | INTERCEPT_EXP |
2481 | FUZZ_LD |
2482 | FUZZ_ENGINE |
2483 | @@ -782,6 +789,7 @@ PYTHON_PLUGIN |
2484 | SIGNAME |
2485 | devsearch |
2486 | DIGEST |
2487 | +adminconfdir |
2488 | exampledir |
2489 | TMPFILES_D |
2490 | COMPAT_EXP |
2491 | @@ -801,12 +809,10 @@ LOCALEDIR_SUFFIX |
2492 | SUDO_NLS |
2493 | LIBPTHREAD |
2494 | LIBTLS |
2495 | -LIBMD |
2496 | LIBCRYPTO |
2497 | LIBINTL |
2498 | LIBRT |
2499 | LIBDL |
2500 | -CONFIGURE_ARGS |
2501 | LIBTOOL_DEPS |
2502 | ZLIB_SRC |
2503 | ZLIB |
2504 | @@ -867,11 +873,7 @@ ZLIB_LDFLAGS |
2505 | LIBUTIL_LDFLAGS |
2506 | SUDOERS_LDFLAGS |
2507 | SUDO_LDFLAGS |
2508 | -LDFLAGS |
2509 | -CPPFLAGS |
2510 | PROGS |
2511 | -CFLAGS |
2512 | -LIBTOOL |
2513 | target_alias |
2514 | host_alias |
2515 | build_alias |
2516 | @@ -1049,6 +1051,7 @@ enable_openssl_pkgconfig_template |
2517 | enable_wolfssl |
2518 | enable_gcrypt |
2519 | enable_python |
2520 | +enable_adminconf |
2521 | enable_shared |
2522 | enable_static |
2523 | with_pic |
2524 | @@ -1062,11 +1065,11 @@ enable_intercept |
2525 | with_noexec |
2526 | with_netsvc |
2527 | enable_sia |
2528 | +enable_largefile |
2529 | with_pam_login |
2530 | enable_pam_session |
2531 | enable_kerb5_instance |
2532 | enable_year2038 |
2533 | -enable_largefile |
2534 | ' |
2535 | ac_precious_vars='SENDMAILPROG |
2536 | VIPROG |
2537 | @@ -1636,7 +1639,7 @@ if test "$ac_init_help" = "long"; then |
2538 | # Omit some internal or obsolete options to make the list less imposing. |
2539 | # This message is too long to be a string in the A/UX 3.1 sh. |
2540 | cat <<_ACEOF |
2541 | -'configure' configures sudo 1.9.13p3 to adapt to many kinds of systems. |
2542 | +'configure' configures sudo 1.9.14p2 to adapt to many kinds of systems. |
2543 | |
2544 | Usage: $0 [OPTION]... [VAR=VALUE]... |
2545 | |
2546 | @@ -1702,7 +1705,7 @@ fi |
2547 | |
2548 | if test -n "$ac_init_help"; then |
2549 | case $ac_init_help in |
2550 | - short | recursive ) echo "Configuration of sudo 1.9.13p3:";; |
2551 | + short | recursive ) echo "Configuration of sudo 1.9.14p2:";; |
2552 | esac |
2553 | cat <<\_ACEOF |
2554 | |
2555 | @@ -1769,6 +1772,9 @@ Optional Features: |
2556 | --enable-wolfssl Use wolfSSL's TLS and sha2 functions |
2557 | --enable-gcrypt Use GNU crypt's sha2 functions |
2558 | --enable-python Compile python plugin support |
2559 | + --enable-adminconf[=DIR] |
2560 | + Use configuration files from adminconfdir in |
2561 | + preference to sysconfdir |
2562 | --enable-shared[=PKGS] build shared libraries [default=yes] |
2563 | --enable-static[=PKGS] build static libraries [default=yes] |
2564 | --enable-fast-install[=PKGS] |
2565 | @@ -1776,11 +1782,11 @@ Optional Features: |
2566 | --disable-libtool-lock avoid locking (might break parallel builds) |
2567 | --enable-intercept fully qualified pathname of sudo_intercept.so |
2568 | --disable-sia Disable SIA on Digital UNIX |
2569 | + --disable-largefile omit support for large files |
2570 | --disable-pam-session Disable PAM session support |
2571 | --enable-kerb5-instance instance string to append to the username (separated |
2572 | by a slash) |
2573 | - --disable-year2038 omit support for dates after Jan 2038 |
2574 | - --disable-largefile omit support for large files |
2575 | + --disable-year2038 don't support timestamps after 2038 |
2576 | |
2577 | Optional Packages: |
2578 | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] |
2579 | @@ -1993,8 +1999,8 @@ fi |
2580 | test -n "$ac_init_help" && exit $ac_status |
2581 | if $ac_init_version; then |
2582 | cat <<\_ACEOF |
2583 | -sudo configure 1.9.13p3 |
2584 | -generated by GNU Autoconf 2.72a |
2585 | +sudo configure 1.9.14p2 |
2586 | +generated by GNU Autoconf 2.72c |
2587 | |
2588 | Copyright (C) 2023 Free Software Foundation, Inc. |
2589 | This configure script is free software; the Free Software Foundation |
2590 | @@ -2409,6 +2415,148 @@ printf "%s\n" "$ac_res" >&6; } |
2591 | |
2592 | } # ac_fn_c_check_member |
2593 | |
2594 | +# ac_fn_c_find_intX_t LINENO BITS VAR |
2595 | +# ----------------------------------- |
2596 | +# Finds a signed integer type with width BITS, setting cache variable VAR |
2597 | +# accordingly. |
2598 | +ac_fn_c_find_intX_t () |
2599 | +{ |
2600 | + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack |
2601 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 |
2602 | +printf %s "checking for int$2_t... " >&6; } |
2603 | +if eval test \${$3+y} |
2604 | +then : |
2605 | + printf %s "(cached) " >&6 |
2606 | +else case e in #( |
2607 | + e) eval "$3=no" |
2608 | + # Order is important - never check a type that is potentially smaller |
2609 | + # than half of the expected target width. |
2610 | + for ac_type in int$2_t 'int' 'long int' \ |
2611 | + 'long long int' 'short int' 'signed char'; do |
2612 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
2613 | +/* end confdefs.h. */ |
2614 | +$ac_includes_default |
2615 | + enum { N = $2 / 2 - 1 }; |
2616 | +int |
2617 | +main (void) |
2618 | +{ |
2619 | +static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; |
2620 | +test_array [0] = 0; |
2621 | +return test_array [0]; |
2622 | + |
2623 | + ; |
2624 | + return 0; |
2625 | +} |
2626 | +_ACEOF |
2627 | +if ac_fn_c_try_compile "$LINENO" |
2628 | +then : |
2629 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
2630 | +/* end confdefs.h. */ |
2631 | +$ac_includes_default |
2632 | + enum { N = $2 / 2 - 1 }; |
2633 | +int |
2634 | +main (void) |
2635 | +{ |
2636 | +static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) |
2637 | + < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; |
2638 | +test_array [0] = 0; |
2639 | +return test_array [0]; |
2640 | + |
2641 | + ; |
2642 | + return 0; |
2643 | +} |
2644 | +_ACEOF |
2645 | +if ac_fn_c_try_compile "$LINENO" |
2646 | +then : |
2647 | + |
2648 | +else case e in #( |
2649 | + e) case $ac_type in #( |
2650 | + int$2_t) : |
2651 | + eval "$3=yes" ;; #( |
2652 | + *) : |
2653 | + eval "$3=\$ac_type" ;; |
2654 | +esac ;; |
2655 | +esac |
2656 | +fi |
2657 | +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
2658 | +fi |
2659 | +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
2660 | + if eval test \"x\$"$3"\" = x"no" |
2661 | +then : |
2662 | + |
2663 | +else case e in #( |
2664 | + e) break ;; |
2665 | +esac |
2666 | +fi |
2667 | + done ;; |
2668 | +esac |
2669 | +fi |
2670 | +eval ac_res=\$$3 |
2671 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 |
2672 | +printf "%s\n" "$ac_res" >&6; } |
2673 | + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno |
2674 | + |
2675 | +} # ac_fn_c_find_intX_t |
2676 | + |
2677 | +# ac_fn_c_find_uintX_t LINENO BITS VAR |
2678 | +# ------------------------------------ |
2679 | +# Finds an unsigned integer type with width BITS, setting cache variable VAR |
2680 | +# accordingly. |
2681 | +ac_fn_c_find_uintX_t () |
2682 | +{ |
2683 | + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack |
2684 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 |
2685 | +printf %s "checking for uint$2_t... " >&6; } |
2686 | +if eval test \${$3+y} |
2687 | +then : |
2688 | + printf %s "(cached) " >&6 |
2689 | +else case e in #( |
2690 | + e) eval "$3=no" |
2691 | + # Order is important - never check a type that is potentially smaller |
2692 | + # than half of the expected target width. |
2693 | + for ac_type in uint$2_t 'unsigned int' 'unsigned long int' \ |
2694 | + 'unsigned long long int' 'unsigned short int' 'unsigned char'; do |
2695 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
2696 | +/* end confdefs.h. */ |
2697 | +$ac_includes_default |
2698 | +int |
2699 | +main (void) |
2700 | +{ |
2701 | +static int test_array [1 - 2 * !((($ac_type) -1 >> ($2 / 2 - 1)) >> ($2 / 2 - 1) == 3)]; |
2702 | +test_array [0] = 0; |
2703 | +return test_array [0]; |
2704 | + |
2705 | + ; |
2706 | + return 0; |
2707 | +} |
2708 | +_ACEOF |
2709 | +if ac_fn_c_try_compile "$LINENO" |
2710 | +then : |
2711 | + case $ac_type in #( |
2712 | + uint$2_t) : |
2713 | + eval "$3=yes" ;; #( |
2714 | + *) : |
2715 | + eval "$3=\$ac_type" ;; |
2716 | +esac |
2717 | +fi |
2718 | +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
2719 | + if eval test \"x\$"$3"\" = x"no" |
2720 | +then : |
2721 | + |
2722 | +else case e in #( |
2723 | + e) break ;; |
2724 | +esac |
2725 | +fi |
2726 | + done ;; |
2727 | +esac |
2728 | +fi |
2729 | +eval ac_res=\$$3 |
2730 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 |
2731 | +printf "%s\n" "$ac_res" >&6; } |
2732 | + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno |
2733 | + |
2734 | +} # ac_fn_c_find_uintX_t |
2735 | + |
2736 | # ac_fn_c_try_run LINENO |
2737 | # ---------------------- |
2738 | # Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that |
2739 | @@ -2671,8 +2819,8 @@ cat >config.log <<_ACEOF |
2740 | This file contains any messages produced by compilers while |
2741 | running configure, to aid debugging if configure makes a mistake. |
2742 | |
2743 | -It was created by sudo $as_me 1.9.13p3, which was |
2744 | -generated by GNU Autoconf 2.72a. Invocation command line was |
2745 | +It was created by sudo $as_me 1.9.14p2, which was |
2746 | +generated by GNU Autoconf 2.72c. Invocation command line was |
2747 | |
2748 | $ $0$ac_configure_args_raw |
2749 | |
2750 | @@ -2972,6 +3120,21 @@ static char *f (char * (*g) (char **, int), char **p, ...) |
2751 | return s; |
2752 | } |
2753 | |
2754 | +/* C89 style stringification. */ |
2755 | +#define noexpand_stringify(a) #a |
2756 | +const char *stringified = noexpand_stringify(arbitrary+token=sequence); |
2757 | + |
2758 | +/* C89 style token pasting. Exercises some of the corner cases that |
2759 | + e.g. old MSVC gets wrong, but not very hard. */ |
2760 | +#define noexpand_concat(a,b) a##b |
2761 | +#define expand_concat(a,b) noexpand_concat(a,b) |
2762 | +extern int vA; |
2763 | +extern int vbee; |
2764 | +#define aye A |
2765 | +#define bee B |
2766 | +int *pvA = &expand_concat(v,aye); |
2767 | +int *pvbee = &noexpand_concat(v,bee); |
2768 | + |
2769 | /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has |
2770 | function prototypes and stuff, but not \xHH hex character constants. |
2771 | These do not provoke an error unfortunately, instead are silently treated |
2772 | @@ -3452,113 +3615,31 @@ ac_config_headers="$ac_config_headers config.h pathnames.h" |
2773 | |
2774 | |
2775 | |
2776 | - |
2777 | - |
2778 | - |
2779 | - |
2780 | - |
2781 | - |
2782 | - |
2783 | - |
2784 | - |
2785 | - |
2786 | - |
2787 | - |
2788 | - |
2789 | - |
2790 | - |
2791 | - |
2792 | - |
2793 | - |
2794 | - |
2795 | - |
2796 | - |
2797 | - |
2798 | - |
2799 | - |
2800 | - |
2801 | - |
2802 | - |
2803 | - |
2804 | - |
2805 | - |
2806 | - |
2807 | - |
2808 | - |
2809 | - |
2810 | - |
2811 | - |
2812 | - |
2813 | - |
2814 | - |
2815 | - |
2816 | - |
2817 | - |
2818 | - |
2819 | - |
2820 | - |
2821 | - |
2822 | - |
2823 | - |
2824 | - |
2825 | - |
2826 | - |
2827 | - |
2828 | - |
2829 | - |
2830 | - |
2831 | - |
2832 | - |
2833 | - |
2834 | - |
