Merge sudo 1.9.16 from tip.

--HG--
branch : 1.9

INSTALL.md

@@ -240,7 +240,7 @@ Defaults are listed in brackets after the description.
         production environment.
 
     --enable-pie
-        Build sudo and related programs as as a position independent
+        Build sudo and related programs as position independent
         executables (PIE).  This improves the effectiveness of address
         space layout randomization (ASLR) on systems that support it.
         Sudo will create PIE binaries by default on Linux systems.
@@ -476,10 +476,6 @@ Defaults are listed in brackets after the description.
         Specify the path to the SSSD shared library, which is loaded
         at run-time.
 
-    --enable-offensive-insults
-        Enable potentially offensive sudo insults from the classic
-        version of sudo.
-
     --enable-pvs-studio
         Generate a sample PVS-Studio.cfg file based on the compiler and
         platform type.  The "pvs-studio" Makefile target can then be
@@ -811,14 +807,16 @@ Defaults are listed in brackets after the description.
 
     --with-classic-insults
         Uses insults from sudo "classic."  If you just specify --with-insults
-        you will get the classic and CSOps insults.  This is on by default if
-        --with-insults is given.
+	you will get the classic and CSOps insults.  You must either specify
+	--with-insults or enable insults in the sudoers file for this to have
+	any effect.
 
     --with-csops-insults
         Insults the user with an extra set of insults (some quotes, some
-        original) from a sysadmin group at CU (CSOps).  You must specify
-        --with-insults as well for this to have any effect.  This is on by
-        default if --with-insults is given.
+	original) from a sysadmin group at CU (CSOps).  If you just specify
+	--with-insults you will get the classic and CSOps insults.  You
+	must either specify --with-insults or enable insults in the sudoers
+	file for this to have any effect.
 
     --with-editor=PATH
         Specify the default editor path for use by visudo.  This may be a
@@ -884,13 +882,19 @@ Defaults are listed in brackets after the description.
         Sudoers option: ignore_dot
 
     --with-insults
-        Define this if you want to be insulted for typing an incorrect password
-        just like the original sudo(8).  This is off by default.  
+        Define this if you want to be insulted by default for typing
+        an incorrect password just like the original sudo(8).
+        Insults may be optionally disabled in the sudoers file.
         Sudoers option: insults
 
+    --with-insults=no, --without-insults
+        By default, sudo will include support for insults that can be
+        enabled via the sudoers file.  However, if --with-insults=no is
+	used, no insults will be available, even if enabled in sudoers.
+
     --with-insults=disabled
         Include support for insults but disable them unless explicitly
-        enabled in sudoers.  
+        enabled in the sudoers file.  This is the default.
         Sudoers option: !insults
 
     --with-iologdir[=DIR]
@@ -995,9 +999,17 @@ Defaults are listed in brackets after the description.
         be separate from the "user path."  You will need to customize the
         path for your site.  This is not applied to users in the group
         specified by --with-exemptgroup.  If you do not specify a path,
-        "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.  
+        "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        is used.  
         Sudoers option: secure_path
 
+    --with-secure-path-value[=PATH]
+        Sets the value of "secure_path" that is substituted into
+        the default sudoers file.  This option is intended to be
+        used by package maintainers who wish to set "secure_path"
+        to a system-specific value in the default sudoers file.
+        It does not actually enable "secure-path".
+
     --with-sendmail=PATH
         Override configure's guess as to the location of sendmail.  
         Sudoers option: mailerpath
@@ -1077,7 +1089,7 @@ You need to have a C compiler in order to build sudo.  Since Solaris
 does not come with one by default this means that you either need
 to either install the Solaris Studio compiler suite, available for
 free from www.oracle.com, or install the GNU C compiler (gcc) which
-is can be installed via the pkg utility on Solaris 11 and higher
+can be installed via the pkg utility on Solaris 11 and higher
 and is distributed on the Solaris Companion CD for older Solaris
 releases.  You can also download gcc packages from
 https://www.opencsw.org/packages/CSWgcc4core/.

