merge sudo 1.9.3 from tip

--HG--
branch : 1.9

Author: millert

.gitignore

@@ -2,6 +2,7 @@
 **/*.i
 **/*.l[ao]
 **/*.lai
+**/*.map
 **/*.mo
 **/*.o
 **/*.plog

.hgignore

@@ -2,6 +2,7 @@
 \.i$
 \.l[ao]$
 \.lai$
+\.map$
 \.mo$
 \.o$
 \.plog$
@@ -19,16 +20,16 @@ Makefile$
 ^build$
 
 ^ChangeLog$
-^PVS-Studio.cfg$
-^uncrustify.files$
+^PVS-Studio\.cfg$
+^uncrustify\.files$
 ^doc/.*\.man$
 ^doc/.*\.mdoc$
 ^doc/fixman\.sed$
 
 ^examples/sudo\.conf$
 
-^init.d/.*.sh$
-^init.d/sudo.conf$
+^init\.d/.*\.sh$
+^init\.d/sudo\.conf$
 
 ^pathnames\.h$
 ^src/sudo$
@@ -51,7 +52,7 @@ Makefile$
 ^plugins/sudoers/(cvtsudoers|sudoers|sudoreplay|testsudoers|tsdump|visudo|prologue|check_[a-z0-9_]+)$
 ^plugins/sudoers/.*\.(out|toke|err|json|ldif|sudo|ldif2sudo)$
 ^plugins/sudoers/regress/iolog_plugin/iolog$
-^plugins/sudoers/regress/testsudoers/test3.d/root$
+^plugins/sudoers/regress/testsudoers/test3\.d/root$
 
 ^plugins/python/__pycache__
 ^plugins/python/regress/__pycache__

MANIFEST

@@ -138,9 +138,11 @@ lib/util/dup3.c
 lib/util/event.c
 lib/util/event_poll.c
 lib/util/event_select.c
+lib/util/explicit_bzero.c
 lib/util/fatal.c
 lib/util/fchmodat.c
 lib/util/fnmatch.c
+lib/util/freezero.c
 lib/util/fstatat.c
 lib/util/getaddrinfo.c
 lib/util/getcwd.c
@@ -163,7 +165,6 @@ lib/util/locking.c
 lib/util/logfac.c
 lib/util/logpri.c
 lib/util/memrchr.c
-lib/util/memset_s.c
 lib/util/mkdir_parents.c
 lib/util/mksiglist.c
 lib/util/mksiglist.h
@@ -331,6 +332,7 @@ plugins/python/python_baseplugin.c
 plugins/python/python_convmessage.c
 plugins/python/python_importblocker.c
 plugins/python/python_loghandler.c
+plugins/python/python_plugin.exp
 plugins/python/python_plugin_approval.c
 plugins/python/python_plugin_approval_multi.inc
 plugins/python/python_plugin_audit.c
@@ -469,6 +471,7 @@ plugins/sudoers/digestname.c
 plugins/sudoers/editor.c
 plugins/sudoers/env.c
 plugins/sudoers/env_pattern.c
+plugins/sudoers/exptilde.c
 plugins/sudoers/file.c
 plugins/sudoers/filedigest.c
 plugins/sudoers/find_path.c
@@ -666,6 +669,7 @@ plugins/sudoers/regress/cvtsudoers/test9.out.ok
 plugins/sudoers/regress/cvtsudoers/test9.sh
 plugins/sudoers/regress/env_match/check_env_pattern.c
 plugins/sudoers/regress/env_match/data
+plugins/sudoers/regress/exptilde/check_exptilde.c
 plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
 plugins/sudoers/regress/logging/check_wrap.c
 plugins/sudoers/regress/logging/check_wrap.in
@@ -772,6 +776,13 @@ plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test23.out.ok
 plugins/sudoers/regress/sudoers/test23.sudo.ok
 plugins/sudoers/regress/sudoers/test23.toke.ok
+plugins/sudoers/regress/sudoers/test24.in
+plugins/sudoers/regress/sudoers/test24.json.ok
+plugins/sudoers/regress/sudoers/test24.ldif.ok
+plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok
+plugins/sudoers/regress/sudoers/test24.out.ok
+plugins/sudoers/regress/sudoers/test24.sudo.ok
+plugins/sudoers/regress/sudoers/test24.toke.ok
 plugins/sudoers/regress/sudoers/test3.in
 plugins/sudoers/regress/sudoers/test3.json.ok
 plugins/sudoers/regress/sudoers/test3.ldif.ok
@@ -816,6 +827,8 @@ plugins/sudoers/regress/testsudoers/test10.out.ok
 plugins/sudoers/regress/testsudoers/test10.sh
 plugins/sudoers/regress/testsudoers/test11.out.ok
 plugins/sudoers/regress/testsudoers/test11.sh
+plugins/sudoers/regress/testsudoers/test12.out.ok
+plugins/sudoers/regress/testsudoers/test12.sh
 plugins/sudoers/regress/testsudoers/test2.inc
 plugins/sudoers/regress/testsudoers/test2.out.ok
 plugins/sudoers/regress/testsudoers/test2.sh
@@ -968,6 +981,7 @@ scripts/mkdep.pl
 scripts/mkinstalldirs
 scripts/mkpkg
 scripts/pp
+scripts/unanon
 src/Makefile.in
 src/conversation.c
 src/copy_file.c