2835 | - |
2836 | - |
2837 | - |
2838 | - |
2839 | - |
2840 | - |
2841 | - |
2842 | - |
2843 | - |
2844 | - |
2845 | - |
2846 | - |
2847 | - |
2848 | - |
2849 | - |
2850 | - |
2851 | - |
2852 | - |
2853 | - |
2854 | - |
2855 | - |
2856 | - |
2857 | - |
2858 | - |
2859 | - |
2860 | - |
2861 | - |
2862 | - |
2863 | - |
2864 | - |
2865 | - |
2866 | - |
2867 | - |
2868 | - |
2869 | - |
2870 | - |
2871 | - |
2872 | - |
2873 | - |
2874 | - |
2875 | - |
2876 | - |
2877 | - |
2878 | - |
2879 | - |
2880 | - |
2881 | - |
2882 | - |
2883 | +PROGS=sudo |
2884 | +LT_LDDEP="\$(shlib_exp)" |
2885 | +LT_LDEXPORTS="-export-symbols \$(shlib_exp)" |
2886 | +BAMAN=0 |
2887 | +LCMAN=0 |
2888 | +PSMAN=0 |
2889 | +SEMAN=0 |
2890 | +AAMAN=0 |
2891 | +devdir='$(srcdir)' |
2892 | +PRELOAD_MODULE='-module' |
2893 | +LDAP='#' |
2894 | +SUDO_NLS=disabled |
2895 | +exampledir='$(docdir)/examples' |
2896 | +adminconfdir='$(prefix)/etc' |
2897 | +PYTHON_PLUGIN='#' |
2898 | +LOGSRV_SRC='lib/logsrv' |
2899 | +LOGSRVD_SRC='logsrvd' |
2900 | +LOGSRVD_CONF='sudo_logsrvd.conf' |
2901 | +LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la $(top_builddir)/lib/protobuf-c/libprotobuf-c.la' |
2902 | +PPFILES='$(srcdir)/etc/sudo.pp' |
2903 | +FUZZ_LD='$(CC)' |
2904 | +cvtsudoers_conf='$(sysconfdir)/cvtsudoers.conf' |
2905 | +sudo_conf='$(sysconfdir)/sudo.conf' |
2906 | +sudo_logsrvd_conf='$(sysconfdir)/sudo_logsrvd.conf' |
2907 | +sudoers_path='$(sysconfdir)/sudoers' |
2908 | |
2909 | |
2910 | |
2911 | @@ -3653,62 +3734,20 @@ devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev" |
2912 | # |
2913 | # End initial values for man page substitution |
2914 | # |
2915 | -INSTALL_BACKUP= |
2916 | -INSTALL_INTERCEPT= |
2917 | -INSTALL_NOEXEC= |
2918 | -PRELOAD_MODULE=-module |
2919 | -exampledir='$(docdir)/examples' |
2920 | -devdir='$(srcdir)' |
2921 | -PROGS="sudo" |
2922 | : ${MANDIRTYPE='man'} |
2923 | : ${SHLIB_MODE='0644'} |
2924 | : ${SUDOERS_MODE='0440'} |
2925 | : ${SUDOERS_UID='0'} |
2926 | : ${SUDOERS_GID='0'} |
2927 | -DEVEL= |
2928 | -LDAP="#" |
2929 | -BAMAN=0 |
2930 | -LCMAN=0 |
2931 | -PSMAN=0 |
2932 | -SEMAN=0 |
2933 | -AAMAN=0 |
2934 | -LIBINTL= |
2935 | -LIBCRYPTO= |
2936 | -LIBMD= |
2937 | -LIBTLS= |
2938 | -ZLIB= |
2939 | -ZLIB_SRC= |
2940 | -AUTH_OBJS= |
2941 | +CONFIGURE_ARGS="$@" |
2942 | AUTH_REG= |
2943 | AUTH_EXCL= |
2944 | AUTH_EXCL_DEF= |
2945 | AUTH_DEF=passwd |
2946 | -SUDO_NLS=disabled |
2947 | -LOCALEDIR_SUFFIX= |
2948 | -LT_LDEXPORTS="-export-symbols \$(shlib_exp)" |
2949 | -LT_LDDEP="\$(shlib_exp)" |
2950 | -OS_INIT=os_init_common |
2951 | -INIT_SCRIPT= |
2952 | -INIT_DIR= |
2953 | -RC_LINK= |
2954 | -COMPAT_EXP= |
2955 | -SIGNAME= |
2956 | -FUZZ_ENGINE= |
2957 | -FUZZ_LD='$(CC)' |
2958 | -INTERCEPT_EXP= |
2959 | -WEAK_ALIAS=no |
2960 | CHECKSHADOW=true |
2961 | shadow_funcs= |
2962 | shadow_libs= |
2963 | -TMPFILES_D= |
2964 | -CONFIGURE_ARGS="$@" |
2965 | -PYTHON_PLUGIN=# |
2966 | -LOGSRVD= |
2967 | -LOGSRVD_SRC=logsrvd |
2968 | -LOGSRV_SRC=lib/logsrv |
2969 | -LOGSRVD_CONF='sudo_logsrvd.conf' |
2970 | -LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la $(top_builddir)/lib/protobuf-c/libprotobuf-c.la' |
2971 | -PPFILES='$(srcdir)/etc/sudo.pp' |
2972 | +OS_INIT=os_init_common |
2973 | |
2974 | RTLD_PRELOAD_VAR="LD_PRELOAD" |
2975 | RTLD_PRELOAD_ENABLE_VAR= |
2976 | @@ -7173,6 +7212,23 @@ printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-python: $e |
2977 | fi |
2978 | |
2979 | |
2980 | +# Check whether --enable-adminconf was given. |
2981 | +if test ${enable_adminconf+y} |
2982 | +then : |
2983 | + enableval=$enable_adminconf; case "$enableval" in |
2984 | + yes|no) |
2985 | + ;; |
2986 | + *) adminconfdir="$enableval" |
2987 | + enable_adminconf=yes |
2988 | + ;; |
2989 | + esac |
2990 | + |
2991 | +else case e in #( |
2992 | + e) enable_adminconf=no ;; |
2993 | +esac |
2994 | +fi |
2995 | + |
2996 | + |
2997 | ac_ext=c |
2998 | ac_cpp='$CPP $CPPFLAGS' |
2999 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' |
3000 | @@ -8987,9 +9043,10 @@ do |
3001 | as_fn_executable_p "$ac_path_SED" || continue |
3002 | # Check for GNU ac_path_SED and select it if it is found. |
3003 | # Check for GNU $ac_path_SED |
3004 | -case `"$ac_path_SED" --version 2>&1` in |
3005 | +case `"$ac_path_SED" --version 2>&1` in #( |
3006 | *GNU*) |
3007 | ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; |
3008 | +#( |
3009 | *) |
3010 | ac_count=0 |
3011 | printf %s 0123456789 >"conftest.in" |
3012 | @@ -9070,9 +9127,10 @@ do |
3013 | as_fn_executable_p "$ac_path_GREP" || continue |
3014 | # Check for GNU ac_path_GREP and select it if it is found. |
3015 | # Check for GNU $ac_path_GREP |
3016 | -case `"$ac_path_GREP" --version 2>&1` in |
3017 | +case `"$ac_path_GREP" --version 2>&1` in #( |
3018 | *GNU*) |
3019 | ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; |
3020 | +#( |
3021 | *) |
3022 | ac_count=0 |
3023 | printf %s 0123456789 >"conftest.in" |
3024 | @@ -9143,9 +9201,10 @@ do |
3025 | as_fn_executable_p "$ac_path_EGREP" || continue |
3026 | # Check for GNU ac_path_EGREP and select it if it is found. |
3027 | # Check for GNU $ac_path_EGREP |
3028 | -case `"$ac_path_EGREP" --version 2>&1` in |
3029 | +case `"$ac_path_EGREP" --version 2>&1` in #( |
3030 | *GNU*) |
3031 | ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; |
3032 | +#( |
3033 | *) |
3034 | ac_count=0 |
3035 | printf %s 0123456789 >"conftest.in" |
3036 | @@ -9188,6 +9247,8 @@ fi |
3037 | printf "%s\n" "$ac_cv_path_EGREP" >&6; } |
3038 | EGREP="$ac_cv_path_EGREP" |
3039 | |
3040 | + EGREP_TRADITIONAL=$EGREP |
3041 | + ac_cv_path_EGREP_TRADITIONAL=$EGREP |
3042 | |
3043 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 |
3044 | printf %s "checking for fgrep... " >&6; } |
3045 | @@ -9217,9 +9278,10 @@ do |
3046 | as_fn_executable_p "$ac_path_FGREP" || continue |
3047 | # Check for GNU ac_path_FGREP and select it if it is found. |
3048 | # Check for GNU $ac_path_FGREP |
3049 | -case `"$ac_path_FGREP" --version 2>&1` in |
3050 | +case `"$ac_path_FGREP" --version 2>&1` in #( |
3051 | *GNU*) |
3052 | ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; |
3053 | +#( |
3054 | *) |
3055 | ac_count=0 |
3056 | printf %s 0123456789 >"conftest.in" |
3057 | @@ -17504,6 +17566,11 @@ fi |
3058 | fi |
3059 | sudo_cv_prev_host="$host" |
3060 | |
3061 | +cat >>confdefs.h <<EOF |
3062 | +#define CONFIGURE_ARGS "$CONFIGURE_ARGS" |
3063 | +EOF |
3064 | + |
3065 | + |
3066 | if test -n "$host_os" |
3067 | then : |
3068 | |
3069 | @@ -19837,7 +19904,12 @@ done |
3070 | # |
3071 | # Check for large file and 64-bit time support. |
3072 | # |
3073 | - if test "$enable_largefile" != no |
3074 | +# Check whether --enable-largefile was given. |
3075 | +if test ${enable_largefile+y} |
3076 | +then : |
3077 | + enableval=$enable_largefile; |
3078 | +fi |
3079 | +if test "$enable_largefile,$enable_year2038" != no,no |
3080 | then : |
3081 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable large file support" >&5 |
3082 | printf %s "checking for $CC option to enable large file support... " >&6; } |
3083 | @@ -19880,6 +19952,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
3084 | test $ac_opt_found = no || break |
3085 | done |
3086 | CC="$ac_save_CC" |
3087 | + |
3088 | test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;; |
3089 | esac |
3090 | fi |
3091 | @@ -19890,15 +19963,10 @@ ac_have_largefile=yes |
3092 | case $ac_cv_sys_largefile_opts in #( |
3093 | "none needed") : |
3094 | ;; #( |
3095 | + "supported through gnulib") : |
3096 | + ;; #( |
3097 | "support not detected") : |
3098 | - ac_have_largefile=no |
3099 | - if test $enable_largefile = required |
3100 | -then : |
3101 | - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 |
3102 | -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} |
3103 | -as_fn_error $? "support for large files is required |
3104 | -See 'config.log' for more details" "$LINENO" 5; } |
3105 | -fi ;; #( |
3106 | + ac_have_largefile=no ;; #( |
3107 | "-D_FILE_OFFSET_BITS=64") : |
3108 | |
3109 | printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h |
3110 | @@ -19913,10 +19981,10 @@ printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h |
3111 | as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;; |
3112 | esac |
3113 | |
3114 | - if test "$enable_year2038" != no |
3115 | +if test "$enable_year2038" != no |
3116 | then : |
3117 | - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable timestamps after Jan 2038" >&5 |
3118 | -printf %s "checking for $CC option to enable timestamps after Jan 2038... " >&6; } |
3119 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option for timestamps after 2038" >&5 |
3120 | +printf %s "checking for $CC option for timestamps after 2038... " >&6; } |
3121 | if test ${ac_cv_sys_year2038_opts+y} |
3122 | then : |
3123 | printf %s "(cached) " >&6 |
3124 | @@ -19967,49 +20035,12 @@ case $ac_cv_sys_year2038_opts in #( |
3125 | "none needed") : |
3126 | ;; #( |
3127 | "support not detected") : |
3128 | - ac_have_year2038=no |
3129 | - case $enable_year2038 in #( |
3130 | - required) : |
3131 | - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 |
3132 | -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} |
3133 | -as_fn_error $? "support for timestamps after Jan 2038 is required |
3134 | -See 'config.log' for more details" "$LINENO" 5; } ;; #( |
3135 | - yes) : |
3136 | - # If we're not cross compiling and 'touch' works with a large |
3137 | - # timestamp, then we can presume the system supports wider time_t |
3138 | - # *somehow* and we just weren't able to detect it. One common |
3139 | - # case that we deliberately *don't* probe for is a system that |
3140 | - # supports both 32- and 64-bit ABIs but only the 64-bit ABI offers |
3141 | - # wide time_t. (It would be inappropriate for us to override an |
3142 | - # intentional use of -m32.) Error out, demanding use of |
3143 | - # --disable-year2038 if this is intentional. |
3144 | - if test $cross_compiling = no |
3145 | -then : |
3146 | - if TZ=UTC0 touch -t 210602070628.15 conftest.time 2>/dev/null |
3147 | -then : |
3148 | - case `TZ=UTC0 LC_ALL=C ls -l conftest.time 2>/dev/null` in #( |
3149 | - *'Feb 7 2106'* | *'Feb 7 17:10'*) : |
3150 | - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 |
3151 | -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} |
3152 | -as_fn_error $? "this system appears to support timestamps after |
3153 | -January 2038, but no mechanism for enabling wide |
3154 | -'time_t' was detected. Did you mean to build a 64-bit |
3155 | -binary? (e.g. 'CC=\"${CC} -m64\"'.) To proceed with |
3156 | -32-bit time_t, configure with '--disable-year2038'. |
3157 | -See 'config.log' for more details" "$LINENO" 5; } ;; #( |
3158 | - *) : |
3159 | - ;; |
3160 | -esac |
3161 | -fi |
3162 | -fi ;; #( |
3163 | - *) : |
3164 | - ;; |
3165 | -esac ;; #( |
3166 | + ac_have_year2038=no ;; #( |
3167 | "-D_TIME_BITS=64") : |
3168 | |
3169 | printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h |
3170 | ;; #( |
3171 | - "-D__MINGW_USE_VC2005_COMPAT=1") : |
3172 | + "-D__MINGW_USE_VC2005_COMPAT") : |
3173 | |
3174 | printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h |
3175 | ;; #( |
3176 | @@ -20017,7 +20048,7 @@ printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h |
3177 | { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 |
3178 | printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} |
3179 | as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It |
3180 | -will stop working after January 2038. Remove |
3181 | +will stop working after mid-January 2038. Remove |
3182 | _USE_32BIT_TIME_T from the compiler flags. |
3183 | See 'config.log' for more details" "$LINENO" 5; } ;; #( |
3184 | *) : |
3185 | @@ -20026,12 +20057,34 @@ esac |
3186 | |
3187 | fi |
3188 | |
3189 | - |
3190 | - |
3191 | fi |
3192 | - |
3193 | - |
3194 | - |
3195 | +if test "$enable_year2038,$ac_have_year2038,$cross_compiling" = yes,no,no |
3196 | +then : |
3197 | + # If we're not cross compiling and 'touch' works with a large |
3198 | + # timestamp, then we can presume the system supports wider time_t |
3199 | + # *somehow* and we just weren't able to detect it. One common |
3200 | + # case that we deliberately *don't* probe for is a system that |
3201 | + # supports both 32- and 64-bit ABIs but only the 64-bit ABI offers |
3202 | + # wide time_t. (It would be inappropriate for us to override an |
3203 | + # intentional use of -m32.) Error out, demanding use of |
3204 | + # --disable-year2038 if this is intentional. |
3205 | + if TZ=UTC0 touch -t 210602070628.15 conftest.time 2>/dev/null |
3206 | +then : |
3207 | + case `TZ=UTC0 LC_ALL=C ls -l conftest.time 2>/dev/null` in #( |
3208 | + *'Feb 7 2106'* | *'Feb 7 17:10'*) : |
3209 | + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 |
3210 | +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} |
3211 | +as_fn_error $? "this system appears to support timestamps after |
3212 | +mid-January 2038, but no mechanism for enabling wide |
3213 | +'time_t' was detected. Did you mean to build a 64-bit |
3214 | +binary? (E.g., 'CC=\"${CC} -m64\"'.) To proceed with |
3215 | +32-bit time_t, configure with '--disable-year2038'. |
3216 | +See 'config.log' for more details" "$LINENO" 5; } ;; #( |
3217 | + *) : |
3218 | + ;; |
3219 | +esac |
3220 | +fi |
3221 | +fi |
3222 | |
3223 | # |
3224 | # Don't allow undefined symbols, even in shared libraries, if possible. |
3225 | @@ -20042,27 +20095,69 @@ fi |
3226 | if test -n "$GCC" -a X"${enable_sanitizer}${enable_fuzzer}" = X"nono" |
3227 | then : |
3228 | |
3229 | - # On FreeBSD and Dragonfly, environ is filled in by the dynamic loader |
3230 | - # so -Wl,--no-undefined causes a link error when environ is used. |
3231 | - # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263265 |
3232 | - # We use errno because OpenBSD shared libraries don't explicitly |
3233 | - # link with libc, which can result in undefined reference errors. |
3234 | - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the linker accepts -Wl,--no-undefined" >&5 |
3235 | + case $host_os in #( |
3236 | + darwin*) : |
3237 | + |
3238 | + # On macOS 13, using "-undefined dynamic_lookup" produces a |
3239 | + # warning. Use the -no-undefined libtool option to avoid this. |
3240 | + |
3241 | +if test ${LT_LDFLAGS+y} |
3242 | +then : |
3243 | + |
3244 | + case " $LT_LDFLAGS " in #( |
3245 | + *" -no-undefined "*) : |
3246 | + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS already contains -no-undefined"; } >&5 |
3247 | + (: LT_LDFLAGS already contains -no-undefined) 2>&5 |
3248 | + ac_status=$? |
3249 | + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 |
3250 | + test $ac_status = 0; } ;; #( |
3251 | + *) : |
3252 | + |
3253 | + as_fn_append LT_LDFLAGS " -no-undefined" |
3254 | + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS=\"\$LT_LDFLAGS\""; } >&5 |
3255 | + (: LT_LDFLAGS="$LT_LDFLAGS") 2>&5 |
3256 | + ac_status=$? |
3257 | + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 |
3258 | + test $ac_status = 0; } |
3259 | + ;; |
3260 | +esac |
3261 | + |
3262 | +else case e in #( |
3263 | + e) |
3264 | + LT_LDFLAGS=-no-undefined |
3265 | + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LT_LDFLAGS=\"\$LT_LDFLAGS\""; } >&5 |
3266 | + (: LT_LDFLAGS="$LT_LDFLAGS") 2>&5 |
3267 | + ac_status=$? |
3268 | + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 |
3269 | + test $ac_status = 0; } |
3270 | + ;; |
3271 | +esac |
3272 | +fi |
3273 | + |
3274 | + ;; #( |
3275 | + *) : |
3276 | + |
3277 | + # On FreeBSD and Dragonfly, environ is filled in by the dynamic loader |
3278 | + # so -Wl,--no-undefined causes a link error when environ is used. |
3279 | + # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263265 |
3280 | + # We use errno because OpenBSD shared libraries don't explicitly |
3281 | + # link with libc, which can result in undefined reference errors. |
3282 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the linker accepts -Wl,--no-undefined" >&5 |
3283 | printf %s "checking the linker accepts -Wl,--no-undefined... " >&6; } |
3284 | if test ${sudo_cv_var_ld___no_undefined+y} |
3285 | then : |
3286 | printf %s "(cached) " >&6 |
3287 | else case e in #( |
3288 | e) |
3289 | - sudo_cv_var_ld___no_undefined=no |
3290 | - _CFLAGS="$CFLAGS" |
3291 | - CFLAGS="$CFLAGS $lt_prog_compiler_pic" |
3292 | - _LDFLAGS="$LDFLAGS" |
3293 | - LDFLAGS="$LDFLAGS $lt_prog_compiler_pic -shared -Wl,--no-undefined" |
3294 | - cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3295 | + sudo_cv_var_ld___no_undefined=no |
3296 | + _CFLAGS="$CFLAGS" |
3297 | + CFLAGS="$CFLAGS $lt_prog_compiler_pic" |
3298 | + _LDFLAGS="$LDFLAGS" |
3299 | + LDFLAGS="$LDFLAGS $lt_prog_compiler_pic -shared -Wl,--no-undefined" |
3300 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3301 | /* end confdefs.h. */ |
3302 | #include <errno.h> |
3303 | -extern char **environ; |
3304 | + extern char **environ; |
3305 | int |
3306 | main (void) |
3307 | { |
3308 | @@ -20077,15 +20172,15 @@ then : |
3309 | fi |
3310 | rm -f core conftest.err conftest.$ac_objext conftest.beam \ |
3311 | conftest$ac_exeext conftest.$ac_ext |
3312 | - CFLAGS="$_CFLAGS" |
3313 | - LDFLAGS="$_LDFLAGS" |
3314 | + CFLAGS="$_CFLAGS" |
3315 | + LDFLAGS="$_LDFLAGS" |
3316 | |
3317 | - ;; |
3318 | + ;; |
3319 | esac |
3320 | fi |
3321 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_ld___no_undefined" >&5 |
3322 | printf "%s\n" "$sudo_cv_var_ld___no_undefined" >&6; } |
3323 | - if test "$sudo_cv_var_ld___no_undefined" = "yes" |
3324 | + if test "$sudo_cv_var_ld___no_undefined" = "yes" |
3325 | then : |
3326 | |
3327 | |
3328 | @@ -20124,6 +20219,8 @@ fi |
3329 | |
3330 | |
3331 | fi |
3332 | + ;; |
3333 | +esac |
3334 | |
3335 | fi |
3336 | |
3337 | @@ -20445,91 +20542,261 @@ fi |
3338 | |
3339 | |
3340 | fi |
3341 | -if test X"${ac_cv_header_stdint_h}${ac_cv_header_inttypes_h}" = X"nono" |
3342 | -then : |
3343 | |
3344 | - ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" |
3345 | -if test "x$ac_cv_type_int8_t" = xyes |
3346 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5 |
3347 | +printf %s "checking for unsigned long long int... " >&6; } |
3348 | +if test ${ac_cv_type_unsigned_long_long_int+y} |
3349 | then : |
3350 | + printf %s "(cached) " >&6 |
3351 | +else case e in #( |
3352 | + e) ac_cv_type_unsigned_long_long_int=yes |
3353 | + case $ac_prog_cc_stdc in |
3354 | + no | c89) ;; |
3355 | + *) |
3356 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3357 | +/* end confdefs.h. */ |
3358 | |
3359 | -printf "%s\n" "#define HAVE_INT8_T 1" >>confdefs.h |
3360 | + /* For now, do not test the preprocessor; as of 2007 there are too many |
3361 | + implementations with broken preprocessors. Perhaps this can |
3362 | + be revisited in 2012. In the meantime, code should not expect |
3363 | + #if to work with literals wider than 32 bits. */ |
3364 | + /* Test literals. */ |
3365 | + long long int ll = 9223372036854775807ll; |
3366 | + long long int nll = -9223372036854775807LL; |
3367 | + unsigned long long int ull = 18446744073709551615ULL; |
3368 | + /* Test constant expressions. */ |
3369 | + typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) |
3370 | + ? 1 : -1)]; |
3371 | + typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 |
3372 | + ? 1 : -1)]; |
3373 | + int i = 63; |
3374 | +int |
3375 | +main (void) |
3376 | +{ |
3377 | +/* Test availability of runtime routines for shift and division. */ |
3378 | + long long int llmax = 9223372036854775807ll; |
3379 | + unsigned long long int ullmax = 18446744073709551615ull; |
3380 | + return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) |
3381 | + | (llmax / ll) | (llmax % ll) |
3382 | + | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) |
3383 | + | (ullmax / ull) | (ullmax % ull)); |
3384 | + ; |
3385 | + return 0; |
3386 | +} |
3387 | |
3388 | +_ACEOF |
3389 | +if ac_fn_c_try_link "$LINENO" |
3390 | +then : |
3391 | |
3392 | +else case e in #( |
3393 | + e) ac_cv_type_unsigned_long_long_int=no ;; |
3394 | +esac |
3395 | fi |
3396 | -ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" |
3397 | -if test "x$ac_cv_type_uint8_t" = xyes |
3398 | -then : |
3399 | +rm -f core conftest.err conftest.$ac_objext conftest.beam \ |
3400 | + conftest$ac_exeext conftest.$ac_ext;; |
3401 | + esac ;; |
3402 | +esac |
3403 | +fi |
3404 | +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 |
3405 | +printf "%s\n" "$ac_cv_type_unsigned_long_long_int" >&6; } |
3406 | + if test $ac_cv_type_unsigned_long_long_int = yes; then |
3407 | |
3408 | -printf "%s\n" "#define HAVE_UINT8_T 1" >>confdefs.h |
3409 | +printf "%s\n" "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h |
3410 | |
3411 | + fi |
3412 | |
3413 | -fi |
3414 | -ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default" |
3415 | -if test "x$ac_cv_type_int16_t" = xyes |
3416 | -then : |
3417 | |
3418 | -printf "%s\n" "#define HAVE_INT16_T 1" >>confdefs.h |
3419 | |
3420 | + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 |
3421 | +printf %s "checking for long long int... " >&6; } |
3422 | +if test ${ac_cv_type_long_long_int+y} |
3423 | +then : |
3424 | + printf %s "(cached) " >&6 |
3425 | +else case e in #( |
3426 | + e) ac_cv_type_long_long_int=yes |
3427 | + case $ac_prog_cc_stdc in |
3428 | + no | c89) ;; |
3429 | + *) |
3430 | + ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int |
3431 | + if test $ac_cv_type_long_long_int = yes; then |
3432 | + if test "$cross_compiling" = yes |
3433 | +then : |
3434 | + : |
3435 | +else case e in #( |
3436 | + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3437 | +/* end confdefs.h. */ |
3438 | +#include <limits.h> |
3439 | + #ifndef LLONG_MAX |
3440 | + # define HALF \\ |
3441 | + (1LL << (sizeof (long long int) * CHAR_BIT - 2)) |
3442 | + # define LLONG_MAX (HALF - 1 + HALF) |
3443 | + #endif |
3444 | +int |
3445 | +main (void) |
3446 | +{ |
3447 | +long long int n = 1; |
3448 | + int i; |
3449 | + for (i = 0; ; i++) |
