Hello community,
here is the log from the commit of package sudo for openSUSE:Factory checked in
at 2014-05-17 06:43:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sudo (Old)
and /work/SRC/openSUSE:Factory/.sudo.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo"
Changes:
--------
--- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2014-03-18
16:21:27.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes 2014-05-17
06:43:36.000000000 +0200
@@ -1,0 +2,20 @@
+Thu May 15 13:00:31 UTC 2014 - vci...@suse.com
+
+- update to 1.8.10p3
+ * Fixed expansion of the %p escape in the prompt for "sudo -l"
+ when rootpw, runaspw or targetpw is set. Bug #639.
+ * Fixed matching of uids and gids which was broken in version 1.8.9
+ * PAM credential initialization has been re-enabled. It was
+ unintentionally disabled by default in version 1.8.8. The way
+ credentials are initialized has also been fixed. Bug #642.
+ * Fixed a descriptor leak on Linux when determing boot time. Sudo
+ normally closes extra descriptors before running a command so
+ the impact is limited. Bug #645.
+ * Fixed flushing of the last buffer of data when I/O logging is
+ enabled. This bug, introduced in version 1.8.9, could cause
+ incomplete command output on some systems. Bug #646.
+ * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
+ is set to zero. Bug #638.
+- don't install test LICENSE with executable perms
+
+-------------------------------------------------------------------
Old:
----
sudo-1.8.10p1.tar.gz
New:
----
sudo-1.8.10p3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sudo.spec ++++++
--- /var/tmp/diff_new_pack.wp3bgn/_old 2014-05-17 06:43:37.000000000 +0200
+++ /var/tmp/diff_new_pack.wp3bgn/_new 2014-05-17 06:43:37.000000000 +0200
@@ -17,7 +17,7 @@
Name: sudo
-Version: 1.8.10p1
+Version: 1.8.10p3
Release: 0
Summary: Execute some commands as root
License: ISC
@@ -31,7 +31,6 @@
Patch0: sudoers2ldif-env.patch
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
Patch1: sudo-sudoers.patch
-# PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream
BuildRequires: audit-devel
BuildRequires: groff
BuildRequires: libselinux-devel
@@ -125,7 +124,7 @@
install -m 755 %{SOURCE3} %{buildroot}/var/lib/tests/sudo
install -m 755 %{SOURCE4} %{buildroot}/var/lib/tests/sudo
install -d %{buildroot}%{_docdir}/%{name}-test
-install -m 755 %{buildroot}%{_docdir}/%{name}/LICENSE
%{buildroot}%{_docdir}/%{name}-test/LICENSE
+install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE
%{buildroot}%{_docdir}/%{name}-test/LICENSE
%post
chmod 0440 %{_sysconfdir}/sudoers
++++++ sudo-1.8.10p1.tar.gz -> sudo-1.8.10p3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/ChangeLog new/sudo-1.8.10p3/ChangeLog
--- old/sudo-1.8.10p1/ChangeLog 2014-03-13 22:20:38.000000000 +0100
+++ new/sudo-1.8.10p3/ChangeLog 2014-05-07 03:34:27.000000000 +0200
@@ -1,3 +1,88 @@
+2014-05-06 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * compat/getgrouplist.c, plugins/group_file/group_file.c,
+ plugins/system_group/system_group.c:
+ deal with NULL gr_mem here too
+ [0db43ed71001]
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.10p3
+ [3f415a180023]
+
+2014-05-02 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * common/event.c:
+ Fix non-blocking mode. We only want to exit the event loop when
+ poll() or select() returns 0 and there are no active events. This
+ fixes a problem on some systems where the last buffer was not being
+ written when the command exited.
+ [deb6b1a7b241]
+
+2014-04-28 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
+ Make get_boottime() return bool.
