sudo: updated to 1.9.10

What's new in Sudo 1.9.10

 * Added new "log_passwords" and "passprompt_regex" sudoers options.
   If "log_passwords" is disabled, sudo will attempt to prevent passwords
   from being logged.  If sudo detects any of the regular expressions in
   the "passprompt_regex" list in the terminal output, sudo will log '*'
   characters instead of the terminal input until a newline or carriage
   return is found in the input or an output character is received.

 * Added new "log_passwords" and "passprompt_regex" settings to
   sudo_logsrvd that operate like the sudoers options when logging
   terminal input.

 * Fixed several few bugs in the cvtsudoers utility when merging
   multiple sudoers sources.

 * Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
   file, where the "retry_interval" in the [relay] section was not
   being recognized.

 * Restored the pre-1.9.9 behavior of not performing authentication
   when sudo's -n option is specified.  A new "noninteractive_auth"
   sudoers option has been added to enable PAM authentication in
   non-interactive mode.

 * On systems with /proc, if the /proc/self/stat (Linux) or
   /proc/pid/psinfo (other systems) file is missing or invalid,
   sudo will now check file descriptors 0-2 to determine the user's
   terminal.

 * Fixed a compilation problem on Debian kFreeBSD.

 * Fixed a crash in sudo_logsrvd when running in relay mode if
   an alert message is received.

 * Fixed an issue that resulting in "problem with defaults entries"
   email to be sent if a user ran sudo when the sudoers entry in
   the nsswitch.conf file includes "sss" but no sudo provider is
   configured in /etc/sssd/sssd.conf.

 * Updated the warning displayed when the invoking user is not
   allowed to run sudo.  If sudo has been configured to send mail
   on failed attempts (see the mail_* flags in sudoers), it will
   now print "This incident has been reported to the administrator."
   If the "mailto" or "mailerpath" sudoers settings are disabled,
   the message will not be printed and no mail will be sent.

 * Fixed a bug where the user-specified command timeout was not
   being honored if the sudoers rule did not also specify a timeout.

 * Added support for using POSIX extended regular expressions in
   sudoers rules.  A command and/or arguments in sudoers are treated
   as a regular expression if they start with a '^' character and
   end with a '$'.  The command and arguments are matched separately,
   either one (or both) may be a regular expression.

 * A user may now only run "sudo -U otheruser -l" if they have a
   "sudo ALL" privilege where the RunAs user contains either "root"
   or "otheruser".  Previously, having "sudo ALL" was sufficient,
   regardless of the RunAs user.

 * The sudo lecture is now displayed immediately before the password
   prompt.  As a result, sudo will no longer display the lecture
   unless the user needs to enter a password.  Authentication methods
   that don't interact with the user via a terminal do not trigger
   the lecture.

 * Sudo now uses its own closefrom() emulation on Linux systems.
   The glibc version may not work in a chroot jail where /proc is
   not available.  If close_range(2) is present, it will be used
   in preference to /proc/self/fd.

What's new in Sudo 1.9.9

 * Sudo can now be built with OpenSSL 3.0 without generating warnings
   about deprecated OpenSSL APIs.

 * A digest can now be specified along with the "ALL" command in
   the LDAP and SSSD back-ends.  Sudo 1.9.0 introduced support for
   this in the sudoers file but did not include corresponding changes
   for the other back-ends.

 * visudo now only warns about an undefined alias or a cycle in an
   alias once for each alias.

 * The sudoRole cn was truncated by a single character in warning messages.

 * The cvtsudoers utility has new --group-file and --passwd-file options
   to use a custom passwd or group file when the --match-local option is
   also used.

 * The cvtsudoers utility can now filter or match based on a command.

 * The cvtsudoers utility can now produce output in csv (comma-separated
   value) format.  This can be used to help generate entitlement reports.

 * Fixed a bug in sudo_logsrvd that could result in the connection being
   dropped for very long command lines.

 * Fixed a bug where sudo_logsrvd would not accept a restore point
   of zero.

 * Fixed a bug in visudo where the value of the "editor" setting was not
   used if it did not match the user's EDITOR environment variable.
   This was only a problem if the "env_editor" setting was not enabled.

 * Sudo now builds with the -fcf-protection compiler option and the
   "-z now" linker option if supported.

 * The output of "sudoreplay -l" now more closely matches the
   traditional sudo log format.