3450 | + { |
3451 | + long long int m = n << i; |
3452 | + if (m >> i != n) |
3453 | + return 1; |
3454 | + if (LLONG_MAX / 2 < m) |
3455 | + break; |
3456 | + } |
3457 | + return 0; |
3458 | + ; |
3459 | + return 0; |
3460 | +} |
3461 | +_ACEOF |
3462 | +if ac_fn_c_try_run "$LINENO" |
3463 | +then : |
3464 | |
3465 | +else case e in #( |
3466 | + e) ac_cv_type_long_long_int=no ;; |
3467 | +esac |
3468 | fi |
3469 | -ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default" |
3470 | -if test "x$ac_cv_type_uint16_t" = xyes |
3471 | -then : |
3472 | +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ |
3473 | + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; |
3474 | +esac |
3475 | +fi |
3476 | + |
3477 | + fi;; |
3478 | + esac ;; |
3479 | +esac |
3480 | +fi |
3481 | +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5 |
3482 | +printf "%s\n" "$ac_cv_type_long_long_int" >&6; } |
3483 | + if test $ac_cv_type_long_long_int = yes; then |
3484 | |
3485 | -printf "%s\n" "#define HAVE_UINT16_T 1" >>confdefs.h |
3486 | +printf "%s\n" "#define HAVE_LONG_LONG_INT 1" >>confdefs.h |
3487 | |
3488 | + fi |
3489 | |
3490 | -fi |
3491 | -ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" |
3492 | -if test "x$ac_cv_type_int32_t" = xyes |
3493 | +if test X"${ac_cv_header_stdint_h}${ac_cv_header_inttypes_h}" = X"nono" |
3494 | then : |
3495 | |
3496 | -printf "%s\n" "#define HAVE_INT32_T 1" >>confdefs.h |
3497 | + ac_fn_c_find_intX_t "$LINENO" "8" "ac_cv_c_int8_t" |
3498 | +case $ac_cv_c_int8_t in #( |
3499 | + no|yes) ;; #( |
3500 | + *) |
3501 | |
3502 | +printf "%s\n" "#define int8_t $ac_cv_c_int8_t" >>confdefs.h |
3503 | +;; |
3504 | +esac |
3505 | |
3506 | -fi |
3507 | -ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" |
3508 | -if test "x$ac_cv_type_uint32_t" = xyes |
3509 | -then : |
3510 | + ac_fn_c_find_uintX_t "$LINENO" "8" "ac_cv_c_uint8_t" |
3511 | +case $ac_cv_c_uint8_t in #( |
3512 | + no|yes) ;; #( |
3513 | + *) |
3514 | |
3515 | -printf "%s\n" "#define HAVE_UINT32_T 1" >>confdefs.h |
3516 | +printf "%s\n" "#define _UINT8_T 1" >>confdefs.h |
3517 | |
3518 | |
3519 | -fi |
3520 | -ac_fn_c_check_type "$LINENO" "int64_t" "ac_cv_type_int64_t" "$ac_includes_default" |
3521 | -if test "x$ac_cv_type_int64_t" = xyes |
3522 | -then : |
3523 | +printf "%s\n" "#define uint8_t $ac_cv_c_uint8_t" >>confdefs.h |
3524 | +;; |
3525 | + esac |
3526 | |
3527 | -printf "%s\n" "#define HAVE_INT64_T 1" >>confdefs.h |
3528 | + ac_fn_c_find_intX_t "$LINENO" "16" "ac_cv_c_int16_t" |
3529 | +case $ac_cv_c_int16_t in #( |
3530 | + no|yes) ;; #( |
3531 | + *) |
3532 | |
3533 | +printf "%s\n" "#define int16_t $ac_cv_c_int16_t" >>confdefs.h |
3534 | +;; |
3535 | +esac |
3536 | |
3537 | -fi |
3538 | -ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" |
3539 | -if test "x$ac_cv_type_uint64_t" = xyes |
3540 | -then : |
3541 | + ac_fn_c_find_uintX_t "$LINENO" "16" "ac_cv_c_uint16_t" |
3542 | +case $ac_cv_c_uint16_t in #( |
3543 | + no|yes) ;; #( |
3544 | + *) |
3545 | |
3546 | -printf "%s\n" "#define HAVE_UINT64_T 1" >>confdefs.h |
3547 | |
3548 | +printf "%s\n" "#define uint16_t $ac_cv_c_uint16_t" >>confdefs.h |
3549 | +;; |
3550 | + esac |
3551 | |
3552 | -fi |
3553 | -ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default" |
3554 | + ac_fn_c_find_intX_t "$LINENO" "32" "ac_cv_c_int32_t" |
3555 | +case $ac_cv_c_int32_t in #( |
3556 | + no|yes) ;; #( |
3557 | + *) |
3558 | + |
3559 | +printf "%s\n" "#define int32_t $ac_cv_c_int32_t" >>confdefs.h |
3560 | +;; |
3561 | +esac |
3562 | + |
3563 | + ac_fn_c_find_uintX_t "$LINENO" "32" "ac_cv_c_uint32_t" |
3564 | +case $ac_cv_c_uint32_t in #( |
3565 | + no|yes) ;; #( |
3566 | + *) |
3567 | + |
3568 | +printf "%s\n" "#define _UINT32_T 1" >>confdefs.h |
3569 | + |
3570 | + |
3571 | +printf "%s\n" "#define uint32_t $ac_cv_c_uint32_t" >>confdefs.h |
3572 | +;; |
3573 | + esac |
3574 | + |
3575 | + ac_fn_c_find_intX_t "$LINENO" "64" "ac_cv_c_int64_t" |
3576 | +case $ac_cv_c_int64_t in #( |
3577 | + no|yes) ;; #( |
3578 | + *) |
3579 | + |
3580 | +printf "%s\n" "#define int64_t $ac_cv_c_int64_t" >>confdefs.h |
3581 | +;; |
3582 | +esac |
3583 | + |
3584 | + ac_fn_c_find_uintX_t "$LINENO" "64" "ac_cv_c_uint64_t" |
3585 | +case $ac_cv_c_uint64_t in #( |
3586 | + no|yes) ;; #( |
3587 | + *) |
3588 | + |
3589 | +printf "%s\n" "#define _UINT64_T 1" >>confdefs.h |
3590 | + |
3591 | + |
3592 | +printf "%s\n" "#define uint64_t $ac_cv_c_uint64_t" >>confdefs.h |
3593 | +;; |
3594 | + esac |
3595 | + |
3596 | + |
3597 | + |
3598 | + ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default" |
3599 | if test "x$ac_cv_type_intmax_t" = xyes |
3600 | then : |
3601 | |
3602 | printf "%s\n" "#define HAVE_INTMAX_T 1" >>confdefs.h |
3603 | |
3604 | +else case e in #( |
3605 | + e) test $ac_cv_type_long_long_int = yes \ |
3606 | + && ac_type='long long int' \ |
3607 | + || ac_type='long int' |
3608 | |
3609 | +printf "%s\n" "#define intmax_t $ac_type" >>confdefs.h |
3610 | + ;; |
3611 | +esac |
3612 | fi |
3613 | -ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default" |
3614 | + |
3615 | + |
3616 | + |
3617 | + |
3618 | + ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default" |
3619 | if test "x$ac_cv_type_uintmax_t" = xyes |
3620 | then : |
3621 | |
3622 | printf "%s\n" "#define HAVE_UINTMAX_T 1" >>confdefs.h |
3623 | |
3624 | +else case e in #( |
3625 | + e) test $ac_cv_type_unsigned_long_long_int = yes \ |
3626 | + && ac_type='unsigned long long int' \ |
3627 | + || ac_type='unsigned long int' |
3628 | |
3629 | +printf "%s\n" "#define uintmax_t $ac_type" >>confdefs.h |
3630 | + ;; |
3631 | +esac |
3632 | fi |
3633 | |
3634 | |
3635 | + |
3636 | fi |
3637 | ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" " |
3638 | $ac_includes_default |
3639 | @@ -20566,172 +20833,27 @@ printf "%s\n" "#define HAVE_SOCKLEN_T 1" >>confdefs.h |
3640 | |
3641 | fi |
3642 | |
3643 | - |
3644 | -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5 |
3645 | -printf %s "checking for egrep -e... " >&6; } |
3646 | -if test ${ac_cv_path_EGREP_TRADITIONAL+y} |
3647 | +ac_fn_c_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default" |
3648 | +if test "x$ac_cv_type_uid_t" = xyes |
3649 | then : |
3650 | - printf %s "(cached) " >&6 |
3651 | -else case e in #( |
3652 | - e) if test -z "$EGREP_TRADITIONAL"; then |
3653 | - ac_path_EGREP_TRADITIONAL_found=false |
3654 | - # Loop through the user's path and test for each of PROGNAME-LIST |
3655 | - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR |
3656 | -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin |
3657 | -do |
3658 | - IFS=$as_save_IFS |
3659 | - case $as_dir in #((( |
3660 | - '') as_dir=./ ;; |
3661 | - */) ;; |
3662 | - *) as_dir=$as_dir/ ;; |
3663 | - esac |
3664 | - for ac_prog in grep ggrep |
3665 | - do |
3666 | - for ac_exec_ext in '' $ac_executable_extensions; do |
3667 | - ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" |
3668 | - as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue |
3669 | -# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. |
3670 | - # Check for GNU $ac_path_EGREP_TRADITIONAL |
3671 | -case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in |
3672 | -*GNU*) |
3673 | - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; |
3674 | -*) |
3675 | - ac_count=0 |
3676 | - printf %s 0123456789 >"conftest.in" |
3677 | - while : |
3678 | - do |
3679 | - cat "conftest.in" "conftest.in" >"conftest.tmp" |
3680 | - mv "conftest.tmp" "conftest.in" |
3681 | - cp "conftest.in" "conftest.nl" |
3682 | - printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" |
3683 | - "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break |
3684 | - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break |
3685 | - as_fn_arith $ac_count + 1 && ac_count=$as_val |
3686 | - if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then |
3687 | - # Best one so far, save it but keep looking for a better one |
3688 | - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" |
3689 | - ac_path_EGREP_TRADITIONAL_max=$ac_count |
3690 | - fi |
3691 | - # 10*(2^10) chars as input seems more than enough |
3692 | - test $ac_count -gt 10 && break |
3693 | - done |
3694 | - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; |
3695 | -esac |
3696 | - |
3697 | - $ac_path_EGREP_TRADITIONAL_found && break 3 |
3698 | - done |
3699 | - done |
3700 | - done |
3701 | -IFS=$as_save_IFS |
3702 | - if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then |
3703 | - : |
3704 | - fi |
3705 | -else |
3706 | - ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL |
3707 | -fi |
3708 | |
3709 | - if test "$ac_cv_path_EGREP_TRADITIONAL" |
3710 | -then : |
3711 | - ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E" |
3712 | else case e in #( |
3713 | - e) if test -z "$EGREP_TRADITIONAL"; then |
3714 | - ac_path_EGREP_TRADITIONAL_found=false |
3715 | - # Loop through the user's path and test for each of PROGNAME-LIST |
3716 | - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR |
3717 | -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin |
3718 | -do |
3719 | - IFS=$as_save_IFS |
3720 | - case $as_dir in #((( |
3721 | - '') as_dir=./ ;; |
3722 | - */) ;; |
3723 | - *) as_dir=$as_dir/ ;; |
3724 | - esac |
3725 | - for ac_prog in egrep |
3726 | - do |
3727 | - for ac_exec_ext in '' $ac_executable_extensions; do |
3728 | - ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" |
3729 | - as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue |
3730 | -# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. |
3731 | - # Check for GNU $ac_path_EGREP_TRADITIONAL |
3732 | -case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in |
3733 | -*GNU*) |
3734 | - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; |
3735 | -*) |
3736 | - ac_count=0 |
3737 | - printf %s 0123456789 >"conftest.in" |
3738 | - while : |
3739 | - do |
3740 | - cat "conftest.in" "conftest.in" >"conftest.tmp" |
3741 | - mv "conftest.tmp" "conftest.in" |
3742 | - cp "conftest.in" "conftest.nl" |
3743 | - printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" |
3744 | - "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break |
3745 | - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break |
3746 | - as_fn_arith $ac_count + 1 && ac_count=$as_val |
3747 | - if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then |
3748 | - # Best one so far, save it but keep looking for a better one |
3749 | - ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" |
3750 | - ac_path_EGREP_TRADITIONAL_max=$ac_count |
3751 | - fi |
3752 | - # 10*(2^10) chars as input seems more than enough |
3753 | - test $ac_count -gt 10 && break |
3754 | - done |
3755 | - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; |
3756 | -esac |
3757 | - |
3758 | - $ac_path_EGREP_TRADITIONAL_found && break 3 |
3759 | - done |
3760 | - done |
3761 | - done |
3762 | -IFS=$as_save_IFS |
3763 | - if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then |
