Skip to content

Commit 7ada70e

Browse files
committed
merge sudo 1.9.1 from tip
--HG-- branch : 1.9
2 parents bb40b2a + 65edf63 commit 7ada70e

File tree

369 files changed

+28157
-20162
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

369 files changed

+28157
-20162
lines changed

MANIFEST

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,7 @@ lib/iolog/regress/iolog_json/test1.in
115115
lib/iolog/regress/iolog_json/test2.in
116116
lib/iolog/regress/iolog_json/test2.out.ok
117117
lib/iolog/regress/iolog_json/test3.in
118+
lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c
118119
lib/iolog/regress/iolog_path/check_iolog_path.c
119120
lib/iolog/regress/iolog_path/data
120121
lib/iolog/regress/iolog_util/check_iolog_util.c
@@ -558,6 +559,8 @@ plugins/sudoers/po/pt.mo
558559
plugins/sudoers/po/pt.po
559560
plugins/sudoers/po/pt_BR.mo
560561
plugins/sudoers/po/pt_BR.po
562+
plugins/sudoers/po/ro.mo
563+
plugins/sudoers/po/ro.po
561564
plugins/sudoers/po/ru.mo
562565
plugins/sudoers/po/ru.po
563566
plugins/sudoers/po/sk.mo
@@ -809,6 +812,10 @@ plugins/sudoers/regress/sudoers/test9.toke.ok
809812
plugins/sudoers/regress/testsudoers/group
810813
plugins/sudoers/regress/testsudoers/test1.out.ok
811814
plugins/sudoers/regress/testsudoers/test1.sh
815+
plugins/sudoers/regress/testsudoers/test10.out.ok
816+
plugins/sudoers/regress/testsudoers/test10.sh
817+
plugins/sudoers/regress/testsudoers/test11.out.ok
818+
plugins/sudoers/regress/testsudoers/test11.sh
812819
plugins/sudoers/regress/testsudoers/test2.inc
813820
plugins/sudoers/regress/testsudoers/test2.out.ok
814821
plugins/sudoers/regress/testsudoers/test2.sh
@@ -824,6 +831,8 @@ plugins/sudoers/regress/testsudoers/test7.out.ok
824831
plugins/sudoers/regress/testsudoers/test7.sh
825832
plugins/sudoers/regress/testsudoers/test8.out.ok
826833
plugins/sudoers/regress/testsudoers/test8.sh
834+
plugins/sudoers/regress/testsudoers/test9.out.ok
835+
plugins/sudoers/regress/testsudoers/test9.sh
827836
plugins/sudoers/regress/visudo/test1.out.ok
828837
plugins/sudoers/regress/visudo/test1.sh
829838
plugins/sudoers/regress/visudo/test10.out.ok
@@ -930,6 +939,8 @@ po/pt.mo
930939
po/pt.po
931940
po/pt_BR.mo
932941
po/pt_BR.po
942+
po/ro.mo
943+
po/ro.po
933944
po/ru.mo
934945
po/ru.po
935946
po/sk.mo

