The cfmakeraw(3) function exists but does not set VMIN to 1 or VTIME
to 0 in c_cc[] in struct termios, which makes it useless. The AIX
version also doesn't clear the CSIZE and PARENB flags from c_cflag.
We want the log server to work with the default configuration. If
the default certificate path exists, it will be used with the default
listener. If the user explicitly enabled a TLS listener we always
attempt to use it. If TLS was specified but no cert file was set,
the default location will be used (and an error will occur if the
cert cannot be loaded).
Previously, if multiple instances of the same command line option were
specified, the last one would be used. This meant that, for example,
"sudo -u someuser -u otheruser id" would run the command as "otheruser".
This has the potential to cause problems for programs that run sudo with
a user-specified command that do not use the "--" option to indicate
that no more options should be processed. While this is a bug in
the calling program, there is little downside to erroring out when
multiple options of the same type are specified on the command line.
Bug #924
Fixes a problem when there are multiple users with the same user-ID
where the PAM session modules could be called with the wrong user name.
Debian bug #734752
This makes it easier to detect a plaintext client sending to a
TLS port. Without this, the TLS server will be silent as it
waits for the client to initiate the TLS connection.
For TLS connections we now do the TLS handshake immediately before
the ServerHello message. This lets the client recieve an alert
from the server is there is a handshake error after the TLS connect
has succeeded. It also means that the contents of the ServerHello
are protected from a man-in-the-middle attack.
On some systems, poll() and select() can return EAGAIN instead
of ENOMEM if there is a kernel resource shortage. In this case
we just re-enter the event loop and retry.
Newer versions of python3-config only include libpython in the
output when the --embed is used. Otherwise, "python3-config --libs"
and "python3-config --ldflags" only list the libraries python is
dependent on and not the python library itself.
Both poll(2) and ppoll(2) will return EINVAL if the nfds function
argument is larger than the max files per process resource limit.
Prevent this by limiting the max number entries in the pfds[] array
to the RLIMIT_NOFILE soft limit.