+ [9ff15a995d01]
+
+ * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
+ Fix fd leak on Linux when determing boot time. This is usually
+ masked by the closefrom() call in sudo. From Jamie Anderson. Bug
+ #645
+ [0b4c430e8b88]
+
+2014-04-15 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
+ Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
+ changing the user. This is the correct flag to use with a program
+ that changes the uid like su or sudo and fixes a role problem on
+ Solaris. From Gary Winiger; Bug #642
+ [ec23c3bf41bb]
+
+ * plugins/sudoers/defaults.c:
+ pam_setcred should default to true; from Gary Winiger Bug #642
+ [23e6628ec546]
+
+2014-04-09 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/match.c,
+ plugins/sudoers/regress/testsudoers/test6.out.ok,
+ plugins/sudoers/regress/testsudoers/test6.sh,
+ plugins/sudoers/regress/testsudoers/test7.out.ok,
+ plugins/sudoers/regress/testsudoers/test7.sh:
+ Fix matching of uids and gids broken in sudo 1.8.9.
+ [315eff4add59]
+
+ * plugins/sudoers/testsudoers.c:
+ Fix -P option in usage()
+ [50753b6222b7]
+
+2014-03-19 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/sudoers.h:
+ Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
+ or targetpw is set. Bug #639
+ [dff0208d1194]
+
+2014-03-17 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * NEWS, configure, configure.ac:
+ Sudo 1.8.10p2
+ [774ebec63b41]
+
+ * plugins/sudoers/timestamp.c:
+ Don't write an empty timestamp record when timestamp_timeout is
+ zero. If we find an empty record in the timestamp file, overwrite it
+ with a good one, truncating the file as needed.
+ [9c226d81b660]
+
+2014-03-15 Todd C. Miller <todd.mil...@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix typos in description of the -x option. Bug #637
+ [6ff2bfaaf99d]
+
2014-03-13 Todd C. Miller <todd.mil...@courtesan.com>
* NEWS, configure, configure.ac:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/MANIFEST new/sudo-1.8.10p3/MANIFEST
--- old/sudo-1.8.10p1/MANIFEST 2014-03-13 22:18:40.000000000 +0100
+++ new/sudo-1.8.10p3/MANIFEST 2014-05-05 22:35:14.000000000 +0200
@@ -364,6 +364,10 @@
plugins/sudoers/regress/testsudoers/test4.sh
plugins/sudoers/regress/testsudoers/test5.out.ok
plugins/sudoers/regress/testsudoers/test5.sh
+plugins/sudoers/regress/testsudoers/test6.out.ok
+plugins/sudoers/regress/testsudoers/test6.sh
+plugins/sudoers/regress/testsudoers/test7.out.ok
+plugins/sudoers/regress/testsudoers/test7.sh
plugins/sudoers/regress/visudo/test1.out.ok
plugins/sudoers/regress/visudo/test1.sh
plugins/sudoers/regress/visudo/test2.err.ok
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/NEWS new/sudo-1.8.10p3/NEWS
--- old/sudo-1.8.10p1/NEWS 2014-03-13 22:18:40.000000000 +0100
+++ new/sudo-1.8.10p3/NEWS 2014-05-07 02:11:45.000000000 +0200
@@ -1,3 +1,28 @@
+What's new in Sudo 1.8.10p3?
+
+ * Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
+ runaspw or targetpw is set. Bug #639
+
+ * Fixed matching of uids and gids which was broken in version 1.8.9.
+ Bug #640
+
+ * PAM credential initialization has been re-enabled. It was
+ unintentionally disabled by default in version 1.8.8. The way
+ credentials are initialized has also been fixed. Bug #642.
+
+ * Fixed a descriptor leak on Linux when determing boot time. Sudo
+ normally closes extra descriptors before running a command so
+ the impact is limited. Bug #645
+
+ * Fixed flushing of the last buffer of data when I/O logging is
+ enabled. This bug, introduced in version 1.8.9, could cause
+ incomplete command output on some systems. Bug #646
+
+What's new in Sudo 1.8.10p2?
+
+ * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
+ is set to zero.
