diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-12-26 10:47:51 -0700 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-12-26 10:47:51 -0700 |
commit | a7ec2c3b0bdc05f5bb655d8dbe36dc264acd5d18 (patch) | |
tree | 402804dcedd6b6121902ebf331453765590d65b0 | |
parent | c0fe77293fc9beda1338983e04e1220d127bf6c2 (diff) | |
download | sudo-a7ec2c3b0bdc05f5bb655d8dbe36dc264acd5d18.tar.gz |
sudo 1.9.13
Document the changes to AIX plugins in docs/UPGRADE.md and regenerate
configure using the latest autoconf from git.
-rw-r--r-- | INSTALL.md | 11 | ||||
-rw-r--r-- | NEWS | 76 | ||||
-rw-r--r-- | config.h.in | 19 | ||||
-rwxr-xr-x | configure | 711 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | docs/UPGRADE.md | 19 | ||||
-rwxr-xr-x | scripts/config.guess | 48 | ||||
-rwxr-xr-x | scripts/config.sub | 20 |
8 files changed, 383 insertions, 523 deletions
diff --git a/INSTALL.md b/INSTALL.md index 9946bd08b..9398aa76b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -332,6 +332,17 @@ Defaults are listed in brackets after the description. via the user's PATH) and the default libtool that comes with sudo. + --with-aix-soname=svr4 + Starting with version 1.9.13, sudo will build AIX-style + shared libraries and dynamic shared objects by default + instead of svr4-style.. This means that the default sudo + plugins are now .a (archive) files that contain a .so shared + object file instead of bare .so files. This was done to + improve compatibility with the AIX Freeware ecosystem, + specifically, the AIX Freeware build of OpenSSL. To restore + the old, pre-1.9.13 behavior, run configure using the + --with-aix-soname=svr4 option. + ### Optional features: --disable-root-mailer @@ -1,3 +1,79 @@ +What's new in Sudo 1.9.13 + + * Fixed a bug running relative commands via sudo when "log_subcmds" + is enabled. GitHub issue #194. + + * Fixed a signal handling bug when running sudo commands in a shell + script. Signals were not being forwarded to the command when + the sudo process was not run in its own process group. + + * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without + a newline and a backslash is the last character of the file. + + * Fixed a compilation error on Linux/aarch64. GitHub issue #197. + + * Fixed a potential use-after-free bug with cvtsudoers filtering. + GitHub issue #198. + + * Added a reminder to the default lecture that the password will + not echo. This line is only displayed when the pwfeedback option + is disabled. GitHub issue #195. + + * Fixed potential memory leaks in error paths. GitHub issues #199, + #202. + + * Fixed potential NULL dereferences on memory allocation failure. + GitHub issues #204, #211. + + * Sudo now uses C23-style attributes in function prototypes instead + of gcc-style attributes if supported. + + * Fixed a potential crash introduced in the fix for GitHub issue #134. + If a user's sudoers entry did not have any RunAs user's set, + running "sudo -U otheruser -l" would dereference a NULL pointer. + + * Added a new "list" pseudo-command in sudoers to allow a user to + list another user's privileges. Previously, only root or a user + with the ability to run any command as either root or the target + user on the current host could use the -U option. This also + includes a fix to the log entry when a user lacks permission to + run "sudo -U otheruser -l command". Previously, the logs would + indicate that the user tried to run the actual command, now the + log entry includes the list operation. + + * JSON logging now escapes control characters if they happen to + appear in the command or environment. + + * New Albanian translation from translationproject.org. + + * Regular expressions in sudoers or logsrvd.conf may no longer + contain consecutive repetition operators. This is implementation- + specific behavior according to POSIX, but some implementations + will allocate excessive amounts of memory. This mainly affects + the fuzzers. + + * Sudo now builds AIX-style shared libraries and dynamic shared + objects by default instead of svr4-style. This means that the + default sudo plugins are now .a (archive) files that contain a + .so shared object file instead of bare .so files. This was done + to improve compatibility with the AIX Freeware ecosystem, + specifically, the AIX Freeware build of OpenSSL. Sudo will still + load svr4-style .so plugins and if a .so file is requested, + either via sudo.conf or the sudoers file, and only the .a file + is present, sudo will convert the path from plugin.so to + plugin.a(plugin.so) when loading it. This ensures compatibility + with existing configurations. To restore the