File: WhatsNew

package info (click to toggle)
super 3.30.0-3+squeeze2
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 1,088 kB
  • ctags: 755
  • sloc: ansic: 10,089; sh: 288; makefile: 201
file content (2100 lines) | stat: -rw-r--r-- 77,229 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
-------------------
What's new for version 3.30.0:

    A.  Added '-t' option, to test if a command exists, and if
	so if this user may execute it at this moment.

-------------------
What's new for version 3.28.0:

    A.  Added '-r requiredpath' option, to allow a program to insist
	that the FullPath be the same program as the requiredpath,
	else it's an error.

-------------------
What's new for version 3.27.0:

    A.  Modified 'super -c' to exit with non-zero exit code
	if there is a syntax error.
	Requested by Gordon Lack, gml4410@ggr.co.uk

    B.  Performance enchancement: store various user/group/host/pattern
	data in a hash table, so as to avoid many repeated NIS calls
	when working with a large super.tab file.  "The result was that
	I cut the number of NIS calls made when running through an
	entire file's tests (super with no args) from 4230 to 177.
	This has a *big* effect on the elapsed time too."
	(From Gordon Lack, gml4410@ggr.co.uk)

    C.	Additional syntax checking: wherever super does
	brace-globbing, it explicitly checks for balanced braces.

-------------------
What's new for version 3.26.3:

    A.  Fix for 'super -c' when SUPERDIR has been set to other
	than /usr/local/lib.  (From Gordon Lack, gml4410@ggr.co.uk)

-------------------
What's new for version 3.26.2:

    A.  Fix for HP-UX 11i in trusted mode, from 
	Mike Cross <Mike.D.Cross@gsk.com>.

-------------------
What's new for version 3.26.1:

    A.  Fix for super variable re-definition bug.
	When changing the definition of a variable,
	super deallocated a string that hsearch() tried to reference.
	Bug discovery and fix by Michael Steffens <michael.steffens@hp.com>.

-------------------
What's new for version 3.26.0:

    A.  Cumulation of 3.25.x changes.

-------------------
What's new for version 3.25.3:

    A.  Fixed reference to get_pam() that shouldn't be present when
	building w/o pam support.
	Reported by Gabor Z. Papp (gzp@papp.hu)

-------------------
What's new for version 3.25.2:

    A.  Fixed bug in 3.25.1...

-------------------
What's new for version 3.25.1:

    A.  Fixed handling of argMMM-NNN options.
	Problem reported by cmoulin@simplerezo.com.

-------------------
What's new for version 3.25.0:

    A.  Super tries to obtain the user's authentication data early (before
	it yields setuid-root privileges), and it does this even before
	reading the super.tab file.  If super is unable to obtain this info,
	it will no longer print error messages, unless the specific command
	requires user authentication.

    B.  Super tries to record the time of the user's authentication, which
	allows it to trust the same user for some additional time w/o
	re-entering authentication data.  If it's unable to record the
	timestamp, it doesn't generate error messages unless this particular
	command has the renewtime option set (typically this is done
	as a global option).

    C.  Cleaned up some error messages / warnings.

-------------------
What's new for version 3.24.1:

    A.  BUGFIX for 3.24.0 / shell patterns syntax enhancement:

	The last version used this goofy pattern:
	    :if $PATTERNS == shell   :global arg1-99="[-/:+._a-zA-Z0-9]*"
	Of course, this only restricts the first character to the desired one;
	ordinary shell patterns can't express the desired restrictions at all!

	In order to let shell patterns do the desired kind of matching,
	I've added new syntax for shell patterns: when the pattern is
	[[...]] -- that is, it begins with "[[" and ends with "]]" --
	then it's a special case that means each and every character in the
	string must match the pattern [...].  The new rule in the super.tab
	file can now be:
	    :if $PATTERNS == shell   :global arg1-99="[[-/:+._a-zA-Z0-9]]"
	    :if $PATTERNS != shell   :global arg1-99="^[-/:+._a-zA-Z0-9]*$$"


-------------------
What's new for version 3.24.0:
    A.  Changed option args and nargs to be global as well as local.
	(Suggested by Henrik Strom <henrik@telenor.com>)

    B.  Added builtin variable PATTERNS to carry the value of the
	global patterns option.

	Combined with (A), your super.tab file can include these entries
	for limiting what can be done without local settings:

	    # By default, allow only 0 or 1 argument
	    :global nargs=0-1
	    # By default, each argument must be a simple word with no
	    # characters that might be srecial to a shell:
	    :if $PATTERNS == shell   :global arg1-99="[-/:+._a-zA-Z0-9]*"
	    :if $PATTERNS != shell   :global arg1-99="^[-/:+._a-zA-Z0-9]*$$"


-------------------
What's new for version 3.23.0:
    A.  Fixed format string vulnerability.
	(Incremented version number instead of patch number to emphasize
	this change is important.)
	(From Max Vozeler <max@hinterhof.net>, via Robert Luberda
	<robert@debian.org>)

-------------------
What's new for version 3.22.2:
    A.  Better syslog handling.  Instead of compile-time choice of
	the rsyslog() vs syslog() routines, the program now makes the
	selection at runtime.  By default, the normal openlog() and
	syslog() functions are used.  However, if a loghost is named
	(using global option rlog_host=xxxx) before any syslog message
	is generated, the functions ropenlog() and rsyslog() are used instead.

-------------------
What's new for version 3.22.1:
    A.  Bugfix for new options euid and egid (added 3.21.0), in which one of
	the id's would overwrite the other.
	(From Robert Luberda <robert@debian.org>)

    B.	Bugfix for missing save/restore of errno, causing an incorrect
	error message.
	(From Robert Luberda <robert@debian.org>)

    C.	Bugfix: remove unwanted override of syslog facility and priority.
	(From Robert Luberda <robert@debian.org>)

    D.	Bugfix: if your system didn't support sysinfo(SI_SYSNAME, ...),
	there was a missing return statement in add_sysinfo_variables().
	(From Gordon Lack, gml4410@ggr.co.uk)

    E.	Bugfix: Linux pw lookup didn't have fallback if /etc/shadow was missing.
	(From Gordon Lack, gml4410@ggr.co.uk)

    F.	Long series of minor edits to remove all compiler warnings
	generated by gcc -Wall.
	(From Robert Luberda <robert@debian.org>)

-------------------
What's new for version 3.22.0:
    A.  Added flexibility to syslog facility/level setting; e.g. auth.local1
	is now legal, in addition to "LOG_AUTH|LOG_LOCAL1".
    B.  Fixed bug that disallowed whitespace in strings such as that in A.

-------------------
What's new for version 3.21.5:
    A.  Fixed a minor glitch in the configure script.

-------------------
What's new for version 3.21.4:
    A.  Fixed install of the "barebones.tab" file.

-------------------
What's new for version 3.21.2:
    A.  Generalized support for passwords:
	a) all encrypted password beginning "$" are now handled correctly
	    (hence Linux, *BSD, Solaris 9, ...)
	b) extended DES (encrypted password begins "_") now handled correctly.

    B.	Fixd approval checks for root.  Root was being given permission
	to execute commands that explicitly said !root.

    C.	Added some notes to man page.

    D.	Minor improvement to error messages.

-------------------
What's new for version 3.21.0:
    A.	Added options euid and egid to allow setting the effective
	uid and gid separately from changing the real id's.  A few very old
	versions of Unix don't provide the setre[ug]id functions, and
	attempting to use the e{u,g}id options will cause an error.

    B.  Fixed reading of passwd/shadow files so that the format $n$salt$passwd
	is understood on Linux systems.

    C.  Added FreeBSD passwd handling, again to recognize fmt $n$salt$passwd.

-------------------
What's new for version 3.20.1:
    A.	ICANON is no longer disabled in getpass() -- otherwise, getpass()
	hung for some os's.
	(From Gordon Lack, gml4410@ggr.co.uk)
    B.  Fixed some missing return values.
	(From Michael Steffens michael.steffens@hp.com)

-------------------
What's new for version 3.20.0:
    A.	Typo in utils.c would cause super to use syslog level LOG_NEWS
    	instead of LOG_RFS, if you tried to select the latter.

-------------------
What's new for version 3.19.0:
    A.	SECURITY FIX: Patched syslog use error.  All previous versions
	allow local root exploit when syslog() use is enabled.
	Workaround for earlier versions: put "syslog=n" into :global
	line of the super.tab file.

-------------------
What's new for version 3.18.0:
    A.	Per user request, added option to force passwords to be
    	read from stdin.

-------------------
What's new for version 3.17.2:
    A.	Minor man page improvements.

-------------------
What's new for version 3.17.1:
    A.	Double-checks on uid and gid, to make sure they were really
	changed as they should have been.

