+ * Restore old behavior of setting sawspace = TRUE for command line
+ args when a line continuation character is hit to avoid causing
+ problems for existing sudoers files.
+ [963ded6ce070] <1.8>
+
+ * Add test for line continuation and aliases
+ [5703d11a3c46] <1.8>
+
+ * Make test output line up nicely for parse vs. toke
+ [15321ce2d7d9] <1.8>
+
+ * plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.ok,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Move parser tests to sudoers directory and test the tokenizer output
+ too.
+ [111c1ccda334] <1.8>
+
+ * If we match a rule anchored to the beginning of a line after parsing
+ a line continuation character, return an ERROR token. It would be
+ nicer to use REJECT instead but that substantially slows down the
+ lexer.
+ [67e54b14aa9d] <1.8>
+
+ * Move LEXTRACE macro to toke.h so we can use it in yyerror().
+ [e6e04037deed] <1.8>
+
+ * Make lex tracing settable at run-time in testsudoers via the -t
+ flag. Trace output goes to stderr. Will be used by regress tests
+ to check lexer.
+ [a973f43cc0c2] <1.8>
+
+ * Allow whitespace after the modifier in a Defaults entry. E.g.
+ "Defaults: username set_home"
+ [bf876c9fc5bb] <1.8>
+
+2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Don't set CC when cross-compiling.
+ [d3c33dcb02f2] <1.8>
+
+ * Credit Matthew Thomas for the sudoers_search_filter changes.
+ [2209b80664af] <1.8>
+
+ * Add the .sym files to the MANIFEST
+ [bb452b28a009] <1.8>
+
+ * Update for sudo 1.8.1 beta
+ [700d42d80e00] <1.8>
+
+ * user_shell -> run_shell to avoid confusion with the user's SHELL
+ variable.
+ [451b96d5f97e] <1.8>
+
+ * Save the controlling tty process group before suspending in pty
+ mode. Previously, we assumed that the child pgrp == child pid
+ (which is usually, but not always, the case).
+ [b0841d861191] <1.8>
+
+ * Add support for sudoers_search_filter setting in ldap.conf. This
+ can be used to restrict the set of records returned by the LDAP
+ query.
+ [70c5f496e2b3] <1.8>
+
+2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Remove the hack to disable -g in CFLAGS unless --with-devel
+ [9459839f50ba] <1.8>
+
+ * The '@' character does not normally need to be quoted.
+ [e66c4c64e514] <1.8>
+
+ * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
+ if that whitespace is followed by a comma, we want to treat it as
+ part of a list and not transition.
+ [52ae2df9959d] <1.8>
+
+ * Add check for whitespace when a User_List is used for a per-user
+ Defaults entry.
+ [44a4db95be86] <1.8>
+
+ * Expand quoted name checks to cover recent fixes.
+ [bd494b5c2bed] <1.8>
+
+ * Fix parsing of double-quoted names in Defaults and Aliases which was
+ broken in 601d97ea8792.
+ [dfdd58c3eb3b] <1.8>
+
+ * toke_util.c lives in $(srcdir) not $(devdir)
+ [94f8f024782e] <1.8>
+
+2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Update version to 1.8.1
+ [531a7d520f18] <1.8>
+
+ * Document major changes in 1.8.1 and add upgrade notes.
+ [116821646140] <1.8>
+
+ * Be careful not to deref user_stat if it is NULL. This cannot
+ currently happen in sudo but might in other programs using the
+ parser.
+ [d72a9c7151c4] <1.8>
+
+ * configure will not add -O2 to CFLAGS if it is already defined to add
+ -O2 to the CFLAGS we pass in when PIE is being used.
+ [2c7fe82be93d] <1.8>
+
+ * Warn about the dangers of log_input and mention iolog_file and
+ iolog_dir in the log_input and log_output descriptions.
+ [edc6aa59aa45] <1.8>
+
+ * sync with git version
+ [b121cf739c77] <1.8>
+
+ * It seems that h comes after i
+ [99ad15015f05] <1.8>
+
+ * Move log_input and log_output to their proper, sorted, location.
+ Document set_utmp and utmp_runas.
+ [216ce8b0ae1a] <1.8>
+
+ * Save the controlling tty process group before suspending so we can
+ restore it when we resume. Fixes job control problems on Linux
+ caused by the previous attemp to fix resuming a shell when I/O
+ logging not enabled.
+ [dfe038f733be] <1.8>
+
+ * Fix printing of the remainder after a newline. Fixes "sudo -l"
+ output corruption that could occur in some cases.
+ [ab2f0a629e0d] <1.8>
+
+ * Add support for ut_exit
+ [7039ec6a73fa] <1.8>
+
+ * Add support for controlling whether utmp is updated and which user
+ is listed in the entry.
+ [1b008ce71eab] <1.8>
+
+ * Fix typo; tupple vs. tuple
+ [67bb5c67ae3d] <1.8>
+
+ * For legacy utmp, strip the /dev/ prefix before trying to determine
+ slot since the ttys file does not include the /dev/ prefix.
+ [8f597114381d] <1.8>
+
+ * Add check for _PATH_UTMP
+ [fe7e2456f017] <1.8>
+
+ * Adapt check_iolog_path to sessid changes
+ [3016201869b6] <1.8>
+
+ * Redo utmp handling. If no getutent()/getutxent() is available,
+ assume a ttyslot-based utmp. If getttyent() is available, use that
+ directly instead of ttyslot() so we don't have to do the stdin dup2
+ dance.
+ [817490c7c20e] <1.8>
+
+ * Move utmp handling into utmp.c
+ [e4729d9259e9] <1.8>
+
+ * Update copyright years.
+ [1065afc00233] <1.8>
+
+2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Add "user_shell" boolean as a way to indicate to the plugin that the
+ -s flag was given.
+ [6e8bc49b7ea7] <1.8>
+
+ * Move sessid out of sudo_user.
+ [00d67d5ba894] <1.8>
+
+ * Log the TSID even if it is not a simple session ID.
+ [490cf0adae29] <1.8>
+
+ * Document noexec in sample.sudo.conf and add back noexec_file section
+ in sudoers with a note that it is deprecated.
+ [c7a2d8d0c563] <1.8>
+
+ * Fix running commands as non-root on systems where setreuid() changes
+ the saved uid based on the effective uid we are changing to.
+ [f3b27db56ba6] <1.8>
+
+2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Move noexec path into sudo.conf now that sudo itself handles noexec.
+ Currently can be configured in sudoers too but is now undocumented
+ and will be removed in a future release.
+ [9c5f64709994] <1.8>
+
+ * Document "Path noexec ..." in sudo.conf. No longer document
+ noexec_file in sudoers, it will be removed in a future release.
+ [959fa6b5217b] <1.8>
+
+ * Move noexec handling to sudo front-end where it is documented as
+ being.
