# HG changeset patch # User Vladimir Marek # Date 1404888679 -7200 # Node ID 77f1ff9ca70fe7ce6fdc73d1a3b9e645ddae2044 # Parent 6c32d6df504acebc9ca7fd60ee254746fb06e629 17890284 Update to sudo version 1.8.9p5 diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/Makefile --- a/components/sudo/Makefile Tue Jul 22 10:48:13 2014 -0700 +++ b/components/sudo/Makefile Wed Jul 09 08:51:19 2014 +0200 @@ -25,28 +25,30 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= sudo -SRC_VERSION= 1.8.6 -SRC_PATCH_VERSION= 7 +SRC_VERSION= 1.8.9 +SRC_PATCH_VERSION= 5 COMPONENT_VERSION= $(SRC_VERSION).$(SRC_PATCH_VERSION) COMPONENT_SRC= $(COMPONENT_NAME)-$(SRC_VERSION)p$(SRC_PATCH_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:301089edb22356f59d097f6abbe1303f03927a38691b02959d618546c2125036 + sha256:bc9d5c96de5f8b4d2b014f87a37870aef60d2891c869202454069150a21a5c21 COMPONENT_ARCHIVE_URL= http://www.sudo.ws/sudo/dist/$(COMPONENT_ARCHIVE) COMPONENT_PROJECT_URL= http://www.sudo.ws/ COMPONENT_BUGDB= utility/sudo +TPNO= 16733 + include $(WS_TOP)/make-rules/prep.mk include $(WS_TOP)/make-rules/configure.mk include $(WS_TOP)/make-rules/ips.mk -# configure.in has been patched, so re-generate configure file COMPONENT_PREP_ACTION = ( cd $(@D) ; $(AUTORECONF) -f -I m4 ) CONFIGURE_ENV += "CC=$(CC)" CONFIGURE_ENV += "CFLAGS=$(CFLAGS)" CONFIGURE_ENV += "CXX=$(CXX)" CONFIGURE_ENV += "MAKE=$(GMAKE)" +CONFIGURE_ENV += "LDFLAGS=$(LDFLAGS)" CONFIGURE_OPTIONS += --with-ldap CONFIGURE_OPTIONS += --with-project @@ -64,17 +66,38 @@ COMPONENT_BUILD_ENV += "CFLAGS=$(CFLAGS)" COMPONENT_INSTALL_TARGETS = install +COMPONENT_INSTALL_ARGS += bindir=$(USRBINDIR) +COMPONENT_INSTALL_ARGS += sbindir=$(USRSBINDIR) + # Enable aslr for this component ASLR_MODE = $(ASLR_ENABLE) # common targets +# 64 build corrupts audit logs because of 17561594. Until that is fixed do 32bit build. build: $(BUILD_32) install: $(INSTALL_32) -test: $(NO_TESTS) +VISUDO=$(BUILD_DIR_32)/plugins/sudoers/visudo +test: + # Since linking with libmd.so (which provides sha2 capability on + # Solaris) is optional, we have a check here to make sure that the + # configure script found it correctly. + # http://www.sudo.ws/bugs/show_bug.cgi?id=641 + + # Make sure that sudo is NOT built with it's internal sha2 implementation + if [[ -n $$( elfdump -s "$(VISUDO)" | grep SHA256Init | grep -v UNDEF ) ]]; then \ + echo "SHA256Init is not an undefined symbol in $(VISUDO)"; \ + exit 1; \ + fi + # ... but is linked with libmd instead + if [[ -z $$( elfdump -d "$(VISUDO)" | grep 'NEEDED .* libmd.so' ) ]]; then \ + echo "$(VISUDO) is not linked against libmd.so"; \ + exit 1; \ + fi + BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS) diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/TESTING --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/sudo/TESTING Wed Jul 09 08:51:19 2014 +0200 @@ -0,0 +1,120 @@ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# Open second terminal with root shell. Keep this as a possibility to assume +# root privileges if you loose the ability to do so via sudo during testing. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# Make sure we are looking at the correct version +sudo -V | grep version + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# Test digest feature + +openssl dgst -sha224 /usr/bin/ls # make note of the hash + +# Add this line to sudoers (replace UID by your user ID and HASH by the ls +# hash): + ALL = sha224: /usr/bin/ls + +# This should work (asking you a password first) +sudo /usr/bin/ls / + +# Now change the hash so that it is wrong and make sure it does not work this +# time +sudo /usr/bin/ls / + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# add this line to sudoers +ALL ALL=(ALL:ALL) NOPASSWD: ALL + +# Make sure it gives you root account +sudo id + +# Make sure this changes just your group +sudo -g sol_src id + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# Test creating a file in etc +sudoedit /etc/test +... +cat /etc/test # Make sure the text is there + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# Auditing +cd /var/audit +sudo /usr/sbin/audit -t +sudo rm * +sudo /usr/sbin/audit -s +sudo auditreduce * | praudit -s +> file,1970-01-01 00:00:00.000 +00:00, +> file,2014-03-27 10:34:23.000 +00:00, + +# Make sure that since the first run we can see new auditing record +sudo auditreduce * | praudit -s +> file,2014-03-27 10:34:23.000 +00:00, +> header,158,2,AUE_sudo,,10.0.2.15,2014-03-27 10:34:23.735 +00:00 +> subject,vmarek,root,staff,vmarek,staff,2295,3108723863,5096 202240 10.0.2.2 +> path,/var/share/audit +> path,/usr/sbin/auditreduce +> cmd,argcnt,1,20140327103420.not_terminated.S12-43,envcnt,0, +> return,success,0 +> file,2014-03-27 10:34:23.000 +00:00, + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# PAM credentials + +# Make sure that 'root' is a role +sudo usermod -K type=role root + +# Note the preselection mask, it should probably be 'lo(0x1000,0x1000)' +sudo bash -c 'auditconfig -getpinfo $$' + +# Add audit flags to root +sudo rolemod -K audit_flags=lo,ex:no root + +# Make sure that the preselection mask now shows new entries (lo,ex) +sudo bash -c 'auditconfig -getpinfo $$' + +# Disable PAM credentials in sudo by adding this line to sudoers: +Defaults !pam_setcred + +# Make sure that the preselection mask now shows only previous entry +sudo bash -c 'auditconfig -getpinfo $$' + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +# Solaris privileges + +# Add this to the end sudoers keeping the 'ALL ALL=(ALL:ALL) NOPASSWD: ALL' above + ALL = () PRIVS="basic,dtrace_kernel,dtrace_proc,dtrace_user" NOPASSWD: /usr/sbin/dtrace, /usr/bin/bash + +# Just your regular id +id +> uid=157888(vmarek) gid=10(staff) + +# Sudo normally turning you into root via the 'ALL ALL=(ALL:ALL) NOPASSWD: ALL' line +sudo id +> uid=0(root) gid=0(root) + +# For bash it should leave your ID and just grant dtrace privileges +sudo bash -c 'id; ppriv $$' +uid=157888(vmarek) gid=10(staff) +> 2296: bash -c id; ppriv $$ +> flags = +> E: basic,dtrace_kernel,dtrace_proc,dtrace_user +> I: basic,dtrace_kernel,dtrace_proc,dtrace_user +> P: basic,dtrace_kernel,dtrace_proc,dtrace_user +> L: basic,dtrace_kernel,dtrace_proc,dtrace_user + +# dtrace functionality +sudo dtrace -l -n 'syscall::b*:entry' +> ID PROVIDER MODULE FUNCTION NAME +> 11282 syscall brk entry +> 11550 syscall brandsys entry +> 11642 syscall bind entry diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/patches/02-pam_setcred.patch --- a/components/sudo/patches/02-pam_setcred.patch Tue Jul 22 10:48:13 2014 -0700 +++ b/components/sudo/patches/02-pam_setcred.patch Wed Jul 09 08:51:19 2014 +0200 @@ -1,21 +1,35 @@ Fix for 17617070 sudo does not use pam_setcred correctly to set the audit context -This fix will be submitted upstream to the latest sudo release, -currently 1.8.10p2. +This fix is submitted as http://www.sudo.ws/bugs/show_bug.cgi?id=642 + +Sudo 1.8.9p5 has another problem, pam_setcred configuration option is not +enabled by default despite what is said in sudoers(4). Fix for that is +accumulated in this patch as it will be submitted together with the +PAM_REINITIALIZE_CRED fix. -diff -ru sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c sudo-1.8.6p7/plugins/sudoers/auth/pam.c ---- sudo-1.8.6p7-orig//plugins/sudoers/auth/pam.c Mon Feb 25 11:42:44 2013 -+++ sudo-1.8.6p7/plugins/sudoers/auth/pam.c Mon Oct 21 13:32:27 2013 -@@ -229,8 +229,10 @@ - * for the setcred module. Because we haven't called pam_authenticate(), - * this is not set and so pam_setcred() returns PAM_PERM_DENIED. - * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason. +--- sudo-1.8.9p5/plugins/sudoers/auth/pam.c 2014-02-07 10:25:08.979359126 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/auth/pam.c 2014-02-07 10:24:43.823180676 +0100 +@@ -236,9 +236,11 @@ + * PAM_SUCCESS from another. For example, given a non-local user, + * pam_unix will fail but pam_ldap or pam_sss may succeed, but if + * pam_unix is first in the stack, pam_setcred() will fail. + * -+ * Reinitialize credentials when changing a user. ++ * Reinitialize credentials when changing a user. */ -- (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); -+ (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED); + if (def_pam_setcred) +- (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); ++ (void) pam_setcred(pamh, PAM_REINITIALIZE_CRED); - #ifdef HAVE_PAM_GETENVLIST - /* + if (def_pam_session) { + *pam_status = pam_open_session(pamh, 0); +--- sudo-1.8.9p5/plugins/sudoers/defaults.c 2014-03-28 15:33:41.941482037 -0700 ++++ sudo-1.8.9p5/plugins/sudoers/defaults.c 2014-03-28 15:22:36.457133334 -0700 +@@ -485,6 +485,7 @@ init_defaults(void) + #endif + def_editor = estrdup(EDITOR); + def_set_utmp = true; ++ def_pam_setcred = true; + + /* Finally do the lists (currently just environment tables). */ + init_envtables(); diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/patches/03-solaris_audit.patch --- a/components/sudo/patches/03-solaris_audit.patch Tue Jul 22 10:48:13 2014 -0700 +++ b/components/sudo/patches/03-solaris_audit.patch Wed Jul 09 08:51:19 2014 +0200 @@ -3,10 +3,9 @@ Plan is to contribute these changes upstream to the latest sudo release, currently 1.8.10p2. -diff -rupN sudo-1.8.6p7-orig/config.h.in sudo-1.8.6p7/config.h.in ---- sudo-1.8.6p7-orig/config.h.in 2013-02-25 11:46:09.000000000 -0800 -+++ sudo-1.8.6p7/config.h.in 2013-12-18 13:23:28.000000000 -0800 -@@ -506,6 +506,9 @@ +--- sudo-1.8.9p5/config.h.in 2014-03-26 22:54:30.317626194 +0100 ++++ sudo-1.8.9p5/config.h.in 2014-03-26 22:54:07.840975014 +0100 +@@ -542,6 +542,9 @@ /* Define to 1 if you have the `snprintf' function. */ #undef HAVE_SNPRINTF @@ -16,10 +15,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SPAWN_H -diff -rupN sudo-1.8.6p7-orig/configure.in sudo-1.8.6p7/configure.in ---- sudo-1.8.6p7-orig/configure.in 2013-02-25 11:47:48.000000000 -0800 -+++ sudo-1.8.6p7/configure.in 2014-04-02 15:17:30.692015000 -0700 -@@ -13,6 +13,7 @@ dnl +--- sudo-1.8.9p5/configure.ac 2014-04-02 15:08:32.733744734 -0700 ++++ sudo-1.8.9p5/configure.ac 2014-04-02 15:01:57.931070340 -0700 +@@ -15,6 +15,7 @@ dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST([HAVE_BSM_AUDIT]) @@ -27,7 +25,7 @@ AC_SUBST([SHELL]) AC_SUBST([LIBTOOL]) AC_SUBST([CFLAGS]) -@@ -305,6 +306,20 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING +@@ -322,6 +323,28 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING esac]) dnl @@ -45,37 +43,30 @@ +esac]) + +dnl ++dnl Check for use of Solaris audit with BSM or Linux audit ++dnl ++if test -n "$with_solaris_audit" && (test -n "$with_bsm_audit" || test -n "$with_linux_audit"); then ++ AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.]) ++fi ++ ++ ++dnl dnl Handle SSSD support. dnl AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], -@@ -1979,6 +1994,13 @@ if test -n "$with_noexec"; then - fi - - dnl -+dnl Check for use of Solaris audit with BSM or Linux audit -+dnl -+if test "${with_solaris_audit+set}" = set && ( test "${with_bsm_audit+set}" = set || test "${with_linux_audit+set}" = set); then -+ AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.]) -+fi -+ -+dnl - dnl Check for mixing mutually exclusive and regular auth methods - dnl - AUTH_REG=${AUTH_REG# } -@@ -3622,6 +3644,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 +@@ -3820,6 +3843,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) - AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) + AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) +AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.]) - AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) - AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) - AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) -diff -rupN sudo-1.8.6p7-orig/INSTALL sudo-1.8.6p7/INSTALL ---- sudo-1.8.6p7-orig/INSTALL 2013-02-25 11:42:43.000000000 -0800 -+++ sudo-1.8.6p7/INSTALL 2013-12-18 14:06:38.000000000 -0800 -@@ -159,6 +159,9 @@ Special features/options: - DIR should contain include and lib directories with skey.h - and libskey.a respectively. + AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) + AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) + AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) +--- sudo-1.8.9p5/INSTALL 2014-03-26 22:55:50.218196304 +0100 ++++ sudo-1.8.9p5/INSTALL 2014-03-26 22:55:37.278167183 +0100 +@@ -386,6 +386,9 @@ + the user name (separated by a slash) when creating the + principal name. + --with-solaris-audit + Enable audit support for Solaris systems. @@ -83,33 +74,30 @@ --with-opie[=DIR] Enable NRL OPIE OTP (One Time Password) support. If specified, DIR should contain include and lib directories with opie.h -diff -rupN sudo-1.8.6p7-orig/MANIFEST sudo-1.8.6p7/MANIFEST ---- sudo-1.8.6p7-orig/MANIFEST 2013-02-25 11:42:43.000000000 -0800 -+++ sudo-1.8.6p7/MANIFEST 2013-12-18 13:46:06.000000000 -0800 -@@ -261,6 +261,8 @@ plugins/sudoers/regress/sudoers/test8.to - plugins/sudoers/regress/testsudoers/test1.out.ok - plugins/sudoers/regress/testsudoers/test1.sh +--- sudo-1.8.9p5/MANIFEST 2014-03-26 22:57:04.778504180 +0100 ++++ sudo-1.8.9p5/MANIFEST 2014-03-26 22:56:53.268979852 +0100 +@@ -369,6 +369,8 @@ plugins/sudoers/set_perms.c + plugins/sudoers/sha2.c + plugins/sudoers/sha2.h +plugins/sudoers/solaris_audit.c +plugins/sudoers/solaris_audit.h plugins/sudoers/sssd.c plugins/sudoers/sudo_nss.c plugins/sudoers/sudo_nss.h -diff -rupN sudo-1.8.6p7-orig/mkdep.pl sudo-1.8.6p7/mkdep.pl ---- sudo-1.8.6p7-orig/mkdep.pl 2013-02-25 11:42:44.000000000 -0800 -+++ sudo-1.8.6p7/mkdep.pl 2013-12-18 14:03:37.000000000 -0800 -@@ -52,7 +52,7 @@ sub mkdep { +--- sudo-1.8.9p5/mkdep.pl 2014-03-26 22:58:36.454013953 +0100 ++++ sudo-1.8.9p5/mkdep.pl 2014-03-26 22:58:24.406067303 +0100 +@@ -67,7 +67,7 @@ $makefile =~ s:\@DEV\@::g; - $makefile =~ s:\@COMMON_OBJS\@:aix.lo:; - $makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:; -- $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo sssd.lo:; -+ $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo solaris_audit.lo sssd.lo:; + $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:; + $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:; +- $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:; ++ $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; - $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo utimes.lo globtest.o fnm_test.o:; -diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/audit.c sudo-1.8.6p7/plugins/sudoers/audit.c ---- sudo-1.8.6p7-orig/plugins/sudoers/audit.c 2013-02-25 11:46:09.000000000 -0800 -+++ sudo-1.8.6p7/plugins/sudoers/audit.c 2013-12-18 13:48:56.000000000 -0800 + $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo globtest.o fnm_test.o:; +--- sudo-1.8.9p5/plugins/sudoers/audit.c 2014-03-26 22:59:28.211242562 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/audit.c 2014-03-26 22:59:08.314263649 +0100 @@ -43,6 +43,9 @@ #ifdef HAVE_LINUX_AUDIT # include "linux_audit.h" @@ -118,9 +106,9 @@ +# include "solaris_audit.h" +#endif - void - audit_success(char *exec_args[]) -@@ -56,6 +59,9 @@ audit_success(char *exec_args[]) + #define DEFAULT_TEXT_DOMAIN "sudoers" + #include "gettext.h" +@@ -59,6 +62,9 @@ #ifdef HAVE_LINUX_AUDIT linux_audit_command(exec_args, 1); #endif @@ -130,7 +118,7 @@ } debug_return; -@@ -75,6 +81,9 @@ audit_failure(char *exec_args[], char co +@@ -82,6 +88,9 @@ #ifdef HAVE_LINUX_AUDIT linux_audit_command(exec_args, 0); #endif @@ -140,32 +128,30 @@ va_end(ap); } -diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/Makefile.in sudo-1.8.6p7/plugins/sudoers/Makefile.in ---- sudo-1.8.6p7-orig/plugins/sudoers/Makefile.in 2013-02-25 11:46:09.000000000 -0800 -+++ sudo-1.8.6p7/plugins/sudoers/Makefile.in 2014-04-02 12:31:58.298858000 -0700 -@@ -432,7 +432,7 @@ alias.lo: $(srcdir)/alias.c $(top_buildd +--- sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-03-26 23:02:57.999081022 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-03-26 23:02:48.982043568 +0100 +@@ -457,7 +457,7 @@ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c - audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \ -- $(srcdir)/linux_audit.h -+ $(srcdir)/linux_audit.h $(srcdir)/solaris_audit.h + audit.lo: $(srcdir)/audit.c $(incdir)/gettext.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \ +- $(srcdir)/logging.h $(top_builddir)/config.h \ ++ $(srcdir)/solaris_audit.h $(srcdir)/logging.h $(top_builddir)/config.h \ + $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c - boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(incdir)/sudo_debug.h -@@ -728,6 +728,10 @@ sia.lo: $(authdir)/sia.c $(top_builddir) - $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h - $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c + base64.lo: $(srcdir)/base64.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ +@@ -659,6 +659,9 @@ + $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ + $(srcdir)/linux_audit.h $(top_builddir)/config.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c +solaris_audit.lo: $(srcdir)/solaris_audit.c $(top_builddir)/config.h \ -+ $(srcdir)/sudoers.h $(incdir)/sudo_debug.h \ -+ $(srcdir)/solaris_audit.h ++ $(srcdir)/sudoers.h $(incdir)/sudo_debug.h $(srcdir)/solaris_audit.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c - sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \ - $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \ - $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ + locale.lo: $(srcdir)/locale.c $(incdir)/alloc.h $(incdir)/fatal.h \ + $(incdir)/gettext.h $(incdir)/missing.h $(srcdir)/logging.h \ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c sudo-1.8.6p7/plugins/sudoers/solaris_audit.c --- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c 1969-12-31 16:00:00.000000000 -0800 -+++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c 2014-03-18 12:09:27.000000000 -0700 ++++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c 2014-03-18 12:09:27.850924000 -0700 @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. @@ -195,13 +181,13 @@ + int argc; + + if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { -+ log_error(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session")); ++ log_warning(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session")); + } + if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) { -+ log_error(USE_ERRNO | NO_STDERR, _("sudo: alloc_event")); ++ log_warning(USE_ERRNO | NO_STDERR, _("sudo: alloc_event")); + } + if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof (cwd))) == NULL) { -+ log_error(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path")); ++ log_warning(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path")); + } + for (argc = 0; exec_args[argc] != NULL; argc++) { + continue; @@ -211,14 +197,14 @@ + if (user_cmnd != NULL) { + if (strlcpy(cmdpath, (const char *)user_cmnd, + sizeof (cmdpath)) >= sizeof (cmdpath)) { -+ log_error(NO_STDERR, ++ log_warning(NO_STDERR, + _("sudo: truncated audit path " "user_cmnd: %s"), + user_cmnd); + } + } else { + if (strlcpy(cmdpath, (const char *)exec_args[0], + sizeof (cmdpath)) >= sizeof (cmdpath)) { -+ log_error(NO_STDERR, ++ log_warning(NO_STDERR, + _("sudo: truncated audit path " "argv[0]: %s"), + exec_args[0]); + } @@ -238,7 +224,7 @@ + adt_sudo_common(exec_args); + + if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { -+ log_error(USE_ERRNO | NO_STDERR, ++ log_warning(USE_ERRNO | NO_STDERR, + _("sudo: adt_put_event(success)")); + } + adt_free_event(event); @@ -251,11 +237,11 @@ + adt_sudo_common(exec_args); + + if (vasprintf(&event->adt_sudo.errmsg, fmt, ap) == -1) { -+ log_error(USE_ERRNO | NO_STDERR, ++ log_warning(USE_ERRNO | NO_STDERR, + _("sudo: audit_failure message too long")); + } + if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) { -+ log_error(USE_ERRNO | NO_STDERR, ++ log_warning(USE_ERRNO | NO_STDERR, + _("sudo: adt_put_event(failure)")); + } + free(event->adt_sudo.errmsg); @@ -264,7 +250,7 @@ +} diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h sudo-1.8.6p7/plugins/sudoers/solaris_audit.h --- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h 1969-12-31 16:00:00.000000000 -0800 -+++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.h 2014-03-18 14:20:22.000000000 -0700 ++++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.h 2014-03-18 14:20:22.069087000 -0700 @@ -0,0 +1,11 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. @@ -277,3 +263,4 @@ +void solaris_audit_failure(char **, char const * const, va_list); + +#endif /* _SUDO_SOLARIS_AUDIT_H */ + diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/patches/04-use_libmd.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/sudo/patches/04-use_libmd.patch Wed Jul 09 08:51:19 2014 +0200 @@ -0,0 +1,2430 @@ +Taken from http://www.sudo.ws/repos/sudo/rev/cd02732f0704 and backported to +sudo 1.9.5p5. The fix will be available in sudo 1.8.10p3. + +Patching of configure script was removed as we regenerate it by autotools +anyway. + +diff -urN sudo-1.8.9p5.old/common/Makefile.in sudo-1.8.9p5/common/Makefile.in +--- sudo-1.8.9p5.old/common/Makefile.in 2014-01-07 19:09:02.000000000 +0100 ++++ sudo-1.8.9p5/common/Makefile.in 2014-04-10 15:20:34.447046660 +0200 +@@ -186,8 +186,8 @@ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atomode.c + conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(incdir)/missing.h \ +- $(incdir)/queue.h $(incdir)/sudo_conf.h $(top_builddir)/config.h \ +- $(top_srcdir)/compat/stdbool.h ++ $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_util.h \ ++ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c + event.lo: $(srcdir)/event.c $(incdir)/alloc.h $(incdir)/fatal.h \ + $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ +@@ -223,8 +223,8 @@ + $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gidlist.c + hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/fatal.h \ +- $(incdir)/missing.h $(incdir)/queue.h $(top_builddir)/config.h \ +- $(top_srcdir)/compat/stdbool.h ++ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_util.h \ ++ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/tailq/hltq_test.c + lbuf.lo: $(srcdir)/lbuf.c $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/lbuf.h \ + $(incdir)/missing.h $(incdir)/sudo_debug.h $(top_builddir)/config.h +@@ -233,7 +233,7 @@ + $(incdir)/gettext.h $(incdir)/missing.h $(top_builddir)/config.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/locale_stub.c + parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \ +- $(incdir)/fileops.h $(incdir)/missing.h \ ++ $(incdir)/fileops.h $(incdir)/missing.