3764 | - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 |
3765 | - fi |
3766 | -else |
3767 | - ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL |
3768 | -fi |
3769 | + e) |
3770 | +printf "%s\n" "#define uid_t int" >>confdefs.h |
3771 | ;; |
3772 | esac |
3773 | -fi ;; |
3774 | -esac |
3775 | fi |
3776 | -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5 |
3777 | -printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; } |
3778 | - EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL |
3779 | |
3780 | -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 |
3781 | -printf %s "checking for uid_t in sys/types.h... " >&6; } |
3782 | -if test ${ac_cv_type_uid_t+y} |
3783 | +ac_fn_c_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default" |
3784 | +if test "x$ac_cv_type_gid_t" = xyes |
3785 | then : |
3786 | - printf %s "(cached) " >&6 |
3787 | -else case e in #( |
3788 | - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3789 | -/* end confdefs.h. */ |
3790 | -#include <sys/types.h> |
3791 | |
3792 | -_ACEOF |
3793 | -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | |
3794 | - $EGREP_TRADITIONAL "uid_t" >/dev/null 2>&1 |
3795 | -then : |
3796 | - ac_cv_type_uid_t=yes |
3797 | else case e in #( |
3798 | - e) ac_cv_type_uid_t=no ;; |
3799 | -esac |
3800 | -fi |
3801 | -rm -rf conftest* |
3802 | + e) |
3803 | +printf "%s\n" "#define gid_t int" >>confdefs.h |
3804 | ;; |
3805 | esac |
3806 | fi |
3807 | -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 |
3808 | -printf "%s\n" "$ac_cv_type_uid_t" >&6; } |
3809 | -if test $ac_cv_type_uid_t = no; then |
3810 | - |
3811 | -printf "%s\n" "#define uid_t int" >>confdefs.h |
3812 | - |
3813 | - |
3814 | -printf "%s\n" "#define gid_t int" >>confdefs.h |
3815 | - |
3816 | -fi |
3817 | |
3818 | |
3819 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5 |
3820 | @@ -21661,103 +21783,133 @@ if test ${ac_cv_type_getgroups+y} |
3821 | then : |
3822 | printf %s "(cached) " >&6 |
3823 | else case e in #( |
3824 | - e) if test "$cross_compiling" = yes |
3825 | + e) # If AC_TYPE_UID_T says there isn't any gid_t typedef, then we can skip |
3826 | +# everything below. |
3827 | +if test $ac_cv_type_gid_t = no |
3828 | then : |
3829 | - ac_cv_type_getgroups=cross |
3830 | + ac_cv_type_getgroups=int |
3831 | else case e in #( |
3832 | - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3833 | + e) # Test programs below rely on strict type checking of extern declarations: |
3834 | + # 'extern int getgroups(int, int *); extern int getgroups(int, pid_t *);' |
3835 | + # is valid in C89 if and only if pid_t is a typedef for int. Unlike |
3836 | + # anything involving either an assignment or a function call, compilers |
3837 | + # tend to make this kind of type mismatch a hard error, not just an |
3838 | + # "incompatible pointer types" warning. |
3839 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3840 | /* end confdefs.h. */ |
3841 | -/* Thanks to Mike Rendell for this test. */ |
3842 | $ac_includes_default |
3843 | -#define NGID 256 |
3844 | -#undef MAX |
3845 | -#define MAX(x, y) ((x) > (y) ? (x) : (y)) |
3846 | - |
3847 | +extern int getgroups(int, gid_t *); |
3848 | int |
3849 | main (void) |
3850 | { |
3851 | - gid_t gidset[NGID]; |
3852 | - int i, n; |
3853 | - union { gid_t gval; long int lval; } val; |
3854 | - |
3855 | - val.lval = -1; |
3856 | - for (i = 0; i < NGID; i++) |
3857 | - gidset[i] = val.gval; |
3858 | - n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, |
3859 | - gidset); |
3860 | - /* Exit non-zero if getgroups seems to require an array of ints. This |
3861 | - happens when gid_t is short int but getgroups modifies an array |
3862 | - of ints. */ |
3863 | - return n > 0 && gidset[n] != val.gval; |
3864 | +return !(getgroups(0, 0) >= 0); |
3865 | + ; |
3866 | + return 0; |
3867 | } |
3868 | _ACEOF |
3869 | -if ac_fn_c_try_run "$LINENO" |
3870 | +if ac_fn_c_try_compile "$LINENO" |
3871 | then : |
3872 | - ac_cv_type_getgroups=gid_t |
3873 | + ac_getgroups_gidarray=yes |
3874 | else case e in #( |
3875 | - e) ac_cv_type_getgroups=int ;; |
3876 | + e) ac_getgroups_gidarray=no ;; |
3877 | esac |
3878 | fi |
3879 | -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ |
3880 | - conftest.$ac_objext conftest.beam conftest.$ac_ext ;; |
3881 | +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
3882 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3883 | +/* end confdefs.h. */ |
3884 | +$ac_includes_default |
3885 | +extern int getgroups(int, int *); |
3886 | +int |
3887 | +main (void) |
3888 | +{ |
3889 | +return !(getgroups(0, 0) >= 0); |
3890 | + ; |
3891 | + return 0; |
3892 | +} |
3893 | +_ACEOF |
3894 | +if ac_fn_c_try_compile "$LINENO" |
3895 | +then : |
3896 | + ac_getgroups_intarray=yes |
3897 | +else case e in #( |
3898 | + e) ac_getgroups_intarray=no ;; |
3899 | esac |
3900 | fi |
3901 | +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
3902 | |
3903 | -if test $ac_cv_type_getgroups = cross; then |
3904 | - cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3905 | + case int:$ac_getgroups_intarray,gid:$ac_getgroups_gidarray in #( |
3906 | + int:yes,gid:no) : |
3907 | + ac_cv_type_getgroups=int ;; #( |
3908 | + int:no,gid:yes) : |
3909 | + ac_cv_type_getgroups=gid_t ;; #( |
3910 | + int:yes,gid:yes) : |
3911 | + |
3912 | + # Both programs compiled - this means *either* that getgroups |
3913 | + # was declared with no prototype, in which case we should use int, |
3914 | + # or that it was declared prototyped but gid_t is a typedef for int, |
3915 | + # in which case we should use gid_t. Distinguish the two cases |
3916 | + # by testing if the compiler catches a blatantly incorrect function |
3917 | + # signature for getgroups. |
3918 | + cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
3919 | /* end confdefs.h. */ |
3920 | -#include <unistd.h> |
3921 | - |
3922 | +$ac_includes_default |
3923 | +extern int getgroups(int, float); |
3924 | +int |
3925 | +main (void) |
3926 | +{ |
3927 | +return !(getgroups(0, 0) >= 0); |
3928 | + ; |
3929 | + return 0; |
3930 | +} |
3931 | _ACEOF |
3932 | -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | |
3933 | - $EGREP_TRADITIONAL "getgroups.*int.*gid_t" >/dev/null 2>&1 |
3934 | +if ac_fn_c_try_compile "$LINENO" |
3935 | then : |
3936 | - ac_cv_type_getgroups=gid_t |
3937 | + |
3938 | + # Compiler did not catch incorrect argument list; |
3939 | + # getgroups is unprototyped. |
3940 | + ac_cv_type_getgroups=int |
3941 | + |
3942 | else case e in #( |
3943 | - e) ac_cv_type_getgroups=int ;; |
3944 | + e) |
3945 | + # Compiler caught incorrect argument list; |
3946 | + # gid_t is a typedef for int. |
3947 | + ac_cv_type_getgroups=gid_t |
3948 | + ;; |
3949 | esac |
3950 | fi |
3951 | -rm -rf conftest* |
3952 | +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext |
3953 | + ;; #( |
3954 | + *) : |
3955 | |
3956 | -fi ;; |
3957 | + # Both programs failed to compile - this probably means getgroups |
3958 | + # wasn't declared at all. Use 'int', as this is probably a very |
3959 | + # old system where the type _would have been_ int. |
3960 | + ac_cv_type_getgroups=int |
3961 | + ;; |
3962 | +esac |
3963 | + ;; |
3964 | esac |
3965 | fi |
3966 | -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 |
3967 | -printf "%s\n" "$ac_cv_type_getgroups" >&6; } |
3968 | - |
3969 | -printf "%s\n" "#define GETGROUPS_T $ac_cv_type_getgroups" >>confdefs.h |
3970 | - |
3971 | - |
3972 | -ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" |
3973 | -if test "x$ac_cv_type_size_t" = xyes |
3974 | -then : |
3975 | - |
3976 | -else case e in #( |
3977 | - e) |
3978 | -printf "%s\n" "#define size_t unsigned int" >>confdefs.h |
3979 | ;; |
3980 | esac |
3981 | fi |
3982 | +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 |
3983 | +printf "%s\n" "$ac_cv_type_getgroups" >&6; } |
3984 | +printf "%s\n" "#define GETGROUPS_T $ac_cv_type_getgroups" >>confdefs.h |
3985 | |
3986 | -ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups" |
3987 | -if test "x$ac_cv_func_getgroups" = xyes |
3988 | -then : |
3989 | - |
3990 | -fi |
3991 | |
3992 | |
3993 | -# If we don't yet have getgroups, see if it's in -lbsd. |
3994 | +# On older systems getgroups might be in -lbsd. |
3995 | # This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1. |
3996 | ac_save_LIBS=$LIBS |
3997 | -if test $ac_cv_func_getgroups = no; then |
3998 | - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 |
3999 | -printf %s "checking for getgroups in -lbsd... " >&6; } |
4000 | -if test ${ac_cv_lib_bsd_getgroups+y} |
4001 | +LIBS= |
4002 | +GETGROUPS_LIB= |
4003 | +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing getgroups" >&5 |
4004 | +printf %s "checking for library containing getgroups... " >&6; } |
4005 | +if test ${ac_cv_search_getgroups+y} |
4006 | then : |
4007 | printf %s "(cached) " >&6 |
4008 | else case e in #( |
4009 | - e) ac_check_lib_save_LIBS=$LIBS |
4010 | -LIBS="-lbsd $LIBS" |
4011 | + e) ac_func_search_save_LIBS=$LIBS |
4012 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
4013 | /* end confdefs.h. */ |
4014 | |
4015 | @@ -21779,70 +21931,75 @@ return getgroups (); |
4016 | return 0; |
4017 | } |
4018 | _ACEOF |
4019 | -if ac_fn_c_try_link "$LINENO" |
4020 | +for ac_lib in '' bsd |
4021 | +do |
4022 | + if test -z "$ac_lib"; then |
4023 | + ac_res="none required" |
4024 | + else |
4025 | + ac_res=-l$ac_lib |
4026 | + LIBS="-l$ac_lib $ac_func_search_save_LIBS" |
4027 | + fi |
4028 | + if ac_fn_c_try_link "$LINENO" |
4029 | then : |
4030 | - ac_cv_lib_bsd_getgroups=yes |
4031 | + ac_cv_search_getgroups=$ac_res |
4032 | +fi |
4033 | +rm -f core conftest.err conftest.$ac_objext conftest.beam \ |
4034 | + conftest$ac_exeext |
4035 | + if test ${ac_cv_search_getgroups+y} |
4036 | +then : |
4037 | + break |
4038 | +fi |
4039 | +done |
4040 | +if test ${ac_cv_search_getgroups+y} |
4041 | +then : |
4042 | + |
4043 | else case e in #( |
4044 | - e) ac_cv_lib_bsd_getgroups=no ;; |
4045 | + e) ac_cv_search_getgroups=no ;; |
4046 | esac |
4047 | fi |
4048 | -rm -f core conftest.err conftest.$ac_objext conftest.beam \ |
4049 | - conftest$ac_exeext conftest.$ac_ext |
4050 | -LIBS=$ac_check_lib_save_LIBS ;; |
4051 | +rm conftest.$ac_ext |
4052 | +LIBS=$ac_func_search_save_LIBS ;; |
4053 | esac |
4054 | fi |
4055 | -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 |
4056 | -printf "%s\n" "$ac_cv_lib_bsd_getgroups" >&6; } |
4057 | -if test "x$ac_cv_lib_bsd_getgroups" = xyes |
4058 | +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getgroups" >&5 |
4059 | +printf "%s\n" "$ac_cv_search_getgroups" >&6; } |
4060 | +ac_res=$ac_cv_search_getgroups |
4061 | +if test "$ac_res" != no |
4062 | then : |
4063 | - GETGROUPS_LIB=-lbsd |
4064 | + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" |
4065 | + test "$ac_res" = "none required" || GETGROUPS_LIB="$ac_res" |
4066 | + ac_cv_func_getgroups=yes |
4067 | +else case e in #( |
4068 | + e) ac_cv_func_getgroups=no ;; |
4069 | +esac |
4070 | fi |
4071 | |