 * The sudo_sendlog utility will now use the full contents of the log.json
   file, if present.  This makes it possible to send sudo-format I/O logs
   that use the newer log.json format to sudo_logsrvd without losing any
   information.

 * Fixed compilation of the arc4random_buf() replacement on systems with
   arc4random() but no arc4random_buf().

 * Sudo now uses its own getentropy() by default on Linux.  The GNU libc
   version of getentropy() will fail on older kernels that don't support
   the getrandom() system call.

 * It is now possible to build sudo with WolfSSL's OpenSSL compatibility
   layer by using the --enable-wolfssl configure option.

 * Fixed a bug related to Daylight Saving Time when parsing timestamps
   in Generalized Time format.  This affected the NOTBEFORE and
   NOTAFTER options in sudoers.

 * Added the -O and -P options to visudo, which can be used to check
   or set the owner and permissions.  This can be used in conjunction
   with the -c option to check that the sudoers file ownership and
   permissions are correct.

 * It is now possible to set resource limits in the sudoers file itself.
   The special values "default" and "user" refer to the default system
   limit and invoking user limit respectively.  The core dump size limit
   is now set to 0 by default unless overridden by the sudoers file.

 * The cvtsudoers utility can now merge multiple sudoers sources into
   a single, combined sudoers file.  If there are conflicting entries,
   cvtsudoers will attempt to resolve them but manual intervention
   may be required.  The merging of sudoers rules is currently fairly
   simplistic but will be improved in a future release.

 * Sudo was parsing but not applying the "deref" and "tls_reqcert"
   ldap.conf settings.  This meant the options were effectively
   ignored which broke dereferencing of aliases in LDAP.

 * Clarified in the sudo man page that the security policy may
   override the user's PATH environment variable.

 * When sudo is run in non-interactive mode (with the -n option), it
   will now attempt PAM authentication and only exit with an error
   if user interaction is required.  This allows PAM modules that
   don't interact with the user to succeed.  Previously, sudo
   would not attempt authentication if the -n option was specified.

 * Fixed a regression introduced in version 1.9.1 when sudo is
   built with the --with-fqdn configure option.  The local host
   name was being resolved before the sudoers file was processed,
   making it impossible to disable DNS lookups by negating the
   "fqdn" sudoers option.

 * Added support for negated sudoUser attributes in the LDAP and
   SSSD sudoers back ends.  A matching sudoUser that is negated
   will cause the sudoRole containing it to be ignored.

 * Fixed a bug where the stack resource limit could be set to a
   value smaller than that of the invoking user and not be reset
   before the command was run.

What's new in Sudo 1.9.8p2

 * Fixed a potential out-of-bounds read with "sudo -i" when the
   target user's shell is bash.  This is a regression introduced
   in sudo 1.9.8.

 * sudo_logsrvd now only sends a log ID for first command of a session.
   There is no need to send the log ID for each sub-command.

 * Fixed a few minor memory leaks in intercept mode.

 * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
   was enabled when handling sub-commands.  A new zero-length journal
   file was created for each sub-command instead of simply using
   the existing journal file.

 * Fixed a bug where sudoedit would fail if one of the directories
   in the path to be edited had the immutable flag set (BSD, Linux
   or macOS).

What's new in Sudo 1.9.8p1

 * Fixed support for passing a prompt (sudo -p) or a login class
   (sudo -c) on the command line.  This is a regression introduced
   in sudo 1.9.8.

 * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
   This is a regression introduced in sudo 1.9.8.

 * Fixed a compilation error when the --enable-static-sudoers configure
   option was specified.  This is a regression introduced in sudo
   1.9.8 caused by a symbol clash with the intercept and log server
   protobuf functions.

What's new in Sudo 1.9.8

 * It is now possible to transparently intercepting sub-commands
   executed by the original command run via sudo.  Intercept support
   is implemented using LD_PRELOAD (or the equivalent supported by
   the system) and so has some limitations.  The two main limitations
   are that only dynamic executables are supported and only the
   execl, execle, execlp, execv, execve, execvp, and execvpe library
   functions are currently intercepted. Its main use case is to
   support restricting privileged shells run via sudo.