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c + progname.lo: $(srcdir)/progname.c $(incdir)/missing.h $(incdir)/sudo_util.h \ +diff -urN sudo-1.8.9p5.old/compat/Makefile.in sudo-1.8.9p5/compat/Makefile.in +--- sudo-1.8.9p5.old/compat/Makefile.in 2014-01-07 19:08:52.000000000 +0100 ++++ sudo-1.8.9p5/compat/Makefile.in 2014-04-10 15:20:34.447431545 +0200 +@@ -178,7 +178,9 @@ + getcwd.lo: $(srcdir)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c + getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/missing.h \ +- $(top_builddir)/config.h $(top_srcdir)/compat/nss_dbdefs.h ++ $(incdir)/sudo_util.h $(top_builddir)/config.h \ ++ $(top_srcdir)/compat/nss_dbdefs.h \ ++ $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c + getline.lo: $(srcdir)/getline.c $(incdir)/missing.h $(top_builddir)/config.h + $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c +diff -urN sudo-1.8.9p5.old/compat/sha2.c sudo-1.8.9p5/compat/sha2.c +--- sudo-1.8.9p5.old/compat/sha2.c 1970-01-01 01:00:00.000000000 +0100 ++++ sudo-1.8.9p5/compat/sha2.c 2014-04-10 15:20:34.448122160 +0200 +@@ -0,0 +1,526 @@ ++/* ++ * Copyright (c) 2013 Todd C. Miller ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++ ++/* ++ * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512 ++ * as per FIPS 180-4: Secure Hash Standard (SHS) ++ * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf ++ * ++ * Derived from the public domain SHA-1 and SHA-2 implementations ++ * by Steve Reid and Wei Dai respectively. ++ */ ++ ++#include ++ ++#include ++#ifdef STDC_HEADERS ++# include ++# include ++#else ++# ifdef HAVE_STDLIB_H ++# include ++# endif ++#endif /* STDC_HEADERS */ ++#ifdef HAVE_STRING_H ++# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) ++# include ++# endif ++# include ++#endif /* HAVE_STRING_H */ ++#ifdef HAVE_STRINGS_H ++# include ++#endif /* HAVE_STRINGS_H */ ++#if defined(HAVE_STDINT_H) ++# include ++#elif defined(HAVE_INTTYPES_H) ++# include ++#endif ++#if defined(HAVE_ENDIAN_H) ++# include ++#elif defined(HAVE_SYS_ENDIAN_H) ++# include ++#elif defined(HAVE_MACHINE_ENDIAN_H) ++# include ++#else ++# include "compat/endian.h" ++#endif ++ ++#include "missing.h" ++#include "sha2.h" ++ ++/* ++ * SHA-2 operates on 32-bit and 64-bit words in big endian byte order. ++ * The following macros convert between character arrays and big endian words. ++ */ ++#define BE8TO32(x, y) do { \ ++ (x) = (((uint32_t)((y)[0] & 255) << 24) | \ ++ ((uint32_t)((y)[1] & 255) << 16) | \ ++ ((uint32_t)((y)[2] & 255) << 8) | \ ++ ((uint32_t)((y)[3] & 255))); \ ++} while (0) ++ ++#define BE8TO64(x, y) do { \ ++ (x) = (((uint64_t)((y)[0] & 255) << 56) | \ ++ ((uint64_t)((y)[1] & 255) << 48) | \ ++ ((uint64_t)((y)[2] & 255) << 40) | \ ++ ((uint64_t)((y)[3] & 255) << 32) | \ ++ ((uint64_t)((y)[4] & 255) << 24) | \ ++ ((uint64_t)((y)[5] & 255) << 16) | \ ++ ((uint64_t)((y)[6] & 255) << 8) | \ ++ ((uint64_t)((y)[7] & 255))); \ ++} while (0) ++ ++#define BE32TO8(x, y) do { \ ++ (x)[0] = (uint8_t)(((y) >> 24) & 255); \ ++ (x)[1] = (uint8_t)(((y) >> 16) & 255); \ ++ (x)[2] = (uint8_t)(((y) >> 8) & 255); \ ++ (x)[3] = (uint8_t)((y) & 255); \ ++} while (0) ++ ++#define BE64TO8(x, y) do { \ ++ (x)[0] = (uint8_t)(((y) >> 56) & 255); \ ++ (x)[1] = (uint8_t)(((y) >> 48) & 255); \ ++ (x)[2] = (uint8_t)(((y) >> 40) & 255); \ ++ (x)[3] = (uint8_t)(((y) >> 32) & 255); \ ++ (x)[4] = (uint8_t)(((y) >> 24) & 255); \ ++ (x)[5] = (uint8_t)(((y) >> 16) & 255); \ ++ (x)[6] = (uint8_t)(((y) >> 8) & 255); \ ++ (x)[7] = (uint8_t)((y) & 255); \ ++} while (0) ++ ++#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x) ++ ++#define blk0(i) (W[i]) ++#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) ++ ++#define Ch(x,y,z) (z^(x&(y^z))) ++#define Maj(x,y,z) (y^((x^y)&(y^z))) ++ ++#define a(i) T[(0-i)&7] ++#define b(i) T[(1-i)&7] ++#define c(i) T[(2-i)&7] ++#define d(i) T[(3-i)&7] ++#define e(i) T[(4-i)&7] ++#define f(i) T[(5-i)&7] ++#define g(i) T[(6-i)&7] ++#define h(i) T[(7-i)&7] ++ ++void ++SHA224Init(SHA2_CTX *ctx) ++{ ++ memset(ctx, 0, sizeof(*ctx)); ++ ctx->state.st32[0] = 0xc1059ed8UL; ++ ctx->state.st32[1] = 0x367cd507UL; ++ ctx->state.st32[2] = 0x3070dd17UL; ++ ctx->state.st32[3] = 0xf70e5939UL; ++ ctx->state.st32[4] = 0xffc00b31UL; ++ ctx->state.st32[5] = 0x68581511UL; ++ ctx->state.st32[6] = 0x64f98fa7UL; ++ ctx->state.st32[7] = 0xbefa4fa4UL; ++} ++ ++void ++SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]) ++{ ++ SHA256Transform(state, buffer); ++} ++ ++void ++SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) ++{ ++ SHA256Update(ctx, data, len); ++} ++ ++void ++SHA224Pad(SHA2_CTX *ctx) ++{ ++ SHA256Pad(ctx); ++} ++ ++void ++SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx) ++{ ++ SHA256Pad(ctx); ++ if (digest != NULL) { ++#if BYTE_ORDER == BIG_ENDIAN ++ memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH); ++#else ++ unsigned int i; ++ ++ for (i = 0; i < 7; i++) ++ BE32TO8(digest + (i * 4), ctx->state.st32[i]); ++#endif ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++} ++ ++static const uint32_t SHA256_K[64] = { ++ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, ++ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, ++ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, ++ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, ++ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, ++ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, ++ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, ++ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, ++ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, ++ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, ++ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, ++ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, ++ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, ++ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, ++ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, ++ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL ++}; ++ ++void ++SHA256Init(SHA2_CTX *ctx) ++{ ++ memset(ctx, 0, sizeof(*ctx)); ++ ctx->state.st32[0] = 0x6a09e667UL; ++ ctx->state.st32[1] = 0xbb67ae85UL; ++ ctx->state.st32[2] = 0x3c6ef372UL; ++ ctx->state.st32[3] = 0xa54ff53aUL; ++ ctx->state.st32[4] = 0x510e527fUL; ++ ctx->state.st32[5] = 0x9b05688cUL; ++ ctx->state.st32[6] = 0x1f83d9abUL; ++ ctx->state.st32[7] = 0x5be0cd19UL; ++} ++ ++/* Round macros for SHA256 */ ++#define R(i) do { \ ++ h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \ ++ d(i)+=h(i); \ ++ h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ ++} while (0) ++ ++#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) ++#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) ++#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) ++#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) ++ ++void ++SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH]) ++{ ++ uint32_t W[16]; ++ uint32_t T[8]; ++ unsigned int j; ++ ++ /* Copy context state to working vars. */ ++ memcpy(T, state, sizeof(T)); ++ /* Copy data to W in big endian format. */ ++#if BYTE_ORDER == BIG_ENDIAN ++ memcpy(W, data, sizeof(W)); ++#else ++ for (j = 0; j < 16; j++) { ++ BE8TO32(W[j], data); ++ data += 4; ++ } ++#endif ++ /* 64 operations, partially loop unrolled. */ ++ for (j = 0; j < 64; j += 16) ++ { ++ R( 0); R( 1); R( 2); R( 3); ++ R( 4); R( 5); R( 6); R( 7); ++ R( 8); R( 9); R(10); R(11); ++ R(12); R(13); R(14); R(15); ++ } ++ /* Add the working vars back into context state. */ ++ state[0] += a(0); ++ state[1] += b(0); ++ state[2] += c(0); ++ state[3] += d(0); ++ state[4] += e(0); ++ state[5] += f(0); ++ state[6] += g(0); ++ state[7] += h(0); ++ /* Cleanup */ ++ memset_s(T, sizeof(T), 0, sizeof(T)); ++ memset_s(W, sizeof(W), 0, sizeof(W)); ++} ++ ++#undef S0 ++#undef S1 ++#undef s0 ++#undef s1 ++#undef R ++ ++void ++SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) ++{ ++ size_t i = 0, j; ++ ++ j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1)); ++ ctx->count[0] += (len << 3); ++ if ((j + len) > SHA256_BLOCK_LENGTH - 1) { ++ memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j)); ++ SHA256Transform(ctx->state.st32, ctx->buffer); ++ for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH) ++ SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]); ++ j = 0; ++ } ++ memcpy(&ctx->buffer[j], &data[i], len - i); ++} ++ ++void ++SHA256Pad(SHA2_CTX *ctx) ++{ ++ uint8_t finalcount[8]; ++ ++ /* Store unpadded message length in bits in big endian format. */ ++ BE64TO8(finalcount, ctx->count[0]); ++ ++ /* Append a '1' bit (0x80) to the message. */ ++ SHA256Update(ctx, (uint8_t *)"\200", 1); ++ ++ /* Pad message such that the resulting length modulo 512 is 448. */ ++ while ((ctx->count[0] & 504) != 448) ++ SHA256Update(ctx, (uint8_t *)"\0", 1); ++ ++ /* Append length of message in bits and do final SHA256Transform(). */ ++ SHA256Update(ctx, finalcount, sizeof(finalcount)); ++} ++ ++void ++SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx) ++{ ++ SHA256Pad(ctx); ++ if (digest != NULL) { ++#if BYTE_ORDER == BIG_ENDIAN ++ memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH); ++#else ++ unsigned int i; ++ ++ for (i = 0; i < 8; i++) ++ BE32TO8(digest + (i * 4), ctx->state.st32[i]); ++#endif ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++} ++ ++void ++SHA384Init(SHA2_CTX *ctx) ++{ ++ memset(ctx, 0, sizeof(*ctx)); ++ ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL; ++ ctx->state.st64[1] = 0x629a292a367cd507ULL; ++ ctx->state.st64[2] = 0x9159015a3070dd17ULL; ++ ctx->state.st64[3] = 0x152fecd8f70e5939ULL; ++ ctx->state.st64[4] = 0x67332667ffc00b31ULL; ++ ctx->state.st64[5] = 0x8eb44a8768581511ULL; ++ ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL; ++ ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL; ++} ++ ++void ++SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH]) ++{ ++ SHA512Transform(state, data); ++} ++ ++void ++SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) ++{ ++ SHA512Update(ctx, data, len); ++} ++ ++void ++SHA384Pad(SHA2_CTX *ctx) ++{ ++ SHA512Pad(ctx); ++} ++ ++void ++SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx) ++{ ++ SHA384Pad(ctx); ++ if (digest != NULL) { ++#if BYTE_ORDER == BIG_ENDIAN ++ memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH); ++#else ++ unsigned int i; ++ ++ for (i = 0; i < 6; i++) ++ BE64TO8(digest + (i * 8), ctx->state.st64[i]); ++#endif ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++} ++ ++static const uint64_t SHA512_K[80] = { ++ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, ++ 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, ++ 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, ++ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, ++ 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, ++ 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, ++ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, ++ 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, ++ 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, ++ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, ++ 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, ++ 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, ++ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, ++ 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, ++ 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, ++ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, ++ 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, ++ 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, ++ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, ++ 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, ++ 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, ++ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, ++ 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, ++ 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, ++ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, ++ 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, ++ 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, ++ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, ++ 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, ++ 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, ++ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, ++ 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, ++ 