diff --git a/MANIFEST b/MANIFEST index 5a6344aaa..c1869afa8 100644 --- a/MANIFEST +++ b/MANIFEST @@ -859,6 +859,8 @@ plugins/sudoers/regress/cvtsudoers/test4.out.ok plugins/sudoers/regress/cvtsudoers/test4.sh plugins/sudoers/regress/cvtsudoers/test40.out.ok plugins/sudoers/regress/cvtsudoers/test40.sh +plugins/sudoers/regress/cvtsudoers/test41.out.ok +plugins/sudoers/regress/cvtsudoers/test41.sh plugins/sudoers/regress/cvtsudoers/test5.out.ok plugins/sudoers/regress/cvtsudoers/test5.sh plugins/sudoers/regress/cvtsudoers/test6.out.ok @@ -1030,6 +1032,12 @@ plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok plugins/sudoers/regress/sudoers/test30.out.ok plugins/sudoers/regress/sudoers/test30.sudo.ok plugins/sudoers/regress/sudoers/test30.toke.ok +plugins/sudoers/regress/sudoers/test31.in +plugins/sudoers/regress/sudoers/test31.json.ok +plugins/sudoers/regress/sudoers/test31.ldif.ok +plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test31.out.ok +plugins/sudoers/regress/sudoers/test31.toke.ok plugins/sudoers/regress/sudoers/test4.in plugins/sudoers/regress/sudoers/test4.json.ok plugins/sudoers/regress/sudoers/test4.ldif.ok diff --git a/Makefile.in b/Makefile.in index 9251385d2..ecff43bda 100644 --- a/Makefile.in +++ b/Makefile.in @@ -248,14 +248,7 @@ depend: siglist.c signame.c tsgetusershell.c # The CODEOWNERS file is not present in the release tarball. ChangeLog: if test -f $(srcdir)/docs/CODEOWNERS; then \ - if test -d $(srcdir)/.hg && hg -R $(srcdir) identify -ibt >stamp-$@.tmp 2>&1; then \ - cmp stamp-$@.tmp stamp-$@ >/dev/null 2>&1 || { \ - mv -f stamp-$@.tmp stamp-$@; \ - if hg log -R $(srcdir) --template=changelog -r "sort(branch(.) or follow(), -date)" > $@.tmp; then \ - mv -f $@.tmp $(srcdir)/$@; \ - fi; \ - }; \ - elif test -d $(srcdir)/.git && git --git-dir $(srcdir)/.git describe --tags >stamp-$@.tmp 2>&1; then \ + if test -d $(srcdir)/.git && git --git-dir $(srcdir)/.git describe --tags >stamp-$@.tmp 2>&1; then \ cmp stamp-$@.tmp stamp-$@ >/dev/null 2>&1 || { \ mv -f stamp-$@.tmp stamp-$@; \ if $(scriptdir)/log2cl.pl -R $(srcdir)/.git > $@.tmp; then \ @@ -385,10 +378,10 @@ mkdefaults: cd plugins/sudoers && exec $(MAKE) DEVEL=1 ./def_data.c ./def_data.h check-dist: update-pot compile-po mkdefaults - @if test -d $(srcdir)/.hg && cd $(srcdir); then \ - if test `hg stat -am | wc -l` -ne 0; then \ + @if test -d $(srcdir)/.git && cd $(srcdir); then \ + if git status -s | grep -q '^ *M'; then \ echo "Uncommitted changes" 1>&2; \ - hg stat -am 1>&2; \ + git status -s | grep '^ *M'; \ exit 1; \ fi; \ fi diff --git a/NEWS b/NEWS index f4f737d0b..fd0b9ad96 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,22 @@ +What's new in Sudo 1.9.17p2 + + * Fixed a bug introduced in sudo 1.9.16 that could result in sudo + sending SIGHUP to all processes on the system in certain rare + cases. The bug could manifest if sudo is running a command in + a pseudo-terminal, sudo terminates the command due to an internal + error, and the user's terminal is revoked. GitHub issue #458. + + * Fixed a bug introduced in sudo 1.9.12 that caused sudo to abort + when the "intercept" and "intercept_verify" options are enabled + in sudoers and either the command line arguments or the environment + contains a string larger than the page size (usually 4096). This + only Linux affects systems that support the ptrace_readv_string() + function. GitHub issue #453. + + * Fixed a bug in sudo's configure script introduced in sudo 1.9.17 + that prevented mdoc-format man pages from being used on systems + without the mandoc utility. Bug #1077. + What's new in Sudo 1.9.17p1 * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified diff --git a/configure b/configure index ad340055f..7762ab88d 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for sudo 1.9.17p1. +# Generated by GNU Autoconf 2.72 for sudo 1.9.17p2. # # Report bugs to . # @@ -614,8 +614,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.17p1' -PACKAGE_STRING='sudo 1.9.17p1' +PACKAGE_VERSION='1.9.17p2' +PACKAGE_STRING='sudo 1.9.17p2' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures sudo 1.9.17p1 to adapt to many kinds of systems. +'configure' configures sudo 1.9.17p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1717,7 +1717,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.17p1:";; + short | recursive ) echo "Configuration of sudo 1.9.17p2:";; esac cat <<\_ACEOF @@ -2013,7 +2013,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.17p1 +sudo configure 1.9.17p2 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.17p1, which