Makefile.in

@@ -56,7 +56,7 @@ shlib_mode = @SHLIB_MODE@
 # Version of python detected by configure (major.minor)
 python_version = @PYTHON_VERSION@
 
-SUBDIRS = lib/util @ZLIB_SRC@ lib/iolog @LOGSRV@ @LOGSRVD@ \
+SUBDIRS = lib/util @ZLIB_SRC@ lib/iolog @LOGSRV_SRC@ @LOGSRVD_SRC@ \
 	  plugins/audit_json plugins/group_file plugins/sample_approval \
 	  plugins/sudoers plugins/system_group @PYTHON_PLUGIN_SRC@ src \
 	  include doc examples
@@ -101,7 +101,7 @@ SPLINT_OPTS = -D__restrict= -checks
 
 # Default PVS-studio options when run from the top-level Makefile
 PVS_CFG = $(top_builddir)/PVS-Studio.cfg
-PVS_IGNORE = 'V707,V011,V002,V536'
+PVS_IGNORE = 'V707,V011,V002,V536,V568'
 PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE)
 
 all: config.status

NEWS

@@ -1,3 +1,65 @@
+What's new in Sudo 1.9.3
+
+ * sudoedit will now prompt the user before overwriting an existing
+   file with one that is zero-length after editing.  Bug #922.
+
+ * Fixed building the Python plugin on systems with a compiler that
+   doesn't support symbol hiding.
+
+ * Sudo now uses a linker script to hide symbols even when the
+   compiler has native symbol hiding support.  This should make is
+   easier to detect omissions in the symbol exports file, regardless
+   of the platform.
+
+ * Fixed the libssl dependency in Debian packages for older releases
+   that use libssl1.0.0.
+
+ * Sudo and visudo now provide more detailed messages when a syntax
+   error is detected in sudoers.  The offending line and token are
+   now displayed.  If the parser was generated by GNU bison,
+   additional information about what token was expected is also
+   displayed.  Bug #841.
+
+ * Sudoers rules must now end in either a newline or the end-of-file.
+   Previously, it was possible to have multiple rules on a single
+   line, separated by white space.  The use of an end-of-line
+   terminator makes it possible to display accurate error messages.
+
+ * Sudo no longer refuses to run if a syntax error in the sudoers
+   file is encountered.  The entry with the syntax error will be
+   discarded and sudo will continue to parse the file.  This makes
+   recovery from a syntax error less painful on systems where sudo
+   is the primary method of superuser access.  The historic behavior
+   can be restored by add "error_recovery=false" to the sudoers
+   plugin's optional arguments in sudo.conf.  Bug #618.
+
+ * Fixed the sample_approval plugin's symbol exports file for systems
+   where the compiler doesn't support symbol hiding.
+
+ * Fixed a regression introduced in sudo 1.9.1 where arguments to
+   the "sudoers_policy" plugin in sudo.conf were not being applied.
+   The sudoers file is now parsed by the "sudoers_audit" plugin,
+   which is loaded implicitly when "sudoers_policy" is listed in
+   sudo.conf.  Starting with sudo 1.9.3, if there are plugin arguments
+   for "sudoers_policy" but "sudoers_audit" is not listed, those
+   arguments will be applied to "sudoers_audit" instead.
+
+ * The user's resource limits are now passed to sudo plugins in
+   the user_info[] list.  A plugin cannot determine the limits
+   itself because sudo changes the limits while it runs to prevent
+   resource starvation.
+
+ * It is now possible to set the working directory or change the
+   root directory on a per-command basis using the CWD and CHROOT
+   options.  There are also new Defaults settings, runchroot and
+   runcwd, that can be used to set the working directory or root
+   directory on a more global basis.
+
+ * New -D (--chdir) and -R (--chroot) command line options can be
+   used to set the working directory or root directory if the sudoers
+   file allows it.  This functionality is not enabled by default
+   and must be explicitly enabled in the sudoers file.
+
 What's new in Sudo 1.9.2
 