old, pre-1.9.13 + behavior, run configure using the --with-aix-soname=svr4 option. + + * Sudo no longer checks the ownership and mode of the plugins that + it loads. Plugins are configured via either the sudo.conf or + sudoers file which are trusted configuration files. These checks + suffered from time-of-check vs. time-of-use race conditions and + complicate loading plugins that are not simple paths. Ownership + and mode checks are still performed when loading the sudo.conf + and sudoers files, which do not suffer from race conditions. + The sudo.conf "developer_mode" setting is no longer used. + What's new in Sudo 1.9.12p1 * Sudo's configure script now does a better job of detecting when diff --git a/config.h.in b/config.h.in index 8c617c3fd..a7da6e7d1 100644 --- a/config.h.in +++ b/config.h.in @@ -319,7 +319,7 @@ /* Define to 1 if you have the 'freezero' function. */ #undef HAVE_FREEZERO -/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ +/* Define to 1 if fseeko (and ftello) are declared in stdio.h. */ #undef HAVE_FSEEKO /* Define to 1 if you have the 'fstatat' function. */ @@ -1350,11 +1350,15 @@ #ifndef __STDC_WANT_IEC_60559_DFP_EXT__ # undef __STDC_WANT_IEC_60559_DFP_EXT__ #endif +/* Enable extensions specified by C23 Annex F. */ +#ifndef __STDC_WANT_IEC_60559_EXT__ +# undef __STDC_WANT_IEC_60559_EXT__ +#endif /* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ #ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ # undef __STDC_WANT_IEC_60559_FUNCS_EXT__ #endif -/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */ +/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */ #ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ # undef __STDC_WANT_IEC_60559_TYPES_EXT__ #endif @@ -1383,18 +1387,17 @@ /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS -/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ +/* Define to 1 if necessary to make fseeko visible. */ #undef _LARGEFILE_SOURCE -/* Define for large files, on AIX-style hosts. */ +/* Define to 1 on platforms where this makes off_t a 64-bit type. */ #undef _LARGE_FILES -/* Number of bits in a timestamp, on hosts where this is settable. */ +/* Number of bits in time_t, on hosts where this is settable. */ #undef _TIME_BITS -#if !defined __MINGW_USE_VC2005_COMPAT && defined __MINGW32__ -# define __MINGW_USE_VC2005_COMPAT 1 /* For 64-bit time_t. */ -#endif +/* Define to 1 on platforms where this makes time_t a 64-bit type. */ +#undef __MINGW_USE_VC2005_COMPAT /* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__ */ @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72a for sudo 1.9.12p1. +# Generated by GNU Autoconf 2.72a for sudo 1.9.13. # # Report bugs to <https://bugzilla.sudo.ws/>. # @@ -614,8 +614,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.12p1' -PACKAGE_STRING='sudo 1.9.12p1' +PACKAGE_VERSION='1.9.13' +PACKAGE_STRING='sudo 1.9.13' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -655,6 +655,8 @@ ac_includes_default="\ ac_header_c_list= ac_func_c_list= ac_c_werror_flag= +enable_year2038=yes +enable_largefile=yes ac_subst_vars='LTLIBOBJS KRB5CONFIG LIBOBJS @@ -1059,11 +1061,11 @@ enable_intercept with_noexec with_netsvc enable_sia -enable_largefile -enable_year2038 with_pam_login enable_pam_session enable_kerb5_instance +enable_year2038 +enable_largefile ' ac_precious_vars='SENDMAILPROG VIPROG @@ -1633,7 +1635,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures sudo 1.9.12p1 to adapt to many kinds of systems. +'configure' configures sudo 1.9.13 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1670,7 +1672,7 @@ Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [/etc] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] @@ -1699,7 +1701,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.12p1:";; + short | recursive ) echo "Configuration of sudo 1.9.13:";; esac cat <<\_ACEOF @@ -1773,11 +1775,11 @@ Optional Features: --disable-libtool-lock avoid locking (might break parallel builds) --enable-intercept fully qualified pathname of sudo_intercept.so --disable-sia Disable SIA on Digital UNIX - --disable-largefile omit support for large files - --disable-year2038 omit support for timestamps past the year 2038 --disable-pam-session Disable PAM session support --enable-kerb5-instance instance string to append to the username (separated by a slash) + --disable-year2038 do not support timestamps after 2038 + --disable-largefile omit support for large files Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1990,7 +1992,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.12p1 +sudo configure 1.9.13 generated by GNU Autoconf 2.72a Copyright (C) 2022 Free Software Foundation, Inc. @@ -2668,7 +2670,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.12p1, which was +It was created by sudo $as_me 1.9.13, which was generated by GNU Autoconf 2.72a. Invocation command line was $ $0$ac_configure_args_raw @@ -4877,6 +4879,8 @@ printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; } printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h @@ -19510,7 +19514,7 @@ main (void) /* Refer to every declared value, so they cannot be discarded as unused. */ - return (!b + !c + !d + !e + !f + !g + !h + !i + !j + !k + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !j + !k + !l + !m + !n + !o + !p + !pp + !ps); ; @@ -19628,104 +19632,23 @@ done # # Check for large file and 64-bit time support. # -# Check whether --enable-largefile was given. -if test ${enable_largefile+y} -then : - enableval=$enable_largefile; -fi - -if test "$enable_largefile" != no + if test "$enable_largefile" != no then : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -printf %s "checking for special C compiler options needed for large files... " >&6; } -if test ${ac_cv_sys_largefile_CC+y} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable large file support" >&5 +printf %s "checking for $CC option to enable large file support... " >&6; } +if test ${ac_cv_sys_largefile_opts+y} then : printf %s "(cached) " >&6 else case e in #( - e) ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ - - ; - return 0; -} -_ACEOF - if ac_fn_c_try_compile "$LINENO" -then : - break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam - CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO" + e) ac_save_CC="$CC" + ac_opt_found=no + for ac_opt in "none needed" "-D_FILE_OFFSET_BITS=64" "-D_LARGE_FILES=1" "-n32"; do + if test x"$ac_opt" != x"none needed" then : - ac_cv_sys_largefile_CC=' -n32'; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi ;; -esac + CC="$ac_save_CC $ac_opt" fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if test ${ac_cv_sys_file_offset_bits+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_sys_file_offset_bits=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#undef _FILE_OFFSET_BITS -#define _FILE_OFFSET_BITS 64 #include <sys/types.h> /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, @@ -19745,149 +19668,56 @@ main (void) _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_file_offset_bits=64; break + ac_cv_sys_largefile_opts="$ac_opt" + ac_opt_found=yes fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown - break -done ;; + test $ac_opt_found = no || break + done + CC="$ac_save_CC" + test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;; esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h -;; -esac -rm -rf conftest* - case $ac_cv_sys_file_offset_bits in #( - unknown) : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } -if test ${ac_cv_sys_large_files+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_opts" >&5 +printf "%s\n" "$ac_cv_sys_largefile_opts" >&6; } - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_sys_large_files=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#undef _LARGE_FILES -#define _LARGE_FILES 1 -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ +ac_have_largefile=yes +case $ac_cv_sys_largefile_opts in #( + "none needed") : + ;; #( + "support not detected") : + ac_have_largefile=no ;; #( + "-D_FILE_OFFSET_BITS=64") : - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_sys_large_files=1; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done ;; -esac -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -printf "%s\n" "$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h -;; -esac -rm -rf conftest* ;; #( - 64) : +printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h + ;; #( + "-D_LARGE_FILES=1") : - # Check whether --enable-year2038 was given. -if test ${enable_year2038+y} -then : - enableval=$enable_year2038; -fi +printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h + ;; #( + "-n32") : + CC="$CC -n32" ;; #( + *) : + as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;; +esac - if test "$enable_year2038" != no + if test "$enable_year2038" != no then : - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for time_t past the year 2038" >&5 -printf %s "checking for time_t past the year 2038... " >&6; } -if test ${ac_cv_type_time_t_y2038+y} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable timestamps after Jan 2038" >&5 +printf %s "checking for $CC option to enable timestamps after Jan 2038... " >&6; } +if test ${ac_cv_sys_year2038_opts+y} then : printf %s "(cached) " >&6 else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include <time.h> - /* Check that time_t can represent 2**32 - 1 correctly. */ - #define LARGE_TIME_T \\ - ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30))) - int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535 - && LARGE_TIME_T % 65537 == 0) - ? 