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, ++ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, ++ 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, ++ 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, ++ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, ++ 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, ++ 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, ++ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL ++}; ++ ++void ++SHA512Init(SHA2_CTX *ctx) ++{ ++ memset(ctx, 0, sizeof(*ctx)); ++ ctx->state.st64[0] = 0x6a09e667f3bcc908ULL; ++ ctx->state.st64[1] = 0xbb67ae8584caa73bULL; ++ ctx->state.st64[2] = 0x3c6ef372fe94f82bULL; ++ ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL; ++ ctx->state.st64[4] = 0x510e527fade682d1ULL; ++ ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL; ++ ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL; ++ ctx->state.st64[7] = 0x5be0cd19137e2179ULL; ++} ++ ++/* Round macros for SHA512 */ ++#define R(i) do { \ ++ h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \ ++ d(i)+=h(i); \ ++ h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ ++} while (0) ++ ++#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) ++#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) ++#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) ++#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) ++ ++void ++SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH]) ++{ ++ uint64_t W[16]; ++ uint64_t T[8]; ++ unsigned int j; ++ ++ /* Copy context state to working vars. */ ++ memcpy(T, state, sizeof(T)); ++ /* Copy data to W in big endian format. */ ++#if BYTE_ORDER == BIG_ENDIAN ++ memcpy(W, data, sizeof(W)); ++#else ++ for (j = 0; j < 16; j++) { ++ BE8TO64(W[j], data); ++ data += 8; ++ } ++#endif ++ /* 80 operations, partially loop unrolled. */ ++ for (j = 0; j < 80; j += 16) ++ { ++ R( 0); R( 1); R( 2); R( 3); ++ R( 4); R( 5); R( 6); R( 7); ++ R( 8); R( 9); R(10); R(11); ++ R(12); R(13); R(14); R(15); ++ } ++ /* Add the working vars back into context state. */ ++ state[0] += a(0); ++ state[1] += b(0); ++ state[2] += c(0); ++ state[3] += d(0); ++ state[4] += e(0); ++ state[5] += f(0); ++ state[6] += g(0); ++ state[7] += h(0); ++ /* Cleanup. */ ++ memset_s(T, sizeof(T), 0, sizeof(T)); ++ memset_s(W, sizeof(W), 0, sizeof(W)); ++} ++ ++void ++SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) ++{ ++ size_t i = 0, j; ++ ++ j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1)); ++ ctx->count[0] += (len << 3); ++ if (ctx->count[0] < (len << 3)) ++ ctx->count[1]++; ++ if ((j + len) > SHA512_BLOCK_LENGTH - 1) { ++ memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j)); ++ SHA512Transform(ctx->state.st64, ctx->buffer); ++ for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH) ++ SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]); ++ j = 0; ++ } ++ memcpy(&ctx->buffer[j], &data[i], len - i); ++} ++ ++void ++SHA512Pad(SHA2_CTX *ctx) ++{ ++ uint8_t finalcount[16]; ++ ++ /* Store unpadded message length in bits in big endian format. */ ++ BE64TO8(finalcount, ctx->count[1]); ++ BE64TO8(finalcount + 8, ctx->count[0]); ++ ++ /* Append a '1' bit (0x80) to the message. */ ++ SHA512Update(ctx, (uint8_t *)"\200", 1); ++ ++ /* Pad message such that the resulting length modulo 1024 is 896. */ ++ while ((ctx->count[0] & 1008) != 896) ++ SHA512Update(ctx, (uint8_t *)"\0", 1); ++ ++ /* Append length of message in bits and do final SHA512Transform(). */ ++ SHA512Update(ctx, finalcount, sizeof(finalcount)); ++} ++ ++void ++SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx) ++{ ++ SHA512Pad(ctx); ++ if (digest != NULL) { ++#if BYTE_ORDER == BIG_ENDIAN ++ memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH); ++#else ++ unsigned int i; ++ ++ for (i = 0; i < 8; i++) ++ BE64TO8(digest + (i * 8), ctx->state.st64[i]); ++#endif ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++} +diff -urN sudo-1.8.9p5.old/compat/sha2.h sudo-1.8.9p5/compat/sha2.h +--- sudo-1.8.9p5.old/compat/sha2.h 1970-01-01 01:00:00.000000000 +0100 ++++ sudo-1.8.9p5/compat/sha2.h 2014-04-10 15:20:34.448517327 +0200 +@@ -0,0 +1,74 @@ ++/* ++ * Copyright (c) 2013 Todd C. Miller ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ */ ++ ++/* ++ * Derived from the public domain SHA-1 and SHA-2 implementations ++ * by Steve Reid and Wei Dai respectively. ++ */ ++ ++#ifndef _SUDOERS_SHA2_H ++#define _SUDOERS_SHA2_H ++ ++#define SHA224_BLOCK_LENGTH 64 ++#define SHA224_DIGEST_LENGTH 28 ++#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) ++ ++#define SHA256_BLOCK_LENGTH 64 ++#define SHA256_DIGEST_LENGTH 32 ++#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) ++ ++#define SHA384_BLOCK_LENGTH 128 ++#define SHA384_DIGEST_LENGTH 48 ++#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) ++ ++#define SHA512_BLOCK_LENGTH 128 ++#define SHA512_DIGEST_LENGTH 64 ++#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) ++ ++typedef struct { ++ union { ++ uint32_t st32[8]; /* sha224 and sha256 */ ++ uint64_t st64[8]; /* sha384 and sha512 */ ++ } state; ++ uint64_t count[2]; ++ uint8_t buffer[SHA512_BLOCK_LENGTH]; ++} SHA2_CTX; ++ ++void SHA224Init(SHA2_CTX *ctx); ++void SHA224Pad(SHA2_CTX *ctx); ++void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]); ++void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); ++void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx); ++ ++void SHA256Init(SHA2_CTX *ctx); ++void SHA256Pad(SHA2_CTX *ctx); ++void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]); ++void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); ++void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx); ++ ++void SHA384Init(SHA2_CTX *ctx); ++void SHA384Pad(SHA2_CTX *ctx); ++void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]); ++void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); ++void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx); ++ ++void SHA512Init(SHA2_CTX *ctx); ++void SHA512Pad(SHA2_CTX *ctx); ++void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]); ++void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); ++void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx); ++ ++#endif /* _SUDOERS_SHA2_H */ +diff -urN sudo-1.8.9p5.old/config.h.in sudo-1.8.9p5/config.h.in +--- sudo-1.8.9p5.old/config.h.in 2014-04-10 15:19:56.000000000 +0200 ++++ sudo-1.8.9p5/config.h.in 2014-04-10 15:20:34.449144378 +0200 +@@ -521,6 +521,9 @@ + /* Define to 1 if you have the `set_auth_parameters' function. */ + #undef HAVE_SET_AUTH_PARAMETERS + ++/* Define to 1 if you have the `SHA224Update' function. */ ++#undef HAVE_SHA224UPDATE ++ + /* Define to 1 if you have the `shl_load' function. */ + #undef HAVE_SHL_LOAD + +@@ -983,6 +989,10 @@ + /* Define to 1 to send mail when the user is not in the sudoers file. */ + #undef SEND_MAIL_WHEN_NO_USER + ++/* Define to 1 if the sha2 functions use `const void *' instead of `const ++ unsigned char'. */ ++#undef SHA2_VOID_PTR ++ + /* Define to 1 if you want sudo to start a shell if given no arguments. */ + #undef SHELL_IF_NO_ARGS + +diff -urN sudo-1.8.9p5.old/configure.ac sudo-1.8.9p5/configure.ac +--- sudo-1.8.9p5.old/configure.ac 2014-04-10 15:19:47.156138496 +0200 ++++ sudo-1.8.9p5/configure.ac 2014-04-10 15:20:34.458422206 +0200 +@@ -77,6 +77,7 @@ + AC_SUBST([LIBDL]) + AC_SUBST([LT_STATIC]) + AC_SUBST([LIBINTL]) ++AC_SUBST([LIBMD]) + AC_SUBST([SUDO_NLS]) + AC_SUBST([LOCALEDIR_SUFFIX]) + AC_SUBST([COMPAT_TEST_PROGS]) +@@ -194,6 +195,7 @@ + PSMAN=0 + SEMAN=0 + LIBINTL= ++LIBMD= + ZLIB= + ZLIB_SRC= + AUTH_OBJS= +@@ -2445,6 +2447,16 @@ + [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], + [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) + fi ++AC_CHECK_HEADER([sha2.h], [ ++ AC_CHECK_FUNCS(SHA224Update, [SUDO_FUNC_SHA2_VOID_PTR], [ ++ # On some systems, SHA224Update is in libmd ++ AC_CHECK_LIB(md, SHA224Update, [ ++ AC_DEFINE(HAVE_SHA224UPDATE) ++ SUDO_FUNC_SHA2_VOID_PTR ++ LIBMD="-lmd" ++ ], [AC_LIBOBJ(sha2)]) ++ ]) ++], [AC_LIBOBJ(sha2)]) + dnl + dnl Function checks for sudo_noexec + dnl +diff -urN sudo-1.8.9p5.old/MANIFEST sudo-1.8.9p5/MANIFEST +--- sudo-1.8.9p5.old/MANIFEST 2014-04-10 15:19:47.157886371 +0200 ++++ sudo-1.8.9p5/MANIFEST 2014-04-10 15:20:58.300108720 +0200 +@@ -88,6 +88,8 @@ + compat/regress/glob/files + compat/regress/glob/globtest.c + compat/regress/glob/globtest.in ++compat/sha2.c ++compat/sha2.h + compat/sig2str.c + compat/siglist.in + compat/snprintf.c +@@ -367,8 +369,6 @@ + plugins/sudoers/regress/visudo/test5.out.ok + plugins/sudoers/regress/visudo/test5.sh + plugins/sudoers/set_perms.c +-plugins/sudoers/sha2.c +-plugins/sudoers/sha2.h + plugins/sudoers/solaris_audit.c + plugins/sudoers/solaris_audit.h + plugins/sudoers/sssd.c +diff -urN sudo-1.8.9p5.old/m4/sudo.m4 sudo-1.8.9p5/m4/sudo.m4 +--- sudo-1.8.9p5.old/m4/sudo.m4 2014-01-07 19:08:52.000000000 +0100 ++++ sudo-1.8.9p5/m4/sudo.m4 2014-04-10 15:20:34.458820769 +0200 +@@ -264,6 +264,24 @@ + ]) + + dnl ++dnl Check if the data argument for the sha2 functions is void * or u_char * ++dnl ++AC_DEFUN([SUDO_FUNC_SHA2_VOID_PTR], ++[AC_CACHE_CHECK([whether the data argument of SHA224Update() is void *], ++sudo_cv_func_sha2_void_ptr, ++[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT ++#include ++void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;}], [])], ++ [sudo_cv_func_sha2_void_ptr=yes], ++ [sudo_cv_func_sha2_void_ptr=no]) ++ ]) ++ if test $sudo_cv_func_sha2_void_ptr = yes; then ++ AC_DEFINE(SHA2_VOID_PTR, 1, ++ [Define to 1 if the sha2 functions use `const void *' instead of `const unsigned char'.]) ++ fi ++]) ++ ++dnl + dnl check for sa_len field in struct sockaddr + dnl + AC_DEFUN([SUDO_SOCK_SA_LEN], [ +diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.c sudo-1.8.9p5/plugins/sudoers/gram.c +--- sudo-1.8.9p5.old/plugins/sudoers/gram.c 2014-01-07 19:08:53.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/gram.c 2014-04-10 15:20:34.460695182 +0200 +@@ -179,10 +179,10 @@ + #define PRIVS 289 + #define LIMITPRIVS 290 + #define MYSELF 291 +-#define SHA224 292 +-#define SHA256 293 +-#define SHA384 294 +-#define SHA512 295 ++#define SHA224_TOK 292 ++#define SHA256_TOK 293 ++#define SHA384_TOK 294 ++#define SHA512_TOK 295 + #define YYERRCODE 256 + #if defined(__cplusplus) || defined(__STDC__) + const short sudoerslhs[] = +@@ -550,7 +550,7 @@ + "NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT", + "NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS", + "CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS", +-"MYSELF","SHA224","SHA256","SHA384","SHA512", ++"MYSELF","SHA224_TOK","SHA256_TOK","SHA384_TOK","SHA512_TOK", + }; + #if defined(__cplusplus) || defined(__STDC__) + const char * const sudoersrule[] = +@@ -594,10 +594,10 @@ + "cmndspeclist : cmndspec", + "cmndspeclist : cmndspeclist ',' cmndspec", + "cmndspec : runasspec selinux solarisprivs cmndtag digcmnd", +-"digest : SHA224 ':' DIGEST", +-"digest : SHA256 ':' DIGEST", +-"digest : SHA384 ':' DIGEST", +-"digest : SHA512 ':' DIGEST", ++"digest : SHA224_TOK ':' DIGEST", ++"digest : SHA256_TOK ':' DIGEST", ++"digest : SHA384_TOK ':' DIGEST", ++"digest : SHA512_TOK ':' DIGEST", + "digcmnd : opcmnd", + "digcmnd : digest opcmnd", + "opcmnd : cmnd", +@@ -1089,12 +1089,12 @@ + goto yyreduce; + } + if (yyerrflag) goto yyinrecovery; +-#if defined(lint) || defined(__GNUC__) ++#if defined(__GNUC__) + goto yynewerror; + #endif + yynewerror: + yyerror("syntax error"); +-#if defined(lint) || defined(__GNUC__) ++#if defined(__GNUC__) + goto yyerrlab; + #endif + yyerrlab: +diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.h sudo-1.8.9p5/plugins/sudoers/gram.h +--- sudo-1.8.9p5.old/plugins/sudoers/gram.h 2014-01-07 19:08:53.