LICENSE.md

@@ -1,6 +1,6 @@
 Sudo is distributed under the following license:
 
-    Copyright (c) 1994-1996, 1998-2023
+    Copyright (c) 1994-1996, 1998-2024
         Todd C. Miller <Todd.Miller@sudo.ws>
 
     Permission to use, copy, modify, and distribute this software for any
@@ -299,7 +299,7 @@ The file getentropy.c bears the following license:
 
 The embedded copy of zlib bears the following license:
 
-    Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+    Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
 
     This software is provided 'as-is', without any express or implied
     warranty.  In no event will the authors be held liable for any damages

MANIFEST

@@ -32,6 +32,7 @@ docs/cvtsudoers.mdoc.in
 docs/fixman.sh
 docs/fixmdoc.sed
 docs/schema.ActiveDirectory
+docs/schema.IBM_LDAP
 docs/schema.OpenLDAP
 docs/schema.iPlanet
 docs/schema.olcSudo
@@ -716,6 +717,8 @@ plugins/sudoers/po/hr.mo
 plugins/sudoers/po/hr.po
 plugins/sudoers/po/hu.mo
 plugins/sudoers/po/hu.po
+plugins/sudoers/po/id.mo
+plugins/sudoers/po/id.po
 plugins/sudoers/po/it.mo
 plugins/sudoers/po/it.po
 plugins/sudoers/po/ja.mo

Makefile.in

@@ -221,20 +221,24 @@ depend: siglist.c signame.c tsgetusershell.c
 	    lib/util/Makefile.in lib/zlib/Makefile.in \
 	    lib/fuzzstub/Makefile.in lib/eventlog/Makefile.in \
 	    lib/iolog/Makefile.in lib/logsrv/Makefile.in logsrvd/Makefile.in \
-	    lib/protobuf-c/Makefile.in plugins/group_file/Makefile.in \
-	    plugins/sample/Makefile.in plugins/sudoers/Makefile.in \
-	    plugins/system_group/Makefile.in plugins/python/Makefile.in \
-	    src/Makefile.in && \
+	    lib/protobuf-c/Makefile.in lib/ssl_compat/Makefile.in \
+	    plugins/group_file/Makefile.in plugins/audit_json/Makefile.in \
+	    plugins/sample/Makefile.in plugins/sample_approval/Makefile.in \
+	    plugins/sudoers/Makefile.in plugins/system_group/Makefile.in \
+	    plugins/python/Makefile.in src/Makefile.in && \
 	$(top_builddir)/config.status --file $(top_builddir)/lib/util/Makefile \
 	    --file $(top_builddir)/lib/zlib/Makefile \
-	    --file $(top_builddir)/lib/eventlog/Makefile \
 	    --file $(top_builddir)/lib/fuzzstub/Makefile \
+	    --file $(top_builddir)/lib/eventlog/Makefile \
 	    --file $(top_builddir)/lib/iolog/Makefile \
 	    --file $(top_builddir)/lib/logsrv/Makefile \
 	    --file $(top_builddir)/lib/protobuf-c/Makefile \
+	    --file $(top_builddir)/lib/ssl_compat/Makefile \
 	    --file $(top_builddir)/logsrvd/Makefile \
-	    --file $(top_builddir)/plugins/sample/Makefile \
 	    --file $(top_builddir)/plugins/group_file/Makefile \
+	    --file $(top_builddir)/plugins/audit_json/Makefile \
+	    --file $(top_builddir)/plugins/sample/Makefile \
+	    --file $(top_builddir)/plugins/sample_approval/Makefile \
 	    --file $(top_builddir)/plugins/sudoers/Makefile \
 	    --file $(top_builddir)/plugins/system_group/Makefile \
 	    --file $(top_builddir)/plugins/python/Makefile \