NEWS

Lines changed: 78 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,75 @@
1+
What's new in Sudo 1.9.1
2+
3+
* Fixed an AIX-specific problem when I/O logging was enabled.
4+
The terminal device was not being properly set to raw mode.
5+
Bug #927.
6+
7+
* Corrected handling of sudo_logsrvd connections without associated
8+
I/O log data. This fixes support for RejectMessage as well as
9+
AcceptMessage when the expect_iobufs flag is not set.
10+
11+
* Added an "iolog_path" entry to the JSON-format event log produced
12+
by sudo_logsrvd. Previously, it was only possible to determine
13+
the I/O log file an event belonged to using sudo-format logs.
14+
15+
* Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.
16+
17+
* I/O log files produced by the sudoers plugin now clear the write
18+
bits on the I/O log timing file when the log is complete. This
19+
is consistent with how sudo_logsrvd indicates that a log is
20+
complete.
21+
22+
* The sudoreplay utility has a new "-F" (follow) command line
23+
option to allow replaying a session that is still in progress,
24+
similar to "tail -f".
25+
26+
* The @include and @includedir directives can be used in sudoers
27+
instead of #include and #includedir. In addition, include paths
28+
may now have embedded white space by either using a double-quoted
29+
string or escaping the space characters with a backslash.
30+
31+
* Fixed some Solaris 11.4 compilation errors.
32+
33+
* When running a command in a pty, sudo will no longer try to
34+
suspend itself if the user's tty has been revoked (for instance
35+
when the parent ssh daemon is killed). This fixes a bug where
36+
sudo would continuously suspend the command (which would succeed),
37+
then suspend itself (which would fail due to the missing tty)
38+
and then resume the command.
39+
40+
* If sudo's event loop fails due to the tty being revoked, remove
41+
the user's tty events and restart the event loop (once). This
42+
fixes a problem when running "sudo reboot" in a pty on some
43+
systems. When the event loop exited unexpectedly, sudo would
44+
kill the command running in the pty, which in the case of "reboot",
45+
could lead to the system being in a half-rebooted state.
46+
47+
* Fixed a regression introduced in sudo 1.8.23 in the LDAP and
48+
SSSD back-ends where a missing sudoHost attribute was treated
49+
as an "ALL" wildcard value. A sudoRole with no sudoHost attribute
50+
is now ignored as it was prior to version 1.8.23.
51+
52+
* The audit plugin API has been changed slightly. The sudo front-end
53+
now audits an accept event itself after all approval plugins are
54+
run and the I/O logging plugins (if any) are opened. This makes
55+
it possible for an audit plugin to only log a single overall
56+
accept event if desired.
57+
58+
* The sudoers plugin can now be loaded as an audit plugin. Logging
59+
of successful commands is now performed in the audit plugin's
60+
accept function. As a result, commands are now only logged if
61+
allowed by sudoers and all approval plugins. Commands rejected
62+
by an approval plugin are now also logged by the sudoers plugin.
63+
64+
* Romanian translation for sudo and sudoers from translationproject.org.
65+
66+
* Fixed a regression introduced in sudo 1.9.0 where sudoedit did
67+
not remove its temporary files after installing them. Bug #929.
68+
69+
* Fixed a regression introduced in sudo 1.9.0 where the iolog_file
70+
setting in sudoers and sudo_logsrvd.conf caused an error if the
71+
file name ended in six or more X's.
72+
173
What's new in Sudo 1.9.0
274

375
* Fixed a test failure in the strsig_test regress test on FreeBSD.
@@ -17,8 +89,8 @@ What's new in Sudo 1.9.0
1789
or send existing sudo I/O logs to a centralized server.
1890

1991
* It is now possible to write sudo plugins in Python 3 when sudo
20-
is configured with the --enable-python> option. See the
21-
sudo_plugin_python.man.html manual for details.
92+
is configured with the --enable-python option. See the
93+
sudo_plugin_python manual for details.
2294

2395
Sudo 1.9.0 comes with several Python example plugins that get
2496
installed sudo's examples directory.
@@ -412,10 +484,10 @@ What's new in Sudo 1.8.25
412484
* Fixed a bug introduced in sudo 1.8.24 where sudoNotAfter in the LDAP
413485
back-end was not being properly parsed. Bug #845.
414486

415-
* When sudo runs a command in a pseudo-tty, the slave device is
416-
now closed in the main process immediately after starting the
417-
monitor process. This removes the need for an AIX-specific
418-
workaround that was added in sudo 1.8.24.
487+
* When sudo runs a command in a pseudo-terminal, the follower
488+
device is now closed in the main process immediately after
489+
starting the monitor process. This removes the need for an
490+
AIX-specific workaround that was added in sudo 1.8.24.
419491

420492
* Added support for monotonic timers on HP-UX.
421493

aclocal.m4

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
1+
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
22

3-
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
3+
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
44

55
# This file is free software; the Free Software Foundation
66
# gives unlimited permission to copy and/or distribute it,
@@ -12,7 +12,7 @@
1212
# PARTICULAR PURPOSE.
1313

1414
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
15-
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
15+
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
1616
#
1717
# This file is free software; the Free Software Foundation
1818
# gives unlimited permission to copy and/or distribute it,
@@ -250,7 +250,7 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
250250
sys.exit(sys.hexversion < minverhex)"
251251
AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
252252

253-
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
253+
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
254254
#
255255
# This file is free software; the Free Software Foundation
256256
# gives unlimited permission to copy and/or distribute it,

config.h.in

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,10 @@
107107
*/
108108
#undef HAVE_DECL_ERRNO
109109