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/gram.h 2014-04-10 15:20:34.461102773 +0200 +@@ -33,10 +33,10 @@ + #define PRIVS 289 + #define LIMITPRIVS 290 + #define MYSELF 291 +-#define SHA224 292 +-#define SHA256 293 +-#define SHA384 294 +-#define SHA512 295 ++#define SHA224_TOK 292 ++#define SHA256_TOK 293 ++#define SHA384_TOK 294 ++#define SHA512_TOK 295 + #ifndef YYSTYPE_DEFINED + #define YYSTYPE_DEFINED + typedef union { +diff -urN sudo-1.8.9p5.old/plugins/sudoers/gram.y sudo-1.8.9p5/plugins/sudoers/gram.y +--- sudo-1.8.9p5.old/plugins/sudoers/gram.y 2014-01-07 19:08:53.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/gram.y 2014-04-10 15:20:34.461582432 +0200 +@@ -142,10 +142,10 @@ + %token PRIVS /* Solaris privileges */ + %token LIMITPRIVS /* Solaris limit privileges */ + %token MYSELF /* run as myself, not another user */ +-%token SHA224 /* sha224 digest */ +-%token SHA256 /* sha256 digest */ +-%token SHA384 /* sha384 digest */ +-%token SHA512 /* sha512 digest */ ++%token SHA224_TOK /* sha224 token */ ++%token SHA256_TOK /* sha256 token */ ++%token SHA384_TOK /* sha384 token */ ++%token SHA512_TOK /* sha512 token */ + + %type cmndspec + %type cmndspeclist +@@ -370,16 +370,16 @@ + } + ; + +-digest : SHA224 ':' DIGEST { ++digest : SHA224_TOK ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA224, $3); + } +- | SHA256 ':' DIGEST { ++ | SHA256_TOK ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA256, $3); + } +- | SHA384 ':' DIGEST { ++ | SHA384_TOK ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA384, $3); + } +- | SHA512 ':' DIGEST { ++ | SHA512_TOK ':' DIGEST { + $$ = new_digest(SUDO_DIGEST_SHA512, $3); + } + ; +diff -urN sudo-1.8.9p5.old/plugins/sudoers/Makefile.in sudo-1.8.9p5/plugins/sudoers/Makefile.in +--- sudo-1.8.9p5.old/plugins/sudoers/Makefile.in 2014-04-10 15:19:47.160183439 +0200 ++++ sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-04-10 15:20:34.459914018 +0200 +@@ -49,8 +49,10 @@ + LT_LIBS = $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la + LIBS = $(LT_LIBS) @LIBINTL@ + NET_LIBS = @NET_LIBS@ +-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBDL@ ++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ @LIBDL@ + REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ ++VISUDO_LIBS = $(NET_LIBS) @LIBMD@ ++TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ @LIBDL@ + + # C preprocessor flags + CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @CPPFLAGS@ +@@ -130,7 +132,7 @@ + + LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ + gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ +- timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo ++ timestr.lo toke.lo toke_util.lo redblack.lo + + SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ + goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ +@@ -149,7 +151,7 @@ + + CHECK_BASE64_OBJS = check_base64.o base64.o locale.o + +-CHECK_DIGEST_OBJS = check_digest.o sha2.o ++CHECK_DIGEST_OBJS = check_digest.o + + CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o + +@@ -196,13 +198,13 @@ + $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) + + visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS) +- $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) ++ $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(VISUDO_LIBS) $(LIBS) + + sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) $(LIBS) + + testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS) +- $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) @LIBDL@ ++ $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(TESTSUDOERS_LIBS) $(LIBS) + + check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS) +@@ -211,7 +213,7 @@ + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + + check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) +- $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) ++ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @LIBMD@ + + check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) +@@ -501,12 +503,12 @@ + $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c + check_digest.o: $(srcdir)/regress/parser/check_digest.c $(incdir)/missing.h \ +- $(srcdir)/sha2.h $(top_builddir)/config.h ++ $(top_builddir)/config.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c + check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \ + $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_plugin.h \ +- $(srcdir)/parse.h $(srcdir)/toke.h $(top_builddir)/config.h \ +- $(top_srcdir)/compat/stdbool.h ++ $(incdir)/sudo_util.h $(srcdir)/parse.h $(srcdir)/toke.h \ ++ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c + check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ + $(devdir)/def_data.c $(devdir)/def_data.h \ +@@ -607,8 +609,8 @@ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c + group_plugin.o: group_plugin.lo +-hexchar.lo: $(srcdir)/hexchar.c $(incdir)/fatal.h $(incdir)/missing.h \ +- $(incdir)/sudo_debug.h $(top_builddir)/config.h ++hexchar.lo: $(srcdir)/hexchar.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ ++ $(top_builddir)/config.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c + hexchar.o: hexchar.lo + interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h $(incdir)/alloc.h \ +@@ -689,9 +691,9 @@ + $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ +- $(srcdir)/sha2.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ +- $(top_builddir)/config.h $(top_builddir)/pathnames.h \ +- $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \ ++ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \ ++ $(top_builddir)/pathnames.h $(top_srcdir)/compat/fnmatch.h \ ++ $(top_srcdir)/compat/glob.h $(top_srcdir)/compat/sha2.h \ + $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c + match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h $(incdir)/alloc.h \ +@@ -806,10 +808,6 @@ + $(srcdir)/sudoers.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c +-sha2.lo: $(srcdir)/sha2.c $(incdir)/missing.h $(srcdir)/sha2.h \ +- $(top_builddir)/config.h $(top_srcdir)/compat/endian.h +- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c +-sha2.o: sha2.lo + sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/alloc.h \ + $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ + $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ +@@ -891,9 +889,9 @@ + $(incdir)/gettext.h $(incdir)/lbuf.h $(incdir)/missing.h \ + $(incdir)/queue.h $(incdir)/secure_path.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ +- $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sha2.h \ +- $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \ +- $(top_builddir)/config.h $(top_builddir)/pathnames.h \ ++ $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ ++ $(srcdir)/sudoers.h $(srcdir)/toke.h $(top_builddir)/config.h \ ++ $(top_builddir)/pathnames.h $(top_srcdir)/compat/sha2.h \ + $(top_srcdir)/compat/stdbool.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c + toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \ +diff -urN sudo-1.8.9p5.old/plugins/sudoers/match.c sudo-1.8.9p5/plugins/sudoers/match.c +--- sudo-1.8.9p5.old/plugins/sudoers/match.c 2014-01-07 19:08:54.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/match.c 2014-04-10 15:21:59.050793404 +0200 +@@ -88,7 +88,11 @@ + + #include "sudoers.h" + #include "parse.h" +-#include "sha2.h" ++#ifdef HAVE_SHA224UPDATE ++# include ++#else ++# include "compat/sha2.h" ++#endif + #include + + static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty); +@@ -562,8 +566,13 @@ + const char *digest_name; + const unsigned int digest_len; + void (*init)(SHA2_CTX *); ++#ifdef SHA2_VOID_PTR ++ void (*update)(SHA2_CTX *, const void *, size_t); ++ void (*final)(void *, SHA2_CTX *); ++#else + void (*update)(SHA2_CTX *, const unsigned char *, size_t); + void (*final)(unsigned char *, SHA2_CTX *); ++#endif + } digest_functions[] = { + { + "SHA224", +diff -urN sudo-1.8.9p5.old/plugins/sudoers/regress/parser/check_digest.c sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c +--- sudo-1.8.9p5.old/plugins/sudoers/regress/parser/check_digest.c 2014-01-07 19:08:52.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/regress/parser/check_digest.c 2014-04-10 15:20:34.462897872 +0200 +@@ -39,9 +39,13 @@ + #elif defined(HAVE_INTTYPES_H) + # include + #endif ++#ifdef HAVE_SHA224UPDATE ++# include ++#else ++# include "compat/sha2.h" ++#endif + + #include "missing.h" +-#include "sha2.h" + + __dso_public int main(int argc, char *argv[]); + +@@ -49,8 +53,13 @@ + const char *digest_name; + const int digest_len; + void (*init)(SHA2_CTX *); ++#ifdef SHA2_VOID_PTR ++ void (*update)(SHA2_CTX *, const void *, size_t); ++ void (*final)(void *, SHA2_CTX *); ++#else + void (*update)(SHA2_CTX *, const unsigned char *, size_t); + void (*final)(unsigned char *, SHA2_CTX *); ++#endif + } digest_functions[] = { + { + "SHA224", +diff -urN sudo-1.8.9p5.old/plugins/sudoers/regress/sudoers/test14.toke.ok sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok +--- sudo-1.8.9p5.old/plugins/sudoers/regress/sudoers/test14.toke.ok 2014-01-07 19:08:52.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/regress/sudoers/test14.toke.ok 2014-04-10 15:20:34.463272107 +0200 +@@ -1,4 +1,4 @@ +-CMNDALIAS ALIAS = SHA224 : DIGEST COMMAND +-CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND ++CMNDALIAS ALIAS = SHA224_TOK : DIGEST COMMAND ++CMNDALIAS ALIAS = SHA256_TOK : DIGEST COMMAND + +-WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND ++WORD(5) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND +diff -urN sudo-1.8.9p5.old/plugins/sudoers/sha2.c sudo-1.8.9p5/plugins/sudoers/sha2.c +--- sudo-1.8.9p5.old/plugins/sudoers/sha2.c 2014-01-07 19:08:54.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/sha2.c 1970-01-01 01:00:00.000000000 +0100 +@@ -1,526 +0,0 @@ +-/* +- * Copyright (c) 2013 Todd C. Miller +- * +- * Permission to use, copy, modify, and distribute this software for any +- * purpose with or without fee is hereby granted, provided that the above +- * copyright notice and this permission notice appear in all copies. +- * +- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +- */ +- +-/* +- * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512 +- * as per FIPS 180-4: Secure Hash Standard (SHS) +- * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf +- * +- * Derived from the public domain SHA-1 and SHA-2 implementations +- * by Steve Reid and Wei Dai respectively. +- */ +- +-#include +- +-#include +-#ifdef STDC_HEADERS +-# include +-# include +-#else +-# ifdef HAVE_STDLIB_H +-# include +-# endif +-#endif /* STDC_HEADERS */ +-#ifdef HAVE_STRING_H +-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) +-# include +-# endif +-# include +-#endif /* HAVE_STRING_H */ +-#ifdef HAVE_STRINGS_H +-# include +-#endif /* HAVE_STRINGS_H */ +-#if defined(HAVE_STDINT_H) +-# include +-#elif defined(HAVE_INTTYPES_H) +-# include +-#endif +-#if defined(HAVE_ENDIAN_H) +-# include +-#elif defined(HAVE_SYS_ENDIAN_H) +-# include +-#elif defined(HAVE_MACHINE_ENDIAN_H) +-# include +-#else +-# include "compat/endian.h" +-#endif +- +-#include "missing.h" +-#include "sha2.h" +- +-/* +- * SHA-2 operates on 32-bit and 64-bit words in big endian byte order. +- * The following macros convert between character arrays and big endian words. +- */ +-#define BE8TO32(x, y) do { \ +- (x) = (((uint32_t)((y)[0] & 255) << 24) | \ +- ((uint32_t)((y)[1] & 255) << 16) | \ +- ((uint32_t)((y)[2] & 255) << 8) | \ +- ((uint32_t)((y)[3] & 255))); \ +-} while (0) +- +-#define BE8TO64(x, y) do { \ +- (x) = (((uint64_t)((y)[0] & 255) << 56) | \ +- ((uint64_t)((y)[1] & 255) << 48) | \ +- ((uint64_t)((y)[2] & 255) << 40) | \ +- ((uint64_t)((y)[3] & 255) << 32) | \ +- ((uint64_t)((y)[4] & 255) << 24) | \ +- ((uint64_t)((y)[5] & 255) << 16) | \ +- ((uint64_t)((y)[6] & 255) << 8) | \ +- ((uint64_t)((y)[7] & 255))); \ +-} while (0) +- +-#define BE32TO8(x, y) do { \ +- (x)[0] = (uint8_t)(((y) >> 24) & 255); \ +- (x)[1] = (uint8_t)(((y) >> 16) & 255); \ +- (x)[2] = (uint8_t)(((y) >> 8) & 255); \ +- (x)[3] = (uint8_t)((y) & 255); \ +-} while (0) +- +-#define BE64TO8(x, y) do { \ +- (x)[0] = (uint8_t)(((y) >> 56) & 255); \ +- (x)[1] = (uint8_t)(((y) >> 48) & 255); \ +- (x)[2] = (uint8_t)(((y) >> 40) & 255); \ +- (x)[3] = (uint8_t)(((y) >> 32) & 255); \ +- (x)[4] = (uint8_t)(((y) >> 24) & 255); \ +- (x)[5] = (uint8_t)(((y) >> 16) & 255); \ +- (x)[6] = (uint8_t)(((y) >> 8) & 255); \ +- (x)[7] = (uint8_t)((y) & 255); \ +-} while (0) +- +-#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x) +- +-#define blk0(i) (W[i]) +-#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15])) +- +-#define Ch(x,y,z) (z^(x&(y^z))) +-#define Maj(x,y,z) (y^((x^y)&(y^z))) +- +-#define a(i) T[(0-i)&7] +-#define b(i) T[(1-i)&7] +-#define c(i) T[(2-i)&7] +-#define d(i) T[(3-i)&7] +-#define e(i) T[(4-i)&7] +-#define f(i) T[(5-i)&7] +-#define g(i) T[(6-i)&7] +-#define h(i) T[(7-i)&7] +- +-void +-SHA224Init(SHA2_CTX *ctx) +-{ +- memset(ctx, 0, sizeof(*ctx)); +- ctx->state.st32[0] = 0xc1059ed8UL; +- ctx->state.st32[1] = 0x367cd507UL; +- ctx->state.st32[2] = 0x3070dd17UL; +- ctx->state.st32[3] = 0xf70e5939UL; +- ctx->state.st32[4] = 0xffc00b31UL; +- ctx->state.st32[5] = 0x68581511UL; +- ctx->state.st32[6] = 0x64f98fa7UL; +- ctx->state.st32[7] = 0xbefa4fa4UL; +-} +- +-void +-SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]) +-{ +- SHA256Transform(state, buffer); +-} +- +-void +-SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +-{ +- SHA256Update(ctx, data, len); +-} +- +-void +-SHA224Pad(SHA2_CTX *ctx) +-{ +- SHA256Pad(ctx); +-} +- +-void +-SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx) +-{ +- SHA256Pad(ctx); +- if (digest != NULL) { +-#if BYTE_ORDER == BIG_ENDIAN +- memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH); +-#else +- unsigned int i; +- +- for (i = 0; i < 7; i++) +- BE32TO8(digest + (i * 4), ctx->state.st32[i]); +-#endif +- memset(ctx, 0, sizeof(*ctx)); +- } +-} +- +-static const uint32_t SHA256_K[64] = { +- 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, +- 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, +- 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, +- 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, +- 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, +- 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, +- 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, +- 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, +- 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, +- 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, +- 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, +- 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, +- 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, +- 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, +- 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, +- 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +-}; +- +-void +-SHA256Init(SHA2_CTX *ctx) +-{ +- memset(ctx, 0, sizeof(*ctx)); +- ctx->state.st32[0] = 0x6a09e667UL; +- ctx->state.st32[1] = 0xbb67ae85UL; +- ctx->state.st32[2] = 0x3c6ef372UL; +- ctx->state.st32[3] = 0xa54ff53aUL; +- ctx->state.st32[4] = 0x510e527fUL; +- ctx->state.st32[5] = 0x9b05688cUL; +- ctx->state.st32[6] = 0x1f83d9abUL; +- ctx->state.st32[7] = 0x5be0cd19UL; +-} +- +-/* Round macros for SHA256 */ +-#define R(i) do { \ +- h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \ +- d(i)+=h(i); \ +- h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ +-} while (0) +- +-#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22)) +-#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25)) +-#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3)) +-#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10)) +- +-void +-SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH]) +-{ +- uint32_t W[16]; +- uint32_t T[8]; +- unsigned int j; +- +- /* Copy context state to working vars. */ +- memcpy(T, state, sizeof(T)); +- /* Copy data to W in big endian format. */ +-#if BYTE_ORDER == BIG_ENDIAN +- memcpy(W, data, sizeof(W)); +-#else +- for (j = 0; j < 16; j++) { +- BE8TO32(W[j], data); +- data += 4; +- } +-#endif +- /* 64 operations, partially loop unrolled. */ +- for (j = 0; j < 64; j += 16) +- { +- R( 0); R( 1); R( 2); R( 3); +- R( 4); R( 5); R( 6); R( 7); +- R( 8); R( 9); R(10); R(11); +- R(12); R(13); R(14); R(15); +- } +- /* Add the working vars back into context state. */ +- state[0] += a(0); +- state[1] += b(0); +- state[2] += c(0); +- state[3] += d(0); +- state[4] += e(0); +- state[5] += f(0); +- state[6] += g(0); +- state[7] += h(0); +- /* Cleanup */ +- memset_s(T, sizeof(T), 0, sizeof(T)); +- memset_s(W, sizeof(W), 0, sizeof(W)); +-} +- +-#undef S0 +-#undef S1 +-#undef s0 +-#undef s1 +-#undef R +- +-void +-SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +-{ +- size_t i = 0, j; +- +- j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1)); +- ctx->count[0] += (len << 3); +- if ((j + len) > SHA256_BLOCK_LENGTH - 1) { +- memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j)); +- SHA256Transform(ctx->state.st32, ctx->buffer); +- for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH) +- SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]); +- j = 0; +- } +- memcpy(&ctx->buffer[j], &data[i], len - i); +-} +- +-void +-SHA256Pad(SHA2_CTX *ctx) +-{ +- uint8_t finalcount[8]; +- +- /* Store unpadded message length in bits in big endian format. */ +- BE64TO8(finalcount, ctx->count[0]); +- +- /* Append a '1' bit (0x80) to the message. */ +- SHA256Update(ctx, (uint8_t *)"\200", 1); +- +- /* Pad message such that the resulting length modulo 512 is 448. */ +- while ((ctx->count[0] & 504) != 448) +- SHA256Update(ctx, (uint8_t *)"\0", 1); +- +- /* Append length of message in bits and do final SHA256Transform(). */ +- SHA256Update(ctx, finalcount, sizeof(finalcount)); +-} +- +-void +-SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx) +-{ +- SHA256Pad(ctx); +- if (digest != NULL) { +-#if BYTE_ORDER == BIG_ENDIAN +- memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH); +-#else +- unsigned int i; +- +- for (i = 0; i < 8; i++) +- BE32TO8(digest + (i * 4), ctx->state.st32[i]); +-#endif +- memset(ctx, 0, sizeof(*ctx)); +- } +-} +- +-void +-SHA384Init(SHA2_CTX *ctx) +-{ +- memset(ctx, 0, sizeof(*ctx)); +- ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL; +- ctx->state.st64[1] = 0x629a292a367cd507ULL; +- ctx->state.st64[2] = 0x9159015a3070dd17ULL; +- ctx->state.st64[3] = 0x152fecd8f70e5939ULL; +- ctx->state.st64[4] = 0x67332667ffc00b31ULL; +- ctx->state.st64[5] = 0x8eb44a8768581511ULL; +- ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL; +- ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL; +-} +- +-void +-SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH]) +-{ +- SHA512Transform(state, data); +-} +- +-void +-SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +-{ +- SHA512Update(ctx, data, len); +-} +- +-void +-SHA384Pad(SHA2_CTX *ctx) +-{ +- SHA512Pad(ctx); +-} +- +-void +-SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx) +-{ +- SHA384Pad(ctx); +- if (digest != NULL) { +-#if BYTE_ORDER == BIG_ENDIAN +- memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH); +-#else +- unsigned int i; +- +- for (i = 0; i < 6; i++) +- BE64TO8(digest + (i * 8), ctx->state.st64[i]); +-#endif +- memset(ctx, 0, sizeof(*ctx)); +- } +-} +- +-static const uint64_t SHA512_K[80] = { +- 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, +- 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, +- 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, +- 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, +- 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, +- 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, +- 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, +- 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, +- 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, +- 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, +- 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, +- 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, +- 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, +- 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, +- 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, +- 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, +- 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, +- 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, +- 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, +- 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, +- 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, +- 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, +- 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, +- 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, +- 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, +- 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, +- 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, +- 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, +- 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, +- 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, +- 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, +- 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, +- 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, +- 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, +- 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, +- 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, +- 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, +- 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, +- 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, +- 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +-}; +- +-void +-SHA512Init(SHA2_CTX *ctx) +-{ +- memset(ctx, 0, sizeof(*ctx)); +- ctx->state.st64[0] = 0x6a09e667f3bcc908ULL; +- ctx->state.st64[1] = 0xbb67ae8584caa73bULL; +- ctx->state.st64[2] = 0x3c6ef372fe94f82bULL; +- ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL; +- ctx->state.st64[4] = 0x510e527fade682d1ULL; +- ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL; +- ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL; +- ctx->state.st64[7] = 0x5be0cd19137e2179ULL; +-} +- +-/* Round macros for SHA512 */ +-#define R(i) do { \ +- h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \ +- d(i)+=h(i); \ +- h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \ +-} while (0) +- +-#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39)) +-#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41)) +-#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7)) +-#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6)) +- +-void +-SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH]) +-{ +- uint64_t W[16]; +- uint64_t T[8]; +- unsigned int j; +- +- /* Copy context state to working vars. */ +- memcpy(T, state, sizeof(T)); +- /* Copy data to W in big endian format. */ +-#if BYTE_ORDER == BIG_ENDIAN +- memcpy(W, data, sizeof(W)); +-#else +- for (j = 0; j < 16; j++) { +- BE8TO64(W[j], data); +- data += 8; +- } +-#endif +- /* 80 operations, partially loop unrolled. */ +- for (j = 0; j < 80; j += 16) +- { +- R( 0); R( 1); R( 2); R( 3); +- R( 4); R( 5); R( 6); R( 7); +- R( 8); R( 9); R(10); R(11); +- R(12); R(13); R(14); R(15); +- } +- /* Add