This patch will upgrade Sudo version 1.8.19 patchlevel 1 to Sudo version 1.8.19 patchlevel 2. To apply: $ cd sudo-1.8.19p1 $ patch -p1 < sudo-1.8.19p2.patch diff -urNa sudo-1.8.19p1/ChangeLog sudo-1.8.19p2/ChangeLog --- sudo-1.8.19p1/ChangeLog Tue Dec 20 10:29:40 2016 +++ sudo-1.8.19p2/ChangeLog Fri Jan 13 21:31:27 2017 @@ -1,3 +1,75 @@ +2017-01-13 Todd C. Miller + + * configure, configure.ac: + Define HAVE_NANOSLEEP if we find nanosleep in librt + [ec8d949bf411] + + * configure, configure.ac: + sudo_nanosleep not nanosleep in util.exp.in + [18a3bca78962] + + * configure, configure.ac: + add nanosleep to util.exp.in if needed + [6ac2e9266d67] + + * NEWS, configure, configure.ac: + sudo 1.8.19p2 + [9c15593a007a] + + * lib/util/vsyslog.c: + Double the size of new_fmt[] and remove an extraneous break in the + %m handling that was leftover from an earlier edit. + [fcb28dc9cd4e] + + * lib/util/vsyslog.c: + Fix typo, want vsnprintf not snprintf. + [2717f2125ecd] + + * plugins/sudoers/logging.c: + move va_start() in mysyslog() + [b58ec40bbfc3] + + * plugins/sudoers/sudoers.c: + Only treat failure of expand_iolog_path() as fatal if + ignore_iolog_errors is not set. + [1ba009311cf7] + +2017-01-12 Todd C. Miller + + * MANIFEST, config.h.in, configure, configure.ac, + include/sudo_compat.h, lib/util/Makefile.in, lib/util/nanosleep.c, + mkdep.pl, src/exec_pty.c: + When waiting for the parent to grant us the tty, use nanosleep + instead of spinning to avoid hogging the CPU. + [76335b380d7c] + + * src/sudo.c: + Use ROOT_UID instead of 0 + [5ed03a4e0b0b] + +2017-01-09 Todd C. Miller + + * plugins/sudoers/Makefile.in: + regen + [99b26e2c523d] + +2017-01-07 Todd C. Miller + + * MANIFEST, plugins/sudoers/interfaces.c, + plugins/sudoers/regress/visudo/test9.out.ok, + plugins/sudoers/regress/visudo/test9.sh, plugins/sudoers/visudo.c: + Fix crash in visudo introduced in sudo 1.8.9 when an IP address or + network is used in a host-based Defaults entry. Bug #766 + [ff9001f126b5] + +2017-01-05 Todd C. Miller + + * configure, configure.ac, doc/LICENSE: + Avoid using the system strnlen/strndup on AIX < 6. Even if configure + correctly detects it is working on the build machine, the sudo + package may be run on a system with an old libc were it is broken. + [28d148db0aaa] + 2016-12-20 Todd C. Miller * NEWS, configure, configure.ac: diff -urNa sudo-1.8.19p1/MANIFEST sudo-1.8.19p2/MANIFEST --- sudo-1.8.19p1/MANIFEST Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/MANIFEST Fri Jan 13 21:30:22 2017 @@ -107,6 +107,7 @@ lib/util/mksigname.c lib/util/mksigname.h lib/util/mktemp.c +lib/util/nanosleep.c lib/util/parseln.c lib/util/progname.c lib/util/pw_dup.c @@ -472,6 +473,8 @@ plugins/sudoers/regress/visudo/test8.err.ok plugins/sudoers/regress/visudo/test8.out.ok plugins/sudoers/regress/visudo/test8.sh +plugins/sudoers/regress/visudo/test9.out.ok +plugins/sudoers/regress/visudo/test9.sh plugins/sudoers/set_perms.c plugins/sudoers/solaris_audit.c plugins/sudoers/solaris_audit.h diff -urNa sudo-1.8.19p1/NEWS sudo-1.8.19p2/NEWS --- sudo-1.8.19p1/NEWS Tue Dec 20 10:28:49 2016 +++ sudo-1.8.19p2/NEWS Fri Jan 13 21:30:22 2017 @@ -1,3 +1,14 @@ +What's new in Sudo 1.8.19p2 + + * Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address + or network is used in a host-based Defaults entry. Bug #766 + + * Added a missing check for the ignore_iolog_errors flag when + the sudoers plugin generates the I/O log file path name. + + * Fixed a typo in sudo's vsyslog() replacement that resulted in + garbage being logged to syslog. + What's new in Sudo 1.8.19p1 * Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong @@ -1118,7 +1129,7 @@ * Allow sudo to be build with sss support without also including ldap support. - * Fix running commands that need the terminal in the background + * Fixed running commands that need the terminal in the background when I/O logging is enabled. E.g. "sudo vi &". When the command is foregrounded, it will now resume properly. diff -urNa sudo-1.8.19p1/config.h.in sudo-1.8.19p2/config.h.in --- sudo-1.8.19p1/config.h.in Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/config.h.in Fri Jan 13 21:30:22 2017 @@ -470,6 +470,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MPS_LDAP_SSL_H +/* Define to 1 if you have the `nanosleep' function. */ +#undef HAVE_NANOSLEEP + /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_NDIR_H diff -urNa sudo-1.8.19p1/configure sudo-1.8.19p2/configure --- sudo-1.8.19p1/configure Tue Dec 20 10:28:49 2016 +++ sudo-1.8.19p2/configure Fri Jan 13 21:30:22 2017 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sudo 1.8.19p1. +# Generated by GNU Autoconf 2.69 for sudo 1.8.19p2. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.8.19p1' -PACKAGE_STRING='sudo 1.8.19p1' +PACKAGE_VERSION='1.8.19p2' +PACKAGE_STRING='sudo 1.8.19p2' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1531,7 +1531,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.8.19p1 to adapt to many kinds of systems. +\`configure' configures sudo 1.8.19p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1596,7 +1596,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.8.19p1:";; + short | recursive ) echo "Configuration of sudo 1.8.19p2:";; esac cat <<\_ACEOF @@ -1845,7 +1845,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.8.19p1 +sudo configure 1.8.19p2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2554,7 +2554,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.8.19p1, which was +It was created by sudo $as_me 1.8.19p2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -15118,6 +15118,12 @@ *) RTLD_PRELOAD_VAR="LDR_PRELOAD";; esac + # strnlen/strndup may be broken on AIX < 6 depending + # on the libc version, use our own. + if test $OSMAJOR -lt 6; then + ac_cv_func_strnlen=no + fi + # Remove timedir on boot, AIX does not have /var/run INIT_SCRIPT=aix.sh INIT_DIR=/etc/rc.d/init.d @@ -19685,6 +19691,80 @@ fi done +for ac_func in nanosleep +do : + ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep" +if test "x$ac_cv_func_nanosleep" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NANOSLEEP 1 +_ACEOF + +else + + # On Solaris, nanosleep is in librt + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nanosleep in -lrt" >&5 +$as_echo_n "checking for nanosleep in -lrt... " >&6; } +if ${ac_cv_lib_rt_nanosleep+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lrt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nanosleep (); +int +main () +{ +return nanosleep (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_rt_nanosleep=yes +else + ac_cv_lib_rt_nanosleep=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_nanosleep" >&5 +$as_echo "$ac_cv_lib_rt_nanosleep" >&6; } +if test "x$ac_cv_lib_rt_nanosleep" = xyes; then : + + $as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h + + LIBRT="-lrt" + +else + + case " $LIBOBJS " in + *" nanosleep.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS nanosleep.