This patch will upgrade Sudo version 1.7.4 patchlevel 2 to Sudo version 1.7.4 patchlevel 3. To apply: $ cd sudo-1.7.4p2 $ patch -p1 < sudo-1.7.4p3.patch diff -urNa sudo-1.7.4p2/ChangeLog sudo-1.7.4p3/ChangeLog --- sudo-1.7.4p2/ChangeLog Mon Aug 9 06:36:47 2010 +++ sudo-1.7.4p3/ChangeLog Wed Aug 18 15:36:09 2010 @@ -1,3 +1,35 @@ +2010-08-18 Todd C. Miller + + * Makefile.in: + Replace sudoers with sudoers.in in DISTFILES + [616509f85d6c] + + * env.c: + Set dupcheck to TRUE when setting new HOME value if !env_reset but + always_set_home is true. Prevents a duplicate HOME in the + environment (old value plus the new one) introduced in 9f97e4b43a4b. + [2672ae047984] + + * configure, configure.in, sudoers, sudoers.in: + Substitute sysconfdir in the installed sudoers file to get the + correct path for sudoers.d. + [ab14a68e546f] + +2010-08-17 Todd C. Miller + + * boottime.c, get_pty.c: + Fix typos that prevented compilation on Irix; Friedrich Haubensak + [a3e6c5a66890] + +2010-08-14 Todd C. Miller + + * auth/pam.c: + If the user hits ^C while a password is being read, error out before + reading any further passwords in the pam conversation function. + Otherwise, if multiple PAM auth methods are required, the user will + have to hit ^C for each one. + [c8f6bc58fd86] + 2010-08-09 Todd C. Miller * exec.c: diff -urNa sudo-1.7.4p2/Makefile.in sudo-1.7.4p3/Makefile.in --- sudo-1.7.4p2/Makefile.in Fri Jul 30 11:58:54 2010 +++ sudo-1.7.4p3/Makefile.in Wed Aug 18 15:32:57 2010 @@ -159,7 +159,7 @@ mkpkg pathnames.h.in pp sample.pam sample.syslog.conf \ sample.sudoers schema.ActiveDirectory schema.OpenLDAP \ schema.iPlanet siglist.in sudo.cat sudo.man.in sudo.pod sudo.pp \ - sudo_usage.h.in sudoers sudoers.cat sudoers.man.in sudoers.pod \ + sudo_usage.h.in sudoers.in sudoers.cat sudoers.man.in sudoers.pod \ sudoers.ldap.cat sudoers.ldap.man.in sudoers.ldap.pod \ sudoers2ldif sudoreplay.cat sudoreplay.man.in sudoreplay.pod \ visudo.cat visudo.man.in visudo.pod auth/API sudo.man.pl \ diff -urNa sudo-1.7.4p2/auth/pam.c sudo-1.7.4p3/auth/pam.c --- sudo-1.7.4p2/auth/pam.c Fri Jul 30 11:58:54 2010 +++ sudo-1.7.4p3/auth/pam.c Wed Aug 18 15:29:33 2010 @@ -281,6 +281,10 @@ case PAM_PROMPT_ECHO_OFF: prompt = def_prompt; + /* Error out if the last password read was interrupted. */ + if (gotintr) + goto err; + /* Is the sudo prompt standard? (If so, we'l just use PAM's) */ std_prompt = strncmp(def_prompt, "Password:", 9) == 0 && (def_prompt[9] == '\0' || diff -urNa sudo-1.7.4p2/boottime.c sudo-1.7.4p3/boottime.c --- sudo-1.7.4p2/boottime.c Fri Jul 30 11:58:54 2010 +++ sudo-1.7.4p3/boottime.c Wed Aug 18 15:29:42 2010 @@ -142,7 +142,7 @@ int get_boottime(tv) - struct timeval *tv + struct timeval *tv; { return 0; } diff -urNa sudo-1.7.4p2/configure sudo-1.7.4p3/configure --- sudo-1.7.4p2/configure Mon Aug 9 06:35:37 2010 +++ sudo-1.7.4p3/configure Wed Aug 18 15:34:11 2010 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.65 for sudo 1.7.4p2. +# Generated by GNU Autoconf 2.65 for sudo 1.7.4p3. # # Report bugs to . # @@ -701,8 +701,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.4p2' -PACKAGE_STRING='sudo 1.7.4p2' +PACKAGE_VERSION='1.7.4p3' +PACKAGE_STRING='sudo 1.7.4p3' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1552,7 +1552,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.4p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.4p3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1617,7 +1617,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.4p2:";; + short | recursive ) echo "Configuration of sudo 1.7.4p3:";; esac cat <<\_ACEOF @@ -1828,7 +1828,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.4p2 +sudo configure 1.7.4p3 generated by GNU Autoconf 2.65 Copyright (C) 2009 Free Software Foundation, Inc. @@ -2527,7 +2527,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.4p2, which was +It was created by sudo $as_me 1.7.4p3, which was generated by GNU Autoconf 2.65. Invocation command line was $ $0 $@ @@ -18470,7 +18470,7 @@ test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' -ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h" +ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -18977,7 +18977,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.4p2, which was +This file was extended by sudo $as_me 1.7.4p3, which was generated by GNU Autoconf 2.65. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19043,7 +19043,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.7.4p2 +sudo config.status 1.7.4p3 configured by $0, generated by GNU Autoconf 2.65, with options \\"\$ac_cs_config\\" @@ -19427,6 +19427,7 @@ "sudoers.ldap.man") CONFIG_FILES="$CONFIG_FILES sudoers.ldap.man" ;; "sudoreplay.man") CONFIG_FILES="$CONFIG_FILES sudoreplay.man" ;; "sudo_usage.h") CONFIG_FILES="$CONFIG_FILES sudo_usage.h" ;; + "sudoers") CONFIG_FILES="$CONFIG_FILES sudoers" ;; *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac diff -urNa sudo-1.7.4p2/configure.in sudo-1.7.4p3/configure.in --- sudo-1.7.4p2/configure.in Mon Aug 9 06:35:22 2010 +++ sudo-1.7.4p3/configure.in Wed Aug 18 15:33:56 2010 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.4p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.4p3], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -2803,7 +2803,7 @@ dnl dnl Substitute into the Makefile and man pages dnl -AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h]) +AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers]) AC_OUTPUT dnl diff -urNa sudo-1.7.4p2/env.c sudo-1.7.4p3/env.c --- sudo-1.7.4p2/env.c Fri Jul 30 11:58:54 2010 +++ sudo-1.7.4p3/env.c Wed Aug 18 15:27:03 2010 @@ -766,7 +766,7 @@ /* Set $HOME to target user if not preserving user's value. */ if (reset_home && !ISSET(didvar, KEPT_HOME)) - sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME)); + sudo_setenv("HOME", runas_pw->pw_dir, TRUE); /* Provide default values for $TERM and $PATH if they are not set. */ if (!ISSET(didvar, DID_TERM)) diff -urNa sudo-1.7.4p2/get_pty.c sudo-1.7.4p3/get_pty.c --- sudo-1.7.4p2/get_pty.c Fri Aug 6 09:44:30 2010 +++ sudo-1.7.4p3/get_pty.c Wed Aug 18 15:29:42 2010 @@ -88,7 +88,7 @@ char *line; /* IRIX-style dynamic ptys (may fork) */ - line = _getpty(master, O_RDWR, IRUSR|S_IWUSR|S_IWGRP, 0); + line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0); if (line == NULL) return (0); *slave = open(line, O_RDWR|O_NOCTTY, 0); diff -urNa sudo-1.7.4p2/sudoers sudo-1.7.4p3/sudoers --- sudo-1.7.4p2/sudoers Fri Jul 30 11:58:54 2010 +++ sudo-1.7.4p3/sudoers Wed Dec 31 19:00:00 1969 @@ -1,89 +0,0 @@ -## sudoers file. -## -## This file MUST be edited with the 'visudo' command as root. -## Failure to use 'visudo' may result in syntax or file permission errors -## that prevent sudo from running. -## -## See the sudoers man page for the details on how to write a sudoers file. -## - -## -## Host alias specification -## -## Groups of machines. These may include host names (optionally with wildcards), -## IP addresses, network numbers or netgroups. -# Host_Alias WEBSERVERS = www1, www2, www3 - -## -## User alias specification -## -## Groups of users. These may consist of user names, uids, Unix groups, -## or netgroups. -# User_Alias ADMINS = millert, dowdy, mikef - -## -## Cmnd alias specification -## -## Groups of commands. Often used to group related commands together. -# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ -# /usr/bin/pkill, /usr/bin/top - -## -## Defaults specification -## -## You may wish to keep some of the following environment variables -## when running commands via sudo. -## -## Locale settings -# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -## -## Run X applications through sudo; HOME is used to find the -## .Xauthority file. Note that other programs use HOME to find -## configuration files and this may lead to privilege escalation! -# Defaults env_keep += "HOME" -## -## X11 resource path settings -# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -## -## Desktop path settings -# Defaults env_keep += "QTDIR KDEDIR" -## -## Allow sudo-run commands to inherit the callers' ConsoleKit session -# Defaults env_keep += "XDG_SESSION_COOKIE" -## -## Uncomment to enable special input methods. Care should be taken as -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" -## -## Uncomment to enable logging of a command's output, except for -## sudoreplay and reboot. Use sudoreplay to play back logged sessions. -# Defaults log_output -# Defaults!/usr/bin/sudoreplay !log_output -# Defaults!/usr/local/bin/sudoreplay !log_output -# Defaults!/sbin/reboot !log_output - -## -## Runas alias specification -## - -## -## User privilege specification -## -root ALL=(ALL) ALL - -## Uncomment to allow members of group wheel to execute any command -# %wheel ALL=(ALL) ALL - -## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL - -## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL) ALL - -## Uncomment to allow any user to run sudo if they know the password -## of the user they are running the command as (root by default). -# Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' - -## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) -#includedir /etc/sudoers.d diff -urNa sudo-1.7.4p2/sudoers.in sudo-1.7.4p3/sudoers.in --- sudo-1.7.4p2/sudoers.in Wed Dec 31 19:00:00 1969 +++ sudo-1.7.4p3/sudoers.in Wed Aug 18 15:29:49 2010 @@ -0,0 +1,90 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +# Host_Alias WEBSERVERS = www1, www2, www3 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +# User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ +# /usr/bin/pkill, /usr/bin/top + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +# Defaults log_output +# Defaults!/usr/bin/sudoreplay !log_output +# Defaults!/usr/local/bin/sudoreplay !log_output +# Defaults!/sbin/reboot !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from @sysconfdir@/sudoers.d +## (the '#' here does not indicate a comment) +#includedir @sysconfdir@/sudoers.d