110+
/* Define to 1 if you have the declaration of `getdelim', and to 0 if you
111+
don't. */
112+
#undef HAVE_DECL_GETDELIM
113+
110114
/* Define to 1 if you have the declaration of `getdomainname', and to 0 if you
111115
don't. */
112116
#undef HAVE_DECL_GETDOMAINNAME

configure

Lines changed: 48 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#! /bin/sh
22
# Guess values for system-dependent variables and create Makefiles.
3-
# Generated by GNU Autoconf 2.69 for sudo 1.9.0.
3+
# Generated by GNU Autoconf 2.69 for sudo 1.9.1.
44
#
55
# Report bugs to <https://bugzilla.sudo.ws/>.
66
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
590590
# Identity of this package.
591591
PACKAGE_NAME='sudo'
592592
PACKAGE_TARNAME='sudo'
593-
PACKAGE_VERSION='1.9.0'
594-
PACKAGE_STRING='sudo 1.9.0'
593+
PACKAGE_VERSION='1.9.1'
594+
PACKAGE_STRING='sudo 1.9.1'
595595
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
596596
PACKAGE_URL=''
597597

@@ -846,6 +846,7 @@ infodir
846846
docdir
847847
oldincludedir
848848
includedir
849+
runstatedir
849850
localstatedir
850851
sharedstatedir
851852
sysconfdir
@@ -1070,6 +1071,7 @@ datadir='${datarootdir}'
10701071
sysconfdir='${prefix}/etc'
10711072
sharedstatedir='${prefix}/com'
10721073
localstatedir='${prefix}/var'
1074+
runstatedir='${localstatedir}/run'
10731075
includedir='${prefix}/include'
10741076
oldincludedir='/usr/include'
10751077
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1322,6 +1324,15 @@ do
13221324
| -silent | --silent | --silen | --sile | --sil)
13231325
silent=yes ;;
13241326

1327+
-runstatedir | --runstatedir | --runstatedi | --runstated \
1328+
| --runstate | --runstat | --runsta | --runst | --runs \
1329+
| --run | --ru | --r)
1330+
ac_prev=runstatedir ;;
1331+
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
1332+
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
1333+
| --run=* | --ru=* | --r=*)
1334+
runstatedir=$ac_optarg ;;
1335+
13251336
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
13261337
ac_prev=sbindir ;;
13271338
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1459,7 +1470,7 @@ fi
14591470
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
14601471
datadir sysconfdir sharedstatedir localstatedir includedir \
14611472
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
1462-
libdir localedir mandir
1473+
libdir localedir mandir runstatedir
14631474
do
14641475
eval ac_val=\$$ac_var
14651476
# Remove trailing slashes.
@@ -1572,7 +1583,7 @@ if test "$ac_init_help" = "long"; then
15721583
# Omit some internal or obsolete options to make the list less imposing.
15731584
# This message is too long to be a string in the A/UX 3.1 sh.
15741585
cat <<_ACEOF
1575-
\`configure' configures sudo 1.9.0 to adapt to many kinds of systems.
1586+
\`configure' configures sudo 1.9.1 to adapt to many kinds of systems.
15761587

15771588
Usage: $0 [OPTION]... [VAR=VALUE]...
15781589

@@ -1612,6 +1623,7 @@ Fine tuning of the installation directories:
16121623
--sysconfdir=DIR read-only single-machine data [/etc]
16131624
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
16141625
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
1626+
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
16151627
--libdir=DIR object code libraries [EPREFIX/lib]
16161628
--includedir=DIR C header files [PREFIX/include]
16171629
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -1637,7 +1649,7 @@ fi
16371649

16381650
if test -n "$ac_init_help"; then
16391651
case $ac_init_help in
1640-
short | recursive ) echo "Configuration of sudo 1.9.0:";;
1652+
short | recursive ) echo "Configuration of sudo 1.9.1:";;
16411653
esac
16421654
cat <<\_ACEOF
16431655

@@ -1912,7 +1924,7 @@ fi
19121924
test -n "$ac_init_help" && exit $ac_status
19131925
if $ac_init_version; then
19141926
cat <<\_ACEOF
1915-
sudo configure 1.9.0
1927+
sudo configure 1.9.1
19161928
generated by GNU Autoconf 2.69
19171929

19181930
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2621,7 +2633,7 @@ cat >config.log <<_ACEOF
26212633
This file contains any messages produced by compilers while
26222634
running configure, to aid debugging if configure makes a mistake.
26232635