was +It was created by sudo $as_me 1.9.17p2, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -17786,7 +17786,7 @@ else case e in #( echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest - if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then + if $ac_cv_path_NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest @@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.17p1, which was +This file was extended by sudo $as_me 1.9.17p2, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.17p1 +sudo config.status 1.9.17p2 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 84c11523c..db72498cc 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.69]) -AC_INIT([sudo], [1.9.17p1], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.17p2], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) @@ -1753,7 +1753,7 @@ AC_CACHE_CHECK([which macro set to use for manual pages], echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest - if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then + if $ac_cv_path_NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest diff --git a/etc/sudo-logsrvd.pp b/etc/sudo-logsrvd.pp index a51fc03ab..502dc3459 100644 --- a/etc/sudo-logsrvd.pp +++ b/etc/sudo-logsrvd.pp @@ -128,15 +128,20 @@ This makes it possible to have all sudo I/O logs on a central server." %endif %if [rpm] + # Used to set rpm_arch to x86_64_v2 on Alma Linux + if test -n "$pp_rpm_arch_override"; then + pp_rpm_arch="$pp_rpm_arch_override" + fi + # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) # CentOS Stream has a single-digit version if test $osrelease -lt 10; then osrelease="${osrelease}0" fi - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" diff --git a/etc/sudo-python.pp b/etc/sudo-python.pp index 646c4312b..7738fcdda 100644 --- a/etc/sudo-python.pp +++ b/etc/sudo-python.pp @@ -84,15 +84,20 @@ %endif %if [rpm] + # Used to set rpm_arch to x86_64_v2 on Alma Linux + if test -n "$pp_rpm_arch_override"; then + pp_rpm_arch="$pp_rpm_arch_override" + fi + # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) # CentOS Stream has a single-digit version if test $osrelease -lt 10; then osrelease="${osrelease}0" fi - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" diff --git a/etc/sudo.pp b/etc/sudo.pp index 2dfbeabd0..499c3c758 100644 --- a/etc/sudo.pp +++ b/etc/sudo.pp @@ -149,15 +149,20 @@ still allow people to get their work done." %endif %if [rpm] + # Used to set rpm_arch to x86_64_v2 on Alma Linux + if test -n "$pp_rpm_arch_override"; then + pp_rpm_arch="$pp_rpm_arch_override" + fi + # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) # CentOS Stream has a single-digit version if test $osrelease -lt 10; then osrelease="${osrelease}0" fi - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c index 23d4f527a..ed31af11d 100644 --- a/plugins/sudoers/log_client.c +++ b/plugins/sudoers/log_client.c @@ -1933,7 +1933,7 @@ client_msg_cb(int fd, int what, void *v) { const ssize_t n = write(fd, buf->data + buf->off, buf->len - buf->off); if (n < 0) { - sudo_warn("send"); + sudo_warn("write"); goto bad; } nwritten = (size_t)n; diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c index a479ceec3..dc4d24472 100644 --- a/plugins/sudoers/match_command.c +++ b/plugins/sudoers/match_command.c @@ -272,7 +272,8 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, len = snprintf(sdbuf, sizeof(sdbuf), "%s%s", runchroot, sudoers_dir); if (len >= ssizeof(sdbuf)) { errno = ENAMETOOLONG; - debug_return_bool(false); + sudo_warn("%s%s", runchroot, sudoers_dir); + goto done; } sudoers_dir = sdbuf; chrootlen = strlen(runchroot); @@ -536,7 +537,8 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, sudoers_cmnd); if (len >= ssizeof(pathbuf)) { errno = ENAMETOOLONG; - debug_return_bool(false); + sudo_warn("%s%s", runchroot, sudoers_cmnd); + debug_return_int(DENY); } sudoers_cmnd = pathbuf; chrootlen = strlen(runchroot); diff --git a/plugins/sudoers/match_digest.c b/plugins/sudoers/match_digest.c index 476fdd866..bb5258ef3 100644 --- a/plugins/sudoers/match_digest.c +++ b/plugins/sudoers/match_digest.c @@ -73,7 +73,8 @@ digest_matches(int fd, const char *path, const char *runchroot, snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); if (len >= ssizeof(pathbuf)) { errno = ENAMETOOLONG; - debug_return_bool(false); + sudo_warn("%s%s", runchroot, path); + goto done; } path = pathbuf; } diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 43955420f..297482b32 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -358,12 +358,17 @@ ts_write(const struct sudoers_context *ctx, int fd, const char *fname, /* Truncate on partial write to be safe (assumes end of file). */ if (nwritten > 0) { - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "short write, truncating partial time stamp record"); if (ftruncate(fd, old_eof) != 0) { sudo_warn(U_("unable to truncate time stamp file to %lld bytes"), (long long)old_eof); } + if (lseek(fd, old_eof, SEEK_SET) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to seek to %lld", (long long)old_eof); + } } debug_return_ssize_t(-1); } diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 18fb24157..8958d52dd 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -499,7 +499,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, if (sp->tpath == NULL) { if (asprintf(&sp->tpath, "%s.tmp", sp->dpath) == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU|S_IRUSR); + tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); if (tfd < 0) sudo_fatal("%s", sp->tpath); diff --git a/scripts/mkpkg b/scripts/mkpkg index b6dcec7f9..68b141916 100755 --- a/scripts/mkpkg +++ b/scripts/mkpkg @@ -17,8 +17,8 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Build a binary package using polypkg -# Usage: mkpkg [--build-only] [--configure-only] [--debug] [--flavor flavor] -# [--platform platform] [--osversion ver] +# Usage: mkpkg [--arch arch] [--build-only] [--configure-only] [--debug] +# [--flavor flavor] [--osversion ver] [--platform platform] # # Make sure IFS is set to space, tab, newline in that order. @@ -29,7 +29,7 @@ nl=' IFS=" $nl" # Parse arguments -usage="usage: mkpkg [--build-only] [--configure-only] [--debug] [--flavor flavor] [--platform platform] [--osversion ver]" +usage="usage: mkpkg [--arch arch] [--build-only] [--configure-only] [--debug] [--flavor flavor] [--osversion ver] [--platform platform]" debug=0 flavor=vanilla crossbuild=false @@ -37,6 +37,18 @@ build_packages=true; build_sudo=true; while test $# -gt 0; do case "$1" in + --arch=?*) + arch=`echo "$1" | sed -n 's/^--arch=\(.*\)/\1/p'` + ;; + --arch) + arch=`echo "$1" | sed -n 's/^--arch=\(.*\)/\1/p'` + if [ $# -lt 2 ]; then + echo "$usage" 1>&2 + exit 1 + fi + arch="$2" + shift + ;; --debug) set -x debug=1 @@ -208,6 +220,10 @@ case "$osversion" in ;; esac + if [ -n "$arch" ]; then + # Override the default rpm arch for, e.g. x86_64_v2 + PPVARS="${PPVARS}${PPVARS+$space}pp_rpm_arch_override=$arch" + fi if [ X"$with_selinux" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi diff --git a/scripts/pp b/scripts/pp index a1c5638a8..1489ef4ec 100755 --- a/scripts/pp +++ b/scripts/pp @@ -5581,7 +5581,7 @@ pp_rpm_detect_distro () { -e 's/^Red Hat Enterprise Linux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \ -e 's/^Rocky Linux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \ -e 's/^AlmaLinux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \ - -e 's/^CentOS.*release \([0-9][0-9\.]*\).*/centos\1/p' \ + -e 's/^CentOS.*release \([0-9]\{1,\}\)\(\.[0-9]*\)\{0,1\}.*/centos\1\2/p' \ /etc/redhat-release` elif test -f /etc/SuSE-release; then pp_rpm_distro=`awk ' diff --git a/src/exec_ptrace.c b/src/exec_ptrace.c index f970c4f7e..c3411ba27 100644 --- a/src/exec_ptrace.c +++ b/src/exec_ptrace.c @@ -387,8 +387,7 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) (unsigned long)remote.iov_base, remote.iov_len); debug_return_ssize_t(-1); case 0: - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0): %s", (int)pid, (unsigned long)local.iov_base, local.iov_len, (unsigned long)remote.iov_base, remote.iov_len, "premature EOF"); @@ -398,9 +397,17 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) cp = memchr(buf, '\0', (size_t)nread); if (cp != NULL) debug_return_ssize_t((cp - buf0) + 1); /* includes NUL */ + /* No NUL terminator, we should have a full page. */ + if ((size_t)nread != page_size) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0)" + " -> %zd", + (int)pid, (unsigned long)local.iov_base, local.iov_len, + (unsigned long)remote.iov_base, remote.iov_len, nread); + } buf += nread; bufsize -= (size_t)nread; - addr += sizeof(unsigned long); + addr += (size_t)nread; break; } } diff --git a/src/exec_pty.c b/src/exec_pty.c index fb384d13c..0789305ec 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -358,9 +358,11 @@ revoke_pty(struct exec_closure *ec) pgrp = tcpgrp; close(io_fds[SFD_LEADER]); } - sudo_debug_printf(SUDO_DEBUG_NOTICE, "%s: killpg(%d, SIGHUP)", - __func__, (int)pgrp); - kill(pgrp, SIGHUP); + if (pgrp != -1) { + sudo_debug_printf(SUDO_DEBUG_NOTICE, "%s: killpg(%d, SIGHUP)", + __func__, (int)pgrp); + killpg(pgrp, SIGHUP); + } } /*