Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Regenerate with latest autoconf from git. | Todd C. Miller | 2023-05-01 | 1 | -7/+4 |
| | |||||
* | Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. | Todd C. Miller | 2023-04-18 | 1 | -0/+3 |
| | |||||
* | Use built-in tests for bit types instead of using AC_CHECK_TYPES. | Todd C. Miller | 2023-03-22 | 1 | -58/+61 |
| | | | | | This should be more portable as it handles the quirks of some older systems. | ||||
* | Remove portable getcwd.c, nothing uses it anymore. | Todd C. Miller | 2023-03-16 | 1 | -3/+0 |
| | | | | Any operating system supported by sudo already includes getcwd(3). | ||||
* | Add checks for realpath(3) and a version from NetBSD for those without it. | Todd C. Miller | 2023-02-12 | 1 | -0/+11 |
| | |||||
* | Add configure test for NSIG, _NSIG or __NSIG. | Todd C. Miller | 2023-01-31 | 1 | -0/+12 |
| | | | | | This is better than just defining NSIG in sudo_compat.h if it is not defined since signal.h may not have been included. | ||||
* | Regen with latest autoconf git. | Todd C. Miller | 2023-01-27 | 1 | -1/+1 |
| | |||||
* | Eliminate usage of obsolete 2-argument AC_CHECK_TYPE macro. | Todd C. Miller | 2023-01-19 | 1 | -36/+78 |
| | |||||
* | Add support for the struct kinfo_proc on Dragonfly BSD. | Todd C. Miller | 2023-01-19 | 1 | -0/+3 |
| | |||||
* | sudo 1.9.13 | Todd C. Miller | 2022-12-26 | 1 | -8/+11 |
| | | | | | Document the changes to AIX plugins in docs/UPGRADE.md and regenerate configure using the latest autoconf from git. | ||||
* | Use C23 [[__fallthrough__]] and [[__noreturn__]] attributes if supported. | Todd C. Miller | 2022-11-29 | 1 | -4/+25 |
| | | | | | If the C23 attributes are not supported, use gcc-style attributes where possible. | ||||
* | Use AC_SYS_YEAR2038 instead of setting _TIME_BITS by hand. | Todd C. Miller | 2022-11-16 | 1 | -1/+1 |
| | |||||
* | Regenerate with the autoconf 2.72a pre-release. | Todd C. Miller | 2022-11-16 | 1 | -263/+267 |
| | |||||
* | Remove checks for random() and lrand48(), they are no longer used. | Todd C. Miller | 2022-11-11 | 1 | -6/+0 |
| | | | | Also remove duplicate checks for arc4random() and getentropy(). | ||||
* | configure: avoid running unnecessary tests on modern systems. | Todd C. Miller | 2022-11-11 | 1 | -9/+12 |
| | | | | | | | | Remove AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T. Add missing checks for int16_t, uint16_t, int32_t, and int64_t. Only check for intmax_t, uintmax_t and bit-width types if missing both inttypes.h and stdint.h. Remove unused clockid_t replacement. | ||||
* | Use mkdtempat_np() and mkostempsat_np() on macOS | Todd C. Miller | 2022-09-22 | 1 | -5/+5 |
| | |||||
* | Add fchownat() systems without it. | Todd C. Miller | 2022-09-21 | 1 | -0/+3 |
| | |||||
* | Add mkdtempat() and mkostempsat() for systems without them. | Todd C. Miller | 2022-09-21 | 1 | -0/+6 |
| | |||||
* | Move gcc-style __attribute__ macros to config.h.in | Todd C. Miller | 2022-09-07 | 1 | -1/+47 |
| | | | | | | | | Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike, __printf0like -> sudo_printf0like. Add sudo_noreturn instead of __attribute__((__noreturn__)). We do not use stdnoreturn.h since it has been deprecated in C23 in favor of the [[noreturn]] attribute. | ||||
* | Use process_vm_readv(2) and process_vm_writev(2) if available. | Todd C. Miller | 2022-08-25 | 1 | -0/+3 |
| | | | | | This is faster than reading/writing from/to the remote process one word at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA. | ||||
* | Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. | Todd C. Miller | 2022-06-07 | 1 | -3/+3 |
| | | | | This matches the actual prctl() call we use. | ||||
* | Avoid using vfork(2) in the DSO system(3) wrapper. | Todd C. Miller | 2022-06-03 | 1 | -3/+0 |
| | | | | | Traditional vfork(2) semantics make it unsafe for use for more than just vfork(2) + execve(2). | ||||
* | Add configure check for vfork(2) and fall back to fork(2) if missing. | Todd C. Miller | 2022-05-31 | 1 | -0/+3 |
| | |||||
* | Add a --with-apparmor build flag | kernelmethod | 2022-05-23 | 1 | -0/+3 |
| | | | | | | Add a new build flag, --with-apparmor, that builds sudo with AppArmor support. Modify the build script for Debian and Ubuntu to enable this flag by default. | ||||
* | Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU libc. | Todd C. Miller | 2022-04-19 | 1 | -0/+3 |
| | | | | | This should be replaced by a specialized autoconf macro when one becomes available. | ||||
* | Use close_range(2) in closefrom() emulation if available. | Todd C. Miller | 2022-03-01 | 1 | -0/+6 |
| | | | | | | | On Linux, prefer our own closefrom() emulation since the glibc version may fail if /proc is not present and close_range() is not supported. On FreeBSD, closefrom(3) will either call the closefrom or close_range system call, depending on which is available. | ||||
* | Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). | Todd C. Miller | 2021-12-11 | 1 | -0/+3 |