4072 | -fi |
4073 | +LIBS=$ac_save_LIBS |
4074 | + |
4075 | |
4076 | -# Run the program to test the functionality of the system-supplied |
4077 | -# getgroups function only if there is such a function. |
4078 | +# Known severe bugs in getgroups on particular systems. |
4079 | +# - On Ultrix 4.3 and NextSTEP 3.2, getgroups (0, 0) is reported to |
4080 | +# fail, rather than returning the number of supplementary groups as |
4081 | +# it ought to. We do not know the exact range of releases affected |
4082 | +# in either case. |
4083 | +# We currently reject all versions of the systems with known bugs, and |
4084 | +# no other systems. Please send corrections to bug-autoconf@gnu.org. |
4085 | if test $ac_cv_func_getgroups = yes; then |
4086 | + # This AC_CACHE_CHECK exists so that one may override an incorrect |
4087 | + # guess by setting ac_cv_func_getgroups_works in a config.site file. |
4088 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 |
4089 | printf %s "checking for working getgroups... " >&6; } |
4090 | if test ${ac_cv_func_getgroups_works+y} |
4091 | then : |
4092 | printf %s "(cached) " >&6 |
4093 | else case e in #( |
4094 | - e) if test "$cross_compiling" = yes |
4095 | -then : |
4096 | - case "$host_os" in # (( |
4097 | - # Guess yes on glibc systems. |
4098 | - *-gnu*) ac_cv_func_getgroups_works="guessing yes" ;; |
4099 | - # If we don't know, assume the worst. |
4100 | - *) ac_cv_func_getgroups_works="guessing no" ;; |
4101 | - esac |
4102 | -else case e in #( |
4103 | - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
4104 | -/* end confdefs.h. */ |
4105 | -$ac_includes_default |
4106 | -int |
4107 | -main (void) |
4108 | -{ |
4109 | -/* On Ultrix 4.3, getgroups (0, 0) always fails. */ |
4110 | - return getgroups (0, 0) == -1; |
4111 | - ; |
4112 | - return 0; |
4113 | -} |
4114 | -_ACEOF |
4115 | -if ac_fn_c_try_run "$LINENO" |
4116 | -then : |
4117 | - ac_cv_func_getgroups_works=yes |
4118 | -else case e in #( |
4119 | - e) ac_cv_func_getgroups_works=no ;; |
4120 | -esac |
4121 | -fi |
4122 | -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ |
4123 | - conftest.$ac_objext conftest.beam conftest.$ac_ext ;; |
4124 | -esac |
4125 | -fi |
4126 | - |
4127 | - ;; |
4128 | + e) case $host_os in #( |
4129 | + ultrix* | nextstep*) : |
4130 | + ac_cv_func_getgroups_works=no # getgroups(0,0) fails |
4131 | + ;; #( |
4132 | + *) : |
4133 | + ac_cv_func_getgroups_works=yes ;; |
4134 | +esac ;; |
4135 | esac |
4136 | fi |
4137 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5 |
4138 | @@ -21850,14 +22007,11 @@ printf "%s\n" "$ac_cv_func_getgroups_works" >&6; } |
4139 | else |
4140 | ac_cv_func_getgroups_works=no |
4141 | fi |
4142 | -case "$ac_cv_func_getgroups_works" in |
4143 | - *yes) |
4144 | +if test $ac_cv_func_getgroups_works = yes; then |
4145 | |
4146 | printf "%s\n" "#define HAVE_GETGROUPS 1" >>confdefs.h |
4147 | |
4148 | - ;; |
4149 | -esac |
4150 | -LIBS=$ac_save_LIBS |
4151 | +fi |
4152 | |
4153 | { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for declarations of fseeko and ftello" >&5 |
4154 | printf %s "checking for declarations of fseeko and ftello... " >&6; } |
4155 | @@ -23822,6 +23976,33 @@ fi |
4156 | |
4157 | done |
4158 | |
4159 | + for ac_func in realpath |
4160 | +do : |
4161 | + ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath" |
4162 | +if test "x$ac_cv_func_realpath" = xyes |
4163 | +then : |
4164 | + printf "%s\n" "#define HAVE_REALPATH 1" >>confdefs.h |
4165 | + |
4166 | +else case e in #( |
4167 | + e) |
4168 | + case " $LIBOBJS " in |
4169 | + *" realpath.$ac_objext "* ) ;; |
4170 | + *) LIBOBJS="$LIBOBJS realpath.$ac_objext" |
4171 | + ;; |
4172 | +esac |
4173 | + |
4174 | + |
4175 | + for _sym in sudo_realpath; do |
4176 | + COMPAT_EXP="${COMPAT_EXP}${_sym} |
4177 | +" |
4178 | + done |
4179 | + |
4180 | + ;; |
4181 | +esac |
4182 | +fi |
4183 | + |
4184 | +done |
4185 | + |
4186 | for ac_func in strlcpy |
4187 | do : |
4188 | ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" |
4189 | @@ -24637,6 +24818,7 @@ fi |
4190 | |
4191 | |
4192 | |
4193 | + |
4194 | openssl_missing=no |
4195 | if test "${enable_openssl-no}" != no; then |
4196 | # Use pkg-config to find the openssl cflags and libs if possible. |
4197 | @@ -26245,7 +26427,7 @@ then : |
4198 | printf "%s\n" "#define HAVE_GCRYPT 1" >>confdefs.h |
4199 | |
4200 | DIGEST=digest_gcrypt.lo |
4201 | - LIBMD="-lgcrypt" |
4202 | + LIBCRYPTO="-lgcrypt" |
4203 | if test "$enable_gcrypt" != "yes" |
4204 | then : |
4205 | |
4206 | @@ -26501,7 +26683,7 @@ printf "%s\n" "#define SHA2_VOID_PTR 1" >>confdefs.h |
4207 | |
4208 | fi |
4209 | |
4210 | - LIBMD="-lmd" |
4211 | + LIBCRYPTO="-lmd" |
4212 | |
4213 | else case e in #( |
4214 | e) |
4215 | @@ -28115,6 +28297,19 @@ else case e in #( |
4216 | esac |
4217 | fi |
4218 | printf "%s\n" "#define HAVE_DECL_SSIZE_MAX $ac_have_decl" >>confdefs.h |
4219 | +ac_fn_check_decl "$LINENO" "SYMLOOP_MAX" "ac_cv_have_decl_SYMLOOP_MAX" " |
4220 | +#include <sys/types.h> |
4221 | +#include <limits.h> |
4222 | + |
4223 | +" "$ac_c_undeclared_builtin_options" "CFLAGS" |
4224 | +if test "x$ac_cv_have_decl_SYMLOOP_MAX" = xyes |
4225 | +then : |
4226 | + ac_have_decl=1 |
4227 | +else case e in #( |
4228 | + e) ac_have_decl=0 ;; |
4229 | +esac |
4230 | +fi |
4231 | +printf "%s\n" "#define HAVE_DECL_SYMLOOP_MAX $ac_have_decl" >>confdefs.h |
4232 | |
4233 | ac_fn_check_decl "$LINENO" "SIZE_MAX" "ac_cv_have_decl_SIZE_MAX" " |
4234 | #include <sys/types.h> |
4235 | @@ -28230,6 +28425,25 @@ printf "%s\n" "#define HAVE_DECL__POSIX_PATH_MAX $ac_have_decl" >>confdefs.h |
4236 | |
4237 | |
4238 | fi |
4239 | +if test "$ac_cv_have_decl_SYMLOOP_MAX" != "yes" |
4240 | +then : |
4241 | + |
4242 | + ac_fn_check_decl "$LINENO" "_POSIX_SYMLOOP_MAX" "ac_cv_have_decl__POSIX_SYMLOOP_MAX" " |
4243 | +#include <sys/types.h> |
4244 | +#include <limits.h> |
4245 | + |
4246 | +" "$ac_c_undeclared_builtin_options" "CFLAGS" |
4247 | +if test "x$ac_cv_have_decl__POSIX_SYMLOOP_MAX" = xyes |
4248 | +then : |
4249 | + ac_have_decl=1 |
4250 | +else case e in #( |
4251 | + e) ac_have_decl=0 ;; |
4252 | +esac |
4253 | +fi |
4254 | +printf "%s\n" "#define HAVE_DECL__POSIX_SYMLOOP_MAX $ac_have_decl" >>confdefs.h |
4255 | + |
4256 | + |
4257 | +fi |
4258 | |
4259 | |
4260 | for ac_func in strsignal |
4261 | @@ -31011,7 +31225,7 @@ fi |
4262 | |
4263 | with_ldap=yes |
4264 | fi |
4265 | - SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo ldap_conf.lo" |
4266 | + SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo ldap_conf.lo ldap_innetgr.lo" |
4267 | case "$SUDOERS_OBJS" in |
4268 | *ldap_util.lo*) ;; |
4269 | *) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";; |
4270 | @@ -31223,7 +31437,7 @@ else case e in #( |
4271 | int |
4272 | main (void) |
4273 | { |
4274 | -(void)ldap_init(0, 0) |
4275 | +return ldap_msgfree(NULL) |
4276 | ; |
4277 | return 0; |
4278 | } |
4279 | @@ -33915,33 +34129,11 @@ else case e in #( |
4280 | e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
4281 | /* end confdefs.h. */ |
4282 | |
4283 | - |
4284 | -int |
4285 | -main (void) |
4286 | -{ |
4287 | -char buf[4]; (void)sprintf(buf, "%s", "foo"); |
4288 | - |
4289 | - ; |
4290 | - return 0; |
4291 | -} |
4292 | -_ACEOF |
4293 | -if ac_fn_c_try_link "$LINENO" |
4294 | -then : |
4295 | - sudo_cv_use_fortify_source=yes |
4296 | -else case e in #( |
4297 | - e) sudo_cv_use_fortify_source=no |
4298 | - ;; |
4299 | -esac |
4300 | -fi |
4301 | -rm -f core conftest.err conftest.$ac_objext conftest.beam \ |
4302 | - conftest$ac_exeext conftest.$ac_ext |
4303 | - |
4304 | - cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
4305 | -/* end confdefs.h. */ |
4306 | - |
4307 | + #include <stdio.h> |
4308 | int |
4309 | main (void) |
4310 | { |
4311 | +char buf[4]; sprintf(buf, "%s", "foo"); return buf[0]; |
4312 | |
4313 | ; |
4314 | return 0; |
4315 | @@ -35339,26 +35531,6 @@ while test X"$plugindir" != X"$_plugindir"; do |
4316 | done |
4317 | exec_prefix="$oexec_prefix" |
4318 | |
4319 | -# Convert exampledir to something that can be used in the man pages |
4320 | -# I wish there was a better way to expand this. |
4321 | -EXAMPLES="$exampledir" |
4322 | -while :; do |
4323 | - EXAMPLES="`echo \"$EXAMPLES\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4324 | - case "$EXAMPLES" in |
4325 | - *\${[A-Za-z]*}*) |
4326 | - eval EXAMPLES="$EXAMPLES" |
4327 | - ;; |
4328 | - *) |
4329 | - break |
4330 | - ;; |
4331 | - esac |
4332 | -done |
4333 | -case "$EXAMPLES" in |
4334 | - NONE/*) |
4335 | - EXAMPLES="${ac_default_prefix}${EXAMPLES#NONE}" |
4336 | - ;; |
4337 | -esac |
4338 | - |
4339 | if test X"$enable_intercept" != X"no" |
4340 | then : |
4341 | |
4342 | @@ -35448,20 +35620,245 @@ SUDO_LIBS=${SUDO_LIBS# } |
4343 | SUDOERS_LIBS=${SUDOERS_LIBS# } |
4344 | |
4345 | if test X"$prefix" = X"NONE"; then |
4346 | - test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' |
4347 | + test X"$mandir" = X'${datarootdir}/man' && mandir='$(prefix)/man' |
4348 | else |
4349 | - test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' |
4350 | -fi |
4351 | -test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' |
4352 | -test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' |
4353 | -test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' |
4354 | -test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' |
4355 | -test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' |
4356 | -test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' |
4357 | -test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' |
4358 | -test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' |
4359 | -test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' |
4360 | -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' |
4361 | + test X"$mandir" = X'${datarootdir}/man' && mandir='$(datarootdir)/man' |
4362 | +fi |
4363 | +test X"$bindir" = X'${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' |
4364 | +test X"$sbindir" = X'${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' |
4365 | +test X"$libexecdir" = X'${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' |
4366 | +test X"$includedir" = X'${prefix}/include' && includedir='$(prefix)/include' |
4367 | +test X"$datarootdir" = X'${prefix}/share' && datarootdir='$(prefix)/share' |
4368 | +test X"$docdir" = X'${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' |
4369 | +test X"$localedir" = X'${datarootdir}/locale' && localedir='$(datarootdir)/locale' |
4370 | +test X"$localstatedir" = X'${prefix}/var' && localstatedir='$(prefix)/var' |
4371 | +test X"$runstatedir" = X'${localstatedir}/run' && runstatedir='$(localstatedir)/run' |
4372 | +test X"$adminconfdir" = X'${prefix}/etc' && adminconfdir='$(prefix)/etc' |
4373 | +test X"$sysconfdir" = X'${prefix}/etc' && sysconfdir='/etc' |
4374 | + |
4375 | +# The configuration file search path is to check adminconfdir first and |
4376 | +# fall back to sysconfdir. This can support systems with read-only |