1 : -1]; - -_ACEOF -if ac_fn_c_try_compile "$LINENO" + e) ac_save_CPPFLAGS="$CPPFLAGS" + ac_opt_found=no + for ac_opt in "none needed" "-D_TIME_BITS=64" "-D__MINGW_USE_VC2005_COMPAT" "-U_USE_32_BIT_TIME_T -D__MINGW_USE_VC2005_COMPAT"; do + if test x"$ac_opt" != x"none needed" then : - ac_cv_type_time_t_y2038=yes -else case e in #( - e) ac_cv_type_time_t_y2038=no ;; -esac -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ;; -esac + CPPFLAGS="$ac_save_CPPFLAGS $ac_opt" fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_y2038" >&5 -printf "%s\n" "$ac_cv_type_time_t_y2038" >&6; } - if test "$ac_cv_type_time_t_y2038" = no; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit time_t with _TIME_BITS=64" >&5 -printf %s "checking for 64-bit time_t with _TIME_BITS=64... " >&6; } -if test ${ac_cv_type_time_t_bits_macro+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define _TIME_BITS 64 - #define _FILE_OFFSET_BITS 64 #include <time.h> /* Check that time_t can represent 2**32 - 1 correctly. */ @@ -19897,221 +19727,95 @@ else case e in #( && LARGE_TIME_T % 65537 == 0) ? 1 : -1]; +int +main (void) +{ + + ; + return 0; +} _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ac_cv_type_time_t_bits_macro=yes -else case e in #( - e) ac_cv_type_time_t_bits_macro=no ;; -esac + ac_cv_sys_year2038_opts="$ac_opt" + ac_opt_found=yes fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ;; + test $ac_opt_found = no || break + done + CPPFLAGS="$ac_save_CPPFLAGS" + test $ac_opt_found = yes || ac_cv_sys_year2038_opts="support not detected" ;; esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_bits_macro" >&5 -printf "%s\n" "$ac_cv_type_time_t_bits_macro" >&6; } - if test "$ac_cv_type_time_t_bits_macro" = yes; then - -printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h - - -printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h - - ac_cv_type_time_t_y2038=yes - fi - fi - if test $ac_cv_type_time_t_y2038 = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef _USE_32BIT_TIME_T - int ok; - #else - error fail - #endif +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_year2038_opts" >&5 +printf "%s\n" "$ac_cv_sys_year2038_opts" >&6; } -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +ac_have_year2038=yes +case $ac_cv_sys_year2038_opts in #( + "none needed") : + ;; #( + "support not detected") : + ac_have_year2038=no + case $enable_year2038 in #( + yes) : + # If we're not cross compiling and 'touch' works with a large + # timestamp, then we can presume the system supports wider time_t + # *somehow* and we just weren't able to detect it. One common + # case that we deliberately *don't* probe for is a system that + # supports both 32- and 64-bit ABIs but only the 64-bit ABI offers + # wide time_t. (It would be inappropriate for us to override an + # intentional use of -m32.) Error out, demanding use of + # --disable-year2038 if this is intentional. + if test $cross_compiling = no +then : + if TZ=UTC0 touch -t 210602070628.15 conftest.time 2>/dev/null +then : + case `TZ=UTC0 LC_ALL=C ls -l conftest.time 2>/dev/null` in #( + *'Feb 7 2106'* | *'Feb 7 17:10'*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} -as_fn_error $? "The 'time_t' type stops working after January 2038. - Remove _USE_32BIT_TIME_T from the compiler flags. -See 'config.log' for more details" "$LINENO" 5; } -else case e in #( - e) # If not cross-compiling and says we should check, - # and 'touch' works with a large timestamp, then evidently wider time_t - # is desired and supported, so fail and ask the builder to fix the - # problem. Otherwise, just warn the builder. - - if test "$ac_warned_about_y2038" != yes; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: The 'time_t' type stops working after January 2038, - and this package needs a wider 'time_t' type - if there is any way to access timestamps after that. - Configure with 'CC=\"${CC} -m64\"' perhaps?" >&5 -printf "%s\n" "$as_me: WARNING: The 'time_t' type stops working after January 2038, - and this package needs a wider 'time_t' type - if there is any way to access timestamps after that. - Configure with 'CC=\"${CC} -m64\"' perhaps?" >&2;} - ac_warned_about_y2038=yes - fi - ;; -esac -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - fi -fi - ;; #( +as_fn_error $? "this system appears to support timestamps after +January 2038, but no mechanism for enabling wide +'time_t' was detected. Did you mean to build a 64-bit +binary? (e.g. 