merge sudo 1.9.4 from tip

--HG--
branch : 1.9

Author: millert

ABOUT-NLS

@@ -22,7 +22,7 @@ work on translations can contact the appropriate team.
 ===================
 
 Some packages are "localizable" when properly installed; the programs
-they contain can be made to speak your own native language.  Most such
+they contain can be made to speak your own local language.  Most such
 packages use GNU 'gettext'.  Other packages have their own ways to
 internationalization, predating GNU 'gettext'.
 

INSTALL

@@ -328,7 +328,7 @@ Optional features:
 
   --with-interfaces=no, --without-interfaces
 	This option keeps sudo from trying to glean the ip address
-	from each attached Ethernet interface.  It is only useful
+	from each attached network interface.  It is only useful
 	on a machine where sudo's interface reading support does
 	not work, which may be the case on some SysV-based OS's
 	using STREAMS.
@@ -852,11 +852,11 @@ Options that set runtime-changeable default values:
 	Sudoers option: runas_default
 
   --with-secure-path[=PATH]
-	Path used for every command run from sudo(8).  If you don't trust the
-	people running sudo to have a sane PATH environment variable you may
-	want to use this.  Another use is if you want to have the "root path"
-	be separate from the "user path."  You will need to customize the path
-	for your site.  NOTE: this is not applied to users in the group
+	Path used for every command run from sudo(8).  If you don't trust
+	users to have a reasonable PATH environment variable you may want
+	to use this.  Another use is if you want to have the "root path"
+	be separate from the "user path."  You will need to customize the
+	path for your site.  NOTE: this is not applied to users in the group
 	specified by --with-exemptgroup.  If you do not specify a path,
 	"/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.
 	Sudoers option: secure_path

MANIFEST

@@ -91,6 +91,7 @@ include/sudo_debug.h
 include/sudo_digest.h
 include/sudo_dso.h
 include/sudo_event.h
+include/sudo_eventlog.h
 include/sudo_fatal.h
 include/sudo_gettext.h
 include/sudo_iolog.h
@@ -101,6 +102,12 @@ include/sudo_queue.h
 include/sudo_rand.h
 include/sudo_util.h
 install-sh
+lib/eventlog/Makefile.in
+lib/eventlog/eventlog.c
+lib/eventlog/logwrap.c
+lib/eventlog/regress/logwrap/check_wrap.c
+lib/eventlog/regress/logwrap/check_wrap.in
+lib/eventlog/regress/logwrap/check_wrap.out.ok
 lib/iolog/Makefile.in
 lib/iolog/host_port.c
 lib/iolog/hostcheck.c
@@ -287,7 +294,6 @@ lib/zlib/zlib.h
 lib/zlib/zutil.c
 lib/zlib/zutil.h
 logsrvd/Makefile.in
-logsrvd/eventlog.c
 logsrvd/iolog_writer.c
 logsrvd/logsrv_util.c
 logsrvd/logsrv_util.h
@@ -497,18 +503,17 @@ plugins/sudoers/insults.h
 plugins/sudoers/interfaces.c
 plugins/sudoers/interfaces.h
 plugins/sudoers/iolog.c
-plugins/sudoers/iolog_client.c
 plugins/sudoers/iolog_path_escapes.c
-plugins/sudoers/iolog_plugin.h
 plugins/sudoers/ldap.c
 plugins/sudoers/ldap_conf.c
 plugins/sudoers/ldap_util.c
 plugins/sudoers/linux_audit.c
 plugins/sudoers/linux_audit.h
 plugins/sudoers/locale.c
+plugins/sudoers/log_client.c
+plugins/sudoers/log_client.h
 plugins/sudoers/logging.c
 plugins/sudoers/logging.h
-plugins/sudoers/logwrap.c
 plugins/sudoers/match.c
 plugins/sudoers/match_addr.c
 plugins/sudoers/match_command.c
@@ -671,9 +676,6 @@ plugins/sudoers/regress/env_match/check_env_pattern.c
 plugins/sudoers/regress/env_match/data
 plugins/sudoers/regress/exptilde/check_exptilde.c
 plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
-plugins/sudoers/regress/logging/check_wrap.c
-plugins/sudoers/regress/logging/check_wrap.in
-plugins/sudoers/regress/logging/check_wrap.out.ok
 plugins/sudoers/regress/parser/check_addr.c
 plugins/sudoers/regress/parser/check_addr.in
 plugins/sudoers/regress/parser/check_base64.c
@@ -829,6 +831,12 @@ plugins/sudoers/regress/testsudoers/test11.out.ok
 plugins/sudoers/regress/testsudoers/test11.sh
 plugins/sudoers/regress/testsudoers/test12.out.ok
 plugins/sudoers/regress/testsudoers/test12.sh
+plugins/sudoers/regress/testsudoers/test13.out.ok
+plugins/sudoers/regress/testsudoers/test13.sh
+plugins/sudoers/regress/testsudoers/test14.out.ok
+plugins/sudoers/regress/testsudoers/test14.sh
+plugins/sudoers/regress/testsudoers/test15.out.ok
+plugins/sudoers/regress/testsudoers/test15.sh
 plugins/sudoers/regress/testsudoers/test2.inc
 plugins/sudoers/regress/testsudoers/test2.out.ok
 plugins/sudoers/regress/testsudoers/test2.sh