+ [ef6cd4a40c61] <1.8>
+
+ * Add support for disabling exec via solaris privileges. Includes
+ preparation for moving noexec support out of sudoers and into front
+ end as documented.
+ [d9c05ba9a24f] <1.8>
+
+ * Only export the symbols corresponding to the plugin structs.
+ [cb07af1d9b39] <1.8>
+
+ * Install plugins manually instead of using libtool. This works
+ around a problem on AIX where libtool will install a .a file
+ containing the .so file instead of the .so file itself.
+ [1ccf5af58c05] <1.8>
+
+ * Makefile.in:
+ Move check into its own rule since some versions of make will run
+ both targets as the default rule.
+ [7159f37eb552] <1.8>
+
+ * Update to libtool 2.2.10
+ [9e49773b32b7] <1.8>
+
+ * In handle_signals(), restart the read() on EINTR to make sure we
+ keep up with the signal pipe. Don't return -1 on EAGAIN, it just
+ means we have emptied the pipe.
+ [dc2926097b2d] <1.8>
+
+ * Reorder functions to quiet a compiler warning.
+ [5201367e5db4] <1.8>
+
+ * Use the Sun Studio C compiler on Solaris if possible
+ [b8d43b423fb9] <1.8>
+
+2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix default setting of osversion variable.
+ [e12905851be5] <1.8>
+
+ * Make two login_class entris consistent.
+ [0671d7b204be] <1.8>
+
+ * Add support for adding a utmp entry when allocating a new pty.
+ Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
+ Currently only creates a new entry if the existing tty has a utmp
+ entry.
+ [40ff30099e79] <1.8>
+
+ * Avoid pulling in headers we don't need on Linux For getutx?id(),
+ call setutx?ent() first and always call endutx?ent().
+ [b86f7a13aae9] <1.8>
+
+ * Add some more libs to SUDOERS_LIBS instead of relying on them to be
+ pulled in by SUDO_LIBS.
+ [bcbd16ec56c6] <1.8>
+
+ * Fix return value of "sudo -l command" when command is not allowed,
+ broken in [c7097ea22111]. The default return value is now TRUE and
+ a bad: label is used when permission is denied. Also fixed missing
+ permissions restoration on certain errors. On error()/errorx(), the
+ password and group files are now closed before returning.
+ [757c941a47b2] <1.8>
+
+2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix passing of login class back to sudo front end.
+ [5e649de6b7f5] <1.8>
+
+ * Add --osversion flag to specify OS instead of running "pp
+ --probeonly"
+ [8a03943ac5e8] <1.8>
+
+ * Fix expr usage w/ GNU expr
+ [bdecfa1f54fc] <1.8>
+
+2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix exit value for validate and list mode.
+ [6f8b20199935] <1.8>
+
+ * Fix non-interactive mode with sudoers plugin.
+ [cf5aca4fcbcf] <1.8>
+
+2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudoreplay can now find IDs other than %{seq} and display the
+ session.
+ [60396b417633] <1.8>
+
+ * Add support for replaying sessions when iolog_file is set to
+ something other than %{seq}.
+ [1cd2baa74d56] <1.8>
+
+2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * If we are killed by a signal, display the name of the signal that
+ got us.
+ [1b38c4d42282] <1.8>
+
+ * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
+ where they belong.
+ [78e97a921104] <1.8>
+
+ * Fix bug in skey/opie check that could cause a shell warning.
+ [f20229a04f30] <1.8>
+
+ * No longer need sudo_getepw() stubs.
+ [795631ac7db0] <1.8>
+
+2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Fix exit value of "sudo -l command" in sudoers module.
+ [4a05d6019b3d] <1.8>
+
+2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Use fgets() not fgetln() for portability.
+ [1f2050745096] <1.8>
+
+ * Don't use the beta or release candidate version as the rpm release.
+ [a5b049477646] <1.8>
+
+2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Adjust ChangeLog rule now that 1.8 is branched
+ [a994ac361e44] <1.8>
+
+ * .hgtags:
+ Added tag SUDO_1_8_0 for changeset f6530d56f6ae
+ [99a2b3801419] <1.8>
+
+2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ version 1.8.0
+ [f6530d56f6ae] [SUDO_1_8_0]
+
+ * NEWS:
+ update sudo 1.8 section
+ [f2ee2cf95d18]
+
+2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test2.sh:
+ fix test description
+ [cd5730fa9f09]
+
+ * plugins/sudoers/regress/testsudoers/test2.out,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ convert test2 to use testsudoers
+ [b5ec3f0b69f1]
+
+ * include/sudo_plugin.h, src/sudo_plugin_int.h:
+ Move struct generic_plugin to sudo_plugin_int.h
+ [6f7bc629329c]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Allow sudoers file name, mode, uid and gid to be specified in the
+ settings list. The sudo front end does not currently set these but
+ may in the future.
+ [22f38a0fda2a]
+
+2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ 1.8.0rc1
+ [5d4588b9c057]
+
+ * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/parse_args.c, src/sudo.h:
+ add help text to sudo, visudo and sudoreplay for the -h option
+ [52e7378d8476]
+
+2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/snprintf.c:
+ avoid using "howmany" for a parameter name since it is a select-
+ related macro
+ [a14d565401a1]
+
+ * doc/sudoers.pod:
+ mention group_plugin when describing nonunix_group
+ [e0d1d0034b17]
+
+ * doc/sudo_plugin.pod:
+ Add missing period at end of sentence
+ [6744d7e9056d]
+
+ * Makefile.in, doc/Makefile.in, include/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, src/Makefile.in:
+ add localstatedir; closes bug 471
+ [7aefcab85088]
+
+ * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
+ src/exec.c, src/exec_pty.c:
+ The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
+ Bug 470
+ [927ed6740f32]
+
+ * configure.in:
+ add missing AH_TEMPLATE for ENV_RESET
+ [16300010c986]
+
+ * src/exec.c:
+ SVR5 systems return non-zero for success on socketpair(), check for
+ -1 instead. Closes Bug 469
+ [4d276494bf8e]
+
+2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ 1.8.0b5
+ [d611cd5d73d3]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [85e96eeaed82]
+
+ * doc/sudo.pod:
+ Document that a sudo.conf file with no Pligin lines uses the default
+ sudoers plugins.
+ [88bd52da977f]
+
+ * src/load_plugins.c:
+ If sudo.conf contains no Plugin lines, use the default sudoers
+ policy and I/O plugins.
+ [fd8f4cb811ab]
+
+2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudo_nss.c:
+ Avoid printing empty "Runas and Command-specific defaults for user"
+ line.
+ [2dd330fe4f8b]
+
+ * common/lbuf.c:
+ Truncate the buffer at buf.len before printing in the non-wordwrap
+ case.
+ [901e9833f80d]
+
+ * common/lbuf.c:
+ Remove extra newline when the tty width is very small or unavailable
+ [245c05506c0e]
+
+2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/alias.c:
+ Remove unneeded variable.