4377 | +# sysconfdir (/etc) that contains a set of default configuration files. |
4378 | + |
4379 | + _sysconfdir="$sysconfdir" |
4380 | + while :; do |
4381 | + _sysconfdir="`echo \"$_sysconfdir\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4382 | + case "$_sysconfdir" in |
4383 | + *\${[A-Za-z]*}*) |
4384 | + eval _sysconfdir="$_sysconfdir" |
4385 | + ;; |
4386 | + *) |
4387 | + break |
4388 | + ;; |
4389 | + esac |
4390 | +done |
4391 | +case "$_sysconfdir" in |
4392 | + NONE/*) |
4393 | + _sysconfdir="${ac_default_prefix}${_sysconfdir#NONE}" |
4394 | + ;; |
4395 | +esac |
4396 | + |
4397 | + |
4398 | + _adminconfdir="$adminconfdir" |
4399 | + while :; do |
4400 | + _adminconfdir="`echo \"$_adminconfdir\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4401 | + case "$_adminconfdir" in |
4402 | + *\${[A-Za-z]*}*) |
4403 | + eval _adminconfdir="$_adminconfdir" |
4404 | + ;; |
4405 | + *) |
4406 | + break |
4407 | + ;; |
4408 | + esac |
4409 | +done |
4410 | +case "$_adminconfdir" in |
4411 | + NONE/*) |
4412 | + _adminconfdir="${ac_default_prefix}${_adminconfdir#NONE}" |
4413 | + ;; |
4414 | +esac |
4415 | + |
4416 | +if test $enable_adminconf = yes |
4417 | +then : |
4418 | + |
4419 | + # Only use adminconfdir if different from sysconfdir |
4420 | + if test X"$_sysconfdir" != X"$_adminconfdir" |
4421 | +then : |
4422 | + |
4423 | + cvtsudoers_conf='$(adminconfdir)/cvtsudoers.conf:'$cvtsudoers_conf |
4424 | + sudo_conf='$(adminconfdir)/sudo.conf:'$sudo_conf |
4425 | + sudo_logsrvd_conf='$(adminconfdir)/sudo_logsrvd.conf:'$sudo_logsrvd_conf |
4426 | + sudoers_path='$(adminconfdir)/sudoers:'$sudoers_path |
4427 | + |
4428 | +fi |
4429 | + |
4430 | +fi |
4431 | + |
4432 | +# Expand config file paths for use in pathnames.h (after config dir override) |
4433 | + |
4434 | + as_save_IFS=$IFS |
4435 | + IFS=: |
4436 | + _sudo_define_path_res= |
4437 | + for as_dir in $cvtsudoers_conf; do |
4438 | + |
4439 | + _sudo_define_path_exp="$as_dir" |
4440 | + while :; do |
4441 | + _sudo_define_path_exp="`echo \"$_sudo_define_path_exp\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4442 | + case "$_sudo_define_path_exp" in |
4443 | + *\${[A-Za-z]*}*) |
4444 | + eval _sudo_define_path_exp="$_sudo_define_path_exp" |
4445 | + ;; |
4446 | + *) |
4447 | + break |
4448 | + ;; |
4449 | + esac |
4450 | +done |
4451 | +case "$_sudo_define_path_exp" in |
4452 | + NONE/*) |
4453 | + _sudo_define_path_exp="${ac_default_prefix}${_sudo_define_path_exp#NONE}" |
4454 | + ;; |
4455 | +esac |
4456 | + |
4457 | + if test -z "${_sudo_define_path_res}"; then |
4458 | + _sudo_define_path_res="${_sudo_define_path_exp}" |
4459 | + else |
4460 | + _sudo_define_path_res="${_sudo_define_path_res}:${_sudo_define_path_exp}" |
4461 | + fi |
4462 | + done |
4463 | + IFS=$as_save_IFS |
4464 | + cat >>confdefs.h <<EOF |
4465 | +#define _PATH_CVTSUDOERS_CONF "${_sudo_define_path_res}" |
4466 | +EOF |
4467 | + |
4468 | + |
4469 | + |
4470 | + as_save_IFS=$IFS |
4471 | + IFS=: |
4472 | + _sudo_define_path_res= |
4473 | + for as_dir in $sudo_conf; do |
4474 | + |
4475 | + _sudo_define_path_exp="$as_dir" |
4476 | + while :; do |
4477 | + _sudo_define_path_exp="`echo \"$_sudo_define_path_exp\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4478 | + case "$_sudo_define_path_exp" in |
4479 | + *\${[A-Za-z]*}*) |
4480 | + eval _sudo_define_path_exp="$_sudo_define_path_exp" |
4481 | + ;; |
4482 | + *) |
4483 | + break |
4484 | + ;; |
4485 | + esac |
4486 | +done |
4487 | +case "$_sudo_define_path_exp" in |
4488 | + NONE/*) |
4489 | + _sudo_define_path_exp="${ac_default_prefix}${_sudo_define_path_exp#NONE}" |
4490 | + ;; |
4491 | +esac |
4492 | + |
4493 | + if test -z "${_sudo_define_path_res}"; then |
4494 | + _sudo_define_path_res="${_sudo_define_path_exp}" |
4495 | + else |
4496 | + _sudo_define_path_res="${_sudo_define_path_res}:${_sudo_define_path_exp}" |
4497 | + fi |
4498 | + done |
4499 | + IFS=$as_save_IFS |
4500 | + cat >>confdefs.h <<EOF |
4501 | +#define _PATH_SUDO_CONF "${_sudo_define_path_res}" |
4502 | +EOF |
4503 | + |
4504 | + |
4505 | + |
4506 | + as_save_IFS=$IFS |
4507 | + IFS=: |
4508 | + _sudo_define_path_res= |
4509 | + for as_dir in $sudo_logsrvd_conf; do |
4510 | + |
4511 | + _sudo_define_path_exp="$as_dir" |
4512 | + while :; do |
4513 | + _sudo_define_path_exp="`echo \"$_sudo_define_path_exp\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4514 | + case "$_sudo_define_path_exp" in |
4515 | + *\${[A-Za-z]*}*) |
4516 | + eval _sudo_define_path_exp="$_sudo_define_path_exp" |
4517 | + ;; |
4518 | + *) |
4519 | + break |
4520 | + ;; |
4521 | + esac |
4522 | +done |
4523 | +case "$_sudo_define_path_exp" in |
4524 | + NONE/*) |
4525 | + _sudo_define_path_exp="${ac_default_prefix}${_sudo_define_path_exp#NONE}" |
4526 | + ;; |
4527 | +esac |
4528 | + |
4529 | + if test -z "${_sudo_define_path_res}"; then |
4530 | + _sudo_define_path_res="${_sudo_define_path_exp}" |
4531 | + else |
4532 | + _sudo_define_path_res="${_sudo_define_path_res}:${_sudo_define_path_exp}" |
4533 | + fi |
4534 | + done |
4535 | + IFS=$as_save_IFS |
4536 | + cat >>confdefs.h <<EOF |
4537 | +#define _PATH_SUDO_LOGSRVD_CONF "${_sudo_define_path_res}" |
4538 | +EOF |
4539 | + |
4540 | + |
4541 | + |
4542 | + as_save_IFS=$IFS |
4543 | + IFS=: |
4544 | + _sudo_define_path_res= |
4545 | + for as_dir in $sudoers_path; do |
4546 | + |
4547 | + _sudo_define_path_exp="$as_dir" |
4548 | + while :; do |
4549 | + _sudo_define_path_exp="`echo \"$_sudo_define_path_exp\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4550 | + case "$_sudo_define_path_exp" in |
4551 | + *\${[A-Za-z]*}*) |
4552 | + eval _sudo_define_path_exp="$_sudo_define_path_exp" |
4553 | + ;; |
4554 | + *) |
4555 | + break |
4556 | + ;; |
4557 | + esac |
4558 | +done |
4559 | +case "$_sudo_define_path_exp" in |
4560 | + NONE/*) |
4561 | + _sudo_define_path_exp="${ac_default_prefix}${_sudo_define_path_exp#NONE}" |
4562 | + ;; |
4563 | +esac |
4564 | + |
4565 | + if test -z "${_sudo_define_path_res}"; then |
4566 | + _sudo_define_path_res="${_sudo_define_path_exp}" |
4567 | + else |
4568 | + _sudo_define_path_res="${_sudo_define_path_res}:${_sudo_define_path_exp}" |
4569 | + fi |
4570 | + done |
4571 | + IFS=$as_save_IFS |
4572 | + cat >>confdefs.h <<EOF |
4573 | +#define _PATH_SUDOERS "${_sudo_define_path_res}" |
4574 | +EOF |
4575 | + |
4576 | + |
4577 | + |
4578 | +# Convert exampledir to something that can be used in the man pages |
4579 | + |
4580 | + EXAMPLES="$exampledir" |
4581 | + while :; do |
4582 | + EXAMPLES="`echo \"$EXAMPLES\" | sed -e 's/(/{/g' -e 's/)/}/g'`" |
4583 | + case "$EXAMPLES" in |
4584 | + *\${[A-Za-z]*}*) |
4585 | + eval EXAMPLES="$EXAMPLES" |
4586 | + ;; |
4587 | + *) |
4588 | + break |
4589 | + ;; |
4590 | + esac |
4591 | +done |
4592 | +case "$EXAMPLES" in |
4593 | + NONE/*) |
4594 | + EXAMPLES="${ac_default_prefix}${EXAMPLES#NONE}" |
4595 | + ;; |
4596 | +esac |
4597 | + |
4598 | |
4599 | if test X"$INIT_SCRIPT" != X"" |
4600 | then : |
4601 | @@ -35597,12 +35994,6 @@ then : |
4602 | enableval=$enable_year2038; |
4603 | fi |
4604 | |
4605 | -# Check whether --enable-largefile was given. |
4606 | -if test ${enable_largefile+y} |
4607 | -then : |
4608 | - enableval=$enable_largefile; |
4609 | -fi |
4610 | - |
4611 | |
4612 | : "${CONFIG_STATUS=./config.status}" |
4613 | ac_write_fail=0 |
4614 | @@ -35996,8 +36387,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 |
4615 | # report actual input values of CONFIG_FILES etc. instead of their |
4616 | # values after options handling. |
4617 | ac_log=" |
4618 | -This file was extended by sudo $as_me 1.9.13p3, which was |
4619 | -generated by GNU Autoconf 2.72a. Invocation command line was |
4620 | +This file was extended by sudo $as_me 1.9.14p2, which was |
4621 | +generated by GNU Autoconf 2.72c. Invocation command line was |
4622 | |
4623 | CONFIG_FILES = $CONFIG_FILES |
4624 | CONFIG_HEADERS = $CONFIG_HEADERS |
4625 | @@ -36064,8 +36455,8 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ |
4626 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4627 | ac_cs_config='$ac_cs_config_escaped' |
4628 | ac_cs_version="\\ |
4629 | -sudo config.status 1.9.13p3 |
4630 | -configured by $0, generated by GNU Autoconf 2.72a, |
4631 | +sudo config.status 1.9.14p2 |
4632 | +configured by $0, generated by GNU Autoconf 2.72c, |
4633 | with options \\"\$ac_cs_config\\" |
4634 | |
4635 | Copyright (C) 2023 Free Software Foundation, Inc. |
4636 | @@ -37668,13 +38059,14 @@ fi |
4637 | echo "" >&6 |
4638 | echo "Configured Sudo version $PACKAGE_VERSION" >&6 |
4639 | echo " Compiler settings:" >&6 |
4640 | -echo " prefix : $prefix" >&6 |
4641 | echo " compiler : $CC" >&6 |
4642 | echo " compiler options : $CFLAGS" >&6 |
4643 | echo " preprocessor options : $CPPFLAGS" >&6 |
4644 | echo " front-end libraries : $SUDO_LIBS" >&6 |
4645 | echo " front-end linker options : $SUDO_LDFLAGS" >&6 |
4646 | echo " network libraries : $NET_LIBS" >&6 |
4647 | +echo " Crypto library : $LIBCRYPTO" >&6 |
4648 | +echo " TLS libraries : $LIBTLS" >&6 |
4649 | echo " extra libraries : $LIBS" >&6 |
4650 | echo " extra linker options : $LDFLAGS" >&6 |
4651 | echo " sudoers libraries : $SUDOERS_LIBS" >&6 |
4652 | @@ -37774,18 +38166,30 @@ echo " mail if user not in sudoers : ${mail_no_user}" >&6 |
4653 | echo " mail if user not on host : ${mail_no_host}" >&6 |
4654 | echo " mail if command not allowed : ${mail_no_perms}" >&6 |
4655 | echo " Pathnames:" >&6 |
4656 | -echo " log directory : ${log_dir}" >&6 |
4657 | -echo " plugin directory : ${plugindir}" >&6 |
4658 | -echo " sudoers plugin : ${sudoers_plugin}" >&6 |
4659 | -if test "${enable_python-no}" != "no"; then |
4660 | - echo " python plugin : ${python_plugin}" >&6 |
4661 | +echo " prefix : $prefix" >&6 |
4662 | +echo " sysconfdir : $_sysconfdir" >&6 |
4663 | +if test "${enable_adminconf-no}" != "no"; then |
4664 | + echo " adminconfdir : $_adminconfdir" >&6 |
4665 | fi |
4666 | +echo " log directory : ${log_dir}" >&6 |
4667 | echo " run directory : ${rundir}" >&6 |
4668 | echo " var directory : ${vardir}" >&6 |
4669 | echo " I/O log directory : ${iolog_dir}" >&6 |
4670 | echo " sudo_logsrvd relay directory : ${relay_dir}" >&6 |
4671 | -echo " time zone directory : ${tzdir}" >&6 |
4672 | +if test X"$with_exampledir" != X""; then |
4673 | + echo " exampledir : $exampledir" >&6 |
4674 | +fi |
4675 | +echo " plugin directory : ${plugindir}" >&6 |
4676 | +echo " sudoers plugin : ${sudoers_plugin}" >&6 |
4677 | +if test "${enable_python-no}" != "no"; then |
4678 | + echo " python plugin : ${python_plugin}" >&6 |
4679 | +fi |
4680 | +echo " sudoers file : ${sudoers_path}" >&6 |
4681 | +echo " cvtsudoers.conf file : ${cvtsudoers_conf}" >&6 |
4682 | +echo " sudo.conf file : ${sudo_conf}" >&6 |
4683 | +echo " sudo_logsrvd.conf file : ${sudo_logsrvd_conf}" >&6 |
4684 | echo " path to sendmail : ${with_sendmail}" >&6 |
4685 | +echo " time zone directory : ${tzdir}" >&6 |
4686 | if test -n "$TMPFILES_D"; then |
