Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2014-05-17 06:43:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2014-03-18 16:21:27.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes 2014-05-17 06:43:36.000000000 +0200 @@ -1,0 +2,20 @@ +Thu May 15 13:00:31 UTC 2014 - vci...@suse.com + +- update to 1.8.10p3 + * Fixed expansion of the %p escape in the prompt for "sudo -l" + when rootpw, runaspw or targetpw is set. Bug #639. + * Fixed matching of uids and gids which was broken in version 1.8.9 + * PAM credential initialization has been re-enabled. It was + unintentionally disabled by default in version 1.8.8. The way + credentials are initialized has also been fixed. Bug #642. + * Fixed a descriptor leak on Linux when determing boot time. Sudo + normally closes extra descriptors before running a command so + the impact is limited. Bug #645. + * Fixed flushing of the last buffer of data when I/O logging is + enabled. This bug, introduced in version 1.8.9, could cause + incomplete command output on some systems. Bug #646. + * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout + is set to zero. Bug #638. +- don't install test LICENSE with executable perms + +------------------------------------------------------------------- Old: ---- sudo-1.8.10p1.tar.gz New: ---- sudo-1.8.10p3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.wp3bgn/_old 2014-05-17 06:43:37.000000000 +0200 +++ /var/tmp/diff_new_pack.wp3bgn/_new 2014-05-17 06:43:37.000000000 +0200 @@ -17,7 +17,7 @@ Name: sudo -Version: 1.8.10p1 +Version: 1.8.10p3 Release: 0 Summary: Execute some commands as root License: ISC @@ -31,7 +31,6 @@ Patch0: sudoers2ldif-env.patch # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config Patch1: sudo-sudoers.patch -# PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream BuildRequires: audit-devel BuildRequires: groff BuildRequires: libselinux-devel @@ -125,7 +124,7 @@ install -m 755 %{SOURCE3} %{buildroot}/var/lib/tests/sudo install -m 755 %{SOURCE4} %{buildroot}/var/lib/tests/sudo install -d %{buildroot}%{_docdir}/%{name}-test -install -m 755 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE +install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE %post chmod 0440 %{_sysconfdir}/sudoers ++++++ sudo-1.8.10p1.tar.gz -> sudo-1.8.10p3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/ChangeLog new/sudo-1.8.10p3/ChangeLog --- old/sudo-1.8.10p1/ChangeLog 2014-03-13 22:20:38.000000000 +0100 +++ new/sudo-1.8.10p3/ChangeLog 2014-05-07 03:34:27.000000000 +0200 @@ -1,3 +1,88 @@ +2014-05-06 Todd C. Miller <todd.mil...@courtesan.com> + + * compat/getgrouplist.c, plugins/group_file/group_file.c, + plugins/system_group/system_group.c: + deal with NULL gr_mem here too + [0db43ed71001] + + * NEWS, configure, configure.ac: + Sudo 1.8.10p3 + [3f415a180023] + +2014-05-02 Todd C. Miller <todd.mil...@courtesan.com> + + * common/event.c: + Fix non-blocking mode. We only want to exit the event loop when + poll() or select() returns 0 and there are no active events. This + fixes a problem on some systems where the last buffer was not being + written when the command exited. + [deb6b1a7b241] + +2014-04-28 Todd C. Miller <todd.mil...@courtesan.com> + + * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: + Make get_boottime() return bool. + [9ff15a995d01] + + * doc/CONTRIBUTORS, plugins/sudoers/boottime.c: + Fix fd leak on Linux when determing boot time. This is usually + masked by the closefrom() call in sudo. From Jamie Anderson. Bug + #645 + [0b4c430e8b88] + +2014-04-15 Todd C. Miller <todd.mil...@courtesan.com> + + * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: + Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when + changing the user. This is the correct flag to use with a program + that changes the uid like su or sudo and fixes a role problem on + Solaris. From Gary Winiger; Bug #642 + [ec23c3bf41bb] + + * plugins/sudoers/defaults.c: + pam_setcred should default to true; from Gary Winiger Bug #642 + [23e6628ec546] + +2014-04-09 Todd C. Miller <todd.mil...