This patch will upgrade Sudo version 1.6.9 patchlevel 19 to Sudo
version 1.6.9 patchlevel 20. To apply:
$ cd sudo-1.6.9p19
$ patch -p1 < sudo-1.6.9p20.patch
diff -ura sudo-1.6.9p19/CHANGES sudo-1.6.9p20/CHANGES
--- sudo-1.6.9p19/CHANGES Wed Dec 3 12:45:45 2008
+++ sudo-1.6.9p20/CHANGES Wed Jan 28 11:08:36 2009
@@ -2149,3 +2149,10 @@
677) Fixed behavior when ^C it entered at the password prompt on MacOS.
Sudo 1.6.9p19 released.
+
+678) Only use the cached supplementory group vector when matching groups
+ for the invoking user.
+
+679) Fixed a compilation problem on AIX.
+
+Sudo 1.6.9p20 released.
diff -ura sudo-1.6.9p19/LICENSE sudo-1.6.9p20/LICENSE
--- sudo-1.6.9p19/LICENSE Tue Jun 12 13:08:04 2007
+++ sudo-1.6.9p20/LICENSE Wed Jan 28 11:15:52 2009
@@ -1,6 +1,6 @@
Sudo is distributed under the following ISC-style license:
- Copyright (c) 1994-1996,1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ Copyright (c) 1994-1996,1998-2009 Todd C. Miller <Todd.Miller@courtesan.com>
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
diff -ura sudo-1.6.9p19/Makefile.in sudo-1.6.9p20/Makefile.in
--- sudo-1.6.9p19/Makefile.in Wed Dec 3 12:46:32 2008
+++ sudo-1.6.9p20/Makefile.in Wed Jan 28 11:16:50 2009
@@ -20,7 +20,7 @@
#
# @configure_input@
#
-# $Sudo: Makefile.in,v 1.246.2.35 2008/12/03 17:46:32 millert Exp $
+# $Sudo: Makefile.in,v 1.246.2.36 2009/01/28 16:16:50 millert Exp $
#
#### Start of system configuration section. ####
@@ -134,7 +134,7 @@
LIBOBJS = @LIBOBJS@ @ALLOCA@
-VERSION = 1.6.9p19
+VERSION = 1.6.9p20
DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
LICENSE Makefile.in PORTING README README.LDAP \
diff -ura sudo-1.6.9p19/auth/aix_auth.c sudo-1.6.9p20/auth/aix_auth.c
--- sudo-1.6.9p19/auth/aix_auth.c Fri Nov 14 05:50:45 2008
+++ sudo-1.6.9p20/auth/aix_auth.c Wed Jan 28 11:15:18 2009
@@ -47,7 +47,7 @@
#include "sudo_auth.h"
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.18.2.6 2008/11/14 10:50:45 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.18.2.7 2009/01/28 16:15:18 millert Exp $";
#endif /* lint */
/*
@@ -81,8 +81,10 @@
struct passwd *pw;
sudo_auth *auth;
{
+#ifdef HAVE_UNSETENV
/* Unset AUTHSTATE as it may not be correct for the runas user. */
unsetenv("AUTHSTATE");
-
+#endif
+
return(AUTH_SUCCESS);
}
diff -ura sudo-1.6.9p19/config.h.in sudo-1.6.9p20/config.h.in
--- sudo-1.6.9p19/config.h.in Tue Dec 2 11:10:25 2008
+++ sudo-1.6.9p20/config.h.in Wed Jan 28 11:11:29 2009
@@ -444,6 +444,9 @@
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
+/* Define to 1 if you have the `unsetenv' function. */
+#undef HAVE_UNSETENV
+
/* Define to 1 if you have the `utimes' function. */
#undef HAVE_UTIMES
diff -ura sudo-1.6.9p19/configure sudo-1.6.9p20/configure
--- sudo-1.6.9p19/configure Tue Dec 2 11:11:53 2008
+++ sudo-1.6.9p20/configure Wed Jan 28 11:12:06 2009
@@ -11867,6 +11867,100 @@
fi
done
+
+for ac_func in unsetenv
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
fi
;;
*-*-hiuxmpp*)
diff -ura sudo-1.6.9p19/configure.in sudo-1.6.9p20/configure.in
--- sudo-1.6.9p19/configure.in Tue Dec 2 12:31:15 2008
+++ sudo-1.6.9p20/configure.in Wed Jan 28 11:15:18 2009
@@ -1,6 +1,6 @@
dnl
dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.413.2.56 2008/12/02 17:31:15 millert Exp $
+dnl $Sudo: configure.in,v 1.413.2.57 2009/01/28 16:15:18 millert Exp $
dnl
dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
@@ -1286,6 +1286,7 @@
# Use authenticate(3) as the default authentication method
if test X"$with_aixauth" = X""; then
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+ AC_CHECK_FUNCS(unsetenv)
fi
;;
*-*-hiuxmpp*)
diff -ura sudo-1.6.9p19/parse.c sudo-1.6.9p20/parse.c
--- sudo-1.6.9p19/parse.c Sun Nov 2 09:35:53 2008
+++ sudo-1.6.9p20/parse.c Tue Jan 27 19:50:01 2009
@@ -90,7 +90,7 @@
#endif /* HAVE_EXTENDED_GLOB */
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.21 2008/11/02 14:35:53 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.22 2009/01/28 00:50:01 millert Exp $";
#endif /* lint */
static int command_matches_dir __P((char *, size_t));
@@ -651,9 +651,11 @@
/*
* If the user has a supplementary group vector, check it first.