$ac_objext" + ;; +esac + + + for _sym in sudo_nanosleep; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + +fi + + +fi +done + for ac_func in pw_dup do : ac_fn_c_check_func "$LINENO" "pw_dup" "ac_cv_func_pw_dup" @@ -26552,7 +26632,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.8.19p1, which was +This file was extended by sudo $as_me 1.8.19p2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -26618,7 +26698,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.8.19p1 +sudo config.status 1.8.19p2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.8.19p1/configure.ac sudo-1.8.19p2/configure.ac --- sudo-1.8.19p1/configure.ac Tue Dec 20 10:28:49 2016 +++ sudo-1.8.19p2/configure.ac Fri Jan 13 21:30:22 2017 @@ -1,10 +1,10 @@ dnl dnl Use the top-level autogen.sh script to generate configure and config.h.in dnl -dnl Copyright (c) 1994-1996,1998-2016 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2017 Todd C. Miller dnl AC_PREREQ([2.59]) -AC_INIT([sudo], [1.8.19p1], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.8.19p2], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl @@ -1730,6 +1730,12 @@ *) RTLD_PRELOAD_VAR="LDR_PRELOAD";; esac + # strnlen/strndup may be broken on AIX < 6 depending + # on the libc version, use our own. + if test $OSMAJOR -lt 6; then + ac_cv_func_strnlen=no + fi + # Remove timedir on boot, AIX does not have /var/run INIT_SCRIPT=aix.sh INIT_DIR=/etc/rc.d/init.d @@ -2571,6 +2577,16 @@ AC_CHECK_FUNCS([memset_s], [], [ AC_LIBOBJ(memset_s) SUDO_APPEND_COMPAT_EXP(sudo_memset_s) +]) +AC_CHECK_FUNCS(nanosleep, [], [ + # On Solaris, nanosleep is in librt + AC_CHECK_LIB(rt, nanosleep, [ + AC_DEFINE(HAVE_NANOSLEEP) + LIBRT="-lrt" + ], [ + AC_LIBOBJ(nanosleep) + SUDO_APPEND_COMPAT_EXP(sudo_nanosleep) + ]) ]) AC_CHECK_FUNCS([pw_dup], [], [ AC_LIBOBJ(pw_dup) diff -urNa sudo-1.8.19p1/doc/LICENSE sudo-1.8.19p2/doc/LICENSE --- sudo-1.8.19p1/doc/LICENSE Tue Dec 20 10:28:49 2016 +++ sudo-1.8.19p2/doc/LICENSE Fri Jan 13 21:30:22 2017 @@ -1,6 +1,6 @@ Sudo is distributed under the following license: - Copyright (c) 1994-1996, 1998-2016 + Copyright (c) 1994-1996, 1998-2017 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff -urNa sudo-1.8.19p1/include/sudo_compat.h sudo-1.8.19p2/include/sudo_compat.h --- sudo-1.8.19p1/include/sudo_compat.h Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/include/sudo_compat.h Fri Jan 13 21:30:22 2017 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2008, 2009-2016 + * Copyright (c) 1996, 1998-2005, 2008, 2009-2017 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -221,6 +221,13 @@ #define ISSET(t, f) ((t) & (f)) /* + * Some systems define this in but we don't include that anymore. + */ +#ifndef howmany +# define howmany(x, y) (((x) + ((y) - 1)) / (y)) +#endif + +/* * Simple isblank() macro and function for systems without it. */ #ifndef HAVE_ISBLANK @@ -468,6 +475,11 @@ # undef mkstemps # define mkstemps(_a, _b) sudo_mkstemps((_a), (_b)) #endif /* !HAVE_MKDTEMP || !HAVE_MKSTEMPS */ +#ifndef HAVE_NANOSLEEP +__dso_public int sudo_nanosleep(const struct timespec *timeout, struct timespec *remainder); +#undef nanosleep +# define nanosleep(_a, _b) sudo_nanosleep((_a), (_b)) +#endif #ifndef HAVE_PW_DUP __dso_public struct passwd *sudo_pw_dup(const struct passwd *pw); # undef pw_dup diff -urNa sudo-1.8.19p1/lib/util/Makefile.in sudo-1.8.19p2/lib/util/Makefile.in --- sudo-1.8.19p1/lib/util/Makefile.in Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/lib/util/Makefile.in Fri Jan 13 21:30:22 2017 @@ -463,6 +463,10 @@ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/mktemp/mktemp_test.c +nanosleep.lo: $(srcdir)/nanosleep.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/nanosleep.c parse_gids_test.lo: $(srcdir)/regress/parse_gids/parse_gids_test.