   To support this, there is a new "intercept" Defaults setting and
   an INTERCEPT command tag that can be used in sudoers.  For example:

    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    Defaults!SHELLS intercept

   would cause sudo to run the listed shells in intercept mode.
   This can also be set on a per-rule basis.  For example:

    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    chuck ALL = INTERCEPT: SHELLS

   would only apply intercept mode to user "chuck" when running one
   of the listed shells.

   In intercept mode, sudo will not prompt for a password before
   running a sub-command and will not allow a set-user-ID or
   set-group-ID program to be run by default.  The new
   intercept_authenticate and intercept_allow_setid sudoers settings
   can be used to change this behavior.

 * The new "log_subcmds" sudoers setting can be used to log additional
   commands run in a privileged shell.  It uses the same mechanism as
   the intercept support described above and has the same limitations.

 * The new "log_exit_status" sudoers setting can be used to log
   the exit status commands run via sudo.  This is also a corresponding
   "log_exit" setting in the sudo_logsrvd.conf eventlog stanza.

 * Support for logging sudo_logsrvd errors via syslog or to a file.
   Previously, most sudo_logsrvd errors were only visible in the
   debug log.

 * Better diagnostics when there is a TLS certificate validation error.

 * Using the "+=" or "-=" operators in a Defaults setting that takes
   a string, not a list, now produces a warning from sudo and a
   syntax error from inside visudo.

 * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
   had no effect when creating I/O log parent directories if the I/O log
   file name ended with the string "XXXXXX".

 * Fixed a bug in the sudoers custom prompt code where the size
   parameter that was passed to the strlcpy() function was incorrect.
   No overflow was possible since the correct amount of memory was
   already pre-allocated.

 * The mksigname and mksiglist helper programs are now built with
   the host compiler, not the target compiler, when cross-compiling.

 * Fixed compilation error when the --enable-static-sudoers configure
   option was specified.  This was due to a typo introduced in sudo
   1.9.7.

4 files changed, 33 insertions, 31 deletions

diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index bba8a9b4a2d..49e1ba92a7c 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.187 2021/10/21 07:46:38 wiz Exp $
+# $NetBSD: Makefile,v 1.188 2022/05/14 05:40:59 adam Exp $
 
-DISTNAME=	sudo-1.9.7p1
-PKGREVISION=	1
+DISTNAME=	sudo-1.9.10
 CATEGORIES=	security
 MASTER_SITES=	https://www.sudo.ws/dist/
 MASTER_SITES+=	ftp://ftp.sudo.ws/pub/sudo/
@@ -16,6 +15,7 @@ LICENSE=	isc AND modified-bsd
 
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--disable-intercept
 CONFIGURE_ARGS+=	--disable-path-info
 CONFIGURE_ARGS+=	--disable-root-mailer
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
@@ -53,7 +53,6 @@ CFLAGS+=	-D_INCOMPLETE_XOPEN_C063=1
 OWN_DIRS+=		${VARBASE}/run
 BUILD_DEFS+=		VARBASE
 
-DOCDIR=			share/doc/${PKGBASE}
 EGDIR=			share/examples/${PKGBASE}
 CONF_FILES_PERMS=	${EGDIR}/sudo.conf ${PKG_SYSCONFDIR}/sudo.conf \
 			${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0440
@@ -66,13 +65,11 @@ OWN_DIRS+=		${PKG_SYSCONFDIR}/sudoers.d
 SPECIAL_PERMS+=		bin/sudo ${SETUID_ROOT_PERMS}
 SPECIAL_PERMS+=		bin/sudoreplay ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 511
 
-INSTALLATION_DIRS+=	${DOCDIR} ${EGDIR}
+INSTALLATION_DIRS+=	${EGDIR}
 NOT_FOR_UNPRIVILEGED=	yes
 
 post-install:
-	${INSTALL_DATA} ${WRKSRC}/doc/UPGRADE ${DESTDIR}${PREFIX}/${DOCDIR}
 	${INSTALL_DATA} ${WRKSRC}/plugins/sudoers/sudoers ${DESTDIR}${PREFIX}/${EGDIR}/sudoers
-	${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/${DOCDIR}
 
