From abc0baffc4f0e37f906b51094e3bb96c841ef24b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 12 Nov 2024 08:56:50 -0700 Subject: [PATCH] Sudo 1.9.16p1 --- NEWS | 27 +++++++++++++++++++++++++++ configure | 28 +++++++++++++++++----------- configure.ac | 2 +- 3 files changed, 45 insertions(+), 12 deletions(-) diff --git a/NEWS b/NEWS index 061f242e61..41cf250239 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,30 @@ +What's new in Sudo 1.9.16p1 + + * Fixed the test for cross-compiling when checking for C99 snprintf(). + The changes made to the test in sudo 1.9.16 resulted in a different + problem. GitHub issue #386. + + * Fixed the date used by the exit record in sudo-format log files. + This was a regression introduced in sudo 1.9.16 and only affected + file-based logs, not syslog. GitHub issue #405. + + * Fixed the root cause of the "unable to find terminal name for + device" message when running sudo on AIX when no terminal is + present. In sudo 1.9.16 this was turned from a debug message + into a warning. GitHub issue #408 + + * When a duplicate alias is found in the sudoers file, the warning + message now includes the file and line number of the previous + definition. + + * Added support for the --with-secure-path-value=no configure + option to allow packagers to ship the default sudoers file with + the secure path line commented out. + + * Sudo no longer sends mail when a user runs "sudo -nv" or "sudo -nl", + even if "mail_badpass" or "mail_always" are set. Sudo already + avoids logging to a file or syslog in this case. Bug #1072. + What's new in Sudo 1.9.16 * Added the "cmddenial_message" sudoers option to provide additional diff --git a/configure b/configure index a80cad01db..135adec9be 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for sudo 1.9.16. +# Generated by GNU Autoconf 2.72 for sudo 1.9.16p1. # # Report bugs to . # @@ -614,8 +614,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.16' -PACKAGE_STRING='sudo 1.9.16' +PACKAGE_VERSION='1.9.16p1' +PACKAGE_STRING='sudo 1.9.16p1' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -734,6 +734,7 @@ pam_login_service pam_session editor secure_path_status +secure_path_config secure_path netsvc_conf nsswitch_conf @@ -1644,7 +1645,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures sudo 1.9.16 to adapt to many kinds of systems. +'configure' configures sudo 1.9.16p1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1710,7 +1711,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.16:";; + short | recursive ) echo "Configuration of sudo 1.9.16p1:";; esac cat <<\_ACEOF @@ -1885,7 +1886,8 @@ Optional Packages: --with-ldap-conf-file path to LDAP configuration file --with-ldap-secret-file path to LDAP secret password file --with-secure-path-value - value of secure_path in the default sudoers file + value of secure_path in the default sudoers file, or + "no" to comment out by default --with-secure-path override the user's path with a built-in one --without-interfaces don't try to read the ip addr of network interfaces --with-askpass=PATH Fully qualified pathname of askpass helper @@ -2004,7 +2006,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.16 +sudo configure 1.9.16p1 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2824,7 +2826,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.16, which was +It was created by sudo $as_me 1.9.16p1, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -3685,6 +3687,7 @@ sudoers_path='$(sysconfdir)/sudoers' + # @@ -3733,6 +3736,7 @@ sesh_file="$libexecdir/sudo/sesh" visudo="$sbindir/visudo" nsswitch_conf=/etc/nsswitch.conf secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +secure_path_config= secure_path_status="disabled" pam_session=on pam_login_service=sudo @@ -6314,7 +6318,9 @@ EOF if test ${with_secure_path_value+y} then : withval=$with_secure_path_value; case $with_secure_path_value in - yes|no) as_fn_error $? "must give --secure-path-value an argument." "$LINENO" 5 + yes) as_fn_error $? "must give --with-secure-path-value an argument." "$LINENO" 5 + ;; + no) secure_path_config="# " ;; *) secure_path="$with_secure_path_value" ;; @@ -36768,7 +36774,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.16, which was +This file was extended by sudo $as_me 1.9.16p1, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -36836,7 +36842,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.16 +sudo config.status 1.9.16p1 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4c3def4bfd..15a4047d36 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.69]) -AC_INIT([sudo], [1.9.16], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.16p1], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts])