Merge sudo 1.9.11 from tip.

--HG--
branch : 1.9

Author: millert

.gitignore

@@ -72,6 +72,7 @@ lib/util/regress/harness
 logsrvd/sudo_logsrvd
 logsrvd/sudo_sendlog
 logsrvd/fuzz_[a-z]*
+logsrvd/logsrvd_conf_test
 
 plugins/sudoers/cvtsudoers
 plugins/sudoers/sudoers

.hgignore

@@ -46,7 +46,7 @@ Makefile$
 ^lib/eventlog/check_wrap$
 ^lib/eventlog/regress/logwrap/check_wrap.out$
 
-^lib/iolog/check_iolog_(json|mkpath|path|timing)$
+^lib/iolog/check_iolog_(json|filter|mkpath|path|timing)$
 ^lib/iolog/fuzz_iolog_(json|legacy|timing)$
 ^lib/iolog/host_port_test$
 
@@ -65,6 +65,7 @@ Makefile$
 
 ^logsrvd/sudo_(logsrvd|sendlog)$
 ^logsrvd/fuzz_logsrvd_conf$
+^logsrvd/logsrvd_conf_test$
 
 ^plugins/sudoers/(cvtsudoers|sudoers|sudoreplay|testsudoers|tsdump|visudo|prologue|check_[a-z0-9_]+)$
 ^plugins/sudoers/fuzz_(policy|sudoers(_ldif)?)$

ABOUT-NLS

@@ -220,8 +220,9 @@ Defaults are listed in brackets after the description.
     --disable-hardening
         Disable the use of compiler/linker exploit mitigation options
         which are enabled by default.  This includes compiling with
-        _FORTIFY_SOURCE defined to 2, building with -fstack-protector
-        and linking with -zrelro, where supported.
+        _FORTIFY_SOURCE defined to 2, building with -fstack-protector,
+        -fstack-clash-protection, -fcf-protection and linking with
+        -zrelro, -znow, and -znoexecstack where supported.
 
     --disable-ssp
         Disable use of the -fstack-protector compiler option.
@@ -374,6 +375,10 @@ Defaults are listed in brackets after the description.
         ldap_sasl_interactive_bind_s() function is present in the
         LDAP libraries.
 
+    --with-apparmor
+        Enable support for the AppArmor Linux Security Module (LSM) on
+        supported systems.
+
     --with-logincap
         This adds support for login classes specified in `/etc/login.conf`.
         It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD, and

INSTALL.md

@@ -1,4 +1,3 @@
-ABOUT-NLS
 ChangeLog
 INSTALL.configure
 INSTALL.md
@@ -401,6 +400,15 @@ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6
 logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7
 logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
 logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict
+logsrvd/regress/logsrvd_conf/cacert.pem
+logsrvd/regress/logsrvd_conf/logsrvd_cert.pem
+logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c
+logsrvd/regress/logsrvd_conf/logsrvd_dhparams.pem
+logsrvd/regress/logsrvd_conf/logsrvd_key.pem
+logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in
+logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in
+logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.1.in
+logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.2.in
 logsrvd/sendlog.c
 logsrvd/sendlog.h
 logsrvd/tls_client.c
@@ -1128,6 +1136,8 @@ po/it.mo
 po/it.po
 po/ja.mo
 po/ja.po
+po/ka.mo
+po/ka.po
 po/ko.mo
 po/ko.po
 po/nb.mo
@@ -1177,16 +1187,20 @@ scripts/mkpkg
 scripts/pp
 scripts/unanon
 src/Makefile.in
+src/apparmor.c
 src/conversation.c
 src/copy_file.c
 src/edit_open.c
 src/env_hooks.c
 src/exec.c
 src/exec_common.c
 src/exec_intercept.c
+src/exec_intercept.h
 src/exec_monitor.c
 src/exec_nopty.c
 src/exec_preload.c
+src/exec_ptrace.c
+src/exec_ptrace.h
 src/exec_pty.c
 src/get_pty.c
 src/hooks.c
@@ -1200,6 +1214,7 @@ src/openbsd.c
 src/parse_args.c
 src/preload.c
 src/preserve_fds.c
+src/regress/intercept/test_ptrace.c
 src/regress/net_ifs/check_net_ifs.c
 src/regress/noexec/check_noexec.c
 src/regress/ttyname/check_ttyname.c
@@ -1217,6 +1232,7 @@ src/sudo_intercept_common.c
 src/sudo_noexec.c
 src/sudo_plugin_int.h
 src/sudo_usage.h.in
+src/suspend_nopty.c
 src/tcsetpgrp_nobg.c
 src/tgetpass.c
 src/ttyname.c

MANIFEST

@@ -1,3 +1,76 @@
+What's new in Sudo 1.9.11
+
+ * Fixed a crash in the Python module with Python 3.9.10 on some
+   systems.  Additionally, "make check" now passes for Python 3.9.10.
+
+ * Error messages sent via email now include more details, including
+   the file name and the line number and column of the error.
+   Multiple errors are sent in a single message.  Previously, only
+   the first error was included.
+
+ * Fixed logging of parse errors in JSON format.  Previously,
+   the JSON logger would not write entries unless the command and
+   runuser were set.  These may not be known at the time a parse
+   error is encountered.
+
+ * Fixed a potential crash parsing sudoers lines larger than twice
+   the value of LINE_MAX on systems that lack the getdelim() function.
+
+ * The tests run by "make check" now unset the LANGUAGE environment
+   variable.  Otherwise, localization strings will not match if
+   LANGUAGE is set to a non-English locale.  Bug #1025.
+
+ * The "starttime" test now passed when run under Debian faketime.
+   Bug #1026.
+
+ * The Kerberos authentication module now honors the custom password
+   prompt if one has been specified.
+
+ * The embedded copy of zlib has been updated to version 1.2.12.
+
+ * Updated the version of libtool used by sudo to version 2.4.7.
+
+ * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
+   in the header files (currently only GNU libc).  This is required
+   to allow the use of 64-bit time values on some 32-bit systems.
+
+ * Sudo's "intercept" and "log_subcmds" options no longer force the
+   command to run in its own pseudo-terminal.  It is now also
+   possible to intercept the system(3) function.
+
+ * Fixed a bug in sudo_logsrvd when run in store-first relay mode
+   where the commit point messages sent by the server were incorrect
+   if the command was suspended or received a window size change
+   event.
+
+ * Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
+   configuration setting was used.
+
+ * The "intercept" and "log_subcmds" functionality can now use
+   ptrace(2) on Linux systems that support seccomp(2) filtering.
+   This has the advantage of working for both static and dynamic
+   binaries and can work with sudo's SELinux RBAC mode.  The following
+   architectures are currently supported: i386, x86_64, aarch64,
+   arm, mips (log_subcmds only), powerpc, riscv, and s390x.  The
+   default is to use ptrace(2) where possible; the new "intercept_type"
+   sudoers setting can be used to explicitly set the type.
+
+ * New Georgian translation from translationproject.org.
+
+ * Fixed creating packages on CentOS Stream.
+
+ * Fixed a bug in the intercept and log_subcmds support where
+   the execve(2) wrapper was using the current environment instead
+   of the passed environment pointer.  Bug #1030.
+
+ * Added AppArmor integration for Linux.  A sudoers rule can now
+   specify an APPARMOR_PROFILE option to run a command confined by
+   the named AppArmor profile.
+
+ * Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
+   Non-paths were being treated as paths and an actual path was
+   treated as an error.
+
 What's new in Sudo 1.9.10
 
  * Added new "log_passwords" and "passprompt_regex" sudoers options.

NEWS

@@ -51,6 +51,9 @@
 /* Define to 1 if you use AIX general authentication. */
 #undef HAVE_AIXAUTH
 
+/* Define to 1 to enable AppArmor support. */
+#undef HAVE_APPARMOR
+
 /* Define to 1 if you have the `arc4random' function. */
 #undef HAVE_ARC4RANDOM
 
@@ -1386,6 +1389,9 @@
 /* Define for large files, on AIX-style hosts. */
 #undef _LARGE_FILES
 
+/* Number of bits in a time_t, on hosts where this is settable. */
+#undef _TIME_BITS
+
 /* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not
    __func__ */
 #undef __func__