This patch will upgrade Sudo version 1.7.2 patchlevel 6 to Sudo version 1.7.2 patchlevel 7. To apply: $ cd sudo-1.7.2p6 $ patch -p1 < sudo-1.7.2p7.patch diff -urNa sudo-1.7.2p6/ChangeLog sudo-1.7.2p7/ChangeLog --- sudo-1.7.2p6/ChangeLog Fri Apr 9 06:32:10 2010 +++ sudo-1.7.2p7/ChangeLog Wed Jun 2 10:14:40 2010 @@ -1,38 +1,79 @@ +2010-06-02 Todd C. Miller + + * auth/pam.c: Fix OpenPAM detection for newer versions. + + * vasgroups.c: Sync with Quest sudo git repo + + * aclocal.m4, configure, configure.in: Adapted from Quest sudo. + HP-UX ld uses +b instead of -R or -rpath. + Fix typo in libvas check. + libvas may need libdl for dlopen(). + Add missing template for ENV_DEBUG. + + * README.LDAP: + Fix typos; from Quest Sudo + + * Makefile.in, configure.in: + Use value of SHELL from configure in Makefile + +2010-05-28 Todd C. Miller + + * env.c: Handle duplicate variables in the environment. + For unsetenv(), keep looking even after remove the first instance. + For sudo_putenv(), check for and remove dupes after we replace an + existing value. + +2010-04-29 Todd C. Miller + + * visudo.c: Fix a crash when checking a sudoers file that has aliases + that reference themselves. Based on a diff from David Wood. + +2010-04-15 Todd C. Miller + + * alias.c: Fix use after free in error message when a duplicate + alias exists. + +2010-04-14 Todd C. Miller + + * visudo.c: Set errorfile to the sudoers path if we set parse_error + manually. This prevents a NULL dereference in printf() when + checking a sudoers file in strict mode when alias errors are present. + 2010-04-09 Todd C. Miller - * configure, configure.in: Fix installation of sudoers.ldap - in "make install" when --with-ldap was specified without a - directory. From Prof. Dr. Andreas Mueller + * configure, configure.in: Fix installation of sudoers.ldap + in "make install" when --with-ldap was specified without a + directory. From Prof. Dr. Andreas Mueller 2010-04-09 Todd C. Miller - * find_path.c: Qualify the command even if it is in the - current working directory, e.g. "./foo" instead of just - returning "foo". This removes an ambiguity between real - commands and possible pseudo-commands in command matching. + * find_path.c: Qualify the command even if it is in the + current working directory, e.g. "./foo" instead of just + returning "foo". This removes an ambiguity between real + commands and possible pseudo-commands in command matching. 2010-04-07 Todd C. Miller - * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about - the security implications of the fast_glob option. + * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about + the security implications of the fast_glob option. * memrchr.c: Remove duplicate includes 2010-03-10 Todd C. Miller - * sudo.c: Fix a bug introduced with def_closefrom. The value - of def_closefrom already includes the +1. + * sudo.c: Fix a bug introduced with def_closefrom. The value + of def_closefrom already includes the +1. 2010-03-09 Todd C. Miller - * match.c: When doing a glob match, short circuit if - gl.gl_pathc is 0. From Mark Kettenis. + * match.c: When doing a glob match, short circuit if + gl.gl_pathc is 0. From Mark Kettenis. 2010-02-22 Todd C. Miller - * match.c: Check for pseudo-command by looking at the first - character of the command in sudoers instead of checking the - user-supplied command for a slash. + * match.c: Check for pseudo-command by looking at the first + character of the command in sudoers instead of checking the + user-supplied command for a slash. 2010-02-09 Todd C. Miller diff -urNa sudo-1.7.2p6/Makefile.in sudo-1.7.2p7/Makefile.in --- sudo-1.7.2p6/Makefile.in Fri Apr 9 17:13:21 2010 +++ sudo-1.7.2p7/Makefile.in Wed Jun 2 08:59:42 2010 @@ -96,7 +96,7 @@ #### End of system configuration section. #### -SHELL = /bin/sh +SHELL = @SHELL@ PROGS = @PROGS@ diff -urNa sudo-1.7.2p6/README.LDAP sudo-1.7.2p7/README.LDAP --- sudo-1.7.2p6/README.LDAP Fri Apr 9 06:12:02 2010 +++ sudo-1.7.2p7/README.LDAP Wed Jun 2 09:08:07 2010 @@ -35,7 +35,7 @@ Build instructions ================== -The most simplest way to build sudo with LDAP support is to include the +The simplest way to build sudo with LDAP support is to include the '--with-ldap' option. $ ./configure --with-ldap @@ -48,7 +48,7 @@ Sudo is developed using OpenLDAP but Netscape-based LDAP libraries (such as those present in Solaris) are also known to work. -Your Mileage may vary. Please let the sudo workers mailing list +Your mileage may vary. Please let the sudo workers mailing list know if special configuration was required to build an LDAP-enabled sudo so we can improve sudo. diff -urNa sudo-1.7.2p6/aclocal.m4 sudo-1.7.2p7/aclocal.m4 --- sudo-1.7.2p6/aclocal.m4 Fri Apr 9 06:12:02 2010 +++ sudo-1.7.2p7/aclocal.m4 Wed Jun 2 09:23:20 2010 @@ -349,7 +349,12 @@ dnl AC_DEFUN(SUDO_APPEND_LIBPATH, [ if test X"$with_rpath" = X"yes"; then - $1="${$1} -L$2 -R$2" + case "$host" in + *-*-hpux*) $1="${$1} -L$2 -Wl,+b,$2" + ;; + *) $1="${$1} -L$2 -Wl,-R$2" + ;; + esac else $1="${$1} -L$2" fi diff -urNa sudo-1.7.2p6/alias.c sudo-1.7.2p7/alias.c --- sudo-1.7.2p6/alias.c Wed Mar 3 19:38:54 2010 +++ sudo-1.7.2p7/alias.c Thu Apr 15 06:15:16 2010 @@ -121,8 +121,8 @@ a->seqno = 0; list2tq(&a->members, members); if (rbinsert(aliases, a)) { - alias_free(a); snprintf(errbuf, sizeof(errbuf), "Alias `%s' already defined", name); + alias_free(a); return(errbuf); } return(NULL); diff -urNa sudo-1.7.2p6/auth/pam.c sudo-1.7.2p7/auth/pam.c --- sudo-1.7.2p6/auth/pam.c Fri Apr 9 06:12:02 2010 +++ sudo-1.7.2p7/auth/pam.c Wed Jun 2 10:14:59 2010 @@ -66,7 +66,8 @@ #include "sudo_auth.h" /* Only OpenPAM and Linux PAM use const qualifiers. */ -#if defined(_OPENPAM) || defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) +#if defined(_OPENPAM) || defined(OPENPAM_VERSION) || \ + defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) # define PAM_CONST const #else # define PAM_CONST diff -urNa sudo-1.7.2p6/configure sudo-1.7.2p7/configure --- sudo-1.7.2p6/configure Fri Apr 9 06:33:32 2010 +++ sudo-1.7.2p7/configure Wed Jun 2 09:38:22 2010 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p6. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p7. # # Report bugs to . # @@ -724,8 +724,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p6' -PACKAGE_STRING='sudo 1.7.2p6' +PACKAGE_VERSION='1.7.2p7' +PACKAGE_STRING='sudo 1.7.2p7' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -870,11 +870,11 @@ nsswitch_conf netsvc_conf secure_path -EGREPPROG CC ac_ct_CC EXEEXT OBJEXT +EGREPPROG CPP build build_cpu @@ -1417,7 +1417,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p6 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p6:";; + short | recursive ) echo "Configuration of sudo 1.7.2p7:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p6 +sudo configure 1.7.2p7 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p6, which was +It was created by sudo $as_me 1.7.2p7, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2124,6 +2124,7 @@ + timeout=5 password_timeout=5 sudo_umask=0022 @@ -3803,396 +3804,6 @@ fi - -# Check whether --with-libvas was given. -if test "${with_libvas+set}" = set; then - withval=$with_libvas; case $with_libvas in - yes) with_libvas=libvas.so - ;; - no) ;; - *) -cat >>confdefs.h <<_ACEOF -#define LIBVAS_SO "$with_with_libvas" -_ACEOF - - ;; -esac -if test X"$with_libvas" != X"no"; then - -cat >>confdefs.h <<_ACEOF -#define LIBVAS_SO "$with_libvas" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USING_NONUNIX_GROUPS 1 -_ACEOF - - NONUNIX_GROUPS_IMPL="vasgroups.o" - -# Check whether --with-libvas-rpath was given. -if test "${with_libvas_rpath+set}" = set; then - withval=$with_libvas_rpath; LIBVAS_RPATH=$withval -else - LIBVAS_RPATH=/opt/quest/lib -fi - -fi - -fi - - - -{ echo "$as_me:$LINENO: checking whether to do user authentication by default" >&5 -echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6; } -# Check whether --enable-authentication was given. -if test "${enable_authentication+set}" = set; then - enableval=$enable_authentication; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define NO_AUTHENTICATION 1 -_ACEOF - - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to disable running the mailer as root" >&5 -echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6; } -# Check whether --enable-root-mailer was given. -if test "${enable_root_mailer+set}" = set; then - enableval=$enable_root_mailer; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define NO_ROOT_MAILER 1 -_ACEOF - - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Check whether --enable-setreuid was given. -if test "${enable_setreuid+set}" = set; then - enableval=$enable_setreuid; case "$enableval" in - no) SKIP_SETREUID=yes - ;; - *) ;; - esac - -fi - - -# Check whether --enable-setresuid was given. -if test "${enable_setresuid+set}" = set; then - enableval=$enable_setresuid; case "$enableval" in - no) SKIP_SETRESUID=yes - ;; - *) ;; - esac - -fi - - -{ echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5 -echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6; } -# Check whether --enable-shadow was given. -if test "${enable_shadow+set}" = set; then - enableval=$enable_shadow; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CHECKSHADOW="false" - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether root should be allowed to use sudo" >&5 -echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6; } -# Check whether --enable-root-sudo was given. -if test "${enable_root_sudo+set}" = set; then - enableval=$enable_root_sudo; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) cat >>confdefs.h <<\_ACEOF -#define NO_ROOT_SUDO 1 -_ACEOF - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - root_sudo=off - ;; - *) { { echo "$as_me:$LINENO: error: \"--enable-root-sudo does not take an argument.