+
What's new in Sudo 1.8.10p1?
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/common/event.c
new/sudo-1.8.10p3/common/event.c
--- old/sudo-1.8.10p1/common/event.c 2014-03-07 22:51:19.000000000 +0100
+++ new/sudo-1.8.10p3/common/event.c 2014-05-05 22:35:27.000000000 +0200
@@ -286,6 +286,11 @@
TAILQ_INSERT_TAIL(&base->active, ev, active_entries);
SET(ev->flags, SUDO_EVQ_ACTIVE);
}
+ if (ISSET(flags, SUDO_EVLOOP_NONBLOCK)) {
+ /* If nonblocking, return immediately if no active events. */
+ if (TAILQ_EMPTY(&base->active))
+ goto done;
+ }
break;
default:
/* I/O events active, sudo_ev_scan_impl() already added them. */
@@ -333,7 +338,7 @@
SET(base->flags, SUDO_EVBASE_GOT_EXIT);
goto done;
}
- if (flags & (SUDO_EVLOOP_ONCE | SUDO_EVLOOP_NONBLOCK))
+ if (ISSET(flags, SUDO_EVLOOP_ONCE))
break;
}
done:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/compat/getgrouplist.c
new/sudo-1.8.10p3/compat/getgrouplist.c
--- old/sudo-1.8.10p1/compat/getgrouplist.c 2014-03-07 22:50:56.000000000
+0100
+++ new/sudo-1.8.10p3/compat/getgrouplist.c 2014-05-07 03:33:06.000000000
+0200
@@ -318,7 +318,7 @@
setgrent();
while ((grp = getgrent()) != NULL) {
- if (grp->gr_gid == basegid)
+ if (grp->gr_gid == basegid || grp->gr_mem == NULL)
continue;
for (i = 0; grp->gr_mem[i] != NULL; i++) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/configure new/sudo-1.8.10p3/configure
--- old/sudo-1.8.10p1/configure 2014-03-13 22:18:40.000000000 +0100
+++ new/sudo-1.8.10p3/configure 2014-05-07 02:11:45.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.8.10p1.
+# Generated by GNU Autoconf 2.69 for sudo 1.8.10p3.
#
# Report bugs to <http://www.sudo.ws/bugs/>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.10p1'
-PACKAGE_STRING='sudo 1.8.10p1'
+PACKAGE_VERSION='1.8.10p3'
+PACKAGE_STRING='sudo 1.8.10p3'
PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
PACKAGE_URL=''
@@ -1505,7 +1505,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures sudo 1.8.10p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.10p3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1570,7 +1570,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of sudo 1.8.10p1:";;
+ short | recursive ) echo "Configuration of sudo 1.8.10p3:";;
esac
cat <<\_ACEOF
@@ -1802,7 +1802,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-sudo configure 1.8.10p1
+sudo configure 1.8.10p3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2511,7 +2511,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by sudo $as_me 1.8.10p1, which was
+It was created by sudo $as_me 1.8.10p3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -22958,7 +22958,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by sudo $as_me 1.8.10p1, which was
+This file was extended by sudo $as_me 1.8.10p3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -23024,7 +23024,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-sudo config.status 1.8.10p1
+sudo config.status 1.8.10p3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/configure.ac
new/sudo-1.8.10p3/configure.ac
--- old/sudo-1.8.10p1/configure.ac 2014-03-13 22:18:40.000000000 +0100
+++ new/sudo-1.8.10p3/configure.ac 2014-05-07 02:11:46.000000000 +0200
@@ -4,7 +4,7 @@
dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller
<todd.mil...@courtesan.com>
dnl
AC_PREREQ([2.59])
-AC_INIT([sudo], [1.8.10p1], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.10p3], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
AC_CONFIG_SRCDIR([src/sudo.c])
dnl
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/doc/CONTRIBUTORS
new/sudo-1.8.10p3/doc/CONTRIBUTORS
--- old/sudo-1.8.10p1/doc/CONTRIBUTORS 2014-03-07 22:51:19.000000000 +0100