NEWS

@@ -1,3 +1,72 @@
+What's new in Sudo 1.9.16
+
+ * Added the "cmddenial_message" sudoers option to provide additional
+   information to the user when a command is denied by the sudoers
+   policy.  The default message is still displayed.
+
+ * The time stamp used for file-based logs is now more consistent
+   with the time stamp produced by syslog.  GitHub issues #327.
+
+ * Sudo will now warn the user if it can detect the user's terminal
+   but cannot determine the path to the terminal device.  The sudoers
+   time stamp file will now use the terminal device number directly.
+   GitHub issue #329.
+
+ * The embedded copy of zlib has been updated to version 1.3.1.
+
+ * Improved error handling if generating the list of signals and signal
+   names fails at build time.
+
+ * Fixed a compilation issue on Linux systems without process_vm_readv().
+
+ * Fixed cross-compilation with WolfSSL.
+
+ * Added a "json_compact" value for the sudoers "log_format" option
+   which can be used when logging to a file.  The existing "json"
+   value has been aliased to "json_pretty".  In a future release,
+   "json" will be an alias for "json_compact".  GitHub issue #357.
+
+ * A new "pam_silent" sudoers option has been added which may be
+   negated to avoid suppressing output from PAM authentication modules.
+   GitHub issue #216.
+
+ * Fixed several cvtsudoers JSON output problems.
+   GitHub issues #369, #370, #371, #373, #381.
+
+ * When sudo runs a command in a pseudo-terminal and the user's
+   terminal is revoked, the pseudo-terminal's foreground process
+   group will now receive SIGHUP before the terminal is revoked.
+   This emulates the behavior of the session leader exiting and is
+   consistent with what happens when, for example, an ssh session
+   is closed.  GitHub issue #367.
+
+ * Fixed "make test" with Python 3.12.  GitHub issue #374.
+
+ * In schema.ActiveDirectory, fixed the quoting in the example command.
+   GitHub issue #376.
+
+ * Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may
+   now be double-quoted.
+
+ * Sudo insults are now included by default, but disabled unless
+   the --with-insults configure option is specified or the "insults"
+   sudoers option is enabled.
+
+ * The default sudoers file now enables the "secure_path" option by
+   default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment
+   variables when running visudo.  The new --with-secure-path-value
+   configure option can be used to set the value of "secure_path" in
+   the default sudoers file.  GitHub issue #387.
+
+ * A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory
+   Server, IBM Security Directory Server, and IBM Security Verify
+   Directory) is now included.
+
+ * When cross-compiling sudo, the configure script now assumes that
+   the snprintf() function is C99-compliant if the C compiler
+   supports the C99 standard.  Previously, configure would use
+   sudo's own snprintf() when cross-compiling.  GitHub issue #386.
+
 What's new in Sudo 1.9.15p5
 
  * Fixed evaluation of the "lecture", "listpw", "verifypw", and

README.LDAP.md

@@ -96,8 +96,17 @@ copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif.
 On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/.
 For Fedora Directory Server, they are stored in /etc/dirsrv/schema/.
 
-After copying the schema file to the appropriate directory, restart
-the LDAP server.
+For IBM Directory Server, IBM Tivoli Directory Server, IBM Security
+Directory Server, and IBM Security Verify Directory, the schema is
+supplied in LDIF format.  It can be installed using the ldapmodify
+utility:
+
+    # ldapmodify -c -f schema.IBM_LDAP -h ldapserver:port -w passwod \
+      -D cn=Manager,dc=example,dc=com
+
+For schema files other than schema.olcSudo and schema.IBM_LDAP, you
+will need to restart the LDAP server after copying the schema file
+into place.
 
 Finally, using an LDAP browser/editor, enable indexing by editing the
 client profile to provide a Service Search Descriptor (SSD) for sudoers,

config.h.in

@@ -1203,10 +1203,6 @@
 /* Define if your C preprocessor does not support variadic macros. */
 #undef NO_VARIADIC_MACROS
 
-/* Define to 1 to include offensive insults from the classic version of sudo.
-   */
-#undef OFFENSIVE_INSULTS
-
 /* Define to the address where bug reports for this package should be sent. */
 #undef PACKAGE_BUGREPORT