Merge sudo 1.9.7 from tip

--HG--
branch : 1.9

INSTALL

@@ -149,6 +149,12 @@ Directory and file names:
 	    /var/db/sudo, /var/lib/sudo, /var/adm/sudo, /usr/adm/sudo
 	This directory should *not* be cleared when the system boots.
 
+  --with-relaydir=DIR
+	The directory to be used for sudo_logsrvd relay temporary files.
+	When sudo_logsrvd is configured as a store-and-forward relay,
+	the journaled data is written to this directory before it is
+	forwarded to a relay server.
+
   --with-tzdir=DIR
         The directory to the system's time zone data files.  This
         is only used when sanitizing the TZ environment variable
@@ -180,9 +186,14 @@ Compilation options:
 	Enable building sudo with the LLVM libFuzzer, see
 	https://www.llvm.org/docs/LibFuzzer.html for details.
 	The resulting binaries, beginning with "fuzz_" can be used
-	to test sudo.  This option is generally used in conjunction
-	with --enable-sanitizer.  This option requires the clang
-	C compiler--it is not supported by gcc.
+	to test sudo.  To run all the fuzzers for 8192 iterations,
+	"make fuzz" can be used.  This option is generally used in
+	conjunction with --enable-sanitizer.
+
+	Fuzzing currently requires the clang C compiler--it is not
+	supported by gcc.  For best results, it is suggested to use
+	clang 11 or higher.  Some of the fuzzers are known to hang
+	when used with earlier versions.
 
 	This option should only be used for testing and not in a
 	production environment.
@@ -593,18 +604,22 @@ Authentication options:
         is not supported by all Kerberos V and SASL combinations.
 
   --enable-gcrypt[=DIR]
-        Use GNU crypt's SHA-2 message digest functions instead of the
-        ones bundled with sudo (or in the system's C library).
-        If specified, DIR should contain the GNU crypt include and
-        lib directories.  This option is ignored when the
-        --enable-openssl option is also specified.
+        Use GNU crypt's SHA-2 message digest functions instead of
+        OpenSSL or the ones bundled with sudo (or in the system's
+        C library).  If specified, DIR should contain the GNU crypt
+        include and lib directories.  This option only has an effect
+        when OpenSSL 1.0.1 or higher is not present on the system
+        or the --disable-openssl option is also specified.
 
   --enable-openssl[=DIR]
-        Use OpenSSL's TLS and SHA-2 message digest functions.
-        By default, sudo does not support TLS and will use either its
-        own SHA-2 functions or the ones in the system's C library.
-        If specified, DIR should contain the OpenSSL include and
-        lib directories.
+        Use OpenSSL's TLS and SHA-2 message digest functions.  If
+        it is detected, OpenSSL will be used by default unless the
+        sudo log client and server are disabled via the
+        --disable-log-client and --disable-log-server options.  To
+        explicitly disable the use of OpenSSL, the --disable-openssl
+        option can be used.  OpenSSL versions prior to 1.0.1 will
+        not be used as they do not support TLS 1.2.  If specified,
+        DIR should contain the OpenSSL include and lib directories.
 
 Development options:
   --enable-env-debug
@@ -624,9 +639,6 @@ Development options:
 	and set up the Makefile to be able to regenerate the sudoers parser
 	as well as the manual pages.
 
-  --with-efence
-	Link with the "electric fence" debugging malloc.
-
 Options that set runtime-changeable default values:
   --disable-authentication
 	By default, sudo requires the user to authenticate via a