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/sudo/PLIST b/security/sudo/PLIST
index 937592333f3..38110fdff60 100644
--- a/security/sudo/PLIST
+++ b/security/sudo/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.19 2021/01/18 14:32:23 taca Exp $
+@comment $NetBSD: PLIST,v 1.20 2022/05/14 05:41:00 adam Exp $
 bin/cvtsudoers
 bin/sudo
 bin/sudoedit
@@ -28,19 +28,22 @@ man/man8/visudo.8
 sbin/sudo_logsrvd
 sbin/sudo_sendlog
 sbin/visudo
-share/doc/sudo/CONTRIBUTORS
+share/doc/sudo/CONTRIBUTING.md
+share/doc/sudo/CONTRIBUTORS.md
 share/doc/sudo/ChangeLog
-share/doc/sudo/HISTORY
-share/doc/sudo/LICENSE
+share/doc/sudo/HISTORY.md
+share/doc/sudo/LICENSE.md
 share/doc/sudo/NEWS
-share/doc/sudo/README
-${PLIST.ldap}share/doc/sudo/README.LDAP
-share/doc/sudo/TROUBLESHOOTING
-share/doc/sudo/UPGRADE
+share/doc/sudo/README.LDAP.md
+share/doc/sudo/README.md
+share/doc/sudo/SECURITY.md
+share/doc/sudo/TROUBLESHOOTING.md
+share/doc/sudo/UPGRADE.md
 ${PLIST.ldap}share/doc/sudo/schema.ActiveDirectory
 ${PLIST.ldap}share/doc/sudo/schema.OpenLDAP
 ${PLIST.ldap}share/doc/sudo/schema.iPlanet
 ${PLIST.ldap}share/doc/sudo/schema.olcSudo
+share/examples/sudo/cvtsudoers.conf
 share/examples/sudo/pam.conf
 share/examples/sudo/sudo.conf
 share/examples/sudo/sudo_logsrvd.conf
@@ -60,8 +63,10 @@ ${PLIST.nls}share/locale/el/LC_MESSAGES/sudoers.mo
 ${PLIST.nls}share/locale/eo/LC_MESSAGES/sudo.mo
 ${PLIST.nls}share/locale/eo/LC_MESSAGES/sudoers.mo
 ${PLIST.nls}share/locale/es/LC_MESSAGES/sudo.mo
+${PLIST.nls}share/locale/es/LC_MESSAGES/sudoers.mo
 ${PLIST.nls}share/locale/eu/LC_MESSAGES/sudo.mo
 ${PLIST.nls}share/locale/eu/LC_MESSAGES/sudoers.mo
+${PLIST.nls}share/locale/fa/LC_MESSAGES/sudo.mo
 ${PLIST.nls}share/locale/fi/LC_MESSAGES/sudo.mo
 ${PLIST.nls}share/locale/fi/LC_MESSAGES/sudoers.mo
 ${PLIST.nls}share/locale/fr/LC_MESSAGES/sudo.mo
diff --git a/security/sudo/distinfo b/security/sudo/distinfo
index 1aa0fcec304..02c97641988 100644
--- a/security/sudo/distinfo
+++ b/security/sudo/distinfo
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.119 2021/10/26 11:18:04 nia Exp $
+$NetBSD: distinfo,v 1.120 2022/05/14 05:41:00 adam Exp $
 
-BLAKE2s (sudo-1.9.7p1.tar.gz) = 1fead28a67e338e6d517d62d36f837f188376c4e55676d3878069288771d9b2d
-SHA512 (sudo-1.9.7p1.tar.gz) = bc85d9de1566de24883375edd1c4cd24b1f24437bb16d181bfa3c9c94cead220c69ad00d6727560ca195765ced970e95d69b9ce01dbea448de39afac9a902fb4
-Size (sudo-1.9.7p1.tar.gz) = 4197591 bytes
+BLAKE2s (sudo-1.9.10.tar.gz) = ebb57832c11e2ebc608ba5f293c1df59228e0bca2ddc2b79ffdb46ae19dc5426
+SHA512 (sudo-1.9.10.tar.gz) = 65cf92b67b64413cb807da8b9602fc90b75e5b30dd1402d682ca36f276a3d6209a8a59c14e463898abc9856bc56263e5ba4bb6d44774f56a2885a9eea4a35375
+Size (sudo-1.9.10.tar.gz) = 4516568 bytes
 SHA1 (patch-Makefile.in) = 1a83c55d27829013e2e23073046c5c39b020fafe
-SHA1 (patch-configure) = 375f43b8555f4e8fe2c4c1529c20abc1f550fa5c
+SHA1 (patch-configure) = f8ca2d1902ff5878a219ec754cf5e608e00c5ef3
 SHA1 (patch-examples_Makefile.in) = a20967ecd88eb5e4a8b47e6a3b80bc18be713409
 SHA1 (patch-logsrvd_Makefile.in) = b3672406368384dfbfe7ef3e6fcd141d43cbc026
 SHA1 (patch-plugins_sudoers_Makefile.in) = d2981bb9841f6bb4b1c80f5c2f2727fbf9579501
diff --git a/security/sudo/patches/patch-configure b/security/sudo/patches/patch-configure
index 57444466594..9fa42d0c0e6 100644
--- a/security/sudo/patches/patch-configure
+++ b/security/sudo/patches/patch-configure
@@ -1,4 +1,4 @@
-$NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
+$NetBSD: patch-configure,v 1.8 2022/05/14 05:41:00 adam Exp $
 