@courtesan.com> + + * MANIFEST, plugins/sudoers/match.c, + plugins/sudoers/regress/testsudoers/test6.out.ok, + plugins/sudoers/regress/testsudoers/test6.sh, + plugins/sudoers/regress/testsudoers/test7.out.ok, + plugins/sudoers/regress/testsudoers/test7.sh: + Fix matching of uids and gids broken in sudo 1.8.9. + [315eff4add59] + + * plugins/sudoers/testsudoers.c: + Fix -P option in usage() + [50753b6222b7] + +2014-03-19 Todd C. Miller <todd.mil...@courtesan.com> + + * plugins/sudoers/check.c, plugins/sudoers/prompt.c, + plugins/sudoers/sudoers.h: + Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw + or targetpw is set. Bug #639 + [dff0208d1194] + +2014-03-17 Todd C. Miller <todd.mil...@courtesan.com> + + * NEWS, configure, configure.ac: + Sudo 1.8.10p2 + [774ebec63b41] + + * plugins/sudoers/timestamp.c: + Don't write an empty timestamp record when timestamp_timeout is + zero. If we find an empty record in the timestamp file, overwrite it + with a good one, truncating the file as needed. + [9c226d81b660] + +2014-03-15 Todd C. Miller <todd.mil...@courtesan.com> + + * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: + Fix typos in description of the -x option. Bug #637 + [6ff2bfaaf99d] + 2014-03-13 Todd C. Miller <todd.mil...@courtesan.com> * NEWS, configure, configure.ac: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/MANIFEST new/sudo-1.8.10p3/MANIFEST --- old/sudo-1.8.10p1/MANIFEST 2014-03-13 22:18:40.000000000 +0100 +++ new/sudo-1.8.10p3/MANIFEST 2014-05-05 22:35:14.000000000 +0200 @@ -364,6 +364,10 @@ plugins/sudoers/regress/testsudoers/test4.sh plugins/sudoers/regress/testsudoers/test5.out.ok plugins/sudoers/regress/testsudoers/test5.sh +plugins/sudoers/regress/testsudoers/test6.out.ok +plugins/sudoers/regress/testsudoers/test6.sh +plugins/sudoers/regress/testsudoers/test7.out.ok +plugins/sudoers/regress/testsudoers/test7.sh plugins/sudoers/regress/visudo/test1.out.ok plugins/sudoers/regress/visudo/test1.sh plugins/sudoers/regress/visudo/test2.err.ok diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/NEWS new/sudo-1.8.10p3/NEWS --- old/sudo-1.8.10p1/NEWS 2014-03-13 22:18:40.000000000 +0100 +++ new/sudo-1.8.10p3/NEWS 2014-05-07 02:11:45.000000000 +0200 @@ -1,3 +1,28 @@ +What's new in Sudo 1.8.10p3? + + * Fixed expansion of %p in the prompt for "sudo -l" when rootpw, + runaspw or targetpw is set. Bug #639 + + * Fixed matching of uids and gids which was broken in version 1.8.9. + Bug #640 + + * PAM credential initialization has been re-enabled. It was + unintentionally disabled by default in version 1.8.8. The way + credentials are initialized has also been fixed. Bug #642. + + * Fixed a descriptor leak on Linux when determing boot time. Sudo + normally closes extra descriptors before running a command so + the impact is limited. Bug #645 + + * Fixed flushing of the last buffer of data when I/O logging is + enabled. This bug, introduced in version 1.8.9, could cause + incomplete command output on some systems. Bug #646 + +What's new in Sudo 1.8.10p2? + + * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout + is set to zero. + What's new in Sudo 1.8.10p1? * Fixed a bug introduced in sudo 1.8.10 that prevented the disabling diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/common/event.c new/sudo-1.8.10p3/common/event.c --- old/sudo-1.8.10p1/common/event.c 2014-03-07 22:51:19.000000000 +0100 +++ new/sudo-1.8.10p3/common/event.c 2014-05-05 22:35:27.000000000 +0200 @@ -286,6 +286,11 @@ TAILQ_INSERT_TAIL(&base->active, ev, active_entries); SET(ev->flags, SUDO_EVQ_ACTIVE); } + if (ISSET(flags, SUDO_EVLOOP_NONBLOCK)) { + /* If nonblocking, return immediately if no active events. */ + if (TAILQ_EMPTY(&base->active)) + goto done; + } break; default: /* I/O events active, sudo_ev_scan_impl() already added them. */ @@ -333,7 +338,7 @@ SET(base->flags, SUDO_EVBASE_GOT_EXIT); goto done; } - if (flags & (SUDO_EVLOOP_ONCE | SUDO_EVLOOP_NONBLOCK)) + if (ISSET(flags, SUDO_EVLOOP_ONCE)) break; } done: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/compat/getgrouplist.c new/sudo-1.8.10p3/compat/getgrouplist.c --- old/sudo-1.8.10p1/compat/getgrouplist.c 2014-03-07 22:50:56.000000000 +0100 +++ new/sudo-1.8.10p3/compat/getgrouplist.c 2014-05-07 03:33:06.000000000 +0200 @@ -318,7 +318,7 @@ setgrent(); while ((grp = getgrent()) != NULL) { - if (grp->gr_gid == basegid) + if (grp->gr_gid == basegid || grp->gr_mem == NULL) continue; for (i = 0; grp->gr_mem[i] != NULL; i++) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/configure new/sudo-1.8.10p3/configure --- old/sudo-1.8.10p1/configure 2014-03-13 22:18:40.000000000 +0100 +++ new/sudo-1.8.10p3/configure 2014-05-07 02:11:45.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sudo 1.8.10p1. +# Generated by GNU Autoconf 2.69 for sudo 1.8.10p3. # # Report bugs to <http://www.sudo.ws/bugs/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.10p1' -PACKAGE_STRING='sudo 1.8.10p1' +PACKAGE_VERSION='1.8.10p3' +PACKAGE_STRING='sudo 1.8.10p3' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1505,7 +1505,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.10p1 to adapt to many kinds of systems. +\`configure' configures sudo 1.8.10p3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1570,7 +1570,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.10p1:";; + short | recursive ) echo "Configuration of sudo 1.8.10p3:";; esac cat <<\_ACEOF @@ -1802,7 +1802,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.10p1 +sudo configure 1.8.10p3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2511,7 +2511,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.10p1, which was +It was created by sudo $as_me 1.8.10p3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -22958,7 +22958,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.10p1, which was +This file was extended by sudo $as_me 1.8.10p3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23024,7 +23024,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.10p1 +sudo config.status 1.8.10p3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/configure.ac new/sudo-1.8.10p3/configure.ac --- old/sudo-1.8.10p1/configure.ac 2014-03-13 22:18:40.000000000 +0100 +++ new/sudo-1.8.10p3/configure.ac 2014-05-07 02:11:46.000000000 +0200 @@ -4,7 +4,7 @@ dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller <todd.mil...@courtesan.com> dnl AC_PREREQ([2.59]) -AC_INIT([sudo], [1.8.10p1], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.10p3], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/doc/CONTRIBUTORS new/sudo-1.8.10p3/doc/CONTRIBUTORS --- old/sudo-1.8.10p1/doc/CONTRIBUTORS 2014-03-07 22:51:19.000000000 +0100 +++ new/sudo-1.8.10p3/doc/CONTRIBUTORS 2014-05-07 02:21:22.000000000 +0200 @@ -6,6 +6,7 @@ Ackeret, Matt Adler, Mark Allbery, Russ + Anderson, Jamie Andrew, Nick Andric, Dimitry Barron, Danny @@ -155,6 +156,7 @@ Webb, Kirk Wetzel, Timm Wieringen, Marco van + Winiger, Gary Wood, David Zacarias, Gustavo Zolnowsky, John diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/doc/visudo.cat new/sudo-1.8.10p3/doc/visudo.cat --- old/sudo-1.8.10p1/doc/visudo.cat 2014-03-07 22:51:21.000000000 +0100 +++ new/sudo-1.8.10p3/doc/visudo.cat 2014-03-17 15:10:25.000000000 +0100 @@ -74,9 +74,9 @@ --xx _f_i_l_e, ----eexxppoorrtt=_f_i_l_e Export _s_u_d_o_e_r_s in JSON format and write it to _f_i_l_e. If _f_i_l_e - is `-', the exported _s_u_d_o_e_r_s policy will to be written to the + is `-', the exported _s_u_d_o_e_r_s policy will be written to the standard output. The exported format is intended to be - easier for third-party applications to parse that the + easier for third-party applications to parse than the traditional _s_u_d_o_e_r_s format. The various values have explicit types which removes much of the ambiguity of the _s_u_d_o_e_r_s format. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/doc/visudo.man.in new/sudo-1.8.10p3/doc/visudo.man.in --- old/sudo-1.8.10p1/doc/visudo.man.in 2014-03-07 22:51:21.000000000 +0100 +++ new/sudo-1.8.10p3/doc/visudo.man.in 2014-03-17 15:10:25.000000000 +0100 @@ -216,9 +216,9 @@ \(oq-\(cq, the exported \fIsudoers\fR -policy will to be written to the standard output. +policy will be written to the standard output. The exported format is intended to be easier for third-party -applications to parse that the traditional +applications to parse than the traditional \fIsudoers\fR format. The various values have explicit types which removes much of the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/doc/visudo.mdoc.in new/sudo-1.8.10p3/doc/visudo.mdoc.in --- old/sudo-1.8.10p1/doc/visudo.mdoc.in 2014-03-07 22:51:19.000000000 +0100 +++ new/sudo-1.8.10p3/doc/visudo.mdoc.in 2014-03-17 15:10:25.000000000 +0100 @@ -207,9 +207,9 @@ .Ql - , the exported .Em sudoers -policy will to be written to the standard output. +policy will be written to the standard output. The exported format is intended to be easier for third-party -applications to parse that the traditional +applications to parse than the traditional .Em sudoers format. The various values have explicit types which removes much of the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/group_file/group_file.c new/sudo-1.8.10p3/plugins/group_file/group_file.c --- old/sudo-1.8.10p1/plugins/group_file/group_file.c 2014-03-07 22:50:56.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/group_file/group_file.c 2014-05-07 03:33:06.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Todd C. Miller <todd.mil...@courtesan.com> + * Copyright (c) 2010-2014 Todd C. Miller <todd.mil...@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -121,7 +121,7 @@ char **member; grp = mygetgrnam(group); - if (grp != NULL) { + if (grp != NULL && grp->gr_mem != NULL) { for (member = grp->gr_mem; *member != NULL; member++) { if (strcasecmp(user, *member) == 0) return true; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/auth/pam.c new/sudo-1.8.10p3/plugins/sudoers/auth/pam.c --- old/sudo-1.8.10p1/plugins/sudoers/auth/pam.c 2014-03-07 22:50:56.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/auth/pam.c 2014-05-05 22:35:23.000000000 +0200 @@ -230,7 +230,7 @@ (void) pam_set_item(pamh, PAM_USER, pw->pw_name); /* - * Set credentials (may include resource limits, device ownership, etc). + * Reinitialize credentials when changing the user. * We don't worry about a failure from pam_setcred() since with * stacked PAM auth modules a failure from one module may override * PAM_SUCCESS from another. For example, given a non-local user, @@ -238,7 +238,7 @@ * pam_unix is first in the stack, pam_setcred() will fail. */ if (def_pam_setcred) - (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); + (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED); if (def_pam_session) { *pam_status = pam_open_session(pamh, 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/boottime.c new/sudo-1.8.10p3/plugins/sudoers/boottime.c --- old/sudo-1.8.10p1/plugins/sudoers/boottime.c 2014-03-07 22:51:19.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/boottime.c 2014-05-07 02:26:16.000000000 +0200 @@ -28,6 +28,11 @@ # include <stdlib.h> # endif #endif /* STDC_HEADERS */ +#ifdef HAVE_STDBOOL_H +# include <stdbool.h> +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ #ifdef HAVE_STRING_H # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) # include <memory.h> @@ -60,13 +65,14 @@ */ #if defined(__linux__) -int +bool get_boottime(struct timeval *tv) { char *ep, *line = NULL; size_t linesize = 0; + bool found = false; ssize_t len; - FILE * fp; + FILE *fp; debug_decl(get_boottime, SUDO_DEBUG_UTIL) /* read btime from /proc/stat */ @@ -78,7 +84,8 @@ if (llval > 0) { tv->tv_sec = (time_t)llval; tv->tv_usec = 0; - debug_return_bool(1); + found = true; + break; } } } @@ -86,12 +93,12 @@ free(line); } - debug_return_bool(0); + debug_return_bool(found); } #elif defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME) -int +bool get_boottime(struct timeval *tv) { size_t size; @@ -102,9 +109,9 @@ mib[1] = KERN_BOOTTIME; size = sizeof(*tv); if (sysctl(mib, 2, tv, &size, NULL, 0) != -1) - debug_return_bool(1); + debug_return_bool(true); - debug_return_bool(0); + debug_return_bool(false); } #elif defined(HAVE_GETUTXID) @@ -151,6 +158,6 @@ get_boottime(struct timeval *tv) { debug_decl(get_boottime, SUDO_DEBUG_UTIL) - debug_return_bool(0); + debug_return_bool(false); } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/check.c new/sudo-1.8.10p3/plugins/sudoers/check.c --- old/sudo-1.8.10p1/plugins/sudoers/check.c 2014-03-07 22:51:21.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/check.c 2014-05-05 22:35:05.000000000 +0200 @@ -93,7 +93,7 @@ /* Expand any escapes in the prompt. */ prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, - user_name, user_shost); + auth_pw->pw_name); rval = verify_user(auth_pw, prompt, validated); if (rval == true && lectured) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/defaults.c new/sudo-1.8.10p3/plugins/sudoers/defaults.c --- old/sudo-1.8.10p1/plugins/sudoers/defaults.c 2014-03-07 22:51:19.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/defaults.c 2014-05-05 22:35:20.000000000 +0200 @@ -489,6 +489,7 @@ #endif def_editor = estrdup(EDITOR); def_set_utmp = true; + def_pam_setcred = true; /* Finally do the lists (currently just environment tables). */ init_envtables(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/match.c new/sudo-1.8.10p3/plugins/sudoers/match.c --- old/sudo-1.8.10p1/plugins/sudoers/match.c 2014-03-07 22:51:19.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/match.c 2014-05-05 22:35:14.000000000 +0200 @@ -803,7 +803,7 @@ if (pw != NULL && *sudoers_user == '#') { uid = (uid_t) atoid(sudoers_user + 1, NULL, NULL, &errstr); - if (errstr != NULL && uid == pw->pw_uid) { + if (errstr == NULL && uid == pw->pw_uid) { rc = true; goto done; } @@ -830,7 +830,7 @@ if (*sudoers_group == '#') { gid = (gid_t) atoid(sudoers_group + 1, NULL, NULL, &errstr); - if (errstr != NULL && gid == gr->gr_gid) { + if (errstr == NULL && gid == gr->gr_gid) { rc = true; goto done; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/prompt.c new/sudo-1.8.10p3/plugins/sudoers/prompt.c --- old/sudo-1.8.10p1/plugins/sudoers/prompt.c 2014-03-07 22:50:56.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/prompt.c 2014-05-05 22:35:05.000000000 +0200 @@ -47,7 +47,7 @@ * allocated result. Returns the same string if there are no escapes. */ char * -expand_prompt(const char *old_prompt, const char *user, const char *host) +expand_prompt(const char *old_prompt, const char *auth_user) { size_t len, n; int subst; @@ -72,12 +72,7 @@ break; case 'p': p++; - if (def_rootpw) - len += 2; - else if (def_targetpw || def_runaspw) - len += strlen(runas_pw->pw_name) - 2; - else - len += strlen(user_name) - 2; + len += strlen(auth_user) - 2; subst = 1; break; case 'u': @@ -123,12 +118,7 @@ continue; case 'p': p++; - if (def_rootpw) - n = strlcpy(np, "root", np - endp); - else if (def_targetpw || def_runaspw) - n = strlcpy(np, runas_pw->pw_name, np - endp); - else - n = strlcpy(np, user_name, np - endp); + n = strlcpy(np, auth_user, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.out.ok new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.out.ok --- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.out.ok 1970-01-01 01:00:00.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.out.ok 2014-05-05 22:35:14.000000000 +0200 @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.sh new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.sh --- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.sh 2014-05-05 22:35:14.000000000 +0200 @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Verify sudoers matching by uid. +# + +exec 2>&1 +./testsudoers root id <<EOF +#0 ALL = ALL +EOF + +exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.out.ok new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.out.ok --- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.out.ok 1970-01-01 01:00:00.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.out.ok 2014-05-05 22:35:14.000000000 +0200 @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.sh new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.sh --- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.sh 2014-05-05 22:35:14.000000000 +0200 @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Verify sudoers matching by gid. +# + +exec 2>&1 +./testsudoers root id <<EOF +%#0 ALL = ALL +EOF + +exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/sudoers.h new/sudo-1.8.10p3/plugins/sudoers/sudoers.h --- old/sudo-1.8.10p1/plugins/sudoers/sudoers.h 2014-03-07 22:51:21.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/sudoers.h 2014-05-07 02:26:16.000000000 +0200 @@ -236,7 +236,7 @@ bool user_is_exempt(void); /* prompt.c */ -char *expand_prompt(const char *old_prompt, const char *user, const char *host); +char *expand_prompt(const char *old_prompt, const char *auth_user); /* timestamp.c */ void remove_timestamp(bool); @@ -326,7 +326,7 @@ char *get_timestr(time_t, int); /* boottime.c */ -int get_boottime(struct timeval *); +bool get_boottime(struct timeval *); /* iolog.c */ int io_set_max_sessid(const char *sessid); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/testsudoers.c new/sudo-1.8.10p3/plugins/sudoers/testsudoers.c --- old/sudo-1.8.10p1/plugins/sudoers/testsudoers.c 2014-03-07 22:50:56.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/testsudoers.c 2014-05-05 22:35:09.000000000 +0200 @@ -685,6 +685,6 @@ void usage(void) { - (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-p grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); + (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-P grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); exit(1); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/timestamp.c new/sudo-1.8.10p3/plugins/sudoers/timestamp.c --- old/sudo-1.8.10p1/plugins/sudoers/timestamp.c 2014-03-13 22:18:40.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/sudoers/timestamp.c 2014-03-17 15:10:25.000000000 +0100 @@ -119,11 +119,13 @@ */ while (read(fd, &cur, sizeof(cur)) == sizeof(cur)) { if (cur.size != sizeof(cur)) { - /* wrong size, seek to next record */ + /* wrong size, seek to start of next record */ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "wrong sized record, got %hu, expected %zu", cur.size, sizeof(cur)); lseek(fd, (off_t)cur.size - (off_t)sizeof(cur), SEEK_CUR); + if (cur.size == 0) + break; /* size must be non-zero */ continue; } if (ts_match_record(key, &cur)) { @@ -327,6 +329,10 @@ int fd; debug_decl(update_timestamp, SUDO_DEBUG_AUTH) + /* Zero timeout means don't update the time stamp file. */ + if (def_timestamp_timeout == 0) + goto done; + /* Check/create parent directories as needed. */ if (!ts_secure_dir(def_timestampdir, true, false)) goto done; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sudo-1.8.10p1/plugins/system_group/system_group.c new/sudo-1.8.10p3/plugins/system_group/system_group.c --- old/sudo-1.8.10p1/plugins/system_group/system_group.c 2014-03-07 22:50:56.000000000 +0100 +++ new/sudo-1.8.10p3/plugins/system_group/system_group.c 2014-05-07 03:33:06.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Todd C. Miller <todd.mil...@courtesan.com> + * Copyright (c) 2010-2014 Todd C. Miller <todd.mil...@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -140,11 +140,13 @@ grp = sysgroup_getgrgid(gid); } if (grp != NULL) { - for (member = grp->gr_mem; *member != NULL; member++) { - if (strcasecmp(user, *member) == 0) { - if (sysgroup_gr_delref) - sysgroup_gr_delref(grp); - return true; + if (grp->gr_mem != NULL) { + for (member = grp->gr_mem; *member != NULL; member++) { + if (strcasecmp(user, *member) == 0) { + if (sysgroup_gr_delref) + sysgroup_gr_delref(grp); + return true; + } } } if (sysgroup_gr_delref) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org