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_util.h \ diff -urNa sudo-1.8.19p1/lib/util/nanosleep.c sudo-1.8.19p2/lib/util/nanosleep.c --- sudo-1.8.19p1/lib/util/nanosleep.c Wed Dec 31 17:00:00 1969 +++ sudo-1.8.19p2/lib/util/nanosleep.c Fri Jan 13 21:30:22 2017 @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2009-2011, 2013, 2017 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#ifndef HAVE_NANOSLEEP + +#include +#include +#ifdef HAVE_SYS_SELECT_H +#include +#endif /* HAVE_SYS_SELECT_H */ +#if TIME_WITH_SYS_TIME +# include +#endif +#include + +#include "sudo_compat.h" +#include "sudo_util.h" + +int +sudo_nanosleep(const struct timespec *ts, struct timespec *rts) +{ + struct timeval timeout, endtime, now; + int rval; + + if (ts->tv_sec == 0 && ts->tv_nsec < 1000) { + timeout.tv_sec = 0; + timeout.tv_usec = 1; + } else { + TIMESPEC_TO_TIMEVAL(&timeout, ts); + } + if (rts != NULL) { + if (gettimeofday(&endtime, NULL) == -1) + return -1; + sudo_timevaladd(&endtime, &timeout, &endtime); + } + rval = select(0, NULL, NULL, NULL, &timeout); + if (rts != NULL && rval == -1 && errno == EINTR) { + if (gettimeofday(&now, NULL) == -1) + return -1; + sudo_timevalsub(&endtime, &now, &endtime); + TIMEVAL_TO_TIMESPEC(&endtime, rts); + } + return rval; +} +#endif /* HAVE_NANOSLEEP */ diff -urNa sudo-1.8.19p1/lib/util/vsyslog.c sudo-1.8.19p2/lib/util/vsyslog.c --- sudo-1.8.19p1/lib/util/vsyslog.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/lib/util/vsyslog.c Fri Jan 13 21:30:22 2017 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Todd C. Miller + * Copyright (c) 2016-2017 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -35,7 +35,7 @@ sudo_vsyslog(int pri, const char *fmt, va_list ap) { int saved_errno = errno; - char *cp, *ep, msgbuf[8192], new_fmt[1024]; + char *cp, *ep, msgbuf[8192], new_fmt[2048]; va_list ap2; size_t len; @@ -47,7 +47,6 @@ if (len >= (size_t)(ep - cp)) len = (size_t)(ep - cp) - 1; cp += len; - break; } else { if (fmt[0] == '%' && fmt[1] == '%') { fmt++; @@ -62,7 +61,7 @@ /* Format message and log it, using a static buffer if possible. */ va_copy(ap2, ap); - len = (size_t)snprintf(msgbuf, sizeof(msgbuf), new_fmt, ap2); + len = (size_t)vsnprintf(msgbuf, sizeof(msgbuf), new_fmt, ap2); va_end(ap2); if (len < sizeof(msgbuf)) { syslog(pri, "%s", msgbuf); diff -urNa sudo-1.8.19p1/mkdep.pl sudo-1.8.19p2/mkdep.pl --- sudo-1.8.19p1/mkdep.pl Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/mkdep.pl Fri Jan 13 21:30:22 2017 @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (c) 2011-2014 Todd C. Miller +# Copyright (c) 2011-2017 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -70,7 +70,7 @@ $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; - $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo strtonum.lo utimens.lo vsyslog.lo:; + $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo strtonum.lo utimens.lo vsyslog.lo:; # Parse OBJS lines my %objs; diff -urNa sudo-1.8.19p1/plugins/sudoers/Makefile.in sudo-1.8.19p2/plugins/sudoers/Makefile.in --- sudo-1.8.19p1/plugins/sudoers/Makefile.in Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/plugins/sudoers/Makefile.in Fri Jan 13 21:30:22 2017 @@ -1124,10 +1124,11 @@ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/sudoers_version.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/visudo.c visudo_json.o: $(srcdir)/visudo_json.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ diff -urNa sudo-1.8.19p1/plugins/sudoers/interfaces.c sudo-1.8.19p2/plugins/sudoers/interfaces.c --- sudo-1.8.19p1/plugins/sudoers/interfaces.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/plugins/sudoers/interfaces.c Fri Jan 13 21:30:22 2017 @@ -43,7 +43,7 @@ # define INADDR_NONE ((unsigned int)-1) #endif -static struct interface_list interfaces; +static struct interface_list interfaces = SLIST_HEAD_INITIALIZER(interfaces); /* * Parse a space-delimited list of IP address/netmask pairs and diff -urNa sudo-1.8.19p1/plugins/sudoers/logging.c sudo-1.8.19p2/plugins/sudoers/logging.c --- sudo-1.8.19p1/plugins/sudoers/logging.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/plugins/sudoers/logging.c Fri Jan 13 21:30:22 2017 @@ -73,8 +73,8 @@ va_list ap; debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING) - va_start(ap, fmt); openlog("sudo", 0, def_syslog); + va_start(ap, fmt); vsyslog(pri, fmt, ap); va_end(ap); closelog(); diff -urNa sudo-1.8.19p1/plugins/sudoers/regress/visudo/test9.out.ok sudo-1.8.19p2/plugins/sudoers/regress/visudo/test9.out.ok --- sudo-1.8.19p1/plugins/sudoers/regress/visudo/test9.out.ok Wed Dec 31 17:00:00 1969 +++ sudo-1.8.19p2/plugins/sudoers/regress/visudo/test9.out.ok Fri Jan 13 21:30:22 2017 @@ -0,0 +1 @@ +stdin: parsed OK diff -urNa sudo-1.8.19p1/plugins/sudoers/regress/visudo/test9.sh sudo-1.8.19p2/plugins/sudoers/regress/visudo/test9.sh --- sudo-1.8.19p1/plugins/sudoers/regress/visudo/test9.sh Wed Dec 31 17:00:00 1969 +++ sudo-1.8.19p2/plugins/sudoers/regress/visudo/test9.sh Fri Jan 13 21:30:22 2017 @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Test IP and network address in host-based Defaults statements +# Bugzilla #766 +# + +./visudo -cf - <<-EOF + Defaults@127.0.0.1 !authenticate + Defaults@10.0.0.0/8 !always_set_home + EOF + +exit 0 diff -urNa sudo-1.8.19p1/plugins/sudoers/sudoers.c sudo-1.8.19p2/plugins/sudoers/sudoers.c --- sudo-1.8.19p1/plugins/sudoers/sudoers.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/plugins/sudoers/sudoers.c Fri Jan 13 21:30:22 2017 @@ -493,9 +493,15 @@ const char prefix[] = "iolog_path="; iolog_path = expand_iolog_path(prefix, def_iolog_dir, def_iolog_file, &sudo_user.iolog_file); - if (iolog_path == NULL) - goto done; - sudo_user.iolog_file++; + if (iolog_path == NULL) { + if (!def_ignore_iolog_errors) + goto done; + /* Unable to expand I/O log path, disable I/O logging. */ + def_log_input = false; + def_log_output = false; + } else { + sudo_user.iolog_file++; + } } } diff -urNa sudo-1.8.19p1/plugins/sudoers/visudo.c sudo-1.8.19p2/plugins/sudoers/visudo.c --- sudo-1.8.19p1/plugins/sudoers/visudo.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/plugins/sudoers/visudo.c Fri Jan 13 21:30:22 2017 @@ -61,6 +61,7 @@ #endif #include "sudoers.h" +#include "interfaces.h" #include "parse.h" #include "redblack.h" #include "sudoers_version.h" @@ -815,9 +816,11 @@ } /* STUB */ -struct interface *get_interfaces(void) +struct interface_list * +get_interfaces(void) { - return NULL; + static struct interface_list dummy = SLIST_HEAD_INITIALIZER(interfaces); + return &dummy; } /* diff -urNa sudo-1.8.19p1/src/exec_pty.c sudo-1.8.19p2/src/exec_pty.c --- sudo-1.8.19p1/src/exec_pty.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/src/exec_pty.c Fri Jan 13 21:30:22 2017 @@ -1556,8 +1556,9 @@ /* Wait for parent to grant us the tty if we are foreground. */ if (foreground && !ISSET(details->flags, CD_EXEC_BG)) { + struct timespec ts = { 0, 1000 }; /* 1us */ while (tcgetpgrp(io_fds[SFD_SLAVE]) != self) - continue; /* spin */ + nanosleep(&ts, NULL); } /* We have guaranteed that the slave fd is > 2 */ diff -urNa sudo-1.8.19p1/src/sudo.c sudo-1.8.19p2/src/sudo.c --- sudo-1.8.19p1/src/sudo.c Sun Dec 18 06:52:23 2016 +++ sudo-1.8.19p2/src/sudo.c Fri Jan 13 21:30:22 2017 @@ -842,7 +842,7 @@ bool qualified; debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM) - if (geteuid() != 0) { + if (geteuid() != ROOT_UID) { /* Search for sudo binary in PATH if not fully qualified. */ qualified = strchr(sudo, '/') != NULL; if (!qualified) {