4687 | echo " systemd tempfiles dir : ${TMPFILES_D}" >&6 |
4688 | fi |
4689 | @@ -37794,7 +38198,7 @@ if test ${with_netsvc-"no"} != "no"; then |
4690 | elif test ${with_nsswitch-"yes"} != "no"; then |
4691 | echo " nsswitch file : ${nsswitch_conf}" >&6 |
4692 | fi |
4693 | -echo " intercept file : ${intercept_file}" >&6 |
4694 | +echo " intercept file : ${intercept_file}" >&6 |
4695 | echo " noexec file : ${noexec_file}" >&6 |
4696 | echo " secure path : ${with_secure_path-no}" >&6 |
4697 | echo " askpass helper file : ${with_askpass-no}" >&6 |
4698 | @@ -37995,4 +38399,3 @@ fi |
4699 | |
4700 | |
4701 | |
4702 | - |
4703 | diff --git a/configure.ac b/configure.ac |
4704 | index 8bb5c07..687a3bd 100644 |
4705 | --- a/configure.ac |
4706 | +++ b/configure.ac |
4707 | @@ -18,120 +18,120 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
4708 | dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
4709 | dnl |
4710 | AC_PREREQ([2.69]) |
4711 | -AC_INIT([sudo], [1.9.13p3], [https://bugzilla.sudo.ws/], [sudo]) |
4712 | +AC_INIT([sudo], [1.9.14p2], [https://bugzilla.sudo.ws/], [sudo]) |
4713 | AC_CONFIG_HEADERS([config.h pathnames.h]) |
4714 | AC_CONFIG_SRCDIR([src/sudo.c]) |
4715 | AC_CONFIG_AUX_DIR([scripts]) |
4716 | dnl |
4717 | dnl Variables that get substituted in the Makefile and man pages |
4718 | dnl |
4719 | -AC_SUBST([SHELL]) |
4720 | -AC_SUBST([LIBTOOL]) |
4721 | -AC_SUBST([CFLAGS]) |
4722 | -AC_SUBST([PROGS]) |
4723 | -AC_SUBST([CPPFLAGS]) |
4724 | -AC_SUBST([LDFLAGS]) |
4725 | -AC_SUBST([SUDO_LDFLAGS]) |
4726 | -AC_SUBST([SUDOERS_LDFLAGS]) |
4727 | -AC_SUBST([LIBUTIL_LDFLAGS]) |
4728 | -AC_SUBST([ZLIB_LDFLAGS]) |
4729 | -AC_SUBST([LT_LDFLAGS]) |
4730 | -AC_SUBST([LT_LDDEP]) |
4731 | -AC_SUBST([LT_LDEXPORTS]) |
4732 | -AC_SUBST([LT_STATIC]) |
4733 | -AC_SUBST([LT_DEP_LIBS]) |
4734 | -AC_SUBST([COMMON_OBJS]) |
4735 | -AC_SUBST([SUDOERS_LT_STATIC]) |
4736 | -AC_SUBST([SUDOERS_OBJS]) |
4737 | -AC_SUBST([SUDO_OBJS]) |
4738 | -AC_SUBST([LIBS]) |
4739 | -AC_SUBST([SUDO_LIBS]) |
4740 | -AC_SUBST([SUDOERS_LIBS]) |
4741 | -AC_SUBST([STATIC_SUDOERS]) |
4742 | -AC_SUBST([NET_LIBS]) |
4743 | -AC_SUBST([AFS_LIBS]) |
4744 | -AC_SUBST([REPLAY_LIBS]) |
4745 | -AC_SUBST([GETGROUPS_LIB]) |
4746 | -AC_SUBST([AUTH_OBJS]) |
4747 | -AC_SUBST([MANTYPE]) |
4748 | -AC_SUBST([MANDIRTYPE]) |
4749 | -AC_SUBST([MANCOMPRESS]) |
4750 | -AC_SUBST([MANCOMPRESSEXT]) |
4751 | -AC_SUBST([SHLIB_ENABLE]) |
4752 | -AC_SUBST([SHLIB_MODE]) |
4753 | -AC_SUBST([SUDOERS_MODE]) |
4754 | -AC_SUBST([SUDOERS_UID]) |
4755 | -AC_SUBST([SUDOERS_GID]) |
4756 | -AC_SUBST([DEVEL]) |
4757 | -AC_SUBST([EXAMPLES]) |
4758 | -AC_SUBST([BAMAN]) |
4759 | -AC_SUBST([LCMAN]) |
4760 | -AC_SUBST([PSMAN]) |
4761 | -AC_SUBST([SEMAN]) |
4762 | -AC_SUBST([AAMAN]) |
4763 | -AC_SUBST([devdir]) |
4764 | -AC_SUBST([mansectsu]) |
4765 | -AC_SUBST([mansectform]) |
4766 | -AC_SUBST([mansectmisc]) |
4767 | -AC_SUBST([INTERCEPTFILE]) |
4768 | -AC_SUBST([INTERCEPTDIR]) |
4769 | -AC_SUBST([intercept_file]) |
4770 | -AC_SUBST([NOEXECFILE]) |
4771 | -AC_SUBST([NOEXECDIR]) |
4772 | -AC_SUBST([noexec_file]) |
4773 | -AC_SUBST([sesh_file]) |
4774 | -AC_SUBST([INSTALL_BACKUP]) |
4775 | -AC_SUBST([INSTALL_INTERCEPT]) |
4776 | -AC_SUBST([INSTALL_NOEXEC]) |
4777 | -AC_SUBST([PRELOAD_MODULE]) |
4778 | -AC_SUBST([DONT_LEAK_PATH_INFO]) |
4779 | -AC_SUBST([BSDAUTH_USAGE]) |
4780 | -AC_SUBST([SELINUX_USAGE]) |
4781 | -AC_SUBST([LDAP]) |
4782 | -AC_SUBST([LOGINCAP_USAGE]) |
4783 | -AC_SUBST([ZLIB]) |
4784 | -AC_SUBST([ZLIB_SRC]) |
4785 | -AC_SUBST([LIBTOOL_DEPS]) |
4786 | -AC_SUBST([CONFIGURE_ARGS]) |
4787 | -AC_SUBST([LIBDL]) |
4788 | -AC_SUBST([LIBRT]) |
4789 | -AC_SUBST([LIBINTL]) |
4790 | -AC_SUBST([LIBCRYPTO]) |
4791 | -AC_SUBST([LIBMD]) |
4792 | -AC_SUBST([LIBTLS]) |
4793 | -AC_SUBST([LIBPTHREAD]) |
4794 | -AC_SUBST([SUDO_NLS]) |
4795 | -AC_SUBST([LOCALEDIR_SUFFIX]) |
4796 | -AC_SUBST([COMPAT_TEST_PROGS]) |
4797 | -AC_SUBST([SUDOERS_TEST_PROGS]) |
4798 | -AC_SUBST([CROSS_COMPILING]) |
4799 | -AC_SUBST([ASAN_LDFLAGS]) |
4800 | -AC_SUBST([ASAN_CFLAGS]) |
4801 | -AC_SUBST([PIE_LDFLAGS]) |
4802 | -AC_SUBST([PIE_CFLAGS]) |
4803 | -AC_SUBST([HARDENING_LDFLAGS]) |
4804 | -AC_SUBST([HARDENING_CFLAGS]) |
4805 | -AC_SUBST([INIT_SCRIPT]) |
4806 | -AC_SUBST([INIT_DIR]) |
4807 | -AC_SUBST([RC_LINK]) |
4808 | -AC_SUBST([COMPAT_EXP]) |
4809 | -AC_SUBST([TMPFILES_D]) |
4810 | -AC_SUBST([exampledir]) |
4811 | -AC_SUBST([DIGEST]) |
4812 | -AC_SUBST([devsearch]) |
4813 | -AC_SUBST([SIGNAME]) |
4814 | -AC_SUBST([PYTHON_PLUGIN]) |
4815 | -AC_SUBST([PYTHON_PLUGIN_SRC]) |
4816 | -AC_SUBST([LOGSRV]) |
4817 | -AC_SUBST([LOGSRV_SRC]) |
4818 | -AC_SUBST([LOGSRVD_SRC]) |
4819 | -AC_SUBST([LOGSRVD_CONF]) |
4820 | -AC_SUBST([LIBLOGSRV]) |
4821 | -AC_SUBST([PPFILES]) |
4822 | -AC_SUBST([FUZZ_ENGINE]) |
4823 | -AC_SUBST([FUZZ_LD]) |
4824 | -AC_SUBST([INTERCEPT_EXP]) |
4825 | - |
4826 | +AC_SUBST([PROGS], [sudo])dnl |
4827 | +AC_SUBST([SUDO_LDFLAGS])dnl |
4828 | +AC_SUBST([SUDOERS_LDFLAGS])dnl |
4829 | +AC_SUBST([LIBUTIL_LDFLAGS])dnl |
4830 | +AC_SUBST([ZLIB_LDFLAGS])dnl |
4831 | +AC_SUBST([LT_LDFLAGS])dnl |
4832 | +AC_SUBST([LT_LDDEP], ["\$(shlib_exp)"])dnl |
4833 | +AC_SUBST([LT_LDEXPORTS], ["-export-symbols \$(shlib_exp)"])dnl |
4834 | +AC_SUBST([LT_STATIC])dnl |
4835 | +AC_SUBST([LT_DEP_LIBS])dnl |
4836 | +AC_SUBST([COMMON_OBJS])dnl |
4837 | +AC_SUBST([SUDOERS_LT_STATIC])dnl |
4838 | +AC_SUBST([SUDOERS_OBJS])dnl |
4839 | +AC_SUBST([SUDO_OBJS])dnl |
4840 | +AC_SUBST([SUDO_LIBS])dnl |
4841 | +AC_SUBST([SUDOERS_LIBS])dnl |
4842 | +AC_SUBST([STATIC_SUDOERS])dnl |
4843 | +AC_SUBST([NET_LIBS])dnl |
4844 | +AC_SUBST([AFS_LIBS])dnl |
4845 | +AC_SUBST([REPLAY_LIBS])dnl |
4846 | +AC_SUBST([GETGROUPS_LIB])dnl |
4847 | +AC_SUBST([AUTH_OBJS])dnl |
4848 | +AC_SUBST([MANTYPE])dnl |
4849 | +AC_SUBST([MANDIRTYPE])dnl |
4850 | +AC_SUBST([MANCOMPRESS])dnl |
4851 | +AC_SUBST([MANCOMPRESSEXT])dnl |
4852 | +AC_SUBST([SHLIB_ENABLE])dnl |
4853 | +AC_SUBST([SHLIB_MODE])dnl |
4854 | +AC_SUBST([SUDOERS_MODE])dnl |
4855 | +AC_SUBST([SUDOERS_UID])dnl |
4856 | +AC_SUBST([SUDOERS_GID])dnl |
4857 | +AC_SUBST([DEVEL])dnl |
4858 | +AC_SUBST([EXAMPLES])dnl |
4859 | +AC_SUBST([BAMAN], [0])dnl |
4860 | +AC_SUBST([LCMAN], [0])dnl |
4861 | +AC_SUBST([PSMAN], [0])dnl |
4862 | +AC_SUBST([SEMAN], [0])dnl |
4863 | +AC_SUBST([AAMAN], [0])dnl |
4864 | +AC_SUBST([devdir], ['$(srcdir)'])dnl |
4865 | +AC_SUBST([mansectsu])dnl |
4866 | +AC_SUBST([mansectform])dnl |
4867 | +AC_SUBST([mansectmisc])dnl |
4868 | +AC_SUBST([INTERCEPTFILE])dnl |
4869 | +AC_SUBST([INTERCEPTDIR])dnl |
4870 | +AC_SUBST([intercept_file])dnl |
4871 | +AC_SUBST([NOEXECFILE])dnl |
4872 | +AC_SUBST([NOEXECDIR])dnl |
4873 | +AC_SUBST([noexec_file])dnl |
4874 | +AC_SUBST([sesh_file])dnl |
4875 | +AC_SUBST([INSTALL_BACKUP])dnl |
4876 | +AC_SUBST([INSTALL_INTERCEPT])dnl |
4877 | +AC_SUBST([INSTALL_NOEXEC])dnl |
4878 | +AC_SUBST([PRELOAD_MODULE], ['-module'])dnl |
4879 | +AC_SUBST([DONT_LEAK_PATH_INFO])dnl |
4880 | +AC_SUBST([BSDAUTH_USAGE])dnl |
4881 | +AC_SUBST([SELINUX_USAGE])dnl |
4882 | +AC_SUBST([LDAP], ['#'])dnl |
4883 | +AC_SUBST([LOGINCAP_USAGE])dnl |
4884 | +AC_SUBST([ZLIB])dnl |
4885 | +AC_SUBST([ZLIB_SRC])dnl |
4886 | +AC_SUBST([LIBTOOL_DEPS])dnl |
4887 | +AC_SUBST([LIBDL])dnl |
4888 | +AC_SUBST([LIBRT])dnl |
4889 | +AC_SUBST([LIBINTL])dnl |
4890 | +AC_SUBST([LIBCRYPTO])dnl |
4891 | +AC_SUBST([LIBTLS])dnl |
4892 | +AC_SUBST([LIBPTHREAD])dnl |
4893 | +AC_SUBST([SUDO_NLS], [disabled])dnl |
4894 | +AC_SUBST([LOCALEDIR_SUFFIX])dnl |
4895 | +AC_SUBST([COMPAT_TEST_PROGS])dnl |
4896 | +AC_SUBST([SUDOERS_TEST_PROGS])dnl |
4897 | +AC_SUBST([CROSS_COMPILING])dnl |
4898 | +AC_SUBST([ASAN_LDFLAGS])dnl |
4899 | +AC_SUBST([ASAN_CFLAGS])dnl |
4900 | +AC_SUBST([PIE_LDFLAGS])dnl |
4901 | +AC_SUBST([PIE_CFLAGS])dnl |
4902 | +AC_SUBST([HARDENING_LDFLAGS])dnl |
4903 | +AC_SUBST([HARDENING_CFLAGS])dnl |
4904 | +AC_SUBST([INIT_SCRIPT])dnl |
4905 | +AC_SUBST([INIT_DIR])dnl |
4906 | +AC_SUBST([RC_LINK])dnl |
4907 | +AC_SUBST([COMPAT_EXP])dnl |
4908 | +AC_SUBST([TMPFILES_D])dnl |
4909 | +AC_SUBST([exampledir], ['$(docdir)/examples'])dnl |
4910 | +AC_SUBST([adminconfdir], ['$(prefix)/etc'])dnl |
4911 | +AC_SUBST([DIGEST])dnl |
4912 | +AC_SUBST([devsearch])dnl |
4913 | +AC_SUBST([SIGNAME])dnl |
4914 | +AC_SUBST([PYTHON_PLUGIN], ['#'])dnl |
4915 | +AC_SUBST([PYTHON_PLUGIN_SRC])dnl |
4916 | +AC_SUBST([LOGSRV])dnl |
4917 | +AC_SUBST([LOGSRV_SRC], ['lib/logsrv'])dnl |
4918 | +AC_SUBST([LOGSRVD_SRC], ['logsrvd'])dnl |
4919 | +AC_SUBST([LOGSRVD_CONF], ['sudo_logsrvd.conf'])dnl |
4920 | +AC_SUBST([LIBLOGSRV], ['$(top_builddir)/lib/logsrv/liblogsrv.la $(top_builddir)/lib/protobuf-c/libprotobuf-c.la'])dnl |
4921 | +AC_SUBST([PPFILES], ['$(srcdir)/etc/sudo.pp'])dnl |
4922 | +AC_SUBST([FUZZ_ENGINE])dnl |
4923 | +AC_SUBST([FUZZ_LD], ['$(CC)'])dnl |
4924 | +AC_SUBST([INTERCEPT_EXP])dnl |
4925 | +dnl |
4926 | +dnl Config file paths |
4927 | +dnl Either a single file or a colon-separated list of paths. |
4928 | +dnl |
4929 | +AC_SUBST([cvtsudoers_conf], ['$(sysconfdir)/cvtsudoers.conf'])dnl |
4930 | +AC_SUBST([sudo_conf], ['$(sysconfdir)/sudo.conf'])dnl |
4931 | +AC_SUBST([sudo_logsrvd_conf], ['$(sysconfdir)/sudo_logsrvd.conf'])dnl |
4932 | +AC_SUBST([sudoers_path], ['$(sysconfdir)/sudoers'])dnl |
4933 | dnl |
4934 | dnl Variables that get substituted in docs (not overridden by environment) |
4935 | dnl |
4936 | @@ -239,65 +239,23 @@ dnl |
4937 | dnl Initial values for Makefile variables listed above |
4938 | dnl May be overridden by environment variables.. |
4939 | dnl |
4940 | -INSTALL_BACKUP= |
4941 | -INSTALL_INTERCEPT= |
4942 | -INSTALL_NOEXEC= |
4943 | -PRELOAD_MODULE=-module |
4944 | -exampledir='$(docdir)/examples' |
4945 | -devdir='$(srcdir)' |
4946 | -PROGS="sudo" |
4947 | : ${MANDIRTYPE='man'} |
4948 | : ${SHLIB_MODE='0644'} |
4949 | : ${SUDOERS_MODE='0440'} |
4950 | : ${SUDOERS_UID='0'} |
4951 | : ${SUDOERS_GID='0'} |
4952 | -DEVEL= |
4953 | -LDAP="#" |
4954 | -BAMAN=0 |
4955 | -LCMAN=0 |
4956 | -PSMAN=0 |
4957 | -SEMAN=0 |
4958 | -AAMAN=0 |
4959 | -LIBINTL= |
4960 | -LIBCRYPTO= |
4961 | -LIBMD= |
4962 | -LIBTLS= |
4963 | -ZLIB= |
4964 | -ZLIB_SRC= |
4965 | -AUTH_OBJS= |
4966 | +dnl |
4967 | +dnl Other variables |
4968 | +dnl |
4969 | +CONFIGURE_ARGS="$@" |
4970 | AUTH_REG= |
4971 | AUTH_EXCL= |
4972 | AUTH_EXCL_DEF= |
4973 | AUTH_DEF=passwd |
4974 | -SUDO_NLS=disabled |
4975 | -LOCALEDIR_SUFFIX= |
4976 | -LT_LDEXPORTS="-export-symbols \$(shlib_exp)" |
4977 | -LT_LDDEP="\$(shlib_exp)" |
4978 | -OS_INIT=os_init_common |
4979 | -INIT_SCRIPT= |
4980 | -INIT_DIR= |
4981 | -RC_LINK= |
4982 | -COMPAT_EXP= |
4983 | -SIGNAME= |
4984 | -FUZZ_ENGINE= |
4985 | -FUZZ_LD='$(CC)' |
4986 | -INTERCEPT_EXP= |
4987 | -dnl |
4988 | -dnl Other variables |
4989 | -dnl |
4990 | -WEAK_ALIAS=no |
4991 | CHECKSHADOW=true |
4992 | shadow_funcs= |
4993 | shadow_libs= |
4994 | -TMPFILES_D= |
4995 | -CONFIGURE_ARGS="$@" |
4996 | -PYTHON_PLUGIN=# |
4997 | -LOGSRVD= |
4998 | -LOGSRVD_SRC=logsrvd |
4999 | -LOGSRV_SRC=lib/logsrv |
5000 | -LOGSRVD_CONF='sudo_logsrvd.conf' |