2624-
It was created by sudo $as_me 1.9.0, which was
2636+
It was created by sudo $as_me 1.9.1, which was
26252637
generated by GNU Autoconf 2.69. Invocation command line was
26262638

26272639
$ $0 $@
@@ -15605,6 +15617,9 @@ fi
1560515617
*) RTLD_PRELOAD_VAR="LDR_PRELOAD";;
1560615618
esac
1560715619

15620+
# cfmakeraw is broken on AIX (and is not documented)
15621+
: ${ac_cv_func_cfmakeraw='no'}
15622+
1560815623
# strnlen/strndup may be broken on AIX < 6 depending
1560915624
# on the libc version, use our own.
1561015625
if test $OSMAJOR -lt 6; then
@@ -19457,7 +19472,8 @@ fi
1945719472

1945819473
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking python include flags" >&5
1945919474
$as_echo_n "checking python include flags... " >&6; }
19460-
PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags`
19475+
# Pull out python include path, ignore other flags
19476+
PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags | tr " " "\n" | grep "^-I" | sort -u | tr "\n" " "`
1946119477
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_INCLUDE" >&5
1946219478
$as_echo "$PYTHON_INCLUDE" >&6; }
1946319479

@@ -19474,6 +19490,7 @@ fi
1947419490
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking python linker flags" >&5
1947519491
$as_echo_n "checking python linker flags... " >&6; }
1947619492
PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED`
19493+
PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED | tr " " "\n" | grep "^-[lL]" | tr "\n" " "`
1947719494
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LIBS" >&5
1947819495
$as_echo "$PYTHON_LIBS" >&6; }
1947919496

@@ -19884,6 +19901,19 @@ if test "x$ac_cv_func_getdelim" = xyes; then :
1988419901
#define HAVE_GETDELIM 1
1988519902
_ACEOF
1988619903

19904+
# Out of date gcc fixed includes may result in missing getdelim() prototype
19905+
ac_fn_c_check_decl "$LINENO" "getdelim" "ac_cv_have_decl_getdelim" "$ac_includes_default"
19906+
if test "x$ac_cv_have_decl_getdelim" = xyes; then :
19907+
ac_have_decl=1
19908+
else
19909+
ac_have_decl=0
19910+
fi
19911+
19912+
cat >>confdefs.h <<_ACEOF
19913+
#define HAVE_DECL_GETDELIM $ac_have_decl
19914+
_ACEOF
19915+
19916+
1988719917
else
1988819918

1988919919
case " $LIBOBJS " in
@@ -26500,8 +26530,12 @@ EOF
2650026530

2650126531
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sudo run dir location" >&5
2650226532
$as_echo_n "checking for sudo run dir location... " >&6; }
26503-
rundir="$with_rundir"
26504-
if test -z "$rundir"; then
26533+
if test -n "$with_rundir"; then
26534+
rundir="$with_rundir"
26535+
elif test "$runstatedir" != '${localstatedir}/run'; then
26536+
rundir="$runstatedir/sudo"
26537+
else
26538+
# No --with-rundir or --runstatedir specified
2650526539
for d in /run /var/run /var/db /var/lib /var/adm /usr/adm; do
2650626540
if test -d "$d"; then
2650726541
rundir="$d/sudo"
@@ -27810,6 +27844,7 @@ test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
2781027844
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
2781127845
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
2781227846
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
27847+
test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'
2781327848
test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
2781427849

2781527850
if test X"$INIT_SCRIPT" != X""; then
@@ -28329,7 +28364,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
2832928364
# report actual input values of CONFIG_FILES etc. instead of their
2833028365
# values after options handling.
2833128366
ac_log="
28332-
This file was extended by sudo $as_me 1.9.0, which was
28367+
This file was extended by sudo $as_me 1.9.1, which was
2833328368
generated by GNU Autoconf 2.69. Invocation command line was
2833428369

2833528370
CONFIG_FILES = $CONFIG_FILES
@@ -28395,7 +28430,7 @@ _ACEOF
2839528430
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
2839628431
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
2839728432
ac_cs_version="\\
28398-
sudo config.status 1.9.0
28433+
sudo config.status 1.9.1
2839928434
configured by $0, generated by GNU Autoconf 2.69,
2840028435
with options \\"\$ac_cs_config\\"
2840128436

0 commit comments

Comments
 (0)