*/
- for (i = 0; i < user_ngroups; i++) {
- if (grp->gr_gid == user_groups[i])
- return(TRUE);
+ if (strcmp(user, user_name) == 0) {
+ for (i = 0; i < user_ngroups; i++) {
+ if (grp->gr_gid == user_groups[i])
+ return(TRUE);
+ }
}
if (grp->gr_mem != NULL) {
for (cur = grp->gr_mem; *cur; cur++) {
diff -ura sudo-1.6.9p19/sudo.cat sudo-1.6.9p20/sudo.cat
--- sudo-1.6.9p19/sudo.cat Wed Dec 3 12:47:20 2008
+++ sudo-1.6.9p20/sudo.cat Tue Jan 27 19:51:57 2009
@@ -61,7 +61,7 @@
-1.6.9p19 December 3, 2008 1
+1.6.9p20 January 27, 2008 1
@@ -127,7 +127,7 @@
-1.6.9p19 December 3, 2008 2
+1.6.9p20 January 27, 2008 2
@@ -193,7 +193,7 @@
-1.6.9p19 December 3, 2008 3
+1.6.9p20 January 27, 2008 3
@@ -259,7 +259,7 @@
-1.6.9p19 December 3, 2008 4
+1.6.9p20 January 27, 2008 4
@@ -325,7 +325,7 @@
-1.6.9p19 December 3, 2008 5
+1.6.9p20 January 27, 2008 5
@@ -391,7 +391,7 @@
-1.6.9p19 December 3, 2008 6
+1.6.9p20 January 27, 2008 6
@@ -457,7 +457,7 @@
-1.6.9p19 December 3, 2008 7
+1.6.9p20 January 27, 2008 7
@@ -523,7 +523,7 @@
-1.6.9p19 December 3, 2008 8
+1.6.9p20 January 27, 2008 8
@@ -589,6 +589,6 @@
-1.6.9p19 December 3, 2008 9
+1.6.9p20 January 27, 2008 9
diff -ura sudo-1.6.9p19/sudo.man.in sudo-1.6.9p20/sudo.man.in
--- sudo-1.6.9p19/sudo.man.in Wed Dec 3 12:47:20 2008
+++ sudo-1.6.9p20/sudo.man.in Wed Jan 28 11:16:50 2009
@@ -18,7 +18,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudo.man.in,v 1.29.2.29 2008/12/03 17:47:11 millert Exp $
+.\" $Sudo: sudo.man.in,v 1.29.2.30 2009/01/28 16:16:50 millert Exp $
.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
@@ -153,7 +153,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "December 3, 2008" "1.6.9p19" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -ura sudo-1.6.9p19/sudoers.cat sudo-1.6.9p20/sudoers.cat
--- sudo-1.6.9p19/sudoers.cat Wed Dec 3 12:47:20 2008
+++ sudo-1.6.9p20/sudoers.cat Tue Jan 27 19:52:00 2009
@@ -61,7 +61,7 @@
-1.6.9p19 December 3, 2008 1
+1.6.9p20 January 27, 2008 1
@@ -127,7 +127,7 @@
-1.6.9p19 December 3, 2008 2
+1.6.9p20 January 27, 2008 2
@@ -193,7 +193,7 @@
-1.6.9p19 December 3, 2008 3
+1.6.9p20 January 27, 2008 3
@@ -259,7 +259,7 @@
-1.6.9p19 December 3, 2008 4
+1.6.9p20 January 27, 2008 4
@@ -325,7 +325,7 @@
-1.6.9p19 December 3, 2008 5
+1.6.9p20 January 27, 2008 5
@@ -391,7 +391,7 @@
-1.6.9p19 December 3, 2008 6
+1.6.9p20 January 27, 2008 6
@@ -457,7 +457,7 @@
-1.6.9p19 December 3, 2008 7
+1.6.9p20 January 27, 2008 7
@@ -523,7 +523,7 @@
-1.6.9p19 December 3, 2008 8
+1.6.9p20 January 27, 2008 8
@@ -589,7 +589,7 @@
-1.6.9p19 December 3, 2008 9
+1.6.9p20 January 27, 2008 9
@@ -655,7 +655,7 @@
-1.6.9p19 December 3, 2008 10
+1.6.9p20 January 27, 2008 10
@@ -721,7 +721,7 @@
-1.6.9p19 December 3, 2008 11
+1.6.9p20 January 27, 2008 11
@@ -787,7 +787,7 @@
-1.6.9p19 December 3, 2008 12
+1.6.9p20 January 27, 2008 12
@@ -853,7 +853,7 @@
-1.6.9p19 December 3, 2008 13
+1.6.9p20 January 27, 2008 13
@@ -919,7 +919,7 @@
-1.6.9p19 December 3, 2008 14