+ [2c086d30b796]
+
+2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Prefer getutxid over getutid
+ [3f3322e9c93e]
+
+ * plugins/sudoers/boottime.c:
+ Include utmp.h / utmpx.h before missing.h as apparently including it
+ afterwards causes a compilation problem on GNU Hurd.
+ [a528029ae962]
+
+2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
+ #include "foo.h", not <foo.h> for local includes.
+ [f65ec693998e]
+
+ * src/parse_args.c:
+ remove bogus XXX
+ [9136c17d53ce]
+
+ * compat/mksiglist.c:
+ Fix typo
+ [1a3bb7b455c9]
+
+ * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/match.c:
+ return foo not return(foo)
+ [5c9e0647359a]
+
+2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Remove duplicate FD_SET of signal_pipe[0]
+ [3096527d2215]
+
+2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/mksiglist.c:
+ Use "missing.h" not <missing.h> in generated code.
+ [d8e09cffbe09]
+
+2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure:
+ fix --with-iologdir=no
+ [a89699cb5f5f]
+
+ * aclocal.m4, configure:
+ fix typo that broke --with-iologdir
+ [91b54eb22403]
+
+2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
+ doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
+ doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
+ doc/visudo.man.in:
+ Bump version to 1.8.0b4
+ [e2b7f2cdc02e]
+
+ * NEWS:
+ sync
+ [decf5a0a8a33]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Attempt to clarify how users and groups interact in Runas_Specs
+ [e6fb3a2dbd77]
+
+ * plugins/sudoers/regress/visudo/test2.out,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for quoted group that contains escaped double quotes
+ [44596c48c629]
+
+ * src/exec.c, src/exec_pty.c:
+ Pass SIGUSR1/SIGUSR2 through to the child.
+ [c3108a827b01]
+
+ * src/exec_pty.c, src/sudo_exec.h:
+ Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
+ SIGUSR2 to indicate whether the child should be continued in the
+ foreground or background.
+ [35ca47cc6785]
+
+ * src/exec.c:
+ Use pid_t not int and check the return value of kill()
+ [36ae7d37d7f9]
+
+2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Remove obsolete comment
+ [baebef4919f6]
+
+ * src/exec.c:
+ In non-pty mode before continuing the child, make it the foreground
+ pgrp if possible. Fixes resuming a shell.
+ [fef5b1d02ddb]
+
+ * src/exec_pty.c:
+ If we get a signal other than SIGCHLD in the monitor, pass it
+ directly to the child.
+ [b3ecb28163a0]
+
+ * src/exec.c, src/exec_pty.c, src/sudo.h:
+ Save signal state before changing handlers and restore before we
+ execute the command.
+ [faf7475dc4bf]
+
+2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Use a char array to map a number to a base36 digit.
+ [257576c51f8b]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
+ Be clear about what versions of sudo support new LDAP attributes.
+ Fix up some formatting of attribute names. Minor other tweaks.
+ [39f65df71f65]
+
+2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ match quoted strings the same way whether in a Defaults line or as a
+ user/group/netgroup name. Fixes escaped double quotes in quoted
+ user/group/netgroup names.
+ [601d97ea8792]
+
+ * plugins/sudoers/Makefile.in:
+ 'make check' depends on visudo and testsudoers
+ [127c5a24df8f]
+
+ * plugins/sudoers/sudoers2ldif:
+ Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
+ [9029163a58c3]
+
+2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/UPGRADE:
+ Mention LDAP attribute compatibility status.
+ [2c3595aaec63]
+
+2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * README.LDAP:
+ Mention phpQLAdmin
+ [9304c9064fbe]
+
+ * INSTALL, NEWS, config.h.in, configure, configure.in,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
+ Add --disable-env-reset configure option.
+ [8a753aa13a46]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document that sudoers_locale also affects logging and email.
+ [998d6ac11277]
+
+ * NEWS, config.h.in, configure, configure.in,
+ plugins/sudoers/logging.c:
+ Do logging and email sending in the locale specified by the
+ "sudoers_locale" setting ("C" by default). Email send by sudo
+ includes MIME headers when the sudoers locale is not "C".
+ [cb7e55408400]
+
+2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Fix indentation
+ [65ae7e92b9e4]
+
+2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, src/parse_args.c, src/sudo.c:
+ Perform command escaping for "sudo -s" and "sudo -i" after
+ validating sudoers so the sudoers entries don't need to have all the
+ backslashes.
+ [4e168c103f4b]
+
+2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Prepend "list " to the command logged when "sudo -l command" is used
+ to make it clear that the command was listed, not run.
+ [f392a6056cd6]
+
+ * plugins/sudoers/parse.c:
+ cosmetic change
+ [7c0951dbc2dd]
+
+ * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
+ common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
+ compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/regress/glob/globtest.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
+ plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
+ plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
+ plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
+ src/sudo_noexec.c, src/tgetpass.c:
+ standardize on "return foo;" rather than "return(foo);" or "return
+ (foo);"
+ [32d76c5aaf8c]
+
+ * plugins/sudoers/sudoers.c:
+ Do not reject sudoers file just because it is root-writable.
+ [0febc579185b]
+
+2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ sync
+ [1ab03f8278ff]
+
+ * plugins/sudoers/sudo_nss.c:
+ For "sudo -U user -l" if user is not authorized on the host, say so.
+ [289afe6dd15c]
+
+ * plugins/sudoers/ldap.c:
+ In sudo_ldap_lookup(), always do the initial sudoers check as the
+ invoking user. If we are listing another user's privs we will do a
+ separate lookup using list_pw later.
+ [e52bc15de76d]
+
+2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ add parser fill tests
+ [4f65140d3515]
+
+ * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Don't test features not supported by the bundled glob()
+ [8ec7ace11949]
+
+ * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
+ compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
+ doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
+ doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/match.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
+ Update copyright year to 2011
+ [ac1b45cb1809]
+
+ * plugins/sudoers/sudo_nss.c:
+ When listing, use separate lbufs for the defaults and the privileges
+ and only print something if the number of privileges is non-zero.
+ Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
+ [d0854d39f8ef]
+
+ * plugins/sudoers/ldap.c:
+ Stash pointer to user group vector in LDAP handle and only reuse the
+ query if it has not changed. We always allocate a new buffer when
+ we reset the group vector so a simple pointer check is sufficient.
+ [88861d4eba69]
+
+ * plugins/sudoers/sudo_nss.c:
+ Check initgroups() return value.
+ [3bdaf58408a7]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Add tests for the fill functions in toke_util.c
+ [bca587ab4956]
+
+2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
+ fix copyright year
+ [e2038cdaf055]
+
+ * NEWS:
+ sync
+ [56ca5d5eaebe]
+
+2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/term.c:
+ Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
+ [b91f266624ec]
+
+2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg, sudo.pp:
+ Add Requires line for audit-libs >= 1.4 for RHEL5+
+ [6c02f976171b]
+
+ * pp:
+ sync with git version
+ [d301c32d5865]
+
+2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ fix typo
+ [39353f92976f]
+
+2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for sudo 1.7.4p5
+ [b444da76901f]
+
+ * doc/schema.OpenLDAP, doc/schema.iPlanet:
+ Add sudoNotBefore and sudoNotAfter attributes as optional attributes
+ to the sudoRole object class. From Andreas Mueller
+ [dacfad7e7a95]
+
+2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Mention "sudo -g group" password check fix.