-------------------
What's new for version 3.17.0:
    
    A.  argNNN matching now accepts brace-enclosed list
	(from Boleslav Bobcik, xbobcik@informatics.muni.cz)

    B.  If your system-supplied regex is POSIX-compatible, then posix
	regular expressions are now supported; use
	    :global patterns=posix
	to enable them.  The default is case-sensitive, basic regular
	expressions.  To get extended regular expressions (see your
	POSIX regular expression man page), use
	    :global patterns=posix/extended
	To add ignore-case, use
	    :global patterns=posix/extended/icase


-------------------
What's new for version 3.16.1:
    
    A.  pam.o was listed twice in the Makefile.
	(from Boleslav Bobcik, xbobcik@informatics.muni.cz)

    B.  Missing comment delimiters around an #ifdef comment.
	(from Boleslav Bobcik, xbobcik@informatics.muni.cz)

-------------------
What's new for version 3.16.0:

    This is the stable culmination of the changes in the 3.15.x enhancements.
    The previous stable version was 3.14.0.
    The last version to have a known security problem was 3.12.0.

    In brief, the changes include the following (the version number tells
    when the capability was added; check that section for more info):


    A.  Added PAM support.  (3.15.5, 3.15.6)

    C.	The use of password=y|n is deprecated; it's been replaced by the
	more general auth=y|n and authtype=xxx mechanism.  (3.15.5)

    D.  **** BEHAVIOR CHANGE FOR ROOT ****  The new behavior is *usually*
	the same as the old behavior, but give you more control.  (3.15.4)

    E.	Added support for shadow passwords in Digital Unix 4.x.  (3.15.3)

    F.	Fixes for HP-UX 11.0 with tcb enabled.  (3.15.0, 3.15.7)

    G.	Fixed an error in printing a message when super is _not_ running
	setuid-root.  (Hence this is not a security fix.)  (3.15.2)

    H.  Added option to let you specify the prompt for password (3.15.2)

    I.  Improved description of some envvars.  (3.15.2)

    J.  Corrected processing of "die=message" option.  (3.15.2)

    K.	Minor readability improvements. (3.15.0)

    L.  Trivial changes to the format of the -h and -H outputs. (3.15.6)

-------------------
What's new for version 3.15.7:

    A.	Modifications to support HP-UX 11.0 with tcb: it uses crypt()
	instead of bigcrypt() [the latter is used by HP-UX 10.x.

-------------------
What's new for version 3.15.6:

    A.  Trivial changes to the format of the -h and -H outputs.

    B.  Added "--disable-pam" configure option to disable PAM support,
	even if compile host has PAM.  Useful if the executable is
	going to be used on hosts that don't have the PAM shareable libraries.

-------------------
What's new for version 3.15.5:

    A.  Added Linux PAM support.
	To support PAM, there are new options (global or local):

	    auth=y|n                     (default=n; replaces password=y|n)

	    authtype=password|pam        (default=password)

	    authprompt="<some string>"

	If you want to use the same authentication method for all
	the commands that require user authentication, it's convenient to
	put authtype=xxx on a :global option line, and then you only
	need to add "auth=y" on the lines that require options.

    B.	The use of password=y|n is deprecated.
	To maintain backwards-compatibility, the following expressions
	are equivalent:

	    password=y   <-->    auth=y authtype=password

	    password=n   <-->    auth=n

-------------------
What's new for version 3.15.4:

    A.  **** BEHAVIOR CHANGE FOR ROOT ****  The rule for 'root' using super
	has been changed!  The new behavior is *usually* the same as the
	old behavior, but the new rules give you more control over
	root.

	New behavior: super acts as if the very first pattern to match
	is "root", and then applies its ordinary pattern-matching rules.
	The resul is a nice simplification & clarification of the rules:
	    root: default allow
	    others: default deny

-------------------
What's new for version 3.15.3:

    A.	Added support for shadow passwords in Digital Unix 4.x.

-------------------
What's new for version 3.15.2:

    A.	Fixed an error in printing a message when super is _not_ running
	setuid-root.  (Hence this is not a security fix.)

    B.  Added option authprompt="some string", to let you specify the 
	prompt for password.  Variable substitution is done on the
	message before printing.

    C.  Improved description of ORIG_USER, ORIG_LOGNAME, and ORIG_HOME,
	to emphasize that these values are constructed by super and
	hence safe to use.

    D.  Corrected processing so that a "die=message" option doesn't
	stop processing when in give-help mode.

    E.  Modified the processing of "die=message" so that the message
	is printed without any surrounding foo-fah-rah: just the super.tab
	message and nothing else.  Variable substitution is done on the
	message before printing.

-------------------
What's new for version 3.15:

    A.	Minor readability improvements.

    B.	Fix for HP-UX 11.0 with tcb enabled: the argument list of the
	(undocumented but essential) getpasswd() function has changed
	between 10.20 and 11.0.

-------------------
What's new for version 3.14.0:

                        *** NOTE ***
    Super has adopted the Linux version numbering convention. That is,  the
    odd-numbered minor versions are development versions, and even-numbered
    minor versions are stable releases (super uses version numbers in the
    format major.minor.patchlevel).  

    This is the stable culmination of the changes in the 3.13.x enhancements.
    The previous stable version was 3.12.2.
    The last version to have a known security problem was 3.12.0.

    In brief, the changes include the following (the version number tells
    when the capability was added; check that section for more info):

    A.	A new file, super.init, is now processed by super!   (3.13.6)

    B.	New command-line option, `-o file', for symlinks to
	per-user commands.   (3.13.6)

    C.	Allow 'loginname:', in addition to 'loginname:cmd'   (3.13.6)

    D.	Added CALLER and CALL_HOME builtin variables.  (3.13.10)

    E.	Added new builtin variables: HOST, SUPER_OWNER, SUPER_HOME.  (3.13.6)

    F.	Added new variable IS_USERTAB.  (3.13.7)

    G.	New super.tab option, checkvar=xxx, to require user to enter
    	variables.   (3.13.6)

    H.	New super.tab command, :getenv, to import environment
    	variables.   (3.13.6)

    I.	Added owner=xxx and group=yyy options to the :include
    	command.   (3.13.6)

    J.	Added new global command ":die" to force immediate exit.   (3.13.6)

    K.	Moved get_encrypted_passwd() before super drops privs.   (3.13.6)

    L.	Modifications to support HP-UX 10.20 running with tcb.  (3.13.6)
    
    M.	Patched a dumb bug -- didn't initialize -o flag to null ptr.  (3.13.9)

    N.	Patched dumb bug in the 3.13.6/3.13.7 code.  (3.13.8)

    O.	A variety of bugfixes.   (3.13.6)

-------------------
What's new for version 3.13.10:

    A.	Added two built-in variables that can be helpful super.tab files:
	$CALLER is the login name of the of account invoking super, and
	$CALLER_HOME is the home directory of $CALLER.  Sample use:


	    sam  /usr/sbin/sam  group~operator  uid=0 \
	    		env=DISPLAY \
	    		setenv=XAUTHORITY=$CALLER_HOME/.Xauthority

	Here, the "operator" group can execute 'sam' as root, and the GUI
	will display at the caller's display (due to env=DISPLAY).  Since
	the XAUTHORITY envvar is set to the caller's .Xauthority file, this
	will give the caller access to the same displays to which s/he already
	has access.

-------------------
What's new for version 3.13.9:

    A.	Patched another dumb bug -- didn't initialize -o flag to null ptr.

-------------------
What's new for version 3.13.8:

    A.	Patched dumb bug in the 3.13.6/3.13.7 code -- failed to check
	for null pointer.

-------------------
What's new for version 3.13.7:

    A.	Added new variable IS_USERTAB.  This has the value "yes" if
	super is processing a `user:cmd'-type command, and "no" otherwise.
	The allows the super.init to act differently depending on how it
	is being invoked.

-------------------
What's new for version 3.13.6:

    A.	A new file, super.init, is now processed by super!
	It is located in the same directory as super.tab, and must be owned
	by root and be world-readable.  If it doesn't exist, the usual
	processing of super.tab and per-user .supertab files is done.
	If super.init does exist, it is processed exactly as if each super.tab
	and per-user .supertab file began with:
	    :include /etc/super.init  owner=root
	(except that "/etc" is replaced with the super.tab directory.)
	This allows one to have a uniform configuration file applied
	to every super-executed command.  Note that the configuration file
	should _only_ contain entries that are appropriate for both
	root-executed super commands and per-user super commands.
	It is not a good idea to include commands in the super.init file;
	it should preferably contain only the builtin colon-commands
	(:global, :define, :if, :die, etc).

    B.	New command-line option, `-o file', for symlinks to per-user commands.
	The `-o file' makes it possible to create symlinks to per-user
	commands, analogous to the manner in which super interprets
	symlinks to itself.  For instance, if "xyz" is a symlink to the
	super command, then invoking "xyz" is a shorthand for "super xyz".
	Similarly, the `-o file' option can be used to make the following
	completely equivalent:

	    super joe:xyz [args]	(1)

	    xyz [args]			(2)

	For this method to work, "xyz" must be a symlink to the desired
	.supertab file (here, ~joe/.supertab), and the .supertab file must
	be made executable and begin with the line
		#! /usr/bin/super -o
	(Of course you should replace /usr/bin/super with the actual path to
	super.)  If the "#!" line would be longer than the typical Unix limit
	of 32 characters, you can instead start the .supertab file with:

	    #! /bin/sh
	    # Keep this backslash -> \
		exec /long/path/to/the/super/executable -o $0 ${1+"$@"}
	    ...

	(This takes advantage of the fact that super allows comments to
	be backslash-continued, but the shell doesn't.)

