Merge sudo 1.9.17p2 from branch 'main' into sudo-1.9

MANIFEST

@@ -859,6 +859,8 @@ plugins/sudoers/regress/cvtsudoers/test4.out.ok
 plugins/sudoers/regress/cvtsudoers/test4.sh
 plugins/sudoers/regress/cvtsudoers/test40.out.ok
 plugins/sudoers/regress/cvtsudoers/test40.sh
+plugins/sudoers/regress/cvtsudoers/test41.out.ok
+plugins/sudoers/regress/cvtsudoers/test41.sh
 plugins/sudoers/regress/cvtsudoers/test5.out.ok
 plugins/sudoers/regress/cvtsudoers/test5.sh
 plugins/sudoers/regress/cvtsudoers/test6.out.ok
@@ -1030,6 +1032,12 @@ plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test30.out.ok
 plugins/sudoers/regress/sudoers/test30.sudo.ok
 plugins/sudoers/regress/sudoers/test30.toke.ok
+plugins/sudoers/regress/sudoers/test31.in
+plugins/sudoers/regress/sudoers/test31.json.ok
+plugins/sudoers/regress/sudoers/test31.ldif.ok
+plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok
+plugins/sudoers/regress/sudoers/test31.out.ok
+plugins/sudoers/regress/sudoers/test31.toke.ok
 plugins/sudoers/regress/sudoers/test4.in
 plugins/sudoers/regress/sudoers/test4.json.ok
 plugins/sudoers/regress/sudoers/test4.ldif.ok

Makefile.in

@@ -248,14 +248,7 @@ depend: siglist.c signame.c tsgetusershell.c
 # The CODEOWNERS file is not present in the release tarball.
 ChangeLog:
 	if test -f $(srcdir)/docs/CODEOWNERS; then \
-	    if test -d $(srcdir)/.hg && hg -R $(srcdir) identify -ibt >stamp-$@.tmp 2>&1; then \
-		cmp stamp-$@.tmp stamp-$@ >/dev/null 2>&1 || { \
-		    mv -f stamp-$@.tmp stamp-$@; \
-		    if hg log -R $(srcdir) --template=changelog -r "sort(branch(.) or follow(), -date)" > $@.tmp; then \
-			mv -f $@.tmp $(srcdir)/$@; \
-		    fi; \
-		}; \
-	    elif test -d $(srcdir)/.git && git --git-dir $(srcdir)/.git describe --tags >stamp-$@.tmp 2>&1; then \
+	    if test -d $(srcdir)/.git && git --git-dir $(srcdir)/.git describe --tags >stamp-$@.tmp 2>&1; then \
 		cmp stamp-$@.tmp stamp-$@ >/dev/null 2>&1 || { \
 		    mv -f stamp-$@.tmp stamp-$@; \
 		    if $(scriptdir)/log2cl.pl -R $(srcdir)/.git > $@.tmp; then \
@@ -385,10 +378,10 @@ mkdefaults:
 	cd plugins/sudoers && exec $(MAKE) DEVEL=1 ./def_data.c ./def_data.h
 
 check-dist: update-pot compile-po mkdefaults
-	@if test -d $(srcdir)/.hg && cd $(srcdir); then \
-	    if test `hg stat -am | wc -l` -ne 0; then \
+	@if test -d $(srcdir)/.git && cd $(srcdir); then \
+	    if git status -s | grep -q '^ *M'; then \
 		echo "Uncommitted changes" 1>&2; \
-		hg stat -am 1>&2; \
+		git status -s | grep '^ *M'; \
 		exit 1; \
 	    fi; \
 	fi

NEWS

@@ -1,3 +1,22 @@
+What's new in Sudo 1.9.17p2
+
+ * Fixed a bug introduced in sudo 1.9.16 that could result in sudo
+   sending SIGHUP to all processes on the system in certain rare
+   cases.  The bug could manifest if sudo is running a command in
+   a pseudo-terminal, sudo terminates the command due to an internal
+   error, and the user's terminal is revoked.  GitHub issue #458.
+
+ * Fixed a bug introduced in sudo 1.9.12 that caused sudo to abort
+   when the "intercept" and "intercept_verify" options are enabled
+   in sudoers and either the command line arguments or the environment
+   contains a string larger than the page size (usually 4096).  This
+   only Linux affects systems that support the ptrace_readv_string()
+   function.  GitHub issue #453.
+
+ * Fixed a bug in sudo's configure script introduced in sudo 1.9.17
+   that prevented mdoc-format man pages from being used on systems
+   without the mandoc utility.  Bug #1077.
+
 What's new in Sudo 1.9.17p1
 
  * Fixed CVE-2025-32462.  Sudo's -h (--host) option could be specified

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.72 for sudo 1.9.17p1.
+# Generated by GNU Autoconf 2.72 for sudo 1.9.17p2.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -614,8 +614,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.17p1'
-PACKAGE_STRING='sudo 1.9.17p1'
+PACKAGE_VERSION='1.9.17p2'
+PACKAGE_STRING='sudo 1.9.17p2'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-'configure' configures sudo 1.9.17p1 to adapt to many kinds of systems.
+'configure' configures sudo 1.9.17p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1717,7 +1717,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.17p1:";;
+     short | recursive ) echo "Configuration of sudo 1.9.17p2:";;
    esac
   cat <<\_ACEOF
 
@@ -2013,7 +2013,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.17p1
+sudo configure 1.9.17p2
 generated by GNU Autoconf 2.72
 
 Copyright (C) 2023 Free Software Foundation, Inc.
@@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.17p1, which was
+It was created by sudo $as_me 1.9.17p2, which was
 generated by GNU Autoconf 2.72.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -17786,7 +17786,7 @@ else case e in #(
 	    echo ".Nd sudo" >> conftest
 	    echo ".Sh DESCRIPTION" >> conftest
 	    echo "sudo" >> conftest
-	    if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then
+	    if $ac_cv_path_NROFFPROG -mdoc conftest >/dev/null 2>&1; then
 		sudo_cv_var_mantype="mdoc"
 	    fi
 	    rm -f conftest
@@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.17p1, which was
+This file was extended by sudo $as_me 1.9.17p2, which was
 generated by GNU Autoconf 2.72.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-sudo config.status 1.9.17p1
+sudo config.status 1.9.17p2
 configured by $0, generated by GNU Autoconf 2.72,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.69])
-AC_INIT([sudo], [1.9.17p1], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.17p2], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 AC_CONFIG_AUX_DIR([scripts])
@@ -1753,7 +1753,7 @@ AC_CACHE_CHECK([which macro set to use for manual pages],
 	    echo ".Nd sudo" >> conftest
 	    echo ".Sh DESCRIPTION" >> conftest
 	    echo "sudo" >> conftest
-	    if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then
+	    if $ac_cv_path_NROFFPROG -mdoc conftest >/dev/null 2>&1; then
 		sudo_cv_var_mantype="mdoc"
 	    fi
 	    rm -f conftest

etc/sudo-logsrvd.pp

@@ -128,15 +128,20 @@ This makes it possible to have all sudo I/O logs on a central server."
 %endif
 
 %if [rpm]
+	# Used to set rpm_arch to x86_64_v2 on Alma Linux
+	if test -n "$pp_rpm_arch_override"; then
+		pp_rpm_arch="$pp_rpm_arch_override"
+	fi
+
 	# Add distro info to release
-	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'`
+	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'`
 	case "$pp_rpm_distro" in
 	centos*|rhel*|f[0-9]*)
 		# CentOS Stream has a single-digit version
 		if test $osrelease -lt 10; then
 		    osrelease="${osrelease}0"
 		fi
-		pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
+		pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}"
 		;;
 	sles*)
 		pp_rpm_release="$pp_rpm_release.sles$osrelease"

etc/sudo-python.pp

@@ -84,15 +84,20 @@
 %endif
 
 %if [rpm]
+	# Used to set rpm_arch to x86_64_v2 on Alma Linux
+	if test -n "$pp_rpm_arch_override"; then
+		pp_rpm_arch="$pp_rpm_arch_override"
+	fi
+
 	# Add distro info to release
-	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'`
+	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'`
 	case "$pp_rpm_distro" in
 	centos*|rhel*|f[0-9]*)
 		# CentOS Stream has a single-digit version
 		if test $osrelease -lt 10; then
 		    osrelease="${osrelease}0"
 		fi
-		pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
+		pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}"
 		;;
 	sles*)
 		pp_rpm_release="$pp_rpm_release.sles$osrelease"