+ [1eb8fb14e53b]
+
+ * plugins/sudoers/sudoers.c:
+ Fix "sudo -g" support in the sudoers module.
+ [07d1b0ce530e]
+
+ * plugins/sudoers/check.c:
+ If the user is running sudo as himself but as a different group we
+ need to prompt for a password.
+ [caf1fcc9a117]
+
+2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
+ plugins/sudoers/ldap.c:
+ Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
+ LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
+ derived LDAP SDKs but we can pass the timeout parameter to
+ ldap_search_ext_s() or ldap_search_st() when possible.
+ [5537049991f7]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [5b361c3c4324]
+
+ * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
+ with OpenLDAP ldap.conf files.
+ [e97843bd16fb]
+
+ * plugins/sudoers/pwutil.c:
+ If user has no supplementary groups, fall back on checking the group
+ file expliticly.
+ [5223ad4eb690]
+
+2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
+ constify
+ [6e132a4cca61]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l:
+ Move fill macro to toke.h
+ [623d430798cf]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Split tokenizer utility functions out into toke_util.c
+ [89a97bd51618]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ ANSIfy
+ [ca0eba1dfaa9]
+
+2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ sync
+ [a43f94064bb3]
+
+ * plugins/sudoers/Makefile.in:
+ Add visudo tests to check target
+ [8c82fb4ed40f]
+
+ * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
+ compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
+ compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
+ Add my regress tests for fnmatch() and glob() from OpenBSD.
+ [6e8c1f211723]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/visudo/test1.ok,
+ plugins/sudoers/regress/visudo/test1.sh:
+ Add regress test for command tags using visudo -c
+ [18b0ef207c0f]
+
+ * plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/testsudoers/test1.ok,
+ plugins/sudoers/regress/testsudoers/test1.sh:
+ Add support for regress tests using testsudoers
+ [1fa94bd2671b]
+
+ * plugins/sudoers/testsudoers.c:
+ Need to set user_name explicitly due to internal changes made when
+ converting sudoers to a plugin.
+ [1fa54e86a364]
+
+2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
+ zlib/Makefile.in:
+ Add regression tests for iolog_path()
+ [afa4b416e559]
+
+ * Makefile.in, common/Makefile.in, compat/Makefile.in,
+ doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Add support for "make Makefile" to regenerate Makefile from
+ Makefile.in
+ [98bd2dda3294]
+
+ * plugins/sudoers/iolog_path.c:
+ Quiest a bogus compiler warning.
+ [5ff932a7ad67]
+
+2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Protect call to setlocale() with HAVE_SETLOCALE
+ [2c29ee3ccc81]
+
+2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ mkstemps.c was renamed mktemp.c
+ [ae299c3b1827]
+
+ * NEWS:
+ Update from 1.7 branch
+ [20817d79717b]
+
+ * Makefile.in:
+ Use "mv -f" when regenerating ChangeLog
+ [c163635206c6]
+
+ * plugins/sudoers/match.c:
+ Fix NULL dereference with "sudo -g group" when the sudoers rule has
+ no runas user or group listed. Fixes RedHat bug Bug 667103.
+ [41a6a1243d9e]
+
+2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Correct the default sudo.conf example
+ [4e791698cad1]
+
+2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c:
+ Reset slashp if we allocate a new buffer for strftime()
+ [e491daa4203b]
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add extra out parameter to expand_iolog_path() to allow the caller
+ to split the path into dir and file components if needed.
+ [88346bc5ae39]
+
+2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ mkdir_iopath() returns size_t now that it uses strlcpy() and not
+ snprintf()
+ [3c4c64d265eb]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
+ Trim leading slashes from iolog_file and trailing slashes from
+ iolog_dir
+ [a803b51f8948]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
+ plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Pass a single I/O log file name in command_details instead of
+ separate dir + file parameters.
+ [d672a3e46e80]
+
+ * plugins/sudoers/sudoreplay.c:
+ change an error() to errorx()
+ [8013dcfdd69d]
+
+ * plugins/sudoers/iolog.c:
+ Add missing cwd line to I/O log info file that got dropped when
+ iolog_deserialize_info() was added
+ [7cf84f208423]
+
+2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Avoid relying on globals filled in by the sudoers policy module for
+ the sudoers I/O log module. The I/O log open function now pulls the
+ bits it needs out of user_info and command_info.
+ [c02f6951b0cc]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ If no iolog file is specified by the policy plugin, use io_nextid()
+ to determine the next file in the sequence.
+ [faa1130b1020]
+
+2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document iolog_compress in command_info
+ [58895c7d12f5]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add support for the iolog_compress variable in command_info.
+ [36f13a2fd1c1]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Add sigsetjmp() calls to all plugin entry points just to be safe.
+ [3fa482355bc4]
+
+ * src/sudo.c, src/sudo.h:
+ Don't need iolog variables in struct command_details, they are for
+ the I/O log plugins to handle.
+ [5111579ffd9d]
+
+2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ Document use of mkdtemp() for iolog path teplates
+ [5db6101408a9]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
+ doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
+ regen
+ [1ee11fd6d4eb]
+
+ * doc/sudo_plugin.pod, doc/sudoers.pod:
+ Document iolog_file and supported escape sequences for sudoers.
+ Clarify that iolog_file can contain directories.
+ [da611dedcbdb]
+
+ * compat/Makefile.in, configure, configure.in:
+ Fix building of mkstemps/mkdtemp replacements.
+ [793a5e303122]
+
+ * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
+ configure.in, include/missing.h:
+ Provide mkdtemp() for systems without it.
+ [b0527dfa965c]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix typo
+ [277f6c514cba]
+
+ * plugins/sudoers/iolog.c:
+ Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
+ glibc mkdtemp() returns EINVAL.
+ [2e7323b05579]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Allow sudoers to specify the iolog file in addition to the iolog
+ dir. Add escape sequence support to iolog file and dir: sequence
+ number, user, group, runas_user, runas_group, hostname and
+ command in addition to any escape sequence recognized by
+ strftime(3).
+ [75cd32ee0435]
+
+ * plugins/sudoers/iolog.c:
+ Add missing sigsetjmp() call in I/O plugin open function. Fixes a
+ crash when the I/O plugin calls error(), errorx() or log_error().
+ [1a6718bd817d]
+
+2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Give the policy module fine-grained control over what the I/O plugin
+ logs.
+ [d29784fd2a66]
+
+ * common/term.c:
+ Clear OPOST from c_oflag like we used to. Fixes screen-based
+ editors such as vi.