	This works as follows: if /path/to/xyz is a symlink to some
	user's .supertab file, and the .supertab file begins with
	"#! /path/to/super -o", then the shell will invoke super with
	arguments something like
	    super -o /path/to/xyz [args]
	Super checks that /path/to/xyz is a link to a real .supertab file,
	and then always turns the last part of the path (here "xyz") into
	the command to execute.
	** Security Warning ** Note that the caller is trusting that the
	.supertab file will actually begin `#! /path/to/super', and not
	be changed to contain something like `rm *"!  Of course, this
	doesn't apply to the non-symlink form, `super joe:xyz'.
	
    C.	Allow 'loginname:', in addition to 'loginname:cmd'
	A modification to the syntax for invoking per-user commands allows
	you to invoke help listings for the per-user files.  The original
	syntax was restricted to something like this:
	    super joe:xyz
	which executes command xyz from joe's .supertab file.

	The new rule is that if the "xyz" part can be missing:
	    super joe:
	or
	    super -H joe:
	gets command listings for joe's .supertab just as plain "super" or
	"super -H" gets command listings for the normal super.tab file.
	

    D.	New super.tab option, checkvar=xxx, to require user to enter variables.
	The checkvar=xxx option tells super to prompt the user to enter
	the value of one or more variables (here, the variable xxx).
	For example, you might have a command `super shutdown' which halts
	the computer.  If you execute this on the wrong host there may
	be some very annoyed users!  The super.tab option checkvar=HOST
	may be helpful here; it causes super to prompt

	    Super needs you to enter the HOST variable before proceeding.
	    Enter HOST (<Return> for reminder):

	If you press <Return> or the wrong value, super re-prompts with:

	    Enter HOST (expecting `myhost'):

	This allows you to ensure that the caller really knows the host on
	which the command is executing -- a useful thing if the command will
	shutdown the system!  Any super.tab variable can be used in this
	kind of check.  Note that the value isn't anything like a secret;
	it's simply intended to help avoid gross embarrassment (or worse)
	by discouraging errors.

    E.	New super.tab command, :getenv, to import environment variables.
	The :getenv command allows a super.tab file to import environment
	variables into super.tab variable definitions.  The environment
	variables are not allowed unless the definition is restricted to
	super's normal set of "safe" characters.  This provides two advantages:

	(a) it's a safe alternative to allowing users' environment variables
	    to be passed unchecked to programs, because you can do:

		:getenv VAR1 VAR2
		Cmd FullPath user~xyz  setenv=VAR1=$VAR1,VAR2=$VAR2

	    ...and the program will receive VAR1 and VAR2 only if they
	    have "safe" values, of reasonable length.

	(b) It allows interesting new constructs in super.tab files.

    F.	Added owner=xxx and group=yyy options to the :include command.
	The use is

		:include FileName [owner=xxx]  [group=yyy]

	This allows your per-user .supertab file to include files that
	are owned by some user xxx (owner=xxx) and/or are writable by group
	yyy (group=yyy).  This can be useful for a collection of accounts
	that are operated together as a single "project" -- a variety of
	accounts can share .supertab files from the trusted user xxx or
	group yyy.  Note: (1) The regular root-owned super.tab file can
	also use this construct, but it's not a good idea.  Don't do it.
	(2) Beware of the transitive nature of this trust: the file owned
	by xxx can in turn include a file owned by yet another user.

    G.	Added new builtin variables.
	The new variables are:
	i)  HOST, the unqualified form of HOSTNAME.  (Note that HOST and
	    HOSTNAME will be the same if the system doesn't use qualified
	    names for HOSTNAME.)
	ii) SUPER_OWNER, the owner of the top-level super.tab file.
	    This is root for the default super.tab file, or the owner
	    of the .supertab file in a per-user command.
	iii) SUPER_HOME, the home directory of $SUPER_OWNER.

    H.	Added new global command ":die" to force immediate exit.
	The use is
		:die message
	The purpose is to allow a super.tab file to force an exit without
	resorting to syntactically clumsy methods.  For example, you can
	use a line like this:

	    :if $HOST != myhost  :die "For use on myhost only; this is $HOST!"

	Without the :die command, one would have to write

	    :global patterns=shell
	    :if $HOST != myhost * /dev/null user~* die="For use on myhost only!"

	...which is unnecessarily hard to read and write.

    I.	A variety of bugfixes.
        These include: change to read password before super.tab uid=xxx
	causes uid to change to non-root; propagate -1 error return after
	canonicalize hostname failures; fixed generating of timestamp directory;
	fixed segfault occurring when printing wildcard commands w/o any "info".
	Patches from Rein Tollevik (Rein.Tollevik@si.sintef.no).

    J.	Moved get_encrypted_passwd() to happen before super drops privs.
	This allows per-super .supertab files to use password-checking
	(from Geoffrey A. Lowney, Geoffrey.A.Lowney@Boeing.com)

    K.	Modifications to handle HP-UX 10.20 running with tcb
	(Trusted Computing Base).  Patches based on code from Minh Tran
	<mtran@tnl.com.au>.
    
-------------------
What's new for version 3.13.0 .. 3.13.5:
    These versions were never formally released.

-------------------
What's new for version 3.12.2:

    A.	Fixed configure script for AIX.
	Problem reported by Klaus Wacker (wacker@Physik.Uni-Dortmund.DE).

    B.	Fixed error interpreting the argv0 option, and an error implementing
	it.  The argv0 option was being incorrectly interpreted as an
	invalid arg[MMM-]NNN option.
	Problem reported by Hadmut Danisch (hadmut@danisch.de).

    C.	Slightly improved help info.

    D.	Slightly improved man page.

    E.	Modifications to handle shadowed passwords properly on HP-UX 10.x
	and 11.x.

    F.	Modifications to handle shadowed passwords properly on Linux.
	Problem report and bugfix from Edgar Nielsen <edgar@netearnings.com>.

-------------------
What's new for version 3.12.1:

    A.	Yet another buffer-overrun fix.
    	Problem reported by root@sekure.org (http://www.sekure.org, aka
	the Brazilian Information Security Team).

	Super now has very strict option-checking, as follows:

	i) super now limits the length of each option passed to it (note that
	    this is not the same as limiting the length of arguments passed
	    to the commands invoked by super for the user);

	ii) super now limits the total length of all options passed to it
	    (again, this is separate from limiting the length of arguments
	    passed to commands invoked by super);

	iii) ensures that all its option characters are from a limited set.

	Items (i) and (ii) ensure that users can't pass execessively long
	strings.  Item (iii) is just insurance :-)

    B.  When super is running in debug mode, it won't execute any commands, but
	it will process user-supplied super.tab files.  This makes potential
	security holes, because it might be possible that nasty data can be 
	passed through a user-supplied super.tab file, just like there were
	buffer-overruns from command-line arguments.  Therefore, super will
	no longer remain as root when checking a user-supplied super.tab file.
	Instead, it reverts to the caller's real uid, and prints a large
	explanatory message like the following:

        ** Since you have supplied a super.tab file that isn't the default,
        ** and your real uid isn't root, we're going to change back to your
        ** real uid for this test.  That protects us against attacks via
        ** nasty constructions inside user-supplied super.tab files.
        ** Not that we don't trust you...

        ** Now using: ruid=545  euid=545 **

-------------------
What's new for version 3.12.0:

    A.	This is supposed to be a nice and stable release, reflecting mainly
	the accumulated set of changes across 3.11.  Those changes include
	not only patches but also enough new features that I changed the
	minor number to indicate that this now differs noticeably from 3.11.0.
	Changes from 3.11 include:
	i) the crucial buffer overrun patches;
	ii) various other bugfixes;
	iii) modifications to configure properly under more operating systems;
	iv) the following features, added since 3.11.0:
	    --disable-rsyslog	...compile time switch.
	    -U, -G, -M		...runtime switches for checking config files.
	    syslog_error	...runtime configuration option.
	    syslog_success	...runtime configuration option.
	    argv0		...runtime configuration option.

    B.	Fix for a typo when checking the argument to the -U flag.
	Problem and fix from Benoit Speckel (Benoit.Speckel@IReS.in2p3.fr).
    
    C.  Fix for insufficient setup when using the -U and -G options.
	Problem and fix from Gordon Lack (gml4410@ggr.co.uk).

-------------------
What's new for version 3.11.9:
    A.	Super was failing on per-user super commands (using the
	~/.supertab file) because it tried to change supplementary
	groups after dropping root privs.
	Problem & fix from Gordon Lack (gml4410@ggr.co.uk).

    B.	The new compile-time switch  --disable-rsyslog   turns off the
	use of the rsyslog() function, so that super only uses normal
	syslog().  rsyslog() has been improved to use gethostname()
	instead of "localhost" as a default.

    C.  Bugfix: additional, new envvar checking had a bug that led to
	segfaults, because it passed a nil ptr to strlen().
	Reported by swift@alum.mit.edu via the Debian bug-tracking system.