\"" >&5 -echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to log the hostname in the log file" >&5 -echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6; } -# Check whether --enable-log-host was given. -if test "${enable_log_host+set}" = set; then - enableval=$enable_log_host; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define HOST_IN_LOG 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to invoke a shell if sudo is given no arguments" >&5 -echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6; } -# Check whether --enable-noargs-shell was given. -if test "${enable_noargs_shell+set}" = set; then - enableval=$enable_noargs_shell; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SHELL_IF_NO_ARGS 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to set \$HOME to target user in shell mode" >&5 -echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6; } -# Check whether --enable-shell-sets-home was given. -if test "${enable_shell_sets_home+set}" = set; then - enableval=$enable_shell_sets_home; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SHELL_SETS_HOME 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to disable 'command not found' messages" >&5 -echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6; } -# Check whether --enable-path_info was given. -if test "${enable_path_info+set}" = set; then - enableval=$enable_path_info; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define DONT_LEAK_PATH_INFO 1 -_ACEOF - - path_info=off - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5 -echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; } -# Check whether --enable-env_debug was given. -if test "${enable_env_debug+set}" = set; then - enableval=$enable_env_debug; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define ENV_DEBUG 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then - withval=$with_selinux; case $with_selinux in - yes) SELINUX_USAGE="[-r role] [-t type] " - cat >>confdefs.h <<\_ACEOF -#define HAVE_SELINUX 1 -_ACEOF - - SUDO_LIBS="${SUDO_LIBS} -lselinux" - SUDO_OBJS="${SUDO_OBJS} selinux.o" - PROGS="${PROGS} sesh" - SELINUX="" - SEMAN="" - ;; - no) ;; - *) { { echo "$as_me:$LINENO: error: \"--with-selinux does not take an argument.\"" >&5 -echo "$as_me: error: \"--with-selinux does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; -esac -fi - - -# Check whether --enable-gss_krb5_ccache_name was given. -if test "${enable_gss_krb5_ccache_name+set}" = set; then - enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval -else - check_gss_krb5_ccache_name=no -fi - - -# Extract the first word of "egrep", so it can be a program name with args. -set dummy egrep; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_EGREPPROG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$EGREPPROG"; then - ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_EGREPPROG="egrep" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -EGREPPROG=$ac_cv_prog_EGREPPROG -if test -n "$EGREPPROG"; then - { echo "$as_me:$LINENO: result: $EGREPPROG" >&5 -echo "${ECHO_T}$EGREPPROG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -if test -z "$EGREPPROG"; then - { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 -echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} - { (exit 1); exit 1; }; } -fi - -if test "$with_devel" != "yes"; then - ac_cv_prog_cc_g=no -fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -5113,6 +4724,461 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu + +# Check whether --with-libvas was given. +if test "${with_libvas+set}" = set; then + withval=$with_libvas; case $with_libvas in + yes) with_libvas=libvas.so + ;; + no) ;; + *) +cat >>confdefs.h <<_ACEOF +#define LIBVAS_SO "$with_libvas" +_ACEOF + + ;; +esac +if test X"$with_libvas" != X"no"; then + +cat >>confdefs.h <<_ACEOF +#define LIBVAS_SO "$with_libvas" +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define USING_NONUNIX_GROUPS 1 +_ACEOF + + NONUNIX_GROUPS_IMPL="vasgroups.o" + +# Check whether --with-libvas-rpath was given. +if test "${with_libvas_rpath+set}" = set; then + withval=$with_libvas_rpath; LIBVAS_RPATH=$withval +else + LIBVAS_RPATH=/opt/quest/lib +fi + + +{ echo "$as_me:$LINENO: checking for main in -ldl" >&5 +echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6; } +if test "${ac_cv_lib_dl_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dl_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dl_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_main" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_main" >&6; } +if test $ac_cv_lib_dl_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDL 1 +_ACEOF + + LIBS="-ldl $LIBS" + +fi + +fi + +fi + + + +{ echo "$as_me:$LINENO: checking whether to do user authentication by default" >&5 +echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6; } +# Check whether --enable-authentication was given. +if test "${enable_authentication+set}" = set; then + enableval=$enable_authentication; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + cat >>confdefs.h <<\_ACEOF +#define NO_AUTHENTICATION 1 +_ACEOF + + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to disable running the mailer as root" >&5 +echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6; } +# Check whether --enable-root-mailer was given. +if test "${enable_root_mailer+set}" = set; then + enableval=$enable_root_mailer; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define NO_ROOT_MAILER 1 +_ACEOF + + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +# Check whether --enable-setreuid was given. +if test "${enable_setreuid+set}" = set; then + enableval=$enable_setreuid; case "$enableval" in + no) SKIP_SETREUID=yes + ;; + *) ;; + esac + +fi + + +# Check whether --enable-setresuid was given. +if test "${enable_setresuid+set}" = set; then + enableval=$enable_setresuid; case "$enableval" in + no) SKIP_SETRESUID=yes + ;; + *) ;; + esac + +fi + + +{ echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5 +echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6; } +# Check whether --enable-shadow was given. +if test "${enable_shadow+set}" = set; then + enableval=$enable_shadow; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + CHECKSHADOW="false" + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether root should be allowed to use sudo" >&5 +echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6; } +# Check whether --enable-root-sudo was given. +if test "${enable_root_sudo+set}" = set; then + enableval=$enable_root_sudo; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + ;; + no) cat >>confdefs.h <<\_ACEOF +#define NO_ROOT_SUDO 1 +_ACEOF + + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + root_sudo=off + ;; + *) { { echo "$as_me:$LINENO: error: \"--enable-root-sudo does not take an argument.\"" >&5 +echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to log the hostname in the log file" >&5 +echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6; } +# Check whether --enable-log-host was given. +if test "${enable_log_host+set}" = set; then + enableval=$enable_log_host; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define HOST_IN_LOG 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6; } +# Check whether --enable-noargs-shell was given. +if test "${enable_noargs_shell+set}" = set; then + enableval=$enable_noargs_shell; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define SHELL_IF_NO_ARGS 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to set \$HOME to target user in shell mode" >&5 +echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6; } +# Check whether --enable-shell-sets-home was given. +if test "${enable_shell_sets_home+set}" = set; then + enableval=$enable_shell_sets_home; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define SHELL_SETS_HOME 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to disable 'command not found' messages" >&5 +echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6; } +# Check whether --enable-path_info was given. +if test "${enable_path_info+set}" = set; then + enableval=$enable_path_info; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define DONT_LEAK_PATH_INFO 1 +_ACEOF + + path_info=off + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5 +echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; } +# Check whether --enable-env_debug was given. +if test "${enable_env_debug+set}" = set; then + enableval=$enable_env_debug; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define ENV_DEBUG 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + +# Check whether --with-selinux was given. +if test "${with_selinux+set}" = set; then + withval=$with_selinux; case $with_selinux in + yes) SELINUX_USAGE="[-r role] [-t type] " + cat >>confdefs.h <<\_ACEOF +#define HAVE_SELINUX 1 +_ACEOF + + SUDO_LIBS="${SUDO_LIBS} -lselinux" + SUDO_OBJS="${SUDO_OBJS} selinux.o" + PROGS="${PROGS} sesh" + SELINUX="" + SEMAN="" + ;; + no) ;; + *) { { echo "$as_me:$LINENO: error: \"--with-selinux does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-selinux does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; +esac +fi + + +# Check whether --enable-gss_krb5_ccache_name was given. +if test "${enable_gss_krb5_ccache_name+set}" = set; then + enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval +else + check_gss_krb5_ccache_name=no +fi + + +# Extract the first word of "egrep", so it can be a program name with args. +set dummy egrep; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_EGREPPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$EGREPPROG"; then + ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_EGREPPROG="egrep" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +EGREPPROG=$ac_cv_prog_EGREPPROG +if test -n "$EGREPPROG"; then + { echo "$as_me:$LINENO: result: $EGREPPROG" >&5 +echo "${ECHO_T}$EGREPPROG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +if test -z "$EGREPPROG"; then + { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 +echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} + { (exit 1); exit 1; }; } +fi + +if test "$with_devel" != "yes"; then + ac_cv_prog_cc_g=no +fi + { echo "$as_me:$LINENO: checking for library containing strerror" >&5 echo $ECHO_N "checking for library containing strerror... $ECHO_C" >&6; } if test "${ac_cv_search_strerror+set}" = set; then @@ -6268,7 +6334,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6271 "configure"' > conftest.