This patch will upgrade Sudo version 1.6.9 patchlevel 19 to Sudo version 1.6.9 patchlevel 20. To apply: $ cd sudo-1.6.9p19 $ patch -p1 < sudo-1.6.9p20.patch diff -ura sudo-1.6.9p19/CHANGES sudo-1.6.9p20/CHANGES --- sudo-1.6.9p19/CHANGES Wed Dec 3 12:45:45 2008 +++ sudo-1.6.9p20/CHANGES Wed Jan 28 11:08:36 2009 @@ -2149,3 +2149,10 @@ 677) Fixed behavior when ^C it entered at the password prompt on MacOS. Sudo 1.6.9p19 released. + +678) Only use the cached supplementory group vector when matching groups + for the invoking user. + +679) Fixed a compilation problem on AIX. + +Sudo 1.6.9p20 released. diff -ura sudo-1.6.9p19/LICENSE sudo-1.6.9p20/LICENSE --- sudo-1.6.9p19/LICENSE Tue Jun 12 13:08:04 2007 +++ sudo-1.6.9p20/LICENSE Wed Jan 28 11:15:52 2009 @@ -1,6 +1,6 @@ Sudo is distributed under the following ISC-style license: - Copyright (c) 1994-1996,1998-2005 Todd C. Miller + Copyright (c) 1994-1996,1998-2009 Todd C. Miller Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above diff -ura sudo-1.6.9p19/Makefile.in sudo-1.6.9p20/Makefile.in --- sudo-1.6.9p19/Makefile.in Wed Dec 3 12:46:32 2008 +++ sudo-1.6.9p20/Makefile.in Wed Jan 28 11:16:50 2009 @@ -20,7 +20,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.246.2.35 2008/12/03 17:46:32 millert Exp $ +# $Sudo: Makefile.in,v 1.246.2.36 2009/01/28 16:16:50 millert Exp $ # #### Start of system configuration section. #### @@ -134,7 +134,7 @@ LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.9p19 +VERSION = 1.6.9p20 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP \ diff -ura sudo-1.6.9p19/auth/aix_auth.c sudo-1.6.9p20/auth/aix_auth.c --- sudo-1.6.9p19/auth/aix_auth.c Fri Nov 14 05:50:45 2008 +++ sudo-1.6.9p20/auth/aix_auth.c Wed Jan 28 11:15:18 2009 @@ -47,7 +47,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.18.2.6 2008/11/14 10:50:45 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.18.2.7 2009/01/28 16:15:18 millert Exp $"; #endif /* lint */ /* @@ -81,8 +81,10 @@ struct passwd *pw; sudo_auth *auth; { +#ifdef HAVE_UNSETENV /* Unset AUTHSTATE as it may not be correct for the runas user. */ unsetenv("AUTHSTATE"); - +#endif + return(AUTH_SUCCESS); } diff -ura sudo-1.6.9p19/config.h.in sudo-1.6.9p20/config.h.in --- sudo-1.6.9p19/config.h.in Tue Dec 2 11:10:25 2008 +++ sudo-1.6.9p20/config.h.in Wed Jan 28 11:11:29 2009 @@ -444,6 +444,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H +/* Define to 1 if you have the `unsetenv' function. */ +#undef HAVE_UNSETENV + /* Define to 1 if you have the `utimes' function. */ #undef HAVE_UTIMES diff -ura sudo-1.6.9p19/configure sudo-1.6.9p20/configure --- sudo-1.6.9p19/configure Tue Dec 2 11:11:53 2008 +++ sudo-1.6.9p20/configure Wed Jan 28 11:12:06 2009 @@ -11867,6 +11867,100 @@ fi done + +for ac_func in unsetenv +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_var'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + fi ;; *-*-hiuxmpp*) diff -ura sudo-1.6.9p19/configure.in sudo-1.6.9p20/configure.in --- sudo-1.6.9p19/configure.in Tue Dec 2 12:31:15 2008 +++ sudo-1.6.9p20/configure.in Wed Jan 28 11:15:18 2009 @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.413.2.56 2008/12/02 17:31:15 millert Exp $ +dnl $Sudo: configure.in,v 1.413.2.57 2009/01/28 16:15:18 