This patch will upgrade Sudo version 1.8.4 to Sudo version 1.8.4 patchlevel 1. To apply: $ cd sudo-1.8.4 $ patch -p1 < sudo-1.8.4p1.patch diff -urNa sudo-1.8.4/ChangeLog sudo-1.8.4p1/ChangeLog --- sudo-1.8.4/ChangeLog Fri Feb 17 11:32:37 2012 +++ sudo-1.8.4p1/ChangeLog Tue Feb 21 05:25:58 2012 @@ -1,8 +1,36 @@ +2012-02-21 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_8_4p1 for changeset aeb6b9701150 + [26bc7af7c304] [tip] <1.8> + + * NEWS: + List 1.8.4p1 + [aeb6b9701150] [SUDO_1_8_4p1] <1.8> + + * configure, configure.in: + bump version to 1.8.4p1 + [2c7edc0bf0b7] <1.8> + + * Fix the description of noexec. + [b5baebe2f820] <1.8> + + * The "op" parameter to set_default() must be int, not bool since it + is set to '+' or '-' for list add and subtract. + [b6bf0980fb08] <1.8> + + * Make sure sudoers is writable before calling ed script. + [97e0078b19ae] <1.8> + 2012-02-17 Todd C. Miller + * .hgtags: + Added tag SUDO_1_8_4 for changeset 7b0b7dfc84c7 + [18d646360da5] <1.8> + * Update contributors. Now includes translators and authors of compat code. - [7b0b7dfc84c7] [tip] <1.8> + [7b0b7dfc84c7] [SUDO_1_8_4] <1.8> 2012-02-16 Todd C. Miller diff -urNa sudo-1.8.4/NEWS sudo-1.8.4p1/NEWS --- sudo-1.8.4/NEWS Fri Feb 3 14:57:52 2012 +++ sudo-1.8.4p1/NEWS Tue Feb 21 05:25:10 2012 @@ -1,3 +1,9 @@ +What's new in Sudo 1.8.4p1? + + * Fixed a bug introduced in sudo 1.8.4 that broke adding to or + deleting from the env_keep, env_check and env_delete lists in + sudoers on some platforms. + What's new in Sudo 1.8.4? * The -D flag in sudo has been replaced with a more general debugging diff -urNa sudo-1.8.4/configure sudo-1.8.4p1/configure --- sudo-1.8.4/configure Thu Feb 16 11:27:30 2012 +++ sudo-1.8.4p1/configure Tue Feb 21 05:17:59 2012 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for sudo 1.8.4. +# Generated by GNU Autoconf 2.68 for sudo 1.8.4p1. # # Report bugs to . # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.4' -PACKAGE_STRING='sudo 1.8.4' +PACKAGE_VERSION='1.8.4p1' +PACKAGE_STRING='sudo 1.8.4p1' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1447,7 +1447,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.4 to adapt to many kinds of systems. +\`configure' configures sudo 1.8.4p1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1512,7 +1512,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.4:";; + short | recursive ) echo "Configuration of sudo 1.8.4p1:";; esac cat <<\_ACEOF @@ -1730,7 +1730,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.4 +sudo configure 1.8.4p1 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2434,7 +2434,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.4, which was +It was created by sudo $as_me 1.8.4p1, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -20506,7 +20506,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.4, which was +This file was extended by sudo $as_me 1.8.4p1, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20572,7 +20572,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.4 +sudo config.status 1.8.4p1 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.8.4/configure.in sudo-1.8.4p1/configure.in --- sudo-1.8.4/configure.in Thu Feb 16 11:27:30 2012 +++ sudo-1.8.4p1/configure.in Tue Feb 21 05:17:48 2012 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller dnl -AC_INIT([sudo], [1.8.4], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.4p1], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) dnl dnl Note: this must come after AC_INIT diff -urNa sudo-1.8.4/plugins/sudoers/def_data.c sudo-1.8.4p1/plugins/sudoers/def_data.c --- sudo-1.8.4/plugins/sudoers/def_data.c Wed Jan 4 13:02:21 2012 +++ sudo-1.8.4p1/plugins/sudoers/def_data.c Tue Feb 21 05:17:20 2012 @@ -240,7 +240,7 @@ def_data_verifypw, }, { "noexec", T_FLAG, - N_("Preload the dummy exec functions contained in \"_PATH_SUDO_NOEXEC"), + N_("Preload the dummy exec functions contained in the sudo_noexec library"), NULL, }, { "ignore_local_sudoers", T_FLAG, diff -urNa sudo-1.8.4/plugins/sudoers/def_data.in sudo-1.8.4p1/plugins/sudoers/def_data.in --- sudo-1.8.4/plugins/sudoers/def_data.in Wed Jan 4 13:02:21 2012 +++ sudo-1.8.4p1/plugins/sudoers/def_data.in Tue Feb 21 05:17:20 2012 @@ -177,7 +177,7 @@ never all any always noexec T_FLAG - "Preload the dummy exec functions contained in "_PATH_SUDO_NOEXEC + "Preload the dummy exec functions contained in the sudo_noexec library" ignore_local_sudoers T_FLAG "If LDAP directory is up, do we ignore local sudoers file" diff -urNa sudo-1.8.4/plugins/sudoers/defaults.c sudo-1.8.4p1/plugins/sudoers/defaults.c --- sudo-1.8.4/plugins/sudoers/defaults.c Wed Jan 4 12:54:13 2012 +++ sudo-1.8.4p1/plugins/sudoers/defaults.c Tue Feb 21 05:17:00 2012 @@ -91,15 +91,15 @@ /* * Local prototypes. */ -static bool store_int(char *, struct sudo_defs_types *, bool); -static bool store_list(char *, struct sudo_defs_types *, bool); -static bool store_mode(char *, struct sudo_defs_types *, bool); -static bool store_str(char *, struct sudo_defs_types *, bool); -static bool store_syslogfac(char *, struct sudo_defs_types *, bool); -static bool store_syslogpri(char *, struct sudo_defs_types *, bool); -static bool store_tuple(char *, struct sudo_defs_types *, bool); -static bool store_uint(char *, struct sudo_defs_types *, bool); -static bool store_float(char *, struct sudo_defs_types *, bool); +static bool store_int(char *, struct sudo_defs_types *, int); +static bool store_list(char *, struct sudo_defs_types *, int); +static bool store_mode(char *, struct sudo_defs_types *, int); +static bool store_str(char *, struct sudo_defs_types *, int); +static bool store_syslogfac(char *, struct sudo_defs_types *, int); +static bool store_syslogpri(char *, struct sudo_defs_types *, int); +static bool store_tuple(char *, struct sudo_defs_types *, int); +static bool store_uint(char *, struct sudo_defs_types *, int); +static bool store_float(char *, struct sudo_defs_types *, int); static void list_op(char *, size_t, struct sudo_defs_types *, enum list_ops); static const char *logfac2str(int); static const char *logpri2str(int); @@ -194,7 +194,7 @@ * This is only meaningful for variables that are *optional*. */ bool -set_default(char *var, char *val, bool op) +set_default(char *var, char *val, int op) { struct sudo_defs_types *cur; int num; @@ -529,7 +529,7 @@ } static bool -store_int(char *val, struct sudo_defs_types *def, bool op) +store_int(char *val, struct sudo_defs_types *def, int op) { char *endp; long l; @@ -550,7 +550,7 @@ } static bool -store_uint(char *val, struct sudo_defs_types *def, bool op) +store_uint(char *val, struct sudo_defs_types *def, int op) { char *endp; long l; @@ -571,7 +571,7 @@ } static bool -store_float(char *val, struct sudo_defs_types *def, bool op) +store_float(char *val, struct sudo_defs_types *def, int op) { char *endp; double d; @@ -592,7 +592,7 @@ } static bool -store_tuple(char *val, struct sudo_defs_types *def, bool op) +store_tuple(char *val, struct sudo_defs_types *def, int op) { struct def_values *v; debug_decl(store_tuple, SUDO_DEBUG_DEFAULTS) @@ -622,7 +622,7 @@ } static bool -store_str(char *val, struct sudo_defs_types *def, bool op) +store_str(char *val, struct sudo_defs_types *def, int op) { debug_decl(store_str, SUDO_DEBUG_DEFAULTS) @@ -637,7 +637,7 @@ } static bool -store_list(char *str, struct sudo_defs_types *def, bool op) +store_list(char *str, struct sudo_defs_types *def, int op) { char *start, *end; debug_decl(store_list, SUDO_DEBUG_DEFAULTS) @@ -666,7 +666,7 @@ } static bool -store_syslogfac(char *val, struct sudo_defs_types *def, bool op) +store_syslogfac(char *val, struct sudo_defs_types *def, int op) { struct strmap *fac; debug_decl(store_syslogfac, SUDO_DEBUG_DEFAULTS) @@ -706,7 +706,7 @@ } static bool -store_syslogpri(char *val, struct sudo_defs_types *def, bool op) +store_syslogpri(char *val, struct sudo_defs_types *def, int op) { struct strmap *pri; debug_decl(store_syslogpri, SUDO_DEBUG_DEFAULTS) @@ -735,7 +735,7 @@ } static bool -store_mode(char *val, struct sudo_defs_types *def, bool op) +store_mode(char *val, struct sudo_defs_types *def, int op) { char *endp; long l; diff -urNa sudo-1.8.4/plugins/sudoers/defaults.h sudo-1.8.4p1/plugins/sudoers/defaults.h --- sudo-1.8.4/plugins/sudoers/defaults.h Wed Jan 4 12:54:13 2012 +++ sudo-1.8.4p1/plugins/sudoers/defaults.h Tue Feb 21 05:17:00 2012 @@ -107,7 +107,7 @@ */ void dump_default(void); void init_defaults(void); -bool set_default(char *, char *, bool); +bool set_default(char *, char *, int); int update_defaults(int); extern struct sudo_defs_types sudo_defs_table[]; diff -urNa sudo-1.8.4/sudo.pp sudo-1.8.4p1/sudo.pp --- sudo-1.8.4/sudo.pp Thu Feb 16 11:31:25 2012 +++ sudo-1.8.4p1/sudo.pp Tue Feb 21 05:16:25 2012 @@ -74,14 +74,17 @@ # Note that the order must match that of sudoers. case "$pp_rpm_distro" in centos*|rhel*) + chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // /Desktop path settings/+1,s/^# // w q EOF + chmod u-w ${pp_destdir}${sudoersdir}/sudoers ;; sles*) + chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // /ConsoleKit session/+1,s/^# // @@ -90,6 +93,7 @@ w q EOF + chmod u-w ${pp_destdir}${sudoersdir}/sudoers ;; esac