$ac_ext + echo '#line 6337 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8132,11 +8198,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8135: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8201: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8139: \$? = $ac_status" >&5 + echo "$as_me:8205: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8422,11 +8488,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8425: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8491: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8429: \$? = $ac_status" >&5 + echo "$as_me:8495: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8526,11 +8592,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8529: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8595: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8533: \$? = $ac_status" >&5 + echo "$as_me:8599: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10886,7 +10952,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) { echo "$as_me:$LINENO: checking for main in -ldl" >&5 echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6; } if test "${ac_cv_lib_dl_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -19903,7 +19977,9 @@ SUDO_LIBS="${SUDO_LIBS} -lpam" fi - ac_cv_lib_dl=ac_cv_lib_dl_main + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac @@ -20478,7 +20554,12 @@ if test "$with_fwtk" != "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -R${with_fwtk}" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" fi @@ -20505,7 +20586,12 @@ _LDFLAGS="${LDFLAGS}" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_SecurID}" fi @@ -20588,7 +20674,12 @@ if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}" fi @@ -20660,7 +20751,12 @@ else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib" fi @@ -20670,7 +20766,12 @@ if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib" fi @@ -21352,7 +21453,12 @@ else if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -R${with_kerb5}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib" fi @@ -21800,7 +21906,12 @@ if test -d ${i}; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -R$i" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,+b,$i" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,-R$i" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i" fi @@ -21859,7 +21970,12 @@ CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_skey}/lib" fi @@ -21869,7 +21985,12 @@ if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib" fi @@ -21944,7 +22065,12 @@ else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${dir}/lib" fi @@ -21954,7 +22080,12 @@ if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" fi @@ -22109,7 +22240,12 @@ CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_opie}/lib" fi @@ -22119,7 +22255,12 @@ if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib" fi @@ -22194,7 +22335,12 @@ else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${dir}/lib" fi @@ -22204,7 +22350,12 @@ if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" fi @@ -22864,7 +23015,12 @@ if test "$with_ldap" != "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -R${with_ldap}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib" fi @@ -22874,7 +23030,12 @@ if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -R${with_ldap}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_ldap}/lib" fi @@ -24011,7 +24172,12 @@ if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -24559,7 +24725,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p6, which was +This file was extended by sudo $as_me 1.7.2p7, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24608,7 +24774,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p6 +sudo config.status 1.7.2p7 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -24931,11 +25097,11 @@ nsswitch_conf!$nsswitch_conf$ac_delim netsvc_conf!$netsvc_conf$ac_delim secure_path!$secure_path$ac_delim -EGREPPROG!$EGREPPROG$ac_delim CC!$CC$ac_delim ac_ct_CC!$ac_ct_CC$ac_delim EXEEXT!$EXEEXT$ac_delim OBJEXT!$OBJEXT$ac_delim +EGREPPROG!$EGREPPROG$ac_delim CPP!$CPP$ac_delim build!$build$ac_delim build_cpu!