 * Add "--with-nbsdops" option, NetBSD standard options.
 * Link with util(3) in the case of DragonFly, too.
@@ -7,9 +7,9 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
   functions (HAVE_KRB5_*).
 * Remove setting sysconfdir to "/etc".
 
---- configure.orig	2021-05-11 20:54:52.000000000 +0000
+--- configure.orig	2022-03-03 18:29:40.000000000 +0000
 +++ configure
-@@ -920,6 +920,7 @@ with_incpath
+@@ -937,6 +937,7 @@ with_incpath
  with_libpath
  with_libraries
  with_csops
@@ -17,7 +17,7 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
  with_passwd
  with_skey
  with_opie
-@@ -1653,7 +1654,7 @@ Fine tuning of the installation director
+@@ -1673,7 +1674,7 @@ Fine tuning of the installation director
    --bindir=DIR            user executables [EPREFIX/bin]
    --sbindir=DIR           system admin executables [EPREFIX/sbin]
    --libexecdir=DIR        program executables [EPREFIX/libexec]
@@ -26,7 +26,7 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
    --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
    --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
    --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
-@@ -1776,6 +1777,7 @@ Optional Packages:
+@@ -1801,6 +1802,7 @@ Optional Packages:
    --with-libpath          additional places to look for libraries
    --with-libraries        additional libraries to link with
    --with-csops            add CSOps standard options
@@ -34,7 +34,7 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
    --without-passwd        don't use passwd/shadow file for authentication
    --with-skey[=DIR]       enable S/Key support
    --with-opie[=DIR]       enable OPIE support
-@@ -5184,6 +5186,23 @@ fi
+@@ -5222,6 +5224,23 @@ fi
  
  
  
@@ -58,16 +58,16 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
  # Check whether --with-passwd was given.
  if test ${with_passwd+y}
  then :
-@@ -16373,7 +16392,7 @@ fi
- 		: ${mansectsu='1m'}
+@@ -17655,7 +17674,7 @@ fi
  		: ${mansectform='4'}
+ 		: ${mansectmisc='5'}
  		;;
 -    *-*-linux*|*-*-k*bsd*-gnu)
 +    *-*-linux*|*-*-k*bsd*-gnu|*-*-gnukfreebsd)
  		shadow_funcs="getspnam"
  		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
  		# Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
-@@ -18253,7 +18272,7 @@ then :
+@@ -19579,7 +19598,7 @@ then :
   LOGINCAP_USAGE='[-c class] '; LCMAN=1
  	with_logincap=yes
  	case "$OS" in
@@ -76,7 +76,7 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
  		SUDO_LIBS="${SUDO_LIBS} -lutil"
  		SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
  		;;
-@@ -25171,6 +25190,8 @@ fi
+@@ -27725,6 +27744,8 @@ fi
  rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
  	AUTH_OBJS="$AUTH_OBJS kerb5.lo"
      fi
@@ -85,7 +85,7 @@ $NetBSD: patch-configure,v 1.7 2021/05/27 05:40:45 adam Exp $
      _LIBS="$LIBS"
      LIBS="${LIBS} ${SUDOERS_LIBS}"
      ac_fn_c_check_func "$LINENO" "krb5_verify_user" "ac_cv_func_krb5_verify_user"
-@@ -29359,7 +29380,6 @@ test "$docdir" = '${datarootdir}/doc/${P
+@@ -32277,7 +32298,6 @@ test "$docdir" = '${datarootdir}/doc/${P
  test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
  test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
  test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'