'CC=\"${CC} -m64\"'.) To proceed with +32-bit time_t, configure with '--disable-year2038'. +See 'config.log' for more details" "$LINENO" 5; } ;; #( *) : ;; esac fi - - - - - - # Check whether --enable-year2038 was given. -if test ${enable_year2038+y} -then : - enableval=$enable_year2038; -fi - - if test "$enable_year2038" != no -then : - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for time_t past the year 2038" >&5 -printf %s "checking for time_t past the year 2038... " >&6; } -if test ${ac_cv_type_time_t_y2038+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include <time.h> - /* Check that time_t can represent 2**32 - 1 correctly. */ - #define LARGE_TIME_T \\ - ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30))) - int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535 - && LARGE_TIME_T % 65537 == 0) - ? 1 : -1]; - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_type_time_t_y2038=yes -else case e in #( - e) ac_cv_type_time_t_y2038=no ;; -esac -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +fi ;; #( + *) : ;; -esac -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_y2038" >&5 -printf "%s\n" "$ac_cv_type_time_t_y2038" >&6; } - if test "$ac_cv_type_time_t_y2038" = no; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit time_t with _TIME_BITS=64" >&5 -printf %s "checking for 64-bit time_t with _TIME_BITS=64... " >&6; } -if test ${ac_cv_type_time_t_bits_macro+y} -then : - printf %s "(cached) " >&6 -else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _TIME_BITS 64 - #define _FILE_OFFSET_BITS 64 +esac ;; #( + "-D_TIME_BITS=64") : - #include <time.h> - /* Check that time_t can represent 2**32 - 1 correctly. */ - #define LARGE_TIME_T \\ - ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30))) - int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535 - && LARGE_TIME_T % 65537 == 0) - ? 1 : -1]; +printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h + ;; #( + "-D__MINGW_USE_VC2005_COMPAT=1") : -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_type_time_t_bits_macro=yes -else case e in #( - e) ac_cv_type_time_t_bits_macro=no ;; -esac -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ;; +printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h + ;; #( + "-U_USE_32_BIT_TIME_T"*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It +will stop working after January 2038. Remove +_USE_32BIT_TIME_T from the compiler flags. +See 'config.log' for more details" "$LINENO" 5; } ;; #( + *) : + as_fn_error $? "internal error: bad value for \$ac_cv_sys_year2038_opts" "$LINENO" 5 ;; esac -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_time_t_bits_macro" >&5 -printf "%s\n" "$ac_cv_type_time_t_bits_macro" >&6; } - if test "$ac_cv_type_time_t_bits_macro" = yes; then - -printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h +fi -printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h - ac_cv_type_time_t_y2038=yes - fi - fi - if test $ac_cv_type_time_t_y2038 = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef _USE_32BIT_TIME_T - int ok; - #else - error fail - #endif -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} -as_fn_error $? "The 'time_t' type stops working after January 2038. - Remove _USE_32BIT_TIME_T from the compiler flags. -See 'config.log' for more details" "$LINENO" 5; } -else case e in #( - e) # If not cross-compiling and require-year2038-safe says we should check, - # and 'touch' works with a large timestamp, then evidently wider time_t - # is desired and supported, so fail and ask the builder to fix the - # problem. Otherwise, just warn the builder. - if test $cross_compiling = no \ - && TZ=UTC0 touch -t 210602070628.15 conftest.time 2>/dev/null; then - case `TZ=UTC0 LC_ALL=C ls -l conftest.time 2>/dev/null` in - *'Feb 7 2106'* | *'Feb 7 17:10'*) - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} -as_fn_error $? "The 'time_t' type stops working after January 2038, - and your system appears to support a wider 'time_t'. - Try configuring with 'CC=\"${CC} -m64\"'. - To build with a 32-bit time_t anyway (not recommended), - configure with '--disable-year2038'. -See 'config.log' for more details" "$LINENO" 5; };; - esac - rm -f conftest.time - fi - if test "$ac_warned_about_y2038" != yes; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: The 'time_t' type stops working after January 2038, - and this package needs a wider 'time_t' type - if there is any way to access timestamps after that. - Configure with 'CC=\"${CC} -m64\"' perhaps?" >&5 -printf "%s\n" "$as_me: WARNING: The 'time_t' type stops working after January 2038, - and this package needs a wider 'time_t' type - if there is any way to access timestamps after that. - Configure with 'CC=\"${CC} -m64\"' perhaps?" >&2;} - ac_warned_about_y2038=yes - fi - ;; -esac -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - fi fi + # # HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL. # Also, HP-UX 11.23 has a broken sys/types.h when large files support @@ -21761,88 +21465,99 @@ printf "%s\n" "#define HAVE_GETGROUPS 1" >>confdefs.h esac LIBS=$ac_save_LIBS -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 -printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } -if test ${ac_cv_sys_largefile_source+y} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for declarations of fseeko and ftello" >&5 +printf %s "checking for declarations of fseeko and ftello... " >&6; } +if test ${ac_cv_func_fseeko_ftello+y} then : printf %s "(cached) " >&6 else case e in #( - e) while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ + #if defined __hpux && !defined _LARGEFILE_SOURCE - #include <limits.h> - #if LONG_MAX >> 31 == 0 - #error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++" - #endif - #endif - #include <sys/types.h> /* for off_t */ - #include <stdio.h> +# include <limits.h> +# if LONG_MAX >> 31 == 0 +# error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++" +# endif +#endif +#include <sys/types.h> /* for off_t */ +#include <stdio.h> + int main (void) { -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + + int (*fp1) (FILE *, off_t, int) = fseeko; + off_t (*fp2) (FILE *) = ftello; + return fseeko (stdin, 0, 0) + && fp1 (stdin, 0, 0) + && ftello (stdin) >= 0 + && fp2 (stdin) >= 0; + ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_largefile_source=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_cv_func_fseeko_ftello=yes +else case e in #( + e) ac_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE=1" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#undef _LARGEFILE_SOURCE -#define _LARGEFILE_SOURCE 1 + #if defined __hpux && !defined _LARGEFILE_SOURCE - #include <limits.h> - #if LONG_MAX >> 31 == 0 - #error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++" - #endif - #endif - #include <sys/types.h> /* for off_t */ - #include <stdio.h> +# include <limits.h> +# if LONG_MAX >> 31 == 0 +# error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++" +# endif +#endif +#include <sys/types.h> /* for off_t */ +#include <stdio.h> + int main (void) { -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + + int (*fp1) (FILE *, off_t, int) = fseeko; + off_t (*fp2) (FILE *) = ftello; + return fseeko (stdin, 0, 0) + && fp1 (stdin, 0, 0) + && ftello (stdin) >= 0 + && fp2 (stdin) >= 0; + ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_largefile_source=1; break + ac_cv_func_fseeko_ftello="need _LARGEFILE_SOURCE" +else case e in #( + e) ac_cv_func_fseeko_ftello=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - ac_cv_sys_largefile_source=unknown - break -done ;; +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 -printf "%s\n" "$ac_cv_sys_largefile_source" >&6; } -case $ac_cv_sys_largefile_source in #( - no | unknown) ;; - *) -printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h -;; +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; esac -rm -rf conftest* - -# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug -# in glibc 2.1.3, but that breaks too many other things. -# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. -if test $ac_cv_sys_largefile_source != unknown; then +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fseeko_ftello" >&5 +printf "%s\n" "$ac_cv_func_fseeko_ftello" >&6; } +if test "$ac_cv_func_fseeko_ftello" != no +then : printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h fi +if test "$ac_cv_func_fseeko_ftello" = "need _LARGEFILE_SOURCE" +then : + +printf "%s\n" "#define _LARGEFILE_SOURCE 1" >>confdefs.h + +fi ac_func= for ac_item in $ac_func_c_list @@ -24488,7 +24203,7 @@ fi libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" libssl_extra="`echo $libssl | sed 's/^[^ ]* *//'`" libssl="`echo $libssl | sed 's/ .