etc/sudo.pp

@@ -149,15 +149,20 @@ still allow people to get their work done."
 %endif
 
 %if [rpm]
+	# Used to set rpm_arch to x86_64_v2 on Alma Linux
+	if test -n "$pp_rpm_arch_override"; then
+		pp_rpm_arch="$pp_rpm_arch_override"
+	fi
+
 	# Add distro info to release
-	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'`
+	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'`
 	case "$pp_rpm_distro" in
 	centos*|rhel*|f[0-9]*)
 		# CentOS Stream has a single-digit version
 		if test $osrelease -lt 10; then
 		    osrelease="${osrelease}0"
 		fi
-		pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
+		pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}"
 		;;
 	sles*)
 		pp_rpm_release="$pp_rpm_release.sles$osrelease"

plugins/sudoers/log_client.c

@@ -1933,7 +1933,7 @@ client_msg_cb(int fd, int what, void *v)
     {
 	const ssize_t n = write(fd, buf->data + buf->off, buf->len - buf->off);
 	if (n < 0) {
-	    sudo_warn("send");
+	    sudo_warn("write");
 	    goto bad;
 	}
 	nwritten = (size_t)n;

plugins/sudoers/match_command.c

@@ -272,7 +272,8 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir,
 	len = snprintf(sdbuf, sizeof(sdbuf), "%s%s", runchroot, sudoers_dir);
 	if (len >= ssizeof(sdbuf)) {
 	    errno = ENAMETOOLONG;
-	    debug_return_bool(false);
+	    sudo_warn("%s%s", runchroot, sudoers_dir);
+	    goto done;
 	}
 	sudoers_dir = sdbuf;
 	chrootlen = strlen(runchroot);
@@ -536,7 +537,8 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd,
 	    snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, sudoers_cmnd);
 	if (len >= ssizeof(pathbuf)) {
 	    errno = ENAMETOOLONG;
-	    debug_return_bool(false);
+	    sudo_warn("%s%s", runchroot, sudoers_cmnd);
+	    debug_return_int(DENY);
 	}
 	sudoers_cmnd = pathbuf;
 	chrootlen = strlen(runchroot);

plugins/sudoers/match_digest.c

@@ -73,7 +73,8 @@ digest_matches(int fd, const char *path, const char *runchroot,
 	    snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path);
 	if (len >= ssizeof(pathbuf)) {
 	    errno = ENAMETOOLONG;
-	    debug_return_bool(false);
+	    sudo_warn("%s%s", runchroot, path);
+	    goto done;
 	}
 	path = pathbuf;
     }

plugins/sudoers/timestamp.c

@@ -358,12 +358,17 @@ ts_write(const struct sudoers_context *ctx, int fd, const char *fname,
 
 	/* Truncate on partial write to be safe (assumes end of file). */
 	if (nwritten > 0) {
-	    sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
 		"short write, truncating partial time stamp record");
 	    if (ftruncate(fd, old_eof) != 0) {
 		sudo_warn(U_("unable to truncate time stamp file to %lld bytes"),
 		    (long long)old_eof);
 	    }
+	    if (lseek(fd, old_eof, SEEK_SET) == -1) {
+		sudo_debug_printf(
+		    SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+		    "unable to seek to %lld", (long long)old_eof);
+	    }
 	}
 	debug_return_ssize_t(-1);
     }

plugins/sudoers/visudo.c

@@ -499,7 +499,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc,
     if (sp->tpath == NULL) {
 	if (asprintf(&sp->tpath, "%s.tmp", sp->dpath) == -1)
 	    sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
-	tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU|S_IRUSR);
+	tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
 	if (tfd < 0)
 	    sudo_fatal("%s", sp->tpath);
 

scripts/mkpkg

@@ -17,8 +17,8 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #
 # Build a binary package using polypkg
-# Usage: mkpkg [--build-only] [--configure-only] [--debug] [--flavor flavor]
-#              [--platform platform] [--osversion ver]
+# Usage: mkpkg [--arch arch] [--build-only] [--configure-only] [--debug]
+#              [--flavor flavor] [--osversion ver] [--platform platform]
 #
 