+++ new/sudo-1.8.10p3/doc/CONTRIBUTORS 2014-05-07 02:21:22.000000000 +0200
@@ -6,6 +6,7 @@
Ackeret, Matt
Adler, Mark
Allbery, Russ
+ Anderson, Jamie
Andrew, Nick
Andric, Dimitry
Barron, Danny
@@ -155,6 +156,7 @@
Webb, Kirk
Wetzel, Timm
Wieringen, Marco van
+ Winiger, Gary
Wood, David
Zacarias, Gustavo
Zolnowsky, John
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/doc/visudo.cat
new/sudo-1.8.10p3/doc/visudo.cat
--- old/sudo-1.8.10p1/doc/visudo.cat 2014-03-07 22:51:21.000000000 +0100
+++ new/sudo-1.8.10p3/doc/visudo.cat 2014-03-17 15:10:25.000000000 +0100
@@ -74,9 +74,9 @@
-�-x�x _�f_�i_�l_�e, -�--�-e�ex�xp�po�or�rt�t=_�f_�i_�l_�e
Export _�s_�u_�d_�o_�e_�r_�s in JSON format and write it to
_�f_�i_�l_�e. If _�f_�i_�l_�e
- is `-', the exported _�s_�u_�d_�o_�e_�r_�s policy will to be
written to the
+ is `-', the exported _�s_�u_�d_�o_�e_�r_�s policy will be
written to the
standard output. The exported format is intended to be
- easier for third-party applications to parse that the
+ easier for third-party applications to parse than the
traditional _�s_�u_�d_�o_�e_�r_�s format. The various values
have explicit
types which removes much of the ambiguity of the
_�s_�u_�d_�o_�e_�r_�s
format.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/doc/visudo.man.in
new/sudo-1.8.10p3/doc/visudo.man.in
--- old/sudo-1.8.10p1/doc/visudo.man.in 2014-03-07 22:51:21.000000000 +0100
+++ new/sudo-1.8.10p3/doc/visudo.man.in 2014-03-17 15:10:25.000000000 +0100
@@ -216,9 +216,9 @@
\(oq-\(cq,
the exported
\fIsudoers\fR
-policy will to be written to the standard output.
+policy will be written to the standard output.
The exported format is intended to be easier for third-party
-applications to parse that the traditional
+applications to parse than the traditional
\fIsudoers\fR
format.
The various values have explicit types which removes much of the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/doc/visudo.mdoc.in
new/sudo-1.8.10p3/doc/visudo.mdoc.in
--- old/sudo-1.8.10p1/doc/visudo.mdoc.in 2014-03-07 22:51:19.000000000
+0100
+++ new/sudo-1.8.10p3/doc/visudo.mdoc.in 2014-03-17 15:10:25.000000000
+0100
@@ -207,9 +207,9 @@
.Ql - ,
the exported
.Em sudoers
-policy will to be written to the standard output.
+policy will be written to the standard output.
The exported format is intended to be easier for third-party
-applications to parse that the traditional
+applications to parse than the traditional
.Em sudoers
format.
The various values have explicit types which removes much of the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/group_file/group_file.c
new/sudo-1.8.10p3/plugins/group_file/group_file.c
--- old/sudo-1.8.10p1/plugins/group_file/group_file.c 2014-03-07
22:50:56.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/group_file/group_file.c 2014-05-07
03:33:06.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010-2013 Todd C. Miller <todd.mil...@courtesan.com>
+ * Copyright (c) 2010-2014 Todd C. Miller <todd.mil...@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -121,7 +121,7 @@
char **member;
grp = mygetgrnam(group);
- if (grp != NULL) {
+ if (grp != NULL && grp->gr_mem != NULL) {
for (member = grp->gr_mem; *member != NULL; member++) {
if (strcasecmp(user, *member) == 0)
return true;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/auth/pam.c
new/sudo-1.8.10p3/plugins/sudoers/auth/pam.c
--- old/sudo-1.8.10p1/plugins/sudoers/auth/pam.c 2014-03-07
22:50:56.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/auth/pam.c 2014-05-05
22:35:23.000000000 +0200
@@ -230,7 +230,7 @@
(void) pam_set_item(pamh, PAM_USER, pw->pw_name);
/*
- * Set credentials (may include resource limits, device ownership, etc).