+1.6.9p20 January 27, 2008 14
@@ -985,7 +985,7 @@
-1.6.9p19 December 3, 2008 15
+1.6.9p20 January 27, 2008 15
@@ -1051,7 +1051,7 @@
-1.6.9p19 December 3, 2008 16
+1.6.9p20 January 27, 2008 16
@@ -1117,7 +1117,7 @@
-1.6.9p19 December 3, 2008 17
+1.6.9p20 January 27, 2008 17
@@ -1183,7 +1183,7 @@
-1.6.9p19 December 3, 2008 18
+1.6.9p20 January 27, 2008 18
@@ -1249,7 +1249,7 @@
-1.6.9p19 December 3, 2008 19
+1.6.9p20 January 27, 2008 19
@@ -1315,7 +1315,7 @@
-1.6.9p19 December 3, 2008 20
+1.6.9p20 January 27, 2008 20
@@ -1381,7 +1381,7 @@
-1.6.9p19 December 3, 2008 21
+1.6.9p20 January 27, 2008 21
@@ -1447,7 +1447,7 @@
-1.6.9p19 December 3, 2008 22
+1.6.9p20 January 27, 2008 22
@@ -1513,7 +1513,7 @@
-1.6.9p19 December 3, 2008 23
+1.6.9p20 January 27, 2008 23
@@ -1579,6 +1579,6 @@
-1.6.9p19 December 3, 2008 24
+1.6.9p20 January 27, 2008 24
diff -ura sudo-1.6.9p19/sudoers.man.in sudo-1.6.9p20/sudoers.man.in
--- sudo-1.6.9p19/sudoers.man.in Wed Dec 3 12:47:20 2008
+++ sudo-1.6.9p20/sudoers.man.in Wed Jan 28 11:16:50 2009
@@ -18,7 +18,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudoers.man.in,v 1.45.2.31 2008/12/03 17:47:11 millert Exp $
+.\" $Sudo: sudoers.man.in,v 1.45.2.32 2009/01/28 16:16:50 millert Exp $
.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
@@ -153,7 +153,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "December 3, 2008" "1.6.9p19" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -ura sudo-1.6.9p19/version.h sudo-1.6.9p20/version.h
--- sudo-1.6.9p19/version.h Wed Dec 3 12:46:32 2008
+++ sudo-1.6.9p20/version.h Wed Jan 28 11:16:50 2009
@@ -17,12 +17,12 @@
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*
- * $Sudo: version.h,v 1.66.2.22 2008/12/03 17:46:32 millert Exp $
+ * $Sudo: version.h,v 1.66.2.23 2009/01/28 16:16:50 millert Exp $
*/
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static const char version[] = "1.6.9p19";
+static const char version[] = "1.6.9p20";
#endif /* _SUDO_VERSION_H */
diff -ura sudo-1.6.9p19/visudo.cat sudo-1.6.9p20/visudo.cat
--- sudo-1.6.9p19/visudo.cat Wed Dec 3 12:47:20 2008
+++ sudo-1.6.9p20/visudo.cat Tue Jan 27 19:52:03 2009
@@ -61,7 +61,7 @@
-1.6.9p19 December 3, 2008 1
+1.6.9p20 January 27, 2008 1
@@ -127,7 +127,7 @@
-1.6.9p19 December 3, 2008 2
+1.6.9p20 January 27, 2008 2
@@ -193,6 +193,6 @@
-1.6.9p19 December 3, 2008 3
+1.6.9p20 January 27, 2008 3
diff -ura sudo-1.6.9p19/visudo.man.in sudo-1.6.9p20/visudo.man.in
--- sudo-1.6.9p19/visudo.man.in Wed Dec 3 12:47:20 2008
+++ sudo-1.6.9p20/visudo.man.in Wed Jan 28 11:16:50 2009
@@ -17,7 +17,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: visudo.man.in,v 1.20.2.24 2008/12/03 17:47:11 millert Exp $
+.\" $Sudo: visudo.man.in,v 1.20.2.25 2009/01/28 16:16:50 millert Exp $
.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
.\"
.\" Standard preamble:
@@ -152,7 +152,7 @@
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "December 3, 2008" "1.6.9p19" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l