+ [506ad5ae9b4e]
+
+ * doc/sudoers.pod:
+ Clarify umask option description. From Reuben Thomas.
+ [1294ac84222b]
+
+2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Pick last match in LDAP sudoers too
+ [fbfd8e85703b]
+
+ * doc/sudo_plugin.pod:
+ Document iolog_file, iolog_dir and use_pty
+ [26120a59c20e]
+
+ * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/sudoers.c:
+ Adapt plugins to version I/O logging ABI 1.1
+ [880dd64bc1e8]
+
+ * src/exec.c, src/sudo.h:
+ Add use_pty command_info flag for policies to indicate that a pty
+ should be allocated even if no I/O logging is performed.
+ [e7b167f8a6e5]
+
+ * src/sudo.c:
+ Add remaining plugin convenience functions
+ [ffeaf96da031]
+
+ * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
+ src/sudo_plugin_int.h:
+ Change I/O log API to pass in command info to the I/O log open
+ function. Add iolog_file and iolog_dir parameters to command info.
+ This allows the policy plugin to specify the I/O log pathname. Add
+ convenience functions for calling plugin functions that handle ABI
+ backwards compatibility.
+ [9b81dce76ce5]
+
+ * compat/dlopen.c:
+ Remove useless cast
+ [7cecce969739]
+
+2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Bump version to 1.8.0b3
+ [1dc9f040aae0]
+
+2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure.in:
+ Remove extraneous newline
+ [71c94551eea5]
+
+2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
+ Make I/O log dir configurable.
+ [99b576667a38]
+
+ * aclocal.m4, configure, configure.in, doc/sudoers.pod:
+ Rename io_logdir to iolog_dir
+ [0731662acc8d]
+
+2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Add missing '*' that prevented the generic ELF case from matching.
+ [be77ca26bfb2]
+
+ * pp:
+ If file(1) can't identify the ELF binary type, try readelf(1).
+ [38a18d32a9e3]
+
+2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, src/sudo.c:
+ Use %u to print uid/gid, not %lu and adjust casts to match.
+ [03c43b8749cf]
+
+ * doc/sudoers.ldap.pod:
+ Clarify ordering of entries and attributes.
+ [924e2a6bb603]
+
+ * doc/sudoers.ldap.pod:
+ Fix typo and editing goof.
+ [79dc7ccd85a8]
+
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod:
+ Merge in ordered LDAP entry support from Andreas Mueller.
+ [ea5885989bad]
+
+ * plugins/sudoers/ldap.c:
+ Make sure we don't dereference a NULL handle.
+ [1a9f9ee15371]
+
+2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Add support for RHEL 6 file modes that include a trailing dot on
+ files with an SELinux security context
+ [dc09be959547]
+
+2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ exec_setup() does not need to setuid(0), the Ubuntu issue was in the
+ sudoers module.
+ [d6dd99fc6062]
+
+ * plugins/sudoers/sudoers.c:
+ create_admin_success_flag() should use restore_perms() rather than
+ set_perms() to restore the uid.
+ [eba7a91c1f57]
+
+ * src/sudo.c:
+ In exec_setup() call setuid(0) to make certain the subsequent uid
+ and gid changes will succeed. Fixes a problem on Ubuntu.
+ [c5d32abf0645]
+
+ * src/sudo_edit.c:
+ Error out if we cannot change to root's uid so we catch the failure
+ early.
+ [7a2e7f8f2c80]
+
+2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.pod:
+ fix typo; from Michael T Hunter
+ [a574a9d0db5b]
+
+ * plugins/sudoers/match.c:
+ In sudoedit mode, assume command line arguments are paths and pass
+ FNM_PATHNAME to fnmatch().
+ [ce0abff8ce9f]
+
+2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add workaround for an error in sys/types.h on HP-UX 11.23 when large
+ file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
+ broken bits of the header file.
+ [e337217f097a]
+
+ * aclocal.m4:
+ Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
+ [fbbcee28961f]
+
+ * sudo.pp:
+ For Tru64, strip off beta version.
+ [eeccd762df5e]
+
+ * MANIFEST, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
+ Avoid conflicts with system definitions in grp.h and pwd.h
+ [b219ffe1da09]
+
+ * zlib/gzguts.h:
+ Include stdio.h after zlib.h, not before. We need the large file
+ defines to come first.
+ [21d6df39790f]
+
+2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
+ regen
+ [3ff8750d0aac]
+
+ * Makefile.in:
+ Don't clean ChangeLog
+ [ab0d30d289d4]
+
+ * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Add prototype for cleanup()
+ [75626fd3769a]
+
+2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c:
+ Avoid deferencing group_plugin if it is NULL in
+ group_plugin_query(). This should not happen.
+ [4f2933c8da7e]
+
+ * plugins/sudoers/group_plugin.c:
+ group plugin init function return TRUE when successful
+ [198024477030]
+
+2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Enlarge the array of entry wrappers int blocks of 100 entries to
+ save on allocation time. From Andreas Mueller
+ [375c916bb03b]
+
+ * plugins/sudoers/ldap.c:
+ Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
+ that was mistakenly dropped.
+ [1555f5bc132d]
+
+2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Mention that sudo needs "ar" to build.
+ [65582ace2d09]
+
+ * configure, configure.in:
+ Fail with a more useful error if "ar" is not found.
+ [d1cb83719c17]
+
+2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Merge in ordered LDAP entry support from Andreas Mueller and add
+ local changes from the 1.7 branch.
+ [bca29e461618]
+
+2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
+ doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add timed entry support from Andreas Mueller.
+ [e18d1df46a8d]
+
+ * plugins/sudoers/group_plugin.c:
+ Don't try to unload if group_plugin is NULL. Don't call dlclose() if
+ group_handle is NULL
+ [de2273da37d5]
+
+ * plugins/sudoers/sudoers.h:
+ It is now plugin_cleanup(), not cleanup()
+ [da62a4e1a78c]
+
+ * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ Call plugin_cleanup(), not cleanup()
+ [e800ad8b33ad]
+
+2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c:
+ Use efree() not free() and remove malloc.h include since we never
+ directly call malloc() or free().
+ [107fffd134bb]
+
+2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ set PSTAMP for Solaris and move the backend-specific bits to their
+ own %if [xxx] %endif blocks in %set.
+ [a94ebe8920c1]
+
+ * pp:
+ sync with git repo
+ [75ff509696b4]
+
+ * configure, configure.in:
+ Only substitute file zlib files when using the builtin zlib
+ [6c8145b2deb4]
+
+ * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ src/Makefile.in, zlib/Makefile.in:
+ Give up on using VPATH to find sources as it is implemented
+ inconsistenly in different versions of make.
+ [60517c69aaee]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
+ plugins/sudoers/gram.c, plugins/sudoers/toke.c:
+ Include config.h before any other includes to make sure we get the
+ right value for _FILE_OFFSET_BITS.