$build_cpu$ac_delim @@ -25433,6 +25599,8 @@ ;; esac fi + + diff -urNa sudo-1.7.2p6/configure.in sudo-1.7.2p7/configure.in --- sudo-1.7.2p6/configure.in Fri Apr 9 06:32:18 2010 +++ sudo-1.7.2p7/configure.in Wed Jun 2 09:28:49 2010 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p6], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p7], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -13,6 +13,7 @@ dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST(HAVE_BSM_AUDIT) +AC_SUBST(SHELL) AC_SUBST(LIBTOOL) AC_SUBST(CFLAGS) AC_SUBST(PROGS) @@ -1044,7 +1045,7 @@ yes) with_libvas=libvas.so ;; no) ;; - *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_with_libvas"], [The name of libvas.so]) + *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) ;; esac if test X"$with_libvas" != X"no"; then @@ -1056,6 +1057,10 @@ [Path to look for libvas in [default=/opt/quest/lib]])], [LIBVAS_RPATH=$withval], [LIBVAS_RPATH=/opt/quest/lib]) + dnl + dnl Some platforms require libdl for dlopen() + dnl + AC_CHECK_LIB([dl], [main]) fi ]) @@ -1976,10 +1981,15 @@ dnl if test ${with_pam-"no"} != "no"; then dnl - dnl Linux may need this + dnl Some platforms need libdl for dlopen dnl - AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) - ac_cv_lib_dl=ac_cv_lib_dl_main + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac dnl dnl Some PAM implementations (MacOS X for example) put the PAM headers @@ -2524,7 +2534,12 @@ if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -2636,6 +2651,7 @@ AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) +AH_TEMPLATE(ENV_DEBUG, [Whether to enable environment debugging.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) diff -urNa sudo-1.7.2p6/env.c sudo-1.7.2p7/env.c --- sudo-1.7.2p6/env.c Fri Apr 9 06:12:02 2010 +++ sudo-1.7.2p7/env.c Fri May 28 10:04:41 2010 @@ -317,7 +317,7 @@ unsetenv(var) const char *var; { - char **ep; + char **ep = env.envp; size_t len; if (strchr(var, '=') != NULL) { @@ -355,13 +355,15 @@ } len = strlen(var); - for (ep = env.envp; *ep; ep++) { + while (*ep != NULL) { if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { /* Found it; shift remainder + NULL over by one and update len. */ memmove(ep, ep + 1, (env.env_len - (ep - env.envp)) * sizeof(char *)); env.env_len--; - break; + /* Keep going, could be multiple instances of the var. */ + } else { + ep++; } } #ifndef UNSETENV_VOID @@ -429,6 +431,7 @@ { char **ep; size_t len; + int found = FALSE; /* Make sure there is room for the new entry plus a NULL. */ if (env.env_len + 2 > env.env_size) { @@ -447,20 +450,34 @@ #endif if (dupcheck) { - len = (strchr(str, '=') - str) + 1; - for (ep = env.envp; *ep; ep++) { + len = (strchr(str, '=') - str) + 1; + for (ep = env.envp; !found && *ep != NULL; ep++) { + if (strncmp(str, *ep, len) == 0) { + if (overwrite) + *ep = str; + found = TRUE; + } + } + /* Prune out duplicate variables. */ + if (found && overwrite) { + while (*ep != NULL) { if (strncmp(str, *ep, len) == 0) { - if (overwrite) - *ep = str; - return; + memmove(ep, ep + 1, + (env.env_len - (ep - env.envp)) * sizeof(char *)); + env.env_len--; + } else { + ep++; } } - } else - ep = env.envp + env.env_len; + } + } - env.env_len++; - *ep++ = str; - *ep = NULL; + if (!found) { + ep = env.envp + env.env_len; + env.env_len++; + *ep++ = str; + *ep = NULL; + } } /* diff -urNa sudo-1.7.2p6/sudo.cat sudo-1.7.2p7/sudo.cat --- sudo-1.7.2p6/sudo.cat Fri Apr 9 06:33:00 2010 +++ sudo-1.7.2p7/sudo.cat Tue Jun 1 14:20:38 2010 @@ -61,7 +61,7 @@ -1.7.2p6 March 3, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p6 March 3, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,7 +193,7 @@ -1.7.2p6 March 3, 2010 3 +1.7.2p7 June 1, 2010 3 @@ -259,7 +259,7 @@ -1.7.2p6 March 3, 2010 4 +1.7.2p7 June 1, 2010 4 @@ -325,7 +325,7 @@ -1.7.2p6 March 3, 2010 5 +1.7.2p7 June 1, 2010 5 @@ -391,7 +391,7 @@ -1.7.2p6 March 3, 2010 6 +1.7.2p7 June 1, 2010 6 @@ -457,7 +457,7 @@ -1.7.2p6 March 3, 2010 7 +1.7.2p7 June 1, 2010 7 @@ -523,7 +523,7 @@ -1.7.2p6 March 3, 2010 8 +1.7.2p7 June 1, 2010 8 @@ -589,7 +589,7 @@ -1.7.2p6 March 3, 2010 9 +1.7.2p7 June 1, 2010 9 @@ -655,6 +655,6 @@ -1.7.2p6 March 3, 2010 10 +1.7.2p7 June 1, 2010 10 diff -urNa sudo-1.7.2p6/sudo.man.in sudo-1.7.2p7/sudo.man.in --- sudo-1.7.2p6/sudo.man.in Fri Apr 9 06:27:19 2010 +++ sudo-1.7.2p7/sudo.man.in Tue Jun 1 14:19:00 2010 @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p6/sudoers.cat sudo-1.7.2p7/sudoers.cat --- sudo-1.7.2p6/sudoers.cat Fri Apr 9 06:33:01 2010 +++ sudo-1.7.2p7/sudoers.cat Tue Jun 1 14:20:52 2010 @@ -61,7 +61,7 @@ -1.7.2p6 April 7, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p6 April 7, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,7 +193,7 @@ -1.7.2p6 April 7, 2010 3 +1.7.2p7 June 1, 2010 3 @@ -259,7 +259,7 @@ -1.7.2p6 April 7, 2010 4 +1.7.2p7 June 1, 2010 4 @@ -325,7 +325,7 @@ -1.7.2p6 April 7, 2010 5 +1.7.2p7 June 1, 2010 5 @@ -391,7 +391,7 @@ -1.7.2p6 April 7, 2010 6 +1.7.2p7 June 1, 2010 6 @@ -457,7 +457,7 @@ -1.7.2p6 April 7, 2010 7 +1.7.2p7 June 1, 2010 7 @@ -523,7 +523,7 @@ -1.7.2p6 April 7, 2010 8 +1.7.2p7 June 1, 2010 8 @@ -589,7 +589,7 @@ -1.7.2p6 April 7, 2010 9 +1.7.2p7 June 1, 2010 9 @@ -655,7 +655,7 @@ -1.7.2p6 April 7, 2010 10 +1.7.2p7 June 1, 2010 10 @@ -717,11 +717,11 @@ passprompt_override The password prompt