  * Fixed package builds on RedHat Enterprise Linux 8.

config.h.in

@@ -88,6 +88,9 @@
 /* Define to 1 to enable BSM audit support. */
 #undef HAVE_BSM_AUDIT
 
+/* Define to 1 if you have the `bzero' function. */
+#undef HAVE_BZERO
+
 /* Define to 1 if you have the `cfmakeraw' function. */
 #undef HAVE_CFMAKERAW
 
@@ -97,6 +100,9 @@
 /* Define to 1 if you have the `closefrom' function. */
 #undef HAVE_CLOSEFROM
 
+/* Define to 1 if you have the `crypt' function. */
+#undef HAVE_CRYPT
+
 /* Define to 1 if you use OSF DCE. */
 #undef HAVE_DCE
 
@@ -255,9 +261,18 @@
 /* Define to 1 if you have the `execvpe' function. */
 #undef HAVE_EXECVPE
 
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
+/* Define to 1 if you have the `explicit_memset' function. */
+#undef HAVE_EXPLICIT_MEMSET
+
 /* Define to 1 if you have the `faccessat' function. */
 #undef HAVE_FACCESSAT
 
+/* Define to 1 if the compiler supports the fallthrough attribute. */
+#undef HAVE_FALLTHROUGH_ATTRIBUTE
+
 /* Define to 1 if you have the `fchmodat' function. */
 #undef HAVE_FCHMODAT
 
@@ -273,6 +288,9 @@
 /* Define to 1 if you have the `freeifaddrs' function. */
 #undef HAVE_FREEIFADDRS
 
+/* Define to 1 if you have the `freezero' function. */
+#undef HAVE_FREEZERO
+
 /* Define to 1 if you have the `fseeko' function. */
 #undef HAVE_FSEEKO
 
@@ -532,6 +550,9 @@
 /* Define to 1 if you have the `memrchr' function. */
 #undef HAVE_MEMRCHR
 
+/* Define to 1 if you have the `memset_explicit' function. */
+#undef HAVE_MEMSET_EXPLICIT
+
 /* Define to 1 if you have the `memset_s' function. */
 #undef HAVE_MEMSET_S
 
@@ -722,6 +743,9 @@
 /* Define to 1 if you have the `sig2str' function. */
 #undef HAVE_SIG2STR
 
+/* Define to 1 if you have the `sigabbrev_np' function. */
+#undef HAVE_SIGABBREV_NP
+
 /* Define to 1 if you use S/Key. */
 #undef HAVE_SKEY
 
@@ -1038,8 +1062,8 @@
 /* Define to 1 if you want sudo to free up memory before exiting. */
 #undef NO_LEAKS
 
-/* Define to 1 if you don't want users to get the lecture the first time they use
-   sudo. */
+/* Define to 1 if you don't want users to get the lecture the first time they
+   use sudo. */
 #undef NO_LECTURE
 
 /* Define to 1 if you don't want to use sudo's PAM session support. */
@@ -1260,9 +1284,6 @@
 /* Define to empty if `const' does not conform to ANSI C. */
 #undef const
 
-/* Define to `int' if <sys/types.h> does not define. */
-#undef errno_t
-
 /* Define to `int' if <sys/types.h> doesn't define. */
 #undef gid_t
 
@@ -1281,9 +1302,6 @@
 /* Define to an OS-specific initialization function or `os_init_common'. */
 #undef os_init
 
-/* Define to `size_t' if <sys/types.h> does not define. */
-#undef rsize_t
-
 /* Define to `int' if <signal.h> does not define. */
 #undef sig_atomic_t
 
@@ -1312,6 +1330,19 @@
    code using `volatile' can become incorrect without. Disable with care. */
 #undef volatile
 
+/* Symbol visibility controls */
+#ifdef HAVE_DSO_VISIBILITY
+# if defined(__GNUC__)
+#  define sudo_dso_public __attribute__((__visibility__("default")))
+# elif defined(__SUNPRO_C)
+#  define sudo_dso_public __global
+# else
+#  define sudo_dso_public __declspec(dllexport)
+# endif
+#else
+# define sudo_dso_public
+#endif
+
 /* BSD compatibility on some SVR4 systems. */
 #ifdef __svr4__
 # define BSD_COMP