isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,619 Commits 1 Branch 0 Tags
deef5e57fb37764b75d0a552f4903c6b51df73dc
Commit Graph

1107 Commits

Author SHA1 Message Date
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
4ac1237bd3 Sudo 1.9.11 2022-04-29 19:03:24 -06:00
Todd C. Miller
ec5164ced2 Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU libc. 
This should be replaced by a specialized autoconf macro when one
becomes available.
 2022-04-19 13:28:39 -06:00
Todd C. Miller
a1e20ddd95 Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private. 2022-04-04 10:13:28 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
cc4d7196ff Update to libtool 2.4.7. 2022-03-31 16:14:10 -06:00
Todd C. Miller
90501b7000 Fix check for EVP_MD_CTX_new using static libcrypto with dependencies. 2022-03-31 16:14:10 -06:00
Todd C. Miller
c77cba373a --enable-openssl: don't add non-existent directories to PKG_CONFIG_LIBDIR 2022-03-30 11:21:44 -06:00
Todd C. Miller
75a0e51590 Add sudo_closefrom() regression test. 2022-03-01 11:31:19 -07:00
Todd C. Miller
f1a697a8ff Use close_range(2) in closefrom() emulation if available. 
On Linux, prefer our own closefrom() emulation since the glibc
version may fail if /proc is not present and close_range() is not
supported.  On FreeBSD, closefrom(3) will either call the closefrom
or close_range system call, depending on which is available.
 2022-03-01 09:54:23 -07:00
Todd C. Miller
c3177ce831 Repair --enable-pvs-studio on Linux. 2022-03-01 09:42:07 -07:00
Todd C. Miller
10ca59097e Mention apple radar 3710161 in the comment about broken macOS poll(2). 2022-03-01 09:25:14 -07:00
Todd C. Miller
a57e979962 Adapt test harness for lib/util and move to regress directory. 2022-02-28 14:15:43 -07:00
Todd C. Miller
f35bbd5a3f Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script. 
It is easier to maintain these tests in script form.  The output
now more closely matches that of the other tests.  The harness
script can be invoked directly and supports running specific tests.
 2022-02-28 11:29:38 -07:00
Todd C. Miller
42f735c8dd Add configure check for gzclearerr() when using system zlib. 2022-02-24 19:13:53 -07:00
Todd C. Miller
68bc030c0c Fix PVS-Studio platform check for macOS. 2022-02-24 08:15:01 -07:00
Todd C. Miller
63b2a62f8a Substitute values in the example syslog.conf too. 
Also update ignore files for example changes
 2022-02-11 19:19:09 -07:00
Todd C. Miller
0bbe4b1813 Substitute paths set by configure in examples. Bug #1023 2022-02-11 19:07:08 -07:00
Todd C. Miller
85f9f2beb6 Sudo 1.9.10 2022-02-11 14:14:32 -07:00
Todd C. Miller
86d2173937 Add support for matching command and args using regular expressions. 
Either the command, its arguments or both may be (separate)
regular expressions.
 2022-02-10 18:26:24 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
ce9c6d17c5 Sudo 1.9.9 2021-11-24 06:52:50 -07:00
Todd C. Miller
289a045a4f Rename "doc" directory to "docs" for better GitHub compatibility. 2021-11-10 16:45:16 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
19065cb221 Use strtoul() on systems without strtoull(). 
We can assume that systems without strtoull() have 32-bit resource limits.
 2021-11-08 18:21:15 -07:00
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch 
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
 2021-10-31 09:27:34 -06:00
Todd C. Miller
fc5fa1bbd4 wolfSSL not WolfSSL 2021-10-26 19:00:16 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
a808f8e7e5 Fix setting _PATH_ASAN_LIB, need to double up the square brackets. 2021-10-23 15:27:20 -06:00
Todd C. Miller
ef3eb25a1b arc4random: need to include sys/random.h on Solaris too. 
This was removed when Linux genentropy() was disabled.
 2021-10-22 10:44:34 -06:00
Todd C. Miller
cccefb962b Improve macOS version detection to support macOS 11 and simplify legacy logic 
From Jeremy Huddleston Sequoia
 2021-10-20 19:31:57 -06:00
Todd C. Miller
9fbbca7b7a Always link libsudo_util.so with libcrypto.so if using OpenSSL. 
We may need to use RAND_bytes() in the getentropy() emulation.
 2021-10-20 18:59:13 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h. 
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
 2021-10-20 10:31:35 -06:00
Todd C. Miller
00e53b32e5 Use our own getentropy() by default on Linux. 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
 2021-10-20 09:53:01 -06:00
Todd C. Miller
64e5798318 Don't install sudoers.a when configured with --enable-static-sudoers. 
We already avoid installing it when --disable-shared-util is specified.
 2021-10-11 11:04:40 -06:00
Todd C. Miller
eaee7a0ebe Fix fuzzer build with when --enable-static-sudoers is used. 
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-shared to SUDOERS_LDFLAGS.
I've also removed the -static flag as it should not be needed.
 2021-10-07 08:19:11 -06:00
Todd C. Miller
8350307a2f Try to handle the case where libasan.so is a linker script. 
Fixes check_noexec with ASAN on Fedora where libasan.so just includes
the actual library file.
 2021-10-05 13:08:48 -06:00
Todd C. Miller
c5f983c643 Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 15:50:57 -06:00
Todd C. Miller
edf30c7273 Add "-z now" to hardened link options if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 13:31:47 -06:00
Todd C. Miller
476f00b82f Emulate closefrom() on macOS using proc_pidinfo(). 
This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in OpenSSH by likan_999.student AT sina.com
 2021-09-27 13:44:41 -06:00
Todd C. Miller
4fef09e1c2 Sudo 1.9.8p2 2021-09-20 18:40:48 -06:00
Todd C. Miller
a036cb0252 fix typo 2021-09-20 15:59:47 -06:00
Todd C. Miller
1d2512ae10 Remove now-unused CHECK_INTERCEPT variable. 2021-09-18 13:38:55 -06:00
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
78eb240642 When using pkg-config, don't assume the names of the ssl and crypto libs. 
On the HP-UX build machines these are named libssl_pic.a and
libcrypto_pic.a to avoid conflicting with the system libs.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4289e9609d Teach mkdep.pl about --tag=disable-static in LTFLAGS. 
If static objs are disabled we need to add explicit dependencies for
.o files.  The OpenBSD libtool doesn't use a pic object file when
linking executables so we need to build the non-pic objects too.
 2021-09-13 09:33:17 -06:00
Todd C. Miller
229dfe175d Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. 
The OpenSSL pkgconfig files only include -L paths, not -R paths.
Using SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
binaries will run (not just link).
 2021-09-13 09:33:12 -06:00
Todd C. Miller
921bc1c697 Use the EVP digest routines instead of calling SHA2 functions directly. 
Avoids compiler warnings with OpenSSL 3.0.  EVP_MD_CTX_new() is
only available for OpenSSL 1.1 and higher--we will fall back to
sudo's SHA2 code if necessary.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
052391da9c Add --enable-openssl-pkgconfig-template option. 
This can be used to find the correct openssl pkg-config file
if it is not named "openssl" (also libcrypto).
 2021-09-13 09:33:09 -06:00