specified by _p_a_s_s_p_r_o_m_p_t will - normally only be used if the passwod prompt provided by + normally only be used if the password prompt provided by -1.7.2p6 April 7, 2010 11 +1.7.2p7 June 1, 2010 11 @@ -787,7 +787,7 @@ -1.7.2p6 April 7, 2010 12 +1.7.2p7 June 1, 2010 12 @@ -853,7 +853,7 @@ -1.7.2p6 April 7, 2010 13 +1.7.2p7 June 1, 2010 13 @@ -919,7 +919,7 @@ -1.7.2p6 April 7, 2010 14 +1.7.2p7 June 1, 2010 14 @@ -985,7 +985,7 @@ -1.7.2p6 April 7, 2010 15 +1.7.2p7 June 1, 2010 15 @@ -1051,7 +1051,7 @@ -1.7.2p6 April 7, 2010 16 +1.7.2p7 June 1, 2010 16 @@ -1117,7 +1117,7 @@ -1.7.2p6 April 7, 2010 17 +1.7.2p7 June 1, 2010 17 @@ -1183,7 +1183,7 @@ -1.7.2p6 April 7, 2010 18 +1.7.2p7 June 1, 2010 18 @@ -1249,7 +1249,7 @@ -1.7.2p6 April 7, 2010 19 +1.7.2p7 June 1, 2010 19 @@ -1315,7 +1315,7 @@ -1.7.2p6 April 7, 2010 20 +1.7.2p7 June 1, 2010 20 @@ -1381,7 +1381,7 @@ -1.7.2p6 April 7, 2010 21 +1.7.2p7 June 1, 2010 21 @@ -1447,7 +1447,7 @@ -1.7.2p6 April 7, 2010 22 +1.7.2p7 June 1, 2010 22 @@ -1513,7 +1513,7 @@ -1.7.2p6 April 7, 2010 23 +1.7.2p7 June 1, 2010 23 @@ -1579,7 +1579,7 @@ -1.7.2p6 April 7, 2010 24 +1.7.2p7 June 1, 2010 24 @@ -1645,6 +1645,6 @@ -1.7.2p6 April 7, 2010 25 +1.7.2p7 June 1, 2010 25 diff -urNa sudo-1.7.2p6/sudoers.ldap.cat sudo-1.7.2p7/sudoers.ldap.cat --- sudo-1.7.2p6/sudoers.ldap.cat Fri Apr 9 06:33:01 2010 +++ sudo-1.7.2p7/sudoers.ldap.cat Tue Jun 1 14:21:16 2010 @@ -61,7 +61,7 @@ -1.7.2p6 March 3, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p6 March 3, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,7 +193,7 @@ -1.7.2p6 March 3, 2010 3 +1.7.2p7 June 1, 2010 3 @@ -259,7 +259,7 @@ -1.7.2p6 March 3, 2010 4 +1.7.2p7 June 1, 2010 4 @@ -325,7 +325,7 @@ -1.7.2p6 March 3, 2010 5 +1.7.2p7 June 1, 2010 5 @@ -391,7 +391,7 @@ -1.7.2p6 March 3, 2010 6 +1.7.2p7 June 1, 2010 6 @@ -457,7 +457,7 @@ -1.7.2p6 March 3, 2010 7 +1.7.2p7 June 1, 2010 7 @@ -523,7 +523,7 @@ -1.7.2p6 March 3, 2010 8 +1.7.2p7 June 1, 2010 8 @@ -589,7 +589,7 @@ -1.7.2p6 March 3, 2010 9 +1.7.2p7 June 1, 2010 9 @@ -655,7 +655,7 @@ -1.7.2p6 March 3, 2010 10 +1.7.2p7 June 1, 2010 10 @@ -721,7 +721,7 @@ -1.7.2p6 March 3, 2010 11 +1.7.2p7 June 1, 2010 11 @@ -787,6 +787,6 @@ -1.7.2p6 March 3, 2010 12 +1.7.2p7 June 1, 2010 12 diff -urNa sudo-1.7.2p6/sudoers.ldap.man.in sudo-1.7.2p7/sudoers.ldap.man.in --- sudo-1.7.2p6/sudoers.ldap.man.in Fri Apr 9 06:27:25 2010 +++ sudo-1.7.2p7/sudoers.ldap.man.in Tue Jun 1 14:19:17 2010 @@ -140,7 +140,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p6/sudoers.man.in sudo-1.7.2p7/sudoers.man.in --- sudo-1.7.2p6/sudoers.man.in Fri Apr 9 06:27:27 2010 +++ sudo-1.7.2p7/sudoers.man.in Tue Jun 1 14:19:27 2010 @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "April 7, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -824,7 +824,7 @@ .IP "passprompt_override" 16 .IX Item "passprompt_override" The password prompt specified by \fIpassprompt\fR will normally only -be used if the passwod prompt provided by systems such as \s-1PAM\s0 matches +be used if the password prompt provided by systems such as \s-1PAM\s0 matches the string \*(L"Password:\*(R". If \fIpassprompt_override\fR is set, \fIpassprompt\fR will always be used. This flag is \fIoff\fR by default. .IP "preserve_groups" 16 diff -urNa sudo-1.7.2p6/sudoers.pod sudo-1.7.2p7/sudoers.pod --- sudo-1.7.2p6/sudoers.pod Fri Apr 9 06:12:02 2010 +++ sudo-1.7.2p7/sudoers.pod Mon Apr 12 11:50:39 2010 @@ -711,7 +711,7 @@ =item passprompt_override The password prompt specified by I will normally only -be used if the passwod prompt provided by systems such as PAM matches +be used if the password prompt provided by systems such as PAM matches the string "Password:". If I is set, I will always be used. This flag is I by default. diff -urNa sudo-1.7.2p6/vasgroups.c sudo-1.7.2p7/vasgroups.c --- sudo-1.7.2p6/vasgroups.c Wed Mar 3 07:16:55 2010 +++ sudo-1.7.2p7/vasgroups.c Wed Jun 2 09:43:22 2010 @@ -43,8 +43,8 @@ #include "compat.h" #include "logging.h" #include "nonunix.h" -#include "parse.h" #include "sudo.h" +#include "parse.h" /* Pseudo-boolean types */ @@ -153,8 +153,8 @@ FINISHED: /* cleanups */ - if (vaserr != VAS_ERR_SUCCESS) { - int error_flags = NO_MAIL | MSG_ONLY | (uses_inversion ? 