the working vars back into context state. */ +- state[0] += a(0); +- state[1] += b(0); +- state[2] += c(0); +- state[3] += d(0); +- state[4] += e(0); +- state[5] += f(0); +- state[6] += g(0); +- state[7] += h(0); +- /* Cleanup. */ +- memset_s(T, sizeof(T), 0, sizeof(T)); +- memset_s(W, sizeof(W), 0, sizeof(W)); +-} +- +-void +-SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len) +-{ +- size_t i = 0, j; +- +- j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1)); +- ctx->count[0] += (len << 3); +- if (ctx->count[0] < (len << 3)) +- ctx->count[1]++; +- if ((j + len) > SHA512_BLOCK_LENGTH - 1) { +- memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j)); +- SHA512Transform(ctx->state.st64, ctx->buffer); +- for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH) +- SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]); +- j = 0; +- } +- memcpy(&ctx->buffer[j], &data[i], len - i); +-} +- +-void +-SHA512Pad(SHA2_CTX *ctx) +-{ +- uint8_t finalcount[16]; +- +- /* Store unpadded message length in bits in big endian format. */ +- BE64TO8(finalcount, ctx->count[1]); +- BE64TO8(finalcount + 8, ctx->count[0]); +- +- /* Append a '1' bit (0x80) to the message. */ +- SHA512Update(ctx, (uint8_t *)"\200", 1); +- +- /* Pad message such that the resulting length modulo 1024 is 896. */ +- while ((ctx->count[0] & 1008) != 896) +- SHA512Update(ctx, (uint8_t *)"\0", 1); +- +- /* Append length of message in bits and do final SHA512Transform(). */ +- SHA512Update(ctx, finalcount, sizeof(finalcount)); +-} +- +-void +-SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx) +-{ +- SHA512Pad(ctx); +- if (digest != NULL) { +-#if BYTE_ORDER == BIG_ENDIAN +- memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH); +-#else +- unsigned int i; +- +- for (i = 0; i < 8; i++) +- BE64TO8(digest + (i * 8), ctx->state.st64[i]); +-#endif +- memset(ctx, 0, sizeof(*ctx)); +- } +-} +diff -urN sudo-1.8.9p5.old/plugins/sudoers/sha2.h sudo-1.8.9p5/plugins/sudoers/sha2.h +--- sudo-1.8.9p5.old/plugins/sudoers/sha2.h 2014-01-07 19:08:54.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/sha2.h 1970-01-01 01:00:00.000000000 +0100 +@@ -1,74 +0,0 @@ +-/* +- * Copyright (c) 2013 Todd C. Miller +- * +- * Permission to use, copy, modify, and distribute this software for any +- * purpose with or without fee is hereby granted, provided that the above +- * copyright notice and this permission notice appear in all copies. +- * +- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +- */ +- +-/* +- * Derived from the public domain SHA-1 and SHA-2 implementations +- * by Steve Reid and Wei Dai respectively. +- */ +- +-#ifndef _SUDOERS_SHA2_H +-#define _SUDOERS_SHA2_H +- +-#define SHA224_BLOCK_LENGTH 64 +-#define SHA224_DIGEST_LENGTH 28 +-#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) +- +-#define SHA256_BLOCK_LENGTH 64 +-#define SHA256_DIGEST_LENGTH 32 +-#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) +- +-#define SHA384_BLOCK_LENGTH 128 +-#define SHA384_DIGEST_LENGTH 48 +-#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) +- +-#define SHA512_BLOCK_LENGTH 128 +-#define SHA512_DIGEST_LENGTH 64 +-#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) +- +-typedef struct { +- union { +- uint32_t st32[8]; /* sha224 and sha256 */ +- uint64_t st64[8]; /* sha384 and sha512 */ +- } state; +- uint64_t count[2]; +- uint8_t buffer[SHA512_BLOCK_LENGTH]; +-} SHA2_CTX; +- +-void SHA224Init(SHA2_CTX *ctx); +-void SHA224Pad(SHA2_CTX *ctx); +-void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]); +-void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +-void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx); +- +-void SHA256Init(SHA2_CTX *ctx); +-void SHA256Pad(SHA2_CTX *ctx); +-void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]); +-void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +-void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx); +- +-void SHA384Init(SHA2_CTX *ctx); +-void SHA384Pad(SHA2_CTX *ctx); +-void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]); +-void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +-void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx); +- +-void SHA512Init(SHA2_CTX *ctx); +-void SHA512Pad(SHA2_CTX *ctx); +-void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]); +-void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len); +-void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx); +- +-#endif /* _SUDOERS_SHA2_H */ +diff -urN sudo-1.8.9p5.old/plugins/sudoers/toke.c sudo-1.8.9p5/plugins/sudoers/toke.c +--- sudo-1.8.9p5.old/plugins/sudoers/toke.c 2014-01-07 19:08:50.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/toke.c 2014-04-10 15:20:34.466936711 +0200 +@@ -1997,6 +1997,11 @@ + # include + # endif + #endif ++#ifdef HAVE_SHA224UPDATE ++# include ++#else ++# include "compat/sha2.h" ++#endif + #include + #include + #include "sudoers.h" +@@ -2004,7 +2009,6 @@ + #include "toke.h" + #include + #include "lbuf.h" +-#include "sha2.h" + #include "secure_path.h" + + int sudolineno; /* current sudoers line number. */ +@@ -2050,7 +2054,7 @@ + + #define WANTDIGEST 6 + +-#line 2053 "lex.sudoers.c" ++#line 2057 "lex.sudoers.c" + + /* Macros after this point can all be overridden by user definitions in + * section 1. +@@ -2204,9 +2208,9 @@ + register char *yy_cp, *yy_bp; + register int yy_act; + +-#line 137 "toke.l" ++#line 141 "toke.l" + +-#line 2209 "lex.sudoers.c" ++#line 2213 "lex.sudoers.c" + + if ( yy_init ) + { +@@ -2292,7 +2296,7 @@ + + case 1: + YY_RULE_SETUP +-#line 138 "toke.l" ++#line 142 "toke.l" + { + LEXTRACE(", "); + LEXRETURN(','); +@@ -2300,12 +2304,12 @@ + YY_BREAK + case 2: + YY_RULE_SETUP +-#line 143 "toke.l" ++#line 147 "toke.l" + BEGIN STARTDEFS; + YY_BREAK + case 3: + YY_RULE_SETUP +-#line 145 "toke.l" ++#line 149 "toke.l" + { + BEGIN INDEFS; + LEXTRACE("DEFVAR "); +@@ -2317,7 +2321,7 @@ + + case 4: + YY_RULE_SETUP +-#line 154 "toke.l" ++#line 158 "toke.l" + { + BEGIN STARTDEFS; + LEXTRACE(", "); +@@ -2326,7 +2330,7 @@ + YY_BREAK + case 5: + YY_RULE_SETUP +-#line 160 "toke.l" ++#line 164 "toke.l" + { + LEXTRACE("= "); + LEXRETURN('='); +@@ -2334,7 +2338,7 @@ + YY_BREAK + case 6: + YY_RULE_SETUP +-#line 165 "toke.l" ++#line 169 "toke.l" + { + LEXTRACE("+= "); + LEXRETURN('+'); +@@ -2342,7 +2346,7 @@ + YY_BREAK + case 7: + YY_RULE_SETUP +-#line 170 "toke.l" ++#line 174 "toke.l" + { + LEXTRACE("-= "); + LEXRETURN('-'); +@@ -2350,7 +2354,7 @@ + YY_BREAK + case 8: + YY_RULE_SETUP +-#line 175 "toke.l" ++#line 179 "toke.l" + { + LEXTRACE("BEGINSTR "); + sudoerslval.string = NULL; +@@ -2360,7 +2364,7 @@ + YY_BREAK + case 9: + YY_RULE_SETUP +-#line 182 "toke.l" ++#line 186 "toke.l" + { + LEXTRACE("WORD(2) "); + if (!fill(sudoerstext, sudoersleng)) +@@ -2372,7 +2376,7 @@ + + case 10: + YY_RULE_SETUP +-#line 191 "toke.l" ++#line 195 "toke.l" + { + /* Line continuation char followed by newline. */ + sudolineno++; +@@ -2381,7 +2385,7 @@ + YY_BREAK + case 11: + YY_RULE_SETUP +-#line 197 "toke.l" ++#line 201 "toke.l" + { + LEXTRACE("ENDSTR "); + BEGIN prev_state; +@@ -2416,7 +2420,7 @@ + YY_BREAK + case 12: + YY_RULE_SETUP +-#line 229 "toke.l" ++#line 233 "toke.l" + { + LEXTRACE("BACKSLASH "); + if (!append(sudoerstext, sudoersleng)) +@@ -2425,7 +2429,7 @@ + YY_BREAK + case 13: + YY_RULE_SETUP +-#line 235 "toke.l" ++#line 239 "toke.l" + { + LEXTRACE("STRBODY "); + if (!append(sudoerstext, sudoersleng)) +@@ -2436,7 +2440,7 @@ + + case 14: + YY_RULE_SETUP +-#line 243 "toke.l" ++#line 247 "toke.l" + { + /* quoted fnmatch glob char, pass verbatim */ + LEXTRACE("QUOTEDCHAR "); +@@ -2447,7 +2451,7 @@ + YY_BREAK + case 15: + YY_RULE_SETUP +-#line 251 "toke.l" ++#line 255 "toke.l" + { + /* quoted sudoers special char, strip backslash */ + LEXTRACE("QUOTEDCHAR "); +@@ -2458,7 +2462,7 @@ + YY_BREAK + case 16: + YY_RULE_SETUP +-#line 259 "toke.l" ++#line 263 "toke.l" + { + BEGIN INITIAL; + yyless(0); +@@ -2467,7 +2471,7 @@ + YY_BREAK + case 17: + YY_RULE_SETUP +-#line 265 "toke.l" ++#line 269 "toke.l" + { + LEXTRACE("ARG "); + if (!fill_args(sudoerstext, sudoersleng, sawspace)) +@@ -2478,7 +2482,7 @@ + + case 18: + YY_RULE_SETUP +-#line 273 "toke.l" ++#line 277 "toke.l" + { + /* Only return DIGEST if the length is correct. */ + if (sudoersleng == digest_len * 2) { +@@ -2494,7 +2498,7 @@ + YY_BREAK + case 19: + YY_RULE_SETUP +-#line 286 "toke.l" ++#line 290 "toke.l" + { + /* Only return DIGEST if the length is correct. */ + int len; +@@ -2518,7 +2522,7 @@ + YY_BREAK + case 20: + YY_RULE_SETUP +-#line 307 "toke.l" ++#line 311 "toke.l" + { + char *path; + +@@ -2539,7 +2543,7 @@ + YY_BREAK + case 21: + YY_RULE_SETUP +-#line 325 "toke.l" ++#line 329 "toke.l" + { + char *path; + +@@ -2563,7 +2567,7 @@ + YY_BREAK + case 22: + YY_RULE_SETUP +-#line 346 "toke.l" ++#line 350 "toke.l" + { + char deftype; + int n; +@@ -2606,7 +2610,7 @@ + YY_BREAK + case 23: + YY_RULE_SETUP +-#line 386 "toke.l" ++#line 390 "toke.l" + { + int n; + +@@ -2635,7 +2639,7 @@ + YY_BREAK + case 24: + YY_RULE_SETUP +-#line 412 "toke.l" ++#line 416 "toke.l" + { + /* cmnd does not require passwd for this user */ + LEXTRACE("NOPASSWD "); +@@ -2644,7 +2648,7 @@ + YY_BREAK + case 25: + YY_RULE_SETUP +-#line 418 "toke.l" ++#line 422 "toke.l" + { + /* cmnd requires passwd for this user */ + LEXTRACE("PASSWD "); +@@ -2653,7 +2657,7 @@ + YY_BREAK + case 26: + YY_RULE_SETUP +-#line 424 "toke.l" ++#line 428 "toke.l" + { + LEXTRACE("NOEXEC "); + LEXRETURN(NOEXEC); +@@ -2661,7 +2665,7 @@ + YY_BREAK + case 27: + YY_RULE_SETUP +-#line 429 "toke.l" ++#line 433 "toke.l" + { + LEXTRACE("EXEC "); + LEXRETURN(EXEC); +@@ -2669,7 +2673,7 @@ + YY_BREAK + case 28: + YY_RULE_SETUP +-#line 434 "toke.l" ++#line 438 "toke.l" + { + LEXTRACE("SETENV "); + LEXRETURN(SETENV); +@@ -2677,7 +2681,7 @@ + YY_BREAK + case 29: + YY_RULE_SETUP +-#line 439 "toke.l" ++#line 443 "toke.l" + { + LEXTRACE("NOSETENV "); + LEXRETURN(NOSETENV); +@@ -2685,7 +2689,7 @@ + YY_BREAK + case 30: + YY_RULE_SETUP +-#line 444 "toke.l" ++#line 448 "toke.l" + { + LEXTRACE("LOG_OUTPUT "); + LEXRETURN(LOG_OUTPUT); +@@ -2693,7 +2697,7 @@ + YY_BREAK + case 31: + YY_RULE_SETUP +-#line 449 "toke.l" ++#line 453 "toke.l" + { + LEXTRACE("NOLOG_OUTPUT "); + LEXRETURN(NOLOG_OUTPUT); +@@ -2701,7 +2705,7 @@ + YY_BREAK + case 32: + YY_RULE_SETUP +-#line 454 "toke.l" ++#line 458 "toke.l" + { + LEXTRACE("LOG_INPUT "); + LEXRETURN(LOG_INPUT); +@@ -2709,7 +2713,7 @@ + YY_BREAK + case 33: + YY_RULE_SETUP +-#line 459 "toke.l" ++#line 463 "toke.l" + { + LEXTRACE("NOLOG_INPUT "); + LEXRETURN(NOLOG_INPUT); +@@ -2717,7 +2721,7 @@ + YY_BREAK + case 34: + YY_RULE_SETUP +-#line 464 "toke.l" ++#line 468 "toke.l" + { + /* empty group or netgroup */ + LEXTRACE("ERROR "); +@@ -2726,7 +2730,7 @@ + YY_BREAK + case 35: + YY_RULE_SETUP +-#line 470 "toke.l" ++#line 474 "toke.l" + { + /* netgroup */ + if (!fill(sudoerstext, sudoersleng)) +@@ -2737,7 +2741,7 @@ + YY_BREAK + case 36: + YY_RULE_SETUP +-#line 478 "toke.l" ++#line 482 "toke.l" + { + /* group */ + if (!fill(sudoerstext, sudoersleng)) +@@ -2748,7 +2752,7 @@ + YY_BREAK + case 37: + YY_RULE_SETUP +-#line 486 "toke.l" ++#line 490 "toke.l" + { + if (!fill(sudoerstext, sudoersleng)) + yyterminate(); +@@ -2758,7 +2762,7 @@ + YY_BREAK + case 38: + YY_RULE_SETUP +-#line 493 "toke.l" ++#line 497 "toke.l" + { + if (!fill(sudoerstext, sudoersleng)) + yyterminate(); +@@ -2768,7 +2772,7 @@ + YY_BREAK + case 39: + YY_RULE_SETUP +-#line 500 "toke.l" ++#line 504 "toke.l" + { + if (!ipv6_valid(sudoerstext)) { + LEXTRACE("ERROR "); +@@ -2782,7 +2786,7 @@ + YY_BREAK + case 40: + YY_RULE_SETUP +-#line 511 "toke.l" ++#line 515 "toke.l" + { + if (!ipv6_valid(sudoerstext)) { + LEXTRACE("ERROR "); +@@ -2796,7 +2800,7 @@ + YY_BREAK + case 41: + YY_RULE_SETUP +-#line 522 "toke.l" ++#line 526 "toke.l" + { + LEXTRACE("ALL "); + LEXRETURN(ALL); +@@ -2805,7 +2809,7 @@ + YY_BREAK + case 42: + YY_RULE_SETUP +-#line 528 "toke.l" ++#line 532 "toke.l" + { + #ifdef HAVE_SELINUX + LEXTRACE("ROLE "); +@@ -2817,7 +2821,7 @@ + YY_BREAK + case 43: + YY_RULE_SETUP +-#line 537 "toke.l" ++#line 541 "toke.l" + { + #ifdef HAVE_SELINUX + LEXTRACE("TYPE "); +@@ -2829,7 +2833,7 @@ + YY_BREAK + case 44: + YY_RULE_SETUP +-#line 545 "toke.l" ++#line 549 "toke.l" + { + #ifdef HAVE_PRIV_SET + LEXTRACE("PRIVS "); +@@ -2841,7 +2845,7 @@ + YY_BREAK + case 45: + YY_RULE_SETUP +-#line 554 "toke.l" ++#line 558 "toke.l" + { + #ifdef HAVE_PRIV_SET + LEXTRACE("LIMITPRIVS "); +@@ -2853,7 +2857,7 @@ + YY_BREAK + case 46: + YY_RULE_SETUP +-#line 563 "toke.l" ++#line 567 "toke.l" + { + got_alias: + if (!fill(sudoerstext, sudoersleng)) +@@ -2864,7 +2868,7 @@ + YY_BREAK + case 47: + YY_RULE_SETUP +-#line 571 "toke.l" ++#line 575 "toke.l" + { + /* XXX - no way to specify digest for command */ + /* no command args allowed for Defaults!