+ * Reinitialize credentials when changing the user.
* We don't worry about a failure from pam_setcred() since with
* stacked PAM auth modules a failure from one module may override
* PAM_SUCCESS from another. For example, given a non-local user,
@@ -238,7 +238,7 @@
* pam_unix is first in the stack, pam_setcred() will fail.
*/
if (def_pam_setcred)
- (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED);
if (def_pam_session) {
*pam_status = pam_open_session(pamh, 0);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/boottime.c
new/sudo-1.8.10p3/plugins/sudoers/boottime.c
--- old/sudo-1.8.10p1/plugins/sudoers/boottime.c 2014-03-07
22:51:19.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/boottime.c 2014-05-07
02:26:16.000000000 +0200
@@ -28,6 +28,11 @@
# include <stdlib.h>
# endif
#endif /* STDC_HEADERS */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
#ifdef HAVE_STRING_H
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
# include <memory.h>
@@ -60,13 +65,14 @@
*/
#if defined(__linux__)
-int
+bool
get_boottime(struct timeval *tv)
{
char *ep, *line = NULL;
size_t linesize = 0;
+ bool found = false;
ssize_t len;
- FILE * fp;
+ FILE *fp;
debug_decl(get_boottime, SUDO_DEBUG_UTIL)
/* read btime from /proc/stat */
@@ -78,7 +84,8 @@
if (llval > 0) {
tv->tv_sec = (time_t)llval;
tv->tv_usec = 0;
- debug_return_bool(1);
+ found = true;
+ break;
}
}
}
@@ -86,12 +93,12 @@
free(line);
}
- debug_return_bool(0);
+ debug_return_bool(found);
}
#elif defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME)
-int
+bool
get_boottime(struct timeval *tv)
{
size_t size;
@@ -102,9 +109,9 @@
mib[1] = KERN_BOOTTIME;
size = sizeof(*tv);
if (sysctl(mib, 2, tv, &size, NULL, 0) != -1)
- debug_return_bool(1);
+ debug_return_bool(true);
- debug_return_bool(0);
+ debug_return_bool(false);
}
#elif defined(HAVE_GETUTXID)
@@ -151,6 +158,6 @@
get_boottime(struct timeval *tv)
{
debug_decl(get_boottime, SUDO_DEBUG_UTIL)
- debug_return_bool(0);
+ debug_return_bool(false);
}
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/check.c
new/sudo-1.8.10p3/plugins/sudoers/check.c
--- old/sudo-1.8.10p1/plugins/sudoers/check.c 2014-03-07 22:51:21.000000000
+0100
+++ new/sudo-1.8.10p3/plugins/sudoers/check.c 2014-05-05 22:35:05.000000000
+0200
@@ -93,7 +93,7 @@
/* Expand any escapes in the prompt. */
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
- user_name, user_shost);
+ auth_pw->pw_name);
rval = verify_user(auth_pw, prompt, validated);
if (rval == true && lectured)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/defaults.c
new/sudo-1.8.10p3/plugins/sudoers/defaults.c
--- old/sudo-1.8.10p1/plugins/sudoers/defaults.c 2014-03-07
22:51:19.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/defaults.c 2014-05-05
22:35:20.000000000 +0200
@@ -489,6 +489,7 @@
#endif
def_editor = estrdup(EDITOR);
def_set_utmp = true;
+ def_pam_setcred = true;
/* Finally do the lists (currently just environment tables). */
init_envtables();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/match.c
new/sudo-1.8.10p3/plugins/sudoers/match.c
--- old/sudo-1.8.10p1/plugins/sudoers/match.c 2014-03-07 22:51:19.000000000
+0100
+++ new/sudo-1.8.10p3/plugins/sudoers/match.c 2014-05-05 22:35:14.000000000
+0200
@@ -803,7 +803,7 @@
if (pw != NULL && *sudoers_user == '#') {
