This patch will upgrade Sudo version 1.7.8 patchlevel 1 to Sudo version 1.7.8 patchlevel 2. To apply: $ cd sudo-1.7.8p1 $ patch -p1 < sudo-1.7.8p2.patch diff -urNa sudo-1.7.8p1/ChangeLog sudo-1.7.8p2/ChangeLog --- sudo-1.7.8p1/ChangeLog Tue Oct 25 15:08:55 2011 +++ sudo-1.7.8p2/ChangeLog Fri Jan 27 11:34:19 2012 @@ -1,3 +1,19 @@ +2012-01-13 Todd C. Miller + + * sudo.pp: + Include parent directories in case they don't already exist. This + fixes a directory permissions problem with the AIX package when the + /usr/local directories don't already exist. + [94c64d964891] <1.7> + +2011-11-08 Todd C. Miller + + * sudo.pp: + Mark libexec files as optional. If there is no support for noexec, + sudo will not build sudo_noexec.so. Fixes a packaging problem on + AIX 4.3 + [b3b80e0ebeb2] <1.7> + 2011-10-25 Todd C. Miller * NEWS, match.c: diff -urNa sudo-1.7.8p1/NEWS sudo-1.7.8p2/NEWS --- sudo-1.7.8p1/NEWS Tue Oct 25 15:07:34 2011 +++ sudo-1.7.8p2/NEWS Fri Jan 27 11:30:48 2012 @@ -1,3 +1,8 @@ +What's new in Sudo 1.7.8p2? + + * Fixed a crash in the monitor process on Solaris when NOPASSWD + was specified or when authentication was disabled. + What's new in Sudo 1.7.8p1? * Fixed matching of a Runas_Alias in the group section of a diff -urNa sudo-1.7.8p1/check.c sudo-1.7.8p2/check.c --- sudo-1.7.8p1/check.c Fri Oct 21 09:18:37 2011 +++ sudo-1.7.8p2/check.c Fri Jan 27 11:30:05 2012 @@ -106,8 +106,30 @@ char *timestampfile = NULL; char *prompt; struct stat sb; - int status; + int status, need_pass = def_authenticate; + /* Init authentication system regardless of whether we need a password. */ + auth_pw = get_authpw(); + sudo_auth_init(auth_pw); + + if (need_pass) { + /* Always need a password when -k was specified with the command. */ + if (ISSET(mode, MODE_INVALIDATE)) { + SET(validated, FLAG_CHECK_USER); + } else { + /* + * Don't prompt for the root passwd or if the user is exempt. + * If the user is not changing uid/gid, no need for a password. + */ + if (user_uid == 0 || (user_uid == runas_pw->pw_uid && + (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) + || user_is_exempt()) + need_pass = FALSE; + } + } + if (!need_pass) + goto done; + /* Stash the tty's ctime for tty ticket comparison. */ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { tty_info.dev = sb.st_dev; @@ -115,24 +137,6 @@ tty_info.rdev = sb.st_rdev; if (tty_is_devpts(user_ttypath)) ctim_get(&sb, &tty_info.ctime); - } - - /* Init authentication system regardless of whether we need a password. */ - auth_pw = get_authpw(); - sudo_auth_init(auth_pw); - - /* Always prompt for a password when -k was specified with the command. */ - if (ISSET(mode, MODE_INVALIDATE)) { - SET(validated, FLAG_CHECK_USER); - } else { - /* - * Don't prompt for the root passwd or if the user is exempt. - * If the user is not changing uid/gid, no need for a password. - */ - if (user_uid == 0 || (user_uid == runas_pw->pw_uid && - (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) || - user_is_exempt()) - goto done; } build_timestamp(×tampdir, ×tampfile); diff -urNa sudo-1.7.8p1/configure sudo-1.7.8p2/configure --- sudo-1.7.8p1/configure Tue Oct 25 15:08:24 2011 +++ sudo-1.7.8p2/configure Fri Jan 27 11:31:08 2012 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for sudo 1.7.8p1. +# Generated by GNU Autoconf 2.68 for sudo 1.7.8p2. # # Report bugs to . # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.8p1' -PACKAGE_STRING='sudo 1.7.8p1' +PACKAGE_VERSION='1.7.8p2' +PACKAGE_STRING='sudo 1.7.8p2' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1434,7 +1434,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.8p1 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.8p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1499,7 +1499,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.8p1:";; + short | recursive ) echo "Configuration of sudo 1.7.8p2:";; esac cat <<\_ACEOF @@ -1718,7 +1718,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.8p1 +sudo configure 1.7.8p2 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2422,7 +2422,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.8p1, which was +It was created by sudo $as_me 1.7.8p2, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -20431,7 +20431,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.8p1, which was +This file was extended by sudo $as_me 1.7.8p2, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20497,7 +20497,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.7.8p1 +sudo config.status 1.7.8p2 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.7.8p1/configure.in sudo-1.7.8p2/configure.in --- sudo-1.7.8p1/configure.in Tue Oct 25 15:08:11 2011 +++ sudo-1.7.8p2/configure.in Fri Jan 27 11:31:06 2012 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller dnl -AC_INIT([sudo], [1.7.8p1], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.8p2], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h zlib/zconf.h) dnl dnl Note: this must come after AC_INIT diff -urNa sudo-1.7.8p1/sudo.c sudo-1.7.8p2/sudo.c --- sudo-1.7.8p1/sudo.c Fri Oct 21 09:18:38 2011 +++ sudo-1.7.8p2/sudo.c Fri Jan 27 11:30:05 2012 @@ -424,8 +424,7 @@ rebuild_env(def_noexec); /* Require a password if sudoers says so. */ - if (def_authenticate) - check_user(validated, sudo_mode); + check_user(validated, sudo_mode); /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ diff -urNa sudo-1.7.8p1/sudo.pp sudo-1.7.8p2/sudo.pp --- sudo-1.7.8p1/sudo.pp Fri Oct 21 09:18:38 2011 +++ sudo-1.7.8p2/sudo.pp Fri Jan 27 11:34:24 2012 @@ -12,7 +12,7 @@ The basic philosophy is to give as few privileges as possible but \ still allow people to get their work done." vendor="Todd C. Miller" - copyright="(c) 1993-1996,1998-2011 Todd C. Miller" + copyright="(c) 1993-1996,1998-2012 Todd C. Miller" %if [aix] # AIX package summary is limited to 40 characters @@ -176,12 +176,25 @@ EOF %endif + # OS-level directories that should generally exist but might not. + extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"` + extradirs="$extradirs `dirname $docdir` `dirname $timedir`" + test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d" + for dir in $bindir $sbindir $libexecdir $extradirs; do + while test "$dir" != "/"; do + osdirs="${osdirs}${osdirs+ }$dir/" + dir=`dirname $dir` + done + done + osdirs=`echo $osdirs | tr " " "\n" | sort -u` + %files + $osdirs - $bindir/sudo 4111 root: $bindir/sudoedit 4111 root: $sbindir/visudo 0111 $bindir/sudoreplay 0111 - $libexecdir/* + $libexecdir/* optional $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid $timedir/ 0700 root: $docdir/