0 : NO_EXIT); + if (vaserr != VAS_ERR_SUCCESS && vaserr != VAS_ERR_NOT_FOUND ) { + int error_flags = NO_MAIL | MSG_ONLY | NO_EXIT; log_error(error_flags, "Error while checking group membership " "for user \"%s\", group \"%s\", error: %s%s.", user, group, diff -urNa sudo-1.7.2p6/visudo.c sudo-1.7.2p7/visudo.c --- sudo-1.7.2p6/visudo.c Wed Mar 3 19:39:29 2010 +++ sudo-1.7.2p7/visudo.c Thu Apr 29 18:47:15 2010 @@ -111,7 +111,8 @@ static int print_unused __P((void *, void *)); static int reparse_sudoers __P((char *, char *, int, int)); static int run_command __P((char *, char **)); -static void print_undefined __P((char *name, int, int, int)); +static void print_selfref __P((char *, int, int, int)); +static void print_undefined __P((char *, int, int, int)); static void setup_signals __P((void)); static void usage __P((void)) __attribute__((__noreturn__)); @@ -427,14 +428,17 @@ /* Parse the sudoers temp file */ yyrestart(fp); - if (yyparse() && parse_error != TRUE) { + if (yyparse() && !parse_error) { warningx("unabled to parse temporary file (%s), unknown error", sp->tpath); parse_error = TRUE; + errorfile = sp->path; } fclose(yyin); - if (check_aliases(strict, quiet) != 0) + if (!parse_error && check_aliases(strict, quiet) != 0) { parse_error = TRUE; + errorfile = sp->path; + } /* * Got an error, prompt the user for what to do now @@ -698,22 +702,27 @@ exit(1); } init_parser(sudoers_path, quiet); - if (yyparse() && parse_error != TRUE) { + if (yyparse() && !parse_error) { if (!quiet) warningx("failed to parse %s file, unknown error", sudoers_path); parse_error = TRUE; + errorfile = sudoers_path; } - if (!parse_error) { - if (check_aliases(strict, quiet) != 0) - parse_error = TRUE; + if (!parse_error && check_aliases(strict, quiet) != 0) { + parse_error = TRUE; + errorfile = sudoers_path; } error = parse_error; if (!quiet) { - if (parse_error) - (void) printf("parse error in %s near line %d\n", errorfile, - errorlineno); - else + if (parse_error) { + if (errorlineno != -1) + (void) printf("parse error in %s near line %d\n", errorfile, + errorlineno); + else + (void) printf("parse error in %s\n", errorfile); + } else { (void) printf("%s: parsed OK\n", sudoers_path); + } } /* Check mode and owner in strict mode. */ #ifdef HAVE_FSTAT @@ -945,18 +954,27 @@ } } -static void -alias_remove_recursive(name, type) +static int +alias_remove_recursive(name, type, strict, quiet) char *name; int type; + int strict; + int quiet; { struct member *m; struct alias *a; + int error = 0; if ((a = alias_find(name, type)) != NULL) { tq_foreach_fwd(&a->members, m) { if (m->type == ALIAS) { - alias_remove_recursive(m->name, type); + if (strcmp(name, m->name) == 0) { + print_selfref(m->name, type, strict, quiet); + error = 1; + } else { + if (!alias_remove_recursive(m->name, type, strict, quiet)) + error = 1; + } } } } @@ -964,6 +982,7 @@ a = alias_remove(name, type); if (a) rbinsert(alias_freelist, a); + return(error); } /* @@ -1030,21 +1049,28 @@ tq_foreach_fwd(&userspecs, us) { tq_foreach_fwd(&us->users, m) { if (m->type == ALIAS) { - (void) alias_remove_recursive(m->name, USERALIAS); + if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet)) + error++; } } tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&priv->hostlist, m) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, HOSTALIAS); + if (!alias_remove_recursive(m->name, HOSTALIAS, strict, + quiet)) + error++; } tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&cs->runasuserlist, m) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, RUNASALIAS); + if (!alias_remove_recursive(m->name, RUNASALIAS, + strict, quiet)) + error++; } if ((m = cs->cmnd)->type == ALIAS) - (void) alias_remove_recursive(m->name, CMNDALIAS); + if (!alias_remove_recursive(m->name, CMNDALIAS, strict, + quiet)) + error++; } } } @@ -1068,19 +1094,18 @@ tq_foreach_fwd(&d->binding, binding) { for (m = binding; m != NULL; m = m->next) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, atype); + if (!alias_remove_recursive(m->name, atype, strict, quiet)) + error++; } } } rbdestroy(alias_freelist, alias_free); /* If all aliases were referenced we will have an empty tree. */ - if (no_aliases()) - return(0); - if (!quiet) { + if (!no_aliases() && !quiet) alias_apply(print_unused, strict ? "Error" : "Warning"); - } - return (strict ? 1 : 0); + + return (strict ? error : 0); } static void @@ -1092,6 +1117,22 @@ { if (!quiet) { warningx("%s: %s_Alias `%s' referenced but not defined", + strict ? "Error" : "Warning", + type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" : + type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" : + "Unknown", name); + } +} + +static void +print_selfref(name, type, strict, quiet) + char *name; + int type; + int strict; + int quiet; +{ + if (!quiet) { + warningx("%s: %s_Alias `%s' references self", strict ? "Error" : "Warning", type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" : type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" : diff -urNa sudo-1.7.2p6/visudo.cat sudo-1.7.2p7/visudo.cat --- sudo-1.7.2p6/visudo.cat Fri Apr 9 06:33:03 2010 +++ sudo-1.7.2p7/visudo.cat Tue Jun 1 14:21:26 2010 @@ -61,7 +61,7 @@ -1.7.2p6 March 3, 2010 1 +1.7.2p7 June 1, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p6 March 3, 2010 2 +1.7.2p7 June 1, 2010 2 @@ -193,6 +193,6 @@ -1.7.2p6 March 3, 2010 3 +1.7.2p7 June 1, 2010 3 diff -urNa sudo-1.7.2p6/visudo.man.in sudo-1.7.2p7/visudo.man.in --- sudo-1.7.2p6/visudo.man.in Fri Apr 9 06:27:30 2010 +++ sudo-1.7.2p7/visudo.man.in Tue Jun 1 14:19:40 2010 @@ -144,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "June 1, 2010" "1.7.2p7" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l