uid = (uid_t) atoid(sudoers_user + 1, NULL, NULL, &errstr);
- if (errstr != NULL && uid == pw->pw_uid) {
+ if (errstr == NULL && uid == pw->pw_uid) {
rc = true;
goto done;
}
@@ -830,7 +830,7 @@
if (*sudoers_group == '#') {
gid = (gid_t) atoid(sudoers_group + 1, NULL, NULL, &errstr);
- if (errstr != NULL && gid == gr->gr_gid) {
+ if (errstr == NULL && gid == gr->gr_gid) {
rc = true;
goto done;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/prompt.c
new/sudo-1.8.10p3/plugins/sudoers/prompt.c
--- old/sudo-1.8.10p1/plugins/sudoers/prompt.c 2014-03-07 22:50:56.000000000
+0100
+++ new/sudo-1.8.10p3/plugins/sudoers/prompt.c 2014-05-05 22:35:05.000000000
+0200
@@ -47,7 +47,7 @@
* allocated result. Returns the same string if there are no escapes.
*/
char *
-expand_prompt(const char *old_prompt, const char *user, const char *host)
+expand_prompt(const char *old_prompt, const char *auth_user)
{
size_t len, n;
int subst;
@@ -72,12 +72,7 @@
break;
case 'p':
p++;
- if (def_rootpw)
- len += 2;
- else if (def_targetpw || def_runaspw)
- len += strlen(runas_pw->pw_name) - 2;
- else
- len += strlen(user_name) - 2;
+ len += strlen(auth_user) - 2;
subst = 1;
break;
case 'u':
@@ -123,12 +118,7 @@
continue;
case 'p':
p++;
- if (def_rootpw)
- n = strlcpy(np, "root", np - endp);
- else if (def_targetpw || def_runaspw)
- n = strlcpy(np, runas_pw->pw_name, np - endp);
- else
- n = strlcpy(np, user_name, np - endp);
+ n = strlcpy(np, auth_user, np - endp);
if (n >= (size_t)(np - endp))
goto oflow;
np += n;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.out.ok
new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.out.ok
--- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.out.ok
1970-01-01 01:00:00.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.out.ok
2014-05-05 22:35:14.000000000 +0200
@@ -0,0 +1,10 @@
+Parses OK.
+
+Entries for user root:
+
+ALL = ALL
+ host matched
+ runas matched
+ cmnd allowed
+
+Command allowed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.sh
new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.sh
--- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test6.sh
1970-01-01 01:00:00.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test6.sh
2014-05-05 22:35:14.000000000 +0200
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# Verify sudoers matching by uid.
+#
+
+exec 2>&1
+./testsudoers root id <<EOF
+#0 ALL = ALL
+EOF
+
+exit 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.out.ok
new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.out.ok
--- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.out.ok
1970-01-01 01:00:00.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.out.ok
2014-05-05 22:35:14.000000000 +0200
@@ -0,0 +1,10 @@
+Parses OK.
+
+Entries for user root:
+
+ALL = ALL
+ host matched
+ runas matched
+ cmnd allowed
+
+Command allowed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.sh
new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.sh
--- old/sudo-1.8.10p1/plugins/sudoers/regress/testsudoers/test7.sh
1970-01-01 01:00:00.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/regress/testsudoers/test7.sh
2014-05-05 22:35:14.000000000 +0200
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# Verify sudoers matching by gid.