Makefile.in

@@ -56,10 +56,10 @@ shlib_mode = @SHLIB_MODE@
 # Version of python detected by configure (major.minor)
 python_version = @PYTHON_VERSION@
 
-SUBDIRS = lib/util @ZLIB_SRC@ lib/iolog @LOGSRV_SRC@ @LOGSRVD_SRC@ \
-	  plugins/audit_json plugins/group_file plugins/sample_approval \
-	  plugins/sudoers plugins/system_group @PYTHON_PLUGIN_SRC@ src \
-	  include doc examples
+SUBDIRS = lib/util @ZLIB_SRC@ lib/eventlog lib/iolog @LOGSRV_SRC@ \
+	  @LOGSRVD_SRC@ plugins/audit_json plugins/group_file \
+	  plugins/sample_approval plugins/sudoers plugins/system_group \
+	  @PYTHON_PLUGIN_SRC@ src include doc examples
 
 SAMPLES = plugins/sample
 
@@ -210,14 +210,15 @@ siglist.c signame.c:
 depend: siglist.c signame.c
 	$(scriptdir)/mkdep.pl \
 	    --srcdir=$(abs_top_srcdir) --builddir=$(abs_top_builddir) \
-	    lib/util/Makefile.in lib/zlib/Makefile.in \
+	    lib/util/Makefile.in lib/zlib/Makefile.in lib/eventlog/Makefile.in \
 	    lib/iolog/Makefile.in lib/logsrv/Makefile.in logsrvd/Makefile.in \
 	    plugins/group_file/Makefile.in plugins/sample/Makefile.in \
 	    plugins/sudoers/Makefile.in plugins/system_group/Makefile.in \
 	    plugins/python/Makefile.in \
 	    src/Makefile.in && \
 	$(top_builddir)/config.status --file $(top_builddir)/lib/util/Makefile \
 	    --file $(top_builddir)/lib/zlib/Makefile \
+	    --file $(top_builddir)/lib/eventlog/Makefile \
 	    --file $(top_builddir)/lib/iolog/Makefile \
 	    --file $(top_builddir)/lib/logsrv/Makefile \
 	    --file $(top_builddir)/logsrvd/Makefile \
@@ -275,7 +276,7 @@ update-pot:
 			    -e 's/^mailsub="/gettext "/p' configure.ac \
 			    >> confstr.sh; \
 			tmpfiles=confstr.sh; \
-			cfiles="lib/iolog/*.c logsrvd/*.c plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \
+			cfiles="lib/eventlog/*.c lib/iolog/*.c logsrvd/*.c plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \
 		    *) echo unknown domain $$domain; continue;; \
 		esac; \
 		$(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles $$tmpfiles -o $$pot.tmp; \

NEWS

@@ -1,3 +1,62 @@
+What's new in Sudo 1.9.4
+
+ * The sudoers parser will now detect when an upper-case reserved
+   word is used when declaring an alias.  Now instead of "syntax
+   error, unexpected CHROOT, expecting ALIAS" the message will be
+   "syntax error, reserved word CHROOT used as an alias name".
+   Bug #941.
+
+ * Better handling of sudoers files without a final newline.
+   The parser now adds a newline at end-of-file automatically which
+   removes the need for special cases in the parser.
+
+ * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
+   where an uninitialized pointer could be freed on an error path.
+   GitHub issue #67.
+
+ * The core logging code is now shared between sudo_logsrvd and
+   the sudoers plugin.
+
+ * JSON log entries sent to syslog now use "minimal" JSON which
+   skips all non-essention whitespace.
+
+ * The sudoers plugin can now produce JSON-formatted logs.  The
+   "log_format" sudoers option can be used to select sudo or json
+   format logs.  The default is sudo format logs.
+
+ * The sudoers plugin and visudo now display the column number in
+   syntax error messages in addition to the line number.  Bug #841.
+
+ * If I/O logging is not enabled but "log_servers" is set, the
+   sudoers plugin will now log accept events to sudo_logsrvd.
+   Previously, the accept event was only sent when I/O logging was
+   enabled.  The sudoers plugin now sends reject and alert events too.
+
+ * The sudo logsrv protocol has been extended to allow an AlertMessage
+   to contain an optional array of InfoMessage, as AcceptMessage
+   and RejectMessage already do.
+
+ * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
+   in duplicate entries in the debug log when debugging was enabled.
+
+ * The visudo utility now supports EDITOR environment variables
+   that use single or double quotes in the command arguments.
+   Bug #942.
+
+ * The PAM session modules now run when sudo is set-user-ID root,
+   which allows a module to determine the original user-ID.
+   Bug #944.
+
+ * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
+   where sudoNotBefore and sudoNotAfter were applied even when the
+   SUDOERS_TIMED setting was not present in ldap.conf.  Bug #945.
+
+ * Sudo packages for macOS 11 now contain universal binaries that
+   support both Intel and Apple Silicon CPUs.
+
+ * For sudo_logsrvd, an empty value for the "pid_file" setting in
+   sudo_logsrvd.conf will now disable the process ID file.
+
 What's new in Sudo 1.9.3p1
 