| | | | | This also allows us to make path const as it should be. | ||||
* | Use strtoul() on systems without strtoull(). | Todd C. Miller | 2021-11-08 | 1 | -0/+3 |
| | | | | We can assume that systems without strtoull() have 32-bit resource limits. | ||||
* | parse_gentime: use timegm() to generate time since the epoch | Todd C. Miller | 2021-10-31 | 1 | -0/+3 |
| | | | | | | The timegm() function is non-standard but widely available. Provide an implementation for those systems that lack it. Bug #1006 | ||||
* | wolfSSL not WolfSSL | Todd C. Miller | 2021-10-26 | 1 | -1/+1 |
| | |||||
* | Add support for WolfSSL's OpenSSL compatibility layer. | Todd C. Miller | 2021-10-25 | 1 | -0/+3 |
| | | | | Based on changes from Hayden Roche | ||||
* | arc4random: need to include sys/random.h on Solaris too. | Todd C. Miller | 2021-10-22 | 1 | -0/+3 |
| | | | | This was removed when Linux genentropy() was disabled. | ||||
* | Add an explicit check for sys/sysctl.h. | Todd C. Miller | 2021-10-20 | 1 | -0/+3 |
| | | | | | | This test needs to be done after AC_LANG_WERROR to avoid including sys/sysctl.h on systems where it is marked as deprecated via a #warning directive. | ||||
* | Use our own getentropy() by default on Linux. | Todd C. Miller | 2021-10-20 | 1 | -3/+0 |
| | | | | | | | The glibc getentropy() emulation will fail on older kernels that don't support getrandom(). Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure. GitHub issue #117. | ||||
* | Emulate closefrom() on macOS using proc_pidinfo(). | Todd C. Miller | 2021-09-27 | 1 | -0/+6 |
| | | | | | This avoids relying on /dev/fd which may not exist in a chroot jail. Adapted from a change in OpenSSH by likan_999.student AT sina.com | ||||
* | Add gmtime_r and localtime_r tests and compat if missing. | Todd C. Miller | 2021-09-17 | 1 | -0/+6 |
| | |||||
* | tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. | Todd C. Miller | 2021-09-17 | 1 | -0/+3 |
| | | | | | Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams on config reload. | ||||
* | Change intercept IPC to use a localhost socket instead of inherited fd. | Todd C. Miller | 2021-08-25 | 1 | -3/+0 |
| | | | | | | | | | | This allows intercept mode to work with shells that close all open fds upon startup. The ctor in sudo_intercept.so requests the port number and secret over the socket inherited from the parent then closes it. For each policy request, a TCP connection is made to the sudo parent process to perform the policy check. Child processes re-use the TCP socket to request the port number and secret just like the initial process started by sudo does. | ||||
* | Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). | Todd C. Miller | 2021-08-20 | 1 | -1/+4 |
| | | | | | This will define _LARGEFILE_SOURCE, if needed, to make the prototype visible on older systems. | ||||
* | We still need the pread/pwrite hack for HP-UX 11.11 at least. | Todd C. Miller | 2021-08-19 | 1 | -0/+14 |
| | | | | | This time around, avoid defining _LARGEFILE64_SOURCE and just declare pread64/pwrite64 ourselves. | ||||
* | Older Solaris has getusershell() et al but does not declare it. | Todd C. Miller | 2021-08-13 | 1 | -0/+4 |
| | |||||
* | If msg_control is not present in struct msghdr use msg_accrights instead. | Todd C. Miller | 2021-08-09 | 1 | -0/+3 |
| | | | | | | Fixes building on Solaris and probably others. It is possible to expose msg_control on Solaris but this requires a specific set of feature flag defines which can cause other complications. | ||||
* | Use TLS_method() instead of TLS_client_method() throughout. | Todd C. Miller | 2021-07-26 | 1 | -5/+2 |
| | | | | | | | | | | OpenSSL returns an error for SSL_accept() if TLS_client_method() was used to generate the context (LibreSSL doesn't care). Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method() were used in the TLS client and server initialization code respectively. This was refactored in sudo 1.9.7 to allow the code to be shared. Bug #988 | ||||
* | Add configure check for va_copy instead of using #ifdef | Todd C. Miller | 2021-07-25 | 1 | -0/+6 |
| | | | | | This prevents the va_copy compat #define from being used if sudo_compat.h is somehow included before stdarg.h. | ||||
* | Remove vsyslog(3) emulation, it is no longer used. | Todd C. Miller | 2021-06-14 | 1 | -3/+0 |
| | |||||
* | Remove the HP-UX 11.0 pread64() hack, it causes problems on modern HP-UX. | Todd C. Miller | 2021-04-20 | 1 | -10/+0 |
| | |||||
* | Add admin_flag sudoers option and make --enable-admin-flag take a path. | Todd C. Miller | 2021-02-16 | 1 | -4/+0 |
| | | | | | | It is now possible to disable the Ubuntu admin flag in sudoers or change its location. GitHub issue #56 | ||||
* | Add configure check for SSIZE_MAX | Todd C. Miller | 2021-02-08 | 1 | -0/+4 |
| | |||||
* | Fall back to a temp file if fmemopen() is not available(). | Todd C. Miller | 2021-02-07 | 1 | -0/+3 |
| | |||||
* | Regenerate configure script with autoconf 2.71. | Todd C. Miller | 2020-12-08 | 1 | -23/+82 |
| | | | | Also fix some warnings from the new version. |