+#
+
+exec 2>&1
+./testsudoers root id <<EOF
+%#0 ALL = ALL
+EOF
+
+exit 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/sudoers.h
new/sudo-1.8.10p3/plugins/sudoers/sudoers.h
--- old/sudo-1.8.10p1/plugins/sudoers/sudoers.h 2014-03-07 22:51:21.000000000
+0100
+++ new/sudo-1.8.10p3/plugins/sudoers/sudoers.h 2014-05-07 02:26:16.000000000
+0200
@@ -236,7 +236,7 @@
bool user_is_exempt(void);
/* prompt.c */
-char *expand_prompt(const char *old_prompt, const char *user, const char
*host);
+char *expand_prompt(const char *old_prompt, const char *auth_user);
/* timestamp.c */
void remove_timestamp(bool);
@@ -326,7 +326,7 @@
char *get_timestr(time_t, int);
/* boottime.c */
-int get_boottime(struct timeval *);
+bool get_boottime(struct timeval *);
/* iolog.c */
int io_set_max_sessid(const char *sessid);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/testsudoers.c
new/sudo-1.8.10p3/plugins/sudoers/testsudoers.c
--- old/sudo-1.8.10p1/plugins/sudoers/testsudoers.c 2014-03-07
22:50:56.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/testsudoers.c 2014-05-05
22:35:09.000000000 +0200
@@ -685,6 +685,6 @@
void
usage(void)
{
- (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h
host] [-p grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command>
[args]\n", getprogname());
+ (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h
host] [-P grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command>
[args]\n", getprogname());
exit(1);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/sudoers/timestamp.c
new/sudo-1.8.10p3/plugins/sudoers/timestamp.c
--- old/sudo-1.8.10p1/plugins/sudoers/timestamp.c 2014-03-13
22:18:40.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/sudoers/timestamp.c 2014-03-17
15:10:25.000000000 +0100
@@ -119,11 +119,13 @@
*/
while (read(fd, &cur, sizeof(cur)) == sizeof(cur)) {
if (cur.size != sizeof(cur)) {
- /* wrong size, seek to next record */
+ /* wrong size, seek to start of next record */
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"wrong sized record, got %hu, expected %zu",
cur.size, sizeof(cur));
lseek(fd, (off_t)cur.size - (off_t)sizeof(cur), SEEK_CUR);
+ if (cur.size == 0)
+ break; /* size must be non-zero */
continue;
}
if (ts_match_record(key, &cur)) {
@@ -327,6 +329,10 @@
int fd;
debug_decl(update_timestamp, SUDO_DEBUG_AUTH)
+ /* Zero timeout means don't update the time stamp file. */
+ if (def_timestamp_timeout == 0)
+ goto done;
+
/* Check/create parent directories as needed. */
if (!ts_secure_dir(def_timestampdir, true, false))
goto done;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sudo-1.8.10p1/plugins/system_group/system_group.c
new/sudo-1.8.10p3/plugins/system_group/system_group.c
--- old/sudo-1.8.10p1/plugins/system_group/system_group.c 2014-03-07
22:50:56.000000000 +0100
+++ new/sudo-1.8.10p3/plugins/system_group/system_group.c 2014-05-07
03:33:06.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010-2013 Todd C. Miller <todd.mil...@courtesan.com>
+ * Copyright (c) 2010-2014 Todd C. Miller <todd.mil...@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -140,11 +140,13 @@
grp = sysgroup_getgrgid(gid);
}
if (grp != NULL) {
- for (member = grp->gr_mem; *member != NULL; member++) {
- if (strcasecmp(user, *member) == 0) {
- if (sysgroup_gr_delref)
- sysgroup_gr_delref(grp);
- return true;
+ if (grp->gr_mem != NULL) {
+ for (member = grp->gr_mem; *member != NULL; member++) {
+ if (strcasecmp(user, *member) == 0) {
+ if (sysgroup_gr_delref)
+ sysgroup_gr_delref(grp);
+ return true;
+ }
}
}
if (sysgroup_gr_delref)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