/path */ +@@ -2876,47 +2880,47 @@ + YY_BREAK + case 48: + YY_RULE_SETUP +-#line 580 "toke.l" ++#line 584 "toke.l" + { + digest_len = SHA224_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA224 "); +- LEXRETURN(SHA224); ++ LEXTRACE("SHA224_TOK "); ++ LEXRETURN(SHA224_TOK); + } + YY_BREAK + case 49: + YY_RULE_SETUP +-#line 587 "toke.l" ++#line 591 "toke.l" + { + digest_len = SHA256_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA256 "); +- LEXRETURN(SHA256); ++ LEXTRACE("SHA256_TOK "); ++ LEXRETURN(SHA256_TOK); + } + YY_BREAK + case 50: + YY_RULE_SETUP +-#line 594 "toke.l" ++#line 598 "toke.l" + { + digest_len = SHA384_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA384 "); +- LEXRETURN(SHA384); ++ LEXTRACE("SHA384_TOK "); ++ LEXRETURN(SHA384_TOK); + } + YY_BREAK + case 51: + YY_RULE_SETUP +-#line 601 "toke.l" ++#line 605 "toke.l" + { + digest_len = SHA512_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA512 "); +- LEXRETURN(SHA512); ++ LEXTRACE("SHA512_TOK "); ++ LEXRETURN(SHA512_TOK); + } + YY_BREAK + case 52: + YY_RULE_SETUP +-#line 608 "toke.l" ++#line 612 "toke.l" + { + BEGIN GOTCMND; + LEXTRACE("COMMAND "); +@@ -2926,7 +2930,7 @@ + YY_BREAK + case 53: + YY_RULE_SETUP +-#line 615 "toke.l" ++#line 619 "toke.l" + { + /* directories can't have args... */ + if (sudoerstext[sudoersleng - 1] == '/') { +@@ -2944,7 +2948,7 @@ + YY_BREAK + case 54: + YY_RULE_SETUP +-#line 630 "toke.l" ++#line 634 "toke.l" + { + LEXTRACE("BEGINSTR "); + sudoerslval.string = NULL; +@@ -2954,7 +2958,7 @@ + YY_BREAK + case 55: + YY_RULE_SETUP +-#line 637 "toke.l" ++#line 641 "toke.l" + { + /* a word */ + if (!fill(sudoerstext, sudoersleng)) +@@ -2965,7 +2969,7 @@ + YY_BREAK + case 56: + YY_RULE_SETUP +-#line 645 "toke.l" ++#line 649 "toke.l" + { + LEXTRACE("( "); + LEXRETURN('('); +@@ -2973,7 +2977,7 @@ + YY_BREAK + case 57: + YY_RULE_SETUP +-#line 650 "toke.l" ++#line 654 "toke.l" + { + LEXTRACE(") "); + LEXRETURN(')'); +@@ -2981,7 +2985,7 @@ + YY_BREAK + case 58: + YY_RULE_SETUP +-#line 655 "toke.l" ++#line 659 "toke.l" + { + LEXTRACE(", "); + LEXRETURN(','); +@@ -2989,7 +2993,7 @@ + YY_BREAK + case 59: + YY_RULE_SETUP +-#line 660 "toke.l" ++#line 664 "toke.l" + { + LEXTRACE("= "); + LEXRETURN('='); +@@ -2997,7 +3001,7 @@ + YY_BREAK + case 60: + YY_RULE_SETUP +-#line 665 "toke.l" ++#line 669 "toke.l" + { + LEXTRACE(": "); + LEXRETURN(':'); +@@ -3005,7 +3009,7 @@ + YY_BREAK + case 61: + YY_RULE_SETUP +-#line 670 "toke.l" ++#line 674 "toke.l" + { + if (sudoersleng & 1) { + LEXTRACE("!"); +@@ -3015,7 +3019,7 @@ + YY_BREAK + case 62: + YY_RULE_SETUP +-#line 677 "toke.l" ++#line 681 "toke.l" + { + if (YY_START == INSTR) { + LEXTRACE("ERROR "); +@@ -3030,14 +3034,14 @@ + YY_BREAK + case 63: + YY_RULE_SETUP +-#line 689 "toke.l" ++#line 693 "toke.l" + { /* throw away space/tabs */ + sawspace = true; /* but remember for fill_args */ + } + YY_BREAK + case 64: + YY_RULE_SETUP +-#line 693 "toke.l" ++#line 697 "toke.l" + { + sawspace = true; /* remember for fill_args */ + sudolineno++; +@@ -3046,7 +3050,7 @@ + YY_BREAK + case 65: + YY_RULE_SETUP +-#line 699 "toke.l" ++#line 703 "toke.l" + { + if (sudoerstext[sudoersleng - 1] == '\n') { + /* comment ending in a newline */ +@@ -3063,7 +3067,7 @@ + YY_BREAK + case 66: + YY_RULE_SETUP +-#line 713 "toke.l" ++#line 717 "toke.l" + { + LEXTRACE("ERROR "); + LEXRETURN(ERROR); +@@ -3076,7 +3080,7 @@ + case YY_STATE_EOF(INDEFS): + case YY_STATE_EOF(INSTR): + case YY_STATE_EOF(WANTDIGEST): +-#line 718 "toke.l" ++#line 722 "toke.l" + { + if (YY_START != INITIAL) { + BEGIN INITIAL; +@@ -3089,10 +3093,10 @@ + YY_BREAK + case 67: + YY_RULE_SETUP +-#line 728 "toke.l" ++#line 732 "toke.l" + ECHO; + YY_BREAK +-#line 3095 "lex.sudoers.c" ++#line 3099 "lex.sudoers.c" + + case YY_END_OF_BUFFER: + { +@@ -3983,7 +3987,7 @@ + return 0; + } + #endif +-#line 728 "toke.l" ++#line 732 "toke.l" + + struct path_list { + SLIST_ENTRY(path_list) entries; +diff -urN sudo-1.8.9p5.old/plugins/sudoers/toke.l sudo-1.8.9p5/plugins/sudoers/toke.l +--- sudo-1.8.9p5.old/plugins/sudoers/toke.l 2014-01-07 19:08:50.000000000 +0100 ++++ sudo-1.8.9p5/plugins/sudoers/toke.l 2014-04-10 15:20:34.467610395 +0200 +@@ -69,6 +69,11 @@ + # include + # endif + #endif ++#ifdef HAVE_SHA224UPDATE ++# include ++#else ++# include "compat/sha2.h" ++#endif + #include + #include + #include "sudoers.h" +@@ -76,7 +81,6 @@ + #include "toke.h" + #include + #include "lbuf.h" +-#include "sha2.h" + #include "secure_path.h" + + int sudolineno; /* current sudoers line number. */ +@@ -580,29 +584,29 @@ + sha224 { + digest_len = SHA224_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA224 "); +- LEXRETURN(SHA224); ++ LEXTRACE("SHA224_TOK "); ++ LEXRETURN(SHA224_TOK); + } + + sha256 { + digest_len = SHA256_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA256 "); +- LEXRETURN(SHA256); ++ LEXTRACE("SHA256_TOK "); ++ LEXRETURN(SHA256_TOK); + } + + sha384 { + digest_len = SHA384_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA384 "); +- LEXRETURN(SHA384); ++ LEXTRACE("SHA384_TOK "); ++ LEXRETURN(SHA384_TOK); + } + + sha512 { + digest_len = SHA512_DIGEST_LENGTH; + BEGIN WANTDIGEST; +- LEXTRACE("SHA512 "); +- LEXRETURN(SHA512); ++ LEXTRACE("SHA512_TOK "); ++ LEXRETURN(SHA512_TOK); + } + + sudoedit { diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/resolve.deps --- a/components/sudo/resolve.deps Tue Jul 22 10:48:13 2014 -0700 +++ b/components/sudo/resolve.deps Wed Jul 09 08:51:19 2014 +0200 @@ -1,2 +1,3 @@ library/zlib system/library +system/library/security/crypto diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/sudo.license --- a/components/sudo/sudo.license Tue Jul 22 10:48:13 2014 -0700 +++ b/components/sudo/sudo.license Wed Jul 09 08:51:19 2014 +0200 @@ -1,10 +1,10 @@ -Copyright (c) 2012-2013 Todd C. Miller Copyright (c) 2009 Christian S.J. Peron +Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler Sudo is distributed under the following license: - Copyright (c) 1994-1996, 1998-2012 + Copyright (c) 1994-1996, 1998-2014 Todd C. Miller Permission to use, copy, modify, and distribute this software for any @@ -23,6 +23,9 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. + + + The file redblack.c bears the following license: Copyright (c) 2001 Emin Martinian @@ -45,7 +48,10 @@ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -The files getcwd.c, glob.c, glob.h and snprintf.c bear the following license: + + + +The files include/queue.h, getcwd.c, glob.c, glob.h and snprintf.c bear the following license: Copyright (c) 1989, 1990, 1991, 1993 The Regents of the University of California. All rights reserved. @@ -74,6 +80,9 @@ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + The file fnmatch.c bears the following license: Copyright (c) 2011, VMware, Inc. @@ -101,9 +110,12 @@ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + The embedded copy of zlib bears the following license: - Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler + Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages @@ -123,3 +135,52 @@ Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu + + + + +The files compat/getopt.h, compat/getopt_long.c have the following license: + +Copyright (c) 2000 The NetBSD Foundation, Inc. +All rights reserved. + +This code is derived from software contributed to The NetBSD Foundation +by Dieter Baron and Thomas Klausner. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + + + + +The file m4/ax_func_getaddrinfo.m4: +Placed in the public domain by Todd C. Miller on November 20, 2013. + + + + +The file m4/ax_func_snprintf.m4: +Copyright (c) 2008 Ruediger Kuhlmann + +Copying and distribution of this file, with or without modification, are +permitted in any medium without royalty provided the copyright notice +and this notice are preserved. This file is offered as-is, without any +warranty. diff -r 6c32d6df504a -r 77f1ff9ca70f components/sudo/sudo.p5m --- a/components/sudo/sudo.p5m Tue Jul 22 10:48:13 2014 -0700 +++ b/components/sudo/sudo.p5m Wed Jul 09 08:51:19 2014 +0200 @@ -18,7 +18,7 @@ # # CDDL HEADER END # -# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. # default mangler.man.stability uncommitted> @@ -26,7 +26,7 @@ set name=pkg.fmri value=pkg:/security/sudo@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="sudo - tool to allow certain tasks to be run as root by ordinary users" set name=com.oracle.info.description value="the sudo utility" -set name=com.oracle.info.tpno value=12745 +set name=com.oracle.info.tpno value=$(TPNO) set name=info.classification \ value="org.opensolaris.category.2008:Applications/System Utilities" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) @@ -35,59 +35,7 @@ set name=org.opensolaris.arc-caseid \ value=PSARC/2011/252 -dir path=etc dir path=etc/sudoers.d mode=0750 group=root -dir path=usr -dir path=usr/bin -dir path=usr/include -dir path=usr/lib -dir path=usr/lib/sudo -dir path=usr/sbin -dir path=usr/share -dir path=usr/share/doc -dir path=usr/share/doc/sudo -dir path=usr/share/locale -dir path=usr/share/locale/da -dir path=usr/share/locale/da/LC_MESSAGES -dir path=usr/share/locale/de -dir path=usr/share/locale/de/LC_MESSAGES -dir path=usr/share/locale/eo -dir path=usr/share/locale/eo/LC_MESSAGES -dir path=usr/share/locale/es -dir path=usr/share/locale/es/LC_MESSAGES -dir path=usr/share/locale/eu -dir path=usr/share/locale/eu/LC_MESSAGES -dir path=usr/share/locale/fi -dir path=usr/share/locale/fi/LC_MESSAGES -dir path=usr/share/locale/gl -dir path=usr/share/locale/gl/LC_MESSAGES -dir path=usr/share/locale/hr -dir path=usr/share/locale/hr/LC_MESSAGES -dir path=usr/share/locale/it -dir path=usr/share/locale/it/LC_MESSAGES -dir path=usr/share/locale/ja -dir path=usr/share/locale/ja/LC_MESSAGES -dir path=usr/share/locale/lt -dir path=usr/share/locale/lt/LC_MESSAGES -dir path=usr/share/locale/pl -dir path=usr/share/locale/pl/LC_MESSAGES -dir path=usr/share/locale/ru -dir path=usr/share/locale/ru/LC_MESSAGES -dir path=usr/share/locale/sl -dir path=usr/share/locale/sl/LC_MESSAGES -dir path=usr/share/locale/sr -dir path=usr/share/locale/sr/LC_MESSAGES -dir path=usr/share/locale/sv -dir path=usr/share/locale/sv/LC_MESSAGES -dir path=usr/share/locale/uk -dir path=usr/share/locale/uk/LC_MESSAGES -dir path=usr/share/locale/vi -dir path=usr/share/locale/vi/LC_MESSAGES -dir path=usr/share/locale/zh_CN -dir path=usr/share/locale/zh_CN/LC_MESSAGES -dir path=usr/share/man -dir path=usr/share/man/man1m -dir path=usr/share/man/man4 file path=etc/sudoers original_name=SUNWsudo:etc/sudoers overlay=allow \ preserve=true mode=0440 group=root