*//'`" - as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_SSL_new$libssl_extra" | sed "$as_sed_sh"` + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_SSL_new" | sed "$as_sed_sh"` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -l$libssl" >&5 printf %s "checking for SSL_new in -l$libssl... " >&6; } if eval test \${$as_ac_Lib+y} @@ -24711,7 +24426,7 @@ fi ;; esac done - as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto""_EVP_MD_CTX_new$libcrypto_extra" | sed "$as_sed_sh"` + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto""_EVP_MD_CTX_new" | sed "$as_sed_sh"` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l$libcrypto" >&5 printf %s "checking for EVP_MD_CTX_new in -l$libcrypto... " >&6; } if eval test \${$as_ac_Lib+y} @@ -24999,7 +24714,7 @@ fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 printf %s "checking for SSL_new in -lssl... " >&6; } -if test ${ac_cv_lib_ssl_SSL_new_lcrypto+y} +if test ${ac_cv_lib_ssl_SSL_new+y} then : printf %s "(cached) " >&6 else case e in #( @@ -25028,9 +24743,9 @@ return SSL_new (); _ACEOF if ac_fn_c_try_link "$LINENO" then : - ac_cv_lib_ssl_SSL_new_lcrypto=yes + ac_cv_lib_ssl_SSL_new=yes else case e in #( - e) ac_cv_lib_ssl_SSL_new_lcrypto=no ;; + e) ac_cv_lib_ssl_SSL_new=no ;; esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ @@ -25038,9 +24753,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \ LIBS=$ac_check_lib_save_LIBS ;; esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new_lcrypto" >&5 -printf "%s\n" "$ac_cv_lib_ssl_SSL_new_lcrypto" >&6; } -if test "x$ac_cv_lib_ssl_SSL_new_lcrypto" = xyes +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new" >&5 +printf "%s\n" "$ac_cv_lib_ssl_SSL_new" >&6; } +if test "x$ac_cv_lib_ssl_SSL_new" = xyes then : # Check OPENSSL_VERSION_NUMBER in headers @@ -25434,7 +25149,7 @@ fi libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" libssl_extra=`echo $libssl | sed 's/^[^ ]* *//'` libssl=`echo $libssl | sed 's/ .*//'` - as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_wolfSSL_new$libssl_extra" | sed "$as_sed_sh"` + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_wolfSSL_new" | sed "$as_sed_sh"` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for wolfSSL_new in -l$libssl" >&5 printf %s "checking for wolfSSL_new in -l$libssl... " >&6; } if eval test \${$as_ac_Lib+y} @@ -28260,10 +27975,9 @@ if test ${with_pam-"no"} != "no"; then # Check for pam_start() in libpam first, then for pam_appl.h. # found_pam_lib=no - as_ac_Lib=`printf "%s\n" "ac_cv_lib_pam_pam_start$lt_cv_dlopen_libs" | sed "$as_sed_sh"` -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 printf %s "checking for pam_start in -lpam... " >&6; } -if eval test \${$as_ac_Lib+y} +if test ${ac_cv_lib_pam_pam_start+y} then : printf %s "(cached) " >&6 else case e in #( @@ -28292,9 +28006,9 @@ return pam_start (); _ACEOF if ac_fn_c_try_link "$LINENO" then : - eval "$as_ac_Lib=yes" + ac_cv_lib_pam_pam_start=yes else case e in #( - e) eval "$as_ac_Lib=no" ;; + e) ac_cv_lib_pam_pam_start=no ;; esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ @@ -28302,10 +28016,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \ LIBS=$ac_check_lib_save_LIBS ;; esac fi -eval ac_res=\$$as_ac_Lib - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -printf "%s\n" "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Lib"\" = x"yes" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 +printf "%s\n" "$ac_cv_lib_pam_pam_start" >&6; } +if test "x$ac_cv_lib_pam_pam_start" = xyes then : found_pam_lib=yes fi @@ -34737,6 +34450,18 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs +# Check whether --enable-year2038 was given. +if test ${enable_year2038+y} +then : + enableval=$enable_year2038; +fi + +# Check whether --enable-largefile was given. +if test ${enable_largefile+y} +then : + enableval=$enable_largefile; +fi + : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -35130,7 +34855,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.12p1, which was +This file was extended by sudo $as_me 1.9.13, which was generated by GNU Autoconf 2.72a. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -35198,7 +34923,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.12p1 +sudo config.status 1.9.13 configured by $0, generated by GNU Autoconf 2.72a, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 6823b840a..8d67657c6 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.70]) -AC_INIT([sudo], [1.9.12p1], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.13], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) diff --git a/docs/UPGRADE.md b/docs/UPGRADE.md index 5b2271cec..43a315a58 100644 --- a/docs/UPGRADE.md +++ b/docs/UPGRADE.md @@ -1,6 +1,25 @@ Notes on upgrading from an older release ======================================== + * Upgrading from a version prior to 1.9.13: + + Sudo now builds AIX-style shared libraries and dynamic shared + objects by default instead of svr4-style. This means that the + default sudo plugins are now .a (archive) files that contain a + .so shared object file instead of bare .so files. This was done + to improve compatibility with the AIX Freeware ecosystem, + specifically, the AIX Freeware build of OpenSSL. When loading + a .a file as a plugin the name of the included .so file must + also be specified, for example /usr/libexec/sudo/sudoers.a(sudoers.so). + + Sudo is still capable of loading svr4-style .so plugins and if + a .so file is requested, either via sudo.conf or the sudoers + file, and only the .a file is present, sudo will convert the + path from plugin.so to plugin.a(plugin.so). This ensures + compatibility with existing configurations. To restore the old, + pre-1.9.13 behavior, run configure using the --with-aix-soname=svr4 + option. + * Upgrading from a version prior to 1.9.10: Sudo now interprets a command line argument in sudoers that diff --git a/scripts/config.guess b/scripts/config.guess index e81d3ae7c..1817bdce9 100755 --- a/scripts/config.guess +++ b/scripts/config.guess @@ -1,14 +1,14 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2021 Free Software Foundation, Inc. +# Copyright 1992-2022 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2021-06-03' +timestamp='2022-05-25' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -60,7 +60,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2021 Free Software Foundation, Inc. +Copyright 1992-2022 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -437,7 +437,7 @@ case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in # This test works for both compilers. if test "$CC_FOR_BUILD" != no_compiler_found; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH=x86_64 @@ -929,6 +929,9 @@ EOF i*:PW*:*) GUESS=$UNAME_MACHINE-pc-pw32 ;; + *:SerenityOS:*:*) + GUESS=$UNAME_MACHINE-pc-serenity + ;; *:Interix*:*) case $UNAME_MACHINE in x86) @@ -1148,16 +1151,27 @@ EOF ;; x86_64:Linux:*:*) set_cc_for_build + CPU=$UNAME_MACHINE LIBCABI=$LIBC if test "$CC_FOR_BUILD" != no_compiler_found; then - if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_X32 >/dev/null - then - LIBCABI=${LIBC}x32 - fi + ABI=64 + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __i386__ + ABI=x86 + #else + #ifdef __ILP32__ + ABI=x32 + #endif + #endif +EOF + cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'` + eval "$cc_set_abi" + case $ABI in + x86) CPU=i686 ;; + x32) LIBCABI=${LIBC}x32 ;; + esac fi - GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI + GUESS=$CPU-pc-linux-$LIBCABI ;; xtensa*:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC @@ -1364,8 +1378,11 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. GUESS=i586-pc-haiku ;; - x86_64:Haiku:*:*) - GUESS=x86_64-unknown-haiku + ppc:Haiku:*:*) # Haiku running on Apple PowerPC + GUESS=powerpc-apple-haiku + ;; + *:Haiku:*:*) # Haiku modern gcc (not bound by BeOS compat) + GUESS=$UNAME_MACHINE-unknown-haiku ;; SX-4:SUPER-UX:*:*) GUESS=sx4-nec-superux$UNAME_RELEASE @@ -1522,6 +1539,9 @@ EOF i*86:rdos:*:*) GUESS=$UNAME_MACHINE-pc-rdos ;; + i*86:Fiwix:*:*) + GUESS=$UNAME_MACHINE-pc-fiwix + ;; *:AROS:*:*) GUESS=$UNAME_MACHINE-unknown-aros ;; diff --git a/scripts/config.sub b/scripts/config.sub index d74fb6dea..dba16e84c 100755 --- a/scripts/config.sub +++ b/scripts/config.sub @@ -1,14 +1,14 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2021 Free Software Foundation, Inc. +# Copyright 1992-2022 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2021-08-14' +timestamp='2022-01-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -76,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2021 Free Software Foundation, Inc. +Copyright 1992-2022 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -1020,6 +1020,11 @@ case $cpu-$vendor in ;; # Here we normalize CPU types with a missing or matching vendor + armh-unknown | armh-alt) + cpu=armv7l + vendor=alt + basic_os=${basic_os:-linux-gnueabihf} + ;; dpx20-unknown | dpx20-bull) cpu=rs6000 vendor=bull @@ -1121,7 +1126,7 @@ case $cpu-$vendor in xscale-* | xscalee[bl]-*) cpu=`echo "$cpu" | sed 's/^xscale/arm/'` ;; - arm64-*) + arm64-* | aarch64le-*) cpu=aarch64 ;; @@ -1304,7 +1309,7 @@ esac if test x$basic_os != x then -# First recognize some ad-hoc caes, or perhaps split kernel-os, or else just +# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just # set os. case $basic_os in gnu/linux*) @@ -1748,7 +1753,8 @@ case $os in | skyos* | haiku* | rdos* | toppers* | drops* | es* \ | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ - | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr*) + | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ + | fiwix* ) ;; # This one is extra strict with allowed versions sco3.2v2 | sco3.2v[4-9]* | sco5v6*) |