  * Fixed a regression introduced in sudo 1.9.3 where the configure
@@ -23,9 +82,9 @@ What's new in Sudo 1.9.3
    doesn't support symbol hiding.
 
  * Sudo now uses a linker script to hide symbols even when the
-   compiler has native symbol hiding support.  This should make it
-   easier to detect omissions in the symbol exports file, regardless
-   of the platform.
+   compiler supports symbol hiding.  This should make it easier to
+   detect omissions in the symbol exports file, regardless of the
+   platform.
 
  * Fixed the libssl dependency in Debian packages for older releases
    that use libssl1.0.0.
@@ -67,15 +126,20 @@ What's new in Sudo 1.9.3
 
  * It is now possible to set the working directory or change the
    root directory on a per-command basis using the CWD and CHROOT
-   options.  There are also new Defaults settings, runchroot and
-   runcwd, that can be used to set the working directory or root
-   directory on a more global basis.
+   options.  CWD and CHROOT are now reserved words in sudoers--they
+   can no longer be used as alias names.  There are also new Defaults
+   settings, runchroot and runcwd, that can be used to set the
+   working directory or root directory on a more global basis.
 
  * New -D (--chdir) and -R (--chroot) command line options can be
    used to set the working directory or root directory if the sudoers
    file allows it.  This functionality is not enabled by default
    and must be explicitly enabled in the sudoers file.
 
+ * Fixed a regression introduced in sudo 1.9.1 where the sudoers_audit
+   symbol could not be resolved when sudo is configured with the
+   --enable-static-sudoers option.  Bug #936 and GitHub issue #61.
+
 What's new in Sudo 1.9.2
 
  * Fixed package builds on RedHat Enterprise Linux 8.
@@ -1694,7 +1758,7 @@ What's new in Sudo 1.8.11
 
  * Fixed a crash in the system_group plugin.  Bug #653.
 
- * Fixed sudoedit on platforms without a native version of the
+ * Fixed sudoedit on platforms without a system version of the
    getprogname() function.  Bug #654.
 
  * Fixed compilation problems with some pre-C99 compilers.
@@ -2020,7 +2084,7 @@ What's new in Sudo 1.8.7?
  * There is now a standalone sudo.conf manual page.
 
  * Sudo now stores its libexec files in a "sudo" sub-directory instead
-   of in libexec itself. For backwards compatibility, if the plugin
+   of in libexec itself. For backward compatibility, if the plugin
    is not found in the default plugin directory, sudo will check
    the parent directory if the default directory ends in "/sudo".
 
@@ -2483,7 +2547,7 @@ What's new in Sudo 1.8.3?
  * Added --enable-werror configure option for gcc's -Werror flag.
 
  * Visudo no longer assumes all editors support the +linenumber
-   command line argument.  It now uses a whitelist of editors known
+   command line argument.  It now uses a allowlist of editors known
    to support the option.
 
  * Fixed matching of network addresses when a netmask is specified

config.h.in

@@ -466,6 +466,9 @@
 /* Define to 1 if you use LDAP for sudoers. */
 #undef HAVE_LDAP
 
+/* Define to 1 if you have the <ldapssl.h> header file. */
+#undef HAVE_LDAPSSL_H
+
 /* Define to 1 if you have the `ldapssl_init' function. */
 #undef HAVE_LDAPSSL_INIT
 
@@ -764,7 +767,8 @@
 /* Define to 1 if you have the `SSL_CTX_get0_certificate' function. */
 #undef HAVE_SSL_CTX_GET0_CERTIFICATE
 
-/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */
+/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro.
+   */
 #undef HAVE_SSL_CTX_SET_CIPHERSUITES
 
 /* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or
@@ -1186,9 +1190,8 @@
 /* Define to 1 if the code in interfaces.c does not compile for you. */
 #undef STUB_LOAD_INTERFACES
 
-/* Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log
-   plugin. */
-#undef SUDOERS_IOLOG_CLIENT
+/* Define to 1 to compile support for sudo_logsrvd in the sudoers plugin. */
+#undef SUDOERS_LOG_CLIENT
 
 /* An instance string to append to the username (separated by a slash) for
    Kerberos V authentication. */