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller dnl @@ -1286,6 +1286,7 @@ # Use authenticate(3) as the default authentication method if test X"$with_aixauth" = X""; then AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) + AC_CHECK_FUNCS(unsetenv) fi ;; *-*-hiuxmpp*) diff -ura sudo-1.6.9p19/parse.c sudo-1.6.9p20/parse.c --- sudo-1.6.9p19/parse.c Sun Nov 2 09:35:53 2008 +++ sudo-1.6.9p20/parse.c Tue Jan 27 19:50:01 2009 @@ -90,7 +90,7 @@ #endif /* HAVE_EXTENDED_GLOB */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.21 2008/11/02 14:35:53 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.22 2009/01/28 00:50:01 millert Exp $"; #endif /* lint */ static int command_matches_dir __P((char *, size_t)); @@ -651,9 +651,11 @@ /* * If the user has a supplementary group vector, check it first. */ - for (i = 0; i < user_ngroups; i++) { - if (grp->gr_gid == user_groups[i]) - return(TRUE); + if (strcmp(user, user_name) == 0) { + for (i = 0; i < user_ngroups; i++) { + if (grp->gr_gid == user_groups[i]) + return(TRUE); + } } if (grp->gr_mem != NULL) { for (cur = grp->gr_mem; *cur; cur++) { diff -ura sudo-1.6.9p19/sudo.cat sudo-1.6.9p20/sudo.cat --- sudo-1.6.9p19/sudo.cat Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p20/sudo.cat Tue Jan 27 19:51:57 2009 @@ -61,7 +61,7 @@ -1.6.9p19 December 3, 2008 1 +1.6.9p20 January 27, 2008 1 @@ -127,7 +127,7 @@ -1.6.9p19 December 3, 2008 2 +1.6.9p20 January 27, 2008 2 @@ -193,7 +193,7 @@ -1.6.9p19 December 3, 2008 3 +1.6.9p20 January 27, 2008 3 @@ -259,7 +259,7 @@ -1.6.9p19 December 3, 2008 4 +1.6.9p20 January 27, 2008 4 @@ -325,7 +325,7 @@ -1.6.9p19 December 3, 2008 5 +1.6.9p20 January 27, 2008 5 @@ -391,7 +391,7 @@ -1.6.9p19 December 3, 2008 6 +1.6.9p20 January 27, 2008 6 @@ -457,7 +457,7 @@ -1.6.9p19 December 3, 2008 7 +1.6.9p20 January 27, 2008 7 @@ -523,7 +523,7 @@ -1.6.9p19 December 3, 2008 8 +1.6.9p20 January 27, 2008 8 @@ -589,6 +589,6 @@ -1.6.9p19 December 3, 2008 9 +1.6.9p20 January 27, 2008 9 diff -ura sudo-1.6.9p19/sudo.man.in sudo-1.6.9p20/sudo.man.in --- sudo-1.6.9p19/sudo.man.in Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p20/sudo.man.in Wed Jan 28 11:16:50 2009 @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.man.in,v 1.29.2.29 2008/12/03 17:47:11 millert Exp $ +.\" $Sudo: sudo.man.in,v 1.29.2.30 2009/01/28 16:16:50 millert Exp $ .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "December 3, 2008" "1.6.9p19" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -ura sudo-1.6.9p19/sudoers.cat sudo-1.6.9p20/sudoers.cat --- sudo-1.6.9p19/sudoers.cat Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p20/sudoers.cat Tue Jan 27 19:52:00 2009 @@ -61,7 +61,7 @@ -1.6.9p19 December 3, 2008 1 +1.6.9p20 January 27, 2008 1 @@ -127,7 +127,7 @@ -1.6.9p19 December 3, 2008 2 +1.6.9p20 January 27, 2008 2 @@ -193,7 +193,7 @@ -1.6.9p19 December 3, 2008 3 +1.6.9p20 January 27, 2008 3 @@ -259,7 +259,7 @@ -1.6.9p19 December 3, 2008 4 +1.6.9p20 January 27, 2008 4 @@ -325,7 +325,7 @@ -1.6.9p19 December 3, 2008 5 +1.6.9p20 January 27, 2008 5 @@ -391,7 +391,7 @@ -1.6.9p19 December 3, 2008 6 +1.6.9p20 January 27, 2008 6 @@ -457,7 +457,7 @@ -1.6.9p19 December 3, 2008 7 +1.6.9p20 January 27, 2008 7 @@ -523,7 +523,7 @@ -1.6.9p19 December 3, 2008 8 +1.6.9p20 January 27, 2008 8 @@ -589,7 +589,7 @@ -1.6.9p19 December 3, 2008 9 +1.6.9p20 January 27, 2008 9 @@ -655,7 +655,7 @@ -1.6.9p19 December 3, 2008 10 +1.6.9p20 January 27, 2008 10 @@ -721,7 +721,7 @@ -1.6.9p19 December 3, 2008 11 +1.6.9p20 January 27, 2008 11 @@ -787,7 +787,7 @@ -1.6.9p19 December 3, 2008 12 +1.6.9p20 January 27, 2008 12 @@ -853,7 +853,7 @@ -1.6.9p19 December 3, 2008 13 +1.6.9p20 January 27, 2008 13 @@ -919,7 +919,7 @@ -1.6.9p19 December 3, 2008 14 +1.6.9p20 January 27, 2008 14 @@ -985,7 +985,7 @@ -1.6.9p19 December 3, 2008 15 +1.6.9p20 January 27, 2008 15 @@ -1051,7 +1051,7 @@ -1.6.9p19 December 3, 2008 16 +1.6.9p20 January 27, 2008 16 @@ -1117,7 +1117,7 @@ -1.6.9p19 December 3, 2008 17 +1.6.9p20 January 27, 2008 17 @@ -1183,7 +1183,7 @@ -1.6.9p19 December 3, 2008 18 +1.6.9p20 January 27, 2008 18 @@ -1249,7 +1249,7 @@ -1.6.9p19 December 3, 2008 19 +1.6.9p20 January 27, 2008 19 @@ -1315,7 +1315,7 @@ -1.6.9p19 December 3, 2008 20 +1.6.9p20 January 27, 2008 20 @@ -1381,7 +1381,7 @@ -1.6.9p19 December 3, 2008 21 +1.6.9p20 January 27, 2008 21 @@ -1447,7 +1447,7 @@ -1.6.9p19 December 3, 2008 22 +1.6.9p20 January 27, 2008 22 @@ -1513,7 +1513,7 @@ -1.6.9p19 December 3, 2008 23 +1.6.9p20 January 27, 2008 23 @@ -1579,6 +1579,6 @@ -1.6.9p19 December 3, 2008 24 +1.6.9p20 January 27, 2008 24 diff -ura sudo-1.6.9p19/sudoers.man.in sudo-1.6.9p20/sudoers.man.in --- sudo-1.6.9p19/sudoers.man.in Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p20/sudoers.man.in Wed Jan 28 11:16:50 2009 @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.man.in,v 1.45.2.31 2008/12/03 17:47:11 millert Exp $ +.\" $Sudo: sudoers.man.in,v 1.45.2.32 2009/01/28 16:16:50 millert Exp $ .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "December 3, 2008" "1.6.9p19" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -ura sudo-1.6.9p19/version.h sudo-1.6.9p20/version.h --- sudo-1.6.9p19/version.h Wed Dec 3 12:46:32 2008 +++ sudo-1.6.9p20/version.h Wed Jan 28 11:16:50 2009 @@ -17,12 +17,12 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: version.h,v 1.66.2.22 2008/12/03 17:46:32 millert Exp $ + * $Sudo: version.h,v 1.66.2.23 2009/01/28 16:16:50 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.9p19"; +static const char version[] = "1.6.9p20"; #endif /* _SUDO_VERSION_H */ diff -ura sudo-1.6.9p19/visudo.cat sudo-1.6.9p20/visudo.cat --- sudo-1.6.9p19/visudo.cat Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p20/visudo.cat Tue Jan 27 19:52:03 2009 @@ -61,7 +61,7 @@ -1.6.9p19 December 3, 2008 1 +1.6.9p20 January 27, 2008 1 @@ -127,7 +127,7 @@ -1.6.9p19 December 3, 2008 2 +1.6.9p20 January 27, 2008 2 @@ -193,6 +193,6 @@ -1.6.9p19 December 3, 2008 3 +1.6.9p20 January 27, 2008 3 diff -ura sudo-1.6.9p19/visudo.man.in sudo-1.6.9p20/visudo.man.in --- sudo-1.6.9p19/visudo.man.in Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p20/visudo.man.in Wed Jan 28 11:16:50 2009 @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.20.2.24 2008/12/03 17:47:11 millert Exp $ +.\" $Sudo: visudo.man.in,v 1.20.2.25 2009/01/28 16:16:50 millert Exp $ .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: @@ -152,7 +152,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "December 3, 2008" "1.6.9p19" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l