    D.  New global options syslog_error and syslog_success for customizing
	syslog() output levels.
	By default, if logging to syslog is enabled, super logs errors
	at LOG_ERR and successful executions at LOG_INFO.  The options
		syslog_error=xxx
		syslog_success=yyy
	set the error and success codes to xxx and yyy, respectively.
	Here, xxx and yyy are any of the usual syslog() priority and/or
	facility codes, e.g.
		syslog_error=LOG_ERR
		syslog_error=LOG_LOCAL2|LOG_ERR
		syslog_success="LOG_LOCAL7 | LOG_INFO"
	The LOG_xxx words can be separated by whitespace and/or "|".
	Super doesn't know what are sensible codes -- it's up to the
	super.tab writer to choose meaningful values.  For instance,
	if you used the following (please don't!)
		syslog_success="LOG_LOCAL1 | LOG_LOCAL7 | LOG_INFO | LOG_ERR"
	then you will get all those values or'd together and passed to syslog().

    E.  Fixes for compiling under FreeBSD.  The encryption buffer and salt
	buffer were extended to 256 bytes each -- plenty long under any
	current Unix, and hopefully for some time to come.
	From David O'Brien <obrien@NUXI.com>

    F.  Patches for various glitches, such as using %ld instead of %d,
	%ld% instead of %ld, etc.  From David O'Brien <obrien@NUXI.com>.

-------------------
What's new for version 3.11.8:
    A.	Fixed segfault that arose when handling certain combinations of
	globally- and locally-defined environment variables.
	Problem reported by Gordon Lack (gml4410@ggr.co.uk).

-------------------
What's new for version 3.11.7:
    A.	CRITICAL SECURITY FIXES: two separate buffer overruns allowed local
	root access.  All versions between 3.9.6 and 3.11.6, inclusive,
	are affected.  Buffer overrun #1 was reported by Gordon Lack
	(gml4410@ggr.co.uk); overrun #2 was reported by iss-xforce@iss.net.

    B.	Patches for BSD Net/2.  Contributed by David O'Brien <obrien@NUXI.com>.

    C.	Related to (B), the prototyping macro __P() has been replaced by P__(),
	so that it will be legitimate on all conforming standard C
	implementations.

    D.	Patches for Solaris 2.6.  (I have become convinced that Sun has an
	engineer whose job title is something like Engineer in Charge of
	Modifying Standard Include Files So As To Ensure That Configure
	Scripts Will Break With Each Successive Solaris Release.)

    E.	A few more minor modifications to the documentation (trying to make
	it easier to wade through).

    F.	Some fixes for the Makefile's install and clean rules,
	from Martin Schulze (joey@Infodrom.North.DE) and
	Dmitry A. Fedorov (D.A.Fedorov@inp.nsk.su).

    G.	Corrections to typo's in man pages, from Dmitry A. Fedorov
	(D.A.Fedorov@inp.nsk.su).

    H.	Fix for the special per-user .supertab files: super was failing
	to parse user:commands properly.  Fix from Terje Eggestad
	(Terje.Eggestad@novit.no).

    I.  Fixed super so that it won't create a core file -- this is useful
	on systems w/ shadow passwords, to ensure that the shadow file
	contents aren't put into a core file.

    J.	Added check for <sys/filio.h>.  This is needed for some versions of
	IRIX, which otherwise don't have FIOCLEX defined.

    K.	New local option argv0.
	By default, super sets the first argument passed to a command
	(ie argv[0]) to be the Cmd string, not the path to the command.
	Thus "super doit" will set argv[0] to "doit", regardless of to the
	path being invoked.  This will cause problems for programs that
	need a particular value of argv0.  You can work around this by
	placing such programs into wrapper scripts that are in turn called
	from super, or you can use the local option argv0 to set the
	value of argv[0]:
		argv0=DesiredNameHere
	As a special case, "<path>" means to use the fullpath by which super
	is invoking the command.

	For example,
		doit 	/Path/To/My/Prog  argv0=<path>
	will execute /Path/To/My/Prog with argv[0] set to "/Path/To/My/Prog".

-------------------
What's new for version 3.11.6:

    A.	SECURITY FIX: super -c or super -F xxx would check any file,
	e.g. /etc/shadow.  This is now fixed by using access(2) to
	verify that the original caller has the right to read the
	specified file.  Reported by Valentin Iliev <vale@aero.vmei.acad.bg>.

    B.	Bugfix: silly bugs in SAFE_PATH definition.

    C.	added -U, -G, and -M options to support additional testing
	(-U uid means to act as if caller is user uid; -G gid
	means to act as if caller is group gid; -M mach means to
	act as if hostname==mach.  Nothing is executed, but you can
	see what would have happened.)

    D.	Added various patches from Martin Schulze (joey@infodrom.north.de),
	including documentation changes, Linux shadow password support,
	better hostname canonicalization.

    E.	Bit more documentation.

-------------------
What's new for version 3.11.5:
    A.	Modified configure script, hsearch.c, localsys.h, and setuid.c
	so that super will auto-configure properly on AIX.

-------------------
What's new for version 3.11.4:
    A.	Fixed distribution: 3.11.3 didn't contain what it claimed.

-------------------
What's new for version 3.11.3:
    A.	Fixed configuration/compilation setup for Linux+glibc:
	- doesn't declare signal();
	- defines _BSD_SOURCE.

-------------------
What's new for version 3.11.2:
    A.	Better debug information.  Verbosity adjusted to make information 
	presentation a little better.

-------------------
What's new for version 3.11.1:
    A.	New global option "lang" / bugfix.
	The "lang" global option lets you set the language used for
	daynames in time expressions to any locale available on your host,
	e.g.
	    :global   lang=de
	would typically cause super to use German names.

	This was a bugfix: super purported to support localization,
	but (a) it followed a non-POSIX implementation, and
	    (b) it let the regular user specify the locale!

    B.	Bugfix: super wasn't reporting enough information to users
	about execution being denied or requested command not existing.

-------------------
What's new for version 3.11.0:
    A.	NOTE WELL:
	The default locations for the super.tab and timestamps files have
	CHANGED, so that installation would work more smoothly with
	Gnu configure scripts:
	    (a) super installs into the directory specified by
	    configure --exec-prefix; the default is $PREFIX/bin.
	    (b) super.tab installs into the directory specified by
	    configure --sysconfdir; the default is $PREFIX/etc.
	    (c) the timestamp directory is installed in the directory
	    specified by configure --localstatedir; the default is $PREFIX/var;
	    (c) the man pages are installed in subdirectories of
	    configure --mandir; the default is $PREFIX/man.
	For example, if you use
	    ./configure --prefix=/usr/local
	...then the super executable will be /usr/local/bin/super,
	the super.tab file will be /usr/local/etc/super.tab,
	the timestamp directory will be /usr/local/var/superstamps,
	and the man pages into /usr/local/man/...

    B.	New debug option:
	The option "-F path-to-superfile" is an extremely useful debug
	option.  It lets you specify the super.tab file.  For security,
	no command will ever be executed.  If used with a commandname,
	the matched command will be shown but not other debug info.
	It lets you test an entry for a super.tab file without actually
	installing the file:

		super  [-d | -D]  -F my_new_super.tab  some-command

    C.	New debug option:
	The option "-T timeofday" is another useful debug option.
	It tells super to act as if the time of execution is timeofday,
	where timeofday has the format  hh:mm/dayname (using the
	same daynames as are accepted in the super.tab file).
	For security, no command will ever be executed.
	This lets you test if a time condition is properly limiting
	execution of a command:
	    super  -d -F my_new_super.tab  -T hh:mm/day some-command


    D.	New builtin command:
	    :if  aaa op bbb rest-of-line
	provides limited conditional support.  Here, aaa and bbb are strings
	(can be variables), op is one of "==" (equals), "!=" (does not equal),
	"~" (glob matches), "!~" (does not glob-match), and the
	rest-of-line is evaluated if and only if the expression is true.
	Examples:
	    :if $UNAME_MACHINE ~ sun4*	:include MySunSpecificFile
	...includes MySunSpecificFile on Sun4-type machines only;

	    :if $UNAME_MACHINE ~ sun4*	\
		:if $UNAME_MACHINE != sun4c :include MySunSpecificFile
	...includes MySunSpecificFile on Sun4-type machines only, excluding
	Sun4c machines.

    E.	New builtin command:
	    :optinclude filename
	is like the :include command, except that if filename is missing,
	it's silently ignored.  If you use this, be SURE not to write
	later super.tab entries that depend on the presence of the file.

	(I do _not_ recommend using :optinclude, because you won't be
	informed if you make a sysadmin error, and delete one of the
	include files.)

    F.	New builtin variables:
	The following variables are automatically defined, so that you can
	use them in  :if  lines (or anywhere else, of course).  Examples:

	    :if $SI_ARCHITECTURE != alpha :include SomeFile

	    :include super.tab.$NIS_DOMAIN

	Items that are unavailable on your system are set to "".
	(Items may be unavailable because your system doesn't offer
	the required function, or because your system's function doesn't
	support all the specific items super tries to get.)

	(a) From gethostname() or sysinfo():
	    HOSTNAME		system's hostname.  Depending on super's
				configuration, the hostname returned by
	    			the function may be modified if super
				attempts to canonicalize the name.
				(Use  super -b  to print the names and
				values of all builtin variables.) 

	(b) From getdomainname():
	    NIS_DOMAIN		The domain set for NIS purposes; it is not
				necessarily an Internet domain.
				
	(c) From the sysinfo() function:
	    SI_SYSNAME		name of operating system
	    SI_HOSTNAME		name of node
	    SI_RELEASE		release of operating system
	    SI_VERSION		version field of utsname
	    SI_MACHINE		kind of machine
	    SI_ARCHITECTURE	instruction set arch
	    SI_HW_SERIAL	hardware serial number
	    SI_HW_PROVIDER	hardware manufacturer
	    SI_SRPC_DOMAIN	secure RPC domain

	(d) From the uname() function:
	    UNAME_SYSNAME	Operating system name.
	    UNAME_NODENAME	The nodename.
	    UNAME_RELEASE	Operating system release.
	    UNAME_VERSION	Operating system version.
	    UNAME_MACHINE	Machine hardware name (class).

    G.	New command-line option:
	The -b option prints out the builtin variables, then exits.
	This makes it easy to see what variable values to check for
	in :if lines:
	    % super -b
	    Builtin variables:
		    UNAME_SYSNAME:  SunOS
		    UNAME_VERSION:  2
		    ...

    H.	Added -I. to Makefile so that compilation would succeed under
	VPATH.

    I.	Added env=...  to be a global option as well as a local option.

    J.	Added maxenvlen=nnn to be a global or local option; gives the maximum
	allowed length of an envvar definition.
	Default=1000.  Negative=no limit.

    K.	Pretty-printing: improved the formatting under super -d and super -H.

    L.	Added option maxlen=[mmm,]nnn (local or global).  Arguments are
	restricted to be a maximum of mmm characters long individually
	(including trailing null), and nnn characters total.
	The default limits are 1000 and 10000, respectively.
	Values < 0 mean no limits; unlimited argument length can be
	configured using:
		:global  maxlen=-1,-1


    M.	Fixed missing initializations for some flags when super is invoked
	from a symlink.
	Reported by Jeff W. Stewart (jws@anaconda.cc.purdue.edu).

    N.	Fixed SAFE_PATH initialization.

	Reported by Lawrence Lowe (lsl@hep.ph.bham.ac.uk) and
	Gordon Lack (gml4410@ggr.co.uk).

    O.	Bugfix: if the nice increment was set to a negative value, and the
	program was to be run non-setuid-root, the nice increment was changed
	to be applied _before_ the setuid/setgid operations.  (Negative
	nice increments can't be except while running as root, of course.)

    P.	Bugfix: fixed envvar setting so that HOME, USER, and LOGNAME are set
	correctly when uid=NNN or u_g=NNN are numeric.  For example,
	uid=0 had caused the USER envvar to be "0".

    Q.	Bugfix: super -D core dumped.  Reason: super was passing an integer
	to a debug message, at a place where a string was expected.
	(Reported by swift@alum.mit.edu.)

    R.	Tried to make man pages, especially the super.1 page, more clear.

    S.	Changed the -h option to only give a usage listing.  Thus
	    super -h		...usage
	    super (no args)	...list available commands, tersely.
	    super -H		...list available commands, expansively.

-------------------
What's new for version 3.10.0b6:
    A.	Instead of closing descriptors >2 right away, the close-on-exec
	flag is instead used for machines with this feature.  For IRIX 5
	(and others?), this is a bugfix, not just a general improvement:
	Gordon Lack wrote ``Irix NIS seems to "cache" a UDP connexion
	on a file-descriptor, and super closes this before execing''.

	Bugfix/improvement courtesy of Gordon Lack (gml4410@ggr.co.uk).

-------------------
What's new for version 3.10.0:

    ** If you are familiar with super version <=3.7.2, but haven't used
    ** a more recent version, please read the changelist back through 3.8.0!
    ** There have been MANY enhancements since 3.7.2.

    A.	EASIER INSTALLATION: configuration is now handled by a configure
	script.  This reduces the number of items you have to hand-adjust
	from 20 to none at all (if you like the defaults).

    B.	SECURITY FIX:  Until version 3.9.7, super never did anything to
	change the supplementary groups list.  This is not a security problem
	if you are adding privileges (such as switching to root), but it
	is a potential problem if you are switching to a different user and/or
	a different group.

	Solution: this version of super adds the following new semantics:
	If you use u+g=foo, then the user is set to foo and the group is
	set to foo's login group (as in earlier versions), and the
	supplementary groups are set to foo's supplementary groups list
	(new feature).  Otherwise, the supplementary groups list is deleted.

	See also the new options groups=a,b,...  and addgroups=a,b,...

	The problem was reported and a workaround supplied by
	Morten Rolland (Morten.Rolland@si.sintef.no).

    C.	BUGFIX: Super had assumed that there would only be one ":global_option"
	line.  If there were multiple :global_option instances, and logfile=xxx
	was used before the last :global_option  instance, super would
	create multiple logging processes.  Worse, interactions with password
	checking could lead to super's running a command without getting
	the user's password (when password=y).

	The bug was reported by Richard Czech (Richard.Czech@gmd.de)

    D.	PER-USER SUPER.TAB FILES:
 
	Super now allows ordinary users to supply their own super.tab files.
	This lets users give well-controlled setuid/setgid access to their
	programs: the user who offers the program gets the assurance of
	safe IFS settings, safe environment variable settings, etc; and the
	user who executes the program knows that it will execute under
	the uid of the offering user.

	o   The user-supplied super file is .supertab, in the home directory
	    of the user, and must be owned and writable only by the owner.

	o   Joe user's supplied command "foo" is invoked by typing

		super joe:foo

	    Super will act as follows:

	    i.	immediately changes its uid, gid, and supplementary groups
		to be those of the owner of the super.tab file (joe);

	    ii.	close all descriptors except for stdin, stdout, and stderr;

	    iii. follow its usual rules for processing super.tab files,
		except that any options that require setuid() or setgid()
		will fail since super is running as an ordinary user.

    E.	EASIER LISTS: in the past, super permitted csh-style
	brace-expansion for valid-user patterns.  It has also allowed
	comma-separated lists for some options (e.g. fd=n1,n2,...).
	These forms have been synthesized into a single format: anywhere
	a list makes sense, either comma-separated or brace-expansion
	is permitted.  (The implementation is easy: the list is wrapped
	in braces, and then brace-expansion is done.)

    F.	NEW OPTION
		    groups=a,b,...          supplementary group list is a,b,c
		    groups=                 supplementary group list is empty

	causes super to set the supplementary groups to the named list,
	before exec'ing the command.

    G.	NEW OPTION
		    addgroups=a,b,...

	causes super to add the named groups to the supplementary set
	before exec'ing the command.  (Note: the supplementary set is
	intialized to be empty unless the option u+g=foo is used, so
	addgroups=a,b,... usually has the same affect as groups=a,b,...
	Alternatively,  groups=<caller> addgroups=a,b,...  will set the
	groups' to the caller's login groups, then add a,b,... to the list.)

    H.	NEW OPTION
		    cd=SomePath
	causes super to change directory to SomePath before executing
	the command.  This can be global or local; the local overrides
	the global setting.

    I.	NEW OPTION
		    rlog_host=hostname
	tells super which host's syslog daemon is to receive log messages
	when option syslog=y is enabled.  Default=localhost.

    J.  NEW OPTION
		    gethostbyname=y|n
	tells super to enable/disable hostname lookup using gethostbyname().
	Default: enabled (if you have gethostbyname()).

    K.	CHANGE TO NETGROUP HANDLING: hostnames beginning with ``+'' are
	_always_ treated as NIS netgroup names -- that is,  @+xyz  means
	that anyone at a host in netgroup xyz can execute the command.
	If your system doesn't have innetgr(), patterns beginning with ``+''
	will not ever match any hostname.  (Previously, interpreting
	``+'' as a special character was enabled as compile-time option.)

    L.  CHANGE TO GETHOSTBYNAME() USAGE: if you have gethostbyname(), it
	gets compiled in and will be enabled by default; use global option
	gethostbyname=n to disable.  (Previously, you had to define
	USE_GETHOSTBYNAME to compile it in, and there was no switch
	to turn it off.)

    M.	CHANGE TO SYSLOG() USAGE: we always compile the rsyslog() function
	from Jean-luc Szpyrka, so you can always send syslog output to either
	a remote or local host.  The new option rlog_host=xxxxx specifies
	the host that receives the messages; the default is "localhost" --
	i.e. same behavior as plain syslog().  (Previously, neither
	syslog() nor rsyslog() use was compiled in unless USE_SYSLOG
	was defined.)

    N.	SPECIAL NAMES: Two name have been added that you can use as an
	argument to any of the options owner=xxx, uid=xxx, gid=xxx,
	u+g=xxx, groups=xxx, addgroups=xxx, umask=xxx.
	These names are
		<owner>     means owner of the file to be executed
			    (or owner's group, whichever is appropriate
			    in the context);
		<caller>   means the owner or group of the user calling super.
	The angle brackets are literally part of the name.  (Exception:
	umask=<owner> makes no sense and isn't defined.)

	Example:
		 gid=Foo  uid=<caller>
	would change the group only, but leave the uid unchanged -- this is
	something you could not formerly do in super.

    O.  Updated man pages.

    P.  Security enhancement: the default umask is no longer inherited
	from the caller; instead it is set to 022.  However, you can
	set it to the caller's umask by using the option
		umask=<caller>

    Q.  Dead code elimination: a branch of code made a call to the
	unsafe (on some systems) function getlogin().  This branch of
	code was never invoked, and has now been completely eliminated.

-------------------
What's new for version 3.9.7:
    A.  Super 3.9.6 installed the "setuid" program as setuid-root.
	This is a severe security hole.
	Version 3.9.7 removes the setuid-root entry from the Makefile.

-------------------
What's new for version 3.9.6:

    A.  Important bugfix for version 3.9.  Super had its internal structure
	overhauled for version 3.9.  Unfortunately, one important error was
	introduced: the super.tab options
	    uid=xxx
	    group=xxx
	    u_g=xxx
	were not properly reset from one entry to the next.  This version
	fixes that error.

    B.  A new -c option: causes super to check the syntax of a super.tab
	file, but not actually execute anything.  Its use:

	    super -c [superfile]

	When you modify a super.tab file, you should use super -c to
	check the file's overall syntax, and also use   super -d cmd
	for each modified command cmd, to verify that the details of
	the invoked command (args, uid, gid, umask, etc) are what
	you wanted to do.

    C.  A new -f option: this is a "just the facts, ma'm" help mode:
	it prints lines like:
	    CmdPattern FullPath [leading args]
	    CmdPattern FullPath [leading args]
	    ...
	which allows scripts to make lists of commands the user may execute.

    D.  A new super.tab option has been added:
		print="msg"
	causes the message to be printed just before exec'ing the
	command.

    E.  Better man page information.

    F.  Replaced DIE=msg with die=msg.  (Retaining DIE=msg as obsolete form.)

-------------------
What's new for version 3.9.5:

    A.  Patches to 3.9 for Digital UNIX,
	from Stephen Carney (carney@gvc.dec.com).

-------------------
What's new for version 3.9.4:

    A.  Bugfix for yet another silly error if invoked via symlink in
	version 3.9.2.  Error pointed out and fixed by Rein Tollevik
	(Rein.Tollevik@si.sintef.no).

    B.  Syslog messages were always logged at priority SYSLOG_PRIORITY.
	Error found and fixed by Rein Tollevik (Rein.Tollevik@si.sintef.no).

    C.  If the preprocessor symbol SUNOS5 is defined, then the symbol SVR4
	is also defined (if not already done) in super.h.  One ifdef'd
	section of code was changed to look at SVR4 instead of SUNOS5;
	hopefully this will be an improvement for other SVR4-based systems.

-------------------
What's new for version 3.9.3:

    A.  Wrong processing if invoked without any arguments, or if invoked
	via symlink.  Error pointed out and initial fix by Gerry Singleton
	(Gerry.Singleton@Canada.Sun.COM).

-------------------
What's new for version 3.9.2:

    A.  Makefile entries and a few #includes needed for  TI SYS V 3.3,
	from Oyvind Gjerstad (ogj@it.tollpost.no).

-------------------
What's new for version 3.9.1:

    A.  Left some commas out of an #ifdef'd initialization array.
	Bugfix from Oyvind Gjerstad (ogj@it.tollpost.no).

    B.  Fixed: variable expansion happening inside comments, reported by
	Oyvind Gjerstad (ogj@it.tollpost.no).

-------------------
What's new for version 3.9.0:

    **  If you are familiar with super version <=3.7.2, make sure you **
    ** read the changes in 3.8.0!  There have been MANY enhancements **
    ** made since 3.7.2. **

    This version consolidates all of the changes done in beta tests
    of 3.8, and added enough new items that I had to change the version
    number to 3.9 (without pausing for a non-beta version of 3.8).
    The improvements have come thick and fast, but that will now stop
    and only corrections will be done to v3.9 for some time to come.

    The visible changes are:

    A.  The super.tab control line format has been generalized.
	The old syntax and semantics remain a valid subset -- old
	super.tab files will continue to work as expected.

	Super now takes the following approach to selecting a command to
	execute.  For each control line in the super.tab file,
	super requires that:

	1.  The user's typed command must match a control-line command;
	2.  The user's name/group/host must match one of the user/group/host
		entries;
	3.  The current time and day must match a time entry (if any are
		given);

	Otherwise, super "falls through" and tries the next control line.
	The user/group/host and  time entries are called _conditions_
	that must be matched.

	_Options_ on the control line are handled very differently from
	_conditions_.  After conditions are met and a line is nominally
	selected for execution, all options must be satisfied, or super
	quits without executing the command and without trying further
	control lines in the super.tab file.

	This distinction between conditions and options is easy to use
	in practice: basically, super searches for a line that matches
	a command, user and time of day.  When the line is found, super
	will execute the command if the options -- such as a required
	password or restrictions on command arguments -- are satisfied;
	otherwise, it stops.

	There are three important differences between conditions and options.

	1.  If conditions aren't matched, super will "fall through" and
		look at the next line.  In contrast, when options are
		checked, super will quit if the options aren't satisfied.

	2.  Conditions can be "negated", that is, !condition~pattern
		means that if the pattern is matched, the user is
		_rejected_ from using this line.  Options can't be negated.

	3.  Many similar conditions be applied, and the last-matching
		condition is used.  For example, the list of user-conditions

			:develop   !joeblow

		says that anybody in group "develop" can use the command,
		but then rejects joeblow, even if he is in the develop group.

		If an option can appear more than once on a line, all
		instances of the option must be satisfied, not just the
		last-matching instance.

	As part of the syntax generalization, user patterns may now begin
	with "user~":
			user~:develop	!user~joeblow

	Options and conditions can be interleaved.
 
    B.  time~pat  is a new condition that has to be met before the line
	is accepted for execution.  See next item for sample uses.
	All time patterns on a line must be matched or super will continue
	to the next control line.  For example,

		time~{8:00-12:00,13:00-17:00}	!time~{sat,sun}
	    or
		time~{8:00-12:00,13:00-17:00}/{mon,tue,wed,thu,fri}

	restricts a command to being used during typical office hours
	on weekdays.

    C.  DIE=msg   is a new option that can be used in a command line
	to force super to exit (and print msg) if the rest of the
	command line is successfully matched.  Here are a few examples
	that also illustrate use of the new :define command.

		:define RestrictedCommands ...
		:define weekdays {mon,tues,wed,thurs,fri}
		:define BadHours time~0-08:30/$weekdays \
				time~17:30-24:00/$weekdays \
				time~{sat,sun}

		$RestrictedCommands $BadHours \
		    DIE="You can't use this command outside of office hours."

	or

		:define RestrictedCommands ...
		:define officeHours {8:30-12:30,1:30-17:30}/{mo,tu,we,th,fr}

		$RestrictedCommands !time~$officeHours DIE="hahaha"

	Without the DIE option, super will try to execute the restricted
	commands during the restricted hours.


    D.  gethostbyname() is now called both with and without a trailing dot
	in the hostname.  If both forms succeed, the longer returned name
	is kept, except that any trailing dot is deleted.
	
    E.  nice=nnn changes the ``nice'' level of the executed command
	by an amount nnn from the default level.  (Positive increments
	reduce the command's priority; negative increments increase it.)

    F.  umask=nnn (local or global option) makes commands run with the
	specified umask.  Useful if you want to help ensure that files
	are created with restricted access permissions.

    G.	:include filename   allows a super.tab file to include other files.
	The filename must either be an absolute path or is interpreted
	relative to the directory containing the super.tab file, and the
	same restrictions are put on the file ownership and permissions
	as for the top-level super.tab file.  The number of nested includes
	is limited only by the number of allowed open files.
	Use with caution!

    H.	The new local option argMMM-NNN=SSS or argNNN=SSS (where MMM and
	NNN are positive integers, and SSS is a string) means that the
	MMM-NNN'th user-entered arguments must match pattern SSS.
	The pattern SSS must be enclosed in quotes if it contains
	whitespace.  Note that this doesn't _require_ MMM-NNN arguments;
	it only says what those arguments must look like, if entered.

    I.  Updated and corrected super.5 man page.

    J.  Fixed "mail" option.  It can be used as either a global or local
	option.

-------------------
What's new for version 3.8.0:

    (The first 5 items are substantive visible changes/enhancements!
    Please read them!)

    A.	The rule for processing backslash-newline-whitespace (indicating
	continued lines) IS MODIFIED.  THE NEW RULE IS:
	    - if it follows a letter, digit, or underscore, replace the
		sequence with a single space.
	    - otherwise, it is eliminated entirely.
	Therefore, you can type

		Cmd File	user1\
				user2\
				user3
	and it is equivalent to
		Cmd File	user1 user2 user3
	
	But typing
		Cmd File	{user1,\
				user2,\
				user3}
	is equivalent to
		Cmd File	{user1,user2,user3}

    B.	Variables are now supported!  You can type

		:define okusers		{joe,jane,tom,sally}

	The above could also have been written

		:define okusers		{joe,\
					jane,\
					tom,\
					sally}

	and then use

		Cmd	FullPath	$okusers

	with the obvious result.  (The variable name may be enclosed
	in parentheses to insulate it from the characters which follow.)
	Read the man page super.5 before proceeding to use variables!

    C.  New global option syntax:

		:global		globaloptions...
	    or
		:global_options	globaloptions...

	The old syntax:

		/  /  globaloptions

	is still supported, but its use is discouraged.

    D.  Multiple commands/filenames are now allowed on one line.  Now you
	can type

	    Cmd1::FullPath1 Cmd2::FullPath2 [...] ok-user-pats

	This can be useful for treating a group of commands as a unit:

	    :define Common_cmds Cmd1::FullPath1 \
				Cmd2::FullPath2 \
				Cmd3::FullPath3

	    :define okusers		{\
					:operators,\
					joe,jane,tom,sally}

	    $Common_cmds $okusers

    E.	In general, a colon in a Cmd part of a line is now reserved
	to super, and must not be used as part of the Cmd name.
	This has been done to support the :define and :global commands,
	the Cmd::File syntax, and provide space for future development.

    F.  The super.tab file can now be owned by root or nobody.
	This change is to support networked accounts.

    G.  Substantial modifications to hostname matching to improve
	handling of netgroups.
	(From Steve Robbins -- steve@cim.mcgill.ca)

    H.  Added Makefile entry Max + header #ifdef's for SGI v5.3
	(from Max Buchheit, buchheit@ccrs.emr.ca).

    I.  Fixed comparison between char and NULL.
	Added Makefile adjustments for Solaris 2.4 (SunOS 5.4).

    J.  Fixed an error related to an appended dot on hostnames.
	(from Geoffrey A. Lowney, Geoffrey.A.Lowney@Boeing.com)

    K.	If compiled with __STDC__ defined, prototypes are used.

    L.  Disabled "mail" global option.  Nobody was using it, and it wasn't
	implemented right anyway... maybe that's why nobody used it :-).

    M.  Disallowed relative pathnames unless global option relative_path
	is set.  This is to prevent admins from accidentally making a
	stupid error.

    N.  Disallowed slash in groupnames unless global option group_slash
	is set.  This lets us find formatting errors more easily -- namely,
	using Cmd:File instead of Cmd::File.

-------------------
What's new for version 3.7.4:
    A.	Added setenv=var=xxx	option.  This option defines environment
	variable var to have value xxx, and adds it to the environment
	variables that are kept when the command is executed.

	Can be used multiple times to add definitions for multiple variables.
	
	Note that "setenv=DISPLAY" is syntactically invalid (missing the
	`=' after the variable name), and that "setenv=DISPLAY="
	sets DISPLAY to the null string.
	
	(Recall that you can also use the option "env=var1,var2,..."
	to keep a list of user-defined environment variables.)

    B.	Improved error reporting.

-------------------
What's new for version 3.7.3:

    A.  *** NOTE WELL *** Changed processing of FullPathNames with quoted
	arguments: the quotes are now stripped (it was an error that they
	weren't).  For example, the super.tab entry

		doit    "/usr/bin/xxx  -o1 -o2 -xrm 'a b c'"   willie

	allows user willie to type

		super doit

	and to execute /usr/bin/xxx with arglist
		argv[0]: doit
		argv[1]: -o1
		argv[2]: -o2
		argv[3]: -xrm
		argv[4]: a b c

	Previous versions of super would pass argv[4] as 'a b c', including
	the single quotes.


    B.  Added #ifdef to define LOG_USER and LOG_ERR if they aren't
	defined in <syslog.h>.

    C.  When logging successful super uses, added #ifdef so that the
	message priority isn't set unless USE_SYSLOG is defined.

    D.  Added Makefile entry for Ultrix 4.3 (from Christoph Geelen,
	geelen@rzulx1.mpie-duesseldorf.mpg.de).

    E.  Added Makefile entry for UnixWare 2.0 (from Pete Holsberg,
	pjh@tecoma.mccc.edu).

    F.  Added Makefile entry and super.c patches for Digital UNIX V3.2
	(formerly DEC OSF/1); from Stephen Carney, carney@gvc.dec.com.

-------------------
What's new for version 3.7.2:

    A.  Added owner=xxx option so that super won't run a program
	unless it's owned by xxx.

-------------------
What's new for version 3.7.1:

    A.  Modified error msg for clarity.

    B.  If super.tab isn't owned by root, then:
	    + if real uid is root, bail out: don't run at all.
	    + if real uid isn't root, run as real uid (can be useful
		for testing).

-------------------
What's new for version 3.7.0:

    A.  Changed hostname comparisons to be case-insensitive.

	(From Steve Robbins -- steve@cim.mcgill.ca)

    B.  New capability: wildcard commands.

	In previous versions of super, entries in the super.tab file
	looked like:

		CmdName   FullPathName   PermittedUsers

	This is now supplanted by a new format, which is a superset
	of the previous one (note that all existing super.tab files
	remain valid):

		CmdPattern  FullPathName-with-optional-"*"  PermittedUsers

	There are two new features here:

	    1) The former CmdName string is now interpreted as a pattern
		(with csh-style brace expansion, so that it can
		actually stand for a variety of commands).

	    2) If there is an asterisk in FullPathName, it is replaced
		by the user's cmd.

	In the usual situation, in which CmdPattern is still just a plain
	name without wildcards, the user (a) types "super cmd";
	(b) the cmd is matched against CmdPattern;
	(c) the user checked to be a PermittedUser, etc;
	(d) FullPathName is then executed.  As long as CmdPattern is
	just made up of letters, digits, and underscore, and
	FullPathName has no asterisk, the effect will be exactly
	as super has always acted.
	
	If you put special pattern-matching characters into the CmdPattern,
	you simply give more ways a user can execute the same FullPathName.
	This isn't yet very exciting, and in fact isn't a good idea at
	all.  The power of using patterns in the CmdPattern string comes
	when FullPathName includes an asterisk.  In that case, the asterisk
	is replaced with the user's "cmd" string to form the actual
	command to exec.  For instance, a SysV-based host might have
	an entry in the super.tab file that looks like:

		/usr/bin/{lp,lpstat,disable,enable,cancel} * :operators

	This would allow anybody in the "operators" group to have root access
	to the line printer commands.  For instance, if the user typed:

		super /usr/bin/disable some_printer
	
	then the FullPathName == "*" would be replaced by /usr/bin/disable,
	and become the command to exec.

	More conveniently, the super.tab file could have a line like:

		{lp,lpstat,disable,enable,cancel} /usr/bin/* :operators

	In this case, the user can type

		super disable some_printer

	The asterisk is replaced by "disable" to form the command
	/usr/bin/disable.

	If you _completely_ trust some users, but want logging of all
	actions, you could use:

		/*	*	ReallyReallyTrustedUsers

	(if the global option patterns=shell has been set) or

		/.*	*	ReallyReallyTrustedUsers

	(the default case: patterns=regex).

	The user can now execute any command.  Note that the pattern
	begins with a slash, to ensure that the cmd must be an
	absolute path -- this helps avoid accidental execs of the
	wrong program.

	Of course, if you were really going to give everything away as shown
	above, you'd probably want to exclude any public-area workstations,
	require the trusted users to periodically give their passwords,
	and set the real uid=root (instead of just the effective uid),
	so the entry might be modified to read:
  
		/*  *  TrustedUsers !{PatternsOfPublicWorstations} \
		      password=y timeout=5 uid=0

	(if the global option patterns=shell has been set).

	(These changes were inspired by Aaron Schuman, schuman@sgi.com)

-------------------
What's new for version 3.6.1:

    A.  Added support for shadow passwords on HP-UX 9.x.

-------------------
What's new for version 3.6.0:

    A.  Changed super's logging to offer networked syslog messages:
	all syslog messages can be sent to a single host.

    B.  Provided bugfix with -V option (super could coredump otherwise).

	(These changes provided by Jean-luc Szpyrka, jls@sophia.inria.fr)

-------------------
What's new for version 3.5.2:

    A.  Bugfix: the full path of the executed command was inserted
	as argv[1] in the output arguments, when it didn't belong there
	at all.

    B.  Bugfix: log messages for _successful_ commands weren't
	being newline-terminated.

	(These bugs reported by Olof Backing, obg@nada.kth.se)

-------------------
What's new for version 3.5.1:

    A.  Added better copyright + licensing info.

    B.  Did some code cleanup (getting rid of unused variables, adding
	declaration of wait(), etc).

    C.  After logging a super call to the logfile, failed exec's might
	not be printed on the screen (although they were
	logged in the logfile).

-------------------
What's new for version 3.5:

    A.  Added pattern negation to super.tab:
	    !pat
	says to disallow a user who matches the pattern.
	Until now, you could only give permission to users that
	matched, not take it away.  Patterns are scanned left-to-right,
	and the allow/disallow depends on the last pattern that matches.
	This lets you do things like

	    cmd	/Full/Path	:goodguys   !jan

	to mean allow anybody in group goodguys, but then disallows
	user jan, even if jan is in goodguys.

    B.  Added user/group/host patterns to the global settings:

	    /	/	[global opts]	pat pat ... <> pat pat ...

	User/group/host patterns to the left of "<>" are processed
	_before_ the per-command patterns; user/group/host patterns
	to the right of "<>" are processed _after_ the per-command
	patterns.  If "<>" is missing, all patterns are processed after
	the user patterns.
	For example,

	    /	/		jan <> !@+badhosts

	says that user jan can execute any command (unless a per-command
	pattern explicitly disallows jan from executing a particular
	command), but under no circumstances will a user on any host in
	netgroup ``badhosts'' be allowed to execute any command.
	(Thus jan can execute any command, but only from hosts _not_
	in ``badhosts''.)

	(These changes were inspired by Jean-luc Szpyrka,
	jls@sophia.inria.fr .)

    C.  Added special handling of hostnames:  If a host is using
	DNS names, and the hostname isn't matched in the super.tab
	file, it's possible that the reason is simply that gethostname()
	returns a name with fewer or more components of the fully-qualified
	domain name (fqdn) than is in the hostname pattern in super.tab.
	For example, gethostname() might return "w.x.y.z", but the
	hostname pattern might be simply "w".  Until now, super wouldn't
	consider this a successful match.
	
	If you enable the new feature USE_GETHOSTBYNAME, then
	if the hostname doesn't match the pattern directly, super will
	determine the fqdn, and then compare ever-shorter parts against
	the pattern.  For instance, given the hostname "ab.cd.ef.gh",
	super will test "ab.cd.ef.gh", then "ab.cd.ef", then "ab.cd",
	and finally "ab".   Warning: using this option may reduce
	security a bit - your host may query a nameserver on another
	host to obtain the FQDN, and that nameserver could conceivably
	have been subverted and then return incorrect hostnames.

	(Idea from Dave Curry, davy@ecn.purdue.edu).


    D.  Fixed a bug in creating timestamp files.  Basically, unless
	the global option timestampuid=0 was set, one frequently got
	a message "Timestamp creation failed" and then couldn't
	run a command requiring a password.

	(Bug reported by Brian Huntley,
	bhuntley%tsegw.tse.com@spectre.uunet.ca)

    E.  Changed super's logging to include the arguments passed to
	the command.
	
	(Patch from Dave Curry, davy@ecn.purdue.edu).

    F.  An error in the str_val() function allowed some typos in
	option names to pass unnoticed.  Files with properly typed
	option names were not affected.

    G.  Modified some error messages that were not printing accurate
	information about why access was being denied.

    H.  Bugfix: comments in super.tab are supposed to only go up to
	newline, but instead they ran to the end of an input block.

    I.  Ported to SCO 3.2v4.

	(Changes from Keith Menard, menard@gateway.wtc.com)

    J.  Fixed error in processing backslashes in super.tab lines
	(backslash-newline was being processed correctly; others left
	super in an infinite loop).

    K.  Stripped down the strqtok function that splits input lines
	of text.


-------------------
What's new for version 3.4.9:

    A.  Added #ifdef's and Makefile entries for 
	    Clix 3.1 r.7.1.3 (Intergraph)
	contributed by David Sandmann (das@ipro15.aaa.com).

    B.  Added #ifdef'd code to implement scripts that start with
	"#! interpreter" on OS's which don't support it directly.

-------------------
What's new for version 3.4.8:

Minor bugfixes:

    A.  _Successful_ executions of commands were not being logged by
	syslog unless they were also being logged to a (non-syslog) file.

    B.  There were formatting errors and other minor mistakes in
	the super.5 man page.

    C.  Changed the example in README and the super.1 man page regarding
	how a program can super itself, so that it will work on all
	Bourne shell variations (the argument to "test" had to be
	protected against empty strings.)

-------------------
What's new for version 3.4.7:

    A.  Bugfix for patterns like
		    uuu:ggg  and   uuu:
	...valid user is denied access.  Bug report & fix came from
	Karen L Dickerson (kld@mudshark.sunquest.com).

-------------------
What's new for version 3.4.6:

    A.  Bugfix for sites that don't compile with USE_NETGROUP but
	do specify a hostname.  Bug reported by
	Adam P. Harris (apharris@mcs.com).

-------------------
What's new for version 3.4.5:

    A.  Improved parsing for arguments that super supplies to commands.
	Previously, only whitespace would separate arguments.  Version
	3.4.5 parses the FullPathName with recognition of embedded
	quotes and backslashes.

	For example, suppose the super.tab file contains a line like

	    cmd	"FullPath -a -b 2\ 3 -xrm 'r s t \
		    u v w' ..."	SuperOptions...	validusers...

	The "FullPath..." string (containing the arguments -a, -b, ...)
	...  is parsed using Bourne-shell-like rules for backslashes
	and quotes, and the line is parsed as
	    argv[0] FullPath
	    argv[1] -a
	    argv[2] -b
	    argv[3] 2 3
	    argv[4] -xrm
	    argv[5] r s t u v w

	(Use "super -d cmd" to check that your args are being parsed
	as expected before you unleash a new command on your users.)

-------------------
What's new for version 3.4.4:

    A.  The timestamp file of user@host.name.dom is now by default
	stored in
		TIMESTAMP_DIR/hostname/user
	with the old behavior (TIMESTAMP_DIR/user) being an option
	controlled with global option timestampbyhost=y|n.

	The timestampuid=xxx option has been added to allow timestamp
	files to be created under a particular uid.
	This allows for a cross-mounted timestamp directory on hosts
	that map NFS root accesses to nobody, but still keeps the
	password entries distinct on different hosts.

    B.  TIMESTAMP_DIR is now documented in the Makefile, so that it
	is easily configured at compile time.

-------------------
What's new for version 3.4.3:

    A.  Option -H has been added to give the long-winded help information
	that has been the only thing printed until now.

	The -h option now prints a short help listing:

	    Command     Comments
	    -------     --------
	    cmd1        help info for cmd1
	    cmd2        help info for cmd2
	    ...

-------------------
What's new for version 3.4.2:

    A.  If "xyz" is a symlink to super, then
	    % xyz args...
	is treated by super just like
	    % super xyz args...

	Super detects such symlinks by the rule that argv[0] must
	match "*/super" or "super"; otherwise, it's assumed to be
	a symlink.  Therefore, a symlink named "super" won't work --
	super won't recognize it's being invoked via symlink.

-------------------
What's new for version 3.4.1:

    A.  When printing debug info, there was misformatted output
	of any extra file descriptors being held open.  (The
	problem only occurred in 3.4.0, not earlier versions.)

-------------------
What's new for version 3.4:

    A.  Added nargs=[mmm-]nnn to limit user-entered args.

-------------------
What's new for version 3.3.2:

    A.  Allow "@hostname", without any user or groupname part.

-------------------
What's new for version 3.3.1:

    A.  Fixed SunOS 5.x to use "getspnam()" when looking up passwords.

-------------------
What's new for version 3.3:

    A.  Added mail="....." global option.

    B.  Fixed goofy error in parsing password=n.
    
    C.  Added syslog=y|n option.

-------------------
What's new for version 3.2:
    A.  Added options password=y|n, timeout=n, renewtime=y|n to require
	passwords on specific commands (or all commands).

    B.  A bugfix:  if the super.tab file tried to pass options to the
	executable command, the exec would fail.

-------------------
What's new for version 3.1:
    A.  Added global option loguid=xxx to allow the logfile to be opened
	under a uid other than root.  This allows the logfile to be
	shared across a network over which root doesn't have write access.

-------------------
What's new for version 3.0:

    A.  Command logging -- you can specify a file to receive a log
	of super uses and attempts.

    B.  More environment variables -- for each entry, the super.tab file
	can specify environment variables that should be passed to
	the command instead of discarded.  You simply add entries like
	    env=TZ,TAPE
	to the super.tab file, to keep TZ and TAPE in addition to
	the default list.  Of course one has to use this with
	caution.

    C.  Set uid/gid -- for each entry, the super.tab file can specify
	the uid and/or gid (the default is to only change the effective
	uid to root).  To use this, you add entries like
	    uid=xxx   gid=yyy
	to the super.tab file, or  u+g=xxx  to set the uid
	to xxx and the gid to xxx's login gid.
	
	As a supplement to the setuid/setgid ability, super defines
	some extra environment variables so that the invoked command
	can know the username and home directory of the user who
	invoked the command, as well as that of the uid under which
	the command is executing.

    D.  Open file descriptors -- for each entry, the super.tab file
	can specify a list of file descriptors that should not be
	closed (in addition to the default 0,1,2).

    E.  Initial arguments -- for each entry, the super.tab file can
	specify a set of initial arguments that are put into argv[]
	ahead of the arguments the user typed on the command line.

    F.  super -h now only prints the commands that may be executed by the
	user; and the super.tab file can specify a line of explanatory
	text to be printed with each command.

    G.  A bugfix: The TERM environment variable can now contain "-+_.:/"
	in addition to [a-zA-Z0-9].

    H.  The super.tab file can be configured with either Bourne-shell style
	or regex (ed-style) valid-user patterns; the default is regex.

-------------------
What's new for version 2.0:
    A.  A couple of bugfixes.  (These fixes were first introduced
	in version 1.2.)

    B.  You can restrict commands to particular users on particular
	hosts.  This allows one "super.tab" file to serve many hosts.

    C.  Entries in "super.tab" can now span multiple lines.  Helpful
	when one file serves many users + hosts.

    D.  csh-style brace-expansion:  super's pattern-matching previously
	was done with the BSD 4.x regex routines.  This is now extended
	allow csh-style braces.  For instance, to allow users
	pam and sammy, executing from hosts alpha and beta, you can
	use an entry like {pam,sammy}@{alpha,beta}