+ [8fb007ca832e]
+
+ * MANIFEST:
+ Add zlib
+ [04a3e23dfaa9]
+
+ * zlib/Makefile.in:
+ Add missing targets
+ [40e45a177168]
+
+ * src/Makefile.in:
+ g/c unused $(GENERATED)
+ [c8758068c1bc]
+
+2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/group_plugin.c:
+ Zero out group_plugin on unload just to be safe.
+ [0b10f4d101ca]
+
+ * plugins/sudoers/group_plugin.c:
+ Unload group plugin if its init function fails.
+ [6552cdac4b7c]
+
+ * src/sudo.c:
+ Only chdir to cwd if it is different from the current cwd or there
+ is a new root (chroot).
+ [b8203e875e84]
+
+ * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
+ Bump version to 1.8.0b2
+ [6dadeb75a878]
+
+2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Better --enable-zlib description
+ [e0da54fa59a6]
+
+ * mkpkg:
+ Use system zlib on Linux Let configure decide on Solaris For all
+ others, use builtin zlib
+ [3d52eddb523c]
+
+ * zlib/zconf.h.in:
+ Add large file support.
+ [bec01215270d]
+
+ * config.h.in:
+ Add large file support.
+ [244e95b034ec]
+
+ * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
+ zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
+ zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
+ zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
+ zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
+ zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
+ zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
+ zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
+ Add local copy of zlib for systems that lack it.
+ [7542ca465c5a]
+
+2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ If perform_io() fails, kill the child before exiting so it doesn't
+ complain about connection reset. We can get an I/O error if, for
+ example, and we get EIO reading from stdin.
+ [e59a05fa729f]
+
+2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Fix complilation on systems with set_auth_parameters() Sprinkle
+ volatile to quiet warnings from gcc 2.8.0
+ [a34c2b924ba7]
+
+ * compat/dlfcn.h, compat/dlopen.c:
+ Avoid potential namespace issues with dlopen() emulation.
+ [aedfababd6ca]
+
+ * MANIFEST:
+ sync
+ [6afb97e6d308]
+
+ * plugins/sudoers/interfaces.c:
+ Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
+ exist).
+ [ddfca5af1a36]
+
+ * Makefile.in:
+ Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
+ [e9d04bfa4505]
+
+ * configure, configure.in:
+ HP-UX 10.20 libc has an incompatible getline
+ [2e7bc202e78d]
+
+ * plugins/sudoers/visudo.c:
+ Quiet an HP-UX compiler warning.
+ [55b9d587ac8c]
+
+ * configure, configure.in:
+ Check for vi even with --with-editor specified; the sample plugin
+ needs it.
+ [94dfc3643f76]
+
+2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/dlopen.c:
+ Fix remaining syntax errors.
+ [9d729b5b577e]
+
+ * src/Makefile.in:
+ sudo binary depends on the libtool-generated libs
+ [9e6148406adb]
+
+ * plugins/sudoers/group_plugin.c, src/load_plugins.c:
+ Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
+ include the local or system dlfcn.h
+ [68cfe4c1089b]
+
+ * pp:
+ Don't use run_as_superuser=false on HP-UX
+ [532242370b09]
+
+ * src/net_ifs.c:
+ Use memset() instead of zero_bytes() since we don't include
+ sudoers.h
+ [a187c18c2472]
+
+ * plugins/sudoers/interfaces.c:
+ Fix pasto; AF_INET not AF_INET6
+ [2d2e9d7dc6f9]
+
+ * compat/dlopen.c:
+ Actually call shl_load()
+ [ed8153b8a3cd]
+
+ * pp:
+ Update from git repo. Debian: version numbers now compliant with
+ policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
+ 10.20
+ [ecf2692bceeb]
+
+ * configure, configure.in:
+ Fix dlopen() detection for systems where dlopen() is in a separate
+ library.
+ [fa6b175582b6]
+
+ * plugins/sudoers/auth/pam.c:
+ If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
+ useful message and return AUTH_FATAL so sudo does not keep trying to
+ validate the user.
+ [1be8857e5291]
+
+ * src/preload.c:
+ sudo_preload_table is an array
+ [b7704e72a9da]
+
+ * compat/dlopen.c:
+ Quiet a compiler warning and fix sudo_preload_table external
+ definition.
+ [8234987664cc]
+
+ * compat/dlfcn.h:
+ Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
+ [8bab6a4053cc]
+
+ * plugins/sudoers/group_plugin.c:
+ Make this compile correctly when no dlopen is available.
+ [57643879bd2b]
+
+2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Having a timestamp file defined is no longer indicative of tty
+ tickets being enabled. Check def_tty_tickets directly.
+ [efcc11ad157f]
+
+ * src/exec_pty.c, src/sudo.h, src/ttysize.c:
+ Fix TCGETWINSZ compat.
+ [da3a8b17cf7a]
+
+2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c, src/ttysize.c:
+ Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
+ [926492dd10a6]
+
+2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move set_project() from sudoers module into sudo proper.
+ [beabafac03b4]
+
+ * configure, configure.in:
+ Fix typo and regenerate
+ [4a3caf4234f3]
+
+ * plugins/sudoers/ldap.c:
+ When iterating over returned LDAP entries, keep looking at remaining
+ matches even if we have a positive match. This catches negative
+ matches that may exist in other entries and more closely match the
+ sudoers file behavior.
+ [f47db6e609b0]
+
+ * pp:
+ Add support for multiple package instances on Solaris.
+ [7f2a8b942545]
+
+ * src/exec.c:
+ Add missing signal_pipe[0] to fdsr for the non-pty case.
+ [79d01e11b19c]
+
+ * mkpkg:
+ Add --with-project for Solaris
+ [ffa4c2bb93f7]
+
+ * README:
+ Need ar and ranlib too
+ [5c2f679172ef]
+
+2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Preserve ODMDIR environment variable by default on AIX.
+ [bd47cb1e804f]
+
+2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
+ config.h.in, configure, configure.in, plugins/sample/Makefile.in,
+ plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
+ src/preload.c:
+ Add dlopen() emulation for systems without it. For HP-UX 10, emulate
+ using shl_load(). For others, link sudoers plugin statically and use
+ a lookup table to emulate dlsym().
+ [e92edfb3c642]
+
+2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
+ compat/nanosleep.c, compat/utimes.c:
+ When including compat headers, use the compat dir as part of the
+ path so we are sure to get the correct header.
+ [6c2a45da6af5]
+
+2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/linux_audit.c:
+ Ignore ECONNREFUSED from audit_log_user_command() which will occur
+ if auditd is not running.
+ [d314fe4c8d03]
+
+2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Sync with git version
+ [1c0357744222]
+
+2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fileops.c, plugins/sudoers/defaults.c:
+ Cast isblank argument to unsigned char.
+ [c822dbb3ca54]
+
+2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
+ Implement --with-umask-override configure flag.
+ [863e3047df22]
+
+ * plugins/sudoers/env.c:
+ Take MODE_LOGIN_SHELL into account when initially setting reset_home
+ instead of special-casing it later.
+ [5d6b16480fd6]
+
+ * plugins/sudoers/sudoers.c:
+ In login mode, make a copy of the runas user's pw_shell for
+ NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
+ freed before exec.
+ [1d1ccb568dfa]
+
+ * plugins/sudoers/env.c:
+ Reset HOME for "sudo -i" even if HOME was listed in env_keep.
+ [c1c1c65a2d63]
+
+ * src/sudo.c:
+ Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
+ [7443454e5f88]
+
+ * src/sudo.c:
+ Reset signal mask at sudo startup time; we need to be able to rely
+ on normal signal delivery to control the child process.
+ [95800163ff94]
+
+2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * install-sh:
+ Use sed instead of expr to split a flag from its argument. Fixes a
+ problem with expr interpreting its arguments as a flag when they
+ start with a dash.
+ [736065e14301]
+
+ * common/lbuf.c:
+ Do not need sys/time.h after all
+ [91f6f668ccda]
+
+ * common/lbuf.c:
+ Include sys/time.h for utimes() and struct timeval. No longer need
+ ioctl.h or termios.h
+ [2d75273d3213]
+
+ * compat/snprintf.c:
+ Quiet bogus compiler warnings.
+ [fe252e1968f5]
+
+ * include/missing.h:
+ Declare innetgr() for HP-UX which is missing a declaration. Declare
+ domainname() for HP-UX and Solaris which are missing a declaration.
+ [b37c50751138]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use __sun for consistency with the rest of the sources.
+ [6b086b61ccb6]
+
+ * plugins/sudoers/group_plugin.c:
+ Quiet a bogus compiler warning.
+ [ebc069842c4a]
+
+ * plugins/sudoers/pwutil.c:
+ Don't try to delref a NULL group.
+ [f6ff0838be21]
+
+ * common/alloc.c, common/lbuf.c:
+ Include memory.h on systems that need it.
+ [4e676da81c6f]
+
+2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2).
+ [0532da0b7cf7]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
+ sudo_plugin is in section 8; from Ted Percival
+ [b4506a0de87e]
+
+ * plugins/sudoers/Makefile.in:
+ testsudoers depends on libsudoers.la, not sudoreplay
+ [cdb1cc3bf06a]
+
+2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ Read as many signals on the signal pipe as we can before returning.
+ [b181671da047]
+
+ * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
+ Instead of using a array to store received signals, open a pipe and
+ have the signal handler write the signal number to one end and
+ select() on the other end. This makes it possible to handle signals
+ similar to I/O without race conditions.
+ [ee84d65c16b6]
+
+2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.pod, plugins/sudoers/visudo.c:
+ Make "visudo -c -f -" check the standard input.
+ [195a3d2a9a26]
+
+ * doc/sudoers.pod:
+ set_home and always_set_home have an effect if HOME is present in
+ the env_keep list.
+ [159d0b9dc5c8]
+
+ * plugins/sudoers/env.c:
+ Make -H flag work when HOME is listed in env_keep. Also makes
+ "set_home" and "always_set_home" override override HOME in env_keep.
+ [a3e5b966193f]
+
+2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
+ plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/net_ifs.c:
+ Convert sudoers plugin to use interface list passed in settings.
+ [87d9b5f4f586]
+
+ * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
+ src/parse_args.c, src/sudo.h:
+ Query local network interfaces in the main sudo driver and pass to
+ the plugin as "network_addrs" in the settings list.
+ [7f35bcfe77a7]
+
+ * plugins/sudoers/bsm_audit.c:
+ Solaris BSM audit return EINVAL when auditing is not enabled,
+ whereas OpenBSM returns ENOSYS.
+ [411b980ec58b]
+
+2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/fnmatch.c:
+ missing.h should come before most local includes
+ [53921a7b8b5b]
+
+ * plugins/sudoers/sudoreplay.c:
+ missing.h should come before most local includes
+ [e9abb0db1aac]
+
+ * plugins/sudoers/sudoers.h:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets.
+ [09de4faa9547]
+
+ * plugins/sudoers/sudoers.c:
+ Always fill in NewArgv for audit code.
+ [7c3aca60519f]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
+ [007cf6560f92]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
+ common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
+ src/sudo_noexec.c, src/ttysize.c:
+ Make local includes consistent; use double quotes for local includes
+ except for generated ones where we use angle brackets. Also g/c
+ unused compat.h.
+ [e57070dc8f04]
+
+2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ When matching the runas user and runas group (-u and -g command line
+ options), keep track of runas group and runas user matches
+ separately. Only return a positive match if we have a match for
+ both runas user and runas group (if specified).
+ [815219e04cc8]
+
+2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
+ Add support for multiple URI lines by joining the contents and
+ passing the result to ldap_initialize.
+ [a47cae3b72e8]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
+ Do not return -1 on error from the display functions; the caller
+ expects a return value >= 0.
+ [101456a7dd00]
+
+ * plugins/sudoers/sudoers.c:
+ Do not set both MODE_EDIT and MODE_RUN
+ [8faa36694d54]
+
+2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Move includes to the top of the file.
+ [a51436798e8c]
+
+2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Add missing definition of timedir
+ [458a749c2c5e]
+
+ * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
+ compat/mksiglist.c, compat/strsignal.c,
+ plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
+ Add #include of sys/types.h for .c files that include missing.h to
+ be sure that size_t and ssize_t are defined.
+ [08e3132dbf4f]
+
+ * plugins/sudoers/Makefile.in:
+ Install sudoers file from the build dir not hte src dir.
+ [ca89e962dbf4]
+
+2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/set_perms.c:
+ If runas_pw changes, reset the stashed runas aux group vector.
+ Otherwise, if runas_default is set in a per-command Defaults
+ statement, the command runs with root's aux group vector (i.e. the
+ one that was used when locating the command).
+ [24f9107cedd2]
+
+ * plugins/sudoers/Makefile.in:
+ Add target to generate sudoers file Remove generated sudoers file as
+ part of distclean
+ [fb7422e90f03]
+
+2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c:
+ When not logging I/O install a handler for SIGCONT and deliver it to
+ the command upon resume. Fixes bugzilla #431
+ [495dce52a5aa]
+
+2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.h:
+ g/c unused auth_pw extern definition
+ [40eb7477ba17]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
+ Move get_auth() into check.c where it is actually used.
+ [e31db0ce3a61]
+
+2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/lbuf.c:
+ Convert a remaining puts() and putchar() to use the output function.
+ [d69e363a506b]
+
+ * plugins/sudoers/plugin_error.c:
+ Plug memory leak
+ [68895469ea8d]
+
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/env.c:
+ Set dupcheck to TRUE when setting new HOME value if !env_reset but
+ always_set_home is true. Prevents a duplicate HOME in the
+ environment (old value plus the new one) introduced in f421f8827340.