 # Make sure IFS is set to space, tab, newline in that order.
@@ -29,7 +29,7 @@ nl='
 IFS=" 	$nl"
 
 # Parse arguments
-usage="usage: mkpkg [--build-only] [--configure-only] [--debug] [--flavor flavor] [--platform platform] [--osversion ver]"
+usage="usage: mkpkg [--arch arch] [--build-only] [--configure-only] [--debug] [--flavor flavor] [--osversion ver] [--platform platform]"
 debug=0
 flavor=vanilla
 crossbuild=false
@@ -37,6 +37,18 @@ build_packages=true;
 build_sudo=true;
 while test $# -gt 0; do
     case "$1" in
+	--arch=?*)
+	    arch=`echo "$1" | sed -n 's/^--arch=\(.*\)/\1/p'`
+	    ;;
+	--arch)
+	    arch=`echo "$1" | sed -n 's/^--arch=\(.*\)/\1/p'`
+	    if [ $# -lt 2 ]; then
+		echo "$usage" 1>&2
+		exit 1
+	    fi
+	    arch="$2"
+	    shift
+	    ;;
 	--debug)
 	    set -x
 	    debug=1
@@ -208,6 +220,10 @@ case "$osversion" in
 		;;
 	esac
 
+	if [ -n "$arch" ]; then
+	    # Override the default rpm arch for, e.g. x86_64_v2
+	    PPVARS="${PPVARS}${PPVARS+$space}pp_rpm_arch_override=$arch"
+	fi
 	if [ X"$with_selinux" = X"true" ]; then
 	    configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux"
 	fi

scripts/pp

@@ -5581,7 +5581,7 @@ pp_rpm_detect_distro () {
          -e 's/^Red Hat Enterprise Linux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \
          -e 's/^Rocky Linux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \
          -e 's/^AlmaLinux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \
-         -e 's/^CentOS.*release \([0-9][0-9\.]*\).*/centos\1/p' \
+         -e 's/^CentOS.*release \([0-9]\{1,\}\)\(\.[0-9]*\)\{0,1\}.*/centos\1\2/p' \
        /etc/redhat-release`
     elif test -f /etc/SuSE-release; then
        pp_rpm_distro=`awk '

src/exec_ptrace.c

@@ -387,8 +387,7 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize)
 		(unsigned long)remote.iov_base, remote.iov_len);
 	    debug_return_ssize_t(-1);
 	case 0:
-	    sudo_debug_printf(
-		SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
 		"process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0): %s",
 		(int)pid, (unsigned long)local.iov_base, local.iov_len,
 		(unsigned long)remote.iov_base, remote.iov_len, "premature EOF");
@@ -398,9 +397,17 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize)
 	    cp = memchr(buf, '\0', (size_t)nread);
 	    if (cp != NULL)
 		debug_return_ssize_t((cp - buf0) + 1);	/* includes NUL */
+	    /* No NUL terminator, we should have a full page. */
+	    if ((size_t)nread != page_size) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+		    "process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0)"
+		    " -> %zd",
+		    (int)pid, (unsigned long)local.iov_base, local.iov_len,
+		    (unsigned long)remote.iov_base, remote.iov_len, nread);
+	    }
 	    buf += nread;
 	    bufsize -= (size_t)nread;
-	    addr += sizeof(unsigned long);
+	    addr += (size_t)nread;
 	    break;
 	}
     }

src/exec_pty.c

@@ -358,9 +358,11 @@ revoke_pty(struct exec_closure *ec)
 	    pgrp = tcpgrp;
 	close(io_fds[SFD_LEADER]);
     }
+    if (pgrp != -1) {
 	sudo_debug_printf(SUDO_DEBUG_NOTICE, "%s: killpg(%d, SIGHUP)",
 	    __func__, (int)pgrp);
-    kill(pgrp, SIGHUP);
+	killpg(pgrp, SIGHUP);
+    }
 }
 
 /*