MANIFEST

@@ -9,9 +9,7 @@ README
 README.LDAP
 aclocal.m4
 autogen.sh
-config.guess
 config.h.in
-config.sub
 configure
 configure.ac
 doc/CONTRIBUTORS
@@ -101,7 +99,6 @@ include/sudo_plugin.h
 include/sudo_queue.h
 include/sudo_rand.h
 include/sudo_util.h
-install-sh
 lib/eventlog/Makefile.in
 lib/eventlog/eventlog.c
 lib/eventlog/eventlog_conf.c
@@ -137,24 +134,24 @@ lib/iolog/iolog_swapids.c
 lib/iolog/iolog_timing.c
 lib/iolog/iolog_util.c
 lib/iolog/iolog_write.c
-lib/iolog/regress/corpus/log_json/id.json
-lib/iolog/regress/corpus/log_json/ls.json
-lib/iolog/regress/corpus/log_json/mailq.json
-lib/iolog/regress/corpus/log_json/make.json
-lib/iolog/regress/corpus/log_json/pkg_add.json
-lib/iolog/regress/corpus/log_json/pkg_delete.json
-lib/iolog/regress/corpus/log_json/printenv.json
-lib/iolog/regress/corpus/log_legacy/id.log
-lib/iolog/regress/corpus/log_legacy/ls.log
-lib/iolog/regress/corpus/log_legacy/mailq.log
-lib/iolog/regress/corpus/log_legacy/make.log
-lib/iolog/regress/corpus/log_legacy/pkg_add.log
-lib/iolog/regress/corpus/log_legacy/pkg_delete.log
-lib/iolog/regress/corpus/log_legacy/printenv.log
-lib/iolog/regress/corpus/timing/timing.1
-lib/iolog/regress/corpus/timing/timing.2
-lib/iolog/regress/corpus/timing/timing.3
-lib/iolog/regress/corpus/timing/timing.4
+lib/iolog/regress/corpus/seed/log_json/id.json
+lib/iolog/regress/corpus/seed/log_json/ls.json
+lib/iolog/regress/corpus/seed/log_json/mailq.json
+lib/iolog/regress/corpus/seed/log_json/make.json
+lib/iolog/regress/corpus/seed/log_json/pkg_add.json
+lib/iolog/regress/corpus/seed/log_json/pkg_delete.json
+lib/iolog/regress/corpus/seed/log_json/printenv.json
+lib/iolog/regress/corpus/seed/log_legacy/id.log
+lib/iolog/regress/corpus/seed/log_legacy/ls.log
+lib/iolog/regress/corpus/seed/log_legacy/mailq.log
+lib/iolog/regress/corpus/seed/log_legacy/make.log
+lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log
+lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log
+lib/iolog/regress/corpus/seed/log_legacy/printenv.log
+lib/iolog/regress/corpus/seed/timing/timing.1
+lib/iolog/regress/corpus/seed/timing/timing.2
+lib/iolog/regress/corpus/seed/timing/timing.3
+lib/iolog/regress/corpus/seed/timing/timing.4
 lib/iolog/regress/fuzz/fuzz_iolog_json.c
 lib/iolog/regress/fuzz/fuzz_iolog_json.dict
 lib/iolog/regress/fuzz/fuzz_iolog_legacy.c
@@ -230,10 +227,11 @@ lib/util/pread.c
 lib/util/progname.c
 lib/util/pw_dup.c
 lib/util/pwrite.c
+lib/util/rcstr.c
 lib/util/reallocarray.c
-lib/util/regress/corpus/sudo_conf/sudo.conf.1
-lib/util/regress/corpus/sudo_conf/sudo.conf.2
-lib/util/regress/corpus/sudo_conf/sudo.conf.3
+lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1
+lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2
+lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3
 lib/util/regress/fnmatch/fnm_test.c
 lib/util/regress/fnmatch/fnm_test.in
 lib/util/regress/fuzz/fuzz_sudo_conf.c
@@ -351,16 +349,23 @@ logsrvd/logsrv_util.h
 logsrvd/logsrvd.c
 logsrvd/logsrvd.h
 logsrvd/logsrvd_conf.c
-logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1
-logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2
-logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3
-logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4
-logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5
-logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6
+logsrvd/logsrvd_journal.c
+logsrvd/logsrvd_local.c
+logsrvd/logsrvd_queue.c
+logsrvd/logsrvd_relay.c
+logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1
+logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2
+logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3
+logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4
+logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5
+logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6
 logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
+logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict
 logsrvd/sendlog.c
 logsrvd/sendlog.h
-ltmain.sh
+logsrvd/tls_client.c
+logsrvd/tls_common.h
+logsrvd/tls_init.c
 m4/ax_append_flag.m4
 m4/ax_check_compile_flag.m4
 m4/ax_check_link_flag.m4
@@ -371,6 +376,8 @@ m4/ltoptions.m4
 m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
+m4/python.m4
+m4/runlog.m4
 m4/sudo.m4
 pathnames.h.in
 plugins/audit_json/Makefile.in
@@ -389,6 +396,7 @@ plugins/python/example_debugging.py
 plugins/python/example_group_plugin.py
 plugins/python/example_io_plugin.py
 plugins/python/example_policy_plugin.py
+plugins/python/lsan_suppr.txt
 plugins/python/pyhelpers.c
 plugins/python/pyhelpers.h
 plugins/python/pyhelpers_cpychecker.h
@@ -656,15 +664,14 @@ plugins/sudoers/prompt.c
 plugins/sudoers/pwutil.c
 plugins/sudoers/pwutil.h
 plugins/sudoers/pwutil_impl.c
-plugins/sudoers/rcstr.c
 plugins/sudoers/redblack.c
 plugins/sudoers/redblack.h
 plugins/sudoers/regress/check_symbols/check_symbols.c
-plugins/sudoers/regress/corpus/policy/policy.1
-plugins/sudoers/regress/corpus/policy/policy.2
-plugins/sudoers/regress/corpus/policy/policy.3
-plugins/sudoers/regress/corpus/policy/policy.4
-plugins/sudoers/regress/corpus/policy/policy.5
+plugins/sudoers/regress/corpus/seed/policy/policy.1
+plugins/sudoers/regress/corpus/seed/policy/policy.2
+plugins/sudoers/regress/corpus/seed/policy/policy.3
+plugins/sudoers/regress/corpus/seed/policy/policy.4
+plugins/sudoers/regress/corpus/seed/policy/policy.5
 plugins/sudoers/regress/cvtsudoers/sudoers
 plugins/sudoers/regress/cvtsudoers/sudoers.defs
 plugins/sudoers/regress/cvtsudoers/test1.out.ok
@@ -738,6 +745,7 @@ plugins/sudoers/regress/cvtsudoers/test8.out.ok
 plugins/sudoers/regress/cvtsudoers/test8.sh
 plugins/sudoers/regress/cvtsudoers/test9.out.ok
 plugins/sudoers/regress/cvtsudoers/test9.sh
+plugins/sudoers/regress/editor/check_editor.c
 plugins/sudoers/regress/env_match/check_env_pattern.c
 plugins/sudoers/regress/env_match/data
 plugins/sudoers/regress/exptilde/check_exptilde.c
@@ -991,6 +999,7 @@ plugins/sudoers/sudoers_hooks.c
 plugins/sudoers/sudoers_version.h
 plugins/sudoers/sudoreplay.c
 plugins/sudoers/testsudoers.c
+plugins/sudoers/testsudoers_pwutil.c
 plugins/sudoers/timeout.c
 plugins/sudoers/timestamp.c
 plugins/sudoers/timestr.c
@@ -1075,8 +1084,12 @@ po/zh_CN.mo
 po/zh_CN.po
 po/zh_TW.mo
 po/zh_TW.po
+scripts/config.guess
+scripts/config.sub
 scripts/generate_test_coverage.sh
+scripts/install-sh
 scripts/log2cl.pl
+scripts/ltmain.sh
 scripts/mkdep.pl
 scripts/mkinstalldirs
 scripts/mkpkg
@@ -1101,6 +1114,7 @@ src/openbsd.c
 src/parse_args.c
 src/preload.c
 src/preserve_fds.c
+src/regress/net_ifs/check_net_ifs.c
 src/regress/noexec/check_noexec.c
 src/regress/ttyname/check_ttyname.c
 src/selinux.c

Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2010-2015, 2017-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2010-2015, 2017-2021 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -72,7 +72,7 @@ SHELL = @SHELL@
 
 SED = @SED@
 
-INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
+INSTALL = $(SHELL) $(scriptdir)/install-sh -c
 INSTALL_OWNER = -o $(install_uid) -g $(install_gid)
 
 ECHO_N = @ECHO_N@
@@ -110,7 +110,7 @@ all: config.status
 	    exit $$?; \
 	done
 
-fuzz check pre-install: config.status
+check check-fuzzer fuzz pre-install: config.status
 	for d in $(SUBDIRS); do \
 	    (cd $$d && exec $(MAKE) $@) && continue; \
 	    exit $$?; \

NEWS

@@ -1,3 +1,85 @@
+What's new in Sudo 1.9.7
+
+ * The "fuzz" Makefile target now runs all the fuzzers for 8192
+   passes (can be overridden via the FUZZ_RUNS variable).  This makes
+   it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
+   set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
+
+ * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
+   error by default when a symbol is multiply-defined.
+
+ * Added support for determining local IPv6 addresses on systems
+   that lack the getifaddrs() function.  This now works on AIX,
+   HP-UX and Solaris (at least).  Bug #969.
+
+ * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
+   report a usage error.  Also, when invoked as sudoedit, sudo now
+   allows a more restricted set of options that matches the usage
+   statement and documentation.  GitHub issue #95.
+
+ * Fixed a crash in sudo_sendlog when the specified certificate
+   or key does not exist or is invalid.  Bug #970
+
+ * Fixed a compilation error when sudo is configured with the
+   --disable-log-client option.
+
+ * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
+   is now documented.  Bug #971.
+
+ * Sudo now requires autoconf 2.70 or higher to regenerate the
+   configure script.  Bug #972.
+
+ * sudo_logsrvd now has a relay mode which can be used to create
+   a hierarchy of log servers.  By default, when a relay server is
+   defined, messages from the client are forwarded immediately to
+   the relay.  However, if the "store_first" setting is enabled,
+   the log will be stored locally until the command completes and
+   then relayed.  Bug #965.
+
+ * Sudo now links with OpenSSL by default if it is available unless
+   the --disable-openssl configure option is used or both the
+   --disable-log-client and --disable-log-server configure options
+   are specified.
+
+ * Fixed configure's Python version detection when the version minor
+   number is more than a single digit, for example Python 3.10.
+
+ * The sudo Python module tests now pass for Python 3.10.
+
+ * Sudo will now avoid changing the datasize resource limit
+   as long as the existing value is at least 1GB.  This works around
+   a problem on 64-bit HP-UX where it is not possible to exactly
+   restore the original datasize limit.  Bug #973.
+
+ * Fixed a race condition that could result in a hang when sudo is
+   executed by a process where the SIGCHLD handler is set to SIG_IGN.
+   This fixes the bug described by GitHub PR #98.
+
+ * Fixed an out-of-bounds read in sudoedit and visudo when the
+   EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
+   unescaped backslash.  Also fixed the handling of quote characters
+   that are escaped by a backslash.  GitHub issue #99.
+
+ * Fixed a bug that prevented the "log_server_verify" sudoers option
+   from taking effect.
+
+ * The sudo_sendlog utility has a new -s option to cause it to stop
+   sending I/O records after a user-specified elapsed time.  This
+   can be used to test the I/O log restart functionality of sudo_logsrvd.
+
+ * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
+   attempting to restart an interrupted I/O log transfer.
+
+ * The TLS connection timeout in the sudoers log client was previously
+   hard-coded to 10 seconds.  It now uses the value of log_server_timeout.
+
+ * The configure script now outputs a summary of the user-configurable
+   options at the end, separate from output of configure script tests.
+   Bug #820.
+
+ * Corrected the description of which groups may be specified via the
+   -g option in the Runas_Spec section.  Bug #975.
+
 What's new in Sudo 1.9.6p1
 
  * Fixed a regression introduced in sudo 1.9.6 that resulted in an