+ [9ca19183794f]
+
+ * configure, configure.in, plugins/sudoers/sudoers,
+ plugins/sudoers/sudoers.in:
+ Substitute sysconfdir in the installed sudoers file to get the
+ correct path for sudoers.d.
+ [86072b6cd55d]
+
+2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/get_pty.c:
+ Fix typo that prevented compilation on Irix; Friedrich Haubensak
+ [b48be51b65fc]
+
+2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
+ common/atobool.c, common/fileops.c, common/fmt_string.c,
+ common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
+ compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
+ compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
+ compat/getprogname.c, compat/glob.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
+ compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
+ compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
+ compat/unsetenv.c, compat/utimes.c, include/compat.h,
+ include/missing.h, plugins/sample/sample_plugin.c,
+ plugins/sample_group/getgrent.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
+ src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
+ Merge compat.h and missing.h into missing.h
+ [572909ae9716]
+
+2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ If the user hits ^C while a password is being read, error out before
+ reading any further passwords in the pam conversation function.
+ Otherwise, if multiple PAM auth methods are required, the user will
+ have to hit ^C for each one.
+ [23782631748c]
+
+2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Update comment
+ [a5296cb3a20a]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
+ Document sudo_conv_t function and sudo_printf_t return values.
+ [745c0017814c]
+
+ * src/conversation.c:
+ Make _sudo_printf return the number of characters printed on success
+ like printf(3).
+ [8eeefe8d7e77]
+
+2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c:
+ sudoers.h includes sudo_plugin.h for us
+ [cabe68e07807]
+
+ * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
+ src/sudo_edit.c:
+ Use gettimeofday() directly instead of via the gettime() wrapper.
+ [7490426c99ae]
+
+ * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
+ compat/strerror.c, config.h.in, configure, configure.in,
+ include/compat.h, include/missing.h, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Remove some obsolete configure tests, ancient Unix systems are no
+ longer supported.
+ [2be6218c3a36]
+
+2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set pp_kit_version and strip off patch level
+ [aacfda1b676d]
+
+ * sudo.pp:
+ Better handling of versions with a patchlevel. For rpm and deb, use
+ the patchlevel+1 as the release. For AIX, use the patchlevel as the
+ 4th version number. For the rest, just leave the patchlevel in the
+ version string.
+ [638bd35f2346]
+
+2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ For non-standalone auth methods, stop reading the password if the
+ user enters ^C at the prompt.
+ [82c2911bb264]
+
+ * configure, configure.in, plugins/sudoers/Makefile.in,
+ plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
+ plugins/sudoers/pwutil.c:
+ No need to look up shadow password unless we are doing password-
+ style authentication. This moves the shadow password lookup to the
+ auth functions that need it.
+ [ba9e3eba2b72]
+
+ * plugins/sudoers/sudoers.c:
+ Retain final passwd/group refs until the policy close() function.
+ Note that this doesn't get called in all cases so putting this in a
+ cleanup function is probably better.
+ [bbe214cb4119]
+
+ * plugins/sudoers/check.c:
+ Fix mismerge
+ [395115f89dd6]
+
+ * plugins/sudoers/check.c:
+ When removing/resetting the timestamp file ignore the tty ticket
+ contents.
+ [b709f5667a0b]
+
+ * plugins/sudoers/sudoers.c:
+ delref sudo_user.pw, runas_pw and runas_gr immediately before we
+ return.
+ [4d67d15dfd3b]
+
+2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Reference count cached passwd and group structs. The cache holds
+ one reference itself and another is added by sudo_getgr{gid,nam} and
+ sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
+ group structs are persistent for now.
+ [e544685523c3]
+
+ * doc/UPGRADE:
+ fix typo
+ [e32f2d35e6c9]
+
+2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Do not produce a warning for "sudo -k" if the ticket file does not
+ exist.
+ [1598f6061b75]
+
+ * plugins/sudoers/pwutil.c:
+ Instead of caching struct passwd and struct group in the red-black
+ tree, store a struct cache_item which includes both the key and
+ datum. This allows us to user the actual name that was looked up as
+ the key instead of the contents of struct passwd or struct group.
+ This matters because the name in the database may not match what we
+ looked up, due either to case folding or truncation (historically at
+ 8 characters). Also mark the disabled calls to sudo_freepwcache()
+ and sudo_freegrcache() as broken since we use cached data for things
+ like set_perms() and the logging functions. Fixing this would
+ require making a copy of the structs for user and runas or adding a
+ reference count (better).
+ [225d4a22f60e]
+
+ * plugins/sudoers/Makefile.in:
+ Fix path to mkinstalldirs
+ [b4968379b12d]
+
+ * plugins/sudoers/check.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
+ src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
+ Quiet gcc warnings on glibc systems that use warn_unused_result for
+ write(2) and others.
+ [c99f138960e0]
+
+2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Add %option noinput
+ [72b9cd49b4f1]
+
+ * aclocal.m4, configure, configure.in:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
+ back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
+ cross-compiling.
+ [e385c176d0ee]
+
+2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
+ Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+ and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+ [cf3e60d9c440]
+
+2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * pp:
+ Update to latest version
+ [32f93be33961]
+
+2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Let pp determine pp_aix_version itself.
+ [7cf0245d84ed]
+
+ * INSTALL, config.h.in, configure, configure.in, mkpkg,
+ plugins/sudoers/sudoers.c:
+ Add support for Ubuntu admin flag file and enable it when building
+ Ubuntu packages.
+ [00e27cff2dfb]
+
+ * plugins/sudoers/sudoers, sudo.pp:
+ Add commented out SuSE-like targetpw settings
+ [4605d47b7413]
+
+ * configure, configure.in:
+ Only try to use +DAportable for non-GCC on hppa
+ [75d0f284ccf7]
+
+ * configure, configure.in:
+ Prevent configure from adding the -g flag unless in devel mode
+ [b1fd3f8d45c0]
+
+2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Go back to sudo-flavor to match existing packages and only use an
+ underscore for those that need it.
+ [d737069d1e1c]
+
+ * sudo.pp:
+ Use sudo_$flavor instead of sudo-$flavor since that causes the least
+ amount of trouble for the various package managers.
+ [71f547af35fc]
+
+ * mkpkg:
+ Fix handling of the ldap flavor Remove destdir unless --debug was
+ specified Make distclean before running configure if there is a
+ Makefile present
+ [6316f08de7d3]
+
+ * sudo.pp:
+ Add back include file.
+ [195627bf68b8]
+
+ * mkpkg:
+ Pass extra args on to configure on HP-UX, if we don't have the HP C
+ compiler, disable zlib to prevent gcc from finding it in
+ /usr/local/lib.
+ [473efa0e2bac]
+
+ * mkpkg:
+ Use the HP ANSI C compiler on HP-UX if possible
+ [fb249b6b175d]
+
+ * plugins/sudoers/sudoreplay.c: